EMT Practice Test

1. Question Content...


Question List

Question1: If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

Question2: According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization's cash disbursements process?

Question3: Which of the following is not likely to be included as an audit step when assessing vendor performance policies?

Question4: An internal auditor compared the number of human resources professionals per employee with industry standards. This comparison would assist the auditor in evaluating which of the following areas?

Question5: Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?

Question6: An internal audit activity implemented an integrated test facility to test payroll processing. The auditors identified the key controls and processing steps built into the computer program and developed test data to test them. The auditors submitted test transactions throughout the year and did not find any differences in their test results. The auditors can conclude that:

Question7: An audit of a Web-based third-party payment processor determined that a programming error enabled customers to create multiple accounts for each mailing address. This caused problems during the processing of credit card transactions. Management agreed to correct the program and notify customers with multiple accounts that the accounts would be consolidated. What should the auditor do in response?
I. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
II. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
III. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
IV. Do nothing because management has agreed to address the problem.

Question8: An organization's policies allow buyers to authorize expenditures up to $50,000 without any other approval.
Which of the following audit procedures would be most effective in determining if fraud in the form of payments to fictitious companies has occurred?

Question9: Because of an abundance of high priority requests from management, an internal audit activity no longer has the resources to meet all of its commitments contained in the annual audit plan. Which of the following would be the best course of action for the chief audit executive to follow?

Question10: According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?

Question11: In reviewing the appropriateness of the minimum quantity level of inventory established by a department, an auditor would be least likely to consider:

Question12: Which of the following procedures would be most helpful in providing additional evidence when an auditor suspects that an unidentified employee is submitting and approving invoices for payment?

Question13: An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)

Question14: According to IIA guidance, which of the following are acceptable strategies for an internal audit activity (IAA) to establish or build relationships?

Question15: An audit of a company's accounts payable found that the individuals responsible for maintaining the vendor master file could also enter vendor invoices into the accounts payable system. During the exit conference, management agreed to correct this problem. When performing a follow-up engagement of accounts payable, the auditor should expect to find that management has:

Question16: A recent survey indicated that residents of a small town take the train to a nearby city eight times per month, on average. The same survey showed that the number of train trips that a resident takes per month (y) is determined by the number of days per month that the resident works in the nearby city (x), according to the equation: y = 2 + 2x. A person who never works in the nearby city is expected to take the train:

Question17: Which of the following tasks is typically performed in the analysis phase of a benchmarking consulting engagement?

Question18: What would be used to determine the collectability of accounts receivable balances?

Question19: An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

Question20: An internal auditor has been assigned to perform a quality audit on a manufacturing plant. Which course of action should the auditor perform first?

Question21: Five brand managers in a consumer products company met to determine how well certain promotions had performed. The data that they needed to analyze consisted of approximately 50 gigabytes of daily point-of- sale (POS) data for each month. The brand managers tried to download the POS data from the mainframe and import it into microcomputer spreadsheets for analysis. Their efforts were unsuccessful, most likely because of:

Question22: An internal auditor notices that a division has recorded uncharacteristically high sales and gross margins for the past three months and now suspects the division is reporting fictitious sales. Which course of action should the auditor follow to determine whether fraud has occurred?

Question23: The use of standard operating procedure questionnaires in audit fieldwork can be beneficial because.

Question24: When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?

Question25: During a consulting engagement, an internal auditor identifies new risks which will impact the scope and sufficiency of the engagement audit plan. According to the Standards, the internal auditor should:

Question26: Which of the following is a weakness that is inherent in the use of the test data method to test internal controls in a computer-based accounting system?

Question27: An internal auditor provided the following statement about division A's performance during the month:
"Because supplies of raw material X were scarce, division A's profits declined by 15 percent." Which of the following can be validly concluded from the auditor's statement?
I. Division A's production level declined by 15 percent.
II. Division A could have sold more products than it produced.
III. Division A usually sells all of the products that it produces.

Question28: A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?

Question29: Which of the following describes an internal auditor's responsibilities to include audit procedures to detect fraud in audits of a multinational organization?

Question30: A retail company uses a computer program that matches electronic vendor invoices with the applicable purchase orders and receiving information, which are also maintained electronically.
If an invoice does not match the other items within predefined ranges, a report is generated and sent to the accounts payable department for further investigation. All of the applicable documents are electronically marked, cross-referenced, and retained in open files. Both an integrated test facility and a systems control audit review file (SCARF) have been included in the system.
An auditor wants to determine the extent to which items are not matched at year end and to investigate the potential causes of the unmatched items. Which of the following audit procedures would be most effective in determining the items to investigate?

Question31: Reviewing internal audit report drafts with clients is:
1. Required according to the Standards.
2. A form of courtesy.
3. Ethically mandated.
4. A form of validation.

Question32: Which of the following is a detective control for managing the risk of fraud?

Question33: Which of the following components should be included in an audit finding?
1. The scope of the audit.
2. The standard(s) used by the auditor to make the evaluation.
3. The engagement's objectives.
4. The factual evidence that the internal auditor found in the course of the examination.

Question34: A manager of one of a retailer's several retail outlets is stealing cash from cash sales, recording the sales as accounts receivable, and subsequently writing off the fictitious accounts receivable as bad debts. Which of the following comparisons would be most effective in signaling the possibility of such a fraud?

Question35: After completing a net present value (NPV) calculation on a proposed project, an analyst explores the change in NPV with changes in the interest rate. This additional analysis is referred to as:

Question36: In response to an accounts receivable confirmation, a customer indicated that the invoice listed on the confirmation letter had been paid two months earlier.
This may indicate that:

Question37: Which of the following statements is correct regarding the use of a program evaluation and review technique (PERT) model?
* It makes use of a probability model to arrive at a realistic estimate of time necessary for completion of the audit engagement.
* It requires that activities are performed in sequence such that each task is completed before the commencement of the next activity.
* It remains fixed once completed to act as a baseline for measuring the performance of the audit staff following completion of the engagement.
* It begins with the auditor-in-charge identifying the overall scope and then breaking down the audit engagement into identifiable activity units.

Question38: Company A has a formal comprehensive corporate code of ethics while company B does not.
Which of the following statements regarding the existence of the code of ethics in company A can be logically inferred?
I. Company A exhibits a higher standard of ethical behavior than does company B.
II. Company A has established objective criteria by which an employee's actions can be evaluated.
III. The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company.

Question39: The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?

Question40: In which of the following situations would it be most appropriate to employ the services of a forensic specialist?

Question41: An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?

Question42: A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:

Which of the following statements regarding risk in the department is true?

Question43: Which of the following files, when compared with billing records, would provide the best source of information for determining if all goods shipped are billed to customers?

Question44: When performing a compliance audit of the organization's outsourced services, which of the following is considered the primary engagement objective?

Question45: During an engagement, an internal auditor discovered that an organization's policy on delegation of authority listed six individuals who were no longer employed with the organization. In addition, four individuals acting with disbursement authority were not identified in the policy as having such authority. Which of the following is the most effective course of action to address the control weakness?

Question46: Which of the following would be an appropriate improvement to controls over large quantities of consumable material that are charged to expense when placed in bins which are accessible to production workers?

Question47: An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity (IAA) may provide risk management consulting?
1. There is a clear strategy and timeline to migrate risk management responsibility back to management.
2. The IAA has the final approval on any risk management decisions.
3. The IAA does not give objective assurance on any part of the risk management framework for which it is responsible.
4. The nature of services provided to the organization is documented in the internal audit charter.

Question48: An internal auditor for a financial institution has just completed an audit of loan processing. Of the 81 loans approved by the loan committee, the auditor found seven loans which exceeded the approved amount. Which of the following actions would be inappropriate on the part of the auditor?

Question49: A report prepared by the internal audit activity contains several observations that disclose proprietary information regarding the organization's manufacturing process. According to the International Professional Practices Framework, which of the following is the appropriate treatment for this report?

Question50: The most effective way for internal auditors to enhance the reliability of computerized financial and operating information is by:

Question51: During an audit of an ethics program, which of the following procedures are most appropriate to evaluate the effectiveness of the program?
* Testing whether corrective actions taken on involved parties breaching the ethics program are adequate.
* Testing whether all employees are mandated through policy to comply with the ethics program.
* Testing whether all employees are required to confirm in writing their compliance with the ethics program.
* Testing through surveys employee's level of understanding and commitment to the ethics program.

Question52: According to IIA guidance, which of the following is the least appropriate role for the internal audit activity in the organization's risk management program?

Question53: With which of the following would the internal audit activity discuss findings, conclusions and recommendations prior to issuance of internal audit report?
1. Business unit management.
2. Chief audit executive.
3. Audit committee.
4. Chief executive officer.

Question54: The balanced scorecard approach differs from traditional performance measurement approaches because it adds which of the following measures?
I. Financial measures.
II. Internal business process measures.
III. Client satisfaction measures.
IV. Innovation and learning measures.

Question55: The chief audit executive of a large publicly held bank is using a risk based approach to update the annual audit plan. Which of the following sources of information will have the least impact on the plan?

Question56: While investigating a compromised Web server, an auditor found that the Web server logs had been deleted.
The auditor should recommend that the Web server logs bE.

Question57: A company's policy requires that all customers be treated in a fair and consistent manner. Which of the following audit procedures would provide the most persuasive evidence that the policy was followed?

Question58: Information gathered in a forensic investigation of business fraud is usually gathered with which of the following standards in mind?

Question59: Which of the following types of contracts would provide the least incentive for a contractor to achieve economy and efficiency?

Question60: Which of the following must an auditor establish in order to demonstrate that fraud has occurred?

Question61: Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?
1. The hedge documentation designating the hedge.
2. The spot exchange rate on the transaction date.
3. The terms of the forward contract.
4. The amount of fuel purchased.

Question62: An internal auditor is reviewing a new automated human resources system. The system contains a table of pay rates which are matched to the employee job classifications. The best control to ensure that the table is updated correctly for only valid pay changes would be to:

Question63: According to IIA guidance, which of the following are benefits to the internal audit activity when conducting an assurance mapping exercise?

Question64: It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?

Question65: Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function?

Question66: Which of the following techniques could be used to evaluate the effectiveness of changes to the operation of a computer help line?

Question67: The internal audit activity can be involved with systems development continuously, immediately prior to implementation, after implementation, or not at all. An advantage of continuous internal audit involvement compared to the other types of involvement is that:

Question68: Which sampling plan requires no additional sampling once the first error is found?

Question69: An organization has adopted an enterprise-wide risk management process and has appointed a chief risk officer (CRO) to manage the process. The board has requested that the audit committee have oversight over the risk management function. Which of the following statements is not true regarding this situation?

Question70: Which of the following is the most appropriate step for the chief audit executive to take in order to avoid defamation of character of the principal suspect in a fraud investigation?

Question71: Which of the following would be the best audit procedure to use to determine if a division's unusually high sales and gross margin for November and December were the result of fraudulently recorded sales?

Question72: An organization has recently incurred significant cost overruns on one of its construction projects.
Management suspects that these overruns were caused by the contractor improperly charging for costs related to contract change orders. Which of the following procedures are appropriate for testing this suspicion?
1. Determine if the contractor has received proper approval of change orders from management.
2. Determine if the contractor has billed for original contract work cancelled by the change orders.
3. Determine if the contractor has charged change orders with costs already billed to the original contract.
4. Determine if the contractor has been paid for change orders that have not yet been completed.

Question73: If an auditor is sampling to test compliance with a particular company policy, which of the following factors should not affect the allowable level of sampling risk?

Question74: A company used simple regression analysis to analyze maintenance costs against machine hours (MH) for a
26-week period when the plant was in full operation. The regression yielded the following estimated cost function:
Maintenance Cost = $60 + $0.25/MH
The regression analysis also generated a coefficient of determination (R2), or goodness of fit, of 0.85. Which of the following statements regarding this regression analysis is appropriate?

Question75: An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of
90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

Question76: A code of business conduct should include which of the following to increase its deterrent effect?
1. Appropriate descriptions of penalties for misconduct.
2. A notification that code of conduct violations may lead to criminal prosecution.
3. A description of violations that injure the interests of the employer.
4. A list of employees covered by the code of conduct.

Question77: An audit of an organization's fulfillment department discovered that problems in the order processing system led to a significant number of orders being fulfilled multiple times. During the exit conference, the head of the department informed the auditors that the processing system would be enhanced within six months to correct the problems. Which course of action should the chief audit executive follow?

Question78: To furnish useful and timely information and promote improvements in operations, internal auditors should provide:

Question79: The internal audit activity of an organization obtained approval to add a senior auditor to its staff. The chief audit executive, audit manager, and audit supervisor each will interview the candidates. According to the Standards, which of the following best explains the involvement of management in the interview process?

Question80: Which of the following is the best approach for obtaining feedback from engagement clients regarding the quality of internal audit work?

Question81: A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?

Question82: According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?

Question83: In a review of an electronic data interchange application using a third-party service provider, the auditor should:
I. Ensure encryption keys meet International Organization for Standardization (ISO) standards.
II. Determine whether an independent review of the service provider's operation has been conducted.
III. Verify that only public-switched data networks are used by the service provider.
IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit.

Question84: A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an internal auditor look for as an indicator of employee theft of food from a specific store?

Question85: After completing a fraud investigation but before publishing a formal written report, the chief audit executive should submit a draft of the final report to the organization's:

Question86: A company has recently incurred significant cost overruns on one of its construction projects. Management suspects that these overruns were caused by the contractor improperly accounting for costs related to contract change orders. Which of the following procedures would be appropriate for testing this suspicion?
I. Verify that the contractor has not charged change orders with costs that have already been billed to the original contract.
II. Determine if the contractor has billed for original contract work that was canceled as a result of change orders.
III. Verify that the change orders were properly approved by management.

Question87: Which of the following is a red flag associated with fictitious revenues?

Question88: An internal auditor has a recommendation to change operations which could potentially increase profits by
$50,000. The best way to sell this recommendation to management is to:

Question89: In preparing to facilitate a control self-assessment session, an auditor would be least likely to ensure that:

Question90: In evaluating the validity of different types of audit evidence, which of the following conclusions is not correct?

Question91: Which of the following audit planning activities adds the least value in understanding the current risk exposures facing the corporation?

Question92: According to the Standards, which of the following best describes what must be agreed upon to establish an understanding with clients prior to starting a consulting engagement?

Question93: While developing a risk based audit plan, which of the following sources of information would provide the least value to the chief audit executive?

Question94: Which of the following would be an appropriate and effective control self-assessment approach in an organization with an authoritative culture?
I . Facilitated meeting
II . Survey
III . Management-produced analysis

Question95: What is the most important risk in determining the validity of construction delay claims?

Question96: According to IIA guidance,when performing a compliance audit of data security standards for a large e- commerce retailer, which of the following would represent the least likely area of risk exposure?

Question97: The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?

Question98: A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

Question99: Which of the following risks assumes an absence of compensating controls in the area being reviewed?

Question100: While performing an audit of the human resources department, an internal auditor discovered unencrypted files containing the personal information of employees stored on a public shared drive. According to IIA guidance, which of the following actions by the auditor would be the most appropriate?

Question101: According to the Standards, which of the following would least likely be considered a red flag when evaluating the risk for fraud?

Question102: Which of the following statements describes an engagement planning best practice?

Question103: According to the International Professional Practices Framework, the responsibility for establishing and maintaining a system to monitor the disposition of results communicated to management falls upon:

Question104: Productivity statistics are provided quarterly to a company's board of directors. An auditor checked the ratios and other statistics in the four most recent reports. The auditor used scratch paper and copies of the board reports to verify the accuracy of computations and compared the data used in the computations with supporting documents. The auditor wrote a note describing this work for the workpapers and then discarded the scratch paper and report copies. The auditor's note stated.
"The ratios and other statistics in the quarterly board reports were checked for the last four quarters, and appropriate supporting documents were examined. All amounts appear to be appropriate." In this situation:

Question105: A large retail organization, which sells most of its products online, experiences a computer hacking incident.
The chief IT officer immediately investigates the incident and concludes that the attempt was not successful.
The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.

Question106: A chief audit executive (CAE) of a major retailer has engaged an independent firm of information security specialists to perform specialized internal audit activities. The CAE can rely on the specialists' work only if it is:

Question107: What is the primary factor that determines the depth and breadth of audit follow-up?

Question108: The internal audit activity performs the following sequence of risk management activities: identification, analysis, and evaluation. According to IIA guidance, which of the following assurance approaches does this describe?

Question109: Which of the following is the best problem-solving technique to use when analyzing performance and cost?

Question110: A key to effective benchmarking in a consulting engagement is identifying the issues that can be:

Question111: The chief audit executive (CAE) determined that based on management's oral response, the action taken regarding an audit observation was sufficient when weighted against the relative importance of the audit recommendation. Which of the following is the most appropriate step for the internal auditor to take next?

Question112: When approving the final engagement report, which of the following is most critical?

Question113: According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

Question114: According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?

Question115: While performing a follow-up of a concern about equipment-inventory tracking, which course of action is not necessary for the auditor to take?

Question116: Which of the following would not be an appropriate step for an internal auditor to perform during an assessment of compliance with an organization's privacy policy?

Question117: Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?

Question118: Which of the following examples of audit evidence is the most persuasive?

Question119: For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?

Question120: When determining the nature, timing, and extent of follow up, the chief audit executive considers all of the following factors except:

Question121: A company owns a machine that will produce 100 light switches in four hours. Due to increased demand, a second machine capable of producing 100 light switches in three hours has been added.
Approximately how many hours will it take to produce 100 light switches using both machines working together?

Question122: According to the Standards, which of the following is applicable to the internal audit activity's quality assurance and improvement program?

Question123: New environmental regulations require the board to certify that the organization's reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization's compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?

Question124: Which of the following actions is related to the preliminary survey process?

Question125: Which of the following is most appropriate when conducting an interview during the course of a fraud investigation?

Question126: Which of the following best defines an audit opinion?

Question127: Which of the following methods would an auditor most likely use to document a complex sales order process?

Question128: Which of the following tests must an internal auditor perform in order to ensure that inbound electronic data interchange (EDI) transactions are received and translated accurately?
I. Computerized tests to assess transaction reasonableness and validity.
II. Review of log books to ensure that transactions are logged upon receipt.
III. Edit checks to identify unusual transactions.
IV. Verification of limitations on the authority of users to initiate specific EDI transactions.

Question129: Which of the following would provide the greatest assurance of the accuracy of a computer program's computation of freight charges for catalog sales?

Question130: Production managers for a manufacturing company are authorized to prepare emergency purchase orders for raw materials. These manually prepared orders do not go through the purchasing department and do not require a receiving report. The managers forward the invoice and purchase order to the accounting department for payment. Which of the following internal controls would efficiently prevent abuse of this system?

Question131: Which of the following data collection strategies systematically tests the effects of various factors on an outcome?

Question132: If management expects 100 percent compliance with a procedure, which of the following sampling approaches would be most appropriate?

Question133: An audit of management's quality program includes testing the accuracy of the cost-of-quality reports provided to management. Which of the following internal control objectives is the focus of this testing?

Question134: As a result of a recent discovery of false information on employment applications, an internal auditor has reviewed hiring procedures. Which of the following represents a weakness in the control system?
I. Applicants are not required to have their signed applications legally authenticated.
II. Applicants' educational information is not validated with the educational institution before employment is offered.
III. Information related to applicants' long-term work history is not validated before employment is offered.

Question135: The chief audit executive (CAE) notes during review of the final report of an assurance engagement that management has decided to accept the risks of two significant exposures identified by the audit. Which of the following actions by the CAE would be least prudent in these circumstances?

Question136: Which of the following actions has the least influence on the chief audit executive's development of an audit plan?

Question137: According to the International Professional Practices Framework, the internal audit activity's decision to defer follow-up of recommendations and management's corrective actions until the next scheduled engagement for the area is justified when:

Question138: Which of the following controls in a computerized consumer loan system of a major bank would be the least effective in detecting a fraudulent loan?

Question139: An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group.
Which of the following is the most appropriate role that she should assume when facilitating the workshop?

Question140: Which of the following conclusions would be appropriate for a beginning auditor performing an audit of a payroll department?

Question141: An internal auditor would most likely use attributes sampling when testing which of the following?

Question142: Which of the following data sources would provide the least valid data for an audit of a retail store's customer service?

Question143: According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?
1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.
2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.
3. Provide structured learning opportunities for engagement auditors when possible.
4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.

Question144: An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

Question145: Which of the following statements is true?

Question146: An appliance repair company is considering relocating the center that houses its service vehicles. An internal auditor wants to determine the potential reduction in average miles driven by the service vehicles if the center is relocated. Which of the following statistical sampling methods would be most appropriate for this test?

Question147: The internal auditor's opinion in terms of due professional care should be:

Question148: An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services.
Which of the following actions is most appropriate for the internal auditor to take?

Question149: A chief audit executive has noticed that staff auditors are presenting more oral reports to supplement written reports. The best reason for the increased use of oral reports is that they:

Question150: Which of the following is the most common method management can use to manage risk within its risk appetite?

Question151: According to the International Professional Practices Framework, which of the following statements is correct regarding the communication of audit results?
I. Summary reports may be issued separately from or in conjunction with the final report.
II. Interim reports may be written or oral.
III. Detailed reports should always be issued to the audit committee.
IV. Interim reports should be used to communicate information which requires immediate attention.

Question152: The internal audit activity's primary responsibility in a review or examination of the organization by an external regulatory body is to:

Question153: A governmental auditor was assigned to determine reasons why the students in one region scored significantly higher on education evaluation tests than did the students in another region. Previous research showed that there is a direct correlation between public financial support and student results. Which of the following is most likely to explain the difference in the regional results?

Question154: An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

Question155: Monetary-unit sampling is most useful when the internal auditor:

Question156: Which of the following situations might allow an employee to steal checks sent to an organization and subsequently cash them?

Question157: As part of an operational audit, an auditor compared records of current inventory with usage during the prior two-year period and determined that the spare parts inventory was excessive. What step should the auditor perform first?

Question158: Which of the following is true regarding roles and responsibilities in risk management processes?

Question159: A manufacturing organization is considering a merger with a similar firm, and requests that the chief audit executive (CAE) perform a due diligence audit. During the preliminary survey, the CAE notes that inventory management is a high risk area. In consultation with the external auditors and legal advisors, the CAE learns that they share those concerns. Which of the following is the CAE's best course of action?

Question160: The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?

Question161: Which of the following is least likely to vary when conducting audit engagements in different regions of an international organization?

Question162: After becoming aware of control weaknesses indicating that a fraud could have been committed, which of the following actions should an internal auditor take next?

Question163: An internal auditor is reviewing purchases made through the organization's corporate credit card program.
Which of the following statements best describes a root cause of a deficiency?

Question164: Because of a new marketing initiative, an organization has reduced requirements for extending credit to new customers. As a result, outstanding accounts receivable as a percentage of revenue has increased significantly during the past two years. Which of the following would be least useful in monitoring this finding?

Question165: Which of the following activities would be performed during a benchmarking consulting engagement?
I. Collect data relevant to the benchmarking process.
II. Review all business processes.
III. Define critical success factors.
IV. Identify performance gaps.

Question166: Which of the following conditions is the strongest indicator of possible fraud?

Question167: A chief audit executive (CAE) is evaluating four potential audit engagements based on the following factors:
the engagement's ability to reduce risk to the organization, the engagement's ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parentheses:
Risk Reduction
Cost Savings
Changes
High (3)
Medium (2)
Low (1)
High (3)
Low (1)
High (3)
Low (1)
High (3)
Medium (2)
Medium (2)
Medium (2)
High (3)
If the organization has asked the CAE to consider the cost savings factor to be twice as important as any other factor, which engagements should the CAE pursue?

Question168: Which of the following would not be characteristic of control self-assessment implemented by an audit department?

Question169: If participants in a control self-assessment workshop begin breaking their agreed-upon ground rules, the facilitator should:

Question170: Under what circumstances would internal audit not become involved when intentional misconduct is suspected?

Question171: The chief executive officer has requested that the chief audit executive (CAE) coordinate the establishment of an enterprise risk management (ERM) program for the organization. Which of the following would be the most appropriate action for the CAE?

Question172: According to IIA guidance, which of the following are potential benefits of using an assurance map?

Question173: Which of the following is a preventive control strategy against fraud?

Question174: Which of the following factors could interfere with effective problem solving by an internal auditor?
I. Reacting to previous experiences with clients.
II. Focusing only on the most likely cause.
III. Correcting the symptoms of problems.

Question175: While preparing the annual audit plan, the newly assigned chief audit executive (CAE) learns that the organization has not yet implemented a risk framework. Which of the following would be the most appropriate action for the CAE to take regarding potential engagements?

Question176: Which of the following would constitute a violation of the IIA Code of Ethics?

Question177: Which of the following statements is correct regarding the assessment of risk in the annual audit planning process?
1. Activities requested by management should be considered higher risk than those requested by the audit committee.
2. Activities with lower budgets can be as high risk as those with higher budgets.
3. The potential financial or adverse exposure should always be considered in the assessment of risk.

Question178: An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information. The internal auditor reviews the retirement benefits plan and determines that the pension and medical benefits have been changed several times in the past ten years. The auditor wishes to determine whether there is justification to perform further audit investigation. The most appropriate audit procedure would be to: