EMT Practice Test

1. Question Content...


Question List

Question1: After issuance of the engagement final communication for an audit of an organization's accounts payable function, which of the following should be sent satisfaction surveys?
1. Manager of disbursements.
2. Controller.
3. Chief operating officer.
4. Audit committee members.

Question2: To furnish useful and timely information and promote improvements in operations, internal auditors should provide:

Question3: The internal auditor of a bank has developed a multiple regression model which has been used for a number of years to estimate the amount of interest income from commercial loans. During the current year, the auditor applies the model and discovers that the R2 value has decreased dramatically, but that the model otherwise seems to be working correctly. Which of the following conclusions is justified by the change?

Question4: Which of the following best describes the four components of a balanced scorecard?

Question5: An internal auditor noticed that employees with responsibilities for cash collection had recently issued an unusually large number of credit memos, indicating that the original charges had been made to the wrong customer accounts. From a control standpoint, the auditor would be concerned with the possibility that:

Question6: Which of the following is most appropriate when conducting an interview during the course of a fraud investigation?

Question7: A company has recently incurred significant cost overruns on one of its construction projects. Management suspects that these overruns were caused by the contractor improperly accounting for costs related to contract change orders. Which of the following procedures would be appropriate for testing this suspicion?
I. Verify that the contractor has not charged change orders with costs that have already been billed to the original contract.
II. Determine if the contractor has billed for original contract work that was canceled as a result of change orders.
III. Verify that the change orders were properly approved by management.

Question8: The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?

Question9: Which of the following might alert an auditor to the possibility of fraud in a division?
1. The division is not scheduled for an external audit this year.
2. Sales have increased by 10 percent.
3. A significant portion of management's compensation is directly tied to reported net income of the division.

Question10: As part of an operational audit of the shipping department, an auditor selected a sample of 45 daily shipping logs from the department's files. On 44 of the days, the log contained a sufficient number of shipments to meet the department's daily quota. Based on this test, the auditor concluded that the shipping department was effective at meeting its quotas. Which of the following is true about the auditor's conclusion?

Question11: Which of the following would be the best audit procedure to use to determine if a division's unusually high sales and gross margin for November and December were the result of fraudulently recorded sales?

Question12: During an engagement the internal auditors reported that the organization was paying suppliers without receiving the merchandise. Management responded that it would immediately establish the use of receiving reports. As part of the follow-up activity, which of the following procedures would be the most appropriate in determining that management action was implemented?

Question13: According to the Standards, which of the following best describes the responsibility of the chief audit executive (CAE) for approving the final engagement report?
* The CAE is responsible for obtaining management approval before issuing the final report.
* The CAE has overall responsibility for the report but can delegate the review and approval of the report.
* The CAE is responsible for obtaining senior management's approval before releasing the final report.
* The CAE is responsible for approving to whom and how the final report will be disseminated.

Question14: Company A has a formal comprehensive corporate code of ethics while company B does not.
Which of the following statements regarding the existence of the code of ethics in company A can be logically inferred?
I.Company A exhibits a higher standard of ethical behavior than does company B.
II.
Company A has established objective criteria by which an employee's actions can be evaluated.
III.
The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company.

Question15: An audit of a Web-based third-party payment processor determined that a programming error enabled customers to create multiple accounts for each mailing address. This caused problems during the processing of credit card transactions. Management agreed to correct the program and notify customers with multiple accounts that the accounts would be consolidated. What should the auditor do in response?
I. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
II. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
III. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
IV. Do nothing because management has agreed to address the problem.

Question16: One method for dealing with the uncertainty of demand forecasts used in linear programming is to extend the model solution to include:

Question17: A report prepared by the internal audit activity contains several observations that disclose proprietary information regarding the organization's manufacturing process. According to the International Professional Practices Framework, which of the following is the appropriate treatment for this report?

Question18: Which of the following audit procedures is most suitable for verifying that all sales transactions have been recorded?

Question19: In a client satisfaction survey for an internal audit engagement, client management should be asked to assess which of the following factors?
1. Audit team's knowledge of the audited area.
2. Usefulness of the audit results.
3. Quality of management of the internal audit activity.
4. Clarity of the scope and objectives of the audit engagement.

Question20: According to IIA guidance, which of the following strategies would be the least effective in helping a chief audit executive build a stronger relationship with the board?

Question21: Which characteristic of risk assessment makes it a useful tool for audit planning?

Question22: An internal audit activity is planning its first audit of IT shared services. Which of the following controls would typically be evaluated first?

Question23: Which of the following factors should a chief audit executive consider when determining the audit universe?
1. Components of the organization's strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.

Question24: An internal auditor provided the following statement about division A's performance during the month: "Because supplies of raw material X were scarce, division A's profits declined by 15 percent." Which of the following can be validly concluded from the auditor's statement?
1. Division A's production level declined by 15 percent.
2. Division A could have sold more products than it produced.
3. Division A usually sells all of the products that it produces.

Question25: Which of the following would most likely contribute to discrepancies between receiving reports and the number of units in a shipment?

Question26: Senior management of an organization has requested that the internal audit activity provide ongoing internal control training for all managerial personnel. This is best addressed by:

Question27: Which of the following types of sampling techniques should an internal auditor use when testing the effectiveness of internal controls?

Question28: Which of the following topics must the internal audit staff discuss with management during the exit conference?
1.Issues identified during the audit.
2.Evaluation criteria used to select controls for testing.
3.Staff who were interviewed during the audit.
4.The reporting process for the draft and final report.

Question29: After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?

Question30: Which of the following is an example of the verification of internal documentary evidence?

Question31: An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

Question32: Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?

Question33: During the quarterly review of the internal audit activity's performance, the chief audit executive (CAE) notes that actual engagement hours consistently exceed the budget. Which of the following strategies would most likely help the CAE address this problem?
The budget should consider time spent on similar engagements.
The budget should consider the proficiency of the assigned auditors.
The budget estimate should provide for unexpected delays.
The budget should be specific as to time for each work assignment.

Question34: An organization has a large number of vendors supplying goods to its various branches across the region. The code of conduct statements signed by the employees specify that the employees or their families will not sell goods to the organization. However, during the internal audit of a branch, the internal auditor suspected that some of the employees may be supplying goods to the organization contrary to the code of conduct. The chief audit executive has requested that a thorough review be completed to identify the potential employee vendors. Of the following tests, it would be least useful to compare [List A] with [List B].
[List A]
[List B]

Question35: During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?

Question36: An auditor-in-charge is preparing her audit team for a consulting engagement at one of the organization's foreign subsidiaries. According to the Standards, which of the following would not be a necessary step prior to beginning the engagement?

Question37: An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?

Question38: An audit engagement objective at a manufacturer is to determine the quality of raw materials purchased.
Which of the following actions would best enable an internal auditor to satisfy this objective?

Question39: All of the following tools are employed to control large-scale projects except:

Question40: Which of the following would be included in an internal audit department's quality assurance and improvement program?
1. Ongoing internal assessments of the performance of the internal audit department.
2. Periodic internal reviews through self-assessments.
3. Assessments conducted by a qualified external reviewer at least once every five years.

Question41: An internal auditor is conducting tests to determine if an organization is in compliance with its payment approval policies. After reviewing a sample of vouchers selected, the internal auditor concluded that there were indicators of fraud. Which of the following would be the most appropriate method to expand the audit test to achieve the audit objective?
I. Validate the completeness of the accounts payable files.
II. Examine the sample of vouchers in greater detail.
III. Increase the number of vouchers in the sample.
IV. Broaden the scope of the examination to include credits received by accounts payable.

Question42: Information gathered in a forensic investigation of business fraud is usually gathered with which of the following standards in mind?

Question43: An auditor receives anonymous information that fraud is occurring in the operation being audited, but no details are given as to the type of fraud or the individuals involved. There are several areas in which fraud could occur. The auditor should:

Question44: Which of the following tests must an internal auditor perform in order to ensure that inbound electronic data interchange (EDI) transactions are received and translated accurately?
I. Computerized tests to assess transaction reasonableness and validity.
II. Review of log books to ensure that transactions are logged upon receipt.
III. Edit checks to identify unusual transactions.
IV. Verification of limitations on the authority of users to initiate specific EDI transactions.

Question45: Which of the following is an effective way for an internal auditor to improve communications with the client during a contentious audit?

Question46: Which of the following is an advantage of control self-assessment (CSA) over conventional auditing techniques?

Question47: A company has recently incurred significant cost overruns on one of its construction projects. Management suspects that these overruns were caused by the contractor improperly accounting for costs related to contract change orders. Which of the following procedures would be appropriate for testing this suspicion?
I.Verify that the contractor has not charged change orders with costs that have already been billed to the original contract.
II.
Determine if the contractor has billed for original contract work that was canceled as a result of change orders.
III.

Question48: According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?

Question49: A payroll clerk enters payroll transactions into the general ledger. The staff accountant reconciles the payroll ledgers. The payroll manager issues the manual payroll checks. The checks are maintained in a locked cabinet. The chief financial officer secures the keys to the cabinet. The payroll clerk distributes the manual checks.
The payroll manager reconciles the bank statements monthly. Which of the following audit steps best addresses the risk of fraud in the payroll process?

Question50: A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?

Question51: An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity (IAA) may provide risk management consulting?
- There is a clear strategy and timeline to migrate risk management responsibility
back to management. - The IAA has the final approval on any risk management decisions. - The IAA does not give objective assurance on any part of the risk management
framework for which it is responsible. - The nature of services provided to the organization is documented in the internal audit charter.

Question52: According to the Standards, which of the following is an attribute when applied to the observations and recommendations contained in the audit report?

Question53: When interviewing an individual in relation to a fraud investigation, which course of action should the internal auditor follow?

Question54: Which of the following types of contracts would provide the least incentive for a contractor to achieve economy and efficiency?

Question55: Which of the following would be the least desirable criteria against which to judge current operations of an organization's treasury function?

Question56: Which of the following would have the least impact (either positive or negative) on an assessment of a department's control environment?

Question57: What would be used to determine the collectability of accounts receivable balances?

Question58: Which of the following is the correct ratio to use in calculating the dollar value of the population if the auditor is using ratio estimation?
Number of Items
Audited Value
Carrying Amount
Sample
300
$500,000
$480,000
Population
3,000
$5,000,000

Question59: An internal audit activity is participating in the due diligence work for an acquisition that a company is considering. One engagement objective is to determine if the acquisition's accounts payable contain all outstanding liabilities. Which of the following audit procedures would not be relevant for this objective?

Question60: During an audit of a major contract, an auditor finds that actual hours and dollars billed are consistently at or near budgeted amounts. This condition is a red flag for which of the following procurement fraud schemes?

Question61: Cross-referencing individual payroll time cards to personnel department records and reports would allow an internal auditor to determine whether:

Question62: During a review of performance measures in an organization's purchasing function, the preliminary survey indicates that most of the measures have been in use for some time. The internal auditor should:

Question63: During a consulting engagement, an internal auditor identifies new risks which will impact the scope and sufficiency of the engagement audit plan. According to the Standards, the internal auditor should:

Question64: Which of the following audit steps would be most effective to review proper recording of and accountability over physical assets?
1. Physically inspect all assets on the organization's property.
2. Select a sample department and physically inspect assets in the department.
3. Select a sample from the organization's records of physical assets and physically locate each asset.
4. Identify assets at a sample of locations and trace to the organization's records.

Question65: The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1.Use an external service provider.
2.Conduct a self-assessment with independent validation.
3.Arrange for a review by qualified employees outside of the IAA.
4.Arrange for reciprocal peer review with another CAE.

Question66: The following is an excerpt from an audit engagement workpaper:
* A Company
* Accounts Receivable
* Date
Objective. To determine if the computer system is correctly recording all accounts receivable transactions.
Procedures: Judgmental selection of a sample of all accounts receivable balances greater than $50,000 for positive confirmation of balances.
Conclusion: Based on the results of testing wherein all but three confirmations were returned, the accounts receivable balance is fairly presented in all material respects.
Which of the following is true regarding the workpaper?

Question67: An internal auditor provided the following statement about division A's performance during the month:
"Because supplies of raw material X were scarce, division A's profits declined by 15 percent." Which of the following can be validly concluded from the auditor's statement?
I. Division A's production level declined by 15 percent.
II. Division A could have sold more products than it produced.
III. Division A usually sells all of the products that it produces.

Question68: As part of an operational audit, an auditor compared records of current inventory with usage during the prior two-year period and determined that the spare parts inventory was excessive. What step should the auditor perform first?

Question69: Which of the following is an example of the verification of internal documentary evidence?

Question70: An auditor receives anonymous information that fraud is occurring in the operation being audited, but no details are given as to the type of fraud or the individuals involved. There are several areas in which fraud could occur. The auditor should:

Question71: Which of the following would be a red flag that indicates the possibility of inventory fraud?
I. The controller has assumed responsibility for approving all payments to certain vendors.
II. The controller has continuously delayed installation of a new accounts payable system, despite a corporate directive to implement it.
III. Sales commissions are not consistent with the organization's increased levels of sales.
IV. Payments to certain vendors are supported by copies of receiving memos, rather than originals.

Question72: A performance audit engagement typically involves:

Question73: During an audit of an ethics program, which of the following procedures are most appropriate to evaluate the effectiveness of the program?
* Testing whether corrective actions taken on involved parties breaching the ethics program are adequate.
* Testing whether all employees are mandated through policy to comply with the ethics program.
* Testing whether all employees are required to confirm in writing their compliance with the ethics program.
* Testing through surveys employee's level of understanding and commitment to the ethics program.

Question74: Which of the following statements regarding the risk management process' support of the internal audit activity is true?

Question75: An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

Question76: Monetary-unit sampling is most useful when the internal auditor:

Question77: While reviewing the draft report of an audit engagement, the chief audit executive (CAE) is not in agreement with management's acceptance of the potential risk exposure resulting from an observed key control weakness. Which of the following actions by the CAE would be appropriate for addressing this concern?
Meet with the auditor-in-charge.
Discuss with senior management.
Monitor the result of the accepted risk.
Report the matter to the board.

Question78: A chief audit executive (CAE) suspects that several employees have used desktop computers for personal gain. In conducting an investigation, the primary reason that the CAE would choose to engage a forensic information systems auditor rather than using the organization's information systems auditor is that a forensic information systems auditor would possess:

Question79: An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)

Question80: What is the most important risk in determining the validity of construction delay claims?

Question81: The chief audit executive (CAE) determined that based on management's oral response, the action taken regarding an audit observation was sufficient when weighted against the relative importance of the audit recommendation. Which of the following is the most appropriate step for the internal auditor to take next?

Question82: Which of the following would constitute a violation of the IIA Code of Ethics?

Question83: An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?

Question84: Which of the following should be included in the scope of an audit of a third-party contractor?
1. Budgets and financial forecasts for the project.
2. Contractor's information and control systems.
3. Contractor's financial position.
4. Progress of the project and costs incurred.

Question85: According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?

Question86: Which of the following would be a red flag that indicates the possibility of inventory fraud?
I. The controller has assumed responsibility for approving all payments to certain vendors.
II. The controller has continuously delayed installation of a new accounts payable system, despite a corporate directive to implement it.
III. Sales commissions are not consistent with the organization's increased levels of sales.
IV.
Payments to certain vendors are supported by copies of receiving memos, rather than originals.

Question87: According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?
1.Coordinate audit team members to ensure the efficient execution of all engagement procedures.
2.Confirm engagement workpapers properly support the observations, recommendations, and conclusions.
3.Provide structured learning opportunities for engagement auditors when possible.
4.Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.

Question88: An organization's internal auditors are reviewing production costs at a gas-powered electrical generating plant. They identify a serious problem with the accuracy of carbon dioxide emissions reported to the environmental regulatory agency, due to computer errors. The auditors should immediately report the concern to:

Question89: Which of the following is a detective control for managing the risk of fraud?

Question90: According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

Question91: An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

Question92: Which of the following would be an appropriate and effective control self-assessment approach in an organization with an authoritative culture?
I. Facilitated meeting
II. Survey
III. Management-produced analysis

Question93: During an engagement, an internal auditor discovered that an organization's policy on delegation of authority listed six individuals who were no longer employed with the organization. In addition, four individuals acting with disbursement authority were not identified in the policy as having such authority. Which of the following is the most effective course of action to address the control weakness?

Question94: During the planning phase of an audit of the treasury function, an internal auditor conducted a risk assessment of the function in order to:

Question95: When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

Question96: An internal auditor has just undertaken an organization-wide risk assessment. In identifying potential audit engagements, the internal auditor should consider least:

Question97: Which of the following best defines an engagement conclusion?

Question98: An appliance repair company is considering relocating the center that houses its service vehicles. An internal auditor wants to determine the potential reduction in average miles driven by the service vehicles if the center is relocated. Which of the following statistical sampling methods would be most appropriate for this test?

Question99: The chief audit executive (CAE) of an organization has established an internal audit activity (IAA) quality assessment program. According to IIA guidance, which of the following would be part of this program?

Question100: Which of the following statements is true pertaining to interviewing a fraud suspect?
1. Information gathered can be subjective as well as objective to be useful.
2. The primary objective is to obtain a voluntary written confession.
3. The interviewer is likely to begin the interview with open-ended questions.
4. Video recordings always should be used to provide the highest quality evidence.

Question101: An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information. The internal auditor reviews the retirement benefits plan and determines that the pension and medical benefits have been changed several times in the past ten years. The auditor wishes to determine whether there is justification to perform further audit investigation. The most appropriate audit procedure would be to:

Question102: An internal auditor is discussing an audit problem with an engagement client. While listening to the client, the internal auditor should:

Question103: If an auditor used nonstatistical sampling instead of statistical sampling to estimate the value of inventory, which of the following would be true?

Question104: A report prepared by the internal audit activity contains several observations that disclose proprietary information regarding the organization's manufacturing process. According to the International Professional Practices Framework, which of the following is the appropriate treatment for this report?

Question105: Which of the following techniques could be used to evaluate the effectiveness of changes to the operation of a computer help line?

Question106: Which of the following methods would an auditor most likely use to document a complex sales order process?

Question107: An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

Question108: When conducting research, which of the following is most important?

Question109: Which of the following statements is true regarding the communication of audit engagement observations?

Question110: The chief audit executive (CAE) of an organization has established an internal audit activity (IAA) quality assessment program. According to IIA guidance, which of the following would be part of this program?

Question111: An organization's policies allow buyers to authorize expenditures up to $50,000 without any other approval. Which of the following audit procedures would be most effective in determining if fraud in the form of payments to fictitious companies has occurred?

Question112: Which of the following statements about internal audit's follow-up process is true?

Question113: The final internal audit report should be distributed to which of the following individuals?

Question114: The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?

Question115: All of the following tools are employed to control large-scale projects except:

Question116: When performing a compliance audit of the organization's outsourced services, which of the following is considered the primary engagement objective?

Question117: An internal auditor for a large telecommunications organization identified potential risk factors related to a planned billing system conversion. Which of the following risk factors would present the least potential exposure to the organization?

Question118: During a systems development audit, software developers indicated that all programs were moved from the development environment to the production environment and then tested in the production environment. What should the auditor recommend?
I. Implement a test environment to ensure that testing is not performed in the production environment.
II. Require developers to move modified programs from the development environment to the test environment and from the test environment to the production environment.
III. Eliminate access by developers to the production environment.

Question119: According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?

Question120: When determining the nature, timing, and extent of follow up, the chief audit executive considers all of the following factors except:

Question121: Which of the following would constitute a violation of the IIA Code of Ethics?

Question122: According to IIA guidance, which of the following is the least appropriate role for the internal audit activity in the organization's risk management program?

Question123: An audit of an organization's fulfillment department discovered that problems in the order processing system led to a significant number of orders being fulfilled multiple times. During the exit conference, the head of the department informed the auditors that the processing system would be enhanced within six months to correct the problems. Which course of action should the chief audit executive follow?

Question124: A chief audit executive agrees to conduct an engagement that will focus on customers' perceptions of the quality of the organization's products and services. Which of the following issues should be addressed first?

Question125: Direct staff as a percentage of total staff is an example of which of the following types of efficiency measures?

Question126: As part of an operational audit, an auditor compared records of current inventory with usage during the prior two-year period and determined that the spare parts inventory was excessive. What step should the auditor perform first?

Question127: An internal audit activity implemented an integrated test facility to test payroll processing. The auditors identified the key controls and processing steps built into the computer program and developed test data to test them. The auditors submitted test transactions throughout the year and did not find any differences in their test results. The auditors can conclude that:

Question128: A report prepared by the internal audit activity contains several observations that disclose proprietary information regarding the organization's manufacturing process. According to the International Professional Practices Framework, which of the following is the appropriate treatment for this report?

Question129: Which of the following events would most likely cause the chief audit executive to consider changing the current year's audit plan?
1. The government announced that new regulatory requirements will be introduced in the coming years which may significantly impact the organization's primary product.
2. A major competitor unexpectedly introduced a new model at a lower price point to compete with the organization's market leading product.
3. The organization announced a new joint venture with a long time corporate partner to introduce a new product with development costs and sales beginning next fiscal year.
4. An equal joint venture partner filed a lawsuit against the organization and requested that the court issue an immediate suspension of future product shipments.

Question130: When addressing the excessive overtime being paid lo employees in an organization's customer service call center, which of the following would be most relevant for the internal auditor to use?
1 Confirmation.
2. Trend analysis.
3 External benchmarking
4. Internal benchmarking

Question131: Which of the following conditions are necessary for successful change management?
1.Decisions and necessary actions are taken promptly.
2.The traditions of the organization are respected.
3.Changes result in improvement or reform.
4.Internal and external communications are controlled.

Question132: Checklists used to assess audit risk have been criticized for all of the following reasons except:

Question133: It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?

Question134: While performing a follow-up of a concern about equipment-inventory tracking, which course of action is not necessary for the auditor to take?

Question135: An internal audit activity implemented an integrated test facility to test payroll processing.
The auditors identified the key controls and processing steps built into the computer program and developed test data to test them. The auditors submitted test transactions throughout the year and did not find any differences in their test results. The auditors can conclude that:

Question136: An internal auditor compares real-time gasoline production data to corresponding final gasoline production reports and finds minor but consistent daily discrepancies. If the auditor is concerned about theft, which of the following next steps is most consistent with IIA guidance?

Question137: What is the primary factor that determines the depth and breadth of audit follow-up?

Question138: An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management's compliance with privacy laws for safeguarding customer information stored on the organization's servers Which course of action is appropriate for this phase of the engagement?

Question139: The following audit observation was included in the final audit report:
"Our review concluded that bank reconciliation statements for March and April did not show evidence of supervisory review. We recommend strict compliance with the controller's manual, which requires the department head to place their initials on the reconciliation statements to document their review."
Which of the following attributes are missing from the above audit observation?
----
Criteria. Condition. Cause. Effect.

Question140: Which of the following events would most likely cause the chief audit executive to consider changing the current year's audit plan?
1. The government announced that new regulatory requirements will be introduced in the coming years which may significantly impact the organization's primary product.
2. A major competitor unexpectedly introduced a new model at a lower price point to compete with the organization's market leading product.
3. The organization announced a new joint venture with a long time corporate partner to introduce a new product with development costs and sales beginning next fiscal year.
4. An equal joint venture partner filed a lawsuit against the organization and requested that the court issue an immediate suspension of future product shipments.

Question141: An organization's internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?
1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.
2. The AIC should notify HR management before the planning stage begins.
3. The AIC should schedule formal status meetings with HR management at the start of the engagement.
4. The AIC should finalize the scope of the engagement before communicating with HR management.

Question142: Which of the following conditions should a chief audit executive take into account when deciding if a follow-up audit engagement is necessary?
The reported observations were significant and high risk. Internal audit resources and the time it will require for follow-up. Management may not have the resources to take action. Management has previously decided not to take any action.

Question143: Which of the following statements about including consulting engagements in the annual internal audit plan is true?

Question144: Which of the following performance criteria would be most useful when measuring the performance of a customer service desk?

Question145: Which of the following is true about surveys?

Question146: As part of a preliminary survey of the purchasing function, an internal auditor reads the department's policies and procedures manual and concludes that the manual describes the processing steps clearly and contains an appropriate internal control design. The next engagement objective is to evaluate the operating effectiveness of internal controls. Which procedure would fulfill this objective most effectively?

Question147: Which of the following is not a direct benefit of control self-assessment (CSA)?

Question148: During an audit of executive travel, an auditor noted that the president's travel expense reimbursements were approved by an executive secretary who reported to the president. The organization's reimbursement policy requires all travel expense reimbursements to be approved by the traveler's supervisor, but it does not address the president's reimbursements. Which of the following represents the auditor's best recommendation in this situation?

Question149: Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Question150: An internal auditor is planning an assurance engagement. The auditor first reviews the department's business objectives. What is the next step?

Question151: When internal auditors provide consulting services, the scope of the engagement is primarily determined by:

Question152: The chief audit executive (CAE) determined that based on management's oral response, the action taken regarding an audit observation was sufficient when weighted against the relative importance of the audit recommendation. Which of the following is the most appropriate step for the internal auditor to take next?

Question153: ----
Risk assessments can vary in format, but generally includE.
A description of identified risks.
Tests of audit controls.
A system of rating risks.
Sample size identification.

Question154: While conducting a payroll audit, an internal auditor in a large government organization found inadequate segregation in the duties assigned to the assistant director of personnel. When the auditor explained the risk of fraud, the assistant director became upset, terminated the interview, and threatened to sue the organization for defamation of character if the audit engagement was not curtailed. The auditor discussed the situation with the chief audit executive (CAE). The CAE should then:

Question155: Which of the following conditions are necessary for successful change management?
1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.

Question156: Which of the following is the correct ratio to use in calculating the dollar value of the population if the auditor is using ratio estimation?
Number of Items
Audited Value
Carrying Amount
Sample
300
$500,000
$480,000
Population
3,000
$5,000,000

Question157: Which of the following situations might allow an employee to steal checks sent to an organization and subsequently cash them?

Question158: An audit department has received anonymous information that an employee has allegedly been able to steal and cash checks sent to the organization by customers. What is the most efficient way for an auditor to determine how this type of fraud could occur and who might be the perpetrator?

Question159: Risk assessments can vary in format, but generally include:
1.A description of identified risks.
2.Tests of audit controls.
3.A system of rating risks.
4.Sample size identification.

Question160: An organization has a large number of vendors supplying goods to its various branches across the region. The code of conduct statements signed by the employees specify that the employees or their families will not sell goods to the organization. However, during the internal audit of a branch, the internal auditor suspected that some of the employees may be supplying goods to the organization contrary to the code of conduct. The chief audit executive has requested that a thorough review be completed to identify the potential employee vendors. Of the following tests, it would be least useful to compare [List A] with [List B].
[List A]
[List B]

Question161: During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit.
Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?

Question162: An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

Question163: Which of the following statements is true?

Question164: An auditor evaluating excessive product rejection rates should investigate:
I.Communication between sales and production departments on sales returns.
II.
Volume of product sales year-to-date in comparison to prior year-to-date.
III.
Changes in credit ratings of customers versus sales to those customers.
IV.
Detailed product scrap accounts and accumulations.

Question165: An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

Question166: Which of the following trends found on financial reports would most likely indicate a possible problem?

Question167: Which of the following is not an outcome of control self-assessment?

Question168: An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person Which of the following risks most appropriately describes this situation?

Question169: A chief audit executive (CAE) has decided to add an engagement to the current audit plan which will exceed available audit resources. Which of the following is the best course of action for the CAE to take?

Question170: While reviewing the draft report of an audit engagement, the chief audit executive (CAE) is not in agreement with management's acceptance of the potential risk exposure resulting from an observed key control weakness. Which of the following actions by the CAE would be appropriate for addressing this concern?
* Meet with the auditor-in-charge.
* Discuss with senior management.
* Monitor the result of the accepted risk.
* Report the matter to the board.

Question171: The most effective way for internal auditors to enhance the reliability of computerized financial and operating information is by:

Question172: An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?

Question173: Which of the following is the most appropriate step for the chief audit executive to take in order to avoid defamation of character of the principal suspect in a fraud investigation?

Question174: When establishing the internal audit activity's annual plan, which of the following would be the best source of potential audit engagement topics?

Question175: A manufacturing organization is considering a merger with a similar firm, and requests that the chief audit executive (CAE) perform a due diligence audit. During the preliminary survey, the CAE notes that inventory management is a high risk area. In consultation with the external auditors and legal advisors, the CAE learns that they share those concerns. Which of the following is the CAE's best course of action?

Question176: According to IIA guidance, organizations have the most influence on which element of fraud?

Question177: Prior to performing testing an internal auditor has determined that a primary process control failed due to design weakness. Which of the following actions should the auditor perform next?

Question178: Which of the following tasks is typically performed in the analysis phase of a benchmarking consulting engagement?

Question179: An auditor is scheduled to audit payroll controls for a company which has recently outsourced its processing to an information service bureau. What action should the auditor take, considering the outsourcing decision?

Question180: After completing a fraud investigation but before publishing a formal written report, the chief audit executive should submit a draft of the final report to the organization's:

Question181: Which of the following would constitute a violation of the IIA Code of Ethics?

Question182: Which of the following describes an internal auditor's responsibilities to include audit procedures to detect fraud in audits of a multinational organization?

Question183: Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Question184: During a systems development audit, software developers indicated that all programs were moved from the development environment to the production environment and then tested in the production environment. What should the auditor recommend?
I. Implement a test environment to ensure that testing is not performed in the production environment.
II. Require developers to move modified programs from the development environment to the test environment and from the test environment to the production environment.
III.
Eliminate access by developers to the production environment.

Question185: The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA.
4. Arrange for reciprocal peer review with another CAE.

Question186: During an audit of an ethics program, which of the following procedures are most appropriate to evaluate the effectiveness of the program?
Testing whether corrective actions taken on involved parties breaching the ethics program are adequate.
Testing whether all employees are mandated through policy to comply with the ethics program.
Testing whether all employees are required to confirm in writing their compliance with the ethics program.
Testing through surveys employee's level of understanding and commitment to the ethics program.

Question187: The chief audit executive (CAE) of a large retail operation believes that senior management has accepted a level of risk that exceeds the organization's current risk tolerance with respect to a major expansion. The CAE plans to meet with senior management to discuss these concerns. According to IIA guidance, which of the following would be an appropriate course of action in preparation for this meeting?
----
Understand management's basis for the decision.
Advise the board of the concern and upcoming meeting.
Ascertain which members of management have accepted the risk.
Determine if management has the authority to accept the risk.

Question188: According to the Standards, which of the following is applicable to the internal audit activity's quality assurance and improvement program?

Question189: A large retail organization, which sells most of its products online, experiences a computer hacking incident.
The chief IT officer immediately investigates the incident and concludes that the attempt was not successful.
The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.

Question190: The internal audit activity has adopted the balanced scorecard approach to assess its performance According to MA guidance which of the following is a key performance indicator relevant to the audit client?

Question191: Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

Question192: According to the Standards, which of the following control strategies would be the most effective in helping to prevent fraud?

Question193: A chief audit executive (CAE) is evaluating four potential audit engagements based on the following factors: the engagement's ability to reduce risk to the organization, the engagement's ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parentheses:
Risk Reduction
Cost Savings
Changes
High (3)
Medium (2)
Low (1)
High (3)
Low (1)
High (3)
Low (1)
High (3)
Medium (2)
Medium (2)
Medium (2)
High (3)
If the organization has asked the CAE to consider the cost savings factor to be twice as important as any other factor, which engagements should the CAE pursue?

Question194: Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?

Question195: A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?

Question196: When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?

Question197: An airline contracted with an external service provider to perform maintenance on all aircraft ground support equipment. Management then asked the internal audit activity (IAA) to evaluate the controls in place that would permit appropriate oversight of the service provider in maintaining required maintenance standards.
According to the International Professional Practices Framework, which of the following would be the most appropriate course of action for the IAA to undertake to establish the engagement objectives?

Question198: An organization s inventory is stored m multiple warehouses. During an inventory audit which of the following activities would most benefit from the use of computerized audit tools?

Question199: An organization contracted a third party to construct a new facility that was estimated to cost $25 million. Which of the following is the most pertinent reason for the organization to audit the contractor's records?

Question200: Which of the following would not be an appropriate step for an internal auditor to perform during an assessment of compliance with an organization's privacy policy?

Question201: A manager of one of a retailer's several retail outlets is stealing cash from cash sales, recording the sales as accounts receivable, and subsequently writing off the fictitious accounts receivable as bad debts. Which of the following comparisons would be most effective in signaling the possibility of such a fraud?

Question202: A post-audit questionnaire sent to audit clients is an effective mechanism for:

Question203: Which of the following types of contracts would provide the least incentive for a contractor to achieve economy and efficiency?

Question204: During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

Question205: Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?

Question206: At the conclusion of an audit of an organization's treasury department, a report was issued to the treasurer, chief financial officer, president, and board. Because of the sensitivity of some findings, a follow-up review was performed. The auditor should provide the report of follow-up findings to the.
I. Treasurer.
II. Chief financial officer.
III. President.
IV.
Board.

Question207: A retail sales company has discontinued a product that normally sold for $100. During the first month of a sale of the product, a 20 percent discount was given. Later that sale price was reduced by an additional 40 percent.
What was the overall discount from the original selling price?

Question208: What type of analysis is performed when an auditor tests for unusual variations in information by comparing the number of employees working at a factory site with the direct cost of production each month over a period of one year?

Question209: While conducting a payroll audit, an internal auditor in a large government organization found inadequate segregation in the duties assigned to the assistant director of personnel. When the auditor explained the risk of fraud, the assistant director became upset, terminated the interview, and threatened to sue the organization for defamation of character if the audit engagement was not curtailed. The auditor discussed the situation with the chief audit executive (CAE). The CAE should then:

Question210: Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function?

Question211: During an operational audit of a chain of pizza delivery stores, an auditor determined that cold pizzas were causing customer dissatisfaction. A review of oven calibration records for the last six months revealed that adjustments were made on over 40 percent of the ovens. Based on this, the auditor:

Question212: Which of the following is the most common method management can use to manage risk within its risk appetite?

Question213: The chief audit executive (CAE) of a new organization is in the process of determining the
manner in which audit reports will be distributed and to whom. According to the Standards, which of the following is the most appropriate course of action for the CAE to take to develop this distribution process?

Question214: According to the International Professional Practices Framework, which of the following is correct regarding conducting and reporting follow-up activities by the internal audit activity (IAA)?