EMT Practice Test

1. Question Content...


Question List

Question1: To fill a critical vacancy, an internal auditor is assigned temporarily to a nonaudit role in the purchasing department, where she worked previously before joining the internal audit activity. According to IIA guidance, which of the following statements is true regarding these circumstances?

Question2: A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive, but performs no further follow-up.
Which of the following statements is true about the auditor's actions?

Question3: The manager for an organization's accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?

Question4: A new internal audit activity is creating its first charter. According to IIA guidance, which of the following objectives would be appropriate for inclusion in the charter?

Question5: Management has asked the chief audit executive (CAE) to provide assurance on the organization's automated control system related to financial data. The current audit staff does not have the expertise needed to conduct this type of engagement. Which of the following would be the best response by the CAE?

Question6: An internal auditor for a large retail chain suspects that a store manager has been stealing money from cash sales by listing the sales as accounts receivable and then writing off the accounts as bad debts. Which of the following irregularities is the most likely cause of the auditor's suspicion?

Question7: Reviewing prior audit reports and supporting workpapers before an engagement starts enables an internal auditor to do which of the following?
1. To understand better the activity and processes that will be audited.
2. To identify the audit procedures that will be used during the engagement.
3. To ensure that matters of greatest vulnerability will be addressed.
4. To use the information obtained as evidence in the current engagement.

Question8: Which of the following activities best reflects the scope and status of the internal audit activity as defined in the internal audit policy statement?

Question9: The chief audit executive (CAE) of a mid-sized pharmaceutical organization has operational responsibility for the regulatory compliance function. The auditcommittee requests an assessment of regulatory compliance.
According to IIA guidance, which of the following is the CAE's best course of action?

Question10: The director of purchasing, a certified internal auditor (CIA), signs a contract to procure a large order from a supplier whose products provide the best price, quality, and performance. A few days after signing the contract, the supplier presents the CIA with $1, 000 as a gift. Which statement regarding acceptance of the money is correct?

Question11: A headquarters-based internal auditor has been sent to a major overseas subsidiary to conduct various engagements. Initially, the internal auditor spends time to become familiar with local customs and organization's practices while embarking on the first engagement. Which of the following competencies does the internal auditor exercise?

Question12: Which of the following documents is most appropriate in promoting the objectivity of the internal audit activity?

Question13: According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor's need for objectivity?

Question14: Which of the following statements describes a control failure that is not directly attributable to a customer billing application?
1. End users have raised a number of concerns regarding data integrity.
2. An untested program change is transferred from the test environment to production.
3. Purchase history does not reconcile with accounts receivable for some customers.
4. End user security is inadvertently granted to an unauthorized individual by management.

Question15: Which of the following types of fraud includes embezzlement?

Question16: Which of the following is a preventive control?

Question17: In which of the following functions would fraud be most likely to occur?

Question18: Which of the following responsibilities would fall under the role of the chief audit executive, rather than internal audit staff or the audit manager?

Question19: Which of the following best describes the assessment of risks?

Question20: What is the primary benefit to the internal audit activity for undertaking an internal quality assessment?

Question21: According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?

Question22: Which of the following risk management activities is most appropriate for an internal auditor to undertake?

Question23: Which of the following actions best demonstrates that an internal auditor is exercising due professional care?

Question24: According to IIA guidance, which of the following should be included in the internal audit charter?

Question25: An internal auditor who is carrying out an engagement to review controls related to corporate tax reporting must possess which of the following competencies?
1. Proficiency in analyzing key IT risks and controls.
2. The ability to recognize significant deviations from good business practices.
3. Knowledge of key indicators of fraud in tax reporting.
4. The ability to recognize the existence of problems related to tax accounting.

Question26: Which of the following enhances the independence of the internal audit activity?

Question27: A government agency's policy states that board members' travel and hospitality expenses must be audited annually. Which of following people or groups is most appropriate to perform this audit?

Question28: This chief audit executive (CAE) engaged an internal auditor to consult on an organization's complex information technology system. Shortly after beginning the engagement, the auditor unexpectedly resigned.
Unfortunately, this auditor was the only available auditor with the necessary expertise. The CAE will not be able to hire someone with similar expertise in time to meet a regulatory deadline.
Which of the following would be the best course of action for the CAE to take?

Question29: A chief audit executive (CAE) is selecting an internal audit team to perform an audit engagement that requires a high level of knowledge in the areas of finance, investment portfolio management, and taxation. If neither the CAE nor the existing internal audit staff possess the required knowledge, which of the following actions should the CAE take?

Question30: Which the following activities should be performed by the internal audit activity to facilitate an effective relationship with the audit committee?
1. Periodically report about the accounting standards followed by the organization.
2. Provide assurance to the audit committee that its charter, activities, and processes are appropriate.
3. Ensure that the role and activities of the internal audit activity are clearly understood and responsive to the needs of the audit committee.
4. Maintain open and effective communications with the audit committee.

Question31: In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?

Question32: Which of the following is an example of a management control technique?

Question33: According to IIA guidance, which of the following statements regarding the internal audit charter is true?

Question34: An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use?

Question35: A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.
Which of the following controls is correctly classified?
1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.
2. Defensive driver training is an example of a directive control.
3. The installation of tracking devices in delivery vehicles is an example of a corrective control.
4. Providing a vehicle driver handbook is an example of a detective control.

Question36: An internal auditor would like to identify the involvement of various organizational units in handling employee travel reimbursement claims. Which of the following methods would be most effective and efficient in completing this task?

Question37: The last quality assessment of the internal audit activity identified three areas for improvement: the achievement of audit engagement objectives, quality of work, and staff development. According to IIA guidance, which of the following should be the chief audit executive's primary focus to achieve these recommended improvements?

Question38: An internal auditor is conducting an engagement in the accounts payable department, which includes expressing an opinion at the micro level. According to IIA guidance, which of the following statements is true regarding micro-level opinions?
1. They are most effective when using a combination of current and prior engagement findings to draw conclusions.
2. They typically are based on defined procedures such as those found in an accounts payable reconciliation process.
3. They are discrete and not normally shared with senior management or the board.
4. They can rely on evidence taken from the work of other assurance activities across the organization.

Question39: According to IIA guidance, which of the following are considerations of due professional care when an internal auditor conducts a formal consulting engagement?
1. The complexity of the work required.
2. The needs and expectations of the client.
3. The potential value of the engagement compared to the effort.
4. Information regarding assumptions and procedures to be employed.

Question40: An internal auditor uses a predefined macro provided in a popular spreadsheet application to verify the present value of the organization's investments. Which of the following is the most appropriate course of action regarding the auditor's use of this functionality?

Question41: Which of the following controls could an internal auditor reasonably conclude is effective by observing the physical controls of a large server room?

Question42: While performing an accounts payable engagement, a senior auditor wants to conduct several tests of controls for travel expenses. Which of the following actions are most appropriate for the senior auditor to undertake?
1. Ensure all tests use a random sampling technique.
2. Consider a judgmental approach for the sample size.
3. Assess testing errors through root cause analysis.
4. Ensure that the entire data set is tested.

Question43: Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor's most appropriate next step?

Question44: Which of the following conditions is the most likely indicator of fraud?

Question45: According to The MA Code of Ethics, which of the following is one of the rules of conduct for objectivity?

Question46: Which of the following factors have the greatest influence on the independence of the internal audit activity?

Question47: According to IIA guidance, which of the following scenarios demonstrates an internal auditor exercising due professional care?

Question48: Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

Question49: Which of the following statements is true about The IIA Global Internal Audit Competency Framework?

Question50: An internal audit charter describes the mission and scope of the internal audit activity (IAA), responsibilities of the IAA, accountability of the chief audit executive, independence of the IAA, and standards followed by the IAA. Which of the following also should be included in the charter?

Question51: Which of the following best describes the details that must be included in the quality assurance and improvement program (QAIP) report to senior management and the board?

Question52: According to IIA guidance, which of the following objectives of an assurance engagement for the organization's risk management process is valid?

Question53: Sometimes, internal audit staff may partner with operating managers to rank risks. Which of the following outcomes may be the most beneficial aspects of this strategy?
1. Reappraising risks levels.
2. Providing accurate information to management.
3. Marketing the internal audit activity.
4. Planning safeguards for assets in high-risk areas.

Question54: A chief audit executive (CAE) learns that the brother-in-law of a senior auditor who audits the procurement process was hired as the head of the procurement department six months prior. Which of the following is the most appropriate action for the CAE to take?

Question55: During an internal audit, the internal auditor compares the employee turnover rate in the area being audited with the employee turnover rate in the organization as a whole.
This is an example of which of the following analytical auditing procedures?

Question56: According to the International Professional Practices Framework, which of the following are allowable activities for an internal auditor?
1. Advocating the establishment of a risk management function.
2. Identifying and evaluating significant risk exposures during audit engagements.
3. Developing a risk response for the organization if there is no chief risk officer.
4. Benchmarking risk management activities with other organizations.
5. Documenting risk mitigation strategies and techniques.

Question57: Which of the following is the most effective strategy to manage the risk of foreign exchange losses due to sales to foreign customers?

Question58: According to IIA guidance, which of the following statements is false regarding continuing professional education for the internal audit activity (IAA)?

Question59: Management of a publicly-held organization requires the internal audit activity to be involved with quarterly financial statements, which are made public and used internally. Which of the following explanations of management's decision is least plausible?

Question60: A manufacturing organization discovers that the waste water released has failed to meet permitted limits.
Which control function will be least effective in correcting the issue?

Question61: Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's board?

Question62: Which of the following best ensures the independence of the internal audit activity?
1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis.
2. The audit committee reviews the performance of the chief audit executive (CAE) periodically.
3. The internal audit charter requires the CAE to report functionally to the audit committee.

Question63: During an audit engagement, the internal auditor discussed a risk mitigation recommendation with the manager of the area under review. The manager disagreed with the risk assessment and recommendation. The two failed to come up with an alternative solution, and the auditor decided to proceed with including the original recommendation in the engagement report. Which of the following is especially important in dealing with this type of situation?

Question64: Which of the following is an activity that an internal auditor must not perform?

Question65: The security department uncovered what appears to be a complex fraud in the accounting department. The CEO has requested the internal audit activity to investigate the fraud. If the internal audit staff lacks the expertise to conduct the investigation, how should the chief audit executive proceed?

Question66: Which of the following is not a role of the internal audit activity in facilitating risk identification and evaluation?

Question67: Which of the following is an example of a detective control?

Question68: The internal audit supervisor is reviewing the workpapers prepared by the staff. According to the Standards, which of the following statements regarding workpaper supervision is not true?

Question69: According to IIA guidance, which of the following best describes internal auditors' responsibility regarding fraud?

Question70: Which of the following actions would be characterized as a preventive control to safeguard inventory from the risk of theft?
1. Locking doors and physically securing inventory items.
2. Independently observing the receipt of materials.
3. Conducting monthly inventory counts.
4. Requiring the use of employee ID badges at all times.

Question71: During an account receivables audit, an internal auditor found a significant number of input errors resulting in a $500, 000 balance understatement.
Which of the following is the most important question the internal auditor should ask to develop an appropriate recommendation for this finding?

Question72: When an internal auditor applies due professional care to perform an assurance engagement, which of the following must she consider?
1. Findings of the last audit engagement performed.
2. Probability of significant errors, irregularities, or noncompliance.
3. Extent of work needed to achieve engagement objectives.
4. Cost of the engagement versus the potential benefits.

Question73: What should the internal auditor's role be in assessing the organization's ethical climate?

Question74: An assurance mapping exercise helps an organization do which of the following?
1. Provide assurance to stakeholders that risks are managed and reported, and regulatory and legal obligations are met.
2. Fulfill best practices in the industry.
3. Identify and address any gaps in the risk management process.
4. Identify fraud.

Question75: According to IIA guidance, which of the following must internal auditors consider to conform with the requirements for due professional care during a consulting engagement?
1. The cost of the engagement, as it pertains to audit time and expenses in relation to the potential benefits.
2. The needs and expectation of clients, including the nature, timing, and communication of engagement results.
3. The application of technology-based audit and other data analysis techniques, where appropriate.
4. The relative complexity and extent of work needed to achieve the engagement's objectives.

Question76: Which of the following is not a standard technique that the chief audit executive (CAE) would use to provide evidence of supervisory review of working papers?

Question77: A chief audit executive (CAE) reports functionally to the CEO and administratively to the chief financial officer, both of whom serve on the company's board of directors. According to IIA guidance, which of the following would offer the greatest protection for the independence of the internal audit activity?

Question78: An organization decides to take no action on one of its financial risks because the cost of implementing the control outweighs the value of the asset being protected. Which of the following best describes this risk strategy?

Question79: Forty-five percent of an organization's customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates $1.25 million customer payments due during the contract period.
Which of the following represents the organization's residual risk for online customer payments due?

Question80: During the course of an audit, an internal auditor discovers that a valuable employee in the research department has been patenting new developments in the employee's name that are unrelated to the basic business of the organization.
The organization does not have a policy addressing this specific issue, but does have a general policy that all important new discoveries by employees are the property of the organization.
Division management views the employee's actions as extra incentive to retain the employee.
A decision to include the employee's action in the engagement final communication would be:
1. A violation of the IIA Code of Ethics.
2. A violation of the reporting requirements in the Standards.
3. Justified and necessary, according to the IIA Code of Ethics and Standards.

Question81: What is the primary purpose of a fishbone diagram?

Question82: An internal audit activity is using the auditing-by-element approach to audit the organization's controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?

Question83: Which of the following combinations of conditions is most likely a red flag for fraud?

Question84: Which of the following items should the chief audit executive disclose to senior management regarding the results of the internal audit activity's quality assessments?

Question85: According to The MA Global Internal Audit Competency Framework, which of the following areas of training would best assist the internal audit activity in improving its use of tools and techniques?

Question86: An internal audit charter, approved by the board, restricts the internal audit activity to providing assurance only on the reliability of financial information and the effectiveness of internal accounting controls. Which of the following statements is true regarding the extent to which the external auditor may rely on the internal audit activity's work?

Question87: Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?

Question88: Which of the following would be considered a violation of The IIA's mandatory guidance on independence?

Question89: A new chief audit executive (CAE) of a large internal audit activity (IAA) is dissatisfied with the current amount and quality of training being provided to the staff and wishes to implement improvements. According to IIA guidance, which of the following actions would best help the CAE reach this objective?

Question90: According to IIA guidance, which of the following are macro-level audit activities performed for an assurance engagement of the purchasing department?
1. Obtain and review all purchasing-related audit reports issued within the past year.
2. Meet with the quality assurance group to discuss its previous reports of any purchasing-related findings.
3. Review a memo written by the purchasing manager that outlines ongoing problems with the purchasing software.
4. Request a copy of the report from a purchasing audit conducted last year by an external service provider.

Question91: According to IIA guidance, which of the following should be formally documented in the internal audit charter?

Question92: A computer system automatically locks a user's account after three unsuccessful attempts to log on.
Which type of control does this scenario represent?

Question93: Which of the following is not a standard technique that the chief audit executive (CAE) would use to provide evidence of supervisory review of working papers?

Question94: The results of an internal audit activity's (IAA) quality assurance and improvement program are favorable and an external assessment was completed within the last five years. Which of the following statements may the IAA use to describe its work?

Question95: Which of the following are components of the ISO 31000 risk management process?
1. Setting the context.
2. Risk treatment.
3. Risk avoidance.
4. Communication.

Question96: According to IIA guidance, which of the following must the internal auditor consider to meet the requirements for due professional care?

Question97: An internal auditor needs to recommend a policy element to be included in an organization's code of ethics.
Which of the following recommendations would be most effective?

Question98: According to IIA guidance, which of the following statements about working papers is false?

Question99: Which of the following would provide the best guidance to a chief audit executive who is setting internal audit staff requirements?

Question100: While reviewing first quarter sales transactions, an internal auditor discovered that 10 invoices for a new customer had not been posted into the accounts receivable subsidiary ledger. Those 10 invoices were listed in an error report automatically generated by the sales processing system. The system had rejected the invoices because the customer's account number was not found in the customer master file. In this scenario, which of the following controls was lacking?

Question101: Which of the following would be considered a preventive control?

Question102: Which type of objectives can best be described as broad goals that promote the effective and efficient use of resources?

Question103: A medical insurance provider uses an electronic claims-submission process and suspects that a number of physicians have submitted claims for treatments that were not performed. Which of the following control procedures would be most effective to detect this type of fraud?

Question104: According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?

Question105: An organization is facing a financial downturn and needs to impose major budget reductions to all departments. According to MA guidance, which of the following actions is most appropriate for the board to take to evaluate the potential impact on the internal audit activity?

Question106: According to IIA guidance, the results of a formal quality assessment should be reported to which of the following groups?

Question107: An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. Which of the following statements about a common risk language is true?

Question108: A chief audit executive (CAE) is reviewing the internal audit activity's performance and is concerned that the average number of revisions to findings is steadily rising, making it increasingly difficult to trace the finding to the supporting evidence and workpapers. According to MA guidance, which of the following elements of the internal audit activity's quality assurance and improvement program would provide the CAE with the most helpful insight into the cause of this problem?

Question109: According to the COSO internal control framework, which of the following best describes the use of continuous auditing programs by the internal audit activity?

Question110: According to The IIA's Code of Ethics, which of the following statements is true?

Question111: Which of the following is the primary engagement responsibility of an entry-level internal auditor?

Question112: Faced with a complex, highly technical construction audit engagement, the chief audit executive (CAE) considered complementing the current internal audit resources by engaging the services of a civil engineer.
Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?
1. Professional certification, license, or other recognition of the engineer's competence in the relevant discipline.
2. Experience of the engineer in the type of work being considered.
3. Compensation or other incentives that the engineer may receive.
4. The extent of other ongoing services that the engineer may be performing for the organization.

Question113: Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

Question114: An internal auditor is conducting an assessment of the organization's fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?
1. The organization uses an automated authority approval matrix to control payments.
2. The organization has a whistleblower hotline that is available to employees.
3. Annually, every manager completes a comprehensive fraud assessment of his or her department.
4. Annually, the organization reviews and communicates the code of expected behavior.

Question115: According to IIA guidance, which of the following statements is true?

Question116: Which of the following control activities is the most effective to ensure users' levels of access are appropriate for their current roles?

Question117: According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?

Question118: Which of the following audit procedures would provide the most relevant information to identify discrepancies between budgeted versus actual raw material consumption in a production facility?

Question119: A furniture manufacturer has installed a new fire sprinkler system at its central warehouse and canceled the existing fire insurance policy on that property. What change of risk response strategy does this course of action most likely reflect?

Question120: Which of the following options is the most cost-effective and efficient way for internal auditors to keep current with the latest developments in the internal audit profession?

Question121: An internal auditor finds during an engagement that payment for the organization's general insurance policy is two months overdue. The issue is informally mentioned tothe finance department which immediately submits the invoice for payment. The auditor decides to exclude this finding from the final audit report as the oversight was immediately corrected and there were no consequences because of this late payment.
Which of the following rules of conduct as described in the IIA Code of Ethics, did the auditor fail to uphold?

Question122: An internal auditor is reviewing employee travel data to identify opportunities to cut costs while ensuring adequate participation at conferences to support the organization's mission. Which of the following pieces of evidence would be sufficient for completing this task?

Question123: An internal auditor in a small broadcasting organization was assigned to review the revenue collection process.
The auditor discovered that some checks from three customers were never recorded in the organization's financial records. Which of the following documents would be the least useful for the auditor to verify the finding?

Question124: Which of the following actions indicates a lack of due professional care by an internal auditor performing an audit of a store's cash function?