IIA-CIA-Part1 Topic 1
Question #: 1
Topic #: 4
According to IIA guidance, which of the following best describes acceptable methods for internal auditors to obtain qualified continuing professional education hours?
A. Volunteering in relevant professional organizations, formal education, and online training courses.
B. Volunteering in relevant professional organizations, formal education, and tutoring college students.
C. Volunteering in relevant professional organizations, on-line training courses, and tutoring college students.
D. Formal education, on-line training courses, and tutoring college students.
Selected Answer: C
Question #: 1
Topic #: 6
An internal audit team is performing an audit of workplace accident claims.
Which of the following actions by the audit team best demonstrates due professional care?
A. Having an occupational health officer on the engagement team.
B. Determining that the claims have been classified properly.
C. Placing reliance on medical reports from the injured worker’s doctor.
D. Reviewing claims to ensure all accidents actually occurred in the workplace.
Selected Answer: D
Question #: 1
Topic #: 1
The top three sales representatives for a company consistently include non-allowable charges on their expense reports. Line management is reluctant to deny reimbursement of the charges for fear of losing the sales representatives. This situation has the greatest negative impact on which of the following internal control components?
A. Monitoring.
B. Control environment.
C. Information and communication.
D. Control activities.
Selected Answer: A
Question #: 2
Topic #: 1
Which of the following factors affects the control risk of a company?
A. Potential problems like technological obsolescence.
B. Unusual pressures on management.
C. Complex accounts that require expert valuations.
D. Segregation of duties.
Selected Answer: B
Question #: 2
Topic #: 6
A credit card company detects potential errors in credit card numbers by checking whether all entered numbers contain the correct amount of digits. This is an example of which of the following IT controls?
A. Logic test.
B. Check digits.
C. Data integrity tests.
D. Balancing control activities.
Selected Answer: A
Question #: 3
Topic #: 2
Which of the following best contributes to the effectiveness of the internal audit activity in an organization?
A. Appropriate terms of internal audit scope and responsibility in the charter.
B. Appropriate compliance coverage in the annual audit plan.
C. Regular review of the audit charter by management.
D. Assurance of internal audit objectivity by the board.
Selected Answer: D
Question #: 4
Topic #: 3
A major corporation is considering significant organizational changes. Which of the following groups would not be responsible for implementing these changes?
A. Employees.
B. Senior management.
C. Common stockholders.
D. Outside consultants.
Selected Answer: A
Question #: 4
Topic #: 6
A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.
Which of the following controls is correctly classified?
1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.
2. Defensive driver training is an example of a directive control.
3. The installation of tracking devices in delivery vehicles is an example of a corrective control.
4. Providing a vehicle driver handbook is an example of a detective control.
A. 1 and 2.
B. 1 and 4.
C. 2 and 3.
D. 3 and 4.
Selected Answer: D
Question #: 4
Topic #: 5
An internal auditor for a large retail chain suspects that a store manager has been stealing money from cash sales by listing the sales as accounts receivable and then writing off the accounts as bad debts. Which of the following irregularities is the most likely cause of the auditor’s suspicion?
A. A much higher bad debt expense as a percentage of sales than that of previous years.
B. A much higher bad debt expense as a percentage of sales than that of other stores.
C. A much higher percentage of past-due accounts receivable than that of other stores.
D. A much higher percentage of past-due accounts receivable than that of previous years.
Selected Answer: A
Question #: 4
Topic #: 1
Which of the following is an appropriate role for the board in governance?
A. Preparing written organizational policies that relate to compliance with laws, regulations, ethics, and conflicts of interest.
B. Ensuring that financial statements are understandable, transparent, and reliable.
C. Assisting the internal audit activity in performing annual reviews of governance.
D. Working with the organization’s attorneys to develop a strategy regarding current litigation, pending litigation, or regulatory proceedings governance.
Selected Answer: D
Question #: 5
Topic #: 4
A small not-for-profit organization with limited resources is unable to adequately maintain appropriate segregation of duties. Considering the organization’s resource constraints, which type of controls would best mitigate segregation of duty risks?
A. Application controls.
B. Detective controls.
C. Preventive controls.
D. Compensating controls.
Selected Answer: D
Question #: 5
Topic #: 1
According to the International Professional Practices Framework, which of the following is the appropriate division of responsibilities for the coordination of internal and external audit efforts?
I. Oversight of Work –
Coordination of Activities –
Chief audit executive –
Senior management –
II. Board –
Chief audit executive –
III. Chief financial officer –
Chief audit executive –
IV. Board –
Chief financial officer –
A. I
B. II.
C. III.
D. IV.
Selected Answer: B
Question #: 6
Topic #: 3
When planning an audit engagement, what should an internal auditor first consider when assessing the risk of fraud in the area to be audited?
A. Impact of and exposure to fraud.
B. Existence of evidence of fraud.
C. Organizational structure.
D. Management’s risk appetite.
Selected Answer: D
Question #: 6
Topic #: 1
According to the Standards, the organizational status of the internal audit activity:
A. Must be sufficient to permit the accomplishment of its audit responsibilities.
B. Is best when the reporting relationship is direct to the board of directors.
C. Requires the board’s annual approval of the audit schedules, plans, and budgets.
D. Is guaranteed when the charter specifically defines its independence.
Selected Answer: B
Question #: 7
Topic #: 2
The primary objective of risk-based auditing is to assess the:
A. Economy of controls.
B. Compliance with controls.
C. Adequacy of controls.
D. Efficiency of controls.
Selected Answer: B
Question #: 7
Topic #: 4
Which domain of the COBIT framework addresses the maintenance and change management of existing systems to ensure alignment with business needs and objectives?
A. Plan and organize.
B. Deliver and support.
C. Monitor and evaluate.
D. Acquire and implement.
Selected Answer: B
Question #: 7
Topic #: 1
A high-volume retailer of consumer goods has used point-of-sale data to record sales and update inventory records for several years. When price changes are scheduled, corporate headquarters downloads a price change file to a computer server system at each store. Each store’s assistant manager is responsible for checking the server for downloads and running the program that updates the store’s price file at the authorized price update time. In comparison with having headquarters initiate the price update centrally, this approach to price updating will most likely:
A. Decrease the risk that customers will be undercharged consistently for sales items.
B. Decrease the risk that item prices will sometimes be inaccurate.
C. Increase the risk that customers will be undercharged consistently for sales items.
D. Increase the risk that item prices will sometimes be inaccurate.
Selected Answer: C
Question #: 7
Topic #: 6
An organization invests its savings in a volatile stock with the potential for high gains rather than a mutual fund with a lower expected return and lower volatility.
This best describes which of the following risk concepts?
A. Risk identification.
B. Risk appetite.
C. Risk capacity.
D. Risk tolerance.
Selected Answer: C
Question #: 8
Topic #: 6
Which of the following best describes the misdirection of payments on accounts receivable to an employee’s bank account?
A. Fraud open on the books.
B. Fraud hidden on the books.
C. Fraud off the books.
D. Fraud on the balance sheet.
Selected Answer: A
Question #: 8
Topic #: 1
An internal auditor is reviewing a new automated human resources system. The system contains a table of pay rates which are matched to the employee job classifications. The best control to ensure that the table is updated correctly for only valid pay changes would be to:
A. Limit access to the data table to management and line supervisors who have the authority to determine pay rates.
B. Require a supervisor in the department, who does not have the ability to change the table, to compare the changes to a signed management authorization.
C. Ensure that adequate edit and reasonableness checks are built into the automated system.
D. Require that all pay changes be signed by the employee to verify that the change goes to a bona fide employee.
Selected Answer: A
Question #: 8
Topic #: 3
Which aspect of the audit function would be most impacted by a lack of coordination between an organization’s internal and external auditors?
A. Responsiveness.
B. Timeliness.
C. Effectiveness.
D. Efficiency.
Selected Answer: A
Question #: 9
Topic #: 1
According to the International Professional Practices Framework, internal auditors should possess which of the following competencies?
I. Proficiency in applying internal auditing standards, procedures, and techniques.
II. Proficiency in accounting principles and techniques.
III. An understanding of management principles.
IV. An understanding of the fundamentals of economics, commercial law, taxation, finance, and quantitative methods.
A. I only
B. II only
C. I and III only
D. I, III, and IV only
Selected Answer: B
Question #: 9
Topic #: 2
Due to urgent requests from management, a busy internal audit activity finds that it can no longer meet all of its commitments contained in the annual audit plan.
The best course of action for the chief audit executive to take would be to:
A. Continue with the plan and seek opportunities to adjust priorities and reallocate resources.
B. Advise senior management and request that they reconsider these additional requests using more rigorous risk assessment and prioritization factors.
C. Advise the board and senior management and request a reassessment of the plan.
D. Advise the board immediately and seek their support for additional resources to meet the needs of the plan.
Selected Answer: C
Question #: 9
Topic #: 5
After being terminated due to downsizing, an internal auditor finds a different job with an organization in the same industry. Which of the following actions would violate the IIA Code of Ethics?
A. To determine audit priorities in the new job, the auditor uses the audit risk approach that the auditor’s previous employer used, without receiving permission to do so.
B. At the new organization, the auditor is asked to develop forms to implement probability-proportional-to-size sampling. Although unsure of how to perform this type of sampling, the auditor proceeds without asking for assistance.
C. In preparing for an audit at the previous organization, the auditor had conducted a great deal of research on the Internet at home to identify best practices for the management of a treasury function. The auditor has retained much of the research and uses it to conduct an audit of the new employer’s treasury function.
D. In the first week at the new organization, the auditor discovers a high fraud risk surrounding the organization’s database and suggests that the information
Selected Answer: C
Question #: 10
Topic #: 5
An organization has implemented a new automated payroll system that contains a table of pay rates that are matched to employee job classifications. Which control should an internal auditor suggest in order to ensure that the table is updated correctly, and is used only for valid pay changes?
A. Restrict data-table access from management and line supervisors who have the authority to determine pay rates.
B. Require a supervisor in the department, who has the ability to change the table, to compare the changes to a signed management authorization.
C. Ensure that adequate edit and reasonableness checks are built into the automated system.
D. Require a manager, who is independent of the system and who cannot change the table, to authorize and sign-off on any employee pay changes.
Selected Answer: B
Question #: 10
Topic #: 1
Which of the following is not an appropriate role for internal auditors after a disaster occurs?
A. Monitor the effectiveness of the recovery and control of operations.
B. Correct deficiencies of the entity’s business continuity plan.
C. Recommend future improvements to the entity’s business continuity plan.
D. Assist in the identification of lessons learned from the disaster and the recovery operations.
Selected Answer: C
Question #: 10
Topic #: 3
Which of the following is least likely to enhance the independence of an internal audit activity?
A. The existence of a formal written charter for the internal audit activity.
B. Submission of an annual internal audit work plan to the audit committee.
C. A direct reporting relationship to the audit committee.
D. Adherence to the organization’s position classification structure.
Selected Answer: A
Question #: 11
Topic #: 3
Which of the following reporting relationships results in the greatest impairment to the independence of the chief audit executive (CAE)?
A. The CAE reports administratively and functionally to the president.
B. The CAE reports administratively to the president and functionally to the board.
C. The CAE reports administratively to the chief financial officer and functionally to the president.
D. The CAE reports administratively to the audit committee and functionally to the chief operating officer.
Selected Answer: B
Question #: 11
Topic #: 2
During an audit engagement, an internal auditor finds that management is not complying with previous commitments made to the external auditors. However, the auditor determines management’s actions to be justified due to significant changes in the business. The best course of action for the auditor to take would be to:
A. Proceed with the audit engagement and assess the changes actually implemented by management.
B. Inform the external auditors and seek their guidance.
C. Inform the external auditors and remove the associated work from the internal audit scope.
D. Compare the recommended changes against the changes made by management and advise management which action to take.
Selected Answer: D
Question #: 11
Topic #: 1
Which of the following lists the audit activities in the order in which they would generally be completed during a preliminary survey?
I. Write detailed audit procedures.
II. Identify client objectives, goals, and standards.
III. Identify risks and controls intended to prevent associated losses.
IV. Determine relevant engagement objectives.
A. II, I, IV, III.
B. II, III, IV, I.
C. III, IV, II, I.
D. II, IV, I, III.
Selected Answer: B
Question #: 12
Topic #: 2
Which of the following statements is correct regarding risk analysis?
A. The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.
B. The highest risk assessment should always be assigned to the area with the largest potential loss.
C. The highest risk assessment should always be assigned to the area with the highest probability of occurrence.
D. Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.
Selected Answer: D
Question #: 12
Topic #: 1
During the planning phase of an audit of suspected overbilling on contracts for security services, an auditor should perform all of the following except:
A. Interviewing an official of the security services company to determine the cause of recent increases in billings for services.
B. Interviewing the manager who requested the audit engagement.
C. Obtaining a copy of the contract between the two organizations.
D. Preparing an engagement program.
Selected Answer: D
Question #: 13
Topic #: 6
An internal auditor uses a predefined macro provided in a popular spreadsheet application to verify the present value of the organization’s investments. Which of the following is the most appropriate course of action regarding the auditor’s use of this functionality?
A. The auditor should accept the calculations generated by the function, as any further work or documentation would be inefficient.
B. The auditor should perform a manual recalculation of several results to validate and document the results.
C. The auditor should review the programming of the macro before its use to ensure that it is appropriate for the required calculations.
D. The auditor should tabulate the results in the spreadsheet to ensure the macro has generated the correct results for all calculations.
Selected Answer: A
Question #: 13
Topic #: 3
A company’s chief audit executive determines that the internal audit staff does not have the requisite skills to conduct an audit of the financial derivatives area.
Which of the following actions would be the least acceptable?
A. Notify the audit committee of the problem and consult with them regarding outsourcing the audit engagement to a qualified external auditing firm.
B. Determine the requisite knowledge needed and obtain the proper training for auditors if such training is available within the appropriate time framework outlined by the audit committee.
C. Notify the audit committee of the problem and assign the most competent auditors to perform the audit engagement.
D. Employ the skills of a financial derivatives expert to consult on the project, and supplement the consulting with a local seminar on financial derivatives.
Selected Answer: D
Question #: 13
Topic #: 1
Which of the following statements regarding segregation of duties is true?
A. When evaluating an organization’s policy on segregation of duties, employee competence does not need to be considered.
B. An organizational chart provides an accurate definition of segregation of duties.
C. A restrictive segregation-of-duties policy can help improve an organization’s communication.
D. Policies on segregation of duties in information systems must recognize the difference between logical and physical access to assets.
Selected Answer: A
Question #: 14
Topic #: 1
An auditor plans to analyze customer satisfaction, including. (1) customer complaints recorded by the customer service department during the last three months;
(2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months.
Which of the following statements regarding this audit approach is correct?
A. Although useful, such an analysis does not address any risk factors.
B. The survey would not consider customers who did not make purchases in the last three months.
C. Steps 1 and 2 of the analysis are not necessary or cost-effective if the customer survey is comprehensive.
D. Analysis of three months’ activity would not evaluate customer satisfaction.
Selected Answer: D
Question #: 15
Topic #: 2
Which of the following situations allows for the most objectivity on the part of an internal auditor?
A. Assessing testing procedures in a new computer system.
B. Performing a risk assessment of a new financial instrument.
C. Drawing conclusions from a sample of financial transactions.
D. Comparing current environmental activities against legislation.
Selected Answer: C
Question #: 16
Topic #: 6
According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?
A. Rating each engagement record to assess its relevance and accessibility for the organization’s board.
B. Controlling access to engagement records, including access by senior management.
C. Developing retention requirements for engagement records that are consistent with organizational guidelines.
D. Forming policies governing the custody and retention of consulting engagement records before their release to other parties.
Selected Answer: D
Question #: 16
Topic #: 3
How should management obtain assurance that employees are complying with the organization’s security policy?
A. Regularly conduct independent reviews of employees’ security practices.
B. Routinely survey staff so that information related to security practices can be submitted anonymously.
C. Rely on exception reports to identify errors.
D. Enforce a policy that requires all employees to sign a statement that they will adhere to the organization’s security policies.
Selected Answer: C
Question #: 16
Topic #: 4
Which type of documentary evidence gathered by an organization’s internal auditors has the highest level of reliability?
A. Inventory test counts.
B. Bank statements.
C. Remittance advices.
D. Written policy statements.
Selected Answer: B
Question #: 16
Topic #: 1
In developing an appropriate work program for an audit engagement, the most important factor for an audit supervisor to consider is the:
A. Availability of records and data.
B. Potential impact of risks.
C. Audit personnel’s knowledge and experience.
D. Time required to complete the engagement.
Selected Answer: C
Question #: 17
Topic #: 4
An internal auditor is testing, on a sample basis, whether invoices paid between January 1 and December 31 are supported by appropriately approved purchase orders. Over 25, 000 invoices were paid during the fiscal year, which runs from the first of April to the end of March. The auditor sets the acceptable risk of assessing control risk too low at 5% and the tolerable deviation rate at 5%. The internal auditor consults the previous audit and sets the expected population deviation rate at 1%. Sample size (77) is selected from a table and rounded up to 80. No sample deviations were found. The upper deviation limit was 3.7%.
Which of the following statements represents a valid conclusion regarding this information?
A. I am 95% confident that the true, but unknown, population deviation rate is less than or equal to 3.7%. Results indicated that the sample size was too small, as no sample deviations were found.
B. I am 95% confident that the actual population deviation rate is 3.7%. Since this is less than the tolerable deviation rate, quantitative attribute testing results indicate that the control is effective.
C. I am 95% confident that the true, but unknown, population deviation rate is less than or equal to 3.7%. The quantitative attribute testing results indicate that the control is effective.
D. I am 95% confident that the true, but unknown, population deviation rate is less than or equal to 3.7%. The quantitative attribute testing results indicate that the
Selected Answer: A
Question #: 17
Topic #: 1
An organization has a policy requiring two signatures on all checks written for amounts in excess of $10, 000. When evaluating controls over disbursements, an auditor would conclude that a greater risk exists if.
A. The auditor located two checks for $9, 000 each that contained one authorized signature.
B. The $10, 000 was an immaterial amount to the organization and very few cash disbursements required an amount in excess of $10, 000.
C. The director of accounting was not one of the authorized signers.
D. There were several instances in which successively numbered checks for amounts between $5, 000 and $10, 000 were made payable to the same vendor.
Selected Answer: B
Question #: 18
Topic #: 1
Which of the following is not an appropriate type of coordination between the internal audit activity and regulatory auditors?
A. Regulatory auditors share their perspective on risk management, control, and governance with the internal auditors.
B. Internal auditors perform fieldwork at the direction of the regulatory auditors.
C. Internal auditors review copies of regulatory reports in planning related internal engagements.
D. Regulatory and internal auditors exchange information about planned activities.
Selected Answer: B
Question #: 18
Topic #: 6
Which of the following is an activity that an internal auditor must not perform?
A. Establish and provide continuing assurance on an anti-money laundering program for new hires.
B. Survey employees for their understanding of anti-money laundering practices.
C. Provide assurance for the effectiveness of anti-money laundering training.
D. Assess the risk of being fined for ineffective anti-money laundering practices.
Selected Answer: D
Question #: 18
Topic #: 4
Which of the following is not considered one of the most common red flags for perpetrators of fraud?
A. Excessive control issues.
B. Repeat performance issues.
C. Unusually close association with customers.
D. Experiencing financial difficulty.
Selected Answer: D
Question #: 18
Topic #: 2
Internal auditors can benefit from a strong relationship with the external auditors because external auditors can:
A. Provide internal auditors with an independent and knowledgeable viewpoint.
B. Concur with the internal auditors’ reports and thus improve the quality of assurance provided to management.
C. Increase the effectiveness of internal control sampling techniques.
D. Assist the internal auditor by providing information obtained from similar audits with other clients.
Selected Answer: C
Question #: 20
Topic #: 5
Which of the following activities best reflects the scope and status of the internal audit activity as defined in the internal audit policy statement?
A. The internal auditor reviews the physical access to merchandise during an inventory count.
B. The audit manager conducts an internal quality assessment of the internal audit activity’s adherence to the Standards.
C. The audit manager refrains from assigning an auditor who was a former payroll clerk to conduct a payroll audit.
D. The board approves the annual performance evaluation of the chief audit executive.
Selected Answer: A
Question #: 20
Topic #: 1
An organization that outsources much of its internal audit work to an external service provider is planning for an external quality assessment. Which of the following options would accomplish this task and be in conformance with the Standards?
A. External industry associate that performed a similar review for a supplier of the organization.
B. A team from an independent entity that previously employed the chief audit executive of the organization.
C. A team under the direction of the organization’s chief audit executive with validation by a former manager of the internal audit activity.
D. The same external service provider because of its competency and experience with the organization.
Selected Answer: A
Question #: 20
Topic #: 6
Sometimes, internal audit staff may partner with operating managers to rank risks. Which of the following outcomes may be the most beneficial aspects of this strategy?
1. Reappraising risks levels.
2. Providing accurate information to management.
3. Marketing the internal audit activity.
4. Planning safeguards for assets in high-risk areas.
A. 1 and 2.
B. 1 and 3.
C. 2 and 3.
D. 3 and 4.
Selected Answer: C
Question #: 21
Topic #: 1
Which of the following would not be a factor for senior management to consider when determining the internal audit activity’s role in an organization’s risk management process?
A. The extent to which the internal audit activity is outsourced.
B. The maturity level of risk management practices in the organization.
C. The competency of the internal auditors in risk management.
D. The nature of the business and the environment in which the organization operates.
Selected Answer: A
Question #: 21
Topic #: 6
An internal auditor is reviewing the accounts receivable when she discovers account balances more than three years old. The auditor was previously supervising the area during this time, and she subsequently advises the chief audit executive (CAE) of a potential conflict.
Which of the following is the most appropriate course of action for the CAE to take?
A. Replace the auditor with another audit staff member.
B. Continue with the present auditor, as more than one year has passed.
C. Withdraw the audit team and outsource the financial audit of the division.
D. Work with the division’s management to resolve the situation.
Selected Answer: C
Question #: 21
Topic #: 5
While attending a conference, an internal auditor won an all-expense paid trip sponsored by a vendor of the internal auditor’s organization.
Which of the following actions are most appropriate for the auditor to take?
A. Consult with an immediate supervisor and notify the organization’s audit committee.
B. Consult with an immediate supervisor and review the organization’s ethics policy.
C. Give the prize to a friend or family member and notitfy the organization’s audit committee.
D. Give the prize to a friend or family member and review the organization’s ethics policy.
Selected Answer: B
Question #: 22
Topic #: 1
Which of the following best describes the underlying premise of the COSO enterprise risk management framework?
A. Management should set objectives before assessing risk.
B. Every entity exists to provide value for its stakeholders.
C. Policies are established to ensure that risk responses are performed effectively.
D. Enterprise risk management can minimize the impact and likelihood of unanticipated events.
Selected Answer: D
Question #: 23
Topic #: 5
An internal audit activity (IAA) provided assurance services for an activity it was responsible for during the preceding year.
As a result, which IIA Code of Ethics principle is presumed to be impaired?
A. Competence.
B. Flexibility.
C. Objectivity.
D. Independence.
Selected Answer: A
Question #: 23
Topic #: 4
According to IIA guidance, which of the following statements is correct concerning the knowledge, skills, and competencies required to fulfill the responsibilities of the internal audit activity (IAA)?
A. The IAA must collectively possess the knowledge, skills, and competencies needed to perform all engagements.
B. Each internal auditor in the IAA must possess the competencies required to detect and investigate fraudulent transactions.
C. The IAA must not decline any engagement based solely on a lack the necessary knowledge, skills, and competencies to perform it.
D. The competencies of external service providers must be assessed by the chief audit executive before the IAA can use external service providers’ work.
Selected Answer: D
Question #: 24
Topic #: 1
When internal auditors perform consulting services that add value and improve an organization’s operations, these services:
A. Impair the internal auditors’ objectivity with respect to an assurance service involving the same engagement client.
B. Would preclude the achievement of assurance from the consulting engagement.
C. Should be consistent with the internal audit activity’s empowerment reflected in the charter.
D. Impose no responsibility to communicate information other than to the engagement client.
Selected Answer: D
Question #: 24
Topic #: 2
Internal auditors who are concerned with potential risks due to the mishandling of records or transactions should take into consideration:
A. The type and nature of the activities to be examined.
B. Whether employees in key positions of trust are bonded.
C. The history of losses suffered by the company.
D. The results of prior risk assessments.
Selected Answer: B
Question #: 25
Topic #: 5
The chief audit executive (CAE) has been asked to manage the regulatory compliance function for the organization’s retail store operations. Store operations are included in the annual audit plan.
Which of the following strategies best fulfills the requirements of the Standards regarding these audits?
A. The scope of store operations audits should exclude compliance.
B. Store operations audits can be fully executed with appropriate disclosure to the board.
C. Store operations audits should be performed by an external service provider.
D. A store operations compliance audit should be performed by a staff internal auditor under the direction of the CAE.
Selected Answer: B
Question #: 26
Topic #: 4
According to IIA guidance, which of the following is the most likely obstacle to undertaking a quality assurance and improvement program by the internal audit activity?
A. The size of internal audit department under review.
B. The time commitment to complete.
C. The lack of independence and objectivity.
D. The inability to adequately fund the program.
Selected Answer: D
Question #: 26
Topic #: 5
Suspecting fraud, the chief financial officer (CFO) asked the internal audit activity to investigate a significant increase in travel related expenditures. Work was performed by a qualified internal auditor. Following the completion of the engagement, the chief audit executive (CAE) reported to the CFO that no violations were found and no fraud had occurred.
According to the Standards, which of the following principles did the CAE violate?
A. Due professional care.
B. Individual objectivity.
C. Proficiency.
D. Organizational independence.
Selected Answer: D
Question #: 26
Topic #: 2
Which of the following lists these audit steps in the correct chronological order?
I. Create the engagement work program.
II. Conduct the exit conference.
III. Perform fieldwork.
IV. Schedule the audit engagement.
Issue a summary report of audit findings.
A. I, IV, III, II, V.
B. I, IV, II, III, V.
C. IV, I, III, II, V.
D. IV, III, I, V, II.
Selected Answer: D
Question #: 26
Topic #: 1
An organization’s accounts payable function improved its internal controls significantly after it received an unsatisfactory audit report.
When planning a follow-up audit of the function, what level of detection risk should be expected if the audit and sampling procedures used are unchanged from the prior audit?
A. Detection risk is lower because control risk is lower.
B. Detection risk is lower because control risk is higher.
C. Detection risk is higher because control risk is lower.
D. Detection risk is unchanged although control risk is lower.
Selected Answer: C
Question #: 27
Topic #: 2
Which of the following would have the least impact (either positive or negative) on an assessment of a department’s control environment?
A. The department managed long-term investments, including investment in derivatives and other financial instruments, to maximize return.
B. The department manager sets a tone of honesty and integrity in all business dealings and this tone is emulated by department personnel.
C. Many department functions were duplicated or verified by other department employees as part of the department’s normal procedures.
D. Audit tests designed to verify compliance with control procedures detected a general failure to follow standard procedures for transaction authorization.
Selected Answer: D
Question #: 27
Topic #: 4
With regard to external assessments of an internal audit activity (IAA), which of the following is the chief audit executive required to discuss with the board?
A. External reviewer conflicts of interest, and the need for an external assessment more frequently than once every five years.
B. External reviewer conflicts of interest, and the timeline of the external assessment.
C. The need for an external assessment more frequently than once every five years, and the simplest method for the external reviewer to join the IAA’s organization.
D. The simplest way for the external reviewer to join the IAA’s organization, and the timeline of the external assessment.
Selected Answer: D
Question #: 28
Topic #: 5
According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?
A. A former employee knowledgeable of the IAA who resigned three years earlier from the organization.
B. A competent employee of an independent external organization that provides co-sourcing services to the IAA.
C. An employee in an affiliated organization who has never worked directly with the IAA.
D. An employee in the parent organization who has not had any previous contact with the IAA.
Selected Answer: C
Question #: 28
Topic #: 1
Which of the following is an example of sharing risk?
A. An organization redesigned a business process to change the risk pattern.
B. An organization outsourced a portion of its services to a third-party service provider.
C. An organization sold an unprofitable business unit to its competitor.
D. In order to spread total risk, an organization used multiple vendors for critical materials.
Selected Answer: B
Question #: 29
Topic #: 3
Which of the following would be a violation of the objectivity of a certified internal auditor?
1. Accepting a motivational book from a major vendor.
2. Attending a professional sporting event as the guest of a corporate supplier.
3. Performing an internal audit engagement for a division 18 months after having controllership responsibility for that division.
4. Designing and implementing a corporate-wide utilities cost containment program.
A. 1 and 3 only
B. 2 and 3 only
C. 2 and 4 only
D. 1, 3, and 4 only
Selected Answer: A
Question #: 30
Topic #: 4
Which of the following definitions best describes enterprise risk management?
A. Enterprise risk management is narrower than internal control and focuses on managing the risk of loss resulting from external events.
B. Enterprise risk management is narrower than internal control and focuses on risk mitigation strategies across the enterprise.
C. Enterprise risk management is broader than internal control and focuses on risk identification and management, and assurance that business objectives will be met.
D. Enterprise risk management is broader than governance and internal control, and focuses on activities designed to ensure that risks are contained at a level
Selected Answer: A
Question #: 30
Topic #: 1
Which of the following is an appropriate consideration by the auditor when preparing an engagement program for a human resource audit?
A. State the work steps in the form of questions.
B. Use standard audit program for HR from previous years.
C. Include in the audit program certain audit tests requested by audit client.
D. Defer preparation of the audit program after the field work.
Selected Answer: C
Question #: 31
Topic #: 4
According to the COSO framework, which of the following is not a principle of internal control?
A. Management’s philosophy and operating style.
B. Human resource policies and practices.
C. Integrity and ethical values.
D. Risk assessment.
Selected Answer: D
