IIA-CIA-Part1: Certified Internal Auditor – Part 1 The Internal Audit Activity Role in Governance Risk and Control → IIA-CIA-Part1 Topic 2

IIA-CIA-Part1 Topic 2

Question #: 31
Topic #: 1
Which of the following would be a violation of the IIA Code of Ethics?

A. Reporting information that could be damaging to the organization, at the request of a court of law.
B. Including an issue in the final audit report after management has resolved the issue.
C. Participating in an audit engagement for which the auditor does not have the necessary experience or training.
D. Accepting a gift that is a commercial advertisement available to the public.

Selected Answer: A

Question #: 31
Topic #: 3
In order to use “Conducted in accordance with the International Standards for the Professional Practice of Internal Auditing, ” an internal audit activity must:

A. Satisfy all requirements of the International Professional Practices Framework during each internal audit engagement.
B. Complete an external assessment of quality assurance to demonstrate compliance with the Standards.
C. Establish a continuous quality assurance and improvement program.
D. Have its charter reviewed and approved by management and the board.

Selected Answer: A

Question #: 32
Topic #: 1
During a payroll audit of a large organization, an auditor noted that the assistant personnel director is responsible for many aspects of the computerized payroll system, including adding new employees in the system; entering direct-deposit information for employees; approving and entering all payroll changes; and providing training for system users. After discussions with the director of personnel, the auditor concluded that the director was not comfortable dealing with information technology issues and felt obliged to support all actions taken by the assistant director. The auditor should:

A. Continue to follow the engagement program because the engagement scope and objectives have already been discussed with management.
B. Review the engagement program to ensure testing of direct deposits to employee bank accounts is adequately covered.
C. Recommend to the chief audit executive that a fraud investigation be started.
D. Test a sample of payroll changes to ensure that they were approved by the assistant director before being processed.

Selected Answer: C

Question #: 32
Topic #: 3
Which of the following is the best example of a strategic objective?

A. Opening a new product line.
B. Adhering to laws and regulations.
C. Attaining a specified sales target.
D. Safeguarding assets.

Selected Answer: A

Question #: 32
Topic #: 5
Which of the following are components of the COSO enterprise risk management framework?
1. Objective setting.
2. External environment.
3. Data collection.
4. Control activities.

A. 1 and 3 only
B. 1 and 4 only
C. 2 and 3 only
D. 2 and 4 only

Selected Answer: C

Question #: 32
Topic #: 6
Forty-five percent of an organization’s customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates $1.25 million customer payments due during the contract period.
Which of the following represents the organization’s residual risk for online customer payments due?

A. $11, 250
B. $25, 000
C. $33, 750
D. $45, 000

Selected Answer: A

Question #: 33
Topic #: 6
Which of the following control methods is effective in reducing the risk of purchasing-scheme fraud?
1. Periodically reviewing the vendor list for unusual vendors and addresses.
2. Segregating duties for amount purchasing, receiving, shipping, and accounting.
3. Validating sequential integrity of purchase orders.
4. Verifying the validity of invoices with post office box addresses.

A. 1 and 2 only
B. 3 and 4 only
C. 1, 2, and 4 only
D. 1, 2, 3, and 4

Selected Answer: D

Question #: 33
Topic #: 4
An internal auditor is planning an operational audit of the accounts payable function. Which of the following best mitigates the risk of the organization being a victim of disbursement fraud by employees?

A. Accounts payable payment records are checked against supplier invoices.
B. Accounts payable are aged by vendors.
C. The accounts payable trial balance is reconciled to the general ledger.
D. The accounts payable function is properly segregated from the cash custody function.

Selected Answer: D

Question #: 34
Topic #: 3
Which of the following are acceptable resources for a chief audit executive to use when developing a staffing plan?
1. Co-sourcing arrangements.
2. Employees from other areas of the organization.
3. The organization’s external auditors.
4. The organization’s audit committee members.

A. 1 only
B. 1 and 2 only
C. 2 and 3 only
D. 1, 2, and 4 only

Selected Answer: A

Question #: 34
Topic #: 1
An audit to test the system of controls over the purchase, distribution, and use of radioactive material is being conducted at a company’s plants. The process is well documented, and employees in the safety department are very familiar with the department’s procedures. Since the purchasing and facilities departments are involved in the process, the auditor is considering reviewing their radioactive material-handling procedures as well. The auditor should:

A. Have confidence in the rigorous and detailed safety department procedures, since that department has the main responsibility for radiation safety, and should not use audit time to review other departments.
B. Adjust the engagement schedule and budget, if needed, and interview the appropriate individuals in the purchasing and facilities departments to ascertain whether additional controls exist that complement those identified within the safety department.
C. Test the controls identified within the safety department; if results are unfavorable, the auditor should consider whether to involve the other departments.
D. Defer questions regarding purchasing, facilities, and other departments until audit projects can be scheduled for those departments.

Selected Answer: D

Question #: 35
Topic #: 1
If an engagement client’s operating standards are vague and thus subject to interpretation, the auditor should:

A. Seek agreement with the client as to the standards to be used to measure operating performance.
B. Determine best practices in the area and use them as the standard.
C. Interpret the standards in their strictest sense because standards are otherwise only minimum measures of acceptance.
D. Omit any comments on standards and the client’s performance in relationship to those standards, because such an analysis would be meaningless.

Selected Answer: C

Question #: 36
Topic #: 3
One of an organization’s quality objectives is to reduce the amount of rework needed in the production cycle.
Which of the following controls would be the least effective in achieving this objective?

A. Machinery is routinely maintained to avoid production malfunctions.
B. Employees are rewarded for suggestions that lead to quality improvements.
C. Quality inspectors are assigned to identify any defects in the finished product.
D. Daily reconciliations are performed between finished goods and the number of rejects.

Selected Answer: B

Question #: 36
Topic #: 5
During an internal audit, an organization’s processing department is found to have incidences of both duplicate invoices and notices from customers that purchased goods were not received. The department under review insists that some of these reports are false and that others were isolated oversights due to understaffing.
Which of the following tests would best help the internal auditor detect fraudulent activity?

A. Check inventory levels.
B. Search for gaps in check numbers.
C. Compare vendor summaries.
D. Review raw material purchase quantities.

Selected Answer: A

Question #: 36
Topic #: 1
An employee who recently transferred into the internal audit activity has been assigned to audit the accounts payable system.
Which function, if previously performed by the auditor, would represent a conflict of interest?

A. Monitoring the allowance for doubtful accounts.
B. Writing procedures for the handling of duplicate payments.
C. Signing timekeeping cards for subordinates.
D. Reviewing shipping documents for accuracy.

Selected Answer: B

Question #: 37
Topic #: 4
Which of the following situations would most likely result in the auditor in charge (AIC) recommending that the staff auditor further investigate non-compliant items?

A. A staff auditor conducted a test of 25 non-statistical sample items, selected judgmentally, and 5 are not in compliance with organizational policy.
B. A staff auditor conducted a test of 85 non-statistical sample items, selected randomly, and 5 are not in compliance with organizational policy.
C. Before the staff auditor conducted a test of statistical sample items, the AIC was already aware of underlying control weaknesses.
D. A staff auditor conducted a test of statistical sample items, the results of which fall below the acceptable error rate by less than one percentage point.

Selected Answer: B

Question #: 37
Topic #: 5
Which of the following statements is true regarding the use of non-statistical sampling in auditing control tests?

A. It considers tolerable deviation rate more effectively than does statistical sampling.
B. Sampling risk will be accurately quantified through non-statistical sampling.
C. Non-statistical sample results must be projected to the population.
D. Lesser evidence is required to support a conclusion than for statistical sampling.

Selected Answer: D

Question #: 38
Topic #: 4
A chief audit executive (CAE) is planning to issue an annual report concluding on the overall effectiveness of the organization’s internal control system. According to the Standards, which of the following is likely the most significant challenge facing the CAE when creating the report?

A. The opinion must include difficult to measure risks such as the risks of management override of controls, and collusion among dishonest personnel.
B. The opinion is dependent on complex analyses of numerous internal audit engagements carried out over the prior year.
C. The opinion is only issued once a year, limiting its usefulness.
D. Assessing control effectiveness is complicated by inherent risks.

Selected Answer: A

Question #: 38
Topic #: 1
Management has requested that an internal auditor serve as member of a task force that will review current receivables practices and make recommendations to improve processes. Which of the following is the most appropriate response by the internal auditor?

A. Accept the assignment provided that such consulting services are defined in the charter.
B. Decline the assignment because participation on task forces will impair the auditor’s objectivity in future audit engagements.
C. Accept the assignment if the auditor believes that it will not impair objectivity in future audit engagements.
D. Do not accept the assignment because the assignment is not part of an approved audit plan.

Selected Answer: D

Question #: 39
Topic #: 5
When internal auditors are preparing workpapers for the testing stage of an engagement, which of the following guidelines should be observed?
1. Include copies of all client files that were reviewed for the audit.
2. Avoid the use of professional, industry-appropriate jargon and technical terms.
3. Indicate the original sources of all data and information used in the workpapers.
4. Leave blank space for cross-references to be completed during the post-audit process.

A. 1 and 2 only
B. 1 and 4 only
C. 2 and 3 only
D. 3 and 4 only

Selected Answer: D

A. 1 and 2 only
B. 1 and 4 only
C. 2 and 3 only
D. 3 and 4 only

Selected Answer: D

Question #: 39
Topic #: 1
Senior management at a financial institution has received allegations of fraud at its derivatives trading desk and has asked the internal audit activity to investigate and issue a report concerning the allegations. The internal audit activity has not yet developed sufficient proficiency regarding derivatives trading to conduct a thorough fraud investigation in this area. Which of the following courses of action should the chief audit executive (CAE) take to comply with the Standards?

A. Engage the former head of the institution’s derivatives trading desk to perform the investigation and submit a report with supporting documentation to the CAE.
B. Request that senior management allow a delay of the fraud investigation until the internal audit activity’s on-staff certified fraud examiner is able to obtain the appropriate training regarding the analysis of derivatives trading.
C. Request that senior management exclude the internal audit activity from the investigation completely and instead contract with an external certified fraud examiner with derivatives experience to perform all aspects of the investigation and subsequent reporting.
D. Contract with an external certified fraud examiner with derivatives experience to perform the investigation and subsequent reporting, with the chief audit

Selected Answer: A

Question #: 39
Topic #: 2
A company has entered into a $20, 000, 000 fixed-price contract with a general contractor for the construction of a new retail outlet. For this contract, which of the following would represent the greatest risk?

A. Excessive labor charged to the project.
B. Poor physical protection of materials and equipment.
C. Failure to complete the project within budget.
D. Substitution of inferior materials.

Selected Answer: B

Question #: 40
Topic #: 4
An internal auditor is assessing the risk of employees falsifying reimbursement requests for business-related meals or travel. Which of the following procedures would the internal auditor most likely perform first?

A. Review the supplemental documentation provided for a sample of reimbursement requests.
B. Interview the payroll/accounting supervisor to determine what controls exist to prevent fraud.
C. Determine whether or not the payroll/accounting department has been subject to regular review.
D. Establish a flowchart of the payroll/accounting functions that include any controls currently in place.

Selected Answer: A

Question #: 40
Topic #: 1
Which of the following corporate travel policies is least likely to be cost-effective?

A. Negotiating corporate agreements with hotels, airlines, and car rental firms.
B. Tracking credits for canceled airline reservations.
C. Selecting the least expensive airline travel available, without regard to total travel time and distance.
D. Traveling to facilities in tourist areas during the off-season when possible.

Selected Answer: A

Question #: 41
Topic #: 3
Which of the following should an internal auditor possess in order to fulfill the responsibilities of the internal audit activity?

A. Proficiency in applying management principles in order to stand in for the chief financial officer.
B. An understanding of management principles in order to evaluate deviations from good practices.
C. An appreciation of internal audit standards in order to recognize problems.
D. Proficiency in accounting principles in order to conduct fraud investigations.

Selected Answer: D

Question #: 41
Topic #: 4
An internal auditor is gathering evidence for an organization’s internal audit engagement and requests a sample of vendor invoices from the organization. Which of the following is true regarding the reliability of this evidence?

A. The invoices have zero reliability.
B. The invoices have low reliability.
C. The invoices have medium reliability.
D. The invoices have high reliability.

Selected Answer: A

Question #: 42
Topic #: 4
Management has decided to invest significant capital in a new and innovative large computer system. They understand that they are one of the first organizations to implement this system, but they believe the benefits outweigh the uncertainty over the performance and reliability of the software. This decision best describes which aspect of risk management?

A. Risk appetite.
B. Risk tolerance.
C. Residual risk.
D. Inherent risk.

Selected Answer: D

Question #: 42
Topic #: 1
An auditor is using audit software to check inventory accuracy. Which of the following would be an indicator of poor input edit controls?

A. Negative quantities on hand.
B. Total dollar values of zero for some parts.
C. Alpha characters in the field for order lead time.
D. Reorder levels set too high.

Selected Answer: C

Question #: 43
Topic #: 6
Which of the following are core responsibilities to be included in the internal audit charter?
1. Review reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
2. Determine the adequacy and effectiveness of the organizations systems of internal accounting and operating controls.
3. Participate in the planning and performance of audits of potential acquisitions with the organization’s outside accountants and other members of the corporate staff.
4. Report to those members of management who should be informed of results of audit examinations, the audit opinions formed, and the recommendations made.

A. 1 and 2.
B. 1 and 4.
C. 2 and 3.
D. 2 and 4.

Selected Answer: D

Question #: 43
Topic #: 2
Which of the following actions by a chief audit executive would be most effective in preventing fraud?

A. Ensure that the board is aware of all fraud that has been identified or reported.
B. Train the internal audit staff in identifying fraud indicators.
C. Review the adequacy of all policies that describe prohibited activities.
D. Submit an annual report to the board on all fraud that has been detected.

Selected Answer: D

A. 1 and 2.
B. 1 and 4.
C. 2 and 3.
D. 2 and 4.

Selected Answer: A

Question #: 43
Topic #: 1
Two individuals are being considered for an audit team that is to perform a highly technical review.
Which of the following situations would preclude selection of the individual for the audit due to an objectivity concern?
I. Person A is a member of the internal audit staff and has the required technical skills. Person A participated in a controls review of the system to be audited when it was being developed.
II. Person B is a technical specialist who understands the audit area but is not a member of the internal audit staff. Although person B has personal credibility in the information systems department to be audited, person B works for another department in the organization.

A. I only
B. II only
C. Both I and II.
D. Neither I nor II.

Selected Answer: A

Question #: 44
Topic #: 5
An internal auditor finds during an engagement that payment for the organization’s general insurance policy is two months overdue. The issue is informally mentioned to the finance department which immediately submits the invoice for payment. The auditor decides to exclude this finding from the final audit report as the oversight was immediately corrected and there were no consequences because of this late payment.
Which of the following rules of conduct as described in the IIA Code of Ethics, did the auditor fail to uphold?

A. Confidentiality.
B. Objectivity.
C. Integrity.
D. Competency.

Selected Answer: D

Question #: 45
Topic #: 5
What type of risk management strategy is being employed when an organization installs two firewalls to provide protection from unauthorized access to the network?

A. Diversifying the risk that network access will not be available to legitimate, authorized users.
B. Accepting the risk that there may be attempts at unauthorized access to the network.
C. Avoiding the risk of having a direct network connection to un-trusted networks.
D. Sharing the risk that either firewall could be compromised by hackers.

Selected Answer: D

Question #: 45
Topic #: 1
A code of business conduct provides?

A. A fraud avoidance plan that does not explicitly describe punishments for violations.
B. A passive method of fraud deterrence.
C. A program to anonymously report irregularities to authorities.
D. An alternative to “tone at the top” programs.

Selected Answer: A

Question #: 45
Topic #: 5
What type of risk management strategy is being employed when an organization installs two firewalls to provide protection from unauthorized access to the network?

Selected Answer: A

Question #: 45
Topic #: 2
Which of the following statements regarding organizational governance is not correct?

A. An effective internal audit function is one of the four cornerstones of good governance.
B. Those performing governance activities are accountable to the customer.
C. Accountability is one of the key elements of organizational governance.
D. Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.

Selected Answer: D

Question #: 45
Topic #: 3
An organization’s sales professionals are potentially abusing the use of cellular phones, resulting in an alarming increase in telephone expenses. Which of the following controls is least likely to curb this abuse?

A. Developing periodic reports to management that show type, length, and number of calls per sales professional, with related totals and comparisons.
B. Requiring sales professionals to pay monthly cellular phone bills and subsequently submit only business calls for reimbursement using an expense report process.
C. Requiring sales managers to approve monthly bills prior to payment, explain budget variances, and explain increases from previous periods.
D. Requiring authorization of the cellular phone bill payment by the manager of the telecommunications department.

Selected Answer: C

Question #: 46
Topic #: 4
Which of the following is accomplished by the internal audit charter?

A. It establishes the audit committee’s position within the organization.
B. It authorizes access to records, personnel and physical properties relevant to the performance of engagements.
C. It defines the scope of internal and external audit activities.
D. It states the nature of the chief audit executive’s administrative reporting relationship with the board.

Selected Answer: A

Question #: 46
Topic #: 1
Fraud is most frequently detected by:

A. Following up on tips from employees or citizens.
B. Following up on analytical review of high-risk areas.
C. Performing periodic reconciliations over cash and other assets.
D. Performing unannounced audits or reviews of programs or departments.

Selected Answer: D

Question #: 47
Topic #: 6
According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor’s need for objectivity?

A. An internal auditor assessed the effectiveness of controls over payroll software, which he had helped implement with a previous employer.
B. An internal auditor participated in an audit of controls around absenteeism, despite providing some consultation on controls in this area earlier in the year.
C. An internal auditor performed an assurance engagement for the effectiveness of accounts payable access controls, one of which he previously helped to design.
D. An internal auditor, previously employed in the quality assurance operations area, performed a consulting engagement for the operations manager.

Selected Answer: D

Question #: 47
Topic #: 3
In preparing for an audit of the footwear division of a major retail organization, an internal auditor gathered the following information about the organization’s stores:

In addition to labor costs, the other costs associated with each store are leasing and maintenance expenses. Which of the following is a valid conclusion?

A. Sales per store are directly related to the size of the store.
B. Employees are less productive in larger stores.
C. Gross margin is directly related to the size of the store.
D. Cost of goods sold is directly related to the size of the store.

Selected Answer: C

Question #: 47
Topic #: 1
After several years in the engineering department, an engineer was transferred to the internal audit department. One month later, the new auditor was assigned to an assurance engagement for the engineering department. When the auditor’s former engineering supervisor suggested a change in the sample selection method, the auditor consulted with the audit supervisor. They determined that the suggested method would not be as representative and that the original selection method should be used. In this situation, the auditor:

A. Maintained an independent mental attitude and is therefore objective.
B. Has subordinated professional judgment, and objectivity is therefore impaired.
C. Does not have objectivity since the auditor recently transferred from the engineering department.
D. Does not have independent organizational status since the auditor recently transferred from the engineering department.

Selected Answer: D

Question #: 47
Topic #: 2
A tax consultancy agency retains sensitive personal information regarding its clients. Which of the following is a violation of acceptable privacy practices?

A. Copies of printed client information not used by the agency are shredded.
B. Employees share client information with coworkers with the permission of the client.
C. The agency only releases client information with management’s approval.
D. The agency advises clients of their privacy rights before they commence business with the agency.

Selected Answer: B

Question #: 48
Topic #: 5
A candidate has applied for an entry level internal audit position. The candidate holds a CISA (Certified Information Systems Auditor) designation, and has six months of audit experience, but limited knowledge of accounting principles and techniques. According to the IIA guidance, which of the following is the most relevant reason for the chief audit executive to consider this candidate?

A. Other internal auditors possess sufficient knowledge of accounting principles and techniques.
B. The candidate’s information systems knowledge and real-world experience in internal auditing.
C. Accounting skills can be learned over time with appropriate training.
D. An entry level position does not require expertise in any particular area.

Selected Answer: C

Selected Answer: D

Question #: 48
Topic #: 4
An internal auditor for a large computer company suspects that returned computer systems are being repackaged as new products and shipped to other customers before the defects have been repaired. Which of the following would be the most persuasive piece of evidence in support of the auditor’s suspicions?

A. Credit memos issued after year end for goods shipped before year end.
B. Evidence of returned goods in the shipping and receiving area.
C. An unusual number of customer complaints.
D. The results of a complete physical inventory taken at year end.

Selected Answer: D

Question #: 48
Topic #: 1
A charitable organization provides substantial grants for important medical research. Assuming marginal controls are in place, which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk?

A. Senior executives are using company travel and entertainment funds for activities that might be considered questionable.
B. Purchases of office supplies are made from fictitious vendors.
C. Grants are made to organizations associated with senior executives.
D. A payroll clerk has added a fictitious employee.

Selected Answer: A

Question #: 49
Topic #: 5
Which of the following decisions made during the testing phase of a compliance audit requires the most judgment by an internal auditor?

A. Which sampling methodology to select for testing.
B. Which fields to examine on each invoice.
C. Whether an individual expenditure is allowable.
D. What level of noncompliance is acceptable.

Selected Answer: C

Question #: 49
Topic #: 1
If earnings on financial statements for internal use only have been manipulated in the past, an internal auditor is likely to focus on which of the following?

A. The proper accrual of payables at the end of the interim period.
B. The timing of revenue recognition and the valuation of inventories.
C. Whether accounting estimates are reasonable given past actual results.
D. Whether there have been changes in accounting principles that materially affect the financial statements.

Selected Answer: C

Question #: 50
Topic #: 2
All of the following would normally be involved in preparing for and carrying out the internal audit activity’s annual plan except:

A. Establishing policies and procedures for workpapers and referencing.
B. Providing periodic activity reports to the audit committee on audit engagements in progress.
C. Assessing the amount of risk in major departments.
D. Training audit staff on appropriate audit methodologies for addressing any newly identified risks.

Selected Answer: A

Question #: 50
Topic #: 1
Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function?

A. Observe the process.
B. Review the trend in receivables write-offs.
C. Ask the credit manager about the effectiveness of the function.
D. Check for evidence of credit approval on a sample of customer orders.

Selected Answer: B

Question #: 50
Topic #: 3
An internal auditor audited a department store’s cash function. Which of the following actions would indicate a lack of due professional care by the auditor?

A. Based on a well-designed system of internal controls over the cash function, the audit report assured senior management that no irregularities existed.
B. A flowchart of the entire cash function was developed but only samples of transactions were tested.
C. The audit report included a well-supported recommendation for a reduction in staff even though such a reduction might adversely impact morale.
D. The auditor informed appropriate authorities within the organization about suspected wrongdoing but did not inform external authorities.

Selected Answer: B

Question #: 51
Topic #: 5
According to IIA guidance, which of the following statements is false regarding continuing professional education for the internal audit activity (IAA)?

A. Continuing professional education can be obtained through IAA involvement in research projects.
B. Employers are responsible for ensuring that the continuing professional education needs of the IAA are met.
C. Completion of self-study courses fulfills IAA continuing professional education requirements.
D. Specialized education that meets unique organizational needs cannot qualify as IAA professional development.

Selected Answer: D

Question #: 51
Topic #: 4
An internal auditor is testing whether payments to outside contractors have been charged to the proper account. Which of the following sampling methods would be most useful in completing this task?

A. Haphazard sampling.
B. Probability-proportional-to-size sampling.
C. Attribute sampling.
D. Judgmental sampling.

Selected Answer: B

Question #: 51
Topic #: 2
When reviewing operational risk for a department whose manager adopts a laissez-faire style of leadership, it is most important for the internal auditor to verify that:

A. Employee decisions follow department and company guidelines.
B. The manager considers employees’ input when designing new procedures.
C. Employees are empowered to deal with unusual or emergency situations.
D. Management has adopted an open-door policy to assist with communication.

Selected Answer: A

Question #: 51
Topic #: 1
Which of the following best describes how the increased use of computerization may impact an auditor’s assessment of the risk of fraud?

A. Access to assets may be available to information systems personnel as well as to computer users.
B. Computer controls are generally less effective than human review.
C. Overrides of key controls may require less collaboration.
D. Audit trails are less effective.

Selected Answer: A

Question #: 51
Topic #: 5
According to IIA guidance, which of the following statements is false regarding continuing professional education for the internal audit activity (IAA)?

Selected Answer: D

Question #: 52
Topic #: 2
Which of the following factors related to an organization’s performance management system would not contribute to the organization’s success?

A. Performance management is linked to competence and knowledge management.
B. Subordinates and superiors have shared responsibility for the performance management process.
C. Staff members own the performance management process, thereby ensuring implementation and accountability.
D. Performance management is integrated into other organizational processes and human resource processes.

Selected Answer: D

Question #: 52
Topic #: 4
A fast-food company is developing a computer simu-lation involving arrival time at a drive-through restaurant. The distribution for arrival times is:

Time –

Single-Digit Random –

Between Arrivals –

Probability –

Number Assigned –
2 minutes
0.1
3 minutes
0.2
1, 2
4 minutes
0.3
3, 4, 5
5 minutes
0.4
6, 7, 8, 9
Six random numbers are selected to represent the arrival of six cars: 1, 6, 9, 0, 5, 6.
What is the mean time between arrivals in this run of the simu-lation model?

A. 2 minutes.
B. 3 minutes.
C. 4 minutes.
D. 5 minutes.

Selected Answer: C

Question #: 52
Topic #: 1
An internal auditor plans to use an analytical review to verify the correctness of various operating expenses in a division. The use of an analytical review as a verification technique would not be a preferred approach if.

A. The auditor notes strong indicators of a specific fraud involving this account.
B. The company has relatively stable operations which have not changed much over the past year.
C. The auditor would like to identify large, unusual, or non-recurring transactions during the year.
D. The operating expenses vary in relation to other operating expenses, but not in relation to revenue.

Selected Answer: A

Question #: 53
Topic #: 6
Which of the following is most likely to function as a directive control?

A. Security dogs.
B. Alert employees.
C. Insurance claims.
D. Cycle counts.

Selected Answer: B

Question #: 53
Topic #: 3
Which of the following statements is correct with regard to risk management?

A. The board’s responsibility for risk management cannot be assigned to a board committee, such as a board risk committee.
B. The chief audit executive is accountable to the board for designing, implementing and monitoring the risk management process.
C. The total process of risk management, which includes a related system of internal control, is the responsibility of the board.
D. The finance director is responsible for the overall implementation of the risk management process.

Selected Answer: D

Question #: 53
Topic #: 1
Which of the following is not a benefit of using information technology in solving audit problems?

A. It helps reduce audit risk.
B. It improves the timeliness of the audit engagement.
C. It increases audit opportunities.
D. It improves the auditor’s judgment.

Selected Answer: D

Question #: 54
Topic #: 1
An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information. In order to test whether data currently within the automated system are correct, an auditor should:

A. Use test data and determine whether all the data entered are captured correctly in the updated database.
B. Select a sample of data to be entered for a few days and trace the data to the updated database to determine the correctness of the updates.
C. Use generalized audit software to provide a printout of all employees with invalid job descriptions. Investigate the causes of the problems.
D. Use generalized audit software to select a sample of employees from the database. Verify the data fields.

Selected Answer: D

Question #: 54
Topic #: 2
Which of the following would be the most effective action for an internal audit activity to take in order to assist in improving an organization’s ethical climate?
I. Review formal and informal processes within the organization that could promote unethical behavior.
II. Conduct surveys of employees, suppliers, and customers regarding ethics.
III. Assess the employees’ knowledge of and compliance with the organization’s code of conduct.

A. I only
B. I and II only
C. II and III only
D. I, II, and III.

Selected Answer: C

Question #: 54
Topic #: 3
A receiving department receives copies of purchase orders for use in identifying and recording inventory receipts.
The purchase orders list the name of the vendor and the quantities of the materials ordered.
A possible error that this system could allow is:

A. Payment to unauthorized vendors.
B. Payment for unauthorized purchases.
C. Overpayment for partial deliveries.
D. Delay in recording purchases.

Selected Answer: A

Question #: 54
Topic #: 4
Which of the following is an example of a preventive control activity for risk related to pollution caused by waste disposal?

A. Offering an education program delivered by environmental experts.
B. Maintaining strict security around environmental department files.
C. Seeking legal consultation from a firm with experience in environmental law.
D. Taking periodic samples of the area at risk and logging the results.

Selected Answer: A

Question #: 55
Topic #: 4
Which of the following statements describes a control weakness?

A. Purchasing procedures are well designed and are followed even when the purchasing supervisor wishes to direct otherwise.
B. Pre-numbered blank purchase orders are secured within the purchasing department.
C. Normal operational purchases fall in the range from $500 to $1, 000, with a single signature required for purchases over $1, 000.
D. The purchasing agent in a personal capacity invests in a publicly-traded mutual fund that lists the stock of one of the company’s suppliers in its portfolio.

Selected Answer: D

Question #: 55
Topic #: 5
An internal auditor notes that employees are able to download files from the internet. According to IIA guidance, which of the following strategies would best protect the organization from the risk of copyright infringement and licensing violations resulting from this practice?

A. Apply antivirus and patch management software.
B. Utilize dedicated and encrypted network connections.
C. Install a software inventory management application.
D. Utilize secure socket layer encryption.

Selected Answer: B

Question #: 56
Topic #: 2
When performing benchmarking during the planning phase of a performance audit, an internal auditor should:

A. Determine the current performance gap.
B. Project future performance levels.
C. Develop functional action plans.
D. Identify comparative organizations.

Selected Answer: B

Question #: 57
Topic #: 1
Which of the following would be most effective in determining if the percentage of medication orders containing errors improved after a hospital installed a computerized medication-tracking system?

A. Compare the proportion of erroneous medication orders before and after system installation for similar periods.
B. Compare the number of errors before and after system installation for similar periods.
C. Compare, after adjusting for the number of patients, the proportion of erroneous medication orders before and after system installation.
D. Compare, after adjusting for the number of patients, the number of errors before and after system installation for similar periods.

Selected Answer: D

Question #: 57
Topic #: 4
Which of the following activities would be most likely to impair the objectivity of an internal auditor?

A. Performing reviews of procedures for a new information systems application before it is installed.
B. Benchmarking controls during the development of a new information systems application.
C. Assisting with the development and installation of a new information systems application.
D. Developing recommended controls for the use of a new information systems application.

Selected Answer: A

Question #: 57
Topic #: 2
A major difference between enterprise risk management and traditional risk management lies in the narrow focus of traditional risk management on:
I. Property and liability risks.
II. Risks with insurance solutions.
III. Risks impacting organizational objectives.

A. I and II only
B. I and III only
C. II and III only
D. I, II, and III.

Selected Answer: B

Question #: 59
Topic #: 1
An auditor for a large wholesaler is evaluating the controls over the approval and oversight of credit sales. Which of the following procedures would be a control weakness?

A. The credit department is responsible for approving shipments to all customers.
B. The finance committee of the board of directors periodically reviews credit standards.
C. Customers who fail to meet credit requirements must pay cash for shipments upon delivery.
D. The sales department is responsible for determining the credit ratings of customers.

Selected Answer: C

Question #: 59
Topic #: 4
Which of the following roles, if undertaken by an internal auditor, would have the greatest potential for conflict with the Standards regarding objectivity?

A. IT system designer.
B. Product development team consultant.
C. Ethics advocate.
D. External audit liaison.

Selected Answer: B

Question #: 59
Topic #: 2
Which statement most accurately describes how criteria are established for use by internal auditors in determining whether goals and objectives have been accomplished?

A. Management is responsible for establishing the criteria.
B. Internal auditors should use professional standards or government regulations to establish the criteria.
C. The industry in which a company operates establishes criteria for each member company through benchmarks and best practices for that industry.
D. Appropriate accounting or auditing standards, including international standards, should be used as the criteria.

Selected Answer: D

Question #: 60
Topic #: 2
A company has established its environmental audit activity as part of its legal department rather than part of its internal audit activity, which reports to the audit committee. The board has requested that the chief audit executive (CAE) provide an annual opinion on whether environmental risks are being properly addressed.
In these circumstances, the CAE should recommend to the audit committee that the internal audit activity:

A. Review the recommendations in all environmental audit reports.
B. Discuss with the environmental auditors the results of their reviews.
C. Periodically carry out a quality assessment of the environmental audit activity.
D. Include a review of environmental issues in some internal audit engagements.

Selected Answer: C

Cart

Practice Exam

Protect Your System: Understanding CVE-2024-3400 Zero-Day Vulnerability

AWS Certified Cloud Practitioner CLF-C02 Exam Part 6

Cart