IIA-CIA-Part2 Topic 1
Question #: 1
Topic #: 1
Which of the following would be a red flag that indicates the possibility of inventory fraud?
I. The controller has assumed responsibility for approving all payments to certain vendors.
II. The controller has continuously delayed installation of a new accounts payable system, despite a corporate directive to implement it.
III. Sales commissions are not consistent with the organization’s increased levels of sales.
IV. Payments to certain vendors are supported by copies of receiving memos, rather than originals.
A. I and II only
B. II and III only
C. I, II, and IV only
D. I, III, and IV only
Selected Answer: A
Question #: 2
Topic #: 1
During an operational audit of a chain of pizza delivery stores, an auditor determined that cold pizzas were causing customer dissatisfaction. A review of oven calibration records for the last six months revealed that adjustments were made on over 40 percent of the ovens. Based on this, the auditor:
A. Has enough evidence to conclude that improperly functioning ovens are the cause.
B. Needs to conduct further inquiries and reviews to determine the impact of the oven variations on the pizza temperature.
C. Has enough evidence to recommend the replacement of some of the ovens.
D. Must search for another cause since approximately 60 percent of the ovens did not require adjustment.
Selected Answer: B
Question #: 2
Topic #: 2
Checklists used to assess audit risk have been criticized for all of the following reasons except:
A. Providing a false sense of security that all relevant factors are addressed.
B. Inappropriately implying equal weight to each item on the checklist.
C. Decreasing the uniformity of data acquisition.
D. Being incapable of translating the experience or sound reasoning intended to be captured by each item on the checklist.
Selected Answer: D
Question #: 2
Topic #: 5
According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?
A. Degree of effort and cost needed to correct the reported condition.
B. Complexity of the corrective action.
C. Impact that may result should the corrective action fail.
D. Amount of resources required to conduct the follow-up activities.
Selected Answer: C
Question #: 2
Topic #: 4
Which of the following would most likely include recommendations for process improvements?
Due diligence engagement.
Forensic investigation.
Internal audit engagement.
Consulting engagement.
A. 1, 2, and 3 only
B. 1, 2, and 4 only
C. 1, 3, and 4 only
D. 2, 3, and 4 only
Selected Answer: C
Question #: 3
Topic #: 5
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization’s risk management program?
A. Identifying and managing risks in line with the entity’s risk appetite.
B. Ensuring that a proper and effective risk management process exists.
C. Attaining an adequate understanding of the entity’s key mitigation strategies.
D. Identifying and ensuring that appropriate controls exist to mitigate risks.
Selected Answer: D
Question #: 3
Topic #: 1
When assessing the risk associated with an activity, an internal auditor should:
A. Determine how the risk should best be managed.
B. Provide assurance on the management of the risk.
C. Modify the risk management process based on risk exposures.
D. Design controls to mitigate the identified risks.
Selected Answer: C
Question #: 3
Topic #: 4
According to the Standards, which of the following best describes the responsibility of the chief audit executive (CAE) for approving the final engagement report?
The CAE is responsible for obtaining management approval before issuing the final report.
The CAE has overall responsibility for the report but can delegate the review and approval of the report.
The CAE is responsible for obtaining senior management’s approval before releasing the final report.
The CAE is responsible for approving to whom and how the final report will be disseminated.
A. 1 and 3 only
B. 1 and 4 only
C. 2 and 3 only
D. 2 and 4 only
Selected Answer: D
Question #: 3
Topic #: 3
Which of the following is the correct ratio to use in calculating the dollar value of the population if the auditor is using ratio estimation?
Number of Items –
Audited Value –
Carrying Amount –
Sample –
300
$500,000
$480,000
Population –
3,000
$5,000,000
A. 0.10
B. 0.96
C. 1.04
D. 10.00
Selected Answer: B
Question #: 4
Topic #: 4
A report prepared by the internal audit activity contains several observations that disclose proprietary information regarding the organization’s manufacturing process. According to the International Professional Practices Framework, which of the following is the appropriate treatment for this report?
A. Distribute the report only to the board to protect disclosure.
B. Disclose and distribute this information in a separate report.
C. Remove the observations and report verbally to senior management.
D. Require a separate non-disclosure statement from each recipient.
Selected Answer: D
Question #: 4
Topic #: 2
Which of the following would cause a company’s accounts receivable turnover ratio to decrease steadily over a three-year period?
A. An increase in the discount offered for early payment.
B. A more liberal credit policy.
C. Invoices provided on a weekly rather than a monthly basis.
D. Increased cash sales.
Selected Answer: C
Question #: 4
Topic #: 3
During an audit of a major contract, an auditor finds that actual hours and dollars billed are consistently at or near budgeted amounts. This condition is a red flag for which of the following procurement fraud schemes?
A. Defective pricing.
B. Cost mischarging.
C. Fictitious vendor.
D. Bid rotation.
Selected Answer: A
Question #: 4
Topic #: 5
Which of the following is a detective control for managing the risk of fraud?
A. Awareness of prior incidents of fraud.
B. Contractor non-disclosure agreements.
C. Verification of currency exchange rates.
D. Receipts for employee expenses.
Selected Answer: C
Question #: 4
Topic #: 1
Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function?
A. Observe the process.
B. Review the trend in receivables write-offs.
C. Ask the credit manager about the effectiveness of the function.
D. Check for evidence of credit approval on a sample of customer orders.
Selected Answer: A
Question #: 5
Topic #: 2
Which of the following would be the best audit procedure to use to determine if a division’s unusually high sales and gross margin for November and December were the result of fraudulently recorded sales?
A. Trace a sample of shipping documents to related sales invoices to verify proper billing.
B. Confirm accounts receivable balances with customers.
C. Compare sales and gross margin totals with those of the previous ten months and the first month of the following year.
D. Use regression analysis techniques to estimate the sales and cost of goods sold for November and December.
Selected Answer: D
Question #: 5
Topic #: 3
A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive but performs no further follow-up. The auditor’s actions would:
I. Be in violation of the IIA Code of Ethics for withholding meaningful information.
II. Be in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud.
III. Not be in violation of either the IIA Code of Ethics or Standards.
A. I only
B. II only
C. III only
D. I and II only
Selected Answer: A
Question #: 5
Topic #: 1
The most effective way for internal auditors to enhance the reliability of computerized financial and operating information is by:
A. Determining if controls over record keeping and reporting are adequate and effective.
B. Reviewing data provided by information systems to test compliance with external requirements.
C. Determining if information systems provide management with timely information.
D. Determining if information systems provide complete information.
Selected Answer: D
Question #: 6
Topic #: 2
Which of the following factors could interfere with effective problem solving by an internal auditor?
I. Reacting to previous experiences with clients.
II. Focusing only on the most likely cause.
III. Correcting the symptoms of problems.
A. I only
B. III only
C. I and II only
D. I, II, and III
Selected Answer: D
Question #: 6
Topic #: 4
Which of the following conditions should a chief audit executive take into account when deciding if a follow-up audit engagement is necessary?
The reported observations were significant and high risk.
Internal audit resources and the time it will require for follow-up.
Management may not have the resources to take action.
Management has previously decided not to take any action.
A. 1, 2, and 3 only
B. 1, 2, and 4 only
C. 1, 3, and 4 only
D. 2, 3, and 4 only
Selected Answer: C
Question #: 7
Topic #: 3
Which of the following is an advantage of an interim report?
I. An interim report provides timely feedback to the audit engagement client.
II. An interim report provides a mechanism for communicating information on red flags promptly while they are being investigated.
III. An interim report provides an opportunity for auditor follow-up of findings before the engagement is completed.
IV. An interim report increases the probability that corrective action will be initiated more quickly.
A. I and IV only
B. II and III only
C. I, III, and IV only
D. I, II, III, and IV.
Selected Answer: D
Question #: 7
Topic #: 1
An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?
A. Investigation of the physical security over access to the components of the LAN.
B. The ability of the LAN application to identify data items at the field or record level and implement user access security at that level.
C. Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise.
D. The level of security of other LANs in the company which also utilize sensitive data.
Selected Answer: B
Question #: 7
Topic #: 5
The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?
A. Refuse to accept the consulting engagement because it would be a violation of independence.
B. Collaborate with the external auditor to ensure the most efficient use of resources.
C. Accept the engagement but hire an external training specialist to provide the necessary expertise.
D. Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.
Selected Answer: C
Question #: 7
Topic #: 2
A company owns a machine that will produce 100 light switches in four hours. Due to increased demand, a second machine capable of producing 100 light switches in three hours has been added.
Approximately how many hours will it take to produce 100 light switches using both machines working together?
A. 7.0
B. 3.5
C. 1.7
D. 0.58
Selected Answer: A
Question #: 8
Topic #: 1
An audit of management’s quality program includes testing the accuracy of the cost-of-quality reports provided to management. Which of the following internal control objectives is the focus of this testing?
A. To ensure compliance with policies, plans, procedures, laws, and regulations.
B. To ensure the accomplishment of established objectives and goals for operations or programs.
C. To ensure the reliability and integrity of information.
D. To ensure the economical and efficient use of resources.
Selected Answer: C
Question #: 8
Topic #: 4
A payroll clerk enters payroll transactions into the general ledger. The staff accountant reconciles the payroll ledgers. The payroll manager issues the manual payroll checks. The checks are maintained in a locked cabinet. The chief financial officer secures the keys to the cabinet. The payroll clerk distributes the manual checks.
The payroll manager reconciles the bank statements monthly. Which of the following audit steps best addresses the risk of fraud in the payroll process?
A. Examine whether the payroll manager approves the reconciliations of ledgers.
B. Determine whether an approved list of voided checks exists.
C. Determine whether the cabinet keys are secured properly.
D. Vouch a sample of items on bank reconciliations to supporting documentation.
Selected Answer: D
Question #: 8
Topic #: 2
A retail sales company has discontinued a product that normally sold for $100. During the first month of a sale of the product, a 20 percent discount was given.
Later that sale price was reduced by an additional 40 percent. What was the overall discount from the original selling price?
A. 60 percent.
B. 52 percent.
C. 48 percent.
D. 30 percent.
Selected Answer: B
Question #: 9
Topic #: 4
According to the International Professional Practices Framework, which of the following situations is an indicator of a healthy relationship between the audit committee and the internal audit function?
A. The chief audit executive (CAE) has direct access to the audit committee and the board but typically does not interact directly with them unless a material weakness in the control environment is identified.
B. The CAE sends the audit committee all communications between the internal audit department and the audit client in order to keep the audit committee up to date on the engagement.
C. The CAE does not distribute audit reports to the audit committee. However, the audit committee is made aware of the scope and findings of audits performed.
D. Whenever a potential audit finding or testing exception is first identified, the audit committee is immediately notified, as well as for any subsequent changes in
Selected Answer: B
Question #: 9
Topic #: 5
Which of the following statements about internal audit’s follow-up process is true?
A. The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure quality performance.
B. The actions of external auditors and other external assurance providers is not encompassed by internal audit’s follow-up process.
C. Internal auditors have responsibility for determining if management and the board have implemented the recommended action or otherwise accepted the risk.
D. The follow-up process must be complete and documented in the working papers in order to conclude the engagement.
Selected Answer: A
Question #: 9
Topic #: 2
A recent survey indicated that residents of a small town take the train to a nearby city eight times per month, on average. The same survey showed that the number of train trips that a resident takes per month (y) is determined by the number of days per month that the resident works in the nearby city (x), according to the equation: y = 2 + 2x. A person who never works in the nearby city is expected to take the train:
A. Zero times per month.
B. Two times per month.
C. Four times per month.
D. Eight times per month.
Selected Answer: B
Question #: 10
Topic #: 3
Persuasive evidence indicates that a member of senior management has been involved in insider trading that would be considered fraudulent. However, the evidence was encountered during an operational audit and is not considered relevant to the audit. Which of the following is the most appropriate action for the chief audit executive to take?
A. Report the evidence to external legal counsel for investigation. Report the legal counsel findings to management.
B. Report the evidence to the chairperson of the audit committee and recommend an investigation.
C. Conduct sufficient audit work to conclude whether fraudulent activity has taken place, then report the findings to the chairperson of the audit committee and to government officials if appropriate action is not taken.
D. Discontinue audit work associated with the insider trading since it is not relevant to the existing audit.
Selected Answer: C
Question #: 10
Topic #: 2
A manager of one of a retailer’s several retail outlets is stealing cash from cash sales, recording the sales as accounts receivable, and subsequently writing off the fictitious accounts receivable as bad debts. Which of the following comparisons would be most effective in signaling the possibility of such a fraud?
A. Bad debt expense as a percentage of sales, compared to that of the other outlets.
B. Bad debt expense as a percentage of sales, compared to that of previous years.
C. Percentage of past-due accounts receivable, compared to that of the other outlets.
D. Percentage of past-due accounts receivable, compared to that of previous years.
Selected Answer: B
Question #: 10
Topic #: 1
A manufacturing process could create hazardous waste at several production stages, from raw materials handling to finished goods storage. If the objective of a pollution prevention audit engagement is to identify opportunities for minimizing waste, in what order should the following opportunities be considered?
I. Recycling and reuse.
II. Elimination at the source.
III. Energy conservation.
IV. Recovery as a usable product Treatment.
A. V, II, IV, I, III.
B. IV, II, I, III, V.
C. I, III, IV, II, V.
D. III, IV, II, V, I.
Selected Answer: B
Question #: 10
Topic #: 4
An internal auditor has been asked to participate in an advisory capacity to assist a committee in redesigning the organization’s current financial reports to provide better information to management and the board. Which of the following actions on the part of the auditor would provide the greatest value to this project?
A. The internal auditor has a set of generic report templates from a former project and presents them to the group because they worked so well for the previous employer.
B. The internal auditor interviews each stakeholder and documents the requirements and preferences of each and creates a report template that meets as many of the requirements and preferences as possible.
C. The internal auditor gathers the stakeholder group and holds a brainstorming session where they generate report requirements and preferences and then rank them in order of importance.
D. The internal auditor undertakes a project to gather report templates and formats from other organizations in the same line of business and presents them all to
Selected Answer: B
Question #: 11
Topic #: 3
What is the most likely source of information for a detailed schedule of a company’s insurance policies in force?
A. Original journal entries found in the cash disbursements journal, along with supporting checks processed by the bank.
B. Policies and procedures governing insurance coverage.
C. The current fiscal year’s budget for insurance, together with the beginning balance of the prepaid insurance account.
D. The files containing insurance policies with various carriers.
Selected Answer: A
Question #: 11
Topic #: 2
An auditor is performing a review of a complex process to identify opportunities to increase efficiency. What is the most practical way to document the process to identify areas of inefficiency?
A. Write a description of the process activities in sequential order.
B. Develop a PERT (program evaluation and review technique) diagram.
C. Flowchart the process.
D. Create a decision tree.
Selected Answer: C
Question #: 11
Topic #: 4
The internal audit activity of an investment company received a request to provide assurance on the risk management process. Preliminary discussion with senior management revealed that separate functions within the organization perform some form of risk management activities. Which of the following is the most effective tool for ensuring that risk management activities are coordinated among these functions?
A. Delphi technique.
B. Assurance map.
C. Facilitated workshop.
D. Analytical reviews.
Selected Answer: B
Question #: 11
Topic #: 1
An organization’s internal auditors are reviewing production costs at a gas-powered electrical generating plant. They identify a serious problem with the accuracy of carbon dioxide emissions reported to the environmental regulatory agency, due to computer errors. The auditors should immediately report the concern to:
A. The regulatory agency.
B. Plant management.
C. A plant health and safety officer.
D. The risk management function.
Selected Answer: D
Question #: 12
Topic #: 1
Which of the following would be an appropriate improvement to controls over large quantities of consumable material that are charged to expense when placed in bins which are accessible to production workers?
A. Relocate bins to the inventory warehouse.
B. Require management to compare the cost of consumable items used to the budget.
C. Lock the bins during normal working hours.
D. None of the above actions are needed for items of minor cost and size.
Selected Answer: D
Question #: 12
Topic #: 4
The chief audit executive (CAE) is adding a new audit position to the team. According to the International Professional Practices Framework, which of the following candidates would the CAE be least likely to accept for the position?
A. The candidate is applying for an IT audit position, while originally coming from an IT background, but has only experiences of financial and compliance audits in the previous position.
B. The candidate is knowledgeable about potential indicators of fraud including typical risks, but has only participated as a staff auditor in one investigative fraud audit.
C. The candidate meets the minimum educational requirements established by the chief audit executive, but has less formal education than any of the other candidates being considered.
D. The candidate provides examples of previous reports demonstrating excellent writing skills, but lacks ability to clearly communicate ideas and conclusions in a
Selected Answer: A
Question #: 13
Topic #: 4
According to IIA guidance, which of the following are potential benefits of using an assurance map?
A. Indication of any gaps in assurance coverage, and improved relevance of assurance recommendations.
B. Identification of duplicate or overlapping assurance activities, and improved relevance of assurance recommendations.
C. Indication of gaps in assurance coverage, and enhanced effectiveness of assurance providers.
D. Enhanced effectiveness of assurance providers, and improved relevance of assurance recommendations.
Selected Answer: D
Question #: 13
Topic #: 5
According to IIA guidance, which of the following is true about the supervising internal auditor’s review notes?
They are discussed with management prior to finalizing the audit.
They may be discarded after working papers are amended as appropriate.
They are created by the auditor to support her fieldwork in case of questions.
They are not required to support observations issued in the audit report.
A. 1 and 3 only
B. 1 and 4 only
C. 2 and 3 only
D. 2 and 4 only
Selected Answer: C
Question #: 13
Topic #: 1
Which of the following is a weakness that is inherent in the use of the test data method to test internal controls in a computer-based accounting system?
A. The auditor must test many transactions with the same condition in order to achieve assurance that the condition is being detected.
B. Conditions that were not specifically considered by the auditor may go untested.
C. The approach requires the creation of “dummy companies,” possibly destroying or altering actual company data in the process.
D. Inclusion of atypical data in the test data may cause errors to be noted on the exception report.
Selected Answer: C
Question #: 14
Topic #: 2
A fast-food company is developing a computer simulation involving arrival time at a drive-through restaurant. The distribution for arrival times is:
Time –
Single-Digit Random –
Between Arrivals –
Probability –
Number Assigned –
1 minute
0.1
2 minutes
0.2
1, 2
3 minutes
0.3
3, 4, 5
4 minutes
0.4
6, 7, 8, 9
Six random numbers are selected to represent the arrival of six cars: 1, 6, 9, 0, 5, 6. The mean time between arrivals for these cars, in this run of the simulation model, is:
A. 1 minute.
B. 2 minutes.
C. 3 minutes.
D. 4 minutes.
Selected Answer: C
Question #: 14
Topic #: 4
Which of the following events would most likely cause the chief audit executive to consider changing the current year’s audit plan?
1. The government announced that new regulatory requirements will be introduced in the coming years which may significantly impact the organization’s primary product.
2. A major competitor unexpectedly introduced a new model at a lower price point to compete with the organization’s market leading product.
3. The organization announced a new joint venture with a long time corporate partner to introduce a new product with development costs and sales beginning next fiscal year.
4. An equal joint venture partner filed a lawsuit against the organization and requested that the court issue an immediate suspension of future product shipments.
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 4 only
D. 3 and 4 only
Selected Answer: D
Question #: 14
Topic #: 1
Which of the following would be most helpful to a governmental auditor searching for the existence of multiple welfare claims that were filed under different names but used the same address?
A. Tagging and tracing.
B. Generalized audit software.
C. Integrated test facility.
D. Spreadsheet analysis.
Selected Answer: B
Question #: 15
Topic #: 1
What would be used to determine the collectability of accounts receivable balances?
A. The file of related shipping documents.
B. Negative accounts receivable confirmations.
C. Positive accounts receivable confirmations.
D. An aged accounts receivable listing.
Selected Answer: C
Question #: 15
Topic #: 4
Which of the following statements is true?
A. Consulting engagements provide the internal audit activity with flexibility to add value and do not need to be included in the long-range audit plan.
B. The internal audit activity’s plan of engagments must be based on a formal quantitative risk assessment.
C. The chief audit executive should consider changes to the long-range audit plan based on the requests of business unit managers.
D. A risk assessment on which to base the internal audit activity’s long-range plan must be undertaken at least once every three years.
Selected Answer: A
Question #: 15
Topic #: 5
According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management’s response to audit recommendations?
A. Evaluate and verify management’s response, and determine the need and scope for additional work.
B. Evaluate and verify management’s response, and establish timelines for corrective action by management.
C. Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.
D. Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.
Selected Answer: C
Question #: 16
Topic #: 3
What type of analysis is performed when an auditor tests for unusual variations in information by comparing the number of employees working at a factory site with the direct cost of production each month over a period of one year?
A. Trend analysis.
B. Ratio analysis.
C. Regression analysis.
D. Horizontal analysis.
Selected Answer: C
Question #: 16
Topic #: 4
In performance auditing, which of the following must first be determined by the internal auditor?
A. Which key performance indicators are in use.
B. Management’s objectives for the process.
C. Whether management controls are appropriate.
D. Determination that appropriate benchmarks are in place.
Selected Answer: B
Question #: 16
Topic #: 1
Which of the following would provide the best evidence of compliance with an airline’s standard of having aircraft refueled and cleaned within a specified time of arrival at an airport?
A. Vendor fuel invoices that have been reconciled to inventory records.
B. Time cards completed by aircraft cleaning and fueling crews.
C. Observation of selected aircraft while they are being refueled and cleaned.
D. Comparison of the standard hourly labor costs for cleaning and fueling personnel with actual labor charges.
Selected Answer: D
Question #: 17
Topic #: 5
The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?
A. The CAE is required to review, approve, and sign every engagement report.
B. The CAE is required to review, approve, and sign all regulatory compliance engagement reports only
C. The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.
D. The internal audit charter must identify authorized signers of engagement reports.
Selected Answer: B
Question #: 17
Topic #: 4
According to the Standards, which of the following best describes what must be agreed upon to establish an understanding with clients prior to starting a consulting engagement?
A. The engagement objectives, access to clients records, and expectations.
B. The engagement objectives, scope, and time frame to complete the engagement.
C. The engagement scope, opportunities for making significant improvements, and client expectations.
D. The engagement objectives, scope, respective responsibilities, and other client expectations.
Selected Answer: C
Question #: 17
Topic #: 3
Which of the following data sources would provide the least valid data for an audit of a retail store’s customer service?
A. A graph that compares staffing levels for selected times with store traffic (number of customers) over the same time period.
B. A random survey of customer satisfaction given to customers as they leave the store.
C. Interviews of randomly selected service personnel regarding the quality of service that they provide.
D. A graph of customer service training across stores, comparing training with overall levels of service satisfaction.
Selected Answer: D
Question #: 17
Topic #: 1
A company’s policy requires that all customers be treated in a fair and consistent manner. Which of the following audit procedures would provide the most persuasive evidence that the policy was followed?
A. Compare the aging of outstanding receivables due from each customer.
B. Compare credit reports with annual sales for a sample of customers.
C. Compare the ratio of outstanding receivables to the authorized credit limit for each customer.
D. Compare the sales discounts offered to each customer.
Selected Answer: D
Question #: 18
Topic #: 4
An airline contracted with an external service provider to perform maintenance on all aircraft ground support equipment. Management then asked the internal audit activity (IAA) to evaluate the controls in place that would permit appropriate oversight of the service provider in maintaining required maintenance standards.
According to the International Professional Practices Framework, which of the following would be the most appropriate course of action for the IAA to undertake to establish the engagement objectives?
A. Develop a draft audit plan and create an appropriate scope and resource schedule.
B. Develop a preliminary audit program and obtain senior management’s approval.
C. Conduct a preliminary assessment of the risks associated with the maintenance contract.
D. Obtain a copy of the maintenance contract and review the contract for pricing discrepancies.
Selected Answer: B
Question #: 18
Topic #: 1
An auditor plans to analyze customer satisfaction, including: (1) customer complaints recorded by the customer service department during the last three months;
(2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct?
A. Although useful, such an analysis does not address any risk factors.
B. The survey would not consider customers who did not make purchases in the last three months.
C. Steps 1 and 2 of the analysis are not necessary or cost-effective if the customer survey is comprehensive.
D. Analysis of three months’ activity would not evaluate customer satisfaction.
Selected Answer: D
Question #: 19
Topic #: 5
When forming an opinion on the adequacy of management’s systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?
During an audit of the hiring process in a law firm, it was discovered that potential employees’ credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.
During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.
During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.
During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.
A. 1 and 3 only
B. 1 and 4 only
C. 2 and 3 only
D. 2 and 4 only
Selected Answer: C
Question #: 19
Topic #: 4
According to the International Professional Practices Framework, which of the following would not be considered when performing an initial risk assessment in engagement planning?
A. The reliability of management’s assessment of risk.
B. Management’s process for monitoring, reporting, and resolving risk issues.
C. Management’s methodology for defining risk criteria.
D. Risks in related activities relevant to the activity under review.
Selected Answer: C
Question #: 19
Topic #: 3
In reviewing the appropriateness of the minimum quantity level of inventory established by a department, an auditor would be least likely to consider:
A. Stockout costs, including lost customers.
B. Seasonal variations in forecasting inventory demand.
C. Optimal order sizes determined by an economic order quantity model.
D. The potential for obsolescence of inventory items.
Selected Answer: D
Question #: 20
Topic #: 5
An internal auditor and engagement client are deadlocked over the auditor’s differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?
A. Conduct a joint brainstorming session with management.
B. Ask the chief audit executive to mediate.
C. Disclose the client’s differing opinion in the final report.
D. Escalate the issue to senior management for a decision.
Selected Answer: A
Question #: 20
Topic #: 4
According to IIA guidance, which of the following strategies would be the least effective in helping a chief audit executive build a stronger relationship with the board?
A. Consider formality and tone of communications to ensure they are appropriate.
B. Minimize instances of ad hoc communications with board members.
C. Consider the possible repercussions created by commentary on deficiencies.
D. Avoid making presumptuous comments without sufficient facts.
Selected Answer: C
Question #: 20
Topic #: 3
During an audit, an employee, who does not want to be identified, offers to provide information that would be damaging to the organization and may concern illegal activities. Which of the following actions by the auditor would not be consistent with the IIA Code of Ethics and Standards?
A. Promising to maintain the employee’s anonymity and listening to the information.
B. Suggesting that the employee consider talking to legal counsel.
C. Informing the employee that an attempt will be made to keep the source of the information confidential while looking into the matter further.
D. Informing the employee of other methods of communicating this type of information.
Selected Answer: A
Question #: 21
Topic #: 4
The chief audit executive established an internal audit activity (IAA) performance standard requiring all audit reports to be issued within 48 hours of the exit meeting with the client. Which of the following describes an exit meeting strategy that would best help the IAA meet this performance standard?
A. The objective of the exit meeting is to reach agreement on audit observations.
B. The objective of the exit meeting is to solicit action plans for audit observations.
C. The objective of the exit meeting is to confirm final details of fieldwork.
D. The objective of the exit meeting is to confirm understanding of audit results
Selected Answer: A
Question #: 21
Topic #: 1
Which of the following is the best problem-solving technique to use when analyzing performance and cost?
A. Value analysis.
B. Attribute listing.
C. Brainstorming.
D. Component analysis.
Selected Answer: C
Question #: 21
Topic #: 5
When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?
A. Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.
B. Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.
C. Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.
D. Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.
Selected Answer: A
Question #: 22
Topic #: 3
A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank’s departments is provided below:
Which of the following statements regarding risk in the department is true?
A. As compared to departments A and C, department B has a stronger control system to compensate for the greater complexity of the department’s transactions and dollar value of its assets.
B. The internal audit activity should schedule audits of department B more often than audits of department C because of the relative control strength of department C as compared to department B.
C. The nature of department A’s control structure may be justified by the nature of the department’s assets and the complexity of its transactions.
D. The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.
Selected Answer: C
Question #: 22
Topic #: 2
Which of the following would not be characteristic of control self-assessment implemented by an audit department?
A. An auditor usually facilitates the discussion during the workshop phase while another records comments for subsequent use.
B. Auditors and business-unit employees work as a team.
C. Auditors perform traditional audit tests to identify control weaknesses.
D. Participants discuss the control weaknesses that hinder the achievement of objectives.
Selected Answer: D
Question #: 22
Topic #: 5
According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?
A. Communication of any internal ethics violations to external parties may occur with appropriate safeguards.
B. Cultural impacts are less critical where the organization practices uniform polices around the globe.
C. Cross-cultural differences should always be handled by the staff of the same cultural background.
D. Local law enforcement should be involved as they are more familiar with the applicable local laws.
Selected Answer: B
Question #: 22
Topic #: 1
In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should:
A. Tell the employee a piece of information obtained from a coworker in a previous interview.
B. Put sensitive questions at the beginning of a questionnaire to ensure that they are answered.
C. Explain that the auditor’s reputation for integrity, which is vital to the auditor’s business success, would be seriously damaged if confidentiality were breached.
D. Point out that management has given the auditor full authority to conduct this interview.
Selected Answer: C
Question #: 23
Topic #: 3
A chief audit executive (CAE) is evaluating four potential audit engagements based on the following factors: the engagement’s ability to reduce risk to the organization, the engagement’s ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parentheses:
Risk Reduction –
Cost Savings –
Changes –
High (3)
Medium (2)
Low (1)
High (3)
Low (1)
High (3)
Low (1)
High (3)
Medium (2)
Medium (2)
Medium (2)
High (3)
If the organization has asked the CAE to consider the cost savings factor to be twice as important as any other factor, which engagements should the CAE pursue?
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 4 only
D. 3 and 4 only
Selected Answer: B
