IIA-CIA-Part2 Topic 2
Question #: 23
Topic #: 4
When approving the final engagement report, which of the following is most critical?
A. Opinions are adequately supported.
B. Conclusions are reached for all objectives.
C. Report is distributed to appropriate parties.
D. Report is clear and concise.
Selected Answer: D
Question #: 23
Topic #: 5
The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?
The annual audit plan should include audits that are consistent with the skills of the IAA.
Audits of high-risk areas of the organization should be conducted by internal audit staff.
External resources may be hired to provide subject-matter expertise but should be supervised.
Auditors should develop their skills by being assigned to complex audits for learning opportunities.
A. 1 and 2 only
B. 1 and 4 only
C. 2 and 3 only
D. 3 and 4 only
Selected Answer: D
Question #: 23
Topic #: 1
During a routine audit of a customer service hotline, an internal auditor noticed that an unusually high number of customer complaints pertained to payments not being applied to the customers’ accounts.
Which of the following would most likely be the reason for the high volume of complaints?
A. An ineffective customer service department.
B. Poor controls in the invoice approval processes.
C. Check tampering by an employee.
D. Submission of fraudulent expense reports.
Selected Answer: B
Question #: 25
Topic #: 4
The chief audit executive (CAE) notes during review of the final report of an assurance engagement that management has decided to accept the risks of two significant exposures identified by the audit. Which of the following actions by the CAE would be least prudent in these circumstances?
A. Implement follow-up procedures to monitor the potential impact of those risks.
B. Review the working papers and conclusions as to the perceived residual risk.
C. Meet with senior management to consider their reasoning for the decision.
D. Meet with the auditor-in-charge to review the conclusions.
Selected Answer: A
Question #: 25
Topic #: 3
Which of the following is not likely to be included as an audit step when assessing vendor performance policies?
A. Determine whether agreed-upon lot sizes were sent by vendors.
B. Determine whether only authorized items were received from vendors.
C. Determine whether the balances owed to vendors are correct.
D. Determine whether the quality of the goods purchased from the vendors has been satisfactory.
Selected Answer: D
Question #: 25
Topic #: 2
An auditor decides to vouch a sample of ledger entries back to their original documentation. In terms of whether all transactions had been recorded, this test would be:
A. Relevant to the completeness objective.
B. Irrelevant to the completeness objective.
C. A more timely test of completeness than evidence from interviews.
D. A more biased test of completeness than evidence from interviews.
Selected Answer: C
Question #: 26
Topic #: 4
According to the International Professional Practices Framework, which of the following is correct regarding conducting and reporting follow-up activities by the internal audit activity (IAA)?
A. Due to management changes, the IAA is advised by management that no further work will be done. Further follow-up work is not required as management has accepted the related risk.
B. A newly appointed auditor immediately proceeds to conduct follow-up testing based on previous work performed for the engagement and then reports the results to the chief audit executive (CAE).
C. Management has stopped implementing several key recommendations citing a growing disagreement with their effectiveness. The auditor communicates the situation to the CAE who then escalates the matter to senior management.
D. In situations where the identified risk may have a significant impact to the business and senior management has accepted the risk, it is not necessary for the
Selected Answer: C
Question #: 26
Topic #: 1
Which of the following audit procedures is most suitable for verifying that all sales transactions have been recorded?
A. Observation.
B. Tracing.
C. Re-computation.
D. Vouching.
Selected Answer: D
Question #: 26
Topic #: 5
According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?
A. The CAE can release prior internal audit reports with the approval of the board and senior management.
B. The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.
C. The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.
D. The CAE can release prior information provided it is as originally published and distributed within the organization.
Selected Answer: A
Question #: 26
Topic #: 2
All of the following tools are employed to control large-scale projects except:
A. Program evaluation and review technique (PERT).
B. Critical path method.
C. Statistical process control.
D. Gantt charts.
Selected Answer: B
Question #: 26
Topic #: 3
An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information.
The internal auditor reviews the retirement benefits plan and determines that the pension and medical benefits have been changed several times in the past ten years. The auditor wishes to determine whether there is justification to perform further audit investigation. The most appropriate audit procedure would be to:
A. Review the trend of overall retirement expense over the last ten years. If the retirement expense increased, it would indicate the need for further investigation.
B. Use generalized audit software to select a monetary-unit sample of retirement pay, and determine whether each retired employee was paid correctly.
C. Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by which plan was in effect when the employee retired.
D. Use generalized audit software to select an attributes sample of retirement pay, and perform detailed testing to determine whether each person chosen was
Selected Answer: A
Question #: 27
Topic #: 4
An internal auditor compares real-time gasoline production data to corresponding final gasoline production reports and finds minor but consistent daily discrepancies. If the auditor is concerned about theft, which of the following next steps is most consistent with IIA guidance?
A. Reconcile online data and the final production reports to gasoline sales reports.
B. Contact security personnel as evidence suggests gasoline is being stolen from production premises.
C. Confront the production manager and ask her to explain the differences between real-time and reported data.
D. Review the processes used to collect the production data and to compile the final production reports.
Selected Answer: B
Question #: 27
Topic #: 5
An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?
A. Express an opinion on the participants’ inputs and conclusions as the assessment progresses.
B. Provide appropriate techniques and guidelines on how the exercise should be undertaken.
C. Evaluate and report on all issues that may be uncovered during the exercise.
D. Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.
Selected Answer: D
Question #: 27
Topic #: 1
Which of the following would be an appropriate and effective control self-assessment approach in an organization with an authoritative culture?
I. Facilitated meeting –
II. Survey –
III. Management-produced analysis
A. I only
B. I and III only
C. II and III only
D. I, II, and III
Selected Answer: B
Question #: 28
Topic #: 1
What does the following scatter gram suggest?
A. Sales revenue is related to training costs.
B. The training program is not effective.
C. Increases in training costs consistently increase sales revenue.
D. One data point is incorrectly plotted.
Selected Answer: D
Question #: 28
Topic #: 4
According to IIA guidance, which of the following is the least appropriate role for the internal audit activity in the organization’s risk management program?
A. Conducting full investigations of suspected fraud.
B. Monitoring the organization’s whistle-blower hotline.
C. Assessing the risk of fraudulent activity in the organization.
D. Providing ethics training sessions to organization staff.
Selected Answer: C
Question #: 28
Topic #: 3
An internal auditor has just undertaken an organization-wide risk assessment. In identifying potential audit engagements, the internal auditor should consider least:
A. Focusing on the high risk areas as sources of potential engagements.
B. Focusing in areas not audited last year.
C. Factoring in management requests.
D. Focusing on those risks highlighted by the external auditor.
Selected Answer: C
Question #: 29
Topic #: 1
New credit policies have been implemented in an automated order-entry system to improve the collection of receivables. Sales management has compiled several examples that show decreased sales and delayed order entry, and contends that these examples are a direct result of the new credit-policy constraints. Sales management’s data and information provide.
A. Feedback control data.
B. Irrelevant and argumentative information.
C. Evidence that the new credit policies do not meet the stated corporate objective to improve collections.
D. A statistically valid conclusion about the impact of the new credit policies on customer goodwill.
Selected Answer: D
Question #: 30
Topic #: 4
Which of the following is not true regarding the management of internal audit resources?
A. A minimum level of information technology knowledge is necessary.
B. The adequacy of internal audit resources is ultimately a board responsibility.
C. Resources include external service providers and computer-assisted audit techniques.
D. Skills availability must be aligned with financial constraints.
Selected Answer: C
Question #: 31
Topic #: 1
In which of the following situations would it be most appropriate to employ the services of a forensic specialist?
A. Detection of unauthorized changes to source documents.
B. Review for misapplication of general computer controls over accounts receivable.
C. Investigation of ghost employees in a large business.
D. Verification of fixed assets in a manufacturing company.
Selected Answer: C
Question #: 31
Topic #: 4
An organization has an opening for an entry-level internal audit position. When interviewing for the position, which of the following is the least important skill for an entry-level internal auditor?
A. Conflict resolution skills.
B. Communication skills.
C. Time management skills.
D. Interpersonal skills.
Selected Answer: A
Question #: 32
Topic #: 5
The board has asked the internal audit activity (IAA) to be involved in the organization’s enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?
A. Coach management in responding to risks.
B. Develop risk management strategies for board approval.
C. Facilitate identification and evaluation of risks.
D. Evaluate risk management processes.
Selected Answer: B
Question #: 32
Topic #: 1
The following is an excerpt from an audit engagement workpaper:
✑ A Company
✑ Accounts Receivable
✑ Date
Objective. To determine if the computer system is correctly recording all accounts receivable transactions.
Procedures: Judgmental selection of a sample of all accounts receivable balances greater than $50,000 for positive confirmation of balances.
Conclusion: Based on the results of testing wherein all but three confirmations were returned, the accounts receivable balance is fairly presented in all material respects.
Which of the following is true regarding the workpaper?
A. It is not appropriate to judgmentally select a sample when testing accounts receivable.
B. A conclusion should be reached only for the results of overall testing, not for individual procedures.
C. The audit procedures used are not consistent with the audit objective.
D. The format of the workpaper does not conform to the standard format for workpapers.
Selected Answer: B
Question #: 33
Topic #: 2
A chief audit executive (CAE) suspects that several employees have used desktop computers for personal gain. In conducting an investigation, the primary reason that the CAE would choose to engage a forensic information systems auditor rather than using the organization’s information systems auditor is that a forensic information systems auditor would possess:
A. Knowledge of the computing system that would enable a more comprehensive assessment of the computer use and abuse.
B. Knowledge of what constitutes evidence acceptable in a court of law.
C. Superior analytical skills that would facilitate the identification of computer abuse.
D. Superior documentation and organization skills that would facilitate in the presentation of findings to senior management and the board.
Selected Answer: B
Question #: 33
Topic #: 1
Which of the following trends found on financial reports would most likely indicate a possible problem?
A. A material decrease in the receivables turnover.
B. A material increase in inventory turnover.
C. A material increase in daily sales compared to total outstanding receivables.
D. A material increase in the acid-test ratio.
Selected Answer: B
Question #: 33
Topic #: 4
When establishing the internal audit activity’s annual plan, which of the following would be the best source of potential audit engagement topics?
A. The organization’s budget.
B. Operations involving cash transactions.
C. Recent changes in management objectives.
D. Risk factors utilized in the organization’s risk models.
Selected Answer: B
Question #: 34
Topic #: 2
While conducting a payroll audit, an internal auditor in a large government organization found inadequate segregation in the duties assigned to the assistant director of personnel. When the auditor explained the risk of fraud, the assistant director became upset, terminated the interview, and threatened to sue the organization for defamation of character if the audit engagement was not curtailed. The auditor discussed the situation with the chief audit executive (CAE). The
CAE should then:
A. Curtail the audit engagement to avoid potential legal action.
B. Provide a report to senior management recommending a fraud investigation.
C. Continue the original engagement program as planned but include a comment about the assistant director’s reaction in the engagement final communication.
D. Add additional testing to determine whether other indicators of fraud exist.
Selected Answer: C
Question #: 34
Topic #: 1
Which of the following situations would best support the decision of a chief audit executive (CAE) to defer follow-up activity at a branch office until the next audit engagement?
A. An audit of the branch office is routinely scheduled every three years.
B. On-site follow-up of a remote branch may not be feasible due to travel costs.
C. Branch office management states that correction of the audit issue may take longer than expected.
D. The CAE and management agree that the corrective action taken to date is sufficient.
Selected Answer: B
Question #: 35
Topic #: 4
Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailed audit work begins?
A. The objectives of the audit should be set.
B. The organization’s management should be informed about the work to be performed.
C. Attention should be devoted toward the key audit areas.
D. The timing of the audit should be set.
Selected Answer: C
Question #: 35
Topic #: 1
When conducting research, which of the following is most important?
A. Using computer databases or the Internet to find all relevant sources.
B. Providing documentation of the reference sources.
C. Presenting only those facts that support the conclusion.
D. Presenting all contrary views to balance the opinion.
Selected Answer: D
Question #: 35
Topic #: 5
Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?
A. Senior management is charged with overseeing the establishment risk management and control processes.
B. The chief audit executive is responsible for overseeing the evaluation risk management and control processes.
C. Operating managers are responsible for assessing risks and controls in their departments.
D. Internal auditors provide assurance about risk management and control process effectiveness.
Selected Answer: C
Question #: 36
Topic #: 1
Productivity statistics are provided quarterly to a company’s board of directors. An auditor checked the ratios and other statistics in the four most recent reports.
The auditor used scratch paper and copies of the board reports to verify the accuracy of computations and compared the data used in the computations with supporting documents. The auditor wrote a note describing this work for the workpapers and then discarded the scratch paper and report copies. The auditor’s note stated.
“The ratios and other statistics in the quarterly board reports were checked for the last four quarters, and appropriate supporting documents were examined. All amounts appear to be appropriate.”
In this situation:
A. Four quarters is not a large enough sample on which to base a conclusion.
B. The auditor’s workpapers are not sufficient to facilitate an efficient review of the auditor’s work.
C. The auditor should have included the scratch paper in the workpapers.
D. The auditor should have considered whether the information in the board report was compiled efficiently.
Selected Answer: B
Question #: 37
Topic #: 4
Which of the following is true regarding roles and responsibilities in risk management processes?
A. Setting strategic direction resides with senior management.
B. Ownership of risks resides with the board.
C. Acceptance of residual risk resides with executive management level.
D. Identifying, assessing, mitigating and monitoring activities on a continuous basis rests with the internal audit activity.
Selected Answer: D
Question #: 37
Topic #: 2
The following are potential sources of evidence regarding the effectiveness of a division’s total quality management program. The least persuasive evidence would be a comparison of:
A. Employee morale before and after program implementation.
B. Scrap and rework costs before and after program implementation.
C. Customer returns before and after program implementation.
D. Manufacturing and distribution costs per unit before and after program implementation.
Selected Answer: D
Question #: 37
Topic #: 1
Which of the following is an example of the verification of internal documentary evidence?
A. Reviewing a carrier’s bill of lading.
B. Reconciling a vendor’s month-end statement.
C. Vouching a copy of a sales invoice to receivables.
D. Recalculating a customer’s purchase order.
Selected Answer: B
Question #: 37
Topic #: 5
Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?
1. The hedge documentation designating the hedge.
2. The spot exchange rate on the transaction date.
3. The terms of the forward contract.
4. The amount of fuel purchased.
A. 1 and 2
B. 1 and 4
C. 2 and 3
D. 3 and 4
Selected Answer: C
Question #: 38
Topic #: 1
The balanced scorecard approach differs from traditional performance measurement approaches because it adds which of the following measures?
I. Financial measures.
II. Internal business process measures.
III. Client satisfaction measures.
IV. Innovation and learning measures.
A. I only
B. II and IV only
C. III and IV only
D. II, III, and IV only
Selected Answer: A
Question #: 39
Topic #: 3
The internal audit activity’s primary responsibility in a review or examination of the organization by an external regulatory body is to:
A. Verify that regulatory reviews occur with adequate frequency.
B. Provide follow-up to determine if the regulator’s findings are appropriately resolved by management.
C. Prepare documentation for the regulator.
D. Document the responses to the regulator’s findings.
Selected Answer: A
Question #: 39
Topic #: 5
Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?
A. To help develop process maps.
B. To determine segregation of duties.
C. To identify residual risks.
D. To test the adequacy of controls.
Selected Answer: B
Question #: 40
Topic #: 4
Management requested the chief audit executive (CAE) to include an audit of the organization’s health and safety program in next year’s annual audit plan.
However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?
A. With management’s agreement, amend the scope of the audit to ensure that areas examined do not require specialized knowledge and expertise.
B. Meet with management to explain that the audit cannot be undertaken and discuss alternative strategies that can be implemented until internal audit can develop its capability in the area.
C. Accept the request provided management has conducted a thorough risk assessment prior to the engagement to help guide the audit.
D. Advise management that compliance audits of this type should only be conducted by the corresponding regulatory agency to ensure independence.
Selected Answer: D
Question #: 40
Topic #: 3
Under what circumstances would internal audit not become involved when intentional misconduct is suspected?
A. Management is involved in wrongdoing.
B. Management is running a parallel investigation.
C. Management does not believe a trusted employee could be guilty.
D. Management does not maintain strong internal controls.
Selected Answer: B
Question #: 40
Topic #: 5
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
A. Cost.
B. Independence.
C. Familiarity.
D. Flexibility.
Selected Answer: D
Question #: 41
Topic #: 1
Which of the following is true of engagement recommendations?
I. Specific suggestions for implementation must be included.
II. The internal auditor’s observations and conclusions may serve as the basis.
III. Actions to correct existing conditions or improve operations may be included.
IV. Approaches to correcting or enhancing performance may be suggested.
A. I only
B. III only
C. I, III, and IV only
D. II, III, and IV only
Selected Answer: B
Question #: 41
Topic #: 4
While developing a risk based audit plan, which of the following sources of information would provide the least value to the chief audit executive?
A. Results from the organization’s business process management program.
B. User acceptance testing of the organization’s enterprise resource planning application.
C. Risk assessments conducted by the board.
D. Key business strategies adopted by the organization in the strategic plan.
Selected Answer: A
Question #: 41
Topic #: 5
Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
A. 1 and 2 only
B. 1 and 4 only
C. 2 and 3 only
D. 3 and 4 only
Selected Answer: B
Question #: 41
Topic #: 2
Which of the following would not be an appropriate step for an internal auditor to perform during an assessment of compliance with an organization’s privacy policy?
A. Determine who can access databases containing confidential information.
B. Evaluate the organization’s privacy policy to determine if appropriate information is covered.
C. Analyze access to permanent files and reports containing confidential information.
D. Evaluate the government’s security measures related to confidential information received from the organization.
Selected Answer: B
Question #: 42
Topic #: 5
According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?
A. A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.
B. Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.
C. The exit conference provides only anticipated results for inclusion in the final audit communication.
D. During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.
Selected Answer: C
Question #: 42
Topic #: 2
An internal auditor for a financial institution has just completed an audit of loan processing. Of the 81 loans approved by the loan committee, the auditor found seven loans which exceeded the approved amount. Which of the following actions would be inappropriate on the part of the auditor?
A. Examine the seven loans to determine if there is a pattern. Summarize amounts and include in the engagement final communication.
B. Report the amounts to the loan committee and leave it up to them to correct. Take no further follow-up action at this time and do not include the items in the engagement final communication.
C. Follow up with the appropriate vice president and include the vice president’s acknowledgment of the situation in the engagement final communication.
D. Determine the amount of the differences and make an assessment as to whether the dollar differences are material. If the amounts are not material, not in
Selected Answer: D
Question #: 42
Topic #: 1
Which of the following performance criteria would be most useful when measuring the performance of a customer service desk?
A. The number of customer inquiries recorded per day.
B. The percentage of customer issues resolved within 24 hours.
C. The number of customer complaints recorded per day.
D. The percentage of total customers served per day.
Selected Answer: A
Question #: 42
Topic #: 4
An organization has a large number of vendors supplying goods to its various branches across the region. The code of conduct statements signed by the employees specify that the employees or their families will not sell goods to the organization. However, during the internal audit of a branch, the internal auditor suspected that some of the employees may be supplying goods to the organization contrary to the code of conduct. The chief audit executive has requested that a thorough review be completed to identify the potential employee vendors. Of the following tests, it would be least useful to compare [List A] with [List B].
[List A]
[List B]
A. Vendor bank account numbers Employee bank account numbers
B. Dates of payments to vendors Dates of salary payments to employees
C. Addresses of vendors from the vendor database Addresses of employees from the employee database
D. Vendor names
Selected Answer: A
Question #: 43
Topic #: 2
During a systems development audit, software developers indicated that all programs were moved from the development environment to the production environment and then tested in the production environment. What should the auditor recommend?
I. Implement a test environment to ensure that testing is not performed in the production environment.
II. Require developers to move modified programs from the development environment to the test environment and from the test environment to the production environment.
III. Eliminate access by developers to the production environment.
A. I only
B. III only
C. I and II only
D. I and III only
Selected Answer: B
Question #: 43
Topic #: 1
The efficiency of internal audit operations is best enhanced if workpaper standards:
A. Permit the extent of documentation to vary according to engagement objectives.
B. Require supervisors to initial and date each workpaper that they review.
C. Allow access to workpapers by external parties if approved by senior management or the audit committee.
D. Mandate the workpaper retention period.
Selected Answer: B
Question #: 43
Topic #: 4
Which of the following is correct with respect to roles within an enterprise-wide risk management process?
1. The board provides oversight to the risk management process.
2. Executive management owns the risk management framework.
3. Senior management is assigned ownership of risks.
4. Internal audit modifies the risk assessment determined by management.
A. 1 and 2 only
B. 3 and 4 only
C. 1, 2, and 3 only
D. 1, 2, 3, and 4
Selected Answer: B
Question #: 43
Topic #: 3
A major insurance company provides a discount on automobile insurance if the vehicle meets certain safety criteria. Which of the following audit tests would provide an internal auditor with the best evidence that all qualifying insured automobiles are receiving the discount?
A. Compare the percentage of automobiles receiving discounts this year to that of last year.
B. Ask managers whether they are aware of the discount criteria and whether they are providing the discount to all qualifying automobiles.
C. Select a sample of automobiles that are not receiving the discount and determine if they have been properly excluded.
D. Select a sample of automobiles receiving the discount and determine that the required discount criteria are being met.
Selected Answer: D
Question #: 44
Topic #: 4
According to the Standards, which of the following is applicable to the internal audit activity’s quality assurance and improvement program?
A. Periodic monitoring of the internal audit activity should be done.
B. All aspects of the internal audit activity should be evaluated.
C. An external assessment should be obtained every three years.
D. The review of assurance services should be the primary focus.
Selected Answer: D
Question #: 44
Topic #: 5
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?
1. Graded positive opinion.
2. Negative assurance opinion.
3. Limited assurance opinion.
4. Third-party opinion.
A. 1 and 3
B. 1 and 4
C. 2 and 3
D. 2 and 4
Selected Answer: C
Question #: 44
Topic #: 1
According to the International Professional Practices Framework, which of the following statements is correct regarding the communication of audit results?
I. Summary reports may be issued separately from or in conjunction with the final report.
II. Interim reports may be written or oral.
III. Detailed reports should always be issued to the audit committee.
IV. Interim reports should be used to communicate information which requires immediate attention.
A. I and III only
B. II and IV only
C. I, II, and IV only
D. I, II, III, and IV.
Selected Answer: B
Question #: 45
Topic #: 1
The chief audit executive (CAE) determined that based on management’s oral response, the action taken regarding an audit observation was sufficient when weighted against the relative importance of the audit recommendation. Which of the following is the most appropriate step for the internal auditor to take next?
A. Initiate a follow-up audit to ensure that action has really been taken.
B. Follow-up with management until a written response is obtained.
C. Escalate the issue to the board and get their position on the issue.
D. Note in the permanent file that follow-up needs to be performed as part of the next engagement.
Selected Answer: C
Question #: 45
Topic #: 4
During the planning phase of an audit of the treasury function, an internal auditor conducted a risk assessment of the function in order to:
A. Report any high-risk exposures of the treasury function to management and the board.
B. Determine whether appropriate resources are present to carry out the treasury function.
C. Comply with the internal audit charter and applicable regulatory requirements.
D. Identify areas of the treasury function that should be considered for potential engagement objectives.
Selected Answer: D
Question #: 45
Topic #: 2
As part of an operational audit, an auditor compared records of current inventory with usage during the prior two-year period and determined that the spare parts inventory was excessive. What step should the auditor perform first?
A. Determine the effects of a stock-out on the organization’s profitability.
B. Determine whether a clear policy exists for setting inventory limits.
C. Determine who approved the purchase orders for the spare parts.
D. Determine whether purchases were properly recorded.
Selected Answer: A
Question #: 46
Topic #: 3
Which of the following would be the least desirable criteria against which to judge current operations of an organization’s treasury function?
A. The operations of the treasury function as documented during the last audit engagement.
B. Company policies and procedures delegating authority and assigning responsibilities.
C. Finance textbook illustrations of generally accepted good treasury function practices.
D. Codification of best practices of the treasury function in relevant industries.
Selected Answer: C
Question #: 46
Topic #: 1
Which of the following will be an appropriate course of action when an auditor disagrees with a client about a well-documented audit finding?
A. Include both the audit finding and the client’s position in the audit report.
B. Defer reporting the item and plan to perform more detailed work during the next audit.
C. Change the finding so that it is acceptable to the client.
D. Address the issue with senior management and the board for resolution prior to issuing the final report.
Selected Answer: A
Question #: 46
Topic #: 4
Ordinarily, which of the following would not be an objective of an internal audit quality assurance review?
A. Ensuring that the internal audit activity meets the external auditor’s expectations.
B. Ensuring that the internal audit activity has an audit charter approved by the board of directors.
C. Complying with specific standards for the professional practice of internal auditing.
D. Ensuring the adequacy of the goals, mission and vision of the internal audit activity.
Selected Answer: C
Question #: 47
Topic #: 3
An internal auditor compared the number of human resources professionals per employee with industry standards. This comparison would assist the auditor in evaluating which of the following areas?
A. Sufficiency of controls over payroll rate increases.
B. Current level of performance of the human resources department.
C. Adequacy of controls over hiring new employees.
D. Degree of compliance with human resources policies.
Selected Answer: B
Question #: 47
Topic #: 2
The scope of a business process review primarily involves:
A. Appraising the environment and comparing against established criteria.
B. Assessing the organization’s system of internal controls.
C. Reviewing routine financial information and assessing the appropriateness of various accounting treatments.
D. Evaluating organizational and departmental structures, including assessments of transaction flows.
Selected Answer: D
Question #: 47
Topic #: 5
An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?
A. Inform the audit supervisor.
B. Investigate the potential conflict of interest.
C. Inform the external auditors of the potential conflict of interest.
D. Disregard the potential conflict, because it is outside the scope of the audit assignment.
Selected Answer: D
Question #: 47
Topic #: 4
An organization has adopted an enterprise-wide risk management process and has appointed a chief risk officer (CRO) to manage the process. The board has requested that the audit committee have oversight over the risk management function. Which of the following statements is not true regarding this situation?
A. The audit committee should get assurance on the adequacy and effectiveness of the risk management process from the CRO.
B. The chief audit executive has the mandate to conduct risk assessments and give assurance to the audit committee.
C. The audit committee, on behalf of the board, has overall responsibility for the risk management process in the organization.
D. Senior management is accountable to the board for monitoring the system of internal controls.
Selected Answer: A
Question #: 48
Topic #: 5
A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization’s Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.
A. 1 and 2
B. 1 and 3
C. 2 and 4
D. 3 and 4
Selected Answer: A
Question #: 48
Topic #: 2
An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between six and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. Which of the following is the most appropriate course of action for the chief audit executive to take?
A. Assess the adequacy of the action plan and monitor key dates and deliverables.
B. Schedule a follow-up audit engagement to assess the status of corrective action.
C. Reassign information systems auditors to assist the information technology department in correcting the weaknesses.
D. Evaluate statistics related to unplanned system outages, unauthorized access attempts, and denials of service to assess the effectiveness of corrections.
Selected Answer: D
Question #: 48
Topic #: 1
Which of the following would constitute a violation of the IIA Code of Ethics?
A. An internal auditor, who has recently joined the organization, has accepted an assignment to audit the electronics manufacturing division. The auditor previously served as senior auditor for the external audit of that division and has audited many electronics companies during the past two years.
B. An internal auditor has accepted an assignment to audit the warehousing function six months from now. The auditor has no expertise in that area but has signed up for courses in warehousing that will be completed before the assignment begins.
C. An internal auditor has no ambitions for promotion and has not engaged in training or other professional development activities during the last three years. The auditor’s performance assessments indicate consistent quality of work.
D. An internal auditor discovered an internal financial fraud during the year, and the financial statements were adjusted to properly reflect the loss associated with
Selected Answer: C
