IIA-CIA-Part2 Topic 3
Question #: 49
Topic #: 5
During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?
A. The auditor must not perform the training, because any task to improve the business process could impact audit independence.
B. The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.
C. The auditor should get permission to extend the current engagement, and with the process owner’s approval, perform the improvement task.
D. The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.
Selected Answer: C
Question #: 49
Topic #: 2
An internal auditor found that the cost of some material installed on capital projects had been transferred to the inventory account because the capital budget had been exceeded. Which of the following would be an appropriate technique for the auditor to use to determine the extent of the problem?
A. Identify variances between amounts capitalized each month and the capital budget.
B. Analyze a sample of capital transactions each quarter to detect instances in which installed material was transferred to inventory.
C. Review all journal entries that transferred costs from capital to inventory accounts.
D. Compare inventory receipts with debits to the inventory account and investigate discrepancies.
Selected Answer: A
Question #: 49
Topic #: 4
Due to the expanded role of internal audit in the organization, the chief audit executive (CAE) of a construction company decides to employ the services of an outsourced audit service provider to augment the internal audit staff. What does the CAE need to consider in determining whether the outsourced audit service provider possesses the necessary knowledge, skills and other competencies to perform an audit engagement?
A. Specific matters expected to be covered in the engagement communications.
B. The financial interest that the external service provider may have in the organization.
C. The extent of other ongoing services the external service provider may be performing for the organization.
D. The reputation of the external service provider.
Selected Answer: A
Question #: 50
Topic #: 5
According to IIA guidance, which of the following strategies would add the least value to the achievement of the internal audit activity’s (IAA’s) objectives?
A. Align organizational activities to internal audit activities and measure according to the approved IAA performance measures.
B. Establish a periodic review of monitoring and reporting processes to help ensure relevant IAA reporting.
C. Use the results of IAA engagement and advisory reporting to guide current and future internal audit activities.
D. Establish a format and frequency for IAA reporting that is appropriate and aligns with the organization’s governance structure.
Selected Answer: C
Question #: 50
Topic #: 1
An internal auditor provided the following statement about division A’s performance during the month: “Because supplies of raw material X were scarce, division
A’s profits declined by 15 percent.”
Which of the following can be validly concluded from the auditor’s statement?
I. Division A’s production level declined by 15 percent.
II. Division A could have sold more products than it produced.
III. Division A usually sells all of the products that it produces.
A. I only
B. II only
C. III only
D. I and II only
Selected Answer: B
Question #: 51
Topic #: 1
As part of an operational audit of the shipping department, an auditor selected a sample of 45 daily shipping logs from the department’s files. On 44 of the days, the log contained a sufficient number of shipments to meet the department’s daily quota. Based on this test, the auditor concluded that the shipping department was effective at meeting its quotas. Which of the following is true about the auditor’s conclusion?
A. The number of items selected for testing is inadequate to justify the conclusion.
B. The shipping department is effective in meeting its responsibilities.
C. This conclusion would negate any need to perform tests of efficiency.
D. None of the above.
Selected Answer: A
Question #: 51
Topic #: 5
According to IIA guidance, which of the following statements best justifies a chief audit executive’s request for external consultants to complement internal audit activity (IAA) resources?
A. The organization’s audit universe is extensive and diverse.
B. There has been an increase in unanticipated requests for advisory work.
C. Previous work provided by the external service provider has been of great quality and value.
D. A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.
Selected Answer: B
Question #: 52
Topic #: 1
An internal audit activity implemented an integrated test facility to test payroll processing. The auditors identified the key controls and processing steps built into the computer program and developed test data to test them. The auditors submitted test transactions throughout the year and did not find any differences in their test results. The auditors can conclude that:
A. The system is properly capturing the hours worked by employees during the year and the hours have been properly submitted to payroll and processed correctly.
B. All employees were correctly paid during the year and their pay was correctly computed.
C. The computer application and its control procedures were processing payroll transactions correctly during the past year.
D. All of the above.
Selected Answer: A
Question #: 52
Topic #: 4
An internal auditor is reviewing purchases made through the organization’s corporate credit card program. Which of the following statements best describes a root cause of a deficiency?
A. A personal computer was purchased from a non-approved vendor.
B. Company policy limits card use to $500 per transaction.
C. A control to detect split purchases has not been activated in the credit card system.
D. Sample testing found 10% non-compliance with the organization’s business travel policy.
Selected Answer: B
Question #: 52
Topic #: 5
The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA.
4. Arrange for reciprocal peer review with another CAE.
A. 1 and 2
B. 2 and 4
C. 1, 2, and 3
D. 2, 3, and 4
Selected Answer: A
Question #: 53
Topic #: 3
Which of the following would most likely contribute to discrepancies between receiving reports and the number of units in a shipment?
A. Failing to compare the quality of goods received with specifications.
B. Using inadequate vendor selection procedures.
C. Accepting improper authorization for purchases.
D. Indicating the quantities ordered on the receiving department’s copy of the purchase order.
Selected Answer: B
Question #: 54
Topic #: 2
As a result of a recent discovery of false information on employment applications, an internal auditor has reviewed hiring procedures. Which of the following represents a weakness in the control system?
I. Applicants are not required to have their signed applications legally authenticated.
II. Applicants’ educational information is not validated with the educational institution before employment is offered.
III. Information related to applicants’ long-term work history is not validated before employment is offered.
A. III only
B. I and II only
C. II and III only
D. I, II, and III
Selected Answer: B
Question #: 54
Topic #: 3
Which of the following would have the least significance in an audit of the efficiency of a driver’s license testing facility?
A. Clerical staff administer written tests to allow examiners more time to supervise driving tests.
B. Staff are cross-trained to provide backup for other areas of the facility as required.
C. A point-of-sale cashiering system reduces the need to reenter payment data.
D. Examiners are required to be recertified on an annual basis.
Selected Answer: C
Question #: 54
Topic #: 5
Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?
1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.
2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.
3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.
4. Communicate to senior management a summary report on the status and adequacy of audit resources.
A. 1 and 3 only
B. 2 and 4 only
C. 1, 2, and 4
D. 2, 3, and 4
Selected Answer: D
Question #: 54
Topic #: 1
An auditor is scheduled to audit payroll controls for a company which has recently outsourced its processing to an information service bureau. What action should the auditor take, considering the outsourcing decision?
A. Review the controls over payroll in both the company and the service bureau.
B. Review only the company’s controls over data sent to and received from the service bureau.
C. Review only the controls over payments to the service bureau based on the contract.
D. Cancel the engagement because the processing is being performed outside of the organization.
Selected Answer: D
Question #: 55
Topic #: 1
An internal auditor is reviewing a new automated human resources system. The system contains a table of pay rates which are matched to the employee job classifications. The best control to ensure that the table is updated correctly for only valid pay changes would be to:
A. Limit access to the data table to management and line supervisors who have the authority to determine pay rates.
B. Require a supervisor in the department, who does not have the ability to change the table, to compare the changes to a signed management authorization.
C. Ensure that adequate edit and reasonableness checks are built into the automated system.
D. Require that all pay changes be signed by the employee to verify that the change goes to a bona fide employee.
Selected Answer: C
Question #: 55
Topic #: 2
Which of the following must an auditor establish in order to demonstrate that fraud has occurred?
A. Monetary damage to the victim.
B. The suspect’s intent.
C. Existence of an internal control deficiency.
D. Evidence of collusion.
Selected Answer: D
Question #: 56
Topic #: 3
An organization’s policies allow buyers to authorize expenditures up to $50,000 without any other approval. Which of the following audit procedures would be most effective in determining if fraud in the form of payments to fictitious companies has occurred?
A. Use generalized audit software to list all purchases over $50,000 to determine whether they were properly approved.
B. Develop a snapshot technique to trace all transactions by suspected buyers.
C. Use generalized audit software to take a random sample of all expenditures under $50,000 to determine whether they were properly approved.
D. Use generalized audit software to select a sample of paid invoices to new vendors and examine evidence that shows that services or goods were received.
Selected Answer: B
Question #: 56
Topic #: 2
Which of the following would be the least important reason for a company to merge with another company?
A. To diversify risk.
B. As a response to new government policy.
C. To reduce labor costs.
D. To increase stock prices.
Selected Answer: B
Question #: 56
Topic #: 1
What is the most important risk in determining the validity of construction delay claims?
A. Contractor claims may be submitted prior to completion of the work.
B. Contractor claims may include costs considered in the fixed-price portion of the work.
C. Contractor claims may include subcontractor estimates of balances due to the subcontractor.
D. Contractor claims may be understated.
Selected Answer: C
Question #: 56
Topic #: 5
Which of the following is the primary purpose of financial statement audit engagements?
A. To assess the efficiency and effectiveness of the accounting department.
B. To evaluate organizational and departmental structures, including assessments of process flows related to financial matters.
C. To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.
D. To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.
Selected Answer: A
Question #: 57
Topic #: 4
Which of the following controls in a computerized consumer loan system of a major bank would be the least effective in detecting a fraudulent loan?
A. All log-in accounts become inaccessible after three incorrect password attempts.
B. Loan approvals over a pre-determined limit must have management approval.
C. Customer information is matched to payment data prior to funds disbursement.
D. System controls prevent supervisors from delegating their approval authority during vacation periods.
Selected Answer: D
Question #: 57
Topic #: 1
During an audit of a branch bank, an internal auditor learned that a series of system failures had resulted in a four-day delay in processing customers’ scheduled payroll direct deposits. The first failure was that of a disk drive, followed by software and other minor failures. Which of the following controls should the auditor recommend to avoid similar delays in processing?
A. Contingency planning.
B. Redundancy checks.
C. Process monitoring.
D. Preventive maintenance.
Selected Answer: B
Question #: 57
Topic #: 5
An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?
A. Recommend additional segregation-of-duty reviews.
B. Recommend appropriate awareness training for all finance department staff.
C. Recommend rotating finance staff in this area.
D. Recommend that management address these concerns immediately.
Selected Answer: A
Question #: 58
Topic #: 5
Which of the following has the greatest effect on the efficiency of an audit?
A. The complexity of deficiency findings.
B. The adequacy of preliminary survey information.
C. The organization and content of workpapers.
D. The method and amount of supporting detail used for the audit report.
Selected Answer: A
Question #: 58
Topic #: 2
Which of the following is the best approach for obtaining feedback from engagement clients regarding the quality of internal audit work?
A. Ask questions during the exit interviews and send copies of the documented responses to the clients.
B. Call engagement clients after the exit interviews and send copies of the documented responses to the clients.
C. Distribute questionnaires to selected engagement clients shortly before preparing the internal audit annual activity report.
D. Provide questionnaires to engagement clients at the beginning of each engagement and request that the clients complete and return them after the
Selected Answer: D
Question #: 59
Topic #: 1
During the development of a purchasing system, an auditor reviewed the payment authorization program. Which of the following actions should the auditor recommend for a situation in which the quantity invoiced is greater than the quantity received?
A. Issue an exception report.
B. Pay the amount billed and adjust the inventory account for the difference.
C. Return the invoice to the vendor for correction.
D. Authorize payment of the full invoice, but maintain an open purchase order record for the missing goods.
Selected Answer: D
Question #: 59
Topic #: 3
Which of the following types of contracts would provide the least incentive for a contractor to achieve economy and efficiency?
A. Lump-sum contract.
B. Cost-plus contract.
C. Unit-price contract.
D. Indefinite delivery contract.
Selected Answer: C
Question #: 59
Topic #: 5
Which of the following is least likely to help ensure that risk is considered in a work program?
A. Risks are discussed with audit client.
B. All available information from the risk-based plan is used.
C. Client efforts to affect risk management are considered.
D. Prior risk assessments are considered.
Selected Answer: A
Question #: 60
Topic #: 4
According to the Standards, which of the following should be the basis for scheduling follow-up of engagement recommendations?
A. The follow-up manual procedures.
B. The internal audit charter.
C. The agreement made between internal auditors and management.
D. The risks and exposures involved.
Selected Answer: D
Question #: 60
Topic #: 1
Which of the following is used to identify and prioritize critical business applications to determine those that must be restored and the order of restoration in the event that a disaster impairs information systems processing?
A. Contingent facility contract analysis.
B. System backup analysis.
C. Vendor supply agreement analysis.
D. Risk analysis.
Selected Answer: C
Question #: 60
Topic #: 3
Which of the following best describes the primary concern of the audit manager upon review of engagement working papers of an auditor?
A. To ensure adequate control over the custody of working papers is exercised by the auditor.
B. To ensure that as part of the documentation the auditor collected original documents that can corroborate the audit findings.
C. To ensure that the work papers create background for subsequent reviews.
D. To ensure that the audit programs are followed by the auditor.
Selected Answer: C
Question #: 61
Topic #: 3
Information gathered in a forensic investigation of business fraud is usually gathered with which of the following standards in mind?
A. Generally Accepted Auditing Standards.
B. Generally Accepted Accounting Principles.
C. The International Professional Practices Framework.
D. Legal evidence.
Selected Answer: A
Question #: 61
Topic #: 4
Which of the following would be a legitimate action for the internal auditor to take when monitoring audit engagement results?
1. Disregard a certain risk because management and the board accepted the risk in the past.
2. Abdicate the responsibility for a particular risk because it is not part of the audit plan.
3. Obtain agreement from senior management that unresolved audit issues will be reported to the board. Request corrective action from management in writing.
A. 1 and 3 only
B. 2 and 3 only
C. 3 and 4 only
D. 1, 2, and 4 only
Selected Answer: A
Question #: 62
Topic #: 5
An organization’s internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?
1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.
2. The AIC should notify HR management before the planning stage begins.
3. The AIC should schedule formal status meetings with HR management at the start of the engagement.
4. The AIC should finalize the scope of the engagement before communicating with HR management.
A. 1 and 3
B. 1 and 4
C. 2 and 3
D. 2 and 4
Selected Answer: D
Question #: 62
Topic #: 2
After issuance of the engagement final communication for an audit of an organization’s accounts payable function, which of the following should be sent satisfaction surveys?
I. Manager of disbursements.
II. Controller.
III. Chief operating officer.
IV. Audit committee members.
A. I only
B. I and II only
C. II and III only
D. II, III, and IV only
Selected Answer: D
Question #: 62
Topic #: 3
The internal auditor’s opinion in terms of due professional care should be:
A. Limited to the effectiveness of internal controls.
B. Expressed only when consensus with top management has been achieved.
C. Based on experience and free of all bias.
D. Based on sufficient factual evidence.
Selected Answer: B
Question #: 63
Topic #: 3
According to the Standards, which of the following describes the condition attribute when applied to the observations and recommendations contained in the audit report?
A. The standards, measures, or expectations used in making an evaluation or verification.
B. The reason for the difference between the expected state and the actual state.
C. The factual evidence that the internal auditor found in the course of the examination.
D. The risk or exposure the organization encounters because the actual state is not consistent with the criteria.
Selected Answer: D
Question #: 64
Topic #: 1
Which of the following procedures would be most helpful in providing additional evidence when an auditor suspects that an unidentified employee is submitting and approving invoices for payment?
A. Use generalized audit software to identify invoices from vendors with post office box numbers or other unusual features. Select a sample of those invoices and trace to supporting documents such as receiving reports.
B. Select a sample of payments made during the year and investigate each one for approval.
C. Select a sample of receiving reports representative of the period under investigation and trace to approved payment. Note any items not properly processed.
D. Select a sample of invoices paid during the past month and trace them to appropriate vendor accounts.
Selected Answer: C
Question #: 64
Topic #: 5
According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization’s cash disbursements process?
A. The accounts payable supervisor, accounts payable manager, and controller.
B. The accounts payable manager, purchasing manager, and receiving manager.
C. The accounts payable supervisor, controller, and treasurer.
D. The accounts payable manager, chief financial officer, and audit committee.
Selected Answer: C
Question #: 64
Topic #: 4
Which of the following is a preventive control for fraud?
A. Determining if the number of manually prepared disbursement checks is high.
B. Reconciling the purchase orders with the requisitions.
C. Verifying that new vendors appear on the vendor pre-approved list.
D. Conducting an inventory count of the warehouse.
Selected Answer: B
Question #: 65
Topic #: 2
Which of the following conclusions would be appropriate for a beginning auditor performing an audit of a payroll department?
A. Employee taxes have been deducted at the correct rates, and the taxes have been forwarded to the appropriate government agency.
B. Although there is insufficient segregation of duties, the impact is mitigated by compensating controls.
C. The payroll computer system should be replaced.
D. The payroll department staff has the appropriate level of skills.
Selected Answer: C
Question #: 65
Topic #: 5
If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?
A. Acts that may endanger the health or safety of individuals.
B. Acts that favor one party to the detriment of another.
C. Acts that damage or have an adverse effect on the environment.
D. Acts that conceal inappropriate activities in the organization.
Selected Answer: C
Question #: 66
Topic #: 4
Which two of the following considerations must an internal auditor take into account while planning an audit of an accounting system/application that has been in use for the last five years?
The level and manner of linkages between the business’ mission, objectives, and structure and the accounting system/application.
Presence or absence of computerized and manual controls that address risks.
Identification of risks at the application level, e.g. availability and security of the system.
Testing of the system/application for bugs and errors.
A. 1 and 3 only
B. 2 and 3 only
C. 2 and 4 only
D. 3 and 4 only
Selected Answer: B
Question #: 66
Topic #: 5
An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?
A. Observe corrective measures.
B. Seek a management assurance declaration.
C. Follow up during the next scheduled audit.
D. Conduct appropriate testing to verify management responses.
Selected Answer: C
Question #: 67
Topic #: 5
Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?
A. Improper segregation of duties.
B. Incentives and bonus programs.
C. An employee’s reported concerns.
D. Lack of an ethics policy.
Selected Answer: C
Question #: 67
Topic #: 4
The following audit observation was included in the final audit report:
“Our review concluded that bank reconciliation statements for March and April did not show evidence of supervisory review. We recommend strict compliance with the controller’s manual, which requires the department head to place their initials on the reconciliation statements to document their review.”
Which of the following attributes are missing from the above audit observation?
1. Criteria.
2. Condition.
3. Cause.
4. Effect.
A. 1 and 4 only
B. 2 and 3 only
C. 1, 3, and 4 only
D. 3 and 4 only
Selected Answer: A
Question #: 67
Topic #: 1
Which of the following, if observed, would not indicate the need to extend the search for other indicators of fraud in a purchasing department?
A. The standard of living of one of the purchasing agents has increased.
B. The internal control structure has significant weaknesses.
C. The purchasing agents have convinced management to adopt a policy of paying vendors on a more timely basis in order to avoid incurring penalty charges.
D. The cost of goods procured seems to be excessive in comparison with previous years.
Selected Answer: D
Question #: 67
Topic #: 3
During an engagement, an internal auditor discovered that an organizations policy on delegation of authority listed six individuals who were no longer employed with the organization. In addition, four individuals acting with disbursement authority were not identified in the policy as having such authority. Which of the following is the most effective course of action to address the control weakness?
A. Immediately initiate a complete audit of the disbursement function to determine if significant frauds have occurred.
B. Recommend that management review the process supporting the policy and make improvements.
C. Advise management to add the four additional names and remove the incorrect names from the policy to make it current.
D. Review further to ensure that the four individuals do not have the appropriate authority through delegation.
Selected Answer: B
Question #: 67
Topic #: 2
During an audit of a major metropolitan museum, an auditor was unable to locate selected items from the museum’s collection. The director of the museum informed the auditor that the upcoming replacement of the museum’s inventory tracking system would address the auditor’s concerns. What follow-up activity should the auditor propose?
A. Receive periodic feedback from museum staff regarding the status of the system implementation.
B. Monitor the system implementation and schedule a follow-up review once the new system is in place.
C. Determine whether the items are indeed missing and assess the ability of the new system to remedy the problem.
D. Schedule an audit of the museum’s security systems to determine if theft is a problem.
Selected Answer: B
Question #: 68
Topic #: 2
An audit of a Web-based third-party payment processor determined that a programming error enabled customers to create multiple accounts for each mailing address. This caused problems during the processing of credit card transactions. Management agreed to correct the program and notify customers with multiple accounts that the accounts would be consolidated. What should the auditor do in response?
I. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
II. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
III. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
IV. Do nothing because management has agreed to address the problem.
A. III only
B. IV only
C. I and II only
D. II and III only
Selected Answer: B
Question #: 68
Topic #: 1
Which of the following does not represent a difficulty in using red flags as fraud indicators?
A. Many common red flags are also associated with situations where no fraud exists.
B. Some red flags are difficult to quantify or to evaluate.
C. Red flag information is only gathered in extraordinary circumstances.
D. The red flags literature is not well enough established to have a positive impact on auditing.
Selected Answer: B
Question #: 68
Topic #: 5
Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?
A. A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.
B. A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.
C. A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.
D. A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.
Selected Answer: A
Question #: 69
Topic #: 5
An organization’s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process.
According to IIA guidance, which of the following roles should the CAE not undertake?
A. Manage and coordinate risk management processes.
B. Audit risk management processes.
C. Become involved in risk oversight committees, monitoring activities, and status reporting.
D. Accept management’s responsibility for risk management without board approval.
Selected Answer: C
Question #: 69
Topic #: 2
A company’s cellular phone costs vary significantly by sales representative and by month. Which of the following would be the most appropriate approach for a consulting project concerning this issue?
A. Control self-assessment involving sales representatives.
B. Benchmarking with other cellular phone users.
C. Business process review of cellular phone needs.
D. Performance measurement and design of the budgeting process.
Selected Answer: C
Question #: 69
Topic #: 1
Which of the following might alert an auditor to the possibility of fraud in a division?
I. The division is not scheduled for an external audit this year.
II. Sales have increased by 10 percent.
III. A significant portion of management’s compensation is directly tied to reported net income of the division.
A. I only
B. III only
C. I and II only
D. I, II, and III
Selected Answer: D
Question #: 70
Topic #: 3
Which of the following actions has the least influence on the chief audit executive’s development of an audit plan?
A. Input from senior management and the board.
B. An evaluation of the complexity of each audit engagement.
C. Changes in the organizations structure or budget.
D. An assessment of risk and exposures affecting the organization.
Selected Answer: C
Question #: 70
Topic #: 2
Which of the following would be the most effective method to prevent installation of new equipment that does not meet environmental permit requirements, or to prevent modification of current processes in such a way that they no longer meet permit requirements?
A. Require that the environmental compliance department perform regular inspections of the manufacturing facility to identify new equipment or process modifications in progress.
B. Rely on annual inspections by various regulatory agencies to identify equipment or processes that require a permit.
C. Require that the staff of the environmental compliance department attend monthly safety meetings in different parts of the facility so that they can hear directly from the workers about any changes.
D. Include the environmental compliance department in the review of proposed process changes and equipment purchases affecting permit requirements.
Selected Answer: B
Question #: 70
Topic #: 4
According to the Standards, which of the following is an attribute when applied to the observations and recommendations contained in the audit report?
A. Client accomplishments.
B. Effect.
C. Supportive information.
D. Scope statements.
Selected Answer: D
Question #: 71
Topic #: 4
An internal auditor was assigned to conduct an inventory control and stock room area engagement. During the audit, the auditor observed that there were some items that have a shelf life expiration date requirement based on a certificate of conformance received with the product. The certificates of conformance are kept on file in the inventory area office and the expiration date is verified at the time the item is taken from stock. The auditor reviewed the items in the stock room and also on the production floor for the expiration dates to see if there was any expired product. All items with a shelf life requirement were found to be within the expiration date requirement. Which of the following recommendations would be appropriate?
A. Take no action, because all the items were within the expiration date requirement, and no corrective action is needed.
B. Permit production staff the access to files where the certificates of conformity are kept, so they can choose the items with the closest expiration date.
C. Determine the cost of inventory for the items that have a shelf life and apply a new policy regarding inventory levels to be maintained (i.e., minimums, maximums, reorder points etc.).
D. Add to the product label a “use by date” line, enter the expiration at the time of receipt, and perform periodic inventory checks.
Selected Answer: D
Question #: 72
Topic #: 3
Because of an abundance of high priority requests from management, an internal audit activity no longer has the resources to meet all of its commitments contained in the annual audit plan. Which of the following would be the best course of action for the chief audit executive to follow?
A. Continue with the plan and seek opportunities to adjust priorities and reallocate resources.
B. Present a reassessment of the plan to the board and senior management for consideration.
C. Reassess the plan and either cancel or divert resources away from the lowest priority activities.
D. Advise the board immediately and seek their support for additional resources to meet the needs of the plan.
Selected Answer: C
Question #: 72
Topic #: 5
A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization’s attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?
A. The corporate risk register.
B. The strategic plan.
C. Internal and external audit reports.
D. The board’s meeting records.
Selected Answer: C
Question #: 72
Topic #: 4
In addition to the internal auditor, which of the following parties should be present at an exit or closing conference?
1. Audit committee members.
2. The external auditor.
3. The management responsible for the areas covered by the engagement.
4. The chief executive officer.
A. 2 only
B. 3 only
C. 3 and 4 only
D. 1, 3, and 4 only
Selected Answer: D
Question #: 73
Topic #: 2
While investigating a compromised Web server, an auditor found that the Web server logs had been deleted. The auditor should recommend that the Web server logs be:
A. Generated and maintained on a separate secure server.
B. Accessible by administrative users only
C. Encrypted to ensure that the logs cannot be deleted.
D. Restored automatically to the Web server from backup files.
Selected Answer: B
Question #: 73
Topic #: 4
Reviewing internal audit report drafts with clients is:
1. Required according to the Standards.
2. A form of courtesy.
3. Ethically mandated.
4. A form of validation.
A. 1 and 2 only
B. 2 and 3 only
C. 2 and 4 only
D. 3 and 4 only
Selected Answer: B
Question #: 74
Topic #: 2
Which of the following actions by management would reduce an employee’s opportunity to commit fraud?
A. Establishing physical controls over company assets.
B. Eliminating bonuses tied to sales or other performance goals.
C. Defining ethical behavior expectations in the company handbook.
D. Identifying consequences, such as termination, for fraudulent activities.
Selected Answer: A
Question #: 75
Topic #: 1
Which of the following would provide the best audit evidence regarding the effectiveness of an applied research department?
A. Develop a cost-per-product analysis for products developed over the past five years.
B. Develop a report on revenue generated by or cost savings directly attributable to newly developed products.
C. Compare research as a percentage of revenue between this company and all major competitors in the same industry.
D. Compare the number of this year’s new product developments to the number of new product developments for the past five years.
Selected Answer: A
Question #: 75
Topic #: 4
Which of the following documents should the chief audit executive review and approve?
1. Workpaper retention policy.
2. Audit committee meeting minutes.
3. Internal audit handbook.
4. Quarterly financial statements.
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 4 only
D. 1, 3, and 4 only
Selected Answer: B
Question #: 75
Topic #: 3
Which characteristic of risk assessment makes it a useful tool for audit planning?
A. It provides a list of auditable activities in the organization.
B. It ranks the severity of potentially adverse effects on the organization.
C. It provides a process for identifying and analyzing potentially adverse effects.
D. It evaluates the probability that an event or action may adversely affect the organization.
Selected Answer: D
Question #: 76
Topic #: 3
An internal audit manager is supervising an engagement. A senior auditor deviates from the approved engagement plan but meets all deadlines in the approved time schedule. Which activity is not required for the audit manager to provide proper engagement supervision?
A. Actively participate in audit procedures.
B. Ensure that all engagement objectives are met.
C. Approve the deviation from the engagement plan.
D. Ensure compliance with the time schedule.
Selected Answer: D
Question #: 77
Topic #: 5
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?
A. Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.
B. Confirm the decision with management and document this decision in the audit file.
C. Document the issue in the audit file and follow up until the issues are resolved.
D. Initiate an assurance engagement on the unresolved issues.
Selected Answer: B
Question #: 77
Topic #: 4
A manufacturing organization is considering a merger with a similar firm, and requests that the chief audit executive (CAE) perform a due diligence audit. During the preliminary survey, the CAE notes that inventory management is a high risk area. In consultation with the external auditors and legal advisors, the CAE learns that they share those concerns. Which of the following is the CAE’s best course of action?
A. Perform an independent audit of the merging firm’s inventory management practices to verify the concerns and to provide relevant and reliable results to management for their consideration and action.
B. Advise management that internal audit, external audit, and legal advisors all have concerns about inventory management and, given the high materiality of inventory, management should not proceed with the merger.
C. Coordinate a review of inventory management with external auditors and legal advisors and ensure each group focuses on their area of expertise to ascertain the extent of the problems, if any.
D. Coordinate with the merging firm’s internal audit department to better understand the inventory management function and whether the concerns are well-
Selected Answer: C
Question #: 78
Topic #: 4
The chief audit executive (CAE) manages a large internal audit activity (IAA) reporting functionally to the audit committee and administratively to the chief risk officer. During the CAE’s recent unplanned medical leave, several internal audit reports were completed and waiting for CAE approval, however, no formal delegation of authority was in place to anticipate this situation. In order to preserve the independence of the IAA, which of the following would be the most appropriate individual to review and approve these reports during the CAE’s absence?
A. External auditor.
B. Chief risk officer.
C. Engagement lead auditor.
D. Audit committee chair.
Selected Answer: B
Question #: 78
Topic #: 2
Which of the following tests must an internal auditor perform in order to ensure that inbound electronic data interchange (EDI) transactions are received and translated accurately?
I. Computerized tests to assess transaction reasonableness and validity.
II. Review of log books to ensure that transactions are logged upon receipt.
III. Edit checks to identify unusual transactions.
IV. Verification of limitations on the authority of users to initiate specific EDI transactions.
A. I and IV only
B. II and III only
C. I, II, and III only
D. I, II, III, and IV.
Selected Answer: D
Question #: 78
Topic #: 1
A company has recently incurred significant cost overruns on one of its construction projects. Management suspects that these overruns were caused by the contractor improperly accounting for costs related to contract change orders. Which of the following procedures would be appropriate for testing this suspicion?
I. Verify that the contractor has not charged change orders with costs that have already been billed to the original contract.
II. Determine if the contractor has billed for original contract work that was canceled as a result of change orders.
III. Verify that the change orders were properly approved by management.
A. I only
B. III only
C. I and II only
D. I and III only
Selected Answer: D
Question #: 78
Topic #: 5
Which of the following is the most important concept to be included in a consulting engagement agreement?
A. Define the duties and responsibilities needed from management to perform the engagement.
B. Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of the review.
C. Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee.
D. Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.
Selected Answer: D
Question #: 79
Topic #: 1
An internal audit activity is participating in the due diligence work for an acquisition that a company is considering. One engagement objective is to determine if the acquisition’s accounts payable contain all outstanding liabilities. Which of the following audit procedures would not be relevant for this objective?
A. Examine supporting documentation of subsequent (after-period) cash disbursements and verify period of liability.
B. Send confirmations, including zero-balance accounts, to vendors with whom the company normally does business.
C. Select a sample of accounts payable from the accounts payable list and verify the supporting receiving reports, purchase orders, and invoices.
D. Trace receiving reports issued before the period end to the related vendor invoices and accounts payable list.
Selected Answer: C
Question #: 79
Topic #: 5
An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?
A. Verify that approvals of purchasing documents comply with the authority matrix.
B. Observe whether the purchase orders are sequentially numbered.
C. Examine whether the sales department supervisor approves invoices for payment.
D. Determine whether the accounts payable department reconciles all purchasing documents prior to payment.
Selected Answer: D
Question #: 80
Topic #: 4
The chief audit executive (CAE) of a new organization is in the process of determining the manner in which audit reports will be distributed and to whom.
According to the Standards, which of the following is the most appropriate course of action for the CAE to take to develop this distribution process?
A. The process should be determined in meetings with the external auditor and senior management to ensure alignment with external reporting.
B. The CAE should meet with senior management for their input, but finalize the distribution of all reports with the board.
C. The CAE should independently implement the report distribution, using best judgment to ensure that all relevant stakeholders are informed.
D. The CAE should request that senior management and the board meet to determine the most appropriate reporting method.
Selected Answer: C
Question #: 80
Topic #: 3
As part of a preliminary survey of the purchasing function, an internal auditor reads the department’s policies and procedures manual and concludes that the manual describes the processing steps clearly and contains an appropriate internal control design. The next engagement objective is to evaluate the operating effectiveness of internal controls. Which procedure would fulfill this objective most effectively?
A. Perform a design test.
B. Perform a compliance test.
C. Perform a systems test.
D. Perform an efficiency test.
Selected Answer: D
Question #: 81
Topic #: 4
An organization has acquired a new line of business. None of the organization’s internal auditors have the required expertise to perform an internal audit of the new business line; therefore, the chief audit executive (CAE) has contracted the services of an external audit firm to perform the engagement. The CAE has assigned a member of the internal audit team to assist the external team with the engagement. According to the Standards, which of the following statements is true regarding supervision of the engagement?
A. The CAE may rely upon the external firm’s auditor in charge to supervise the engagement.
B. The external firm’s auditor in charge must defer to the judgment of the CAE for any disputes.
C. The CAE is not responsible for the quality of an audit performed by an external firm.
D. The CAE should not assign an inexperienced staff member to assist with the engagement.
Selected Answer: A
Question #: 81
Topic #: 5
When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?
1. The competency and qualifications of the audit staff for specific assignments.
2. The effectiveness of IAA staff performance measures.
3. The number of training hours received by staff auditors compared to the budget.
4. The geographical dispersion of audit staff across the organization.
A. 1 and 3
B. 1 and 4
C. 2 and 3
D. 2 and 4
Selected Answer: D
Question #: 82
Topic #: 2
The internal audit activity can be involved with systems development continuously, immediately prior to implementation, after implementation, or not at all. An advantage of continuous internal audit involvement compared to the other types of involvement is that:
A. The cost of audit involvement can be minimized.
B. There are clearly defined points at which to issue audit comments.
C. Redesign costs can be minimized.
D. The threat of lack of audit independence can be minimized.
Selected Answer: B
Question #: 82
Topic #: 3
A consumer electronics company is considering acquiring a small flash memory manufacturer. An internal auditor has been assigned to determine if the manufacturer’s accounts payable contain all outstanding liabilities. Which audit procedure is not relevant for this objective?
A. Verify the period of liability of subsequent cash disbursements using related supporting documentation.
B. Send confirmations, including zero-balance accounts, to vendors with whom the manufacturer normally does business.
C. Trace receiving reports issued before the period end to the accounts payable list and vendor invoices.
D. Verify a sample of accounts payable by using related invoices, receiving reports, and purchase orders.
Selected Answer: C
Question #: 82
Topic #: 5
When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?
A. The need and availability of automated support.
B. The potential impact of key risks.
C. The expected outcomes and deliverables.
D. The operational and geographic boundaries.
Selected Answer: D
Question #: 83
Topic #: 3
An internal auditor notices that a division has recorded uncharacteristically high sales and gross margins for the past three months and now suspects the division is reporting fictitious sales. Which course of action should the auditor follow to determine whether fraud has occurred?
A. Trace a sample of shipping documents to related sales invoices to verify proper billing.
B. Send accounts receivable balance confirmations to customers.
C. Compare the division’s sales and gross margins to those of the prior three-month period.
D. Estimate the sales and cost of goods sold for the three-month period by using regression analysis.
Selected Answer: D
Question #: 83
Topic #: 2
In a review of an electronic data interchange application using a third-party service provider, the auditor should:
I. Ensure encryption keys meet International Organization for Standardization (ISO) standards.
II. Determine whether an independent review of the service provider’s operation has been conducted.
III. Verify that only public-switched data networks are used by the service provider.
IV. Verify that the service provider’s contracts include necessary clauses, such as the right to audit.
A. I and II only
B. I and IV only
C. II and III only
D. II and IV only
Selected Answer: A
Question #: 84
Topic #: 4
The internal auditor is asked to conduct an investigation involving a suspected fraud. According to the Standards, which of the following statements regarding the investigation process is false?
A. The auditor should use anonymous surveys of coworkers to assess the character and behavior of the suspect.
B. The auditor must give consideration to the risk of unidentified co-conspirators whether indications exist or not.
C. The auditor should not limit the collection of information by prejudging its relevance to the investigation.
D. The auditor must consider the risk that audit procedures may inadvertently violate the rights of the suspect.
Selected Answer: A
Question #: 84
Topic #: 2
Once an audit report is drafted, the auditor’s supervisor should review it primarily to ensure that all:
A. Statements are supported and can be authenticated.
B. Recommendations for corrective action are clear.
C. Processes within the audited area were reviewed.
D. Sample sizes appear appropriate for any issues found.
Selected Answer: B
