An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

According to the International Professional Practices Framework, which of the following statements is true regarding a corporate social responsibility (CSR) program?

1. Every employee generally has a responsibility for ensuring the success of CSR objectives.

2. The board has overall responsibility for the effectiveness of internal control processes associated with CSR.

3. Public reporting on the CSR governance process is expected.

4. Organizations generally have flexibility regarding what is included in a CSR program.

Which of the following application-based controls is an example of a programmed edit check?

According to MA guidance on IT. which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?

Which of the following is an example of a nonfinancial internal failure quality cost?

A chief audit executive (CAE) was asked to participate in the selection of an external auditor. Which of the following would not be a typical responsibility for the CAE?

According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization's network and data?

A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:

In the current year, a merchandising organization had an inventory turnover ratio of 3.0, which was less than the industry average of 6.5. Which of the following offers the most likely explanation for this difference?

An internal auditor was asked to review an equal equity partnership In one sampled transaction Partner A transferred equipment into the partnership with a self-declared value of $10,000 and Partner B contributed equipment with a self-declared value of $15 000 The capital accounts of each partner were subsequently credited with S12,500. Which of the following statements is true regarding this transaction?

An internal auditor is investigating a potential fraudulent activity. What is the first test the auditor should perform on the transaction data under scrutiny?

Which of the following must be adjusted to index a progressive tax system to inflation?

Which of the following is a characteristic of just-in-time inventory management systems?

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

Which of the following statements is in accordance with COBIT?

1. Pervasive controls are general while detailed controls are specific.

2. Application controls are a subset of pervasive controls.

3. Implementation of software is a type of pervasive control.

4. Disaster recovery planning is a type of detailed control.

Which of the following statements regarding organizational governance is not correct?

What are the objectives of governance as defined by the Standards?

Which of the following techniques is the most relevant when an internal auditor conducts a valuation of an organization's physical assets?

Which of the following techniques would be least effective in resolving the conflict created by an internal audit client's perception of the audit report as a personal attack on his management performance?

Which of the following is a typical example of structured data?

Which of the following factors is most likely to lead to a lack of cohesiveness in a project team?

For a multinational organization, which of the following is a disadvantage of an ethnocentric staffing policy?

1. It significantly raises compensation and staffing costs.

2. It produces resentment among the organization's employees in host countries.

3. It limits career mobility for parent-country nationals.

4. It can lead to cultural myopia.

The percentage of sales method, rather than the percentage of receivables method, would be used to estimate uncollectible accounts if an organization seeks to:

An internal auditor discovered that several unauthorized modifications were made to the production version of an organization's accounting application. Which of the following best describes this deficiency?

As it relates to the data analytics process, which of the following best describes the purpose of an internal auditor who cleaned and normalized data?

The critical path for any project is the path that exhibits which of the following characteristics?

Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance?

1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.

2. The internal audit activity must assess whether the IT governance of the organization supports the organization's strategies and objectives.

3. The internal audit activity may assess whether the IT governance of the organization supports the organization's strategies and objectives.

4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's strategies and objectives.

Internal auditors must exercise due professional care by considering which of the following?

1. Cost of assurance in relation to potential benefits.

2. Adequacy and effectiveness of governance, risk management, and control processes.

3. Management's competency level in the area being evaluated.

4. Probability of significant errors, fraud, or noncompliance.

According to IIA guidance, which of the following must internal auditors consider to conform with the requirements for due professional care during a consulting engagement?

1. The cost of the engagement, as it pertains to audit time and expenses in relation to the potential benefits.

2. The needs and expectation of clients, including the nature, timing, and communication of engagement results.

3. The application of technology-based audit and other data analysis techniques, where appropriate.

4. The relative complexity and extent of work needed to achieve the engagement's objectives.

According to The MA Code of Ethics, which of the following is one of the rules of conduct for objectivity?

If appropriate safeguards exist, which of the following is considered a legitimate internal audit role within risk management at an organization?

Which segregation of duties would best reduce the risk of payroll fraud?

Which of the following documents is most appropriate in promoting the objectivity of the internal audit activity?

According to IIA guidance, which of the following are macro-level audit activities performed for an assurance engagement of the purchasing department?

1. Obtain and review all purchasing-related audit reports issued within the past year.

2. Meet with the quality assurance group to discuss its previous reports of any purchasing-related findings.

3. Review a memo written by the purchasing manager that outlines ongoing problems with the purchasing software.

4. Request a copy of the report from a purchasing audit conducted last year by an external service provider.

Which of the following is an example of a risk management avoidance response?

Which of the following types of social responsibilities is voluntary and guided purely by the organization's desire to make social contributions?

An internal audit activity is using the auditing-by-element approach to audit the organization's controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?

Which of the following best describes the details that must be included in the quality assurance and improvement program (QAIP) report to senior management and the board?

Which of the following actions would be characterized as a preventive control to safeguard inventory from the risk of theft?

1. Locking doors and physically securing inventory items.

2. Independently observing the receipt of materials.

3. Conducting monthly inventory counts.

4. Requiring the use of employee ID badges at all times.

Which of the following activities should the chief audit executive perform to ensure compliance with an organization's code of conduct?

According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?

According to IIA guidance, which of the following are considerations of due professional care when an internal auditor conducts a formal consulting engagement?

1. The complexity of the work required.

2. The needs and expectations of the client.

3. The potential value of the engagement compared to the effort.

4. Information regarding assumptions and procedures to be employed.

According to IIA guidance, which of the following must the internal auditor consider to meet the requirements for due professional care?

An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use?

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

Management is developing and implementing a risk and control framework for use throughout the organization. Which of the following elements should be included in the organization's control framework?

1. Appropriate levels of authority and responsibility.

2. Supervision of staff and appropriate review of work.

3. The seniority of management in the organization.

4. The ability to trace each transaction to an accountable and responsible individual.

Which of the following is a requirement for an assurance engagement that may not be for a consulting engagement?

According to IIA guidance, which of the following statements describes one of the similarities between assurance and consulting services?

Which of the following types of fraud includes embezzlement?

Which two of the following are preventive controls in a check disbursement process?

1. Daily reconciliation of the bank account used for check disbursements and prompt follow-up of un-reconciled items.

2. Segregation of the following duties: establishing new vendors, approving checks, and reconciling the bank account.

3. An activity report detailing who accesses the check disbursement system and the nature of any action taken in the system.

4. Evidence of strong access controls ensuring that authorized individuals have access only to the functions related to their responsibilities.

Which of the following would be considered a violation of The IIA's mandatory guidance on independence?

The manager for an organization's accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?

Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

Which of the following scenarios best illustrates the principle of due professional care?

The chief audit executive (CAE) is planning to conduct an internal assessment of the internal audit activity (IAA). Part of this assessment will include benchmarking. According to IIA guidance, which of the following qualitative metrics would be appropriate for the CAE to use?

1. Average client customer satisfaction score for a given year.

2. Client survey comments on how to improve the IAA.

3. Auditor interviews once an audit has been completed.

4. Percentage of audits completed within 90 days.

A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization's payroll function, which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?

Which of the following is not a barrier to effective communication?

Providing knowledge, motivating organizational members, controlling and coordinating individual efforts, and expressing feelings and emotions are all functions of:

In an organization where enterprise risk management practices are mature, which of the following is a core internal audit role?

Which of the following describes the most appropriate set of tests for auditing a workstation's logical access controls?

According to the waterfall cycle approach to systems development, which of the following sequence of events is correct?

Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?

1. The hedge documentation designating the hedge.

2. The spot exchange rate on the transaction date.

3. The terms of the forward contract.

4. The amount of fuel purchased.

According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?

Which of the following components should be included in an audit finding?

1. The scope of the audit.

2. The standard(s) used by the auditor to make the evaluation.

3. The engagement's objectives.

4. The factual evidence that the internal auditor found in the course of the examination.

The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?

Which of the following conditions are necessary for successful change management?

1. Decisions and necessary actions are taken promptly.

2. The traditions of the organization are respected.

3. Changes result in improvement or reform.

4. Internal and external communications are controlled.

An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?

Which of the following statements is false regarding audit criteria?

Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

Which of the following statements about internal audit's follow-up process is true?

A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?

An internal control questionnaire would be most appropriate in which of the following situations?

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

Which of the following best describes the four components of a balanced scorecard?

The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?

1. Use an external service provider.

2. Conduct a self-assessment with independent validation.

3. Arrange for a review by qualified employees outside of the IAA.

4. Arrange for reciprocal peer review with another CAE.

According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?

1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.

2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.

3. Provide structured learning opportunities for engagement auditors when possible.

4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.

When forming an opinion on the adequacy of management's systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?

• During an audit of the hiring process in a law firm, it was discovered that potential employees' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.

• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.

• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.

• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.

According to IIA guidance, which of the following statements are true regarding the internal audit plan?

1. The audit plan is based on an assessment of risks to the organization.

2. The audit plan is designed to determine the effectiveness of the organization's risk management process.

3. The audit plan is developed by senior management of the organization.

4. The audit plan is aligned with the organization's goals.

Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?

A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?

Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?

Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?

Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's board?

1. Intervening during an audit involving ethical wrongdoing.

2. Discussing periodic reports of ethical breaches.

3. Authorizing an investigation of an unsafe product.

4. Negotiating a settlement of an employee claim for personal damages.

According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?

Which of the following should be included in a privacy audit engagement?

1. Assess the appropriateness of the information gathered.

2. Review the methods used to collect information.

3. Consider whether the information collected is in compliance with applicable laws.

4. Determine how the information is stored.

Which of the followings statements describes a best practice regarding assurance engagement communication activities?