A.  

Regulators mandate specific audit engagements to be included in the audit plan.

B.  

The internal audit activity reports functionally to the chief financial officer

C.  

The internal audit activity reports administratively to the CEO and functionally to the audit committee.

D.  

The internal audit activity reports administratively to the chief financial officer.

A.  

Risk treatment method based on risk evaluation.

B.  

Organizational culture, objectives, and processes.

C.  

The regulatory and competitive environment

D.  

The method of determining the risk level.

A.  

Email alert sent to management for checks issued over $100,000.

B.  

Installation of a video surveillance system in a warehouse prone to inventory loss.

C.  

New hire training to explain fraud and employee misconduct.

D.  

Daily report that identifies unsuccessful system log-in attempts

A.  

Evaluate how the organization manages fraud risk.

B.  

Establish procedures for improving risk management processes.

C.  

Ensure risk responses are aligned with industry standards.

D.  

Verify that organizational objectives are aligned with each department’s objectives.

A.  

Discussions with the chief audit executive.

B.  

A listing of employee profiles and certifications.

C.  

Inquiry of external auditors.

D.  

Validation by human resources.

A.  

Management’s acceptance of inadequate controls for cybersecurity risk.

B.  

Discussions with senior management relating to a new revenue stream.

C.  

Mitigating controls implemented by the engagement supervisor

D.  

Project manager planned hours versus time spent for all prior year projects

A.  

Evaluate the suspected activities to determine whether a forma! investigation is warranted,

B.  

Immediately inform senior management and the board of the suspected fraud.

C.  

Ascertain the level of resources needed to formally investigate the fraud, and proceed with the investigation if resources permit,

D.  

Include in the engagement documentation all possible effects and the potential impact of the fraud to the organization

A.  

Knowledge/skills gap,

B.  

Monitoring gap.

C.  

Accountability/reward failure,

D.  

Communication failure.

A.  

Internal audit identifies key risk areas during assurance reviews and provides audit findings.

B.  

Internal audit assists with the prioritization of identified risks.

C.  

Internal audit participates in setting the risk appetite.

D.  

Internal audit takes part in the design of risk mitigation measures.

A.  

Residual.

B.  

Net.

C.  

Inherent.

D.  

Accepted.

A.  

Strong board of directors oversight.

B.  

Incentive-based compensation structures.

C.  

Lower than average employee turnover.

D.  

Implementation of a fraud hotline.

A.  

Ensuring the organization's key risks are managed through appropriate controls.

B.  

Assisting the organization in maintaining effective controls.

C.  

implementing new controls to promote continuous improvement

D.  

Validating control assessments performed by the external auditor.

A.  

1 and 4 only.

B.  

1, 2, and 3 only.

C.  

1, 2, and 4 only.

D.  

2, 3. and 4 only

A.  

An internal auditor compared vendor addresses to employee home addresses.

B.  

An internal auditor used analytical software to trace all disbursements processed on weekends.

C.  

An internal auditor tried to circumvent the logical access controls of the purchasing system.

D.  

An internal auditor recovered emails of an employee who was suspected of fraudulent activities

A.  

Rationalization and corruption

B.  

Corruption and opportunity

C.  

Opportunity and perceived need

D.  

Perceived need and weak internal controls

A.  

Assessing the risk of noncompliance with laws and regulations

B.  

Following the policies as prescribed by the internal audit manual.

C.  

Advising management of the area under review on how to mitigate internal control risks.

D.  

Conducting the engagement on the presupposition that fraud exists.

A.  

Ensure all subsequent audit reports include a disclaimer as to the lack of access to the board,

B.  

Focus on operational audit work and disregard lack of direct access to the members of the board.

C.  

Initiate changes to the internal audit charter to report to senior management for the time being,

D.  

Engage in written communications with the board and present relevant issues in writing

A.  

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

B.  

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

C.  

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures.

D.  

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

A.  

An internal audit activity has been in existence at least five years and has not completed an external assessment,

B.  

An internal auditor was assigned to an audit engagement but did not meet individual objectivity requirements.

C.  

The internal audit activity prepared an internal audit plan that was not risk-based.

D.  

The internal audit activity has been in existence fewer than five years, but periodic self-assessments were conducted.

A.  

Involve board members in hiring activities and request advice.

B.  

Require all internal audit staff to complete the same training course on a general audit subject,

C.  

Require senior auditors to obtain a professional certification.

D.  

Provide a competency assessment of the internal audit staff.

A.  

Politely decline the engagement due to a lack of qualified staff available at the time.

B.  

Complete the engagement as requested, with the best of the current staffs abilities.

C.  

Consider using employees from other departments in the organization on the audit team.

D.  

Change the scope of the testing to ensure that only available staff proficiencies are used

A.  

Immediately notify management of the area under review and the other internal auditors involved in the engagement.

B.  

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C.  

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.

D.  

Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.

A.  

The internal auditor began checking purchase requisitions for proper authorizations. He stopped when he discovered an instance of noncompliance. and he concluded the controls were ineffective.

B.  

The internal auditor discovered an instance where management did not follow the standard bidding processes. The auditor assessed the validity of management’sreasons for deviating from standard practice and the supporting documentation, and determined that the deviation was acceptable.

C.  

The internal auditor selected a sample of purchase orders with amounts greater than S5.000, the threshold at which the organization requires a bidding process. The auditor obtained documentation of the bidding process for each purchase order in the sample.

D.  

The internal auditor analyzed bidding documents provided by management. Management indicated that the documents were purchase orders issued to a sole-source vendor Based on the analysis and management's declaration, the internal auditor determined that the procurement process was effective.

A.  

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct

B.  

The audit committee has reviewed the annual self-assessment results and approved the use of the clause

C.  

The self-assessment results were validated by a qualified external review team three years prior

D.  

The internal audit charter, approved by the audit committee requires conformance with the Standards

A.  

The details of assurance services are expected to be included in the risk-based audit plan; this is not the case for consulting services.

B.  

The objectivity of assurance services is impaired when undertaken by internal auditors who have had recent prior responsibility in the area under review; this is not the case for consulting services

C.  

The performance of assurance services may be outsourced for competency gaps: this is not the case for consulting services.

D.  

The results of assurance services are required to be monitored; this is not the case for consulting services

A.  

Asset misappropriation.

B.  

Skimming

C.  

Corruption.

D.  

Lapping.

A.  

Internal assessments rely solely on the review of completed audit engagements for demonstrated performance

B.  

The chief audit executive is responsible for assessing the suitability and competence of an external assessor.

C.  

QAIP results must first be discussed with the board and approval obtained for distribution to senior management

D.  

At the board's discretion, the frequency of external assessments can exceed the five-year guideline

A.  

The chief audit executive is responsible for deciding the priority of consulting services in the internal audit plan

B.  

The scope of consulting services is determined primarily by the internal auditor with input from management of the area under review

C.  

The board defines the internal audit activity’s responsibilities over consulting activities

D.  

Adding value to an organization requires the internal audit activity to initiate a consulting engagement

A.  

The globally accepted Certified Internal Auditor designation is mandatory at chief audit executive levels.

B.  

Internal auditors are encouraged to obtain appropriate professional designations.

C.  

Specialty designations are required for those who perform specialized audit and consulting work.

D.  

Studies for professional designations are the preferred source of continuing professional education

A.  

The ability to assess IT governance.

B.  

The ability to provide an explanation on the risk profile of the organization to the board and senior management.

C.  

The ability to ensure that proposals for improvements to internal controls are balanced with organizational objectives and capabilities.

D.  

The ability to assess the potential for fraud risk and identifying common types of fraud associated with the engagement.

A.  

Mitigation.

B.  

Acceptance

C.  

Transfer.

D.  

Avoidance

A.  

Checking for invoice amounts that do not match that of the purchase order.

B.  

Searching for identical invoice numbers and payment amounts.

C.  

Running checks to uncover post office box addresses matching employee addresses.

D.  

Comparing prices across vendors to see whether one vendor is unreasonably high.

A.  

Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).

B.  

Approve the annual budget and resource plan for the internal audit activity.

C.  

Assist the CAE with hiring objective and competent internal audit staff.

D.  

Encourage the CAE to communicate and coordinate with the external auditor.

A.  

The nature of consulting services typically is not included in the charter.

B.  

The chief audit executive must formally review the charter at least once a year

C.  

The nature of assurances provided to parties outside of the organization typically is not included in the charter.

D.  

The charter typically defines the internal audit activity's position within the organization.

A.  

ISO 26000.

B.  

Global Reporting Initiative.

C.  

Open Compliance and Ethics Group.

D.  

COSO’s enterprise risk management framework

A.  

Internal auditors1performance evaluation is primarily based on both client satisfaction surveys and cost savings identified from the audits.

B.  

Standard training for each employee, including internal auditors, is 10 hours per year.

C.  

To enhance efficiency, internal auditors should not be rotated regularly among engagements.

D.  

Hiring practices include requiring potential auditors to disclose any significant stock ownership in the organization.

A.  

1,2, and 3,

B.  

1 2, and 4.

C.  

1, 3, and 4.

D.  

2, 3, and 4.

A.  

Individual internal auditors.

B.  

Chief audit executive.

C.  

The board.

D.  

Engagement supervisors.

A.  

Due professional care.

B.  

Internal audit objectivity.

C.  

Risk management assurance.

D.  

Professional development.

A.  

The policies and procedures of the internal audit activity.

B.  

The provisions of the internal audit charter.

C.  

The authority of the CEO.

D.  

The IIA's Code of Ethics.

A.  

Posting cash receipts and cash payments to the general ledger.

B.  

Posting bad debt write-offs and reconciling the accounts payable subsidiary ledger.

C.  

Distributing payroll checks and approving sales returns for credit.

D.  

Recording cash receipts and preparing bank reconciliations.

A.  

Leadership

B.  

Conflict management

C.  

Communication

D.  

Influence

A.  

incorrect rejection risk

B.  

Incorrect acceptance risk.

C.  

Tolerable misstatement risk.

D.  

Anticipated misstatement risk

A.  

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.  

Purchase orders are typed by the purchasing department using prenumbered forms.

C.  

Buyers promptly update the official vendor listing as new supplier sources become known.

D.  

Department managers initiate purchase requests that must be approved by the plant superintendent.

A.  

Leadership.

B.  

Documentation.

C.  

Analysis.

D.  

Reporting.

A.  

The internal audit charter does not identify which audit services are outsourced.

B.  

The internal audit charter has not been reviewed by the legal department.

C.  

The internal audit charter has not been approved by the board within the past year.

D.  

The internal audit charter does not describe the authority of the internal audit activity.

A.  

Setting unrealistic targets for staff to achieve

B.  

Granting external audit firms access to staff and records.

C.  

Automating some processes and allowing others to be performed manually

D.  

Enforcing a zero-tolerance policy for misconduct

A.  

Fraud specialists are better at using computer-assisted audit techniques.

B.  

Fraud specialists are better equipped to act as an expert witness in court.

C.  

Fraud specialists are better able to properly apply due professional care.

D.  

Fraud specialists are better at using crime scene investigation techniques.

A.  

Recognizing revenue up front rather than over a contract’s life to inflate revenue for the current period

B.  

Requesting reimbursement for overstated travel and entertainment expense amount

C.  

Misstating realized foreign currency transaction gains or losses

D.  

Demanding payment from a vendor for decisions made in the vendor’s favor

A.  

An internal auditor who previously worked in the payroll department within the last year was intentionally excluded by the chief audit executive from the audit team assigned to a payroll audit

B.  

While performing a payroll audit an auditor became skeptical about significant payments made to a manager. The auditor sought to determine whether these payments were reasonable through discussion with a manager in a different department in the organization

C.  

The head of the payroll department being audited is a business partner of the engagement supervisor During the audit the engagement supervisor sought to maintain his objectivity by not participating in fieldwork

D.  

An auditor assigned to a payroll audit was unable to reperform some complex payroll computations for a small number of employees The sum of these payments was below the materiality thresholds provided so the auditor did not perform further tests

A.  

Assign competent staff to the area under audit to remediate the nonconformance.

B.  

Determine how the deviation impacted the overall scope of the internal audit activity.

C.  

Meet with the board to gam an understanding of the board's expectations.

D.  

Communicate the matter to the board at the time of the next external assessment.

A.  

Suggesting alternatives to decision makers.

B.  

Improving the integrity of information.

C.  

Determining the scope of internal audit services

D.  

Achieving engagement objectives.

A.  

The risk management function has the sole responsibility for identifying and managing risks in all departments

B.  

Risk management is a core responsibility of the internal audit activity

C.  

The internal audit activity should consider the organization’s maturity, structure, and the competitive environment to establish the organization’s risk appetite

D.  

The internal audit activity may use a risk management or control framework to assist in risk identification

A.  

The internal auditor assigned to the engagement previously worked in the area under review and lacks objectivity.

B.  

The internal audit engagement will involve providing an opinion on the effectiveness of controls.

C.  

The internal auditor assigned to the engagement was specifically requested by management of the area under review.

D.  

he internal audit engagement involves only two parties: the internal auditor and the engagement client.

A.  

The internal auditor carefully scrutinized the data by manually reviewing each transaction to ensure that all irregularities were identified.

B.  

The internal auditor employed the use of data analytics tools to sort, analyze, and detect anomalies in the data

C.  

The internal auditor started the data analysis process by selecting a random sample of transactions on which to perform further tests.

D.  

The internal auditor requested that the branch supervisor assist in identifying fraudulent transactions, as he was most familiar with the accounts being audited.

A.  

Directive

B.  

Preventive

C.  

Detective

D.  

Automatic

A.  

The CAE must do this at least annually

B.  

The CAE must do this at least once every five years

C.  

The CAE must do this upon completion of each external quality assessment

D.  

The CAE should do this periodically in conjunction with a review of the internal audit charter

A.  

The relative complexity of the engagement

B.  

The cost of the engagement relative to its benefits

C.  

The extent of work needed to achieve the engagement's objective

D.  

The needs and expectations of the engagement client

A.  

Delivering assurance on the risk management system

B.  

Facilitating risk assessment workshops

C.  

Evaluating principal risk reporting

D.  

Deciding on the appropriate risk response

A.  

The internal audit activity should add value by implementing the recommendations on management's behalf.

B.  

The chief audit executive (CAE) must discuss this matter with senior management and the board

C.  

The CAE should determine which recommendations to implement based on the severity of the associated risks.

D.  

The internal audit activity, led by the CAE. should assume responsibility for risk management function.

A.  

Detective controls.

B.  

Key controls.

C.  

Primary controls.

D.  

Preventive controls

A.  

Use technical language to establish credibility with the employee being interviewed

B.  

Avoid straightforward questions to make the person being interviewed think before answering

C.  

Prepare the next question while the interviewee is responding to demonstrate preparedness

D.  

Appear confident but not arrogant during the interview to show professionalism

A.  

There may be limitation in the scope of engagements that can be undertaken

B.  

The CFO could provide expert advice when auditing areas under his purview

C.  

The internal audit activity is adequately positioned when the CAE reports to a member of executive management

D.  

The expertise of finance staff can be called upon during an audit of finance-related areas

A.  

Management approval

B.  

Independent review

C.  

Reporting relationships

D.  

Quarterly assessment

A.  

An evaluation of the current performance and compensation program.

B.  

The performance of background investigations on all existing employees.

C.  

The availability of fraud training to all employees.

D.  

The availability of an employee whistleblower hotline

A.  

The CAE seeks senior management approval of the internal audit charter

B.  

The CAE obtains senior management's approval to hire staff

C.  

The CAE reports significant issues to the organization's CEO

D.  

The CAE provides the board with an annual budget for approval

A.  

Request the internal audit activity to perform an ethics-related assurance engagement.

B.  

Offer in-house ethics-related training seminars for employees to attend.

C.  

Reaffirm the importance of the organization's code of ethics to all employees.

D.  

Conduct an organizationwide employee survey on ethical practices

A.  

Internal auditors do not review an area where they previously worked

B.  

The internal audit charter is reviewed and updated annually

C.  

The chief audit executive reports functionally to the board

D.  

Management does not influence the consulting services provided by the internal audit activity

A.  

A moral agent in an organization makes decisions that are based on the rules and regulations of the organization as they apply to human resources decisions

B.  

The utilitarian approaching deciding on ethical dilemmas is concerned with choosing the simplest solution that will apply to the most people

C.  

Ethics are not defined by laws but they are not a matter of free choice ethics are based on standards of conduct derived from shared principles and values

D.  

The individualism approach to ethical decision making is focused on implementing a customized long-term outcome that is most beneficial for the entire organization

A.  

The internal audit charter does not identify which audit services are outsourced

B.  

The internal audit charter has not been reviewed by the legal department

C.  

The internal audit charter has not been approved by the board within the past year

D.  

The internal audit charter does not describe the authority of the internal audit activity

A.  

Descriptions of standardized work practices.

B.  

Outcomes of internal audit key performance indicators.

C.  

Conformance of individual engagements with the Standards,

D.  

Annual summaries of consulting and audit engagements.

A.  

Accept the consulting services only after receiving approval to do so from the board.

B.  

Accept the consulting services. The objectivity won't be impaired if it has been more than a year since he last worked in the area under review.

C.  

Refrain from providing the consulting service because he was responsible for that area and his objectivity will be impaired,

D.  

Disclose the potential impairment to the customer before accepting the consulting engagement

A.  

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan,

B.  

Despite significant corporate resources spent on CSR reporting, investors generally do not rely on CSR information.

C.  

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary.

D.  

Typically, operating management does not have a major role to play based on the public nature of reporting

A.  

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan

B.  

Despite significant corporate resources spent on CSR reporting investors generally do not rely on CSR information

C.  

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary

D.  

Typically operating management does not have a major role to play based on the public nature of reporting

A.  

Low-level audit expertise

B.  

Narrow industry experience

C.  

MPotential conflict of interest

D.  

Weak interpersonal skills

A.  

The engagement supervisor violated The IIA's Code of Ethics principle of integrity.

B.  

The engagement supervisor violated The IIA's Code of Ethics principle of objectivity.

C.  

The engagement supervisor violated The IIA’s Code of Ethics principle of confidentiality.

D.  

The engagement supervisor did not violate any principles of The IIA’s Code of Ethics.

A.  

Reporting on the QAIP to the board should occur at least once every five years

B.  

The responsibility for the selection of an external assessor rests with the board

C.  

The qualifications of the assessors must be communicated to the board

D.  

The reporting of outcomes of the QAIP can be delegated to senior audit staff

A.  

An independent third party has assessed the organization's system of internal controls to be adequate and effective,

B.  

The chief audit executive reports both functionally and administratively to the CEO.

C.  

The internal audit charter is drafted properly and approved by the appropriate parties.

D.  

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

A.  

Quality assessments should be performed by individuals with sufficient knowledge of the internal audit practices

B.  

External quality assessments should be conducted every seven years

C.  

All quality assessments should be either conducted or validated by an independent assessment team

D.  

The results of the QAIP should be communicated to shareholders annually

A.  

An employee who diverts the organization's purchases for personal use is demonstrating asset misappropriation

B.  

An employee who intentionally omits negative information in the financial statement disclosures is demonstrating an example of corruption

C.  

An employee who made an error in estimating losses may have committed fraud even if the error was not intentional

D.  

An employee who creates a denial of service in the organization’s computer systems is committing asset misappropriation

A.  

Offering a one-off donation to an environmental charity for its expansion efforts

B.  

Organizing organization volunteers to provide periodic plantation skill sharing to farmers

C.  

Providing special year-end monetary bonuses to the organization's employees at all levels

D.  

Arranging a free-of-charge picnic for all of the organization's employees and their family members

A.  

Key account reconciliation such as bank reconciliation

B.  

Segregation of duties between posting and reviewing journal entnes

C.  

A signing authority matrix for spending approvals

D.  

The establishment of a finance and audit committee

A.  

The internal auditor worked on the implementation of the accounting system within the organization before joining the internal audit activity last year

B.  

The internal auditor is part of a multidisciplinary team tasked to assist with a new project implementation checklist within the organization

C.  

The internal auditor worked as a sourcing specialist before joining the internal audit activity last year

D.  

The internal auditor participates in a cross-departmental team for information and data security within the organization

A.  

Conduct an audit to the same extent that another prudent auditor would under similar circumstances

B.  

Seek feedback from the engagement supervisor during the engagement

C.  

Execute internal audit work in such a manner as to provide absolute assurance of compliance

D.  

Request and receive client feedback surveys during the engagement

A.  

Integrity

B.  

Confidentiality

C.  

Objectivity

D.  

No violation was committed

A.  

Championing the establishment of a risk management framework

B.  

Creating and implementing new risk management processes

C.  

Maintaining sole responsibility for risk management within the organization

D.  

Setting the risk appetite of the organization

A.  

Serves third parties that need reliable financial information from audit engagements

B.  

Responds to the needs and desires of senior management and the board, but remains independent of areas under review

C.  

Ensures the organization complies with laws and regulations in the area under review

D.  

Is completely independent of senior management, the board and the area under review

A.  

An employee discovered that there is no personal protective equipment at a temporary construction site

B.  

An employee saw that a group of other employees were smoking in close proximity to petrol distribution tanks

C.  

A supervisor insists that an employee complete time sheets regularly

D.  

An employee received concert tickets from a vendor and asked whether she could keep them

A.  

The high-level risk assessment performed during engagement planning is a detailed step-by-step analytical process

B.  

External auditors must be engaged to evaluate the potential for fraud and how the organization manages fraud risk

C.  

A lack of controls is acceptable if the risk is reduced to an acceptable level in some other way

D.  

Internal auditors are responsible for managing the risks of the organization

A.  

Management quality assurance activities

B.  

Internal audit fraud prevention and detection activities

C.  

Management and supervisory activities

D.  

External audit quality assurance activities

A.  

The internal audit activity conducts a self-assessment that is validated by a qualified and experienced internal auditor and then schedules a qualified, independent external assessor

B.  

The board nominates an independent individual from senior management in the organization to conduct an assessment of the internal audit activity

C.  

An external auditor conducts an audit of the organization which includes information about the internal audit activity

D.  

The chief audit executive schedules a self-assessment and the board approves the results

A.  

When an organization has a high level of risk maturity the internal audit activity is less likely to provide consulting services related to risk management

B.  

When an organization has a low level of risk maturity, the internal audit activity is less likely to provide consulting services related to risk management

C.  

When an organization has a high level of risk maturity the internal audit activity is more likely to provide consulting services related to risk management

D.  

There is typically no correlation between an organization’s risk maturity and the extent to which the internal audit activity’s consulting role in risk management processes

A.  

A corrective control

B.  

A detective control

C.  

A preventive control

D.  

A directive control

A.  

Payroll fraud

B.  

Disbursement fraud

C.  

Corruption

D.  

Information misrepresentation

A.  

The recommendation of the parent office external auditors.

B.  

The provisions of the internal audit charter

C.  

The authority of the CEO.

D.  

The level of proficiency of the chief audit executive

A.  

Senior management has the authority to terminate the chief audit executive

B.  

Senior management has control over the internal audit activity's budget

C.  

Senior management provides feedback on the scope of the internal audit plan.

D.  

Senior management limits the internal audit activity's access to the board

A.  

An internal audit charter.

B.  

An employee disciplinary policy.

C.  

A functional audit committee.

D.  

A functional reporting placement.

A.  

The credit department is responsible for approving shipments to all customers

B.  

The finance committee of the board of directors periodically reviews credit standards

C.  

Customers who fail to meet credit requirements must pay cash for shipments upon delivery

D.  

The sales department is responsible for determining the credit ratings of customers

A.  

The chief audit executive (CAE) reports administratively to the chief financial officer.

B.  

The CAE oversees the effectiveness of the organization’s risk management function.

C.  

The CAE reports functionally to the CEO.

D.  

The CAE managed the finance department for the past five years.

A.  

Pressure

B.  

Rationalization

C.  

Opportunity

D.  

Incentive

A.  

Whistleblower hotline.

B.  

Authority limits.

C.  

Background investigations

D.  

Evaluation of compensation programs.

A.  

The chief audit executive (CAE) must obtain competent advice and assistance if the internal audit activity lacks the knowledge, skills, or other competencies needed to complete the audit engagement

B.  

Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization and should have the expertise of a fraud investigator

C.  

Internal auditors need to have basic knowledge of key IT risks and controls and available technology-based audit techniques in order to perform their assigned work

D.  

The CAE must refuse a consulting engagement if the internal audit activity lacks the knowledge, skills, or other competencies needed to perform all or part of the engagement

A.  

Entity-level

B.  

Activity-level

C.  

Transaction-level

D.  

Process-level

A.  

Use an average cost for power to smooth the bottom line.

B.  

Analyze the amount of power used to produce each power tool.

C.  

Review the current process to identify opportunities to reduce power usage.

D.  

Use a forward contract for bulk power purchases

A.  

To accurately conduct performance appraisals

B.  

To ensure that staff complete required continuing professional education credits annually.

C.  

To ensure that the resources needed to complete the audit plan are available.

D.  

To satisfy the audit committee requirements.

A.  

Evaluating and suggesting improvements to the risk management process.

B.  

Establishing the organization's risk appetite.

C.  

Determining whether the risk attitude is aligned with shareholder interests.

D.  

Ensuring an adequate risk management system is in place.

A.  

A budget.

B.  

A risk assessment.

C.  

The board of directors.

D.  

The control environment

A.  

Working conditions.

B.  

Employees' families.

C.  

Marketplace competition.

D.  

Shareholders and investors

A.  

After establishing engagement objectives and reviewing a process, the internal auditor assured process owners that all significant risk events were identified and tested using a systematic, disciplined approach.

B.  

After conducting an audit based upon a predefined scope and objective, the internal auditor guaranteed management that the system of internal controls in an audited area operates effectively.

C.  

As head of the internal audit activity, the chief audit executive reported functionally to the organization's board and administratively to senior management.

D.  

As head of the internal audit activity, the chief audit executive ensures that engagement supervisors conduct post-engagement staff meetings.

A.  

Disciplinary actions for ethics compliance violations are reviewed by the internal audit activity for consistency.

B.  

Communication of ethics compliance expectations is the responsibility of employees' direct managers.

C.  

The organization's code of ethics and related compliance policy are reviewed annually for potential updates.

D.  

The board of directors reviews ethics oversight metrics for violations and compliance.

A.  

Describe data analytics and the application of data analytics methods in internal auditing.

B.  

Apply data analytics methods in internal auditing.

C.  

Evaluate the use of data analytics in an internal audit.

D.  

Understand the definition of data analytics only.

A.  

An organization that takes no action in managing the possible exposure to an earthquake.

B.  

An organization that opts out of investing in a new region due to volatility in foreign exchange rates.

C.  

An organization that takes out insurance policies to protect its property and equipment.

D.  

An organization that deploys policies and procedures to guide business activities and practices

A.  

Asset misappropriation.

B.  

Bribery.

C.  

Falsifying records.

D.  

Skimming

A.  

We will request CEO approval for investments greater than S20 million and board approval for investments greater than $50 million.

B.  

We will hedge 95 percent of our U S. currency exposure and 100 percent of our European currency exposure.

C.  

We have a moderate tolerance for investment earnings volatility with a target value at risk of S50 million.

D.  

We will report to the risk committee all credit losses greater than S10 million and all market value losses greater than S20 million.

A.  

Ask the inventory manager to determine whether the work planned would be sufficient to meet the consulting engagement objectives.

B.  

Ensure that the method used to communicate the results of the consulting engagement is consistent with the board's preferred method.

C.  

Determine whether the benefits to be derived from the requested assessment would exceed the cost of providing the consulting service.

D.  

Use email and telephone conversations to convey the results of the engagement, as these may prove to be the most efficient methods for communicating.

A.  

Auditor competency.

B.  

Internal audit independence.

C.  

Auditor objectivity.

D.  

Engagement scope.

A.  

Auditors must consider using technology if it advances the engagement, even when implementation costs exceed the benefits.

B.  

Auditors must considering using technology to reduce the organization's risk by detecting all instances of fraud.

C.  

Auditors must consider using technology only when the Implementation cost does not exceed benefits.

D.  

Auditors must consider using technology in a variety of engagements to ensure that their work is substantiated and infallible.

A.  

Integrity

B.  

Negotiation skills.

C.  

Business acumen

D.  

Flexibility

A.  

A performance audit.

B.  

A sensitive fraud investigation.

C.  

A compliance audit

D.  

A consulting service.

A.  

Document in the workpapers and expand testing.

B.  

Continue with the engagement as planned, per the more senior auditor.

C.  

Report the suspected fraud to law enforcement officials and seek financial restitution.

D.  

Escalate the concern to the chief audit executive.

A.  

Create different training budgets for each of the internal auditors

B.  

Define average training hours per auditor as a team performance measure

C.  

Analyze internal audit client survey feedback following audits

D.  

Review training records for all internal auditors

A.  

Internal control should be updated at least annually.

B.  

Technology does not change the internal control landscape.

C.  

Strategy should fit the system of internal control.

D.  

Articulating measurable objectives is part of internal control.

A.  

Due professional care.

B.  

Competency.

C.  

Effective communication

D.  

Professionalism

A.  

The auditor maintains his convictions and continues to proceed with the review process despite management's concerns related to the results.

B.  

The auditor bypasses management, discusses the results with the board, and seeks the board's input on how best to address the recommendations.

C.  

The auditor consults with other members of the audit team, and together they develop alternative recommendations that management may be more likely to accept.

D.  

The auditor meets with management to discuss the results and obtain a better understanding of the specific concerns.

A.  

Business acumen.

B.  

Critical thinking.

C.  

Communication.

D.  

Audit report writing.

A.  

Key risk disclosures in the annual report.

B.  

Existing risk assessment and identification processes.

C.  

Organizational strategy and business plans.

D.  

Risk mitigation plans and risk responses.

A.  

Implementation costs tend to be higher than the expected benefits.

B.  

They tend to be easy for fraudsters to circumvent.

C.  

They are not designed to improve efficiency of operations.

D.  

They are not effective in preventing fraud.

A.  

Monitor the organization's overall risk activities in relation to its risk appetite and other risk criteria.

B.  

Guide the integration of risk management with other business planning and management activities.

C.  

Review the portfolio of risk of the organization in relation to its risk appetite.

D.  

Assume responsibility for the effectiveness and success of the risk management framework

A.  

A former human resources manager conducts an effectiveness review of the appointment and termination process six months after transferring to the internal audit activity.

B.  

An accounts payable clerk assists the internal auditors during an effectiveness review of the physical access controls to the server room.

C.  

An internal auditor writes the system manual for a newly acquired payroll software application prior to conducting an effectiveness review of the system.

D.  

An internal auditor conducts an effectiveness review of an organization's business continuity plan in which his son is a minority stockholder.

A.  

The chief audit executive (CAE) reports on the internal audit activity's day-to-day tasks and responsibilities to the CEO.

B.  

An assessment of the risk management function is reviewed by an outside consulting firm because the CAE is temporarily fulfilling the role of risk manager.

C.  

The CAE regularly meets with the organization's chief risk officer, who validates all reported audit findings and dictates which will be Included In the package to the audit committee.

D.  

The internal audit activity will experience staffing shortages for the next six months due to planned and unplanned leaves of absence; therefore the CAE proposed including fewer audits in the annual audit plan compared to the previous financial year.

A.  

The board bears direct responsibility for developing and implementing the internal control system.

B.  

The majority of board members are experienced and qualified members of the organization's executive management team.

C.  

The board may be assisted by an audit committee, chaired by the chief audit executive.

D.  

The board is responsible for succession planning for the CEO and other key members of the executive management team.

A.  

Assign the engagement to another internal auditor on staff

B.  

Outsource the engagement to ensure independence

C.  

Harness the auditor's knowledge of the procurement function by assigning the engagement to the same internal auditor

D.  

Postpone the engagement to the following year to ensure enough time has passed since the controls were designed

A.  

An employee confided in an internal auditor and told him about fradulent activities. Although the employee asked for confidentially, the auditor disclosed her identity later during police questioning.

B.  

While auditing payroll controls, an auditor was granted temporary access to salary data. The auditor referred to the acquired information while negotiating her work conditions three months later.

C.  

Management considers an auditor to be highly competent and asked the audit to participate in an upcoming acquisition project. The auditor declined the request, calming a lack of knowledge.

D.  

An internal auditor failed to acquire the continuing education credits needed for the year and requested that. The IIA change his certification status to inactive until the completed the required education activities.

A.  

Identify gaps in the activity’s proficiency, based on criteria defined by a widely accepted competency framework.

B.  

Have a quality assessment review performed by an expert external entity.

C.  

Identify a mature internal audit activity to serve as a benchmark for measuring the internal audit activity’s competence.

D.  

Assess whether members of the internal audit activity understand and apply the 11As mandatory guidance.

A.  

Foster the importance of the control environment

B.  

Provide training on controls and on self-monitoring processes

C.  

Recommend installing an enterprisewide risk management system.

D.  

Conduct more assurance assignments on high risk areas

A.  

Determining whether management measures and monitors the costs and benefits of controls.

B.  

Providing training on controls and ongoing self-monitoring processes.

C.  

Developing flowcharts to obtain information about control design adequacy.

D.  

Identifying objectives and the risks involved in achieving them.

A.  

Take no action, as there is no impairment to independence.

B.  

Remove the new internal auditor from the engagement team.

C.  

Discuss the matter with the appropriate personnel to alleviate concerns.

D.  

Closely supervise the new auditor and carefully review his work.

A.  

Support of good governance and controls.

B.  

Enhancement of organizational value.

C.  

Protection of tangible and intangible assets.

D.  

Provision of professional advisory and assurance services.

A.  

The auditors' independence.

B.  

The auditors' objectivity.

C.  

The auditors' integrity.

D.  

The auditors' confidentiality.

A.  

The risk assessment process applied by the internal audit activity

B.  

The organization's internal control framework used by the internal audit activity

C.  

The nature of consulting services provided by the internal audit activity

D.  

The performance evaluation process used by the internal audit activity

A.  

An organization that is able to provide goods and services society needs and thus maximizes profit to its owners.

B.  

An organization that ensures compliance to legal frameworks of the countries in which it operates and sells its products.

C.  

An organization that is willing to make contributions not mandated by law or economics and expects no payback.

D.  

An organization that requires its decision makers to act with equity, fairness, and respect for the rights of individuals.

A.  

Operational management.

B.  

Board of directors.

C.  

Internal auditors.

D.  

Head of risk management.

A.  

Flowchart of the vendor addition process.

B.  

Independent confirmations sent to vendors.

C.  

Analysis of the control's costs and benefits.

D.  

Interview with management of the procurement function.

A.  

Participate in a fraud risk-assessment session as an in-house facilitator.

B.  

Send regular written updates to senior management on new control-related regulations.

C.  

Lead a seminar on internal controls and provide numerous examples to the audience.

D.  

Conduct a surprise inventory count at the raw materials warehouse.

A.  

The internal audit activity of a commercial bank routinely performs branch audits for compliance with regulations.

B.  

The internal audit activity participates in a cosourcing arrangement with an IT audit firm to test information systems security.

C.  

The internal audit activity facilitates biannual training of the risk management team in risk identification methodologies.

D.  

The internal audit activity partners with external auditors annually to complete fieldwork required as a part of the external audit exercise.

A.  

Delivering fraud awareness training to employees in the department.

B.  

Segregating duties between employees in the department.

C.  

Requesting the internal audit activity perform an independent evaluation of fraud risk in the department.

D.  

Requiring accounts payable employees to sign a code of conduct awareness confirmation.

A.  

Fewer internal audits

B.  

More effective interviews

C.  

Automated risk management strategy tools

D.  

Reduced assurance costs

A.  

Coaching management in responding to risks.

B.  

Implementing risk responses on management's behalf.

C.  

Imposing risk management processes.

D.  

Setting the risk appetite.

A.  

Develop training and system rollout plans in response to the results of the change readiness assessment of a new sales distribution model

B.  

Lead a risk self assessment session for laboratory managers to help identify inherent risks and provide recommendations on how to evaluate the risks

C.  

Audit a third party cloud service provider to review the effectiveness of governance and management controls in providing secure services to its customers

D.  

Conduct a post-implementation assessment of the enterprise resource planning system to determine whether project objectives were met and to identify opportunities to maximize potential benefits

A.  

Processes employed by internal and external assurance providers to authorize, direct, and provide oversight to management to better enable the meeting of organizational objectives

B.  

Processes employed by the board of directors to authorize and provide guidance and oversight to management to promote the achievement of organizational objectives.

C.  

Processes employed by the board of directors and senior management to mitigate risks to acceptable levels.

D.  

Processes employed by risk owners to mitigate risks to acceptable levels within the organization's risk appetite

A.  

The CAE relies on CAEs in other organizations to understand how due professional care should be executed in her internal audit activity

B.  

The CAE meets with the board of directors on a quarterly basis to provide a status update.

C.  

The CAE assesses the audit staff's knowledge and skills annually to determine whether additional resources are needed to fulfill the internal audit plan.

D.  

The CAE provides absolute assurance to line management during each eternal audit engagement

A.  

The internal audit policies and procedures handbook.

B.  

The internal audit charter.

C.  

The internal audit mission statement.

D.  

Each internal audit engagement letter.

A.  

Expertise requirements for internal auditors

B.  

Functional and administrative reporting lines for the chief audit executive

C.  

Audit engagements to be completed in the next fiscal year

D.  

Budget requirements for each engagement

A.  

Compare vendor addresses to employee addresses.

B.  

Match cancelled checks to invoices.

C.  

Search for duplicate payment amounts.

D.  

Check employee bank records against invoice amounts.

A.  

Statement of Independence.

B.  

Operating Procedures of Internal Auditing.

C.  

Definition of Internal Auditing.

D.  

Attestation of Quality Assurance.

A.  

General IT control.

B.  

Processing control.

C.  

Input control

D.  

Integrity control

A.  

An organization requires certain employees who occupy sensitive positions to sign attestation to the code of conduct on an annual basis.

B.  

A compliance specialist carries out quarterly reviews of an organization's compliance with regulatory requirements.

C.  

A front desk officer in an organization requires that visitors are identified by the host before access is granted.

D.  

An internal audit activity deploys audit management policies and procedures for team members.

A.  

Business ethics may vary within an organization with both domestic and foreign operations.

B.  

Business ethics are universal in nature and organizations across the world are expected to comply with similar standards.

C.  

A business ethics policy for an organization is established solely to direct the behavior and expectations of employees.

D.  

Business ethics of an organization must remain independent from those of suppliers, customers, and business partners.

A.  

1 and 4.

B.  

2 and 4.

C.  

2, 3, and 4.

D.  

1, 2, and 3.

A.  

Pressure or incentive.

B.  

Rationalization

C.  

Opportunity

D.  

Commitment.

A.  

The chief audit executive (CAE) documented in the personal file a critical conflict of interest involving an internal audit on a upcoming contracting engagement.

B.  

The CAE discussed with the board an issue regarding the internal activity performing an IT engagement without proper skills and knowledge.

C.  

The CAE met with the peer review team to discuss an internal auditor’s failure to meet the annual requirements for continuing professional education.

D.  

The CAE revealed to revealed to operational manager that he failed to appropriately consider risks while he was developing the audit plan.

A.  

1 and 2 only.

B.  

1, 2 and 3 only.

C.  

2, 3, and 4 only.

D.  

3 and 4 only.

A.  

Internal audit activity

B.  

Operating management

C.  

Senior management

D.  

Board of directors

A.  

Supervisors provide feedback to internal auditors after workpapers are reviewed

B.  

A self-assessment is conducted through the quality assurance and improvement program every five years

C.  

Internal auditors are required to give absolute assurance of regulatory compliance

D.  

The chief audit executive reports functionally to the board

A.  

Adopt reward and recognition programs that promote good behaviors

B.  

Undertake background checks for new employees as part of the hiring process

C.  

Establish an anonymous platform for reporting suspected unethical behaviors

D.  

Institute periodic educational training on expected ethical behaviors

A.  

Examining the internal control effectiveness of the marketing department

B.  

Assessing the adequacy of the IT system's business process design

C.  

Facilitating a self assessment of the organizations business risk and control identification

D.  

Reviewing the application controls in the human resources system

A.  

Assess plant employees' social media activity for specific messages related to tolerance and open communication

B.  

Compare plant employees’ compensation and benefits with those at similar sized organizations that have a stated culture of tolerance and open communication.

C.  

Evaluate organization policies and procedures for references related to encouraging tolerance and open communication.

D.  

Conduct a meeting with all plant employees and management to discuss tolerance and open communication

A.  

Chief audit executive.

B.  

Senior management.

C.  

The forensic accountant.

D.  

The legal department.

A.  

Internal audit authority.

B.  

Internal audit reporting structure.

C.  

Internal audit independence and objectivity.

D.  

Internal audit interaction with the board

A.  

1 and 4 only.

B.  

3 and 4 only.

C.  

1.2. and 4.

D.  

2. 3. and 4.

A.  

Skills in evaluating the risk of fraud.

B.  

Knowledge of key IT risks and controls

C.  

Soft skills such as communication and negotiation.

D.  

Knowledge and understanding of the company's expenses policy

A.  

The internal auditors review the organization's strategic plan, business plan, and policies, and have discussions with the board and senior management.

B.  

The internal auditors evaluate the adequacy and timeliness of management's reporting of risk management results.

C.  

The internal auditors interview staff at various levels and determine whether the organization's objectives, significant risks, and risk appetite are articulated sufficiently.

D.  

The internal auditors review recently completed risk assessments and related reports issued by senior management, external auditors, and other sources.

A.  

The annual audit plan.

B.  

The audit report.

C.  

The annual risk assessment.

D.  

The audit charter.

A.  

Coordinate control activities.

B.  

Provide direction.

C.  

Design key controls.

D.  

Deliver assurance.

A.  

The candidate must be able to apply data analytics tolls methodologies

B.  

The candidate must be able to evaluate IT governance and cybersecurity frameworks.

C.  

The candidate must be able to understand IT-elated risk and general controls

D.  

The candidate must be able to execute web servers, applications, and databases testing procedures.

A.  

Internal audit designs and implements the organization's controls to help manage risk.

B.  

Internal audit sets the organization's risk tolerance and promotes awareness throughout the organization.

C.  

Internal audit assesses whether the organization's risk management processes are effective.

D.  

Internal audit is responsible for safeguarding the organization's assets and preventing loss from occurring.

A.  

The cost-benefit relationship of planned audits.

B.  

Proficiency needed to carry out engagements.

C.  

Achievement of the objectives of internal control.

D.  

Quantity of the audits performed.

A.  

Assessment skills

B.  

Assurance skills

C.  

Interviewing skills

D.  

Facilitation skills

A.  

The audit committee requested the self assessment for quality assurance purposes

B.  

The staff auditors have the necessary knowledge and experience to conduct the review

C.  

The internal audit activity is relatively small in size and is due for an external assessment

D.  

The internal audit activity is due for a self-assessment which is specifically required at least once every five years

A.  

Accounting personnel should regularly perform reconciliation between invoices and purchase orders

B.  

Accounting personnel should conduct a periodic inventory count and reconcile inventory movements

C.  

internal auditors should review Vie frequency and volume of purchased assets to detect trends in the inventory levels

D.  

Management should established a policy requiring new inventory asset purchases to be made on serialized order forms with copies retained

A.  

The internal audit activity must have auditors on staff who collectively possess all of the competencies required to fulfill the internal audit plan,

B.  

All internal auditors on staff should possess the knowledge, skills, and competencies needed to perform any assurance engagement on the audit plan.

C.  

The internal audit activity must possess or obtain the competencies needed to carry out their professional responsibilities, including providing relevant advice and recommendations.

D.  

Internal auditors collectively are responsible for ensuring that the internal audit activity has the competencies required to fulfill the internal audit plan.

A.  

Decline, if it is consulting engagement because she recently worked in the organization s accounting department

B.  

Accept, 11 is an assurance engagement, as she has been out of the department long enough to not impair objectivity.

C.  

Inform the accounting department mat me engagement can take place m the future once she has been removed from accounting for a longer period of time.

D.  

Accept, it is a consulting engagement with agreed-upon scope and services to be provided by me internal audit activity.

A.  

1 and 2 only.

B.  

2 and 3 only.

C.  

2 and 4 only.

D.  

3 and 4 only

A.  

Batch controls.

B.  

Application controls.

C.  

General IT controls.

D.  

Logical access controls

A.  

An internal audit activity that has been in existence fewer than five years cannot Indicate that it is operating in conformance with the Standards because it has not yet undergone an external assessment.

B.  

Once an external assessment validates conformance with the Standards, the internal audit activity may continue to use the statement until the next external assessment.

C.  

If it has been more than five years since the last external assessment was conducted, the Internal audit activity must cease indicating that it operates in conformance with the Standards.

D.  

The chief audit executive must disclose every instance of noncompliance with the Code of Ethics or the Standards.

A.  

The initial review of workpapers should be conducted after the final engagement report is issued.

B.  

Independent internal assessments of the internal audit activity should be performed by entry-level staff as part of on-the-job training.

C.  

Internal audit staff should be informed regularly of changes to policies and procedures.

D.  

Training documents should be destroyed at the end of the year to create space for the next year's training documents.

A.  

Implement a uniform professional development plan for the internal audit activity.

B.  

Create a formal development agreement with each individual staff auditor.

C.  

Require each internal auditor to obtain the same professional certifications.

D.  

Require training and developmental activities that are sponsored by The HA.

A.  

The auditor should increase the sample size to determine the extent ol the fraud.

B.  

The suspicions should be communicated to the chief audit executive.

C.  

The testing should be completed with the results reported in the final audit report.

D.  

A fraud investigator should examine the evidence and report back to the auditor.

A.  

The QAIP scope includes assurance work performed by the internal audit activity but not consulting work.

B.  

The QAIP verifies conformance with the Definition of Internal Auditing, Code of Ethics, and Standards.

C.  

QAIP reports are for internal use primarily and typically are not shared with members outside of the internal audit activity.

D.  

QAIPs make a distinction between fully outsourced internal audit activities and in-house internal audit teams, as a different set of criteria is applied for each.

A.  

Monitoring resources.

B.  

Compensating the chief audit executive.

C.  

Determining scope.

D.  

Allocating internal costs.

A.  

The chief audit executive (CAE) should report all stages of the OAlP's development and key milestones.

B.  

The CAE should report only corrective action plans that meet external assessor or stakeholder requirements.

C.  

The CAE should establish the form and content of program communication so that it is in alignment with the internal audit activity charter.

D.  

The CAE should disclose program details only after both internal and external assessments have been completed.

A.  

The ability to apply forensic methods to obtain legally admissible evidence

B.  

The ability to conduct admission-seeking interviews with potential suspects

C.  

The ability to evaluate whether such attributes as intent and personal gain were present

D.  

The ability to retrieve concealed or deleted information from the former employee's laptop

A.  

Entity-level.

B.  

Preventive.

C.  

Directive.

D.  

Compensating.

A.  

They outline specific internal controls for an organization to implement to ensure business objectives will be achieved.

B.  

They provide guidance related to internal control design and implementation to assist with the evaluation and benchmarking of business practices.

C.  

They serve as a list of appropriate internal controls for auditors to ensure an organization is using best practices.

D.  

They serve as a template for identifying standardized best practices in effective risk management across industries and countries.

A.  

Ensuring regular documentation of auditor skills and experience in the workpapers.

B.  

Basing performance evaluations heavily on customer satisfaction surveys.

C.  

Prohibiting auditors from accepting gifts from audit clients or potential clients.

D.  

Ensuring that auditors have a balance of both operational and internal audit responsibilities.

A.  

Risk management ensures the ability to eliminate potential hazards to the organization.

B.  

Risk management includes consideration of potential opportunities for the organization.

C.  

Risk management aids with the establishment of appropriate key performance indicators.

D.  

Risk management increases employees' commitment and belief in strategic goals.

A.  

Quality committee.

B.  

Audit committee.

C.  

Risk committee.

D.  

Governance committee.

A.  

Recommend mat the chief audit executive outsource the upcoming audit engagement

B.  

Proceed with the audit engagement in accordance with the internal audit manual

C.  

Increase the amount of fieldwork in order to build greater credibility for audit conclusions

D.  

Declare a conflict of interest and hand over the engagement to another auditor

A.  

Risk factors that exist when controls are in place and operating effectively

B.  

Internal risk factors assuming no controls are in place

C.  

Risk factors that cannot be mitigated because they are innate to a process

D.  

Combination of internal and external risk factors in their pure state assuming no controls are in place

A.  

Outsource the identification of best practices for risk management to an external third party.

B.  

Perform an audit engagement to identify risk management practices deployed in electricity sales processes.

C.  

Recommend reporting the lack of risk management to government authorities and request guidance.

D.  

Facilitate a self-assessment workshop with the employees responsible for process execution.

A.  

Supervisors are likely to reduce their level of supervision and increase span of control.

B.  

Employees are likely to be supervised closely and given little freedom.

C.  

Peer employees are likely to trust one another, but distrust management.

D.  

Employees are likely to join forces to accomplish their duties as teams.

A.  

Production cycle time.

B.  

Activities that add no value.

C.  

Staff productivity.

D.  

Complexity of operations.

A.  

To support the organization's risk culture, involving employees at all levels.

B.  

To ensure that the organization attains a better financial position.

C.  

To assist the organization in identifying and mitigating key risks.

D.  

To facilitate the organization's achievement of business goals and objectives.

A.  

Data analytics

B.  

IT fraud detection.

C.  

Continuing professional development

D.  

Due professional care.

A.  

Avoiding the risk altogether.

B.  

Transferring the risk.

C.  

Introducing a control feature.

D.  

Accepting the risk.

A.  

Documented assessment was performed by the audit committee and confirmed conformance.

B.  

Internal and external assessments are performed annually, and nonconformance results are reported to the board.

C.  

The independent and objective judgement of the chief audit executive confirmed conformance with the Standards.

D.  

Documented internal assessments are performed periodically and confirm conformance.

A.  

Information and communication

B.  

Risk assessment

C.  

Control activities

D.  

Control environment

A.  

Risks related to employee turnover.

B.  

Risks related to data manipulation.

C.  

Risks related to employee competency.

D.  

Risks related to not achieving sales targets.

A.  

The objectives and goals of management

B.  

The process used by the CAE to manage the organization's internal controls

C.  

The nature of services that the internal audit activity will provide to external third parties

D.  

The responsibilities of the audit committee

A.  

Integrity

B.  

Proficiency

C.  

Due Professional Care

D.  

Competency

A.  

An effective program may enhance internal auditors' business acumen

B.  

An effective program may ensure that HA Standards requirements are adhered to during audit engagements

C.  

An effective program may ensure internal auditors' effectiveness in setting the organization's nsk management process

D.  

An effective program may clarify management's expectations of the auditors and their responsibilities to the organization

A.  

Coaching management in responding to risks.

B.  

Implementing risk responses on management's behalf.

C.  

Imposing risk management processes.

D.  

Setting the risk appetite.

A.  

Internal auditors found no instances of double billing and concluded there were no significant risks in this area.

B.  

Internal auditors documented the scope and methodology of the data testing.

C.  

Internal auditors discussed with management how data is safeguarded.

D.  

Internal auditors received formal performance feedback from the engagement supervisor.

A.  

Whistleblowing is one of several possible ethical structures an organization can undertake to encourage ethical behavior.

B.  

Whistleblowing programs help employees deal with ethical questions and instill ethical values into everyday behavior

C.  

Whistleblowers are current or former employees who are disgruntled and looking to retaliate.

D.  

Whistleblowers should inform the organization about actual criminal circumstances, not assumed allegations

A.  

Senior management will be present whenever the CAE interacts with the board, to ensure effective communication among all three parties.

B.  

Internal auditors will advise on the design of control policies and procedures in any area where the organization does not possess the requisite expertise,

C.  

Internal auditors will demonstrate competence, concern, and the dedication expected of a professional,

D.  

Internal auditors will receive performance-based compensation, including bonuses for reporting more than a stipulated number of observations.

A.  

The internal auditor should present material information to appropriate personnel within the organization without revealing confidential matters that could be detrimental to the organization.

B.  

The internal auditor should disclose all material information obtained by the date of the final engagement communication.

C.  

The internal auditor should obtain all material information within the established time and budget parameters.

D.  

The internal auditor should reveal material facts that could potentially distort the reporting of activities under review.

A.  

Assign the engagement to a more senior internal auditor.

B.  

Decline the engagement request.

C.  

Allow the internal auditors to acquire the needed skills while performing the engagement.

D.  

Supervise the assigned internal auditors throughout the engagement.

A.  

Approval of master file change requests by the accounts payable supervisor

B.  

Comparison of the check register to original invoices.

C.  

Segregation of duties between accounts payable and the cashier.

D.  

Frequent issuance of account statements sent to the vendors.

A.  

The internal assessment results should be discussed once every five years,

B.  

The rating conclusions and the impact from results of the external assessment should be explained,

C.  

The results of the external assessment should be discussed every seven years,

D.  

The qualifications and independence of the internal assessment team should be discussed

A.  

A results-oriented culture that values competitiveness and personal initiative

B.  

A culture that emerges in quick-response and high-risk decision-making environments

C.  

A culture that is characterized by low involvement with environmental and health issues

D.  

A culture that places high value on participation and meeting the needs of employees.