A.  

Significant changes in the organization's accounting policies or procedures would warrant timely analysis and feedback.

B.  

More frequent external assessments can serve as an equivalent substitute for internal assessments.

C.  

The parent organization's internal audit activity agreed to perform biennial reciprocal external assessments to provide greater assurance at a reduced cost.

D.  

A change in senior management or internal audit leadership may change expectations and commitment to conformance.

A.  

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

B.  

Not allow the audit manager to hire the contractor, as it would be a conflict of interest

C.  

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

D.  

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

A.  

Senior management should be excluded from the reporting as the QAiP results must be communicated to re board only

B.  

The report can be streamlined by removing unnecessary information such as the qualifications and me independence of external assessors

C.  

The results must be snared with the external a auditors as well, so they can determine the extent to which they can rely on me work of the internal audit activity

D.  

The report should indicate that the external assessment must be performed at least once every five years

A.  

Accept the consulting services only after receiving approval to do so from the board.

B.  

Accept the consulting services. The objectivity won't be impaired if it has been more than a year since he last worked in the area under review.

C.  

Refrain from providing the consulting service because he was responsible for that area and his objectivity will be impaired,

D.  

Disclose the potential impairment to the customer before accepting the consulting engagement

A.  

The engagement supervisor requests that an auditor carry out improvements to workpapers to address numerous problems: evidence is missing, references are incorrect, and conclusions are superfluous

B.  

Audit work was completed m accordance with the established goals; however, a material misstatement was later uncovered in the audited area by another assurance provider.

C.  

According to the audit report, several control failures occurred due to irresponsible behavior of local management, who was consequently deprived of bonuses and wrote a negative feedback to the auditor

D.  

The delivery of audit results was several weeks late because the internal auditor had to spend additional time trying to understand the nature of certain transactions with derivation.

A.  

The board is responsible for setting the organizational attitude through tone at the top,

B.  

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities,

C.  

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.  

The framework is designed to be effective for organizations no matter how small.

A.  

The internal auditors violated the standard for due professional care because they did not detect the fraud, even though it occurred during the period that was reviewed.

B.  

The internal auditors should have had sufficient knowledge of fraud to identify red flags indicating possible fraud.

C.  

The internal auditors could not have detected the fraud due to collusion among employees in the inventory unit.

D.  

The internal auditors are not responsible for considering fraud risk, which is a management responsibility.

A.  

The internal auditor s denied access to partner information from management of me area under review

B.  

The internal auditor tarts to disclose a potential conflict of interest relationship with management of the area under review

C.  

The internal auditor concludes that controls operate effectively, although he did not gather supporting evidence

D.  

The internal auditor was assigned to an assurance review of an area for which he previously had responsibilities

A.  

Communication.

B.  

Business acumen.

C.  

Persuasion.

D.  

Critical thinking.

A.  

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan,

B.  

Despite significant corporate resources spent on CSR reporting, investors generally do not rely on CSR information.

C.  

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary.

D.  

Typically, operating management does not have a major role to play based on the public nature of reporting

A.  

Volunteer for audit engagements in areas or industries in which the auditor is unfamiliar

B.  

Sign an annual attestation indicating that the auditor has all required competencies to perform her job effectively.

C.  

Obtain appropriate professional certifications or other designations.

D.  

Disclose potential impairments to independence or objectivity prior to performing an audit engagement.

A.  

Advising new internal auditors working for the organization on how to develop strategies on planning audits for the upcoming fiscal year

B.  

Assessing whether the organization's corporate social responsibility program is meeting its yearly goals to reduce carbon emissions.

C.  

Briefing the organization's department managers on how to implement risk management processes into their daily operations.

D.  

Communicating with senior management to better understand how new purchasing controls will minimize payment processing time.

A.  

The internal audit activity uses key performance indicators for all staff members after all audit engagements.

B.  

The internal auditors provide assurance to third parties indicating that their work was properly supervised.

C.  

The internal auditors demonstrate they have an understanding of engagement objectives and scope.

D.  

The internal auditors are heavily involved in training and development to enhance their skills.

A.  

The profitability impact of its products in developing markets.

B.  

The amount of political donations to local government races.

C.  

The number of complaints related to traffic from its new factory.

D.  

The compensation packages awarded to senior management.

A.  

Support of good governance and controls.

B.  

Enhancement of organizational value.

C.  

Protection of tangible and intangible assets.

D.  

Provision of professional advisory and assurance services.

A.  

1. 2. and 3.

B.  

1.2. and 4.

C.  

1.3. and 4.

D.  

2. 3, and 4.

A.  

For multinational organizations it is important to ensure that the organizational culture is consistent at all locations

B.  

Because the chief audit executive (CAE) is part of the organizational culture, external auditors should be engaged to evaluate the control environment

C.  

If there are unresolved scope restrictions, the CAE should consider whether to pursue the audit and note the scope restrictions in the audit report

D.  

Because it will create a conflict of interest relating to the control environment, senior management should not be consulted during the audit

A.  

Describe data analytics and the application of data analytics methods in internal auditing.

B.  

Apply data analytics methods in internal auditing.

C.  

Evaluate the use of data analytics in an internal audit.

D.  

Understand the definition of data analytics only.

A.  

Chief audit executive.

B.  

Senior management.

C.  

The forensic accountant.

D.  

The legal department.

A.  

Auditors must consider using technology if it advances the engagement, even when implementation costs exceed the benefits.

B.  

Auditors must considering using technology to reduce the organization's risk by detecting all instances of fraud.

C.  

Auditors must consider using technology only when the Implementation cost does not exceed benefits.

D.  

Auditors must consider using technology in a variety of engagements to ensure that their work is substantiated and infallible.

A.  

Results of internal assessments need to be reported to the board at least once every five years.

B.  

The external assessor must present the findings from the external assessment to senior management and the board upon completion.

C.  

Deficiencies within the internal audit activity must be reported to the board as soon as they are noted.

D.  

Results of ongoing monitoring of the internal audit activity's performance must be reported to senior management and the board at least annually

A.  

Report the non-compliance cases to the board of directors.

B.  

Recommend that management update its policies and procedures based on the circumstances.

C.  

Investigate the rationale for management's actions.

D.  

Recommend those employees to report the cases through the designed whistleblowing channel for the appropriate treatment.

A.  

Assess the effectiveness of the model at least semi-annually.

B.  

Modify model inputs and suggest courses of action based on outcomes.

C.  

Employ acquired experience to test other models used by the company.

D.  

Validate whether model outputs serve the purpose stated by the model.

A.  

Due professional care was exercised, despite the auditor’s failure to identify the significant risk.

B.  

Due professional care was not exercised because the auditor failed to identify all the significant risks during the risk assessment.

C.  

Due professional care was not exercised because the residual risk from the possibility of authorized users sharing their passwords was not considered.

D.  

Due professional care was not exercised because the auditor failed to conduct interviews to obtain testimonial evidence of possible password sharing

A.  

An understanding of fraud and fraud risk.

B.  

IT audit expertise.

C.  

Industry-specific knowledge

D.  

At least one audit-related certification

A.  

Retaining evidence of training in the form of continuing education credits

B.  

Seeking guidance regarding internal audit best practices from The IIA

C.  

Retaining supervisory reviews conducted on the basis of the development plan

D.  

Giving consideration to certain areas of specialization as part of development planning

A.  

A statement of independence of the organization's internal auditors.

B.  

Meeting minutes with the assessment team, if key risks were identified and discussed.

C.  

Frequency of the quality assessments being performed.

D.  

Summary of previous internal assessments undertaken.

A.  

The cost-benefit relationship of planned audits.

B.  

Proficiency needed to carry out engagements.

C.  

Achievement of the objectives of internal control.

D.  

Quantity of the audits performed.

A.  

Utilitarian benefits.

B.  

Personal virtues.

C.  

Religious injunctions.

D.  

Distributive justice.

A.  

The internal auditor should present material information to appropriate personnel within the organization without revealing confidential matters that could be detrimental to the organization.

B.  

The internal auditor should disclose all material information obtained by the date of the final engagement communication.

C.  

The internal auditor should obtain all material information within the established time and budget parameters.

D.  

The internal auditor should reveal material facts that could potentially distort the reporting of activities under review.

A.  

Providing fraud awareness training and disseminating information regarding the organization's fraud hotline.

B.  

Performing consulting services after disclosing that the auditor had previous responsibilities in the area under review.

C.  

Performing an assurance engagement related to the cash receipts process three years after transferring to the internal audit activity from accounts receivable.

D.  

Performing a compliance audit on a vendor prior to disclosing that the vendor's office manager is the auditor’s brother.

A.  

Communicate specific activities appropriate to the performance of internal auditing.

B.  

Promote ethical culture within corporations and other business organizations.

C.  

Establish mandatory standards of competence for the practice of internal auditing.

D.  

Establish principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing.

A.  

Establishing policies that prohibit an employee from receiving gifts from an interested party.

B.  

Having employees sign annual attestations that they adhere to the organization's code of ethics.

C.  

Having strong management oversight of the purchasing and accounts payable functions.

D.  

Conducting regular examinations of documentation both paper and electronic.

A.  

The organization's board of directors.

B.  

The chief audit executive.

C.  

The business unit manager and the engagement supervisor.

D.  

The compliance manager and the business unit manager.

A.  

Perform a gap analysis to assess me differences between the approaches

B.  

Assess the governance processes using computerized modeling techniques

C.  

identify any differences between the processes using a variance analysis

D.  

Benchmark the governance processes using a capability maturity modal

A.  

Pressure or incentive.

B.  

Opportunity.

C.  

Rationalization.

D.  

Commitment.

A.  

Neither internal nor external assessment

B.  

internal assessment

C.  

Both internal and external assessment

D.  

External assessment

A.  

Bank internal auditors review an activity checklist to determine that the loan officer followed proper procedures.

B.  

The chief financial officer asks for the internal auditor's opinion regarding whether the new accounting pronouncements were properly and comprehensively adopted.

C.  

An internal auditor is assigned to assess whether a proposed new initiative to convert a customer service system would be cost-effective.

D.  

Senior management asks the internal audit activity to review compliance with customer data security regulations.

A.  

The eternal auditor reviewed the audit clients proposed procedures and standards of control and offered suggested improvements at the client’s request.

B.  

The internal auditor performed nonaudit work for the audit client which was communicated to senior management and the board before the engagement was performed and restated in the audit report

C.  

internal auditors accepted limited access to the audit client's systems and records m accordance with the scope of the engagement

D.  

The internal auditor used his in-depth knowledge of systems development to assist the audit client m designing a new operational system with robust controls.

A.  

Becoming a voting member of the organization's internal ethics council.

B.  

Performing an annual organizationwide employee survey.

C.  

Reviewing all departmental ethics-related policies.

D.  

Conducting annual ethics training for all employees.

A.  

Risk response

B.  

Risk assessment

C.  

Risk monitoring

D.  

Risk avoidance

A.  

It should be written with primary consideration given to using a rule-based approach.

B.  

It should be of two variations: one applicable internally and one applicable for third parties.

C.  

Its operational effectiveness cannot be tested using traditional audit and rating systems such as maturity models.

D.  

It should require an annual attestation of compliance with the code of conduct by all employees.

A.  

The engagement client should be able to determine the scope to be applied to the engagement

B.  

The internal auditor should establish a scope that does not impair her objectivity

C.  

Any attempts by the engagement client to limit the scope should be considered a scope limitation

D.  

The scope should include reviewing the effectiveness of the internal control environment

A.  

Auditor competency.

B.  

Internal audit independence.

C.  

Auditor objectivity.

D.  

Engagement scope.

A.  

An internal audit charter.

B.  

An employee disciplinary policy.

C.  

A functional audit committee.

D.  

A functional reporting placement.

A.  

Computer servers are in a room that is accessible to all employees,

B.  

An IT architect avoids taking vacations and sharing his workload with coworkers,

C.  

Hours billed by IT developers exceed 24 hours daily.

D.  

Audit logs are lacking in a system that processes personal data.

A.  

Staff transfers are reviewed by the recruiting manager and approved by the head of human resources

B.  

New staff requisition forms are authorized by operational management and acknowledged by the head of human resources

C.  

Staff salary payments and accounting records are approved by the head of accounting and acknowledged by the head of human resources

D.  

The staff salary payment list is reviewed by the head of payroll and endorsed by the head of human resources

A.  

Use the current available resources to conduct the review and exclude those procedures that can't currently be performed.

B.  

Implement an accelerated training plan to provide the audit staff with the necessary skills and knowledge to conduct the engagement.

C.  

Encourage management to accept the assessed risk until the internal audit activity is able to adequately review the area.

D.  

Obtain assistance for the audit team from other internal assurance providers who possess the requisite expertise in the area.

A.  

Data analytics

B.  

IT fraud detection.

C.  

Continuing professional development

D.  

Due professional care.

A.  

Auditors must have an IT specialty in at least one of their organization's key information technology systems.

B.  

Auditors must be proficient in data analysis and computer assisted audit techniques for their organization.

C.  

Auditors must understand their organization's integrated test facilities and generalized audit software.

D.  

Auditors must understand their organization's IT governance, risk, and control processes.

A.  

Internal auditors ensure that the work program is appropriately designed in order to identify all of the risks surrounding the payroll process.

B.  

Internal auditors determine whether the policies, procedures, and practices of the payroll department are operating in accordance with relevant laws.

C.  

Internal auditors verify whether the board of directors has implemented effective internal controls over the processes used by the payroll department.

D.  

Internal auditors ask the organization's risk manager to determine whether the degree of work planned is sufficient to determine whether payroll payments were complete and accurate.

A.  

The mentor must have a higher position in the organization than the mentee

B.  

An auditor s supervisor is best positioned to serve as the auditor's mentor

C.  

Meetings between a mentor and a mentee should be formal and well documented

D.  

Auditors at the same level may be assigned different mentors and some auditors may have no mentor

A.  

An employee receives a bonus for perfect attendance

B.  

During the past 18 months three chief financial officers have left the organization after having been promoted to the position

C.  

The organization does not perform any due diligence research on third party service providers

D.  

Three competitors are highly profitable but a fourth equal in size is approaching bankruptcy limits

A.  

When participants already have a certain degree of experience and knowledge.

B.  

When it makes up the largest part of the training budget.

C.  

When it includes ongoing feedback and coaching from experienced team members.

D.  

When it is standardized for the whole entire staff.

A.  

The internal audit activity constitutes the first line of defense in effective risk management.

B.  

The internal audit activity provides direction regarding internal controls implementation.

C.  

The internal audit activity verifies that management has met its responsibility for implementing effective controls.

D.  

The internal audit activity implements the internal control framework and advises management regarding best practices.

A.  

Internal auditors meet with operational management at each phase of the audit process.

B.  

Internal auditors adhere to The IIA’s Code of Ethics.

C.  

Internal auditors work collaboratively with their engagement team.

D.  

Internal auditors complete a program of continuing professional development.

A.  

Analyzing the results of successful testing of controls and monitoring procedures implemented by management

B.  

Determining that there are no gaps between the internal auditors' risk assessment and the risk assessment performed by the organization

C.  

Obtaining evidence that employees throughout the organization are aware of the organization s risk appetite

D.  

Verifying that previously identified organizational risks were documented in board meeting minutes

A.  

Reporting to a higher level within the organization reduces the potential scope of engagements that can be undertaken by the IA

A.  

B.  

The benefit of the IAA's organizational independence is realized primarily via reduced costs for the external auditor.

C.  

Independence is impaired when the scope of the IAA is subject to changes required by senior management.

D.  

Inadequate organizational independence can result in the chief audit executive being able to fire staff without consulting the audit committee.

A.  

Business continuity

B.  

Market manipulation

C.  

intellectual property leakage

D.  

Reputational damage

A.  

The internal audit activity should not be responsible for developing the organization's risk management framework, even with appropriate safeguards.

B.  

The internal audit activity is typically responsible for alerting operational management to emerging risks and changes in regulatory scenarios

C.  

The internal audit activity may coach management on risk response scenarios if safeguards have been implemented.

D.  

The internal audit activity should avoid giving assurance regarding the accuracy of risk evaluations if safeguards have not been implemented.

A.  

Involve board members in hiring activities and request advice.

B.  

Require all internal audit staff to complete the same training course on a general audit subject,

C.  

Require senior auditors to obtain a professional certification.

D.  

Provide a competency assessment of the internal audit staff.

A.  

The job responsibilities of the warehouse employee compromise segregation of duties

B.  

Spare parts are written off before their actual usage and installation

C.  

Warehouse management is conducted on paper and requires further investigation

D.  

The inventory counts take place on specific days of the week for no apparent reason

A.  

Immediately notify management of the area under review and the other internal auditors involved in the engagement.

B.  

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C.  

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.

D.  

Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.

A.  

1 and 4 only.

B.  

2 and 3 only.

C.  

1. 2, and 3 only.

D.  

1, 3, and 4 only.

A.  

Incorporate the basic criteria of internal audit competency into job descriptions

B.  

Complete a periodic skills assessment of the internal audit activity

C.  

Develop a competency or skill assessment tool.

D.  

Perform benchmarking with competitors to learn what other firms are doing related to this topic

A.  

Recognizing revenue up front rather than over a contract’s life to inflate revenue for the current period

B.  

Requesting reimbursement for overstated travel and entertainment expense amount

C.  

Misstating realized foreign currency transaction gains or losses

D.  

Demanding payment from a vendor for decisions made in the vendor’s favor

A.  

The amortization period of an intangible asset cannot exceed 20 years.

B.  

The cost intangible assets with indefinite lives should be amortized.

C.  

Intangible assets are categorized as having either a limited life or an indefinite life.

D.  

Companies should record intangible assets at fair market value

A.  

The risk assessment process applied by the internal audit activity

B.  

The organization's internal control framework used by the internal audit activity

C.  

The nature of consulting services provided by the internal audit activity

D.  

The performance evaluation process used by the internal audit activity

A.  

The accounting unit keeps detailed records and preserves supporting documentation in excess of company requirements

B.  

One of the subsidiaries has more bank accounts than any other comparable subsidiary

C.  

The same external audit firm has been with the company for three years without rotation

D.  

The arithmetic median tenure of employees working at production facilities is 15 years

A.  

It A new internal audit activity was formed four years ago. An external assessment was never performed, but successive internal assessments were performed and support the conclusion that the internal audit activity conforms with the Standards

B.  

An internal self-assessment completed yesterday found that the internal audit activity did not conform with the Standards when carrying out its work. However, the preceding independent external assessment supports the conclusion that the internal audit activity conforms with the Standards.

C.  

To reduce costs, the CAE excluded the use of external assessors from the internal audit activity's quality assurance and improvement program for the past seven years.However, the CAE concluded that the internal audit activity conforms with the Standards because all internal assessments over the period have supported this conclusion.

D.  

The results of the last external assessment of the internal audit activity, performed a little over five years ago, indicated that the internal audit activity conforms with the Standards. The most recent internal assessment performed within the past year also indicates conformance.

A.  

The effectiveness of process-level and transaction-level controls.

B.  

Conflicts of interest within the organizational structure of the senior management.

C.  

The alignment of management decisions with the level of risk the organization is willing to accept.

D.  

The actions of upper management in response to the internal audit activity's reporting

A.  

Making sure employees are exempt from participating in control creation

B.  

Implementing controls without lengthy explanations of their purpose

C.  

Developing general constricting controls rather than detailed ones

D.  

Not using controls to achieve goals

A.  

Department performance standards.

B.  

Remediation timeframes.

C.  

Nonconformance disclosures.

D.  

External assessment resources

A.  

1 and 2 only.

B.  

1, 2 and 3 only.

C.  

2, 3, and 4 only.

D.  

3 and 4 only.

A.  

Two individuals in the same internal audit activity may perform an independent peer review as long as they do not report to the same audit manager

B.  

Individuals from a separate but related organization such as an affiliate may perform peer reviews

C.  

Individuals working in separate internal audit activities may be considered independent as long as do not report to the same chief audit executive

D.  

Peer reviews are generally less cost-effective than hiring an external quality assessor

A.  

Supervisors provide feedback to internal auditors after workpapers are reviewed

B.  

A self-assessment is conducted through the quality assurance and improvement program every five years

C.  

Internal auditors are required to give absolute assurance of regulatory compliance

D.  

The chief audit executive reports functionally to the board

A.  

Request from the audit committee an additional budget and an extension so that the external assessment could be performed next year.

B.  

Review the results of the internal assessment, identify weaknesses, and implement improvements at the remaining offices.

C.  

Request the regional office that performed the internal assessment to perform an assessment of the remaining offices.

D.  

Request that an external assessor validate the results of the internal assessment and review the remaining offices.

A.  

Individual internal auditors.

B.  

Chief audit executive.

C.  

The board.

D.  

Engagement supervisors.

A.  

The chief audit executive (CAE) has a dual reporting relationship within the organization.

B.  

The CAE performs an audit of a functional area that is also under the CAE's oversight.

C.  

The CAE has unrestricted access to information throughout the organization and to the board.

D.  

The board is involved in decisions to hire or remove the CAE and in drafting and approving an internal audit charter.

A.  

Internal auditors cannot assess an operation for which they were responsible within the previous year.

B.  

Management of the area under review must agree with the engagement objectives, scope, and techniques.

C.  

The engagement results will vary in form and content depending upon the needs and wishes of the engagement client.

D.  

The only parties involved in the engagement are the internal auditor and management of the area under review.

A.  

To support the organization's risk culture, involving employees at all levels.

B.  

To ensure that the organization attains a better financial position.

C.  

To assist the organization in identifying and mitigating key risks.

D.  

To facilitate the organization's achievement of business goals and objectives.

A.  

Physical security

B.  

Loss of intellectual property

C.  

Cost overruns

D.  

Conflict of interest

A.  

A monitoring process,

B.  

A risk assessment process.

C.  

A strategic objective-setting process.

D.  

An information and communication process.

A.  

Verifying whether claims have been properly authorized for payment.

B.  

Verifying whether claims are properly supported by invoices or other documents.

C.  

Confirming that all claims are within the limits of the organization's travel policy.

D.  

Reconciling claims against business trip requests that were approved by supervisors.

A.  

The internal audit charter authorizes the internal audit activity's reporting structure and clearly defines the roles of each internal auditor.

B.  

The internal audit charter defines the roles and responsibilities of the chief audit executive, board of directors, and senior management.

C.  

The internal audit charter authorizes access to records, personnel, and physical properties relevant to the performance of audit engagements.

D.  

The internal audit charter defines the criteria by which the internal audit activity's performance will be evaluated

A.  

Proceed with the audit engagement, but do not include the relative's information.

B.  

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.  

Disclose in the engagement final communication that the relative is a customer.

D.  

Immediately withdraw from the audit engagement.

A.  

To evaluate an organization s governance processes for making strategic and operational decisions eternal auditors should review the organization s policies and processes related to staff compensation

B.  

To determine how an organization provides oversight of its risk management and control activities internal auditors should review board meeting minutes and the board policy manual

C.  

To assess how an organization promotes ethics and values both internally and among its external business partners, internal auditors should review the organization' s related objectives programs and activities

D.  

To evaluate how an organization ensures effective performance management and accountability internal auditors should review previously conducted risk assessments

A.  

1 and 2 only

B.  

2 and 3 only

C.  

1, 2 and 3

D.  

1 3 and 4

A.  

Investigation of health and safety incidents.

B.  

Auditing of controls and management systems.

C.  

Communication of disclosures and external reporting,

D.  

Involvement in focus groups and complaint management

A.  

Business acumen

B.  

Persuasion and collaboration

C.  

Critical thinking

D.  

Communication

A.  

During audit planning the auditor provided the client with the scope of the engagement for their agreement

B.  

The results of tie engagement were included m a written report mat was issued to the cleint who requested me engagement

C.  

During audit planning the auditor determined that the engagement scope would include a review of the security and privacy of payroll records

D.  

The client requested the review of a new payroll system in order to improve the security of fie system

A.  

Obtain approval from the manufacturer's audit committee regarding the release of audit records

B.  

Release the records but first remove all data regarding the manufacturing organization s internal actions and procedures

C.  

Deny access to the records as the third party supplier s security learn should be able to investigate then own employees.

D.  

Consult with the manufacturer's senior management to determine whether releasing tie records would be appropriate

A.  

Entity-level

B.  

Activity-level

C.  

Transaction-level

D.  

Process-level

A.  

The IIA's Code of Ethics must exist outside of the charter to maintain independence.

B.  

The charter must be approved by both senior management and the board.

C.  

The nature of consulting services does not need to be defined in the internal audit charter.

D.  

The charter provides a framework for performing a broad range of value-added audit services.

A.  

The CAE's actions are likely to impair the Independence of the internal audit activity.

B.  

The CAE acted appropriately, and the independence of the internal audit activity was not impaired.

C.  

The CAE should have developed the audit plan without outside influence to maintain objectivity.

D.  

The CAE acted appropriately, as he has authority to determine who reviews and approves the audit plan.

A.  

Fewer internal audits

B.  

More effective interviews

C.  

Automated risk management strategy tools

D.  

Reduced assurance costs

A.  

Suggest to the payroll manager that the suspicious documents should be sent to the organization's security department for forensic review.

B.  

Keep the suspicious documents in the workpaper file until the end of the engagement, and then discuss the suspicions with the payroll manager.

C.  

Discuss the suspicious documents with payroll staff to seek their views on the authenticity of the signatures.

D.  

Review the suspicious documents with the chief audit executive and seek advice concerning further examination.

A.  

Functional and administrative responsibilities of internal audit activity.

B.  

Authority and objectivity of internal audit activity.

C.  

Independence and objectivity of internal audit activity.

D.  

Assurance and improvement of internal audit activity.

A.  

The internal audit policy manual.

B.  

The internal audit charter.

C.  

The board of directors.

D.  

The quality assurance and improvement program.

A.  

They outline specific internal controls for an organization to implement to ensure business objectives will be achieved.

B.  

They provide guidance related to internal control design and implementation to assist with the evaluation and benchmarking of business practices.

C.  

They serve as a list of appropriate internal controls for auditors to ensure an organization is using best practices.

D.  

They serve as a template for identifying standardized best practices in effective risk management across industries and countries.

A.  

A plan to study for and obtain a certification in nonprofit management.

B.  

A deadline within the individual development plan to meet the overall engagement objectives.

C.  

A plan to perform a variety of engagements to develop general skills that could be used to assess environmental, social, and governance initiatives.

D.  

A request to attend the organization's committee meeting that is focused on strategic community awareness.

A.  

Corrective control

B.  

Process-level control

C.  

Compensating control

D.  

Preventive control

A.  

An internal auditor failed to expand the engagement and include managements preferences when determining the scope of an upcoming assurance engagement.

B.  

An internal audit activity lacks the skills need to perform a high-risk security engagement included on the annual audit plan.

C.  

A chief audit executive fated to perform a risk assessment prior to preparing the audit plan

D.  

An internal audit activity has existed for two years and has not undergone external quality assessment

A.  

The high-level risk assessment performed during engagement planning is a detailed step-by-step analytical process

B.  

External auditors must be engaged to evaluate the potential for fraud and how the organization manages fraud risk

C.  

A lack of controls is acceptable if the risk is reduced to an acceptable level in some other way

D.  

Internal auditors are responsible for managing the risks of the organization

A.  

Strategic objectives are prerequisites to establishing internal controls.

B.  

Internal controls eliminate process breakdowns caused by human errors.

C.  

Well-established internal controls cannot be overridden.

D.  

Robust internal controls ensure business success.

A.  

The CAE tasks internal auditors with coordinating assurance activities with other providers across the organization.

B.  

The CAE encourages auditors to volunteer to support research work of the local professional institute.

C.  

The CAE requires auditors to periodically attest to the profession's Code of Ethics.

D.  

The CAE reminds auditors to ensure workpapers are completed for audit engagements.

A.  

Business ethics may vary within an organization with both domestic and foreign operations

B.  

Business ethics are universal n nature and organizations across the world are expected to comply with smear standards

C.  

A business ethics policy for an organization s established solely to direct me behavior and expectations of employees

D.  

Business ethics of an organization must remain independent torn those of supplier’s customers and business partners

A.  

Encourage the auditor to continue this practice, as it demonstrates objectivity.

B.  

Encourage the auditor to improve communication skills.

C.  

Encourage the auditor to conduct post-engagement surveys to obtain the audit client's position on the issues raised.

D.  

Encourage the auditor to sign the draft reports before submitting them.

A.  

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees

B.  

Review the investigation and implement any improvements to the process.

C.  

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

D.  

Determine why the fraud was not detected earlier and design controls to strengthen early detection.

A.  

Proceed with addressing the error and report any corrections to the engagement supervisor during the scheduled exit meeting

B.  

Issue the audit report to senior management on schedule but include a disclaimer about the error

C.  

Proceed with the scheduled closing of the engagement without consideration of the identified error

D.  

Inform the engagement supervisor of the error and allow the supervisor to determine the appropriate action to take

A.  

Assess plant employees' social media activity for specific messages related to tolerance and open communication

B.  

Compare plant employees’ compensation and benefits with those at similar sized organizations that have a stated culture of tolerance and open communication.

C.  

Evaluate organization policies and procedures for references related to encouraging tolerance and open communication.

D.  

Conduct a meeting with all plant employees and management to discuss tolerance and open communication

A.  

Independent assessments.

B.  

Continuous monitoring.

C.  

Business continuity and backups.

D.  

Organization wide objectives.

A.  

Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).

B.  

Approve the annual budget and resource plan for the internal audit activity.

C.  

Assist the CAE with hiring objective and competent internal audit staff.

D.  

Encourage the CAE to communicate and coordinate with the external auditor.

A.  

Management approval

B.  

Independent review

C.  

Reporting relationships

D.  

Quarterly assessment

A.  

The chief audit executive reports directly to the board

B.  

Internal auditors may not disclose personal data of the audit client

C.  

Internal auditors may not accept gifts from management of the area under review

D.  

Internal auditors must observe the law and make required disclosures

A.  

If it is an assurance engagement, accept the assignment because direct knowledge of the existing accounts payable processes wifi provide depth and add more value.,

B.  

If it is a consulting engagement, decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible.

C.  

If it is a consulting engagement, accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value.

D.  

If it is an assurance engagement, accept the assignment because the chief audit executive had knowledge of the internal auditor's previous role when this engagement was assigned.

A.  

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.  

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.  

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards,

D.  

The auditor breached the conflict of interest standard by accepting payment for travel costs

A.  

The organizational culture rewards critical and objective thinking.

B.  

The quality of work performed by the internal audit activity is periodically reviewed.

C.  

The organization establishes effective governing body oversight.

D.  

Audit assignments are rotated among internal audit staff.

A.  

Proceed with addressing the error and report any corrections to the engagement supervisor during the scheduled exit meeting.

B.  

Issue the audit report to senior management on schedule but include a disclaimer about the error.

C.  

Proceed with the scheduled closing of the engagement without consideration of the identified error.

D.  

Inform the engagement supervisor of the error and allow the supervisor to determine the appropriate action to take.

A.  

The identified risks have not undergone a detailed review to ensure completeness in the past two years.

B.  

The controls in place to mitigate the risks are not tested on an annual basis to confirm operating effectiveness.

C.  

The process in place to identify and evaluate new risks to the organization is informal and poorly documented.

D.  

The identified risks have not been ranked to establish their importance and risk management priority.

A.  

Confidentiality.

B.  

Independence.

C.  

Competency.

D.  

Objectivity

A.  

Internal auditors may conduct a financial effectiveness engagement in a business unit at any point after being transferred from that area.

B.  

Internal auditors may conclude that a business unit's current control environment is adequate and effective if the review of the prior year's workpapers and audit report supports that conclusion.

C.  

Internal auditors may conduct an engagement in a business unit at any point after providing a training workshop in that area.

D.  

Internal auditors should limit the scope of an engagement if they become aware of a potential impairment of their objectivity in order to reduce the potential impact of the impairment on the engagement results.

A.  

Due professional care.

B.  

Internal audit objectivity.

C.  

Risk management assurance.

D.  

Professional development.

A.  

The chief audit executive.

B.  

A member of the compliance function.

C.  

A party outside of the internal audit activity.

D.  

A member of the risk management function.

A.  

Such an interview is performed when there is a need to dismiss an internal auditor

B.  

Feedback from the manager will contribute to the audit team's professional development

C.  

The manager's opinion will be used to form the final audit assessment and report rating.

D.  

The manager will provide insights into the audited industry's trends

A.  

Quality committee.

B.  

Audit committee.

C.  

Risk committee.

D.  

Governance committee.

A.  

The auditor considers the employees to be unresponsive and proceeds to document the actions and concerns as a scope limitation that can affect the engagement

B.  

The auditor considers other options to determine whether the employees are processing financial transactions as required by the organization

C.  

The auditor meets with senior management of the organization to discuss the employees' behavior and possible resolutions that would satisfy all parties

D.  

The auditor meets with the department supervisor and staff to discuss the employees' actions in order to obtain an understands and potential resolution

A.  

Control activities.

B.  

Information and communication.

C.  

Risk assessment.

D.  

Control environment.

A.  

The auditor testifies in front of a jury about an organization's fraudulent financial practices after receiving a subpoena

B.  

Management has agreed to remedy a significant control deficiency, so the auditor excludes the deficiency from the engagement report

C.  

The chief audit executive declines an assurance engagement in IT because the internal audit activity is not proficient in IT

D.  

The auditor communicates an audit opinion on fraud risk during an audit engagement’s preliminary fraud risk assessment

A.  

Setting unrealistic targets for staff to achieve

B.  

Granting external audit firms access to staff and records.

C.  

Automating some processes and allowing others to be performed manually

D.  

Enforcing a zero-tolerance policy for misconduct

A.  

Entity-level.

B.  

Preventive.

C.  

Directive.

D.  

Compensating.

A.  

The chief audit executive is well qualified and has responsibilities over operational areas that the internal audit activity assesses.

B.  

Periodic self-assessments are assigned to entry-level internal audit staff to support their continuing professional development.

C.  

All audit workpapers are reviewed and signed by the engagement supervisor before the audit report is issued.

D.  

Employees who rotate into the internal audit activity from other areas of the organization are assigned to audit areas where they previously worked, to take advantage of their operational expertise and experience.

A.  

Develop a business continuity plan for contingent situations,

B.  

Insure the organization against financial losses.

C.  

Rely on third-party cloud solution providers for the organization's systems.

D.  

Hedge company assets via purchasing derivatives.

A.  

To achieve planned profitability for business expansion.

B.  

To enhance an organization's confidence in achieving strategy.

C.  

To strengthen corporate governance standards.

D.  

To eliminate business risks and uncertainties.

A.  

active control? 3

B.  

Third parties who operate the hotline ensure anonymity for whistle blowers. D Whistleblower tips help discover wrongdoings and violations of the code of conduct.Potential perpetrators of fraud know that their actions can be reported easily.

C.  

Better investigation protocols are triggered by the whistleblower hotline.

A.  

The internal auditor should reject the request it she previously worked in the procurement area to maintain objectivity

B.  

The internal auditor should reject the request if the internal audit team does not have the requisite expertise.

C.  

The internal auditor should accept the request and in fact she may assume some management responsibilities temporarily if the result is a relevant training benefit

D.  

The internal auditor may accept the request only if she defines the scope to ensure conformance with the Code of Ethics

A.  

Assessment skills

B.  

Assurance skills

C.  

Interviewing skills

D.  

Facilitation skills

A.  

Discussions with the chief audit executive.

B.  

A listing of employee profiles and certifications.

C.  

Inquiry of external auditors.

D.  

Validation by human resources.

A.  

The internal audit activity should refrain from conducting an assurance engagement for which it lacks the necessary competencies or skills

B.  

The chief audit executive must decline a consulting engagement or obtain competent advice and assistance if internal auditors lack the necessary competencies or skills

C.  

The audit committee should ensure that the internal audit activity continuously improves its knowledge and skills in order to fulfill its responsibilities

D.  

In today's business climate which is dominated by technology and big data, it is imperative that each staff internal auditor has detailed knowledge about IT risks and technology-based audit techniques

A.  

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct

B.  

The audit committee has reviewed the annual self-assessment results and approved the use of the clause

C.  

The self-assessment results were validated by a qualified external review team three years prior

D.  

The internal audit charter, approved by the audit committee requires conformance with the Standards

A.  

To ensure all internal audit responsibilities can be met

B.  

To ensure all audit staff members are capable of performing a quality self-assessment.

C.  

To ensure that each auditor maintains responsibility for his own professional development.

D.  

To attract the best and most talented candidates in the profession

A.  

1 and 4 only.

B.  

1, 2, and 3 only.

C.  

1, 2, and 4 only.

D.  

2, 3. and 4 only

A.  

Assurance engagements for functions over which the chief audit executive (CAE) has responsibility are overseen by a party outside the internal audit activity

B.  

Internal auditors provide consulting services relating to operations for which they had previous responsibilities

C.  

Internal auditors provide consulting services relating to operations for which they have current responsibilities

D.  

Consulting engagements for functions over which the CAE has responsibility are overseen by a party outside the internal audit activity

A.  

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.  

Purchase orders are typed by the purchasing department using prenumbered forms.

C.  

Buyers promptly update the official vendor listing as new supplier sources become known.

D.  

Department managers initiate purchase requests that must be approved by the plant superintendent.

A.  

Control activities.

B.  

Control environment.

C.  

Risk assessment.

D.  

Monitoring

A.  

Delivering fraud awareness training to employees in the department.

B.  

Segregating duties between employees in the department.

C.  

Requesting the internal audit activity perform an independent evaluation of fraud risk in the department.

D.  

Requiring accounts payable employees to sign a code of conduct awareness confirmation.

A.  

A non-disclosure agreement.

B.  

An annual declaration of commitment to

C.  

The IIA s Code of Ethics.

D.  

The internal audit charter.

A.  

Initiating an internal investigation to clarify whether a biased judgment took place.

B.  

Requiring the internal auditors to disclose any potential conflicts of interest.

C.  

Requiring that the audit client disclose any potential conflicts of interest with the auditor.

D.  

Requiring human resources manager to submit all future job applicants' data in order to identify relatives of auditors.

A.  

Internal assessments rely solely on the review of completed audit engagements for demonstrated performance.

B.  

The chief audit executive is responsible for assessing the suitability and competence of an external assessor.

C.  

QAIP results must first be discussed with the board and approval obtained for distribution to senior management.

D.  

At the board's discretion, the frequency of external assessments can exceed the five-year guideline.

A.  

The use of judgment enhances management's ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.  

Introducing judgment generally diminishes management's ability to make good decisions about internal control.

C.  

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.  

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

A.  

Using a hedging strategy.

B.  

Implementing controls to follow up on deviations.

C.  

Purchasing liability insurance.

D.  

Purchasing foreign currency reserves.

A.  

Determining whether management measures and monitors the costs and benefits of controls.

B.  

Providing training on controls and ongoing self-monitoring processes.

C.  

Developing flowcharts to obtain information about control design adequacy.

D.  

Identifying objectives and the risks involved in achieving them.

A.  

Separate the duties of processing and authorizing refunds on merchandise

B.  

Post signs in the register area prompting customers to ask for and examine their sales receipts

C.  

Periodically count the cash in the register and compare it to the expected amount

D.  

Use cash registers with internal tapes that are tamper proof and that require a manager to process voids or refunds

A.  

Are the performance targets in your department realistic and attainable?

B.  

Do your coworkers have the knowledge, skills, and training needed to perform their job duties?

C.  

Does your supervisor comply with laws and regulations affecting the organization?

D.  

Do you have sufficient resources, tools, and time to accomplish your work objectives?

A.  

Determine organizational risk tolerances

B.  

Monitor the organization's risk mitigations

C.  

Determine the likelihood and impact of risks

D.  

Advise the board on risk management issues

A.  

Document in the workpapers and expand testing.

B.  

Continue with the engagement as planned, per the more senior auditor.

C.  

Report the suspected fraud to law enforcement officials and seek financial restitution.

D.  

Escalate the concern to the chief audit executive.

A.  

Evaluate the adequacy of the controls and then test the controls for effectiveness.

B.  

Test the controls for effectiveness and then evaluate the adequacy of the controls.

C.  

Identify risks and then evaluate the controls for effectiveness.

D.  

Evaluate the controls for effectiveness and then assess the risks in the area.

A.  

Identify relevant fraud risk factors.

B.  

Identify potential fraud schemes.

C.  

Identify existing controls for preventing and detecting fraud.

D.  

Identify red flags by conducting data analysis.

A.  

Strong board of directors oversight.

B.  

Incentive-based compensation structures.

C.  

Lower than average employee turnover.

D.  

Implementation of a fraud hotline.

A.  

Expertise requirements for internal auditors

B.  

Functional and administrative reporting lines for the chief audit executive

C.  

Audit engagements to be completed in the next fiscal year

D.  

Budget requirements for each engagement

A.  

Processes employed by internal and external assurance providers to authorize, direct, and provide oversight to management to better enable the meeting of organizational objectives

B.  

Processes employed by the board of directors to authorize and provide guidance and oversight to management to promote the achievement of organizational objectives.

C.  

Processes employed by the board of directors and senior management to mitigate risks to acceptable levels.

D.  

Processes employed by risk owners to mitigate risks to acceptable levels within the organization's risk appetite

A.  

Opportunity

B.  

Pressure

C.  

Rationalization

D.  

Justification

A.  

Leadership.

B.  

Documentation.

C.  

Analysis.

D.  

Reporting.

A.  

To recognize red flags that indicate fraud.

B.  

To recommend controls to prevent fraud.

C.  

To apply forensic auditing techniques to detect fraud.

D.  

To evaluate the potential for fraud.

A.  

Transaction-level control.

B.  

Management-oversight control.

C.  

Governance control.

D.  

Process-level control.

A.  

The globally accepted Certified Internal Auditor designation is mandatory at chief audit executive levels.

B.  

Internal auditors are encouraged to obtain appropriate professional designations.

C.  

Specialty designations are required for those who perform specialized audit and consulting work.

D.  

Studies for professional designations are the preferred source of continuing professional education

A.  

The chief audit executive (CAE) reports functionally to the CEO

B.  

The CAE s compensation is approved by the chief financial officer

C.  

The CAF's appointment is determined by the CEO

D.  

The CAE reports administratively to the chief operating officer

A.  

Validate the results of management's self-assessment.

B.  

Perform reviews of personnel.

C.  

Maintain rigorous and comprehensive documentation.

D.  

Obtain authorizations and signatures.

A.  

Asset misappropriation.

B.  

Skimming

C.  

Corruption.

D.  

Lapping.

A.  

Leadership

B.  

Conflict management

C.  

Communication

D.  

Influence

A.  

The cost and frequency of both internal and external assessments.

B.  

Any assumptions made by the assessment team

C.  

A potential conflict of interest of the assessment team.

D.  

The assessment team’s execution plan of relevant procedures.

A.  

Supervisors are likely to reduce their level of supervision and increase span of control.

B.  

Employees are likely to be supervised closely and given little freedom.

C.  

Peer employees are likely to trust one another, but distrust management.

D.  

Employees are likely to join forces to accomplish their duties as teams.

A.  

Each internal auditor must hold one or more certifications in the area of fraud and seek out continuing professional development related to fraud detection and fraud investigation.

B.  

Each internal auditor must have sufficient knowledge of IT risks and controls, and be able to evaluate the risk of fraud and the manner in which it is managed by the organization.

C.  

Each internal auditor on the engagement team must possess the same level of knowledge, skills, and other competencies as other auditors on the engagement team.

D.  

Each internal auditor must be paired, by the chief audit executive, with an individual who possesses the knowledge, skills, or other competencies required to complete the audit.

A.  

An internal audit activity that has been in existence fewer than five years cannot Indicate that it is operating in conformance with the Standards because it has not yet undergone an external assessment.

B.  

Once an external assessment validates conformance with the Standards, the internal audit activity may continue to use the statement until the next external assessment.

C.  

If it has been more than five years since the last external assessment was conducted, the Internal audit activity must cease indicating that it operates in conformance with the Standards.

D.  

The chief audit executive must disclose every instance of noncompliance with the Code of Ethics or the Standards.

A.  

The QAIP scope includes assurance work performed by the internal audit activity but not consulting work.

B.  

The QAIP verifies conformance with the Definition of Internal Auditing, Code of Ethics, and Standards.

C.  

QAIP reports are for internal use primarily and typically are not shared with members outside of the internal audit activity.

D.  

QAIPs make a distinction between fully outsourced internal audit activities and in-house internal audit teams, as a different set of criteria is applied for each.

A.  

As internal control is part of risk management, the internal audit role in risk management implies reduced emphasis on internal control.

B.  

Internal audit can blur the distinction between the second and the third lines as long as value is added.

C.  

Internal audit cannot rely on other assurance providers when opining on the effectiveness of risk management.

D.  

Internal audit should be aligned with first- and second-line functions through effective communication, cooperation, and collaboration.

A.  

Establish policies and procedures concerning the engagement process

B.  

Develop a strategy for recruiting assigning, and training staff

C.  

Outsource complex engagements to an external service provider

D.  

Base the auditor evaluation process on the number of observations

A.  

Require contractors to submit completed and signed work acceptance sheets

B.  

Utilize unmanned drones to conduct regular flights and photo shoots over the areas where work is performed

C.  

Reconcile invoices and work acceptance sheets submitted by contractors

D.  

Compare actual payments to contractors with budgeted values and analyze discrepancies

A.  

Deploying self-assessments against a competency benchmark.

B.  

Acquiring memberships in professional organizations.

C.  

Developing professional succession plans.

D.  

Obtaining subscriptions to professional journals in their area of interest.

A.  

Review for duplicate invoice numbers, duplicate dates, and duplicate amounts

B.  

Run checks to find matches between vendor and employee addresses

C.  

Check for recurring requests for refunds where invoices are paid twice

D.  

Review for unexplained increases in inventory

A.  

The sales department has failed to achieve targets for the last nine months.

B.  

Employees report suspicious activity by calling the organization's ethics hotline.

C.  

Hiring procedures do not include background checks for prospective job candidates.

D.  

Management reports three potential ethics issues to the board of directors.

A.  

Risks related to employee turnover.

B.  

Risks related to data manipulation.

C.  

Risks related to employee competency.

D.  

Risks related to not achieving sales targets.

A.  

Ethical compliance provides the basis for stakeholder confidence in the competence of the internal audit activity and of professional internal auditors.

B.  

Ethical compliance is necessary for internal auditors and the internal audit activity to accept responsibility for providing g absolute assurance about the organization's risk management.

C.  

Ethical compliance provides the basis for stakeholder trust and confidence in the validity of the profession of internal auditing and the internal audit activity's findings.

D.  

The internal audit activity's ethical compliance sets the tone for the ethical compliance by the organization's board, management, and employees.

A.  

Risk reduction.

B.  

Risk transfer.

C.  

Risk acceptance.

D.  

Risk avoidance.

A.  

An organization that takes no action in managing the possible exposure to an earthquake.

B.  

An organization that opts out of investing in a new region due to volatility in foreign exchange rates.

C.  

An organization that takes out insurance policies to protect its property and equipment.

D.  

An organization that deploys policies and procedures to guide business activities and practices

A.  

Wait for the next external assessment and address all of the missing information in the charter based on the recommendations from the external assessment team.

B.  

Perform a review of IIA guidance to become acquainted with the latest mandatory elements prior to updating the charter

C.  

Use an internal audit charter template from another organization that operates within the same industry.

D.  

Identify an individual within the internal audit activity who has in-depth knowledge of mandatory IIA guidance elements to address any gaps or areas of the current version of the charter that could be improved.

A.  

The result of a quality assurance and improvement program confirm there are no material issues.

B.  

Engagement workpapers are retained by the internet audit activity according to the retention and deletion policy.

C.  

The internal audit activity receives positive feedback from the managers of the areas that were under review.

D.  

internal auditors demonstrate proficiency by maintaining professional internal audit certifications

A.  

A performance audit.

B.  

A sensitive fraud investigation.

C.  

A compliance audit

D.  

A consulting service.

A.  

Avoidance.

B.  

Acceptance.

C.  

Reduction.

D.  

Sharing

A.  

The nature of consulting services typically is not included in the charter.

B.  

The chief audit executive must formally review the charter at least once a year

C.  

The nature of assurances provided to parties outside of the organization typically is not included in the charter.

D.  

The charter typically defines the internal audit activity's position within the organization.

A.  

Compare the organizations fraud strategies with the industry's strategies.

B.  

Review any related prior fraud investigations.

C.  

Investigate any related fraud allegations.

D.  

Communicate any suspicious fraud activities to management.

A.  

Determining whether any opportunity exists for senior executives to misappropriate property or funds

B.  

Planning and executing fieldwork In a complete and timely manner to identify all significant risks

C.  

Verifying whether the board of directors has implemented effective internal controls

D.  

Having senior management determine whether the degree of work planned is sufficient to meet engagement objectives

A.  

Information and communication

B.  

Risk assessment

C.  

Control activities

D.  

Control environment

A.  

A request to develop workshops on corporate governance for management.

B.  

A request to act as liaison with external auditors.

C.  

A request to determine appropriate risk management responses for management.

D.  

A request to provide counseling services on ethical matters.

A.  

Objectivity.

B.  

Integrity.

C.  

Proficiency.

D.  

Confidentiality.

A.  

Consider the scope of work and level of responsibility when establishing criteria for education and experience in filling internal audit positions.

B.  

Ensure that each newly hired auditor is qualified in all of the disciplines needed to accomplish the department’s audit mission.

C.  

Oversee a training program that matches the actual training provided with the interests of individual auditors.

D.  

Require all of the audit staff to pursue a minimum number of continuing professional education hours each year

A.  

To ensure that internal audit staff maintains high overall job satisfaction.

B.  

To ensure that internal audit staff acquired continuing professional education credits timely.

C.  

To ensure that top risks are mitigated to an acceptance level.

D.  

To ensure that internal audit staff have the competency to address high-priority risks.

A.  

An organization has a fiduciary duty to put shareholders' needs first

B.  

Customers' needs are the primary responsibility of the organization

C.  

Competitors are considered stakeholders of the organization

D.  

Employees are the organization's best assets and primary responsibility

A.  

Ask internal auditors to gather all relevant information and evidence.

B.  

Identify and interview witnesses first and potential suspects later.

C.  

Conduct a fraud risk assessment to identify the most vulnerable areas.

D.  

Determine the competencies needed and assess whether team members have a conflict of Interest.

A.  

General IT control.

B.  

Processing control.

C.  

Input control

D.  

Integrity control

A.  

Internal auditors shall perform engagement-level risk assessments

B.  

Internal auditors shall perform risk management activities.

C.  

Internal auditors shall perform risk-based engagements

D.  

Internal auditors shall perform organization wide risk assessments

A.  

Create different training budgets for each of the internal auditors

B.  

Define average training hours per auditor as a team performance measure

C.  

Analyze internal audit client survey feedback following audits

D.  

Review training records for all internal auditors

A.  

The ability to negotiate

B.  

The ability to use analytical tools

C.  

The ability to foresee issues

D.  

The ability to manage conflict

A.  

Quality assessments should be performed by individuals with sufficient knowledge of the internal audit practices

B.  

External quality assessments should be conducted every seven years

C.  

All quality assessments should be either conducted or validated by an independent assessment team

D.  

The results of the QAIP should be communicated to shareholders annually

A.  

Offering a one-off donation to an environmental charity for its expansion efforts

B.  

Organizing organization volunteers to provide periodic plantation skill sharing to farmers

C.  

Providing special year-end monetary bonuses to the organization's employees at all levels

D.  

Arranging a free-of-charge picnic for all of the organization's employees and their family members

A.  

The decision to involve auditors in the IPO was made by former audit committee members; therefore, the CAE is not responsible and can proceed with the new assignment.

B.  

The CAE should reject the assignment, as such engagements are beyond the scope of auditors who are usually not familiar with root cause analysis methodology.

C.  

The engagement should be undertaken by audit assistants and other junior staff members who were not involved in the IPO process.

D.  

The CAE should disclose objectivity limitations to the audit committee and suggest alternatives, such as outsourcing the engagement.

A.  

Promoting continuous evaluation

B.  

Promoting continuous monitoring

C.  

Promoting continuous improvement

D.  

Promoting continuous reporting

A.  

Checking for invoice amounts that do not match that of the purchase order.

B.  

Searching for identical invoice numbers and payment amounts.

C.  

Running checks to uncover post office box addresses matching employee addresses.

D.  

Comparing prices across vendors to see whether one vendor is unreasonably high.

A.  

The engagement supervisor violated The IIA's Code of Ethics principle of integrity.

B.  

The engagement supervisor violated The IIA's Code of Ethics principle of objectivity.

C.  

The engagement supervisor violated The IIA’s Code of Ethics principle of confidentiality.

D.  

The engagement supervisor did not violate any principles of The IIA’s Code of Ethics.

A.  

The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.

B.  

The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.

C.  

The assigned internal auditor must not assume management responsibilities while performing the engagement

D.  

The assigned internal auditor must maintain objectivity while performing the engagement.

A.  

An internal audit manager collaborates with senior management to provide misleading information to government authorities.

B.  

An internal audit manager provides sample audit reports and workpapers to a friend without obtaining prior approval

C.  

An internal audit manager carries out a technical audit request without seeking expert opinion, despite a lack of the requisite skills.

D.  

An internal audit manager assigned to audit a sales process failed to reveal that the process owner is a relative

A.  

The candidate must be able to apply data analytics tolls methodologies

B.  

The candidate must be able to evaluate IT governance and cybersecurity frameworks.

C.  

The candidate must be able to understand IT-elated risk and general controls

D.  

The candidate must be able to execute web servers, applications, and databases testing procedures.

A.  

The chief audit executive (CAE) reports administratively to the chief financial officer.

B.  

The CAE oversees the effectiveness of the organization’s risk management function.

C.  

The CAE reports functionally to the CEO.

D.  

The CAE managed the finance department for the past five years.

A.  

A general web-based training on auditing manufacturing processes.

B.  

Self-study courses on the industry's production practices

C.  

Industry publications that discuss production methods

D.  

A virtual meeting with management that explains the production of automobiles

A.  

Currency exchange rates, as they relate to internal audit-related expenses.

B.  

Differences in typical working hours, compared to other countries.

C.  

The effects of subtle language nuances on translations.

D.  

Accepted practices that may be illegal in other countries.

A.  

Internal audit authority.

B.  

Internal audit reporting structure.

C.  

Internal audit independence and objectivity.

D.  

Internal audit interaction with the board

A.  

Monitor and review

B.  

Performance measurement.

C.  

Setting the context.

D.  

Communication.

A.  

Request the internal audit activity to perform an ethics-related assurance engagement.

B.  

Offer in-house ethics-related training seminars for employees to attend.

C.  

Reaffirm the importance of the organization's code of ethics to all employees.

D.  

Conduct an organizationwide employee survey on ethical practices

A.  

Employees in the data center must always wear identification badges

B.  

Operating system updates must be installed within 48 hours.

C.  

A two stage authentication process must be used to access customer information

D.  

System backup and recovery testing must be done monthly

A.  

Fraud prevention.

B.  

Fraud detection.

C.  

Corporate culture.

D.  

Forensic analysis techniques.