Spring Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

Internal Audit Engagement Question and Answers

Internal Audit Engagement

Last Update Feb 28, 2026
Total Questions : 747

We are offering FREE IIA-CIA-Part2 IIA exam questions. All you do is to just go and sign up. Give your details, prepare IIA-CIA-Part2 free exam questions and then go for complete pool of Internal Audit Engagement test questions that will help you more.

IIA-CIA-Part2 pdf

IIA-CIA-Part2 PDF

$36.75  $104.99
IIA-CIA-Part2 Engine

IIA-CIA-Part2 Testing Engine

$43.75  $124.99
IIA-CIA-Part2 PDF + Engine

IIA-CIA-Part2 PDF + Testing Engine

$57.75  $164.99
Questions 1

During planning, the chief audit executive submits a risk-and-control questionnaire to management of the activity under review. Which of the following statements is true regarding the questionnaire?

Options:

A.  

It would be an inefficient way for internal auditors to address multiple controls in the activity under review.

B.  

It would limit certain members of the internal audit team from being fully involved in the engagement.

C.  

It would be the most effective way for the internal audit team to obtain a detailed understanding of the processes and controls in the activity to be audited.

D.  

It would be an efficient way for the internal audit team to determine whether specified control activities are in place.

Discussion 0
Questions 2

Which of the following sampling techniques is typically used when an internal auditor wants to test a large sample for fraud?

Options:

A.  

Stratified sampling

B.  

Haphazard sampling

C.  

Discovery sampling

D.  

Probability-proportional-to-size sampling

Discussion 0
Questions 3

An organization's health-care insurance costs have been rising approximately 10 percent per year for several years Which of the following analytical review procedures would best evaluate the reasonableness of the increase in health-care costs?

Options:

A.  

Develop a comparison of the costs incurred with similar costs incurred by other organizations

B.  

Obtain the government index of health-care costs for the comparable period of time and compare the rate of increase with that of the cost per employee incurred by the organization.

C.  

Obtain a bid from another health-care administrator to provide the same administrative services as the current health-care administrator.

D.  

Review all claims and compare with appropriate procedures to ensure that overpayments have not occurred

Discussion 0
Questions 4

Which of the following is an appropriate activity when supervising engagements?

Options:

A.  

During engagement planning, the audit work program should be discussed between auditors and the engagement supervisor with the supervisor approving the work program.

B.  

During fieldwork, scope changes made to the work program are at the auditor's discretion and should be supported adequately in the workpapers.

C.  

Engagement supervision is most critical to the fieldwork and reporting phases of the audit, as this is where the majority of the work takes place.

D.  

A degree of high supervision to no supervision may be provided to an auditor depending on his level of competence and the complexity of the engagement.

Discussion 0
Questions 5

Which of the following represents the best method for confirming that vendor invoices were for authorized purchases?

Options:

A.  

Vouching vendor invoices to payments made.

B.  

Sorting invoices by purchase orders and comparing for successive duplicate invoices.

C.  

Comparing a random sample of vendor invoices to purchase orders.

D.  

Sorting payments by invoice to detect successive duplicate invoices.

Discussion 0
Questions 6

Which of the following best describes why an internal audit activity would consider sending written preliminary observations to the audit client?

Options:

A.  

Written observations allow for more interpretation.

B.  

Written observations help the internal auditors express the significance.

C.  

Written and verbal observations are equally effective.

D.  

Written observations limit premature agreement

Discussion 0
Questions 7

Which of the following statements is true regarding the chief audit executive's (CAT$) responsibilities after completing an assurance or consulting engagement?

Options:

A.  

The CAE must establish a follow-up process tor both assurance and consulting engagements to monitor that management actions have been effectively implemented to address observations

B.  

The CAE must communicate the results of assurance and consulting engagements lo whoever can ensure that the results are given due consideration.

C.  

The CAE must acknowledge satisfactory performance when communicating the results of assurance and consulting engagements

D.  

The CAE may delegate the responsibility for communicating the results of consulting engagements although this responsibility cannot be delegated for assurance engagements

Discussion 0
Questions 8

An internal auditor discovered fraud while performing an audit of an organization's procurement process. Which of the following describes the greatest benefit of using forensic auditing techniques in this scenario?

Options:

A.  

Enhanced capability to prevent frauds from occurring.

B.  

Greater assurance that procurement frauds will be detected in a timely manner

C.  

Improved capability of evaluating fraud risks within the organization.

D.  

Greater understanding of fraud through better evidence collection

Discussion 0
Questions 9

An internal auditor wants to assess whether the organization's governing body was involved in strategic decisions for the use of social media. What could provide the most relevant evidence?

Options:

A.  

The board's meeting minutes

B.  

The executive committee’s social media budget report

C.  

The organization’s marketing plan

D.  

The organization’s procedures manual for daily social media management

Discussion 0
Questions 10

A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

Options:

A.  

Lack of coordination among different business units

B.  

Operational decisions are inconsistent with organizational goals.

C.  

Suboptimal decision-making.

D.  

Duplication of business activities.

Discussion 0
Questions 11

Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

Options:

A.  

There is a higher reliance on organizational culture

B.  

There are clear expectations set for employees.

C.  

There are electronic monitoring techniques employed

D.  

There is a defined code for employee behavior

Discussion 0
Questions 12

During the planning process for a human resources audit, an internal auditor obtains an organizational chart. The auditor observes a flat organizational structure. Which of the below risks should the auditor consider for this engagement?

Options:

A.  

Transactions and decision-making require multiple approvals, resulting in processing delays.

B.  

Career and promotion paths are not easily visible and defined.

C.  

Communication is likely to be top-down, with little feedback from lower-level employees.

D.  

Employees have little autonomy, which may result in employee turnover or low morale.

Discussion 0
Questions 13

During the planning phase of an assurance engagement, the internal audit engagement team identifies and evaluates the inherent fraud risks within the procurement function. What should be the engagement team’s next step?

Options:

A.  

Identify and map existing controls to their relevant inherent fraud risks

B.  

Detect fraudulent activities in the activity under review for the audited period

C.  

Select the appetite level for each inherent fraud risk

D.  

Evaluate and respond to residual fraud risks that need to be mitigated

Discussion 0
Questions 14

Which of the following statements about including consulting engagements in the annual internal audit plan is true?

Options:

A.  

All requests for consulting engagements must be included in the annual internal audit plan

B.  

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.  

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.  

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

Discussion 0
Questions 15

Which of the following has the greatest effect on the efficiency of an audit?

Options:

A.  

The complexity of deficiency findings.

B.  

The adequacy of preliminary survey information.

C.  

The organization and content of workpapers.

D.  

The method and amount of supporting detail used for the audit report.

Discussion 0
Questions 16

An internal auditor finds inconsistencies in a risk area that needs immediate attention. Which of the following actions is most appropriate for the auditor?

Options:

A.  

Prepare an action plan to address the inconsistencies

B.  

Contact regulatory agencies to report the inconsistencies and recommended corrective actions

C.  

Assess the risk of the inconsistencies against the organization's mission

D.  

Issue an interim report to senior management

Discussion 0
Questions 17

Which of the following audit steps would an internal auditor most likely be questioned on?

Options:

A.  

The auditor confirms the organization's ownership of physical equipment by verifying its presence on site visually.

B.  

The auditor vouches for a sample of check copies to support voucher packages to test the checks' validity.

C.  

The auditor vouches a sales invoice to a shipping document to conclude that the invoice has been issued.

D.  

The auditor recalculates the allowance for doubtful accounts based on management assertions.

Discussion 0
Questions 18

Which of the following is an appropriate documentation of proper engagement supervision?

Options:

A.  

A completed engagement workpaper review checklist.

B.  

The supervisor's review notes on engagement workpapers.

C.  

The email exchanges between the audit team and the supervisor.

D.  

A supervisor's approval of resources allocated to the engagement

Discussion 0
Questions 19

An internal audit team was conducting an assurance engagement to review segregation of duties in the purchasing function. The internal auditors reviewed a sample of purchase orders from the past two year and discovered that 2 percent were signed by employees who were operating in a designated acting capacity due to employee absence. According to IIA guidance, which of the following attributes of information would most likely assist the auditor in deciding whether to report this finding?

Options:

A.  

Sufficiency

B.  

Reliability

C.  

Relevance

D.  

Usefulness

Discussion 0
Questions 20

Which of the following would most likely form part of the engagement scope?

Options:

A.  

Potential legislation on privacy topics will be employed as a compliance target O Wire transfers that exceeded $10,000 in the last 12 months will be analyzed.

B.  

Both random and judgmental samplings will be used during the engagement

C.  

The probability of significant errors will be considered via risk assessment.

Discussion 0
Questions 21

Which of The following best justifies an internal auditor's decision to issue a preliminary audit report?

Options:

A.  

The internal audit team and audit client have a serious dispute over the scope and objective of the engagement

B.  

The internal audit team expects management to address certain issues immediately due to their severe impact

C.  

The internal audit team anticipates that the formal final audit report would be undesirable for management due to the significance of outlined risks

D.  

The internal audit team would like to issue a clean final audit report without any material observations or risks

Discussion 0
Questions 22

What is the best course of action for a chief audit executive if an internal auditor identifies in the early stage of an audit that some employees have inappropriate access to a key system?

Options:

A.  

Contact the audit committee chair to discuss the finding

B.  

Obtain verbal assurance from management that the inappropriate access will be removed

C.  

Issue an interim audit report so that management can implement action plans

D.  

Ask the auditor to create a ticket with the IT help desk requesting to revoke the inappropriate access

Discussion 0
Questions 23

During follow-up. the internal auditor discovered that operational management did not implement effective actions to address a significant control breach If the issue is left unresolved it may result in regulatory sanctions and damage the organization's reputation What is the most appropriate next step for the chief audit executive to lake?

Options:

A.  

Report the matter to the board

B.  

Implement the recommended control to address the exposure

C.  

Discuss the matter with senior management

D.  

Ask the regulatory agency to persuade management to address the issue

Discussion 0
Questions 24

Which of the following is the primary reason an internal auditor would issue an interim report during an engagement?

Options:

A.  

To provide a status update on a short engagement to management of the area under review and to the audit supervisor.

B.  

To confirm agreement with preliminary observations and conclusions identified during the engagement.

C.  

To provide those responsible for the area under review with the opportunity to act on certain observations immediately.

D.  

To verify that the corrective actions required by senior management are completed as agreed.

Discussion 0
Questions 25

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?

Options:

A.  

The review notes may be cleared from the final documentation once the engagement supervisors concerns have been addressed

B.  

Management of the area under review must address the engagement supervisors review notes before the audit report can be finalized.

C.  

The chief audit executive must initial or sign the engagement supervisors review notes to provide evidence of appropriate engagement supervision.

D.  

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program

Discussion 0
Questions 26

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

Options:

A.  

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.  

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.  

The self-assessment results were validated by a qualified external review team three years prior.

D.  

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Discussion 0
Questions 27

An internal auditor concluded that delays in an ongoing construction project have cost the organization $10 million to date. Which documents should be included in the audit workpapers to provide sufficient evidence to support the conclusion?

Options:

A.  

Payment and work milestones

B.  

Pictures from the construction site

C.  

Initial sprint planning

D.  

Project internal rate of return

Discussion 0
Questions 28

The internal audit activity has adopted the balanced scorecard approach to assess its performance According to MA guidance which of the following is a key performance indicator relevant to the audit client?

Options:

A.  

Percentage of recommendations implemented by corrective action date

B.  

Staff experience

C.  

Percentage of planned audits completed

D.  

Conformance with the International Professional Practices Framework

Discussion 0
Questions 29

An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

Options:

A.  

Manage and coordinate risk management processes.

B.  

Audit risk management processes.

C.  

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.  

Accept management's responsibility for risk management without board approval.

Discussion 0
Questions 30

An internal audit activity plans its engagements based on an organization-wide risk assessment. According to IIA guidance, which of the following statements is true regarding the required frequency of the risk assessment?

Options:

A.  

The risk assessment must be performed at least quarterly.

B.  

The risk assessment must be performed at least annually.

C.  

The risk assessment must be performed at least once every five years, in alignment with the internal audit activity's quality assurance and improvement program.

D.  

There is no specific requirement; a risk assessment should be performed as needed to account for changes in the business environment.

Discussion 0
Questions 31

An internal auditor s examination of accounts receivable generates the following results:

What is the projected misstatement for the population if ratio estimation is used?

Options:

A.  

$84,000

B.  

$238,095

C.  

$700,000

D.  

$2100.000

Discussion 0
Questions 32

An internal auditor conducted interviews with several employees, documented the interviews analyzed the summaries, and drew a number of conclusions. What sort of audit evidence has the internal auditor primarily obtained?

Options:

A.  

Documentary evidence

B.  

Testimonial evidence

C.  

Analytical evidence

D.  

Physical evidence

Discussion 0
Questions 33

Which of the following is an advantage of nonstatistical sampling over statistical sampling?

Options:

A.  

Nonstatistical sampling provides more objective recommendations for management.

B.  

Nonstatistical sampling provides an opportunity to select the minimum sample size required to satisfy the objectives of the audit tests.

C.  

Nonstatistical sampling provides for the use of subjective judgment in determining the sample size.

D.  

Nonstatistical sampling permits the auditor to specify a level of reliability and the desired degree of precision.

Discussion 0
Questions 34

An internal audit report includes a recommendation to remove inappropriate user access to an IT application. Which of the following does the recommendation represent?

Options:

A.  

An agreed action adopted by management.

B.  

A condition-based recommendation as an interim solution to correct a current condition.

C.  

A cause-based recommendation to prevent inappropriate access being granted again.

D.  

A management action plan.

Discussion 0
Questions 35

Management has taken immediate action to address an observation received during an audit of the organization's manufacturing process Which of the following is true regarding the validity of the observation closure?

Options:

A.  

Valid closure requires evidence that ensures the corrected process will function as expected in the future

B.  

Valid closure requires the client lo address not only the condition, but also the cause of the condition

C.  

Valid closure of an observation ensures it will be included in the final engagement report

D.  

Valid closure requires assurance from management that the original problem will not recur in the future

Discussion 0
Questions 36

Which of the following internal audit activity staffing models has the disadvantage that auditors are always new and in training?

Options:

A.  

Career model

B.  

Center of competence model.

C.  

Rotational model.

D.  

Hybrid model

Discussion 0
Questions 37

An internal auditor wants to identity potential ghost employees in the organization's payroll system The auditor extracts the following data

- Human resources data with employees' names addresses employment conditions and identification codes

- Payroll data

- Logs from entrance systems

With this data, which of the following types of ghost employees will the auditor be able to identify?

Options:

A.  

Employees who are being paid more than then approved wages

B.  

Employees who get paid although their employment has expired

C.  

Employees who are related to one of the subcontractors

D.  

Employees who are physically present at the workplace but who do not perform the specified job duties

Discussion 0
Questions 38

An internal audit intends to create a risk and control matrix to better understand the organization's complex manufacturing process. With which of the following approaches would the auditor most likely start?

Options:

A.  

Assess management responses to key risk exposures

B.  

Analyze the costs and benefits of key controls

C.  

Evaluate the design adequacy of known controls

D.  

Conduct a walk-through of all related activates

Discussion 0
Questions 39

Which of the following is true about surveys?

Options:

A.  

A survey with open-ended questions is weaker than a structured interview

B.  

A survey with closed-ended questions can produce quantifiable evidence

C.  

A survey's participants are likely to volunteer information that was not specifically requested

D.  

A survey, like inspections and confirmations are best used to test the operating effectiveness of controls

Discussion 0
Questions 40

During which phase of the contracting process are contracts drafted for a proposed business activity’

Options:

A.  

Initiation phase.

B.  

Bidding phase.

C.  

Development phase.

D.  

Management phase

Discussion 0
Questions 41

An internal auditor wants to determine whether the key risks identified by management in the risk register are reflective of the key risks in the industry. Which of the following techniques would the auditor apply to achieve this goal?

Options:

A.  

Perform benchmarking

B.  

Perform a trend analysis

C.  

Perform a ratio analysis

D.  

Perform observation to gather evidence

Discussion 0
Questions 42

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

Options:

A.  

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.  

Oversight of the coordination between the internal audit activity and independent outside auditors

C.  

The internal audit activity's purpose, authority, responsibility, and performance relative to plan.

D.  

Management's assertions regarding the system of internal controls.

Discussion 0
Questions 43

An internal auditor reviewed the tender documents for the procurement of manufacturing equipment and observed the following:

    Tender technical specifications were compliant with internal policies.

    The sole assessment criterion of the tender was economic feasibility.

    All bids were submitted to a designated software and could not be opened before the submission deadline.

    The winner was approved by senior management.

    The winner was selected based on which bidder offered the newest technology.

Which of the following is the most appropriate conclusion?

Options:

A.  

Key controls of the procurement process operate as intended based on the analysis of the specific tender documents.

B.  

IT controls implemented to ensure confidentiality of submitted bids seem to have several deficiencies.

C.  

Management's selection of the winner should be positively acknowledged for focusing on innovative technological solution.

D.  

The principles of transparency and equal treatment of bidders seem to be impaired.

Discussion 0
Questions 44

Which of the following computerized audit tools or techniques should be used if the internal auditor wants to extract specific files and records in the database?

Options:

A.  

An expert or decision support system

B.  

Generalized audit software

C.  

A system utility program

D.  

An integrated test facility

Discussion 0
Questions 45

In preparing the engagement work program, which of the following is generally true with respect to secondary controls?

Options:

A.  

A separate engagement work program should be created for secondary controls

B.  

Secondary controls do not necessarily need to be tested for effectiveness

C.  

Any documented secondary controls are deemed essential to the adequacy of control design

D.  

Secondary controls should be held to the same requirements as key controls

Discussion 0
Questions 46

A senior internal auditor is hired within the internal audit activity for a period of two years before advancing to an operations manager role within the business operations team. When staffing arrangement is being used in this scenario?

Options:

A.  

Comer of competence

B.  

Career model

C.  

Rotational model

D.  

Cosourcing agreement

Discussion 0
Questions 47

According to HA guidance on IT, which of the following actions would be performed as part of the "Define IT Universe" stage of the IT audit plan development process?

Options:

A.  

Identify significant applications that support the business operations

B.  

Assess risk and rank subjects using business risk factors

C.  

Identify how the organization structures its business operations

D.  

Select audit subjects and bundle into distinct audit engagements

Discussion 0
Questions 48

During an audit of the human resources department, an internal auditor adopts benchmarking to test the employee turnover rate. How should the internal auditor apply this technique?

Options:

A.  

Compare turnover m the organization to published turnover rates of peer organizations.

B.  

Compare turnover in one period with turnover in the previous period in the organization

C.  

Compare turnover in the period to total employees in the organization

D.  

Compare turnover with the auditor's general knowledge of the organization

Discussion 0
Questions 49

According to IIA guidance,which of the following is true about the supervising internal auditor's review notes?

• They are discussed with management prior to finalizing the audit.

• They may be discarded after working papers are amended as appropriate.

• They are created by the auditor to support her fieldwork in case of questions.

• They are not required to support observations issued in the audit report.

Options:

A.  

1 and 3 only

B.  

1 and 4 only

C.  

2 and 3 only

D.  

2 and 4 only

Discussion 0
Questions 50

Which of the following statements describes an engagement planning best practice?

Options:

A.  

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

B.  

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

C.  

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

D.  

Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

Discussion 0
Questions 51

During the review of an organization's retail fraud deterrence program, an employee mentions that an expensive fraud surveillance information system is rarely used. The internal auditor concludes that additional staff are required to properly utilize the system to its full potential. According to IIA guidance, which criteria for evidence is most lacking to reach this conclusion?

Options:

A.  

Sufficiency.

B.  

Reliability.

C.  

Relevancy.

D.  

Usefulness.

Discussion 0
Questions 52

Following an audit, management developed an action plan to improve controls over the handling of scrap metal. Which of the following would be the most appropriate course of action for the auditor to follow up?

Options:

A.  

Conduct another audit engagement to ensure all risks related to the sales of scrap metal have been mitigated.

B.  

Ensure new procedures have been documented, approved, and distributed to the employees responsible.

C.  

Perform retesting to confirm that new procedures address the previously identified deficient control activities.

D.  

Analyze the new procedures, then report to senior management whether the associated risks have been managed.

Discussion 0
Questions 53

The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?

Options:

A.  

The CAE is required to review, approve, and sign every engagement report.

B.  

The CAE is required to review, approve, and sign all regulatory compliance engagement reports only

C.  

The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.

D.  

The internal audit charter must identify authorized signers of engagement reports.

Discussion 0
Questions 54

According to IIA guidance, which of the following is a limitation of a heat map?

Options:

A.  

Impact cannot be represented on a heat map unless it is quantified in financial terms

B.  

Impact and likelihood at times cannot be differentiated as to which is more important.

C.  

A heat map cannot be used unless a risk and control matrix has been developed.

D.  

Qualitative factors cannot be incorporated into a heat map

Discussion 0
Questions 55

An internal auditor using the five-attribute approach to document deficiencies in a warehouse shipping process. Which of the following attributes will be included in the workpapers?

Options:

A.  

Risk, impact likelihood existing control, recommendation

B.  

Condition, cause, effect, recommendation

C.  

Condition, cause effect test result

D.  

Risk, impact test result recommendation

Discussion 0
Questions 56

An internal audit engagement supervisor approved the engagement work program submitted by an internal auditor and concluded that it satisfied engagement objectives. At the end of the engagement, the engagement supervisor reviewed the completed work program and found numerous deficiencies and inconsistencies in the engagement workpapers. Which of the following should be improved in the process of engagement supervision?

Options:

A.  

The supervisor should regularly review the engagement team's workpapers throughout the engagement, including raising questions and providing guidance.

B.  

The supervisor should evaluate whether the engagement work program includes audit procedures relevant to engagement objectives.

C.  

The supervisor should thoroughly document all concerns prior to signing off the completed workpapers and finalizing the work program.

D.  

The supervisor should issue a satisfaction questionnaire to management of the activity that was under review to understand the root causes of deficient performances.

Discussion 0
Questions 57

An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the

bank heading, logo, or address. Which of the following statements is true regarding this situation?

Options:

A.  

The evidence may not be reliable.

B.  

The evidence is not relevant.

C.  

The evidence may not be sufficient.

D.  

The information missing is not relevant to the audit.

Discussion 0
Questions 58

An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?

Options:

A.  

Utility software

B.  

Integrated test facility

C.  

Parallel simulation

D.  

Generalized audit software

Discussion 0
Questions 59

Which of the following is most likely to be judged as a significant residual risk that would exceed the organization's acceptable risk level?

Options:

A.  

Any risk involving organizational expansion into a new geographical area with an unstable political environment.

B.  

Any risk involving investments into bitcoin and suspicious derivatives

C.  

Any risk that can cause material or financial loss

D.  

Any risk that could cause injuries or pollute the environment

Discussion 0
Questions 60

Options:

A.  

The organization’s attitude to hierarchy.

B.  

The organization's whistleblowing strategy.

C.  

The organization’s ongoing risk monitoring process.

D.  

The organization’s risk management policy.

Discussion 0
Questions 61

What is the primary reason that audit supervision includes approval of the engagement report?

Options:

A.  

To ensure the objectives of the area under review are met

B.  

To ensure senior management supports the reports conclusions

C.  

To ensure report style and grammar are appropriate.

D.  

To ensure report findings are substantiated

Discussion 0
Questions 62

An internal auditor is performing testing to gather evidence regarding an organization's inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is The auditor's concern best describes which of the following risks?

Options:

A.  

Incorrect rejection risk.

B.  

Incorrect acceptance risk.

C.  

Tolerable misstatement risk

D.  

Anticipated misstatement risk

Discussion 0
Questions 63

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

Options:

A.  

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

B.  

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

C.  

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

D.  

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Discussion 0
Questions 64

An organization has identified new strategic goals, and a current objective is to determine an optimal course of action to meet those goals. Which data analytics method is used to achieve this objective?

Options:

A.  

Diagnostic analysis

B.  

Predictive analysis

C.  

Network analysis

D.  

Prescriptive analysis

Discussion 0
Questions 65

To which of the following aspects should the chief audit executive give the most consideration while communicating an identified unacceptable risk to management?

Options:

A.  

The organization's attitude to hierarchy

B.  

The organization's whistleblowing strategy

C.  

The organization's ongoing risk monitoring process

D.  

The organization's risk management policy

Discussion 0
Questions 66

The organization’s internal audit charter was last updated six years ago to update the charter, which of the following actions is most appropriate for the chief audit executive to take?

Options:

A.  

Wait for the next external assessment and address all of the missing information in the charter based on the recommendations from the external assessment team

B.  

Perform a review of HA guidance to become acquainted with the latest mandatory elements prior to updating the charter

C.  

Use an internal audit charter template from another organization that operates within the same industry.

D.  

Identify an individual within the internal audit activity who has in-depth knowledge of mandatory IIA guidance elements to address any gaps or areas of the current version of the charter that could be improved

Discussion 0
Questions 67

In which of the following situations would an internal auditor consider the need to outsource competencies and skills9

Options:

A.  

During the inspection of a wind turbine. an internal auditor notices that some replaced parts took used According to purchase documents, the parts still have a long lifespan.

B.  

The auditor believes that the audit client's actions contradict the organization's code of conduct The audit client disagrees and says his actions are for the organization's benefit

C.  

An audit team member is allocated to conduct an assurance engagement m the sales unit. However, the same auditor performed an assurance engagement in that area just one year prior

D.  

During an inventory count, the auditor ascertained that some goods were missing. The audit client argues that the auditor does not understand how inventory should be counted

Discussion 0
Questions 68

Which of the following performance measures is considered a lagging indicator to the largest degree?

Options:

A.  

Return on investment

B.  

Customer retention

C.  

Employee satisfaction

D.  

Cost of research and development

Discussion 0
Questions 69

According to IIA guidance, which of the following provides additional insight into errors, problems, missed opportunities, or noncompliance to improve the effectiveness and efficiency of an organization's control process?

Options:

A.  

Reperformance.

B.  

Vouching.

C.  

Independent confirmation.

D.  

Root cause analysis.

Discussion 0
Questions 70

Senior management wants assurance that third-party contractors are following procedures as agreed with the organization. Which type of audit would be most appropriate

to achieve this objective?

Options:

A.  

A compliance audit.

B.  

A due diligence audit.

C.  

A financial audit.

D.  

An external audit.

Discussion 0
Questions 71

What is the purpose of an internal control questionnaire?

Options:

A.  

To gather information from a sample of people who are geographically dispersed

B.  

To assess risks that could prevent an audited area from achieving its objectives.

C.  

To evaluate tie level of compliance of remote offices with centrally designed procedures

D.  

To perform testing of controls more frequently

Discussion 0
Questions 72

Which of the following statements best demonstrates application of due professional care during an assurance engagement?

Options:

A.  

The engagement detected irregularities and noncompliance instances.

B.  

The engagement supervisor had no significant comments in the supervisory review.

C.  

The audit procedures were systematically planned: executed, and documented.

D.  

The engagement objectives were designed to assist the engagement client

Discussion 0
Questions 73

Which of the following is a true statement regarding the use of flowcharts as an audit tool?

Options:

A.  

Flowcharts are typically not well suited to support information provided by a risk and control matrix.

B.  

Flowcharts are preferred to narratives, as they can provide much greater detail on the design and operation of a process.

C.  

Flowcharts are best applied to linear process flows but cannot address all risks related to the process.

D.  

Flowcharts describe process steps but cannot provide the level of detail needed to adequately assess the design of the process.

Discussion 0
Questions 74

As a result of server managements assumption of risk there is residual risk that exceeds me organisation's risk appetite. Which of the following actions would be most appropriate for the chief audit executive to take?

Options:

A.  

ignore the responsibility of addressing the residual risk

B.  

Assume the responsibility of addressing the residual risk

C.  

Ensure senior management acknowledges residual risk

D.  

Communicate with the board the issue of residual risk

Discussion 0
Questions 75

An internal auditor discovered that equipment used to monitor air quality was not maintained according to the established maintenance schedule. If the issue is not addressed, the equipment may not provide accurate information on pollutant levels, which could result in regulatory sanctions and reputational damage. The auditor discussed the issue with both the manager in charge and the CEO, who explained that they understand the risk, but it has become too expensive to maintain the equipment as scheduled. In this situation, what should the chief audit executive do?

Options:

A.  

Add value to the organization by taking initiative and implementing corrective actions to mitigate the identified risks.

B.  

Communicate to the board the current situation, including the risk exposure to the organization.

C.  

Discuss the matter with external auditors and request that they persuade management to address the issue.

D.  

Contact the regulatory agency and inform them of the risk exposure.

Discussion 0
Questions 76

An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?

Options:

A.  

Analytical procedures.

B.  

Detail testing.

C.  

Test of design.

D.  

Test of control.

Discussion 0
Questions 77

When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?

1. The competency and qualifications of the audit staff for specific assignments.

2. The effectiveness of IAA staff performance measures.

3. The number of training hours received by staff auditors compared to the budget.

4. The geographical dispersion of audit staff across the organization.

Options:

A.  

1 and 3

B.  

1 and 4

C.  

2 and 3

D.  

2 and 4

Discussion 0
Questions 78

Senior management decides to adopt a conservative working capital policy. What would be the expected result for the organization?

Options:

A.  

Low levels of inventory

B.  

Higher level of profitability

C.  

High level of liquidity

D.  

Higher level of risk

Discussion 0
Questions 79

A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?

1. Graded positive opinion.

2. Negative assurance opinion.

3. Limited assurance opinion.

4. Third-party opinion.

Options:

A.  

1 and 3

B.  

1 and 4

C.  

2 and 3

D.  

2 and 4

Discussion 0
Questions 80

An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?

Options:

A.  

Names and work titles of employees

B.  

Description of responsibilities of business units.

C.  

Average fuel consumption data of vehicles

D.  

Location and route data of vehicles

Discussion 0
Questions 81

According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?

Options:

A.  

The CAE can release prior internal audit reports with the approval of the board and senior management.

B.  

The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

C.  

The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

D.  

The CAE can release prior information provided it is as originally published and distributed within the organization.

Discussion 0
Questions 82

The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?

Options:

A.  

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.  

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.  

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.  

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Discussion 0
Questions 83

According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

Options:

A.  

The organization's audit universe is extensive and diverse.

B.  

There has been an increase in unanticipated requests for advisory work.

C.  

Previous work provided by the external service provider has been of great quality and value.

D.  

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

Discussion 0
Questions 84

According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?

Options:

A.  

The review should focus on the efficiency of the controls in place to prevent fraud.

B.  

The scope of the review does not need to include all operating areas of the organization.

C.  

The cost of the control should be compared to the benefit of mitigating the related risk.

D.  

The review should assess whether the internal controls can be circumvented.

Discussion 0
Questions 85

Which of the following statements is true regarding the audit objective for an assurance engagement?

Options:

A.  

Operational management must determine the audit objective in cooperation with the internal auditor

B.  

The audit objective may be adjusted after the start of an engagement and it does not need to align with the assessed risks

C.  

The audit objective must consider the possibility of fraud and noncompliance

D.  

The audit objective may or may not consider the possibility of fraud depending on the assessed likelihood and impact

Discussion 0
Questions 86

Which of the following internal audit activity staffing models has the disadvantage that auditors are always new and in training?

Options:

A.  

Career model.

B.  

Center of competence model.

C.  

Rotational model.

D.  

Hybrid model.

Discussion 0
Questions 87

Which type of assurance engagement is conducted to determine whether a process or area is performing as intended, accomplishing its objectives, and doing so in an efficient and economical way?

Options:

A.  

Compliance audit.

B.  

Operational audit.

C.  

Financial audit.

D.  

Provider audit.

Discussion 0
Questions 88

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy Which of the following is the most appropriate idea to include?

Options:

A.  

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.  

The board Is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported

C.  

Management is responsible for ensuring that the organization's CSR principles are communicated, understood, and integrated into decision-making processes.

D.  

Generally, CSR activities are limited to the management of the organization, thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Discussion 0
Questions 89

According to IIA guidance, organizations have the most influence on which element of fraud?

Options:

A.  

Opportunity.

B.  

Rationalization.

C.  

Pressure.

D.  

Incentives.

Discussion 0
Questions 90

A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan''

Options:

A.  

Present the revised audit plan directly to the board for approval.

B.  

Communicate with the chief financial officer and present the revised audit plan to the CEO tor approval

C.  

Present the revised audit plan directly to the CEO for approval

D.  

Communicate with the CEO and present the revised audit plan to the board for approval.

Discussion 0
Questions 91

The internal audit function is in the fieldwork stage of the annual staff performance appraisal assurance engagement. A new auditor is hired and added to the engagement team. The auditor reviews the engagement work program with another member of the team and suggests improvements to make the fieldwork easier to complete. What action should be taken next?

Options:

A.  

Refer the suggested changes to the engagement supervisor for approval.

B.  

Note the suggested changes to be included in next year’s engagement program.

C.  

Update the engagement work program with the suggested changes.

D.  

No action is required as the work program has been approved and is underway.

Discussion 0
Questions 92

An internal auditor completed a test of 30 randomly selected accounts. For five of the accounts selected, the auditor was unable to find supporting documentation in the normal place of storage. Which of the following next steps would be most appropriate for the internal auditor to take?

Options:

A.  

Conclude that the test failed because at least 17 percent of the sample items were not supported.

B.  

Select five new accounts to replace the ones that were missing supporting documentation.

C.  

Expand the sample size to 60 to determine whether the error rate remains the same.

D.  

Contact management to determine whether the supporting documentation can be located elsewhere.

Discussion 0
Questions 93

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Options:

A.  

Report follow-up activities to senior management.

B.  

Implement follow-up procedures to evaluate residual risk.

C.  

Determine the costs of implementing the recommendations.

D.  

Evaluate the extent of improvements.

Discussion 0
Questions 94

When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?

Options:

A.  

The need and availability of automated support.

B.  

The potential impact of key risks.

C.  

The expected outcomes and deliverables.

D.  

The operational and geographic boundaries.

Discussion 0
Questions 95

The chief audit executive (CAE) determined that the internal audit activity lacks the resources needed to complete the internal audit plan Which of the following would be the most appropriate action tor the CAE to take?

Options:

A.  

Use guest auditors from within the organization, and leverage their experience by assigning them to lead engagements m areas where they previously worked

B.  

Outsource some of the audits to the organization s external auditor who is already familiar with the organization

C.  

Invite nonauditors to join the internal audit activity for a two-year rotational position, and assign them to join audit teams that are reviewing areas where they have no previous management responsibility

D.  

Recruit recent college graduates and employ them as audit interns with an aim to offer permanent employment

Discussion 0
Questions 96

Besides a chief audit executive's professional experience what determines the frequency and approach to assessing residual risk?

Options:

A.  

The frequency of executing the internal audit engagements

B.  

The frequency of changes in the organization environment

C.  

The expectations set by the board and senior management

D.  

The expectations set by operating management and senior management

Discussion 0
Questions 97

Which of the following structures would best suit a maintenance organization that needs to adapt quickly to rapidly changing technology?

Options:

A.  

Traditional

B.  

Decentralized

C.  

Centralized

D.  

Customer-centric

Discussion 0
Questions 98

Which of the following recognized competitive strategies focuses on gaining efficiencies?

Options:

A.  

Focus

B.  

Cost leadership.

C.  

Innovation

D.  

Differentiation

Discussion 0
Questions 99

Which of the following would be most likely found in an internal audit procedures manual?

Options:

A.  

A summary of the strategic plan of the area under review.

B.  

Appropriate response options for when findings are disputed by management.

C.  

An explanation of the resources needed for each engagement.

D.  

The extent of the auditor's authority to collect data from management.

Discussion 0
Questions 100

Which of the following represents the best example of a strategic goal?

Options:

A.  

Customer satisfaction index has to be 90% each quarter.

B.  

Ten rapid charging stations will be installed next year.

C.  

The organization aims to decrease the budget by 10%.

D.  

The organization will be carbon neutral within 5 years.

Discussion 0
Questions 101

A multinational organization has asked the internal audit activity to assist in setting up the organization's risk management system The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

Options:

A.  

Coordinate and facilitate risk workshops for management to attend

B.  

Establish the degree of risk appetite for management to accept.

C.  

Set risk Indicators and mitigation plans for management to Implement.

D.  

Determine the number of significant risks for management to report to the board

Discussion 0
Questions 102

Two internal auditors are conducting an audit engagement concerning derivatives. The auditors meet with the organization's head of accounting. The head of accounting later complains to the chief audit executive (CAE) that it took hours for the auditors to understand basic derivatives concepts and how derivatives are typically recorded in bookkeeping. What should the CAE have considered more thoroughly?

Options:

A.  

The engagement objectives.

B.  

The head of accounting’s schedule availability.

C.  

The auditors' qualifications.

D.  

The details of the audit test plan.

Discussion 0
Questions 103

A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?

Options:

A.  

A risk assessment

B.  

An operational audit

C.  

A third-party audit

D.  

A fraud investigation

Discussion 0
Questions 104

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

Options:

A.  

1 and 2

B.  

1 and 3

C.  

2 and 4

D.  

3 and 4

Discussion 0
Questions 105

Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?

Options:

A.  

End the consulting engagement and report the results to management as planned

B.  

Report the significant control issues to senior management and the board and recommend corrective action

C.  

Mutually agree with the engagement client on corrective actions

D.  

Focus on the consulting engagement and schedule an assurance engagement next to address the control issues

Discussion 0
Questions 106

According to IIA guidance, which of the following is a limitation of a heat map?

Options:

A.  

Impact cannot be represented on a heat map unless it is quantified in financial terms.

B.  

Impact and likelihood at times cannot be differentiated as to which is more important.

C.  

A heat map cannot be used unless a risk and control matrix has been developed.

D.  

Qualitative factors cannot be incorporated into a heat map.

Discussion 0
Questions 107

Which of the following activities Is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

Options:

A.  

Planning an engagement of the area in which fraud is suspected.

B.  

Employing audit tests to detect fraud

C.  

Interrogating a suspected fraudster.

D.  

Completing a process review to improve controls to prevent fraud.

Discussion 0
Questions 108

A chief audit executive (CAE) reviews the supervision of an internal audit engagement Which of the following would most likely assure the CAE that the engagement had adequate supervision?

Options:

A.  

The engagement supervisor has an open door pokey for audit team members to discuss concerns

B.  

The supervisor reviews weekly progress reports from the audit team members

C.  

The supervisor reviews and initials internal audit workpapers for the engagement

D.  

The supervisor meets periodically with management in the reviewed area to get feedback during the engagement.

Discussion 0
Questions 109

According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?

Options:

A.  

The establishment of an audit approach and documentation system

B.  

The standardization of workpaper terminology and notations

C.  

The ability to reach consistent audit conclusions regardless of who performs the audit

D.  

The application of documentation standards m an appropriate and consistent manner

Discussion 0
Questions 110

According to IIA guidance, which of the following statements is true regarding due professional care?

Options:

A.  

Internal auditors must exercise due professional care to ensure that all significant risks will be identified.

B.  

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.

C.  

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist.

D.  

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost

Discussion 0
Questions 111

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

Options:

A.  

Acts that may endanger the health or safety of individuals.

B.  

Acts that favor one party to the detriment of another.

C.  

Acts that damage or have an adverse effect on the environment.

D.  

Acts that conceal inappropriate activities in the organization.

Discussion 0
Questions 112

An organization must maintain a current ratio of at least 1.2 to comply with debt covenants. Its current ratio is now 0.9. Which year-end transaction can increase the current ratio?

Options:

A.  

Paying off an overdraft debt using funds from another bank current account.

B.  

Purchasing inventory using funds from long-term bank loans.

C.  

Acquiring a new car through leasing.

D.  

Factoring short-term accounts receivable in exchange for cash.

Discussion 0
Questions 113

An internal auditor wants to assess the completeness of sales invoices issued by the organization over a period of time Providing that at the necessary data and analytics software is which of the following types of analyse would be appropriate to satisfy the auditor's objective?

Options:

A.  

Payment terms analysis

B.  

Duplicates analysts

C.  

Aging analysis

D.  

Gap analysis

Discussion 0
Questions 114

A team of internal auditors is assigned to audit the employee relations process in an organization, which includes employee conduct and disciplinary hearings. Which of the following audit approaches would provide the auditors with the best evidence to determine the degree to which disciplinary decisions are complying with documented policy?

Options:

A.  

Review a random sample of concluded disciplinary reports to assess how the policy was applied in each case.

B.  

Interview a sample of impacted employees for their opinions on the clarity and fairness of the policy.

C.  

Observe several disciplinary hearings to determine whether they are in compliance with the policy.

D.  

Conduct an interview to assess the disciplinary hearing chairman’s understanding of the policy and its appropriate use.

Discussion 0
Questions 115

Which of the following should an internal auditor document to support an assurance engagement’s conclusions?

Options:

A.  

Evidence of all data used in an engagement

B.  

Internal audit policies and workpaper templates

C.  

Workpapers, cross-referenced to audit observations

D.  

Satisfaction ratings from management of the area under review

Discussion 0
Questions 116

Which of the following is the most important determinant of the objectives and scope of assurance engagements?

The organizational chart, business objectives, and policies and procedures of the area to be reviewed

Options:

A.  

The most recent risk assessment conducted by management of the area to be reviewed.

B.  

The requests of operational and senior management throughout the organization.

C.  

The preliminary risk assessment performed by internal auditors planning the engagement.

Discussion 0
Questions 117

An internal audit function described scenarios of fraud indicators and fraud-related key words. The objective is for this data to serve as an input into algorithms that will forecast potentially fraudulent behavior and prevent the execution of flagged transactions. Which of the following analytic methods is the internal audit function most likely developing?

Options:

A.  

Diagnostic analytics

B.  

Descriptive analytics

C.  

Prescriptive analytics

D.  

Predictive analytics

Discussion 0
Questions 118

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?

Options:

A.  

Evaluate and verify management's response, and determine the need and scope for additional work.

B.  

Evaluate and verify management's response, and establish timelines for corrective action by management.

C.  

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.  

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

Discussion 0
Questions 119

Which of the following actions best describes an internal auditor's use of test data to determine whether an organization's new accounts payable system avoids processing questionable invoices for payment?

Options:

A.  

Creating an automated tool that monitors the computer program on a daily basis for potential issues that need corrective actions.

B.  

Using an automated system that assists internal auditors with automating the risk analysis of the computer program for invoicing

C.  

Embedding tools in the computer program to analyze the review processes of invoices for potential issues that may hamper payments

D.  

Adding invoices to the computer program to assess the reliability and effectiveness of the review process and whether controls work.

Discussion 0
Questions 120

Which of the following processes does the board manage to ensure adequate governance?

Options:

A.  

Establish and measure performance objectives for the internal audit activity

B.  

Select board members with necessary knowledge and skills.

C.  

Develop, approve, and execute the strategic plan of the organization

D.  

Develop strategies to mitigate the risks to achieving the organization's objectives

Discussion 0
Questions 121

Which of the following actions is the most appropriate response for an internal auditor to take when a significant risk is identified during a consulting engagement?

Options:

A.  

Report the risk identified from the consulting engagement to senior management.

B.  

Do not include the risk in the assessment of risk management processes, as that is management's responsibility.

C.  

Do not report the risk, as it is out of scope for the consulting engagement.

D.  

Include the risk identified from the consulting engagement in the next annual risk assessment only if it is part of the consulting engagement objectives.

Discussion 0
Questions 122

Which of the following would most Holy reflect the best possible engagement objectives?

Options:

A.  

Engagement objectives derived from risk assessment results from a company's risk function experts.

B.  

Engagement objectives derived from senior management's risk assessment results

C.  

Engagement objectives derived from the mental audit activity's own risk assessment results

D.  

Engagement objectives derived from risk assessment results from both senior management and the company's risk function experts

Discussion 0
Questions 123

According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

Options:

A.  

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B.  

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

C.  

The exit conference provides only anticipated results for inclusion in the final audit communication.

D.  

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

Discussion 0
Questions 124

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?

1.There is a clear strategy and timeline to migrate risk management responsibility back to management.

2.The internal audit activity has the final approval on any risk management decisions.

3.The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.

4.The nature of services provided to the organization is documented in the internal audit charter.

Options:

A.  

1 and 4 only.

B.  

2 and 4 only.

C.  

1 and 3 only.

D.  

2 and 3 only.

Discussion 0
Questions 125

The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?

Options:

A.  

The scope of the engagement, the estimated time frame, and the names of the auditors.

B.  

The estimated time frame, the names of the auditors, and the resources and travel budget.

C.  

The names of the auditors, the resources and travel budget, and the scope of the engagement.

D.  

The resources and travel budget, the scope of the engagement, and the estimated time frame.

Discussion 0
Questions 126

According to IIA guidance, which of the following statements regarding the internal audit charter is true?

Options:

A.  

The nature of consulting services typically is not included in the charter.

B.  

The chief audit executive must formally review the charter at least once a year

C.  

The nature of assurances provided to parties outside of the organization typically is not included in the charter.

D.  

The charter typically defines the internal audit activity’s position within the organization.

Discussion 0
Questions 127

An internal auditor is performing an assessment in a vehicle brake manufacturing company. The auditor learned that the product quality test conditions are aligned with the company’s written test procedures. However, the test conditions are not similar to conditions experienced by vehicles in the real world. Documentation shows that a significant percentage of products fail the quality tests. Products that fail the tests are discarded. Which perspective is appropriate?

Options:

A.  

The tests are acceptable since they are good enough to detect quality problems and failure products are not sent to the market.

B.  

Despite a significant rejection percentage, the test conditions are not useful because they are not similar to real world conditions. The significance of the finding is reduced because tests are performed in accordance with written procedures.

C.  

The quality tests must be run in similar conditions as vehicles experience in the real world. This is a major finding since there is a risk to life considering the type of product being evaluated.

D.  

Despite the risk of an accident, the severity of the finding can be reduced because the company discards the failed products. Due to this, the likelihood of occurrence is low.

Discussion 0
Questions 128

In which of the following populations would the internal auditor most likely choose to use a stratified sampling approach?

Options:

A.  

Inventory comprised of the same items stored in different warehouses

B.  

Batches of materials that must be confirmed as meeting quality standards

C.  

Revenue that is earned by an organization through cash receipts or as receivable.

D.  

Tax reports submitted to meet the requirements of the local taxation authority

Discussion 0
Questions 129

According to ISO 31000, which of the following statements is correct?

Options:

A.  

The board is responsible for setting the organizational attitude through tone at the top.

B.  

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities

C.  

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.  

The framework is designed to be effective for organizations no matter how small.

Discussion 0
Questions 130

An internal auditor used a risk and control matrix to prepare a work program for testing a software release. During the engagement planning stage, he tested the design of

the release procedure as a key control and concluded that the control was not designed well. During the performance stage, he tested the operation of this control and

concluded that it was implemented as designed. Which of the following statements is true regarding this scenario?

Options:

A.  

The test of the control design should have occurred at the performance stage.

B.  

The test of the operating effectiveness of the control was not necessary.

C.  

A risk and control matrix is not appropriate for this type of engagement.

D.  

The test of the operating effectiveness of the control should have occurred at the planning stage.

Discussion 0
Questions 131

An internal auditor performed a test of controls and found that a statistically selected representative sample of recorded transactions within the account receivables ledger had an error rate that was within management expectations. The associated revenue account was outside the scope of the audit engagement. How should the conclusion to this engagement be reported?

Options:

A.  

The auditor should state that the error rate was within the selected confidence level.

B.  

Negative assurance should be provided, as the associated revenue account was not examined.

C.  

The auditor should state that controls over the recording of transactions in the revenue account are operating effectively.

D.  

Positive assurance could be provided for the effectiveness of the accounts receivable controls.

Discussion 0
Questions 132

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

Options:

A.  

Increased access to the organization’s employees.

B.  

Increased ability to preserve evidence and the chain of command.

C.  

Increased ability to scrutinize the organization's key business processes.

D.  

Increased access to the organization’s software and proprietary data.

Discussion 0
Questions 133

According to IIA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?

Options:

A.  

Developing policies and procedures for the internal audit activity

B.  

Ensuring the internal audit activity is not found fallible during audit engagements.

C.  

Undertaking all engagements that management requests of the internal audit activity.

D.  

Ensuring the internal audit activity reports functionally to the board of directors

Discussion 0
Questions 134

If there is a significant error or omission in the final audit report that was communicated to management, which of the following is the key action for the internal audit activity?

Options:

A.  

Communicate the corrected information to the manager of the audited department.

B.  

There should be a follow-up audit to address the error or omission.

C.  

The auditor should update the scope of the audit to include the omission.

D.  

The corrected communication should be redistributed to the original recipients.

Discussion 0
Questions 135

Which of the following statements generally true regarding audit engagement planning?

Options:

A.  

The best source tor detailed process information is senior management

B.  

Audit objectives should be general and do not change.

C.  

Computer-assisted audit techniques are typically not useful during engagement planning

D.  

Internal auditors should prepare a dented audit program for testing controls

Discussion 0
Questions 136

An auditor reviews tender results for the procurement of construction equipment. Based on her significant experience the auditor believes that the obtained bid prices are too high. Which of the following is required to develop a relevant conclusion?

Options:

A.  

Description of the procurement policy

B.  

Summary of the tendering process

C.  

Substantiated and comparative evidence

D.  

Impact analysis of unfavorable prices

Discussion 0
Questions 137

Which of the following is the most appropriate objective for establishing a professional development plan for the internal audit activity?

Options:

A.  

A plan that focuses on furthering the independence of the internal audit activity.

B.  

A plan that ensures internal auditors collectively possess expertise in various fields to avoid outsourcing.

C.  

A plan based on individual preferences and proposals, which helps internal auditors achieve greater success.

D.  

A plan that focuses on filling gaps in the current skills needed to complete audit objectives.

Discussion 0
Questions 138

A chief audit executive (CAE) is trying to balance the internal audit activity's needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?

Options:

A.  

Strategic sourcing

B.  

Loan staff arrangement

C.  

Flat organizational structure

D.  

Hierarchical organizational structure

Discussion 0
Questions 139

The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?

• The annual audit plan should include audits that are consistent with the skills of the IAA.

• Audits of high-risk areas of the organization should be conducted by internal audit staff.

• External resources may be hired to provide subject-matter expertise but should be supervised.

• Auditors should develop their skills by being assigned to complex audits for learning opportunities.

Options:

A.  

1 and 2 only

B.  

1 and 4 only

C.  

2 and 3 only

D.  

3 and 4 only

Discussion 0
Questions 140

Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?

Options:

A.  

Cost-benefit analysis of management not implementing a recommendation to address an observation.

B.  

Inquiry of corrective action to be completed within a certain period.

C.  

Reporting the status of every observation for every engagement in a detailed manner.

D.  

Soliciting management’s feedback after completion of the audit engagement.

Discussion 0
Questions 141

Which of the following offers the best explanation of why the auditor in charge would assign a junior auditor to complete a complex part of the audit engagement?

Options:

A.  

The senior auditors are unavailable, as they are currently working on other portions of the engagement.

B.  

The auditor in charge believes that the junior auditor should obtain a specific type of experience.

C.  

The audit engagement has a tight deadline and the work must be completed timely.

D.  

The auditor in charge is unable to identify audit staff with all of the required skills needed to complete the engagement.

Discussion 0
Questions 142

Which of the following is the best audit procedure to obtain evidence of an organization's legal ownership of a new property?

Options:

A.  

Review documents registered with the appropriate governmental authority.

B.  

Examine the board of directors' minutes and look for approvals to acquire property.

C.  

Confirm with senior management and legal counsel concerning property acquisition.

D.  

Confirm ownership with the title company that handles the escrow account.

Discussion 0
Questions 143

Which of the following is required to classify, label, organize, and search big data stored and used in an organization?

Options:

A.  

Metadata

B.  

Data security

C.  

A business application

D.  

Data owner

Discussion 0
Questions 144

Acceding to IIA guidance, which of the following statements is true regarding the risk assessment process performed by the internal audit activity?

Options:

A.  

The assessment of high-level risks is typically a linear process.

B.  

Management should create the preliminary risk matrix

C.  

The analysis should begin with ne identification of objectives

D.  

Likelihood should receive greater consideration than impact

Discussion 0
Questions 145

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9

Options:

A.  

Mitigating risks affecting achievement of organizational objectives.

B.  

Enabling opportunities affecting achievement of organizational objectives.

C.  

Analyzing and advising regarding costs versus benefits of control activities.

D.  

Attesting to fairness of financial statements

Discussion 0
Questions 146

A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?

Options:

A.  

On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.

B.  

On a sunny day, total sales are less than expected when compared to the cost of ingredients used.

C.  

Both total sales and cost of ingredients used are greater than expected.

D.  

Both total sales and cost of ingredients used are less than expected.

Discussion 0
Questions 147

An organization experiencing staff shortages wants to contract a temporary employee to assist with work in the accounting office. Which of the following controls should be in place to ensure the temporary employee performs the assigned work before payment is issued?

Options:

A.  

A three-way match between the invoice, purchase requisition, and documentation of receipt of services

B.  

A member of management approves the purchase requisition before the temporary employee begins work

C.  

A scope of work for the temporary employee is included in the purchase requisition and signed by the organization

D.  

Payments to the vendor are analyzed monthly to ensure they do not exceed the amount approved on the purchase order

Discussion 0
Questions 148

An organization recently acquired a subsidiary in a new industry, and management asked the chief audit executive (CAE) to perform a comprehensive audit of the subsidiary prior to recommencing operations The CAE is unsure her team has the necessary skills and knowledge to accept the engagement According to IIAguidance, which of the following responses by the CAE would be most appropriate?

Options:

A.  

The CAE should accept the engagement and ensure that an explanation of the expertise limitations is included in the final audit report.

B.  

The CAE should ask management to hire an external expert who is familiar with the industry to perform an independent audit for management

C.  

The CAE should accept the engagement and hire an external expert to assist the audit team with the audit of the subsidiary

D.  

The CAE should recommend postponing the engagement until the internal audit team is able to develop sufficient knowledge of the new industry

Discussion 0
Questions 149

According to IIA guidance, which of the following is true regarding typical fraud schemes?

1.A diversion occurs when an employee has an undisclosed personal economic interest in a transaction that adversely affects the organization

2.Tax evasion is intentional reporting of false or misleading information on a tax return by an organization to reduce taxes owed.

3.Skimming involves stealing cash or assets from the organization and is normally concealed by adjusting the organization’s records

4Disbursement fraud occurs when a person causes the organization to issue a payment for fictitious goods or services

Options:

A.  

1 and 3.

B.  

1 and 4

C.  

2 and 3.

D.  

2 and 4

Discussion 0
Questions 150

The chief audit executive (CAE) of an organization has completed this year’s risk-based audit plan and realized that current staff resources are insufficient to meet the needs of the plan. What course of action should the CAE take?

Options:

A.  

Amend the audit plan so that available audit resources are adequate to meet the plan’s requirements.

B.  

Inform the board and senior management of the resources needed, as well as the associated risks.

C.  

Communicate early to those unit managers whose areas would most likely not be able to get reviewed.

D.  

Get approval from human resources regarding overtime payment to be made in an effort to complete the audit plan.

Discussion 0
Questions 151

Which of the following is the primary purpose of financial statement audit engagements?

Options:

A.  

To assess the efficiency and effectiveness of the accounting department.

B.  

To evaluate organizational and departmental structures, including assessments of process flows related to financial matters.

C.  

To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.

D.  

To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.

Discussion 0
Questions 152

According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?

Options:

A.  

Communication of any internal ethics violations to external parties may occur with appropriate safeguards.

B.  

Cultural impacts are less critical where the organization practices uniform polices around the globe.

C.  

Cross-cultural differences should always be handled by the staff of the same cultural background.

D.  

Local law enforcement should be involved as they are more familiar with the applicable local laws.

Discussion 0
Questions 153

An internal auditor is tasked with evaluating the adequacy of the organization's inventory fraud controls. What is the most relevant information that the auditor can obtain from the documentation of cyclic counting for this purpose?

Options:

A.  

Accounting adjustments of inventories are approved by the management in accordance with a signature policy

B.  

Root causes of inventory differences are analyzed and corrective measures are followed

C.  

High value items are inventoried more frequently throughout the year

D.  

Value of accounting adjustments matches with the value of inventory differences and are made in a timely manner

Discussion 0
Questions 154

Which of the following analytical procedures should an internal auditor use to determine whether monthly expenses for the accounting department are reasonable?

Options:

A.  

Review year-over-year trending of total dollars spent in each period.

B.  

Review changes to the vendor master file for suspicious activity.

C.  

Review the percentage of on-time payments against prior periods.

D.  

Review total expenses for accounting against other department expenses in the organization.

Discussion 0
Questions 155

During a review of data privacy an internal auditor is tasked with testing management's identification and prioritization of critical data collected by the organization. Which of the following steps would accomplish this objective?

Options:

A.  

interview management to determine what types of data are collected and maintained

B.  

Trace data from storage to the collection sources to determine how critical data is collected and organized

C.  

Review a sample of data to determine whether the risk classification is reasonable

D.  

Document and test a data inventory and classification program by determining the data classification levels and framework

Discussion 0
Questions 156

A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?

Options:

A.  

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

B.  

All completed training costs, and the cost of actual production hours completed to date.

C.  

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

D.  

All completed training costs, and 50% of the contracted production costs.

Discussion 0
Questions 157

Which of the following statements about assurance maps is correct?

Options:

A.  

An assurance map is used by the chief audit executive to coordinate assurance activities with other internal and external assurance providers

B.  

An assurance map is a picture of all assurance engagements performed by the internal audit activity across the organization

C.  

An assurance map is used by the engagement supervisor to coordinate the roles of various internal audit team members assigned to assurance engagements

D.  

An assurance map lists the procedures and testing activities performed by an internal audit team during an assurance engagement

Discussion 0
Questions 158

If an engagement supervisor discovers insufficient information to draw a conclusion in workpapers, which action should she take first?

Options:

A.  

Assign another auditor to complete the audit step and produce a new error-free workpaper.

B.  

Document the problem as a review comment and continue with the audit.

C.  

Discuss the matter with the auditor who produced the workpapers and improve the training manual.

D.  

Complete the audit step herself to ensure accuracy and take additional steps to improve the audit training plan.

Discussion 0
Questions 159

Which of the following risk assessment approaches involves gathering data from work team representing different levels of an organisation?

Options:

A.  

Surveys

B.  

Management produced analysis 0

C.  

Facilitated team workshops

D.  

Weighted risk factors

Discussion 0
Questions 160

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

Options:

A.  

The corporate risk register.

B.  

The strategic plan.

C.  

Internal and external audit reports.

D.  

The board's meeting records.

Discussion 0
Questions 161

The only internal auditor, who was part of a larger team of individuals trained in the testing and reading of the organization’s quality control equipment, has resigned. With a scheduled audit of the quality department not yet completed for this year, what alternative approach should the internal audit function take in this scenario?

Options:

A.  

Explain the situation to senior management and remove the audit from the audit plan until next year

B.  

Conduct the audit of the quality department but adjust the audit program to remove the quality control testing

C.  

Engage one of the other trained employees to participate in the audit review of the quality department

D.  

Request that external auditors include this area as part of their review and provide independent assurance

Discussion 0
Questions 162

What is the primary reason that audit supervision includes approval of the engagement report?

Options:

A.  

To ensure the objectives of the area under review are met.

B.  

To ensure senior management supports the report's conclusions.

C.  

To ensure report style and grammar are appropriate.

D.  

To ensure report findings are substantiated.

Discussion 0
Questions 163

Which of the following is the primary weakness of internal control questionnaires (ICQs)?

Options:

A.  

ICQs do not allow for open-ended questions.

B.  

ICQs do not allow for evaluating multiple locations.

C.  

ICQs require significant auditor follow-up, as different managers may give different responses.

D.  

ICQ respondents have incentives to answer that there are internal controls in place.

Discussion 0
Questions 164

According to IIA guidance, when would an interim report typically be produced?

Options:

A.  

During a standard audit engagement when management wants to address an issue before the final report is drafted.

B.  

Following each workshop conducted during a consulting engagement.

C.  

During lengthy audit engagements involving several organizational units.

D.  

Following management's update tor actions taken on outstanding recommendations.

Discussion 0
Questions 165

For a new board chair who has not previously served on the organization’s board, which of the following steps should first be undertaken to ensure effective leadership to the board*?

Options:

A.  

Chair should learn the current organizational culture of the company.

B.  

Chair should learn the current risk management system of the company

C.  

Chair should determine the appropriateness of the current strategic risks.

D.  

Chair should gain an understanding of the needs of key stakeholders.

Discussion 0
Questions 166

Which of the following is a primary reason for an internal auditor to use a risk and control questionnaire when auditing financial processes?

Options:

A.  

To gain an understanding of the control environment

B.  

To collect as much financial data as possible before engagement fieldwork begins.

C.  

To test the effectiveness of financial controls in an efficient and relatively inexpensive way

D.  

To facilitate the quantification of financial data obtained

Discussion 0
Questions 167

An internal auditor determined that the organization's accounting system was designed to reject duplicate invoices if they were issued with identical invoice numbers. However, if an invoice number was changed by at least one digit, the system would accept the duplicate invoice as new. Which of the following would be the most appropriate criteria to refer to in the audit observation?

Options:

A.  

Each invoice for goods or services acquired by the organization must be recorded only once in the accounting system.

B.  

The accounting system lacks efficient controls for the identification of duplicate invoices.

C.  

Disbursements may be made inappropriately, and liabilities may be overstated.

D.  

The accounting system is at the end of its lifetime and is no longer developed by the provider.

Discussion 0
Questions 168

During a review of the treasury function an internal auditor identified a risk that all bank accounts may net to include in the daily reconciliation process.

Which of the following responses would be most effective to mitigate this risk?

Options:

A.  

The treasury supervisor establishes a threshold for amounts on bank statements to be reconciled against data in the system

B.  

The treasury analyst performs a daily reconciliation of al bank statements obtained via email against data in the system

C.  

The treasury analyst reviews a daily report automatically generated by the treasury system, which shows bank statements that have not been uploaded into the accounting system.

D.  

The treasury supervisor seeks an annual confirmation from the bank regarding the bank statements processed within a year

Discussion 0
Questions 169

When presenting an observation m writing which or the Mowing is usually true regarding the level of detail provided?

1. The description of the observation in the final audit report contains more detail then the description m the engagement workpapers

2. The description of the observation m the engagement workpapers contains more detail than the descriptor n a preliminary observation document

3. A preliminary observation document contains more detail than tie observation description in the final audit report

4. A preliminary observation document contains more detail than tie observation description in the engagement workpapers

Options:

A.  

1 and 2

B.  

1 and 4

C.  

2 and3

D.  

3 and 4

Discussion 0
Questions 170

The objective of an upcoming engagement is to review the wind park projects and assess compliance with established project management principles. Which of the following is most likely to be the aim of the engagement work program?

Options:

A.  

Evaluate the application of project management guidance in the development of wind parks.

B.  

Identify key risks and mitigation plans pertaining to the management of wind parks.

C.  

Assess whether development of wind parks is compliant with relevant legal acts and international best practices.

D.  

Review the wind park development strategy and compare its goals with operational targets and metrics.

Discussion 0
Questions 171

Which of the following statements best explains why an internal auditor should pay attention to retained earnings of an organization?

Options:

A.  

Retained earnings indicate the amount of potential dividends to be paid out to new investors.

B.  

Retained earnings represent the amount of excess cash available in the organization.

C.  

Retained earnings demonstrate that the organization was able to generate working capital from its own activities.

D.  

Retained earnings constitute the main criterion used by ratings agencies to assess an organization.

Discussion 0
Questions 172

As part of an audit engagement, an internal auditor verifies whether raw material is regularly delivered to the organization's warehouse in a timely manner. What type of objective does this exemplify?

Options:

A.  

Operations

B.  

Compliance

C.  

Financial reporting

D.  

Strategic

Discussion 0
Questions 173

An internal auditor is performing an engagement to determine whether quality control checks of electronic gaming systems are performed consistently among a technology company’s factories. Which of the following tests would support the audit engagement objectives?

Options:

A.  

Obtain and review the organization’s policies and procedures to gain an understanding of the quality control checks performed on the gaming systems.

B.  

Perform unannounced onsite observations at factories to help determine how employees perform quality control checks of the gaming systems in real time.

C.  

Meet and discuss with the quality control supervisors at the facilities to obtain information about the processes related to the quality control of gaming systems.

D.  

Use the organization’s manufacturing documentation to create a flowchart that shows how the gaming systems are built to meet the established quality control standards.

Discussion 0
Questions 174

An organization's chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?

Options:

A.  

It allows the internal audit function to provide more subjective conclusions that would help the organization meet its goals and objectives.

B.  

It allows the internal audit function to perform the appropriate engagements that minimize audit fatigue within the organization.

C.  

It allows the internal audit function to focus more attention on ensuring that solutions and risks adhere to defined regulations.

D.  

It allows the internal audit function to obtain more resources to perform more engagements of departments within the organization.

Discussion 0
Questions 175

According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?

Options:

A.  

Process objectives.

B.  

Process risks

C.  

Process controls.

D.  

Process scope

Discussion 0
Questions 176

An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?

Options:

A.  

The document management policy requires business client data to be stored in a specific management database

B.  

Sales contracts were stored improperly because the office manager was not trained to use the electronic database and prefers to avoid it

C.  

if the organization becomes subject to litigation the agreed pricing terms and conditions of the contracts may be difficult to prove

D.  

All staff should be appropriately trained and required to follow the organization's established policies and procedures pertaining to document management

Discussion 0
Questions 177

According to IIA guidance, which of the following statements is true regarding reporting the results of the quality assurance and improvement program?

Options:

A.  

Results of internal assessments need to be reported to the board at least once every five years.

B.  

The external assessor must present the findings from the external assessment to senior management and the board upon completion.

C.  

Deficiencies within the internal audit activity must be reported to the board as soon as they are noted

D.  

Results of ongoing monitoring of the internal audit activity’s performance must be reported to senior management and the board at least annually

Discussion 0
Questions 178

According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the Internal audit activity^

Options:

A.  

CAE reviews and approves the annual audit plan.

B.  

CAE meets privately with the CEO at least annually

C.  

CAE meets privately with the board at least annually.

D.  

CAE reports to the board regarding audit staff performance evaluation and compensation.

Discussion 0
Questions 179

During an audit of the accounts payable process, an internal auditor was assigned to confirm the quantity of goods received on receiving documents to invoices for those goods and subsequent postings in the accounting system. Which of the following procedures would be most appropriate for this test?

Options:

A.  

Independent confirmation

B.  

Tracing

C.  

Vouching

D.  

Reperformance

Discussion 0
Questions 180

Which of the following is an example of internal benchmarking?

Options:

A.  

Book value per common share ratio is lower than that of the prior year.

B.  

Staff turnover ratio is higher than the comparable organization in the same industry.

C.  

Utilities expense of the sales unit is higher than that of the customer service unit.

D.  

Sales are significantly higher than the industry’s average for five years.

Discussion 0
Questions 181

Upon the completion of an audit engagement an audit manager performs a review of a staff auditor's workpapers. Which of the following actions by the manager is the most appropriate this review''

Options:

A.  

Communicate the workpaper review results to management of fie area under review to validate the final report

B.  

Update the final report in the file with any necessary corrections based on the workpaper review.

C.  

Discuss the workpaper review results with the staff auditor where appropriate as a leaning opportunity

D.  

Add the manager's review notes to the final documentation following the review

Discussion 0
Questions 182

An internal auditor has discovered that duplicate payments were made to one vendor Management has recouped the duplicate payments as a corrective action Which of the following describes managements action in this case?

Options:

A.  

A condition-based action plan

B.  

A cause-based action plan.

C.  

A root cause-based action plan.

D.  

An effect-based action plan.

Discussion 0
Questions 183

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

Options:

A.  

Determine process outputs

B.  

Determine process inputs.

C.  

Determine process activities.

D.  

Determine process goals

Discussion 0
Questions 184

Which of the following would most likely form part of the engagement scope?

Options:

A.  

Potential legislation on privacy topics will be employed as a compliance target.

B.  

Wire transfers that exceeded $10,000 in the last 12 months will be analyzed.

C.  

Both random and judgmental samplings will be used during the engagement.

D.  

The probability of significant errors will be considered via risk assessment.

Discussion 0
Questions 185

Which of the following is the primary reason a chief audit executive should network with an organization’s executives?

Options:

A.  

To better understand and influence executives' planning.

B.  

To make executives aware of the benefits that the internal audit activity can provide.

C.  

To assist executives in setting the organization’s risk appetite.

D.  

To have a better understanding of the training needed to strengthen the audit team.

Discussion 0
Questions 186

According to IIA guidance, which of the following is based on the results of a preliminary assessment of risks relevant to the area under review?

Options:

A.  

Audit findings

B.  

Audit resources

C.  

Audit objectives

D.  

Audit plan

Discussion 0
Questions 187

While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the information systems have undergone extensive changes. Which of the following actions is most appropriate for the auditor to take?

Options:

A.  

Inform management and request that the plan be tested immediately.

B.  

Update the recovery plan for management, as part of the review.

C.  

Evaluate the recovery plan and report weaknesses to management.

D.  

Recommend that management and users update and test the recovery plan.

Discussion 0
Questions 188

The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review Which of the following would be the most appropriate approach?

Options:

A.  

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

B.  

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

C.  

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures

D.  

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

Discussion 0
Questions 189

After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?

Options:

A.  

The CAE should send the final report to operational and senior management and the audit committee.

B.  

The CAE should send the final report to operational management only, as there is no need to communicate this information to higher levels.

C.  

The CAE should notify operational and senior management that the audit engagement was completed with no significant findings to report.

D.  

The CAE should send the final report to operational management and notify senior management and the audit committee that no significant findings were identified.

Discussion 0
Questions 190

What is the primary objective of an engagement supervisor's review of key activities performed during the engagement?

Options:

A.  

To ensure that the engagement is completed on time and within budget

B.  

To ensure that all work performed meets acceptable quality standards

C.  

To ensure that management has provided suitable responses to all observations

D.  

To ensure that management is satisfied with the progress of the engagement

Discussion 0
Questions 191

Which statement best describes the benefit of using workpapers from recent internal audit engagements of the area under review to plan new engagements?

Options:

A.  

Recent workpapers can help during the planning of a new engagement to understand any corrective actions taken by management to address previous engagement observations.

B.  

Tests described in recent workpapers can be copied into the new workpapers to save time from reperforming a risk assessment.

C.  

Recent workpapers serve as the best source for identification of the risks to be examined in the new engagement.

D.  

The new engagement scope can be derived from recent workpapers to ensure the reperformance of engagement procedures.

Discussion 0
Questions 192

Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?

Options:

A.  

Persuade senior management to take appropriate action.

B.  

Cancel issuing the engagement report due to the assumed risks.

C.  

Accept senior management’s assumption of the risks.

D.  

Discuss the issue with the board for them to take appropriate action.

Discussion 0
Questions 193

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

Options:

A.  

Recommend additional segregation-of-duty reviews.

B.  

Recommend appropriate awareness training for all finance department staff.

C.  

Recommend rotating finance staff in this area.

D.  

Recommend that management address these concerns immediately.

Discussion 0
Questions 194

Which of the following could increase risks to the organization’s control environment?

Options:

A.  

Strong board of directors oversight.

B.  

Incentive-based compensation structures

C.  

Lower than average employee turnover.

D.  

Implementation of a fraud hotline

Discussion 0
Questions 195

Options:

A.  

Generalized audit software.

B.  

Utility software.

C.  

Integrated test facilities.

D.  

Audit expert systems.

Discussion 0
Questions 196

The final engagement communication contains the following observation:

The internal auditor discovered that three of the 10 contracts reviewed failed to meet the organization's competitive bidding requirements Management explained that senior management deemed these purchases to be critical and awarded them as sole-source."

Which of the following components is missing in the documentation of the observation?

Options:

A.  

Criteria.

B.  

Effect

C.  

Condition

D.  

Cause

Discussion 0
Questions 197

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

Options:

A.  

The financial interest the service provider may have in the organization.

B.  

The relationship the service provider may have had with the organization or the activities being reviewed.

C.  

Compensation or other incentives that may be applicable to the service provider.

D.  

The service provider's experience in the type of work being considered.

Discussion 0
Questions 198

A customer has supplied personal information to a bank to facilitate opening an account. The bank is part of a larger group of companies with core businesses including general insurance, life insurance, and investment products. Considering that the customer has closed his only account with the bank and the statutory data retention period has elapsed, which of the following actions by the bank is most likely to align with appropriate data privacy principles?

Options:

A.  

The bank destroys all records containing a customer's personal information without informing the customer.

B.  

Based on an assessment of likely products of interest to the customer, the bank shares the customer’s personal information with other companies within the group and informs the customer.

C.  

The bank retains customer information to facilitate easier verification of personal information in the event that the customer returns to reopen his account. The customer is not informed.

D.  

The customer's personal information is used for market research by an external company and the customer is informed prior to publishing the results of the market research.

Discussion 0
Questions 199

Which of the following is essential for ensuring that the internal audit activity’s findings and recommendations receive adequate consideration?

Options:

A.  

Reporting results of audits with recommendations to management.

B.  

Providing formal follow-up procedures to ensure that management complies with an action plan or accepted risk of not taking action.

C.  

Reporting quarterly to management that the audit plan is focused on higher exposures of risk.

D.  

Discussing audit findings with independent auditors.

Discussion 0
Questions 200

An engagement supervisor reviewed a staff internal auditor's documentation and noted that several edits should be made. The internal audit activity uses an electronic workpaper database and does not maintain paper files for its system of record. A system error prevents the engagement supervisor from adding her electronic signature to any workpaper in the database Given this situation which is the most appropriate response to provide evidence of supervisory review?

Options:

A.  

The engagement supervisor should print sign and date each workpaper after the review is complete and scan the document into the database as evidence of review

B.  

Because the engagement supervisor called the help desk to correct the IT problem, he should upload the support-request ticket from the help desk to serve as evidence of the review

C.  

The engagement supervisor should ask another manager-level internal auditor not associated with the project to sign the workpaper on his behalf

D.  

The engagement supervisor should instruct the staff internal auditor to add a note in the workpaper on his behalf indicating that the workpaper was reviewed and feedback was provided

Discussion 0
Questions 201

While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditors relative. Which course of action should the auditor take?

Options:

A.  

Proceed with the audit engagement, but do not include the relative's information.

B.  

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.  

Disclose in the engagement final communication that the relative Is a customer

D.  

Immediately withdraw from the audit engagement

Discussion 0
Questions 202

Which of the following statements is true regarding partnership liquidation?

Options:

A.  

Operations can continue after the liquidation, if all partners agree.

B.  

Partnership liquidation ends both the legal and economic life of an entity

C.  

Partnership liquidation occurs when there is capital deficiency.

D.  

When a partnership Is liquidated, each partner pays creditors from cash received

Discussion 0
Questions 203

According to IIA guidance, which of the following reflects a valid principle for the internal audit activity to rely on the work of internal or external assurance providers?

Options:

A.  

Elements of evaluation

B.  

Elements of organization

C.  

Elements of practice

D.  

Elements of confidentiality

Discussion 0
Questions 204

Which of the following conditions are necessary for successful change management?

1. Decisions and necessary actions are taken promptly.

2. The traditions of the organization are respected.

3. Changes result in improvement or reform.

4. Internal and external communications are controlled.

Options:

A.  

1 and 2

B.  

1 and 3

C.  

2 and 3

D.  

2 and 4

Discussion 0
Questions 205

A technology firm's internal audit function is slated to perform a series of engagements assessing the security of its software development processes. To successfully perform these engagements, which competency should the internal audit function possess?

Options:

A.  

Expertise in IT general controls

B.  

Understanding of change management processes

C.  

Proficiency in using design software

D.  

Fluency in multiple programming languages

Discussion 0
Questions 206

An audit observation states the following:

"Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history"

Which of the following components are missing in the observation?

Options:

A.  

Cause and effect.

B.  

Effect and criteria

C.  

Condition and cause

D.  

Criteria and condition.

Discussion 0
Questions 207

While reviewing engagement workpapers prepared by an internal audit team, the engagement supervisor identifies instances where there is no direct connection between certain workpapers and the engagement objectives. How should the engagement supervisor respond?

Options:

A.  

Request that the internal auditors remove irrelevant workpapers from the records.

B.  

Sign off on all workpapers, and arrange the documentation from most relevant to least relevant.

C.  

Ensure that the final audit report indicates that the initial engagement objectives were expanded.

D.  

Expand the scope of the audit and include the additional documentation.

Discussion 0
Questions 208

Which type of engagement would be the most appropriate to assess the maturity and rigor of the organizationwide risk management process of a target entity that

management is considering acquiring?

Options:

A.  

A due diligence engagement.

B.  

An operational audit engagement.

C.  

A feasibility study engagement.

D.  

A risk and control self-assessment engagement.

Discussion 0
Questions 209

How do internal auditors generally determine the priority of the areas within the engagement scope?

Options:

A.  

By calculating the period of time when the area was last audited try internal auditors

B.  

By totaling the monetary value of the processes within the organization in the scope of the engagement

C.  

By counting the number of red flags indicating the potential fraudulent activities within the area.

D.  

By estimating the likelihood of a risks occurring and the potential impact of that risk on the organization

Discussion 0
Questions 210

According to IIA guidance, which of the following statements about analytical procedures is true?

Options:

A.  

Analytical procedures compare information against expectations

B.  

Analytical procedures begin after the engagements planning phase.

C.  

Analytical procedures provide internal auditors with explainable results.

D.  

Analytical procedures are computer-assisted audit techniques

Discussion 0
Questions 211

Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?

Options:

A.  

Criteria

B.  

Condition

C.  

Cause

D.  

Effect

Discussion 0
Questions 212

Which of the following best exemplifies having effective risk management and internal control processes?

Options:

A.  

Relevant risk indicators and mitigation plans are in place

B.  

All risks are identified and assessed

C.  

Business profitability is likely to be achieved

D.  

Risk information is communicated to customers and suppliers

Discussion 0
Questions 213

An internal auditor accessed accounts payable records and extracted data related to fuel purchased tor the organization's vehicles As a first step, she sorted the data by vehicle and used spreadsheet functions to identify all instances of refueling on the same or sequential dates She then performed other tests Based on the auditor's actions which of the following is most likely the objective of this engagement1?

Options:

A.  

To identify whether fuel was purchased for work-related purposes

B.  

To estimate future fuel costs for the organization's fleet of vehicles

C.  

To determine trends in average fuel consumption by vehicle

D.  

To determine whether the organization is paying more than the industry average for fuel

Discussion 0
Questions 214

The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?

Options:

A.  

It minimizes the amount of time spent and cost incurred to gather the necessary information.

B.  

Responses can be confidential, thus encouraging participants to be candid expressing their concerns.

C.  

Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.

D.  

Workshop participants have an opportunity to learn while contributing ideas toward the objectives.

Discussion 0
Questions 215

Options:

A.  

The auditor wants to receive mid-level management insight on how to improve hiring practices.

B.  

The auditor wants to obtain information on whether adherence to approval matrices is actually taking place in different maintenance units.

C.  

The auditor wants to gain assurance that inventory counts are conducted in accordance with established procedures.

D.  

The auditor wants to assess whether different subsidiaries apply centrally established procurement rules in the same manner.

Discussion 0
Questions 216

Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?

Options:

A.  

A clothing company designs, makes, and sells a new item.

B.  

A commercial construction company is hired to build a warehouse.

C.  

A city department sets up a new firefighter training program.

D.  

A manufacturing organization acquires component parts from a contracted vendor

Discussion 0
Questions 217

Which of the following factors should a chief audit executive consider when determining the audit universe?

1. Components of the organization's strategic plan.

2. Inputs from senior management and the board.

3. Views of competitors and business associates.

4. Results of exit interviews with departing employees.

Options:

A.  

1 and 2 only

B.  

2 and 4 only

C.  

1, 2, and 4

D.  

2, 3, and 4

Discussion 0
Questions 218

An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable parts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production. The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor's theory?

Options:

A.  

Compare purchase orders generated from test data Input into the LAN with purchase orders generated from production data for the most recent period.

B.  

Develop a report of excess inventory and compare the inventory with current production volume.

C.  

Compare the parts needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

D.  

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Discussion 0
Questions 219

Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?

Options:

A.  

Strategic plans reflect the organization's business objectives and overall attitude toward risk.

B.  

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.  

Strategic plans are likely to show areas of weak financial controls.

D.  

The strategic plan is a relatively stable document on which to base audit planning.

Discussion 0
Questions 220

An internal audit team leader is having difficulties completing the planning phase of an assurance engagement because the business unit lacks a system of internal controls. Which of the following is the most appropriate course of action for the internal audit team leader?

Options:

A.  

Defer the engagement until a system of internal control has been established

B.  

Change the scheduled engagement from assurance to consulting to help correct the shortcomings

C.  

Add a consulting component to the already scheduled assurance engagement

D.  

Seek the involvement of the external auditor to assist with improving the internal controls

Discussion 0
Questions 221

An internal auditor suspects that a program contains unauthorized code or errors. Which of the following would assist the internal auditor in this regard?

Options:

A.  

Utility software

B.  

Generalized audit software

C.  

Application software tracing and mapping

D.  

Audit expert systems

Discussion 0
Questions 222

During an audit, the chief audit executive reviews and approves changes to the audit program. Which of the following describes this activity?

Options:

A.  

Engagement reporting

B.  

Continuous monitoring

C.  

Engagement supervision

D.  

Engagement risk assessment

Discussion 0
Questions 223

An internal auditor has suspicions that the management of a department splits me number of planned purchases to avoid the approval process required for larger purchases. Which of the following would be the most efficient technique to help the auditor identify the seventy of this malpractice?

Options:

A.  

Examining the entire population

B.  

Asking management about the malpractice

C.  

Testing a sample of random transactions.

D.  

Using data analytics

Discussion 0
Questions 224

A compliance engagement is underway, and management of the activity under review has asked the internal auditor to provide regular status updates and information regarding preliminary observations before the engagement is complete. Which of the following would be the internal auditor’s most appropriate response?

Options:

A.  

The auditor should accommodate the request for information and brief management on significant preliminary observations as they develop.

B.  

The auditor should advise management that the requested information cannot be communicated until the engagement is complete and the results undergo a quality check by the engagement supervisor.

C.  

The auditor should share the requested information but clearly communicate that it is not appropriate for him to correct any observations based on further information that may be provided by management.

D.  

The auditor should partially accommodate the request, explaining that he can provide status updates regarding the engagement procedures and timeline but he is unable to provide information regarding preliminary observations.

Discussion 0