A.  

It would be an inefficient way for internal auditors to address multiple controls in the activity under review.

B.  

It would limit certain members of the internal audit team from being fully involved in the engagement.

C.  

It would be the most effective way for the internal audit team to obtain a detailed understanding of the processes and controls in the activity to be audited.

D.  

It would be an efficient way for the internal audit team to determine whether specified control activities are in place.

A.  

Stratified sampling

B.  

Haphazard sampling

C.  

Discovery sampling

D.  

Probability-proportional-to-size sampling

A.  

Develop a comparison of the costs incurred with similar costs incurred by other organizations

B.  

Obtain the government index of health-care costs for the comparable period of time and compare the rate of increase with that of the cost per employee incurred by the organization.

C.  

Obtain a bid from another health-care administrator to provide the same administrative services as the current health-care administrator.

D.  

Review all claims and compare with appropriate procedures to ensure that overpayments have not occurred

A.  

During engagement planning, the audit work program should be discussed between auditors and the engagement supervisor with the supervisor approving the work program.

B.  

During fieldwork, scope changes made to the work program are at the auditor's discretion and should be supported adequately in the workpapers.

C.  

Engagement supervision is most critical to the fieldwork and reporting phases of the audit, as this is where the majority of the work takes place.

D.  

A degree of high supervision to no supervision may be provided to an auditor depending on his level of competence and the complexity of the engagement.

A.  

Vouching vendor invoices to payments made.

B.  

Sorting invoices by purchase orders and comparing for successive duplicate invoices.

C.  

Comparing a random sample of vendor invoices to purchase orders.

D.  

Sorting payments by invoice to detect successive duplicate invoices.

A.  

Written observations allow for more interpretation.

B.  

Written observations help the internal auditors express the significance.

C.  

Written and verbal observations are equally effective.

D.  

Written observations limit premature agreement

A.  

The CAE must establish a follow-up process tor both assurance and consulting engagements to monitor that management actions have been effectively implemented to address observations

B.  

The CAE must communicate the results of assurance and consulting engagements lo whoever can ensure that the results are given due consideration.

C.  

The CAE must acknowledge satisfactory performance when communicating the results of assurance and consulting engagements

D.  

The CAE may delegate the responsibility for communicating the results of consulting engagements although this responsibility cannot be delegated for assurance engagements

A.  

Enhanced capability to prevent frauds from occurring.

B.  

Greater assurance that procurement frauds will be detected in a timely manner

C.  

Improved capability of evaluating fraud risks within the organization.

D.  

Greater understanding of fraud through better evidence collection

A.  

The board's meeting minutes

B.  

The executive committee’s social media budget report

C.  

The organization’s marketing plan

D.  

The organization’s procedures manual for daily social media management

A.  

Lack of coordination among different business units

B.  

Operational decisions are inconsistent with organizational goals.

C.  

Suboptimal decision-making.

D.  

Duplication of business activities.

A.  

There is a higher reliance on organizational culture

B.  

There are clear expectations set for employees.

C.  

There are electronic monitoring techniques employed

D.  

There is a defined code for employee behavior

A.  

Transactions and decision-making require multiple approvals, resulting in processing delays.

B.  

Career and promotion paths are not easily visible and defined.

C.  

Communication is likely to be top-down, with little feedback from lower-level employees.

D.  

Employees have little autonomy, which may result in employee turnover or low morale.

A.  

Identify and map existing controls to their relevant inherent fraud risks

B.  

Detect fraudulent activities in the activity under review for the audited period

C.  

Select the appetite level for each inherent fraud risk

D.  

Evaluate and respond to residual fraud risks that need to be mitigated

A.  

All requests for consulting engagements must be included in the annual internal audit plan

B.  

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.  

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.  

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

A.  

The complexity of deficiency findings.

B.  

The adequacy of preliminary survey information.

C.  

The organization and content of workpapers.

D.  

The method and amount of supporting detail used for the audit report.

A.  

Prepare an action plan to address the inconsistencies

B.  

Contact regulatory agencies to report the inconsistencies and recommended corrective actions

C.  

Assess the risk of the inconsistencies against the organization's mission

D.  

Issue an interim report to senior management

A.  

The auditor confirms the organization's ownership of physical equipment by verifying its presence on site visually.

B.  

The auditor vouches for a sample of check copies to support voucher packages to test the checks' validity.

C.  

The auditor vouches a sales invoice to a shipping document to conclude that the invoice has been issued.

D.  

The auditor recalculates the allowance for doubtful accounts based on management assertions.

A.  

A completed engagement workpaper review checklist.

B.  

The supervisor's review notes on engagement workpapers.

C.  

The email exchanges between the audit team and the supervisor.

D.  

A supervisor's approval of resources allocated to the engagement

A.  

Sufficiency

B.  

Reliability

C.  

Relevance

D.  

Usefulness

A.  

Potential legislation on privacy topics will be employed as a compliance target O Wire transfers that exceeded $10,000 in the last 12 months will be analyzed.

B.  

Both random and judgmental samplings will be used during the engagement

C.  

The probability of significant errors will be considered via risk assessment.

A.  

The internal audit team and audit client have a serious dispute over the scope and objective of the engagement

B.  

The internal audit team expects management to address certain issues immediately due to their severe impact

C.  

The internal audit team anticipates that the formal final audit report would be undesirable for management due to the significance of outlined risks

D.  

The internal audit team would like to issue a clean final audit report without any material observations or risks

A.  

Contact the audit committee chair to discuss the finding

B.  

Obtain verbal assurance from management that the inappropriate access will be removed

C.  

Issue an interim audit report so that management can implement action plans

D.  

Ask the auditor to create a ticket with the IT help desk requesting to revoke the inappropriate access

A.  

Report the matter to the board

B.  

Implement the recommended control to address the exposure

C.  

Discuss the matter with senior management

D.  

Ask the regulatory agency to persuade management to address the issue

A.  

To provide a status update on a short engagement to management of the area under review and to the audit supervisor.

B.  

To confirm agreement with preliminary observations and conclusions identified during the engagement.

C.  

To provide those responsible for the area under review with the opportunity to act on certain observations immediately.

D.  

To verify that the corrective actions required by senior management are completed as agreed.

A.  

The review notes may be cleared from the final documentation once the engagement supervisors concerns have been addressed

B.  

Management of the area under review must address the engagement supervisors review notes before the audit report can be finalized.

C.  

The chief audit executive must initial or sign the engagement supervisors review notes to provide evidence of appropriate engagement supervision.

D.  

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program

A.  

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.  

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.  

The self-assessment results were validated by a qualified external review team three years prior.

D.  

The internal audit charter, approved by the audit committee, requires conformance with the Standards

A.  

Payment and work milestones

B.  

Pictures from the construction site

C.  

Initial sprint planning

D.  

Project internal rate of return

A.  

Percentage of recommendations implemented by corrective action date

B.  

Staff experience

C.  

Percentage of planned audits completed

D.  

Conformance with the International Professional Practices Framework

A.  

Manage and coordinate risk management processes.

B.  

Audit risk management processes.

C.  

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.  

Accept management's responsibility for risk management without board approval.

A.  

The risk assessment must be performed at least quarterly.

B.  

The risk assessment must be performed at least annually.

C.  

The risk assessment must be performed at least once every five years, in alignment with the internal audit activity's quality assurance and improvement program.

D.  

There is no specific requirement; a risk assessment should be performed as needed to account for changes in the business environment.

A.  

$84,000

B.  

$238,095

C.  

$700,000

D.  

$2100.000

A.  

Documentary evidence

B.  

Testimonial evidence

C.  

Analytical evidence

D.  

Physical evidence

A.  

Nonstatistical sampling provides more objective recommendations for management.

B.  

Nonstatistical sampling provides an opportunity to select the minimum sample size required to satisfy the objectives of the audit tests.

C.  

Nonstatistical sampling provides for the use of subjective judgment in determining the sample size.

D.  

Nonstatistical sampling permits the auditor to specify a level of reliability and the desired degree of precision.

A.  

An agreed action adopted by management.

B.  

A condition-based recommendation as an interim solution to correct a current condition.

C.  

A cause-based recommendation to prevent inappropriate access being granted again.

D.  

A management action plan.

A.  

Valid closure requires evidence that ensures the corrected process will function as expected in the future

B.  

Valid closure requires the client lo address not only the condition, but also the cause of the condition

C.  

Valid closure of an observation ensures it will be included in the final engagement report

D.  

Valid closure requires assurance from management that the original problem will not recur in the future

A.  

Career model

B.  

Center of competence model.

C.  

Rotational model.

D.  

Hybrid model

A.  

Employees who are being paid more than then approved wages

B.  

Employees who get paid although their employment has expired

C.  

Employees who are related to one of the subcontractors

D.  

Employees who are physically present at the workplace but who do not perform the specified job duties

A.  

Assess management responses to key risk exposures

B.  

Analyze the costs and benefits of key controls

C.  

Evaluate the design adequacy of known controls

D.  

Conduct a walk-through of all related activates

A.  

A survey with open-ended questions is weaker than a structured interview

B.  

A survey with closed-ended questions can produce quantifiable evidence

C.  

A survey's participants are likely to volunteer information that was not specifically requested

D.  

A survey, like inspections and confirmations are best used to test the operating effectiveness of controls

A.  

Initiation phase.

B.  

Bidding phase.

C.  

Development phase.

D.  

Management phase

A.  

Perform benchmarking

B.  

Perform a trend analysis

C.  

Perform a ratio analysis

D.  

Perform observation to gather evidence

A.  

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.  

Oversight of the coordination between the internal audit activity and independent outside auditors

C.  

The internal audit activity's purpose, authority, responsibility, and performance relative to plan.

D.  

Management's assertions regarding the system of internal controls.

A.  

Key controls of the procurement process operate as intended based on the analysis of the specific tender documents.

B.  

IT controls implemented to ensure confidentiality of submitted bids seem to have several deficiencies.

C.  

Management's selection of the winner should be positively acknowledged for focusing on innovative technological solution.

D.  

The principles of transparency and equal treatment of bidders seem to be impaired.

A.  

An expert or decision support system

B.  

Generalized audit software

C.  

A system utility program

D.  

An integrated test facility

A.  

A separate engagement work program should be created for secondary controls

B.  

Secondary controls do not necessarily need to be tested for effectiveness

C.  

Any documented secondary controls are deemed essential to the adequacy of control design

D.  

Secondary controls should be held to the same requirements as key controls

A.  

Comer of competence

B.  

Career model

C.  

Rotational model

D.  

Cosourcing agreement

A.  

Identify significant applications that support the business operations

B.  

Assess risk and rank subjects using business risk factors

C.  

Identify how the organization structures its business operations

D.  

Select audit subjects and bundle into distinct audit engagements

A.  

Compare turnover m the organization to published turnover rates of peer organizations.

B.  

Compare turnover in one period with turnover in the previous period in the organization

C.  

Compare turnover in the period to total employees in the organization

D.  

Compare turnover with the auditor's general knowledge of the organization

A.  

1 and 3 only

B.  

1 and 4 only

C.  

2 and 3 only

D.  

2 and 4 only

A.  

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

B.  

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

C.  

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

D.  

Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

A.  

Sufficiency.

B.  

Reliability.

C.  

Relevancy.

D.  

Usefulness.

A.  

Conduct another audit engagement to ensure all risks related to the sales of scrap metal have been mitigated.

B.  

Ensure new procedures have been documented, approved, and distributed to the employees responsible.

C.  

Perform retesting to confirm that new procedures address the previously identified deficient control activities.

D.  

Analyze the new procedures, then report to senior management whether the associated risks have been managed.

A.  

The CAE is required to review, approve, and sign every engagement report.

B.  

The CAE is required to review, approve, and sign all regulatory compliance engagement reports only

C.  

The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.

D.  

The internal audit charter must identify authorized signers of engagement reports.

A.  

Impact cannot be represented on a heat map unless it is quantified in financial terms

B.  

Impact and likelihood at times cannot be differentiated as to which is more important.

C.  

A heat map cannot be used unless a risk and control matrix has been developed.

D.  

Qualitative factors cannot be incorporated into a heat map

A.  

Risk, impact likelihood existing control, recommendation

B.  

Condition, cause, effect, recommendation

C.  

Condition, cause effect test result

D.  

Risk, impact test result recommendation

A.  

The supervisor should regularly review the engagement team's workpapers throughout the engagement, including raising questions and providing guidance.

B.  

The supervisor should evaluate whether the engagement work program includes audit procedures relevant to engagement objectives.

C.  

The supervisor should thoroughly document all concerns prior to signing off the completed workpapers and finalizing the work program.

D.  

The supervisor should issue a satisfaction questionnaire to management of the activity that was under review to understand the root causes of deficient performances.

A.  

The evidence may not be reliable.

B.  

The evidence is not relevant.

C.  

The evidence may not be sufficient.

D.  

The information missing is not relevant to the audit.

A.  

Utility software

B.  

Integrated test facility

C.  

Parallel simulation

D.  

Generalized audit software

A.  

Any risk involving organizational expansion into a new geographical area with an unstable political environment.

B.  

Any risk involving investments into bitcoin and suspicious derivatives

C.  

Any risk that can cause material or financial loss

D.  

Any risk that could cause injuries or pollute the environment

A.  

The organization’s attitude to hierarchy.

B.  

The organization's whistleblowing strategy.

C.  

The organization’s ongoing risk monitoring process.

D.  

The organization’s risk management policy.

A.  

To ensure the objectives of the area under review are met

B.  

To ensure senior management supports the reports conclusions

C.  

To ensure report style and grammar are appropriate.

D.  

To ensure report findings are substantiated

A.  

Incorrect rejection risk.

B.  

Incorrect acceptance risk.

C.  

Tolerable misstatement risk

D.  

Anticipated misstatement risk

A.  

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

B.  

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

C.  

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

D.  

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

A.  

Diagnostic analysis

B.  

Predictive analysis

C.  

Network analysis

D.  

Prescriptive analysis

A.  

The organization's attitude to hierarchy

B.  

The organization's whistleblowing strategy

C.  

The organization's ongoing risk monitoring process

D.  

The organization's risk management policy

A.  

Wait for the next external assessment and address all of the missing information in the charter based on the recommendations from the external assessment team

B.  

Perform a review of HA guidance to become acquainted with the latest mandatory elements prior to updating the charter

C.  

Use an internal audit charter template from another organization that operates within the same industry.

D.  

Identify an individual within the internal audit activity who has in-depth knowledge of mandatory IIA guidance elements to address any gaps or areas of the current version of the charter that could be improved

A.  

During the inspection of a wind turbine. an internal auditor notices that some replaced parts took used According to purchase documents, the parts still have a long lifespan.

B.  

The auditor believes that the audit client's actions contradict the organization's code of conduct The audit client disagrees and says his actions are for the organization's benefit

C.  

An audit team member is allocated to conduct an assurance engagement m the sales unit. However, the same auditor performed an assurance engagement in that area just one year prior

D.  

During an inventory count, the auditor ascertained that some goods were missing. The audit client argues that the auditor does not understand how inventory should be counted

A.  

Return on investment

B.  

Customer retention

C.  

Employee satisfaction

D.  

Cost of research and development

A.  

Reperformance.

B.  

Vouching.

C.  

Independent confirmation.

D.  

Root cause analysis.

A.  

A compliance audit.

B.  

A due diligence audit.

C.  

A financial audit.

D.  

An external audit.

A.  

To gather information from a sample of people who are geographically dispersed

B.  

To assess risks that could prevent an audited area from achieving its objectives.

C.  

To evaluate tie level of compliance of remote offices with centrally designed procedures

D.  

To perform testing of controls more frequently

A.  

The engagement detected irregularities and noncompliance instances.

B.  

The engagement supervisor had no significant comments in the supervisory review.

C.  

The audit procedures were systematically planned: executed, and documented.

D.  

The engagement objectives were designed to assist the engagement client

A.  

Flowcharts are typically not well suited to support information provided by a risk and control matrix.

B.  

Flowcharts are preferred to narratives, as they can provide much greater detail on the design and operation of a process.

C.  

Flowcharts are best applied to linear process flows but cannot address all risks related to the process.

D.  

Flowcharts describe process steps but cannot provide the level of detail needed to adequately assess the design of the process.

A.  

ignore the responsibility of addressing the residual risk

B.  

Assume the responsibility of addressing the residual risk

C.  

Ensure senior management acknowledges residual risk

D.  

Communicate with the board the issue of residual risk

A.  

Add value to the organization by taking initiative and implementing corrective actions to mitigate the identified risks.

B.  

Communicate to the board the current situation, including the risk exposure to the organization.

C.  

Discuss the matter with external auditors and request that they persuade management to address the issue.

D.  

Contact the regulatory agency and inform them of the risk exposure.

A.  

Analytical procedures.

B.  

Detail testing.

C.  

Test of design.

D.  

Test of control.

A.  

1 and 3

B.  

1 and 4

C.  

2 and 3

D.  

2 and 4

A.  

Low levels of inventory

B.  

Higher level of profitability

C.  

High level of liquidity

D.  

Higher level of risk

A.  

1 and 3

B.  

1 and 4

C.  

2 and 3

D.  

2 and 4

A.  

Names and work titles of employees

B.  

Description of responsibilities of business units.

C.  

Average fuel consumption data of vehicles

D.  

Location and route data of vehicles

A.  

The CAE can release prior internal audit reports with the approval of the board and senior management.

B.  

The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

C.  

The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

D.  

The CAE can release prior information provided it is as originally published and distributed within the organization.

A.  

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.  

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.  

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.  

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

A.  

The organization's audit universe is extensive and diverse.

B.  

There has been an increase in unanticipated requests for advisory work.

C.  

Previous work provided by the external service provider has been of great quality and value.

D.  

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

A.  

The review should focus on the efficiency of the controls in place to prevent fraud.

B.  

The scope of the review does not need to include all operating areas of the organization.

C.  

The cost of the control should be compared to the benefit of mitigating the related risk.

D.  

The review should assess whether the internal controls can be circumvented.

A.  

Operational management must determine the audit objective in cooperation with the internal auditor

B.  

The audit objective may be adjusted after the start of an engagement and it does not need to align with the assessed risks

C.  

The audit objective must consider the possibility of fraud and noncompliance

D.  

The audit objective may or may not consider the possibility of fraud depending on the assessed likelihood and impact

A.  

Career model.

B.  

Center of competence model.

C.  

Rotational model.

D.  

Hybrid model.

A.  

Compliance audit.

B.  

Operational audit.

C.  

Financial audit.

D.  

Provider audit.

A.  

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.  

The board Is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported

C.  

Management is responsible for ensuring that the organization's CSR principles are communicated, understood, and integrated into decision-making processes.

D.  

Generally, CSR activities are limited to the management of the organization, thus, employees do not have a responsibility for ensuring the success of CSR objectives.

A.  

Opportunity.

B.  

Rationalization.

C.  

Pressure.

D.  

Incentives.

A.  

Present the revised audit plan directly to the board for approval.

B.  

Communicate with the chief financial officer and present the revised audit plan to the CEO tor approval

C.  

Present the revised audit plan directly to the CEO for approval

D.  

Communicate with the CEO and present the revised audit plan to the board for approval.

A.  

Refer the suggested changes to the engagement supervisor for approval.

B.  

Note the suggested changes to be included in next year’s engagement program.

C.  

Update the engagement work program with the suggested changes.

D.  

No action is required as the work program has been approved and is underway.

A.  

Conclude that the test failed because at least 17 percent of the sample items were not supported.

B.  

Select five new accounts to replace the ones that were missing supporting documentation.

C.  

Expand the sample size to 60 to determine whether the error rate remains the same.

D.  

Contact management to determine whether the supporting documentation can be located elsewhere.

A.  

Report follow-up activities to senior management.

B.  

Implement follow-up procedures to evaluate residual risk.

C.  

Determine the costs of implementing the recommendations.

D.  

Evaluate the extent of improvements.

A.  

The need and availability of automated support.

B.  

The potential impact of key risks.

C.  

The expected outcomes and deliverables.

D.  

The operational and geographic boundaries.

A.  

Use guest auditors from within the organization, and leverage their experience by assigning them to lead engagements m areas where they previously worked

B.  

Outsource some of the audits to the organization s external auditor who is already familiar with the organization

C.  

Invite nonauditors to join the internal audit activity for a two-year rotational position, and assign them to join audit teams that are reviewing areas where they have no previous management responsibility

D.  

Recruit recent college graduates and employ them as audit interns with an aim to offer permanent employment

A.  

The frequency of executing the internal audit engagements

B.  

The frequency of changes in the organization environment

C.  

The expectations set by the board and senior management

D.  

The expectations set by operating management and senior management

A.  

Traditional

B.  

Decentralized

C.  

Centralized

D.  

Customer-centric

A.  

Focus

B.  

Cost leadership.

C.  

Innovation

D.  

Differentiation

A.  

A summary of the strategic plan of the area under review.

B.  

Appropriate response options for when findings are disputed by management.

C.  

An explanation of the resources needed for each engagement.

D.  

The extent of the auditor's authority to collect data from management.

A.  

Customer satisfaction index has to be 90% each quarter.

B.  

Ten rapid charging stations will be installed next year.

C.  

The organization aims to decrease the budget by 10%.

D.  

The organization will be carbon neutral within 5 years.

A.  

Coordinate and facilitate risk workshops for management to attend

B.  

Establish the degree of risk appetite for management to accept.

C.  

Set risk Indicators and mitigation plans for management to Implement.

D.  

Determine the number of significant risks for management to report to the board

A.  

The engagement objectives.

B.  

The head of accounting’s schedule availability.

C.  

The auditors' qualifications.

D.  

The details of the audit test plan.

A.  

A risk assessment

B.  

An operational audit

C.  

A third-party audit

D.  

A fraud investigation

A.  

1 and 2

B.  

1 and 3

C.  

2 and 4

D.  

3 and 4

A.  

End the consulting engagement and report the results to management as planned

B.  

Report the significant control issues to senior management and the board and recommend corrective action

C.  

Mutually agree with the engagement client on corrective actions

D.  

Focus on the consulting engagement and schedule an assurance engagement next to address the control issues

A.  

Impact cannot be represented on a heat map unless it is quantified in financial terms.

B.  

Impact and likelihood at times cannot be differentiated as to which is more important.

C.  

A heat map cannot be used unless a risk and control matrix has been developed.

D.  

Qualitative factors cannot be incorporated into a heat map.

A.  

Planning an engagement of the area in which fraud is suspected.

B.  

Employing audit tests to detect fraud

C.  

Interrogating a suspected fraudster.

D.  

Completing a process review to improve controls to prevent fraud.

A.  

The engagement supervisor has an open door pokey for audit team members to discuss concerns

B.  

The supervisor reviews weekly progress reports from the audit team members

C.  

The supervisor reviews and initials internal audit workpapers for the engagement

D.  

The supervisor meets periodically with management in the reviewed area to get feedback during the engagement.

A.  

The establishment of an audit approach and documentation system

B.  

The standardization of workpaper terminology and notations

C.  

The ability to reach consistent audit conclusions regardless of who performs the audit

D.  

The application of documentation standards m an appropriate and consistent manner

A.  

Internal auditors must exercise due professional care to ensure that all significant risks will be identified.

B.  

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.

C.  

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist.

D.  

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost

A.  

Acts that may endanger the health or safety of individuals.

B.  

Acts that favor one party to the detriment of another.

C.  

Acts that damage or have an adverse effect on the environment.

D.  

Acts that conceal inappropriate activities in the organization.

A.  

Paying off an overdraft debt using funds from another bank current account.

B.  

Purchasing inventory using funds from long-term bank loans.

C.  

Acquiring a new car through leasing.

D.  

Factoring short-term accounts receivable in exchange for cash.

A.  

Payment terms analysis

B.  

Duplicates analysts

C.  

Aging analysis

D.  

Gap analysis

A.  

Review a random sample of concluded disciplinary reports to assess how the policy was applied in each case.

B.  

Interview a sample of impacted employees for their opinions on the clarity and fairness of the policy.

C.  

Observe several disciplinary hearings to determine whether they are in compliance with the policy.

D.  

Conduct an interview to assess the disciplinary hearing chairman’s understanding of the policy and its appropriate use.

A.  

Evidence of all data used in an engagement

B.  

Internal audit policies and workpaper templates

C.  

Workpapers, cross-referenced to audit observations

D.  

Satisfaction ratings from management of the area under review

A.  

The most recent risk assessment conducted by management of the area to be reviewed.

B.  

The requests of operational and senior management throughout the organization.

C.  

The preliminary risk assessment performed by internal auditors planning the engagement.

A.  

Diagnostic analytics

B.  

Descriptive analytics

C.  

Prescriptive analytics

D.  

Predictive analytics

A.  

Evaluate and verify management's response, and determine the need and scope for additional work.

B.  

Evaluate and verify management's response, and establish timelines for corrective action by management.

C.  

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.  

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

A.  

Creating an automated tool that monitors the computer program on a daily basis for potential issues that need corrective actions.

B.  

Using an automated system that assists internal auditors with automating the risk analysis of the computer program for invoicing

C.  

Embedding tools in the computer program to analyze the review processes of invoices for potential issues that may hamper payments

D.  

Adding invoices to the computer program to assess the reliability and effectiveness of the review process and whether controls work.

A.  

Establish and measure performance objectives for the internal audit activity

B.  

Select board members with necessary knowledge and skills.

C.  

Develop, approve, and execute the strategic plan of the organization

D.  

Develop strategies to mitigate the risks to achieving the organization's objectives

A.  

Report the risk identified from the consulting engagement to senior management.

B.  

Do not include the risk in the assessment of risk management processes, as that is management's responsibility.

C.  

Do not report the risk, as it is out of scope for the consulting engagement.

D.  

Include the risk identified from the consulting engagement in the next annual risk assessment only if it is part of the consulting engagement objectives.

A.  

Engagement objectives derived from risk assessment results from a company's risk function experts.

B.  

Engagement objectives derived from senior management's risk assessment results

C.  

Engagement objectives derived from the mental audit activity's own risk assessment results

D.  

Engagement objectives derived from risk assessment results from both senior management and the company's risk function experts

A.  

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B.  

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

C.  

The exit conference provides only anticipated results for inclusion in the final audit communication.

D.  

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

A.  

1 and 4 only.

B.  

2 and 4 only.

C.  

1 and 3 only.

D.  

2 and 3 only.

A.  

The scope of the engagement, the estimated time frame, and the names of the auditors.

B.  

The estimated time frame, the names of the auditors, and the resources and travel budget.

C.  

The names of the auditors, the resources and travel budget, and the scope of the engagement.

D.  

The resources and travel budget, the scope of the engagement, and the estimated time frame.

A.  

The nature of consulting services typically is not included in the charter.

B.  

The chief audit executive must formally review the charter at least once a year

C.  

The nature of assurances provided to parties outside of the organization typically is not included in the charter.

D.  

The charter typically defines the internal audit activity’s position within the organization.

A.  

The tests are acceptable since they are good enough to detect quality problems and failure products are not sent to the market.

B.  

Despite a significant rejection percentage, the test conditions are not useful because they are not similar to real world conditions. The significance of the finding is reduced because tests are performed in accordance with written procedures.

C.  

The quality tests must be run in similar conditions as vehicles experience in the real world. This is a major finding since there is a risk to life considering the type of product being evaluated.

D.  

Despite the risk of an accident, the severity of the finding can be reduced because the company discards the failed products. Due to this, the likelihood of occurrence is low.

A.  

Inventory comprised of the same items stored in different warehouses

B.  

Batches of materials that must be confirmed as meeting quality standards

C.  

Revenue that is earned by an organization through cash receipts or as receivable.

D.  

Tax reports submitted to meet the requirements of the local taxation authority

A.  

The board is responsible for setting the organizational attitude through tone at the top.

B.  

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities

C.  

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.  

The framework is designed to be effective for organizations no matter how small.

A.  

The test of the control design should have occurred at the performance stage.

B.  

The test of the operating effectiveness of the control was not necessary.

C.  

A risk and control matrix is not appropriate for this type of engagement.

D.  

The test of the operating effectiveness of the control should have occurred at the planning stage.

A.  

The auditor should state that the error rate was within the selected confidence level.

B.  

Negative assurance should be provided, as the associated revenue account was not examined.

C.  

The auditor should state that controls over the recording of transactions in the revenue account are operating effectively.

D.  

Positive assurance could be provided for the effectiveness of the accounts receivable controls.

A.  

Increased access to the organization’s employees.

B.  

Increased ability to preserve evidence and the chain of command.

C.  

Increased ability to scrutinize the organization's key business processes.

D.  

Increased access to the organization’s software and proprietary data.

A.  

Developing policies and procedures for the internal audit activity

B.  

Ensuring the internal audit activity is not found fallible during audit engagements.

C.  

Undertaking all engagements that management requests of the internal audit activity.

D.  

Ensuring the internal audit activity reports functionally to the board of directors

A.  

Communicate the corrected information to the manager of the audited department.

B.  

There should be a follow-up audit to address the error or omission.

C.  

The auditor should update the scope of the audit to include the omission.

D.  

The corrected communication should be redistributed to the original recipients.

A.  

The best source tor detailed process information is senior management

B.  

Audit objectives should be general and do not change.

C.  

Computer-assisted audit techniques are typically not useful during engagement planning

D.  

Internal auditors should prepare a dented audit program for testing controls

A.  

Description of the procurement policy

B.  

Summary of the tendering process

C.  

Substantiated and comparative evidence

D.  

Impact analysis of unfavorable prices

A.  

A plan that focuses on furthering the independence of the internal audit activity.

B.  

A plan that ensures internal auditors collectively possess expertise in various fields to avoid outsourcing.

C.  

A plan based on individual preferences and proposals, which helps internal auditors achieve greater success.

D.  

A plan that focuses on filling gaps in the current skills needed to complete audit objectives.

A.  

Strategic sourcing

B.  

Loan staff arrangement

C.  

Flat organizational structure

D.  

Hierarchical organizational structure

A.  

1 and 2 only

B.  

1 and 4 only

C.  

2 and 3 only

D.  

3 and 4 only

A.  

Cost-benefit analysis of management not implementing a recommendation to address an observation.

B.  

Inquiry of corrective action to be completed within a certain period.

C.  

Reporting the status of every observation for every engagement in a detailed manner.

D.  

Soliciting management’s feedback after completion of the audit engagement.

A.  

The senior auditors are unavailable, as they are currently working on other portions of the engagement.

B.  

The auditor in charge believes that the junior auditor should obtain a specific type of experience.

C.  

The audit engagement has a tight deadline and the work must be completed timely.

D.  

The auditor in charge is unable to identify audit staff with all of the required skills needed to complete the engagement.

A.  

Review documents registered with the appropriate governmental authority.

B.  

Examine the board of directors' minutes and look for approvals to acquire property.

C.  

Confirm with senior management and legal counsel concerning property acquisition.

D.  

Confirm ownership with the title company that handles the escrow account.

A.  

Metadata

B.  

Data security

C.  

A business application

D.  

Data owner

A.  

The assessment of high-level risks is typically a linear process.

B.  

Management should create the preliminary risk matrix

C.  

The analysis should begin with ne identification of objectives

D.  

Likelihood should receive greater consideration than impact

A.  

Mitigating risks affecting achievement of organizational objectives.

B.  

Enabling opportunities affecting achievement of organizational objectives.

C.  

Analyzing and advising regarding costs versus benefits of control activities.

D.  

Attesting to fairness of financial statements

A.  

On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.

B.  

On a sunny day, total sales are less than expected when compared to the cost of ingredients used.

C.  

Both total sales and cost of ingredients used are greater than expected.

D.  

Both total sales and cost of ingredients used are less than expected.

A.  

A three-way match between the invoice, purchase requisition, and documentation of receipt of services

B.  

A member of management approves the purchase requisition before the temporary employee begins work

C.  

A scope of work for the temporary employee is included in the purchase requisition and signed by the organization

D.  

Payments to the vendor are analyzed monthly to ensure they do not exceed the amount approved on the purchase order

A.  

The CAE should accept the engagement and ensure that an explanation of the expertise limitations is included in the final audit report.

B.  

The CAE should ask management to hire an external expert who is familiar with the industry to perform an independent audit for management

C.  

The CAE should accept the engagement and hire an external expert to assist the audit team with the audit of the subsidiary

D.  

The CAE should recommend postponing the engagement until the internal audit team is able to develop sufficient knowledge of the new industry

A.  

1 and 3.

B.  

1 and 4

C.  

2 and 3.

D.  

2 and 4

A.  

Amend the audit plan so that available audit resources are adequate to meet the plan’s requirements.

B.  

Inform the board and senior management of the resources needed, as well as the associated risks.

C.  

Communicate early to those unit managers whose areas would most likely not be able to get reviewed.

D.  

Get approval from human resources regarding overtime payment to be made in an effort to complete the audit plan.

A.  

To assess the efficiency and effectiveness of the accounting department.

B.  

To evaluate organizational and departmental structures, including assessments of process flows related to financial matters.

C.  

To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.

D.  

To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.

A.  

Communication of any internal ethics violations to external parties may occur with appropriate safeguards.

B.  

Cultural impacts are less critical where the organization practices uniform polices around the globe.

C.  

Cross-cultural differences should always be handled by the staff of the same cultural background.

D.  

Local law enforcement should be involved as they are more familiar with the applicable local laws.

A.  

Accounting adjustments of inventories are approved by the management in accordance with a signature policy

B.  

Root causes of inventory differences are analyzed and corrective measures are followed

C.  

High value items are inventoried more frequently throughout the year

D.  

Value of accounting adjustments matches with the value of inventory differences and are made in a timely manner

A.  

Review year-over-year trending of total dollars spent in each period.

B.  

Review changes to the vendor master file for suspicious activity.

C.  

Review the percentage of on-time payments against prior periods.

D.  

Review total expenses for accounting against other department expenses in the organization.

A.  

interview management to determine what types of data are collected and maintained

B.  

Trace data from storage to the collection sources to determine how critical data is collected and organized

C.  

Review a sample of data to determine whether the risk classification is reasonable

D.  

Document and test a data inventory and classification program by determining the data classification levels and framework

A.  

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

B.  

All completed training costs, and the cost of actual production hours completed to date.

C.  

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

D.  

All completed training costs, and 50% of the contracted production costs.

A.  

An assurance map is used by the chief audit executive to coordinate assurance activities with other internal and external assurance providers

B.  

An assurance map is a picture of all assurance engagements performed by the internal audit activity across the organization

C.  

An assurance map is used by the engagement supervisor to coordinate the roles of various internal audit team members assigned to assurance engagements

D.  

An assurance map lists the procedures and testing activities performed by an internal audit team during an assurance engagement

A.  

Assign another auditor to complete the audit step and produce a new error-free workpaper.

B.  

Document the problem as a review comment and continue with the audit.

C.  

Discuss the matter with the auditor who produced the workpapers and improve the training manual.

D.  

Complete the audit step herself to ensure accuracy and take additional steps to improve the audit training plan.

A.  

Surveys

B.  

Management produced analysis 0

C.  

Facilitated team workshops

D.  

Weighted risk factors

A.  

The corporate risk register.

B.  

The strategic plan.

C.  

Internal and external audit reports.

D.  

The board's meeting records.

A.  

Explain the situation to senior management and remove the audit from the audit plan until next year

B.  

Conduct the audit of the quality department but adjust the audit program to remove the quality control testing

C.  

Engage one of the other trained employees to participate in the audit review of the quality department

D.  

Request that external auditors include this area as part of their review and provide independent assurance

A.  

To ensure the objectives of the area under review are met.

B.  

To ensure senior management supports the report's conclusions.

C.  

To ensure report style and grammar are appropriate.

D.  

To ensure report findings are substantiated.

A.  

ICQs do not allow for open-ended questions.

B.  

ICQs do not allow for evaluating multiple locations.

C.  

ICQs require significant auditor follow-up, as different managers may give different responses.

D.  

ICQ respondents have incentives to answer that there are internal controls in place.

A.  

During a standard audit engagement when management wants to address an issue before the final report is drafted.

B.  

Following each workshop conducted during a consulting engagement.

C.  

During lengthy audit engagements involving several organizational units.

D.  

Following management's update tor actions taken on outstanding recommendations.

A.  

Chair should learn the current organizational culture of the company.

B.  

Chair should learn the current risk management system of the company

C.  

Chair should determine the appropriateness of the current strategic risks.

D.  

Chair should gain an understanding of the needs of key stakeholders.

A.  

To gain an understanding of the control environment

B.  

To collect as much financial data as possible before engagement fieldwork begins.

C.  

To test the effectiveness of financial controls in an efficient and relatively inexpensive way

D.  

To facilitate the quantification of financial data obtained

A.  

Each invoice for goods or services acquired by the organization must be recorded only once in the accounting system.

B.  

The accounting system lacks efficient controls for the identification of duplicate invoices.

C.  

Disbursements may be made inappropriately, and liabilities may be overstated.

D.  

The accounting system is at the end of its lifetime and is no longer developed by the provider.

A.  

The treasury supervisor establishes a threshold for amounts on bank statements to be reconciled against data in the system

B.  

The treasury analyst performs a daily reconciliation of al bank statements obtained via email against data in the system

C.  

The treasury analyst reviews a daily report automatically generated by the treasury system, which shows bank statements that have not been uploaded into the accounting system.

D.  

The treasury supervisor seeks an annual confirmation from the bank regarding the bank statements processed within a year

A.  

1 and 2

B.  

1 and 4

C.  

2 and3

D.  

3 and 4

A.  

Evaluate the application of project management guidance in the development of wind parks.

B.  

Identify key risks and mitigation plans pertaining to the management of wind parks.

C.  

Assess whether development of wind parks is compliant with relevant legal acts and international best practices.

D.  

Review the wind park development strategy and compare its goals with operational targets and metrics.

A.  

Retained earnings indicate the amount of potential dividends to be paid out to new investors.

B.  

Retained earnings represent the amount of excess cash available in the organization.

C.  

Retained earnings demonstrate that the organization was able to generate working capital from its own activities.

D.  

Retained earnings constitute the main criterion used by ratings agencies to assess an organization.

A.  

Operations

B.  

Compliance

C.  

Financial reporting

D.  

Strategic

A.  

Obtain and review the organization’s policies and procedures to gain an understanding of the quality control checks performed on the gaming systems.

B.  

Perform unannounced onsite observations at factories to help determine how employees perform quality control checks of the gaming systems in real time.

C.  

Meet and discuss with the quality control supervisors at the facilities to obtain information about the processes related to the quality control of gaming systems.

D.  

Use the organization’s manufacturing documentation to create a flowchart that shows how the gaming systems are built to meet the established quality control standards.

A.  

It allows the internal audit function to provide more subjective conclusions that would help the organization meet its goals and objectives.

B.  

It allows the internal audit function to perform the appropriate engagements that minimize audit fatigue within the organization.

C.  

It allows the internal audit function to focus more attention on ensuring that solutions and risks adhere to defined regulations.

D.  

It allows the internal audit function to obtain more resources to perform more engagements of departments within the organization.

A.  

Process objectives.

B.  

Process risks

C.  

Process controls.

D.  

Process scope

A.  

The document management policy requires business client data to be stored in a specific management database

B.  

Sales contracts were stored improperly because the office manager was not trained to use the electronic database and prefers to avoid it

C.  

if the organization becomes subject to litigation the agreed pricing terms and conditions of the contracts may be difficult to prove

D.  

All staff should be appropriately trained and required to follow the organization's established policies and procedures pertaining to document management

A.  

Results of internal assessments need to be reported to the board at least once every five years.

B.  

The external assessor must present the findings from the external assessment to senior management and the board upon completion.

C.  

Deficiencies within the internal audit activity must be reported to the board as soon as they are noted

D.  

Results of ongoing monitoring of the internal audit activity’s performance must be reported to senior management and the board at least annually

A.  

CAE reviews and approves the annual audit plan.

B.  

CAE meets privately with the CEO at least annually

C.  

CAE meets privately with the board at least annually.

D.  

CAE reports to the board regarding audit staff performance evaluation and compensation.

A.  

Independent confirmation

B.  

Tracing

C.  

Vouching

D.  

Reperformance

A.  

Book value per common share ratio is lower than that of the prior year.

B.  

Staff turnover ratio is higher than the comparable organization in the same industry.

C.  

Utilities expense of the sales unit is higher than that of the customer service unit.

D.  

Sales are significantly higher than the industry’s average for five years.

A.  

Communicate the workpaper review results to management of fie area under review to validate the final report

B.  

Update the final report in the file with any necessary corrections based on the workpaper review.

C.  

Discuss the workpaper review results with the staff auditor where appropriate as a leaning opportunity

D.  

Add the manager's review notes to the final documentation following the review

A.  

A condition-based action plan

B.  

A cause-based action plan.

C.  

A root cause-based action plan.

D.  

An effect-based action plan.

A.  

Determine process outputs

B.  

Determine process inputs.

C.  

Determine process activities.

D.  

Determine process goals

A.  

Potential legislation on privacy topics will be employed as a compliance target.

B.  

Wire transfers that exceeded $10,000 in the last 12 months will be analyzed.

C.  

Both random and judgmental samplings will be used during the engagement.

D.  

The probability of significant errors will be considered via risk assessment.

A.  

To better understand and influence executives' planning.

B.  

To make executives aware of the benefits that the internal audit activity can provide.

C.  

To assist executives in setting the organization’s risk appetite.

D.  

To have a better understanding of the training needed to strengthen the audit team.

A.  

Audit findings

B.  

Audit resources

C.  

Audit objectives

D.  

Audit plan

A.  

Inform management and request that the plan be tested immediately.

B.  

Update the recovery plan for management, as part of the review.

C.  

Evaluate the recovery plan and report weaknesses to management.

D.  

Recommend that management and users update and test the recovery plan.

A.  

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

B.  

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

C.  

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures

D.  

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

A.  

The CAE should send the final report to operational and senior management and the audit committee.

B.  

The CAE should send the final report to operational management only, as there is no need to communicate this information to higher levels.

C.  

The CAE should notify operational and senior management that the audit engagement was completed with no significant findings to report.

D.  

The CAE should send the final report to operational management and notify senior management and the audit committee that no significant findings were identified.

A.  

To ensure that the engagement is completed on time and within budget

B.  

To ensure that all work performed meets acceptable quality standards

C.  

To ensure that management has provided suitable responses to all observations

D.  

To ensure that management is satisfied with the progress of the engagement

A.  

Recent workpapers can help during the planning of a new engagement to understand any corrective actions taken by management to address previous engagement observations.

B.  

Tests described in recent workpapers can be copied into the new workpapers to save time from reperforming a risk assessment.

C.  

Recent workpapers serve as the best source for identification of the risks to be examined in the new engagement.

D.  

The new engagement scope can be derived from recent workpapers to ensure the reperformance of engagement procedures.

A.  

Persuade senior management to take appropriate action.

B.  

Cancel issuing the engagement report due to the assumed risks.

C.  

Accept senior management’s assumption of the risks.

D.  

Discuss the issue with the board for them to take appropriate action.

A.  

Recommend additional segregation-of-duty reviews.

B.  

Recommend appropriate awareness training for all finance department staff.

C.  

Recommend rotating finance staff in this area.

D.  

Recommend that management address these concerns immediately.

A.  

Strong board of directors oversight.

B.  

Incentive-based compensation structures

C.  

Lower than average employee turnover.

D.  

Implementation of a fraud hotline

A.  

Generalized audit software.

B.  

Utility software.

C.  

Integrated test facilities.

D.  

Audit expert systems.

A.  

Criteria.

B.  

Effect

C.  

Condition

D.  

Cause

A.  

The financial interest the service provider may have in the organization.

B.  

The relationship the service provider may have had with the organization or the activities being reviewed.

C.  

Compensation or other incentives that may be applicable to the service provider.

D.  

The service provider's experience in the type of work being considered.

A.  

The bank destroys all records containing a customer's personal information without informing the customer.

B.  

Based on an assessment of likely products of interest to the customer, the bank shares the customer’s personal information with other companies within the group and informs the customer.

C.  

The bank retains customer information to facilitate easier verification of personal information in the event that the customer returns to reopen his account. The customer is not informed.

D.  

The customer's personal information is used for market research by an external company and the customer is informed prior to publishing the results of the market research.

A.  

Reporting results of audits with recommendations to management.

B.  

Providing formal follow-up procedures to ensure that management complies with an action plan or accepted risk of not taking action.

C.  

Reporting quarterly to management that the audit plan is focused on higher exposures of risk.

D.  

Discussing audit findings with independent auditors.

A.  

The engagement supervisor should print sign and date each workpaper after the review is complete and scan the document into the database as evidence of review

B.  

Because the engagement supervisor called the help desk to correct the IT problem, he should upload the support-request ticket from the help desk to serve as evidence of the review

C.  

The engagement supervisor should ask another manager-level internal auditor not associated with the project to sign the workpaper on his behalf

D.  

The engagement supervisor should instruct the staff internal auditor to add a note in the workpaper on his behalf indicating that the workpaper was reviewed and feedback was provided

A.  

Proceed with the audit engagement, but do not include the relative's information.

B.  

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.  

Disclose in the engagement final communication that the relative Is a customer

D.  

Immediately withdraw from the audit engagement

A.  

Operations can continue after the liquidation, if all partners agree.

B.  

Partnership liquidation ends both the legal and economic life of an entity

C.  

Partnership liquidation occurs when there is capital deficiency.

D.  

When a partnership Is liquidated, each partner pays creditors from cash received

A.  

Elements of evaluation

B.  

Elements of organization

C.  

Elements of practice

D.  

Elements of confidentiality

A.  

1 and 2

B.  

1 and 3

C.  

2 and 3

D.  

2 and 4

A.  

Expertise in IT general controls

B.  

Understanding of change management processes

C.  

Proficiency in using design software

D.  

Fluency in multiple programming languages

A.  

Cause and effect.

B.  

Effect and criteria

C.  

Condition and cause

D.  

Criteria and condition.

A.  

Request that the internal auditors remove irrelevant workpapers from the records.

B.  

Sign off on all workpapers, and arrange the documentation from most relevant to least relevant.

C.  

Ensure that the final audit report indicates that the initial engagement objectives were expanded.

D.  

Expand the scope of the audit and include the additional documentation.

A.  

A due diligence engagement.

B.  

An operational audit engagement.

C.  

A feasibility study engagement.

D.  

A risk and control self-assessment engagement.

A.  

By calculating the period of time when the area was last audited try internal auditors

B.  

By totaling the monetary value of the processes within the organization in the scope of the engagement

C.  

By counting the number of red flags indicating the potential fraudulent activities within the area.

D.  

By estimating the likelihood of a risks occurring and the potential impact of that risk on the organization

A.  

Analytical procedures compare information against expectations

B.  

Analytical procedures begin after the engagements planning phase.

C.  

Analytical procedures provide internal auditors with explainable results.

D.  

Analytical procedures are computer-assisted audit techniques

A.  

Criteria

B.  

Condition

C.  

Cause

D.  

Effect

A.  

Relevant risk indicators and mitigation plans are in place

B.  

All risks are identified and assessed

C.  

Business profitability is likely to be achieved

D.  

Risk information is communicated to customers and suppliers

A.  

To identify whether fuel was purchased for work-related purposes

B.  

To estimate future fuel costs for the organization's fleet of vehicles

C.  

To determine trends in average fuel consumption by vehicle

D.  

To determine whether the organization is paying more than the industry average for fuel

A.  

It minimizes the amount of time spent and cost incurred to gather the necessary information.

B.  

Responses can be confidential, thus encouraging participants to be candid expressing their concerns.

C.  

Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.

D.  

Workshop participants have an opportunity to learn while contributing ideas toward the objectives.

A.  

The auditor wants to receive mid-level management insight on how to improve hiring practices.

B.  

The auditor wants to obtain information on whether adherence to approval matrices is actually taking place in different maintenance units.

C.  

The auditor wants to gain assurance that inventory counts are conducted in accordance with established procedures.

D.  

The auditor wants to assess whether different subsidiaries apply centrally established procurement rules in the same manner.

A.  

A clothing company designs, makes, and sells a new item.

B.  

A commercial construction company is hired to build a warehouse.

C.  

A city department sets up a new firefighter training program.

D.  

A manufacturing organization acquires component parts from a contracted vendor

A.  

1 and 2 only

B.  

2 and 4 only

C.  

1, 2, and 4

D.  

2, 3, and 4

A.  

Compare purchase orders generated from test data Input into the LAN with purchase orders generated from production data for the most recent period.

B.  

Develop a report of excess inventory and compare the inventory with current production volume.

C.  

Compare the parts needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

D.  

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

A.  

Strategic plans reflect the organization's business objectives and overall attitude toward risk.

B.  

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.  

Strategic plans are likely to show areas of weak financial controls.

D.  

The strategic plan is a relatively stable document on which to base audit planning.

A.  

Defer the engagement until a system of internal control has been established

B.  

Change the scheduled engagement from assurance to consulting to help correct the shortcomings

C.  

Add a consulting component to the already scheduled assurance engagement

D.  

Seek the involvement of the external auditor to assist with improving the internal controls

A.  

Utility software

B.  

Generalized audit software

C.  

Application software tracing and mapping

D.  

Audit expert systems

A.  

Engagement reporting

B.  

Continuous monitoring

C.  

Engagement supervision

D.  

Engagement risk assessment

A.  

Examining the entire population

B.  

Asking management about the malpractice

C.  

Testing a sample of random transactions.

D.  

Using data analytics

A.  

The auditor should accommodate the request for information and brief management on significant preliminary observations as they develop.

B.  

The auditor should advise management that the requested information cannot be communicated until the engagement is complete and the results undergo a quality check by the engagement supervisor.

C.  

The auditor should share the requested information but clearly communicate that it is not appropriate for him to correct any observations based on further information that may be provided by management.

D.  

The auditor should partially accommodate the request, explaining that he can provide status updates regarding the engagement procedures and timeline but he is unable to provide information regarding preliminary observations.