A.  

Operational audit

B.  

Compliance and financial audit

C.  

Performance audit

D.  

Quality audit

A.  

These are weaknesses resulting from a lack of a documented contracting policy

B.  

Substandard service delivery by vendors may not be detected

C.  

Management should expedite actions to rectify the observations identified

D.  

The internal controls guiding contract management are not operating effectively

A.  

Ensure the testimonials are well documented

B.  

Substantiate the testimonials with physical or documentary evidence

C.  

Corroborate testimonials with the results from other soft control techniques

D.  

Review the testimonials with the interviewed employees

A.  

1 and 2

B.  

1 and 3

C.  

2 and 3

D.  

2 and 4

A.  

Express an opinion on the participants' inputs and conclusions as the assessment progresses.

B.  

Provide appropriate techniques and guidelines on how the exercise should be undertaken.

C.  

Evaluate and report on all issues that may be uncovered during the exercise.

D.  

Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.

A.  

Acts that may endanger the health or safety of individuals.

B.  

Acts that favor one party to the detriment of another.

C.  

Acts that damage or have an adverse effect on the environment.

D.  

Acts that conceal inappropriate activities in the organization.

A.  

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

B.  

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

C.  

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

D.  

Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

A.  

Confirmation and financial statement analysis

B.  

Reperformance and inspection

C.  

Vouching and tracing

D.  

Trend analysis and benchmarking

A.  

Interview responsible managers and read strategic documents

B.  

Conduct internet searches on gas sales and analyze market players

C.  

Review gas clients' portfolio and compile statistics on sales margins

D.  

Analyze the organization's revenues and calculate the proportion of gas

A.  

Advance notice may result in management making corrections to reduce the number of potential deficiencies.

B.  

Previous management action plans addressing prior internal audit recommendations remain incomplete.

C.  

The engagement includes audit assurance procedures such as sensitive or restricted asset verifications.

D.  

The audit engagement has already been communicated and approved through the annual audit plan.

A.  

The amount of experience the auditors have conducting audits in the specific area of the organization.

B.  

The availability of the auditors in relation to the availability of key client staff.

C.  

Whether the budgeted hours are sufficient to complete the audit within the current scope.

D.  

Whether outside resources will be needed, and their availability.

A.  

The auditor should have ensured the preservation of audit evidence by taking screenshots or extracting tender documents

B.  

The auditor should have extracted a list of logs and identified any actions that were executed in the database during the audit

C.  

The auditor should have instructed procurement workers that changes to the database during the course of the audit were strictly forbidden

D.  

The internal auditor should have created a more thorough work program, which would address audit criteria and potential causes in more detail

A.  

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.  

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.  

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.  

Monitor customer quality complaints compared to the prior period to identify vendor issues.

A.  

The employee’s name listed on organization’s payroll is compared to the personnel records.

B.  

Payroll time sheets are reviewed and approved by the timekeeper before processing.

C.  

Employee access to the payroll database is deactivated immediately upon termination.

D.  

Changes to payroll are validated by the personnel department before being processed.

A.  

The organization experiences a merger, and the management team is reorganized and redistributed globally

B.  

The organization launches a product into new global markets

C.  

After minimal testing, the organization implements a new system to replace a legacy system

D.  

Regulators announce broad legislative reforms applicable to the industry within which the organization operates

A.  

Credit limit over drafts are not monitored in accordance with the organizations policy

B.  

Seventeen percent of customers' open balances in the sample exceed their approved unsecured credit rent

C.  

The threshold for credit limits defined by the organization's policy is not adequate

D.  

Management should perform monthly monitoring of open customer balances

A.  

Criteria

B.  

Condition

C.  

Cause

D.  

Effect

A.  

The engagement supervisor's review notes should be retained m the final documental or even after they are addressed.

B.  

The engagement supervisor's review notes cannot be used as evidence of engagement supervision

C.  

The engagement supervisor's review notes could be cleared from all final documentation after they are addressed

D.  

The engagement supervisor's review notes must be maintained in a checklist separate from tie final documentation

A.  

There is no risk management and control process and risk management is solely tie responsibility of operational managers

B.  

The organisation’s code of conduct is distributed to employees each year however employees are not required to attest that they will operate In compliance with the code.

C.  

Reconciliation of planned board meeting agendas to meeting minutes finds that one meeting was canceled, and the agenda topics were covered at the following meeting.

D.  

The review of the five-year strategic plan shows that the details of the plan have not been dearly communicated to employees throughout the organization

A.  

1 and 2

B.  

1 and 4

C.  

2 and 3

D.  

3 and 4

A.  

1 and 2

B.  

1 and 4

C.  

2 and 3

D.  

3 and 4

A.  

Coach management in responding to risks.

B.  

Develop risk management strategies for board approval.

C.  

Facilitate identification and evaluation of risks.

D.  

Evaluate risk management processes.

A.  

Evaluating procurement department process effectiveness

B.  

Helping in the design of the risk management program

C.  

Assessing financial reporting control adequacy

D.  

Reviewing environmental, social, and governance reporting compliance

A.  

Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.

B.  

Confirm the decision with management and document this decision in the audit file.

C.  

Document the issue in the audit file and follow up until the issues are resolved.

D.  

Initiate an assurance engagement on the unresolved issues.

A.  

Determine whether there are any compensating controls in place to reduce the nsk to an acceptable level, and discuss this matter with management of the business area to determine which corrective action is needed

B.  

Test the control anyway to determine the likelihood that the control was not performed property, and discuss this matter with management of the business area to determine which corrective action is needed

C.  

Conclude that the process control environment is weak, issue a finding on this conclusion and report this finding to management of the business area

D.  

Confer with a second internal auditor to determine whether the control failure is legitimate issue a finding on this conclusion and report this finding to management of the business area

A.  

Create an assurance map to illustrate each provider's level of assurance and planned activities for each area of the organization

B.  

LIMIT© ricks inventory to identify the risks and controls in place and the relevant control owners.

C.  

Rely on the risk and control and management testing information maintained for compliance with the regulatory framework

D.  

Prepare a risk likelihood and impact heal map to prioritize assurance coverage coordination.

A.  

The level of control is appropriate given the level of risk

B.  

The level of control is excessive given the level of risk

C.  

The level of control is inadequate given the level of risk

D.  

There is not enough of information to determine whether the controls are appropriate or not

A.  

Previous performance of the subsidiary specifically its financial results over the last three years and the outcome of external audit reviews

B.  

The results of previous internal audits of the subsidiary the recommendations provided and whether the recommended actions have been implemented

C.  

Organizational strategy objectives, risks, control framework and the expectations of stakeholders regarding the audit

D.  

The qualifications and competencies of the subsidiary's management team and their understanding of risk and control

A.  

Strategic plans reflect the organization's business objectives and overall attitude toward risk.

B.  

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.  

Strategic plans are likely to show areas of weak financial controls.

D.  

The strategic plan is a relatively stable document on which to base audit planning.

A.  

Ensure that internal audit recommendations are practical, cost-effective, and value-added

B.  

Ensure that internal audit conclusions am based on sufficient and reliable evidence

C.  

Ensure that risks to the timely completion of the engagement are assessed

D.  

Ensure that performance assessments are completed for audit team members

A.  

By calculating the period of time when the area was last audited try internal auditors

B.  

By totaling the monetary value of the processes within the organization in the scope of the engagement

C.  

By counting the number of red flags indicating the potential fraudulent activities within the area.

D.  

By estimating the likelihood of a risks occurring and the potential impact of that risk on the organization

A.  

The engagement team should include internal auditors who have expertise in investigating vendor fraud

B.  

The engagement team should be composed of certified accountants who are proficient In financial statement analysis and local accounting principles

C.  

To preserve independence and objectivity, an auditor who worked for the vendor two years prior may not participate on the engagement team

D.  

The engagement team may include an auditor who lacks knowledge of the industry in which the vendor operates

A.  

All requests for consulting engagements must be included in the annual internal audit plan

B.  

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.  

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.  

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

A.  

Identify and manage risks in line with the organization's risk appetite.

B.  

Ensure that a proper and effective risk management process exists.

C.  

Attain an adequate understanding of the organization's key risk mitigation strategies.

D.  

Identify and ensure that appropriate controls exist to mitigate risks.

A.  

Top-down approach

B.  

Process-Metrix approach

C.  

Risk-factor approach

D.  

Bottom up approach

A.  

The treasury supervisor establishes a threshold for amounts on bank statements to be reconciled against data in the system

B.  

The treasury analyst performs a daily reconciliation of al bank statements obtained via email against data in the system

C.  

The treasury analyst reviews a daily report automatically generated by the treasury system, which shows bank statements that have not been uploaded into the accounting system.

D.  

The treasury supervisor seeks an annual confirmation from the bank regarding the bank statements processed within a year

A.  

Assess controls for potential compliance issues that may affect me consolidation

B.  

Brief vendors on the potential risks that will occur without continued business

C.  

Advise division managers on how to streamline operations for better efficiency

D.  

Determine whether the organization’s controls are effective in meeting business objectives

A.  

Inquiry

B.  

Analytical review

C.  

Observation

D.  

Inspection of documents

A.  

To gain access to a wider variety of skills, competencies and best practices.

B.  

To complement existing expertise with a required skill and competency for a particular audit engagement.

C.  

To focus on and strengthen core audit competencies.

D.  

To provide the organization with appropriate contingency planning for the internal audit function.

A.  

During the inspection of a wind turbine. an internal auditor notices that some replaced parts took used According to purchase documents, the parts still have a long lifespan.

B.  

The auditor believes that the audit client's actions contradict the organization's code of conduct The audit client disagrees and says his actions are for the organization's benefit

C.  

An audit team member is allocated to conduct an assurance engagement m the sales unit. However, the same auditor performed an assurance engagement in that area just one year prior

D.  

During an inventory count, the auditor ascertained that some goods were missing. The audit client argues that the auditor does not understand how inventory should be counted

A.  

The CAE must discuss the matter with senior management

B.  

The CAE must discuss the matter with key shareholders

C.  

The CAE must discuss the matter with legal counsel

D.  

The CAE must discuss the matter with the board

A.  

The CAE has no role to play, because the chief health and safety officer reports to a senior executive.

B.  

The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.

C.  

The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.

D.  

The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.

A.  

They ore kitted as they do not allow the auditor to test many controls.

B.  

They do not highlight control gaps

C.  

They are not useful for identifying areas on which the auditor should locus.

D.  

They are limited as there is a risk that management may not answer fairly.

A.  

The auditor compares information from one period with the same information from the poor period

B.  

The auditor compares new information to his general knowledge of the organization

C.  

The auditor compares information he collected with simmer information from another source

D.  

The auditor compares expected outcomes with actual results

A.  

The complexity of deficiency findings.

B.  

The adequacy of preliminary survey information.

C.  

The organization and content of workpapers.

D.  

The method and amount of supporting detail used for the audit report.

A.  

The CAE should reassess and validate the risk tolerance policy

B.  

The CAE should escalate the issue to senior management .

C.  

The CAE should reiterate the internal audit team's recommendations to management .

D.  

The CAE should grant management more time to implement the recommendation and check the status of the issue during the next scheduled follow-up.

A.  

The CAE must establish a follow-up process tor both assurance and consulting engagements to monitor that management actions have been effectively implemented to address observations

B.  

The CAE must communicate the results of assurance and consulting engagements lo whoever can ensure that the results are given due consideration.

C.  

The CAE must acknowledge satisfactory performance when communicating the results of assurance and consulting engagements

D.  

The CAE may delegate the responsibility for communicating the results of consulting engagements although this responsibility cannot be delegated for assurance engagements

A.  

Verifying the existence of inventory items in each warehouse

B.  

Assigning the tolerable deviation rate to determine the sample size

C.  

Valuating the obsolete Inventory from all the warehouse locations

D.  

Confirming that the purchased items are recorded In the correct period

A.  

The observation was made during the same audit, and the action plan has a common owner.

B.  

The observation relates to the same control activity within a common process.

C.  

The observation has a common control, and it was noted in a prior audit.

D.  

The observation has a common process, and the action plan for the observation has a common owner.

A.  

The best source tor detailed process information is senior management

B.  

Audit objectives should be general and do not change.

C.  

Computer-assisted audit techniques are typically not useful during engagement planning

D.  

Internal auditors should prepare a dented audit program for testing controls

A.  

1 and 3 only

B.  

2 and 4 only

C.  

1, 3, and 4 only

D.  

1, 2, 3, and 4

A.  

The internal audit risk assessment and audit plan for the next fiscal year.

B.  

The internal audit budget and resource plan for the coming fiscal year.

C.  

A request for an increase of the CAE's salary for the next fiscal year.

D.  

The evaluation and compensation of the internal audit team.

A.  

Action plan

B.  

Recommendation

C.  

Condition

D.  

Criteria

A.  

Tracing

B.  

Reperformance

C.  

Vouching

D.  

Walkthrough