Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium IIA IIA-ACCA Dumps Questions Answers

Page: 1 / 23
Total 604 questions

ACCA CIA Challenge Exam Questions and Answers

Question 1

Which of the following statements describes an engagement planning best practice?

Options:

A.

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

B.

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

C.

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

D.

Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

Buy Now
Question 2

Which of the following statements about internal audit's follow-up process is true?

Options:

A.

The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure quality performance.

B.

The actions of external auditors and other external assurance providers is not encompassed by internal audit's follow-up process.

C.

Internal auditors have responsibility for determining if management and the board have implemented the recommended action or otherwise accepted the risk.

D.

The follow-up process must be complete and documented in the working papers in order to conclude the engagement.

Question 3

The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?

Options:

A.

The CAE is required to review, approve, and sign every engagement report.

B.

The CAE is required to review, approve, and sign all regulatory compliance engagement reports only

C.

The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.

D.

The internal audit charter must identify authorized signers of engagement reports.

Question 4

According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?

Options:

A.

Degree of effort and cost needed to correct the reported condition.

B.

Complexity of the corrective action.

C.

Impact that may result should the corrective action fail.

D.

Amount of resources required to conduct the follow-up activities.

Question 5

An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

Options:

A.

Manage and coordinate risk management processes.

B.

Audit risk management processes.

C.

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.

Accept management's responsibility for risk management without board approval.

Question 6

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

Options:

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Question 7

According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

Options:

A.

The organization's audit universe is extensive and diverse.

B.

There has been an increase in unanticipated requests for advisory work.

C.

Previous work provided by the external service provider has been of great quality and value.

D.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

Question 8

During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?

Options:

A.

The audit supervisor should include the new contracts in the finding for the final audit report.

B.

The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.

C.

The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.

D.

The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.

Question 9

During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?

Options:

A.

The observation was made during the same audit, and the action plan has a common owner.

B.

The observation relates to the same control activity within a common process.

C.

The observation has a common control, and it was noted in a prior audit.

D.

The observation has a common process, and the action plan for the observation has a common owner.

Question 10

Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?

Options:

A.

Advance notice may result in management making corrections to reduce the number of potential deficiencies.

B.

Previous management action plans addressing prior internal audit recommendations remain incomplete.

C.

The engagement includes audit assurance procedures such as sensitive or restricted asset verifications.

D.

The audit engagement has already been communicated and approved through the annual audit plan.

Question 11

The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?

Options:

A.

It minimizes the amount of time spent and cost incurred to gather the necessary information.

B.

Responses can be confidential, thus encouraging participants to be candid expressing their concerns.

C.

Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.

D.

Workshop participants have an opportunity to learn while contributing ideas toward the objectives.

Question 12

During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?

Options:

A.

Scheme.

B.

Opportunity.

C.

Rationalization.

D.

Pressure.

Question 13

According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?

Options:

A.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Question 14

A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?

1. Graded positive opinion.

2. Negative assurance opinion.

3. Limited assurance opinion.

4. Third-party opinion.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Question 15

According to IIA guidance, organizations have the most influence on which element of fraud?

Options:

A.

Opportunity.

B.

Rationalization.

C.

Pressure.

D.

Incentives.

Question 16

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

Options:

A.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

B.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

C.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

D.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Question 17

A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?

Options:

A.

Assert whether the described and reported control processes and systems exist.

B.

Assess whether senior management adequately supports and promotes the internal control culture described in the report.

C.

Evaluate the completeness of the report and management's responses to identified deficiencies.

D.

Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.

Question 18

Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?

Options:

A.

To evaluate controls regarding the computer security of an oil refinery.

B.

To examine the processes involved in exploring, developing, and operating a gold mine.

C.

To assess the likelihood and impact of events associated with operating a finished goods warehouse.

D.

To link a financial institution's business objectives to a work unit responsible for the associated risk.

Question 19

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

Options:

A.

Recommend additional segregation-of-duty reviews.

B.

Recommend appropriate awareness training for all finance department staff.

C.

Recommend rotating finance staff in this area.

D.

Recommend that management address these concerns immediately.

Question 20

Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?

Options:

A.

To gain access to a wider variety of skills, competencies and best practices.

B.

To complement existing expertise with a required skill and competency for a particular audit engagement.

C.

To focus on and strengthen core audit competencies.

D.

To provide the organization with appropriate contingency planning for the internal audit function.

Question 21

According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?

Options:

A.

Sufficiency.

B.

Appropriateness.

C.

Effective deployment.

D.

Cost effectiveness.

Question 22

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 23

Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?

1. The hedge documentation designating the hedge.

2. The spot exchange rate on the transaction date.

3. The terms of the forward contract.

4. The amount of fuel purchased.

Options:

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Question 24

An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?

Options:

A.

Observe corrective measures.

B.

Seek a management assurance declaration.

C.

Follow up during the next scheduled audit.

D.

Conduct appropriate testing to verify management responses.

Question 25

A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?

Options:

A.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

B.

All completed training costs, and the cost of actual production hours completed to date.

C.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

D.

All completed training costs, and 50% of the contracted production costs.

Question 26

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 27

According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?

Options:

A.

The CAE can release prior internal audit reports with the approval of the board and senior management.

B.

The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

C.

The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

D.

The CAE can release prior information provided it is as originally published and distributed within the organization.

Question 28

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

Options:

A.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

B.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

C.

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

D.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Question 29

Which of the following is not a direct benefit of control self-assessment (CSA)?

Options:

A.

CSA allows management to have input into the audit plan.

B.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

C.

CSA can improve the control environment.

D.

CSA increases control consciousness.

Question 30

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Options:

A.

Report follow-up activities to senior management.

B.

Implement follow-up procedures to evaluate residual risk.

C.

Determine the costs of implementing the recommendations.

D.

Evaluate the extent of improvements.

Question 31

Which of the following options is the most cost-effective and efficient way for internal auditors to keep current with the latest developments in the internal audit profession?

Options:

A.

Attending annual professional conferences and seminars.

B.

Participating in on-the-job training in various departments of the organization.

C.

Pursuing as many professional certifications as possible.

D.

Maintaining membership in The HA and similar professional organizations and subscribing to relevant email updates or news feeds.

Question 32

The manager for an organization's accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?

Options:

A.

An operations audit of the accounts payable department.

B.

A consulting engagement related to a new accounts payable optimization initiative.

C.

A review of the employees' sports club finances, which are overseen by the chief audit executive.

D.

An assurance review for a sales program on which she previously provided consultation.

Question 33

According to IIA guidance, which of the following best describes internal auditors' responsibility regarding fraud?

Options:

A.

Internal auditors should take a leading role in investigating all fraud-related cases.

B.

Internal auditors must have sufficient knowledge to evaluate the risk of fraud.

C.

Internal auditors should report all fraud cases to law enforcement agents, in accordance with the Code of Ethics.

D.

Internal auditors are responsible for ensuring that fraud does not occur.

Question 34

A chief audit executive (CAE) is selecting an internal audit team to perform an audit engagement that requires a high level of knowledge in the areas of finance, investment portfolio management, and taxation. If neither the CAE nor the existing internal audit staff possess the required knowledge, which of the following actions should the CAE take?

Options:

A.

Postpone the audit until the CAE hires internal audit staff with the required knowledge.

B.

Ask the audit committee to decide the course of action.

C.

Select the most experienced auditors in the department to perform the engagement.

D.

Hire consultants who possess the required knowledge to perform the engagement.

Question 35

According to IIA guidance, when preparing the charter for the internal audit activity, the chief audit executive (CAE), board, and senior management should agree on which of the following?

1. The standards to be used by the internal audit activity.

2. The internal audit activity's code of ethics.

3. The CAE's reporting line.

4. The internal audit activity's responsibilities.

Options:

A.

4 only.

B.

1 and 2 only.

C.

3 and 4.

D.

1,2, and 3.

Question 36

According to IIA guidance, which of the following statements is true when an internal auditor performs consulting services that improve an organization's operations?

Options:

A.

The services must be aligned with those defined in the internal audit charter.

B.

The services must not be performed by the same internal auditor who performed assurance services, in order to maintain objectivity.

C.

The services may preclude assurance services from the consulting engagement.

D.

The services impose no responsibility to communicate information other than to the engagement client.

Question 37

What is the purpose of a secondary control?

Options:

A.

It replaces primary controls that are either ineffective or cannot fully mitigate a risk.

B.

It partially reduces the residual risk level when a key control does not operate effectively.

C.

lt combines with other controls to help reduce significant risk exposures to an acceptable level.

D.

It helps to ensure the completeness and accuracy of automated controls in a system environment.

Question 38

According to the COSO enterprise risk management framework, which of the following best describes the activity that helps ensure risk responses are carried out effectively?

Options:

A.

Objective setting.

B.

Control activities.

C.

Information and communication.

D.

Event identification.

Question 39

Which of the following is considered a violation of The IIA's Code of Ethics?

Options:

A.

An auditor conveys public information about an organization's financial condition.

B.

An auditor reports a manager's illegal activity to senior management, rather than reporting the incident to the appropriate external authority.

C.

An auditor receives allegations of fraud from a whistleblower and immediately reports the allegations to senior management.

D.

An auditor reports material deficiencies, despite the fact that management is already aware of the defects.

Question 40

Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?

Options:

A.

If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.

B.

Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is C. required to conduct privacy assessments.

C.

The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.

D.

The internal audit activity should have appropriate knowledge and competence to conduct an asses .......framework.

Question 41

Internal auditors must exercise due professional care by considering which of the following?

1. Cost of assurance in relation to potential benefits.

2. Adequacy and effectiveness of governance, risk management, and control processes.

3. Management's competency level in the area being evaluated.

4. Probability of significant errors, fraud, or noncompliance.

Options:

A.

1 and 2 only

B.

1, 2, and 3 only

C.

1, 2, and 4 only

D.

2, 3, and 4 only

Question 42

Which of the following would not be considered part of preliminary survey of an engagement area?

Options:

A.

Interviews with individuals affected by the entity.

B.

Functional walk through test.

C.

Analytical reviews.

D.

Sampling scope.

Question 43

Which of the following actions would be characterized as a preventive control to safeguard inventory from the risk of theft?

1. Locking doors and physically securing inventory items.

2. Independently observing the receipt of materials.

3. Conducting monthly inventory counts.

4. Requiring the use of employee ID badges at all times.

Options:

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Question 44

Management is developing and implementing a risk and control framework for use throughout the organization. Which of the following elements should be included in the organization's control framework?

1. Appropriate levels of authority and responsibility.

2. Supervision of staff and appropriate review of work.

3. The seniority of management in the organization.

4. The ability to trace each transaction to an accountable and responsible individual.

Options:

A.

1,2, and 3.

B.

1.2, and 4.

C.

1.3, and 4.

D.

2, 3, and 4.

Question 45

A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to MA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

Options:

A.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees.

B.

Review the investigation and implement any improvements to the process.

C.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

D.

Determine why The fraud was not detected earlier and design controls to strengthen early detection.

Question 46

An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. Which of the following statements about a common risk language is true?

Options:

A.

Management will be able to reduce inherent risk because they will have a better understanding of risk.

B.

Internal auditors will be able to reduce their sample sizes because controls will be more consistent.

C.

Stakeholders will have more assurance that the risks are assessed consistently.

D.

Decision makers will understand that the likelihood of missing or ineffective controls will be reduced.

Question 47

In the area of business acumen, which of the following competencies would be the sole responsibility of an internal audit staff member?

Options:

A.

Maintaining industry-specific knowledge appropriate to the organization.

B.

Assessing how IT contributes to organization objectives, risks, and relevance to audit.

C.

Maintaining technical aspects of accounting standards and reporting processes.

D.

Understanding regulatory and legal framework and assessing its relevance.

Question 48

According to The MA Code of Ethics, which of the following is one of the rules of conduct for objectivity?

Options:

A.

Internal auditors shall continually improve their proficiency and effectiveness and quality of their services.

B.

Internal auditors shall respect and contribute to legitimate and ethical objectives of the organization.

C.

Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.

D.

Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.

Question 49

Which of the following controls could an internal auditor reasonably conclude is effective by observing the physical controls of a large server room?

Options:

A.

Adequate signs are in place to assist in locating safety equipment.

B.

Servers are secured individually to their racks by locks.

C.

Foam fire extinguishers are operable to protect against electrical fires.

D.

Swipe card access is required to gain access to the server room.

Question 50

Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit?

1. Acceptance of CAATs findings by entity management.

2. Computer knowledge and expertise of the auditor.

3. Time constraints.

4. Level of audit risk.

Options:

A.

1 and 4

B.

2 and 3 only

C.

1, 2, and 3

D.

2, 3, and 4

Question 51

Which of the following statements accurately describes an internal auditor's responsibility with regard to due professional care?

Options:

A.

An internal auditor should express an opinion only when consensus with top management has been achieved.

B.

An internal auditor's opinion should be based on experience and free of all bias.

C.

An internal auditor's opinion should be based on factual evidence.

D.

An internal auditor's opinion should be limited to the effectiveness of internal controls.

Question 52

An internal audit charter, approved by the board, restricts the internal audit activity to providing assurance only on the reliability of financial information and the effectiveness of internal accounting controls. Which of the following statements is true regarding the extent to which the external auditor may rely on the internal audit activity's work?

Options:

A.

The external auditor may make full use of the work, as the audit charter is very specific as to the work the internal audit activity may undertake.

B.

The external auditor may use the work, as the board has approved the charter, thus taking responsibility for any deficiencies.

C.

The external auditor must disregard the work, as the scope of the charter may introduce bias and result in a lack of due professional care.

D.

The external auditor may use the work with caution, due to the internal audit activity's scope and responsibility restrictions.

Question 53

As a matter of policy, the chief audit executive routinely rotates internal audit staff assignments and periodically interviews the staff to discuss the potential for conflicts of interest. These actions help fulfill which of the following internal audit mandates?

Options:

A.

Organizational independence.

B.

Professional objectivity.

C.

Due professional care.

D.

Individual proficiency.

Question 54

An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

Options:

A.

Preventive controls.

B.

Detective controls.

C.

Soft controls.

D.

Directive controls.

Question 55

Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

Options:

A.

Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).

B.

Approve the annual budget and resource plan for the internal audit activity.

C.

Assist the CAE with hiring objective and competent internal audit staff.

D.

Encourage the CAE to communicate and coordinate with the external auditor.

Question 56

Which of the following would be the most important consideration by the internal audit activity when selecting employees to perform an internal quality assessment?

Options:

A.

Their understanding of auditing standards.

B.

Previous experience working with the internal audit activity.

C.

Their reporting line within the organization.

D.

The nature of their regular duties and responsibilities.

Question 57

Which of the following types of social responsibilities is voluntary and guided purely by the organization's desire to make social contributions?

Options:

A.

The bottom of the pyramid responsibility.

B.

Innovative responsibility.

C.

Ethical responsibility.

D.

Discretionary responsibility.

Question 58

An auditor in charge was reviewing the workpapers submitted by a newly hired internal auditor. She noted that the new auditor's analytical work did not include any rating or quantification of the risk assessment results, and she returned the workpapers for correction. Which section of the workpapers will the new auditor need to modify?

Options:

A.

Condition section.

B.

Criteria section.

C.

Effect section.

D.

Cause section.

Question 59

According to IIA guidance, which of the following must internal auditors consider to conform with the requirements for due professional care during a consulting engagement?

1. The cost of the engagement, as it pertains to audit time and expenses in relation to the potential benefits.

2. The needs and expectation of clients, including the nature, timing, and communication of engagement results.

3. The application of technology-based audit and other data analysis techniques, where appropriate.

4. The relative complexity and extent of work needed to achieve the engagement's objectives.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 60

What is the additional advantage of facilitated workshops, in comparison with structured interviews, used when testing the effectiveness of entity-level controls?

Options:

A.

During facilitated workshops, people more openly say things to internal auditors than during private interviews.

B.

Internal auditors do not need other sources of information, as the data gathered during facilitated workshops is sufficient.

C.

Facilitated workshops create a synergy of discussion that can bring multiple perspectives to the same issue.

D.

The testimonial evidence obtained during facilitated workshops is generally considered more reliable.

Question 61

An organization decided to install a motion detection system in its warehouse to protect against after-hours theft. According to the COSO enterprise risk management framework, which of the following best describes this risk management strategy?

Options:

A.

Avoidance.

B.

Reduction.

C.

Elimination.

D.

Sharing.

Question 62

Which of the following is the best approach to overcome entry barriers into a new business?

Options:

A.

Offer a standard product that is targeted in the recognized market.

B.

Invest in commodity or commodity-like product businesses.

C.

Enter into a slow-growing market.

D.

Use an established distribution relationship.

Question 63

A large hospital has an existing contract with a vendor in another country to provide software support and maintenance of the hospital's patient records information system. From the hospital management's perspective, which of the following controls would be most effective to address privacy risks related to this outsourcing arrangement^

Options:

A.

Conduct periodic reviews of the privacy policy to ensure that the existing policy meets current legislation requirements in both regions.

B.

Include a "right to audit" clause in the contract and impose detailed security obligations on the outsourced vendor

C.

Implement mandatory privacy training for management to help with identifying privacy risks when outsourcing services

D.

Develop an incident monitoring and response plan to track breaches from internal and external sources

Question 64

Which of the following are typical audit considerations for a review of authentication?

1. Authentication policies and evaluation of controls transactions.

2. Management of passwords, independent reconciliation, and audit trail.

3. Control self-assessment tools used by management.

4. Independent verification of data integrity and accuracy.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 65

Which of the following statements about market signaling is correct?

1. The organization releases information about a new product generation.

2. The organization limits a challenger's access to the best source of raw materials or labor.

3. The organization announces that it is fighting a new process technology.

4. The organization makes exclusive arrangements with the channels.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Question 66

Which of the following is a typical example of structured data?

Options:

A.

Production information maintained in relational tables.

B.

Tweets and posts of users on social media.

C.

Photos and videos stored in hard drive catalogs.

D.

Sales reports documented in word processing software.

Question 67

According to IIA guidance, which of the following steps are most important for an internal auditor to perform when evaluating an organization's social and environmental impact on the local community?

  • Determine whether previous incidents have been reported, managed, and resolved.
  • Determine whether a business contingency plan exists.
  • Determine the extent of transparency in reporting.
  • Determine whether a cost/benefit analysis was performed for all related projects.

Options:

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Question 68

Which of the following options correctly defines a transmission control protocol/Internet protocol (TCP/IP)?

Options:

A.

System software that acts as an interface between a user and a computer.

B.

A standardized set of guidelines that facilitates communication between computers on different networks.

C.

System software that translates hypertext markup language to allow users to view a remote webpage.

D.

A network of servers used to control a variety of mission-critical operations.

Question 69

Which of the following best describes an objective for an audit of an environmental management system?

Options:

A.

To assess whether an annual control review is necessary.

B.

To determine conformance with requirements and agreements.

C.

To evaluate executive management oversight.

D.

To promote environmental awareness.

Question 70

Which of the following is the most appropriate test to assess the privacy risks associated with an organization's workstations?

Options:

A.

Penetration test.

B.

Social engineering test.

C.

Vulnerability test.

D.

Physical control test.

Question 71

An organization is considering mirroring the customer data for one regional center at another center. A disadvantage of such an arrangement would be:

Options:

A.

Lack of awareness of the state of processing.

B.

Increased cost and complexity of network traffic.

C.

Interference of the mirrored data with the original source data.

D.

Confusion about where customer data are stored.

Question 72

According to MA guidance on IT. which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?

Options:

A.

Formulas and static data are locked or protected.

B.

The spreadsheet is stored on a network server that is backed up daily.

C.

The purpose and use of the spreadsheet are documented.

D.

Check-in and check-out software is used to control versions.

Question 73

A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software.

Copy 1 was solely for backup purposes.

Copy 2 was for use by another member of the department.

In terms of software licenses and copyright law, which of the following is correct?

Options:

A.

Both copies are legal.

B.

Only copy 1 is legal.

C.

Only copy 2 is legal.

D.

Neither copy is legal.

Question 74

The economic order quantity can be calculated using the following formula:

Which of the following describes how the optimal order size will change if the annual demand increases by 36 percent?

Options:

A.

Decrease by about 17 percent.

B.

Decrease by about 7 percent.

C.

Increase by about 7 percent.

D.

Increase by about 17 percent.

Question 75

The board has requested that the internal audit activity be involved in all phases of the organization's outsourcing of its network management. During which of the following stages is the internal auditor most likely to verify that the organization's right-to-audit clause is drafted effectively?

Options:

A.

Implementation and transition phase.

B.

Monitoring and reporting phase

C.

Decision-making and business-case phase.

D.

Tendering and contracting phase.

Question 76

Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?

Options:

A.

There is a greater need Kr organizations to rely on users to comply with policies and procedures.

B.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

C.

Incident response times are less critical in the BYOD environment. compared to a traditional environment

D.

There is greater sharing of operational risk in a BYOD environment.

Question 77

Under a value-added taxing system:

Options:

A.

Businesses must pay a tax only if they make a profit.

B.

The consumer ultimately bears the cost of the tax through higher prices.

C.

Consumer savings are discouraged.

D.

The amount of value added is the difference between an organization's sales and its cost of goods sold.

Question 78

Listening effectiveness is best increased by:

Options:

A.

Resisting both internal and external distractions.

B.

Waiting to review key concepts until the speaker has finished talking.

C.

Tuning out messages that do not seem to fit the meeting purpose.

D.

Factoring in biases in order to evaluate the information being given.

Question 79

Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:

Activity Level -

Maintenance Cost

Month

Patient Days

Incurred

January

5,600

$7,900

February

7,100

$8,500

March

5,000

$7,400

April

6,500

$8,200

May

7,300

$9,100

June

8,000

$9,800

If the cost of maintenance is expressed in an equation, what is the independent variable for this data?

Options:

A.

Fixed cost.

B.

Variable cost.

C.

Total maintenance cost.

D.

Patient days.

Question 80

Which of the following describes a typical desktop workstation used by most employees in their daily work?

Options:

A.

Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network.

B.

Workstation contains software that controls information flow between the organization's network and the Internet.

C.

Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network.

D.

Workstation contains software that manages user's access and processing of stored data on the organization's network.

Question 81

Which of the following local area network physical layouts is subject to the greatest risk of failure if one device fails?

Options:

A.

Star network.

B.

Bus network.

C.

Token ring network.

D.

Mesh network.

Question 82

Which of the following are likely indicators of ineffective change management?

1. IT management is unable to predict how a change will impact interdependent systems or business processes.

2. There have been significant increases in trouble calls or in support hours logged by programmers.

3. There is a lack of turnover in the systems support and business analyst development groups.

4. Emergency changes that bypass the normal control process frequently are deemed necessary.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 4 only

D.

1, 2, 3, and 4

Question 83

The economic order quantity for inventory is higher for an organization that has:

Options:

A.

Lower annual unit sales.

B.

Higher fixed inventory ordering costs.

C.

Higher annual carrying costs as a percentage of inventory value.

D.

A higher purchase price per unit of inventory.

Question 84

According to the Standards, the internal audit activity must evaluate risk exposures relating to which of the following when examining an organization's risk management process?

1. Organizational governance.

2. Organizational operations.

3. Organizational information systems.

4. Organizational structure.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 3 only

D.

1, 2, and 4 only

Question 85

Which of the following phases of a business cycle are marked by an underuse of resources?

1. The trough.

2. The peak.

3. The recovery.

4. The recession.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Question 86

Which of the following control features consists of a set of authorization codes that distinguishes among actions such as reading, adding, and deleting records?

Options:

A.

Internally encrypted passwords

B.

System access privileges.

C.

Logon passwords

D.

Protocol controls.

Question 87

Which of the following is true regarding an organization's relationship with external stakeholders?

Options:

A.

Specific guidance must be followed when interacting with nongovernmental organizations.

B.

Disclosure laws tend to be consistent from one jurisdiction to another.

C.

There are several internationally recognized standards for dealing with financial donors.

D.

Legal representation should be consulted before releasing internal audit information to other assurance providers.

Question 88

The main reason to establish internal controls in an organization is to:

Options:

A.

Encourage compliance with policies and procedures.

B.

Safeguard the resources of the organization.

C.

Ensure the accuracy, reliability, and timeliness of information.

D.

Provide reasonable assurance on the achievement of objectives.

Question 89

Which of the following is an example of a smart device security control intended to prevent unauthorized users from gaining access to a device's data or applications?

Options:

A.

Anti-malware software.

B.

Authentication.

C.

Spyware.

D.

Rooting.

Question 90

According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity?

Options:

A.

Access system security.

B.

Policy development.

C.

Change management.

D.

Operations processes.

Page: 1 / 23
Total 604 questions