New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium IIA IIA-CIA-Part1 Dumps Questions Answers

Essentials of Internal Auditing Questions and Answers

Question 1

Which of the following is an example of a risk avoidance strategy?

Options:

A.

Outsourcing the payroll function

B.

Installing cameras in the mailroom

C.

Exiting a product line

D.

Insuring all fixed assets

Buy Now
Question 2

Which of the following preventative controls would be most effective for organizations facing business disruptions and respective financial losses?

Options:

A.

Develop a business continuity plan for contingent situations,

B.

Insure the organization against financial losses.

C.

Rely on third-party cloud solution providers for the organization's systems.

D.

Hedge company assets via purchasing derivatives.

Question 3

An internal auditor extended the scope of testing for a disbursements engagement following a fraud risk assessment Despite the investment of additional audit resources no significant issues were found Unfortunately a major payment fraud was discovered several

months later According to IIA guidance which of the following statements is true regarding the internal auditor's application of due professional care?

Options:

A.

Due professional care was not applied because no additional work should have been performed unless there was actual evidence of fraud

B.

Due professional care was not applied because the extended scope resulted in no issues being identified, while fraud actually existed

C.

Due professional care was applied as the internal auditor modified the scope based on reasonable judgment, despite the additional cost of resources

D.

Due professional care was applied as the cost of audit resources should not be a determining factor in the degree of testing undertaken

Question 4

The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?

Options:

A.

Request the internal audit activity to perform an ethics-related assurance engagement.

B.

Offer in-house ethics-related training seminars for employees to attend.

C.

Reaffirm the importance of the organization's code of ethics to all employees.

D.

Conduct an organizationwide employee survey on ethical practices

Question 5

Which of the following is the best example of an ongoing independent monitoring activity?

Options:

A.

Management quality assurance activities

B.

Internal audit fraud prevention and detection activities

C.

Management and supervisory activities

D.

External audit quality assurance activities

Question 6

Which of the following is an example of impairment to internal auditor independence or objectivity'?

Options:

A.

Assurance engagements for functions over which the chief audit executive (CAE) has responsibility are overseen by a party outside the internal audit activity

B.

Internal auditors provide consulting services relating to operations for which they had previous responsibilities

C.

Internal auditors provide consulting services relating to operations for which they have current responsibilities

D.

Consulting engagements for functions over which the CAE has responsibility are overseen by a party outside the internal audit activity

Question 7

When a plant manager from within the organization is hired as a rotational internal auditor within the internal audit activity which area should he most likely be trained for immediately?

Options:

A.

Industry knowledge

B.

Project management

C.

Leadership skills

D.

Risk assessments

Question 8

Which of the following would be included in quality assurance and improvement program (QAIP) reporting?

Options:

A.

Descriptions of standardized work practices.

B.

Outcomes of internal audit key performance indicators.

C.

Conformance of individual engagements with the Standards,

D.

Annual summaries of consulting and audit engagements.

Question 9

Which of the following is an example of a risk reduction strategy?

Options:

A.

Outsourcing the payroll function.

B.

Absorbing the cost of losses.

C.

Insuring fixed assets.

D.

Installing cameras around the plant

Question 10

Which of the following is a true statement regarding controls such as ethical values, tone at the top and operational style?

Options:

A.

Transaction testing, mapping and flowcharting is applicable while testing such controls

B.

Breakdowns in the these types of controls have historically led to fraudulent financial reporting

C.

Such controls can be defined as inherently ob)ective and tangible elements of control

D.

From an audit perspective it is significantly easier to assess ethical values than segregation of duties

Question 11

Which of the following statements is true regarding management's use of judgement to design, implement, and conduct internal control?

Options:

A.

The use of judgment enhances management's ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.

Introducing judgment generally diminishes management's ability to make good decisions about internal control.

C.

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

Question 12

Which of the following activities would an internal auditor perform as a consulting engagement for an organization?

Options:

A.

Advising new internal auditors working for the organization on how to develop strategies on planning audits for the upcoming fiscal year

B.

Assessing whether the organization's corporate social responsibility program is meeting its yearly goals to reduce carbon emissions.

C.

Briefing the organization's department managers on how to implement risk management processes into their daily operations.

D.

Communicating with senior management to better understand how new purchasing controls will minimize payment processing time.

Question 13

A global organization established a new internal audit activity and the recently hired chief audit executive needs to develop an internal audit manual for internal auditors Among the following policies in the manual, which would facilitate internal auditors in upholding their objectivity?

Options:

A.

Internal auditors shall attend professional workshops to refresh internal audit norms and concepts

B.

Internal auditors' performance is synchronized with satisfaction ratings given by audit clients

C.

Internal auditors take prior audit results into account when conducting current audit engagements

D.

Internal auditors observe the audit client’s expectations when scoping audit engagements

Question 14

Which of the following statements is true regarding corporate social responsibility (CSR)?

Options:

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan,

B.

Despite significant corporate resources spent on CSR reporting, investors generally do not rely on CSR information.

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary.

D.

Typically, operating management does not have a major role to play based on the public nature of reporting

Question 15

According to NA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?

Options:

A.

Developing policies and procedures for the internal audit activity.

B.

Ensuring the internal audit activity is not found fallible during audit engagements.

C.

Undertaking all engagements that management requests of the internal audit activity.

D.

Ensuring the internal audit activity reports functionally to the board of directors.

Question 16

According to IIA guidance, which of the following threats to objectivity is described as familiarity'?

Options:

A.

An internal auditor is a close friend or relative of the manager or an employee of the audit client

B.

An internal auditor has a long-term business relationship with the audit client.

C.

An internal auditor has an economic stake in the performance of the organization

D.

An internal auditor is exposed to or perceived to be exposed to pressures from external parties

Question 17

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

Options:

A.

An independent third party has assessed the organization's system of internal controls to be adequate and effective,

B.

The chief audit executive reports both functionally and administratively to the CEO.

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

Question 18

Which of the following can be used to minimize employees’ resentment of controls?

Options:

A.

Making sure employees are exempt from participating in control creation

B.

Implementing controls without lengthy explanations of their purpose

C.

Developing general constricting controls rather than detailed ones

D.

Not using controls to achieve goals

Question 19

Which of the following statements is true regarding the quality assurance and improvement program (QAIP)?

Options:

A.

Reporting on the QAIP to the board should occur at least once every five years

B.

The responsibility for the selection of an external assessor rests with the board

C.

The qualifications of the assessors must be communicated to the board

D.

The reporting of outcomes of the QAIP can be delegated to senior audit staff

Question 20

Which of the following best describes why a chief audit executive might obtain the services of a fraud specialist to assist in a major fraud investigation'?

Options:

A.

Fraud specialists are better at using computer-assisted audit techniques

B.

Fraud specialists are better equipped to act as an expert witness in court

C.

Fraud specialists are better able to properly apply due professional care

D.

Fraud specialists are better at using crime scene investigation techniques

Question 21

Which of the following statements relating to risk management is true?

Options:

A.

The high-level risk assessment performed during engagement planning is a detailed step-by-step analytical process

B.

External auditors must be engaged to evaluate the potential for fraud and how the organization manages fraud risk

C.

A lack of controls is acceptable if the risk is reduced to an acceptable level in some other way

D.

Internal auditors are responsible for managing the risks of the organization

Question 22

The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

Options:

A.

The internal audit charter does not identify which audit services are outsourced

B.

The internal audit charter has not been reviewed by the legal department

C.

The internal audit charter has not been approved by the board within the past year

D.

The internal audit charter does not describe the authority of the internal audit activity

Question 23

According to IIA guidance, which of the following best demonstrates how the chief audit executive may ensure that due professional care is applied?

Options:

A.

Establish policies and procedures concerning the engagement process

B.

Develop a strategy for recruiting assigning, and training staff

C.

Outsource complex engagements to an external service provider

D.

Base the auditor evaluation process on the number of observations

Question 24

Senior management purchased surveillance cameras and installed them over a door that provides entry to an area where according to a recent internal audit report, hazardous materials exist and there is a high risk of explosion Which type of control was implemented in this situation?

Options:

A.

A corrective control

B.

A detective control

C.

A preventive control

D.

A directive control

Question 25

The management team of an agricultural organization has prioritized corporate social responsibility (CSR) initiatives. Which of the following would be considered a CSR activity?

Options:

A.

Offering a one-off donation to an environmental charity for its expansion efforts

B.

Organizing organization volunteers to provide periodic plantation skill sharing to farmers

C.

Providing special year-end monetary bonuses to the organization's employees at all levels

D.

Arranging a free-of-charge picnic for all of the organization's employees and their family members

Question 26

An accounts payable clerk has recently transferred Into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible Which of the following is the best action for the new internal auditor to take?

Options:

A.

If it is an assurance engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

B.

If it is a consulting engagement decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible

C.

If it is a consulting engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

D.

If it is an assurance engagement accept the assignment becausethe chief audit executive had knowledge of the internal auditor's previous role when this engagement was assigned

Question 27

Which of the following would be considered advanced expertise which most internal auditors are not expected to possess'?

Options:

A.

The ability to evaluate fraud risk

B.

The ability to detect and investigate fraud

C.

The ability to assess risk management strategies

D.

The ability to create test databases

Question 28

Which of the following represents an example of an ethical issue that the organization should address'?

Options:

A.

An employee discovered that there is no personal protective equipment at a temporary construction site

B.

An employee saw that a group of other employees were smoking in close proximity to petrol distribution tanks

C.

A supervisor insists that an employee complete time sheets regularly

D.

An employee received concert tickets from a vendor and asked whether she could keep them

Question 29

Which of the following threatens internal audit objectivity'?

Options:

A.

Internal auditors are expected by senior management to identify a minimum of five major control weaknesses in each area audited

B.

Internal auditors are prevented from accessing information necessary to undertake their audit engagements

C.

The chief audit executive reports directly to the chief financial officer who previously led the internal audit activity

D.

The CEO requests the internal audit activity develop a charter that clearly delineates its purpose and responsibilities within the organization

Question 30

Which of the following statements is true regarding organizational culture and an audit of the control environment?

Options:

A.

For multinational organizations it is important to ensure that the organizational culture is consistent at all locations

B.

Because the chief audit executive (CAE) is part of the organizational culture, external auditors should be engaged to evaluate the control environment

C.

If there are unresolved scope restrictions, the CAE should consider whether to pursue the audit and note the scope restrictions in the audit report

D.

Because it will create a conflict of interest relating to the control environment, senior management should not be consulted during the audit

Question 31

An external assessment of an organization's internal audit activity was last completed four years ago Which of the following options would be acceptable this year if the internal audit activity is to fulfill the requirements of the Standards?

Options:

A.

The internal audit activity conducts a self-assessment that is validated by a qualified and experienced internal auditor and then schedules a qualified, independent external assessor

B.

The board nominates an independent individual from senior management in the organization to conduct an assessment of the internal audit activity

C.

An external auditor conducts an audit of the organization which includes information about the internal audit activity

D.

The chief audit executive schedules a self-assessment and the board approves the results

Question 32

An internal auditor was assigned to work in the procurement department for six months to gam m-depth knowledge about the procurement process. Which of the following personnel development practices was applied in this situation?

Options:

A.

Cosourcing

B.

Inbound rotation

C.

Guest auditor

D.

Outbound rotation

Question 33

Which of the following statements is true regarding the independent peer review process undertaken to fulfill the requirement for an external quality assessment?

Options:

A.

Two individuals in the same internal audit activity may perform an independent peer review as long as they do not report to the same audit manager

B.

Individuals from a separate but related organization such as an affiliate may perform peer reviews

C.

Individuals working in separate internal audit activities may be considered independent as long as do not report to the same chief audit executive

D.

Peer reviews are generally less cost-effective than hiring an external quality assessor

Question 34

Which of the following fraud schemes is often an off-book fraud*?

Options:

A.

Payroll fraud

B.

Disbursement fraud

C.

Corruption

D.

Information misrepresentation

Question 35

An internal auditor assigned to a supplier management process engagement reviews the risk assessment with the process owner The auditor inquires about the risk response for potentially engaging unqualified third-party service providers The process owner responds that due diligence checks are undertaken to make sure that third parties possess requisite competencies before they are engaged Which of the following risk management techniques is the process owner using?

Options:

A.

Risk avoidance

B.

Risk reduction

C.

Risk sharing

D.

Risk acceptance

Question 36

An auditor for a large wholesaler is evaluating the controls over the approval and oversight of credit sales. Which of the following procedures would be a control weakness?

Options:

A.

The credit department is responsible for approving shipments to all customers

B.

The finance committee of the board of directors periodically reviews credit standards

C.

Customers who fail to meet credit requirements must pay cash for shipments upon delivery

D.

The sales department is responsible for determining the credit ratings of customers

Question 37

An internal auditor is trying to evaluate what could go wrong after determining that a risk management technique is operating effectively. What type of risk is the auditor assessing?

Options:

A.

Inherent risk.

B.

Residual risk.

C.

Impact risk.

D.

Detection risk.

Question 38

An internal auditor is reviewing employee travel expenses from the previous six months for fraud. Which of the following tests would best detect instances where personal travel has been claimed?

Options:

A.

Verifying whether claims have been properly authorized for payment

B.

Verifying whether claims are properly supported by invoices or other documents.

C.

Confirming that all claims are within the limits of the organization's travel policy.

D.

Reconciling claims against business the requests that were approved by supervisors

Question 39

Which of the following approaches will internal audit utilize when developing a set of performance standards to measure an organization’s risk management process against?

Options:

A.

Key principles approach

B.

Process elements approach

C.

Holistic approach

D.

Maturity model approach

Question 40

Which of the following scenarios would most likely impair the independence of an internal audit activity?

Options:

A.

A relative of an internal audit team member works m a department being reviewed

B.

The internal audit budget is reduced by management requiring the removal of all lT-related engagements from the audit plan

C.

An audit manager removes a finding from the draft report due to disagreements with the chief financial officer

D.

The operating effectiveness of a control is reported as 'satisfactory." because no concerns were identified during planning

Question 41

An Internal auditor accepted a role as an engagement supervisor on a highly specialized and technical engagement for which she did not have the expertise. Which of the following fundamental principles of The IIA's Code of Ethics did she violate?

Options:

A.

Objectivity.

B.

Confidentiality.

C.

Competency.

D.

Due professional care.

Question 42

Nine months ago, an employee who was responsible for collections in the accounts receivables department joined the internal audit team. There is an accounts receivables assurance audit scheduled as part of this year's approved audit plan, which will include a review of the collections unit. With the knowledge and experience of this individual in the area, which of the following is the best approach for the chief audit executive (CAE) to take?

Options:

A.

Have the auditor formerly with the collections unit assist with planning and documenting the audit field work.

B.

Have the auditor formerly with the collections unit not participate on the audit team.

C.

Have the auditor formerly with the collections unit conduct the fieldwork and ensure it is reviewed by the CAE.

D.

Have the auditor formerly with the collections unit review all fieldwork done to ensure that there was adequate coverage.

Question 43

According to IIA guidance which of the following statements is true regarding the internal audit charier?

Options:

A.

The charier should be revised and re-approved whenever a new chief audit executive (CAE) is appointed or at the request of the board

B.

The charier should be re-approved every five years, in conjunction with the external quality assessment

C.

The charier can be revised at the discretion of the CAE whenever 4 is determined that its content no longer supports the achievement of objectives

D.

The charier should be reviewed and resubmitted for board approval annually together with the audit plan

Question 44

According to HA guidance, if an internal auditor suspects fraud during an assurance engagement, what should the auditor do first?

Options:

A.

Recommend parties involved to be sanctioned in accordance with the organization's policy.

B.

Determine whether any additional audit work needs to be performed.

C.

Launch an investigation to obtain details of the fraud and parties involved.

D.

Request that the responsible process owner remediate the issue immediately.

Question 45

The principle that "no action should be taken that may harm in some way the least fortunate people" is an expression of which of the following more general ethical principles?

Options:

A.

Utilitarian benefits.

B.

Personal virtues.

C.

Religious injunctions.

D.

Distributive justice.

Question 46

An internal audit activity is performing a governance engagement. Which of the following would provide the best evidence for an internal auditor when evaluating the organization’s culture?

Options:

A.

Personnel and customer surveys, actual reports, and due diligence results regarding third-party governance practices.

B.

Details on mandatory reporting to third parties, disclosure committee charter and responsibilities, and the internal communication system.

C.

Succession plans, development programs, and job descriptions with responsibilities and authorities.

D.

Ethics and integrity policy; structured interviews with employees; and established and communicated values, mission, and vision.

Question 47

A subsidiary of the organization was preparing for an initial public offering (IPO). Af the request of the audit committee, the chief audit executive (CAE) and all senior audit staff were actively involved in the process by helping collect and validate financial data, conducting assessments, and participating in meetings with IPO advisors. Six months later, it became obvious that the IPO had to be canceled. Newly appointed audit committee members requested an assurance engagement that v/ould assess the IPO preparation process. Which of the following would be the best course of action for the chief audit executive (CAE) to take?

Options:

A.

The decision to involve auditors in the IPO was made by former audit committee members; therefore, the CAE is not responsible and can proceed with the new assignment.

B.

The CAE should reject the assignment, as such engagements are beyond the scope of auditors who are usually not familiar with root cause analysis methodology.

C.

The engagement should be undertaken by audit assistants and other junior staff members who were not involved in the IPO process.

D.

The CAE should disclose objectivity limitations to the audit committee and suggest alternatives, such as outsourcing the engagement.

Question 48

A telecommunications organization is planning to cease operations in one or the markets in which it operates due to increasing volatility and uncertainties. Which of the following risk management techniques is the organization selecting?

Options:

A.

Risk acceptance.

B.

Risk avoidance.

C.

Risk sharing.

D.

Risk reduction.

Question 49

At a construction company, supervisors are entitled to bonus payments if there are no safety rule violations on their teams. There are several channels available for workers to report accidents and violations, and all reported violations are investigated. Bonus payment calculations are approved by managers and the head of safety. Which of the controls best addresses the risk that supervisors will conceal accidents on their teams in order to receive the bonus?

Options:

A.

The investigation of all reported violations

B.

The authorization process for bonus calculations

C.

The variety of reporting channels

D.

The presence of safety rules

Question 50

Which of the following practices, applied by the chief audit executive {CAE), most likely indicates an effective continuing professional educational program for the internal audit activity?

Options:

A.

The CAE tasks internal auditors with coordinating assurance activities with other providers across the organization.

B.

The CAE encourages auditors to volunteer to support research work of the local professional institute.

C.

The CAE requires auditors to periodically attest to the profession's Code of Ethics.

D.

The CAE reminds auditors to ensure workpapers are completed for audit engagements.

Question 51

According to IIA guidance, which of the following best demonstrates that the chief audit executive is properly reporting the results of the quality assurance and improvement program to senior management and the board?

Options:

A.

Providing a written conformance statement to both senior management and the board.

B.

Giving copies of both external and internal assessments to the board.

C.

Keeping files of reports of ongoing external assessment monitoring.

D.

Retaining copies of board meeting minutes showing that discussions of assessments took place.

Question 52

What is the best course of action when the internal audit activity does not have the knowledge necessary to perform a planned audit of the organization's new IT data backup process?

Options:

A.

Postpone the audit engagement to a later date.

B.

Recruit and hire a full-time staff auditor who is proficient in data backup processes.

C.

Change the plan from an assurance engagement to a consulting engagement.

D.

Provide data backup training to the engagement supervisor.

Question 53

Which of the following best describes a consulting engagement rather an assurance engagement?

Options:

A.

Bank internal auditors review an activity checklist to determine that the loan officer followed proper procedures.

B.

The chief financial officer asks for the internal auditor's opinion regarding whether the new accounting pronouncements were properly and comprehensively adopted

C.

An internal auditor is assigned to assess whether a proposed new initiative to convert a customer service system would be cost effective.

D.

Senior management asks the internal audit activity to review compliance with customer data security regulations

Question 54

Which of the following is an indicator that an organization's risk management processes are effective?

Options:

A.

Departmental objectives are managed by department heads and are independent of the organization's mission.

B.

Organization wide mechanisms exist to enable the identification and assessment of all significant risks.

C.

Department heads have the autonomy to determine risk responses that fall outside of the organizations risk appetite

D.

Relevant risk information is captured and communicated primarily between management and the board

Question 55

An engagement supervisor notes that an internal auditor usually documents and submits draft audit reports for review without giving the process owners the opportunity to state their position on the issues raised. How should the engagement supervisor respond?

Options:

A.

Encourage the auditor to continue this practice, as it demonstrates objectivity.

B.

Encourage the auditor to improve communication skills.

C.

Encourage the auditor to conduct post-engagement surveys to obtain the audit client's position on the issues raised.

D.

Encourage the auditor to sign the draft reports before submitting them.

Question 56

Which of the following is an appropriate role for the internal audit activity?

Options:

A.

Ensuring the organization's key risks are managed through appropriate controls.

B.

Assisting the organization in maintaining effective controls.

C.

Implementing new controls to promote continuous improvement.

D.

Validating control assessments performed by the external auditor.

Question 57

The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigator. Which of the following would most likely be the next step?

Options:

A.

Ask internal auditors to gather all relevant information and evidence.

B.

Identify and interview witnesses first and potential suspects later.

C.

Conduct a fraud risk assessment to identify the most vulnerable areas.

D.

Determine the competencies needed and assess whether team members have a conflict of Interest.

Question 58

Which of the following are some of the requirements of the quality assurance and improvement program (QAIP)?

Options:

A.

The OAIP should be conducted at least once every three years, and must be performed by an external assessor.

B.

The OAIP should be conducted on an ongoing basis, and can be completed as a self-assessment,

C.

he QAIP should include both internal assessments performed by staff and external assessments performed by independent, objective individuals

D.

The OAIP should be performed with scoping limitations established by the board.

Question 59

Which of the following is true about corporate social responsibility (CSR)?

Options:

A.

Social and environmental considerations are required parts of an organization's decision making

B.

The Global Reporting Initiative provides standards on required disclosures of CSR.

C.

CSR activities are overseen and managed by operational management.

D.

Internal auditors can provide assurance on reported sustainability results.

Question 60

Which of the following survey questions would be most effective to identify ethics violations within the organization?

Options:

A.

Are the performance targets in your department realistic and attainable?

B.

Do your coworkers have the knowledge, skills, and training needed to perform their job duties?

C.

Does your supervisor comply with laws and regulations affecting the organization?

D.

Do you have sufficient resources, tools, and time to accomplish your work objectives?

Question 61

Which should the internal auditor first consider when assessing fraud risks during an engagement?

Options:

A.

Compare the organizations fraud strategies with the industry's strategies.

B.

Review any related prior fraud investigations.

C.

Investigate any related fraud allegations.

D.

Communicate any suspicious fraud activities to management.

Question 62

The same internal auditor has audited the regional purchasing department annually for the last three years. The audits have shown several significant control deficiencies that have not been corrected by management. New management is in charge of this regional purchasing department, and it is time to audit the department again. What concerns should be considered prior to assigning the audit to the same auditor?

Options:

A.

Intimidation threats may compromise the auditor's objectivity due to multiple negative audit reports completed by the auditor.

B.

The auditor has reviewed the department annually for the last three years, leading to familiarity, which can impact the internal audit activity's independence.

C.

A negative cognitive bias may be in place that affects the employee's objectivity due to the recent audits with uncorrected control deficiencies.

D.

The auditor may have formed a cultural bias, as the department under review is in the auditor's geographic area.

Question 63

Which of the following is an indicator that the internal audit activity does not fully conform with the Standards?

Options:

A.

The quality assurance and improvement program identified several opportunities for the internal audit activity to make improvements.

B.

In lieu of an external assessment, the internal audit activity performed a self-assessment with independent external validation.

C.

During an internal quality assessment, it was identified that rotational auditors often perform consulting engagements for areas of the organization where they had previous responsibilities.

D.

External assessments are performed every five years by a competent internal audit team from the organization's parent company.

Question 64

In which of the following ways can a whistleblower hotline serve as a prevent

Options:

A.

active control? 3

B.

Third parties who operate the hotline ensure anonymity for whistle blowers. D Whistleblower tips help discover wrongdoings and violations of the code of conduct.

Potential perpetrators of fraud know that their actions can be reported easily.

C.

Better investigation protocols are triggered by the whistleblower hotline.

Question 65

According to IIA guidance, which of the following is the most accurate statement regarding the internal audit charter?

Options:

A.

The IIA's Code of Ethics must exist outside of the charter to maintain independence.

B.

The charter must be approved by both senior management and the board.

C.

The nature of consulting services does not need to be defined in the internal audit charter.

D.

The charter provides a framework for performing a broad range of value-added audit services.

Question 66

An internal auditor has documented several instances in which management asked employees to ad against the policies and procedures. Which of the following is the most appropriate next step?

Options:

A.

Report the non-compliance cases to the board of directors.

B.

Recommend that management update its policies and procedures based on the circumstances.

C.

Investigate the rationale for management's actions.

D.

Recommend those employees to report the cases through the designed whistleblowing channel for the appropriate treatment.

Question 67

During an assurance engagement, an internal auditor identified that a developer of the organization's enterprise resource planning (ERP) system had intentionally modified the production code to commit a fraudulent transaction. Which control activity should be implemented to prevent such issues in the future?

Options:

A.

Segregate duties between code development and migrating changes into production.

B.

Conduct fraud training for the IT team responsible for the ERP system.

C.

Penalize the developer who committed the fraud by terminating employment.

D.

Restrict developers' access to the ERP system's test environment.

Question 68

Which of the following fundamental principles of The IIA's Code of Ethics is best described as performing work honestly diligently and responsibly?

Options:

A.

Integrity

B.

Proficiency

C.

Due Professional Care

D.

Competency

Question 69

The internal auditor of a small manufacturer noted that the accounting department has insufficient staff to achieve proper segregation of duties. What type of controls would the auditor likely recommend to management to specifically address this problem?

Options:

A.

Entity-level.

B.

Preventive.

C.

Directive.

D.

Compensating.

Question 70

Who has the ultimate responsibility of implementing the organization’s governance system?

Options:

A.

Stakeholders

B.

The board

C.

The chief executive officer

D.

Internal auditors

Question 71

An internal auditor is reviewing employee travel expenses from the previous six months for fraud. Which of the following tests would best detect instances where personal travel has been claimed?

Options:

A.

Verifying whether claims have been properly authorized for payment.

B.

Verifying whether claims are properly supported by invoices or other documents.

C.

Confirming that all claims are within the limits of the organization's travel policy.

D.

Reconciling claims against business trip requests that were approved by supervisors.

Question 72

An internal auditor is assessing the effectiveness of the organization's risk management practices She checks to see whether risk management is an intégrai part of decision making and whether risk management is transparent, responsive to change and addresses uncertainty. According to HA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?

Options:

A.

Maturity model approach

B.

Process element approach

C.

Key principles approach

D.

Key performance indicators approach.

Question 73

According to IIA guidance, which of the following activities is appropriate for an internal auditor to perform with regard to the organization's corporate social responsibility (CSR) program?

1. Determine whether the organization has adequate controls to achieve its CSR objectives.

2. Facilitate a management self-assessment of CSR controls and results.

3. Consult on the project design and implementation for the CSR program.

4. Exclude CSR-related external risks that are beyond the control of the organization.

Options:

A.

1 and 2 only.

B.

1, 2 and 3 only.

C.

2, 3, and 4 only.

D.

3 and 4 only.

Question 74

According to MA guidance, which of the following statements is true regarding an effective governance process?

Options:

A.

It stipulates that risk needs to be considered when making strategic decisions.

B.

It encourages strict segregation of the risk management and internal control processes.

C.

It relies on effective risk management when establishing the organization's risk appetite.

D.

It relies on the board to devise ways to communicate the effectiveness of internal controls.

Question 75

The chief audit executive (CAE) is drafting the annual internal audit plan and seeks input from senior management and the external auditor prior to submitting it for approval to the board. According to MA guidance, which of the following statements is true regarding this scenario?

Options:

A.

The CAE's actions are likely to impair the Independence of the internal audit activity.

B.

The CAE acted appropriately, and the independence of the internal audit activity was not impaired.

C.

The CAE should have developed the audit plan without outside influence to maintain objectivity.

D.

The CAE acted appropriately, as he has authority to determine who reviews and approves the audit plan.

Question 76

Which of the following actions would best help the internal audit activity promote continuous improvement in control effectiveness within the organization?

Options:

A.

Determining whether management measures and monitors the costs and benefits of controls.

B.

Providing training on controls and ongoing self-monitoring processes.

C.

Developing flowcharts to obtain information about control design adequacy.

D.

Identifying objectives and the risks involved in achieving them.

Question 77

The organization's chief audit executive (CAE) is planning an immediate assurance engagement following several product recalls. However, the internal audit staff does not have the required Knowledge and experience to adequately assess all the relevant processes and procedures. According to 11A guidance, which of the following actions should the CAE take under these circumstances?

Options:

A.

Use the current available resources to conduct the review and exclude those procedures that can't currently be performed.

B.

Implement an accelerated training plan to provide the audit staff with the necessary skills and knowledge to conduct the engagement.

C.

Encourage management to accept the assessed risk until the internal audit activity is able to adequately review the area.

D.

Obtain assistance for the audit team from other internal assurance providers who possess the requisite expertise in the area.

Question 78

During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids. Which of the following would be the most effective preventative control to reduce these losses?

Options:

A.

Ensure that returned merchandise is restocked to shelves or sent to the manufacturer by an independent employee.

B.

Call a sample of customers who returned merchandise to test the legitimacy of the returns and check refund amounts.

C.

Require that a manager use a reserved register code to approve voids or refunds.

D.

Analyze voids and refunds by employee, credit card number, and amount for unusual numbers, amounts, or patterns.

Question 79

The internal audit activity was denied access to expenditure and budget reports because they were considered to be confidential. This situation would result in which of the following limitations of the internal audit activity?

Options:

A.

Independence

B.

Integrity

C.

objectivity

D.

Authority

Question 80

According to MA guidance, which of the following is an appropriate role for the internal audit activity?

Options:

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management's behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Question 81

Which of the following would best serve to deter unethical behavior and encourage internal auditors to be objective in their work?

Options:

A.

A requirement that internal auditors undergo objectivity training periodically

B.

Periodic communications reminding internal auditors of Standards requirements

C.

A review of the final audit report by the audit committee

D.

Ongoing monitoring and periodic internal quality assessments

Question 82

Which of the following should play a leading role in overseeing the ethical atmosphere of an organization?

Options:

A.

Internal audit activity

B.

Operating management

C.

Senior management

D.

Board of directors

Question 83

Which of the following indicates that internal audit independence may be compromised?

Options:

A.

The internal auditor maintains a close personal relationship with operational management.

B.

Material observations were intentionally left out of the audit report.

C.

Internal auditors assigned to the audit engagement did not have the knowledge, skills, and competencies needed to perform their responsibilities.

D.

An internal auditor failed to apply professional skepticism while performing audit tests in an area overseen by an experienced, reputable manager

Question 84

The manager of the payroll department requested a review of the payroll process, but only wants the engagement to include processes related to approval of time worked. What type of activity is this?

Options:

A.

Financial assurance engagement.

B.

Operational consulting engagement.

C.

Compliance assurance engagement.

D.

Risk management consulting engagement.

Question 85

In which of the following situations has the internal auditor violated the IIA's Code of Ethics?

Options:

A.

An employee confided in an internal auditor and told him about fradulent activities. Although the employee asked for confidentially, the auditor disclosed her identity later during police questioning.

B.

While auditing payroll controls, an auditor was granted temporary access to salary data. The auditor referred to the acquired information while negotiating her work conditions three months later.

C.

Management considers an auditor to be highly competent and asked the audit to participate in an upcoming acquisition project. The auditor declined the request, calming a lack of knowledge.

D.

An internal auditor failed to acquire the continuing education credits needed for the year and requested that. The IIA change his certification status to inactive until the completed the required education activities.

Question 86

Which of the following written documents typically offers the best evidence that internal auditors exercise due professional care in conformance with the Standards?

Options:

A.

Internal audit charter.

B.

Workpaper.

C.

Audit report.

D.

Code of ethics.

Question 87

Management of an area under review is aggressive, upset, and questioning the knowledge and experience of the organization's internal auditors, as the audit results highlight critical findings. The relationship between the internal audit activity and management has continued to degenerate. as previous audit reports also showed a large number of issues. What would be the best strategy for working through the current audit results while also attempting to repair the relationship with management?

Options:

A.

Take an accommodating approach and change the overall rating of the audit report.

B.

Take a compromising approach by modifying the tone of the report, while maintaining the critical findings.

C.

Take an assertive approach and be persistent in attempting to convince the director.

D.

Take an assisting approach and offer to assist with the implementation of action plans.

Question 88

A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?

Options:

A.

The annual audit plan.

B.

The audit report.

C.

The annual risk assessment.

D.

The audit charter.

Question 89

A whistle blower notified internal audit of a conflict of interest between an organization's employee and a major supplier. Which of the following steps should be undertaken first?

Options:

A.

Interview the employee identified by the whistleblower.

B.

Attain an understanding of the employee's role, responsibilities, and relationship with the supplier.

C.

Notify senior management, the board, and the external auditor about the alleged fraud

D.

Review all the orders issued to the supplier to investigate potential fraud.

Question 90

Which of the following is an example of the chief audit executive (CAE) demonstrating due professional care?

Options:

A.

The CAE relies on CAEs in other organizations to understand how due professional care should be executed in her internal audit activity

B.

The CAE meets with the board of directors on a quarterly basis to provide a status update.

C.

The CAE assesses the audit staff's knowledge and skills annually to determine whether additional resources are needed to fulfill the internal audit plan.

D.

The CAE provides absolute assurance to line management during each eternal audit engagement

Question 91

IT management requires all employees in the IT department to attend annual training on the department’s mission values and key performance measures This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge’s kills gap

B.

Monitoring gap

C.

Accountability/reward failure

D.

Communication failure

Question 92

Which of the following concepts is emphasized in the Mission of Internal Audit?

Options:

A.

Support of good governance and controls.

B.

Enhancement of organizational value.

C.

Protection of tangible and intangible assets.

D.

Provision of professional advisory and assurance services.

Question 93

Which of the following organizations has reached the most mature level of corporate social responsibility?

Options:

A.

An organization that is able to provide goods and services society needs and thus maximizes profit to its owners.

B.

An organization that ensures compliance to legal frameworks of the countries in which it operates and sells its products.

C.

An organization that is willing to make contributions not mandated by law or economics and expects no payback.

D.

An organization that requires its decision makers to act with equity, fairness, and respect for the rights of individuals.

Question 94

An internal auditor in a busy internal audit activity reviews her continuing professional development records toward the end of the year and is concerned to find she has undertaken limited training and formal professional development. Which of the following actions is the most appropriate for her to take?

Options:

A.

Remind the chief audit executive (CAE) that he is responsible for her continuing professional development and needs to address the issue

B.

Contact her professional organization and explain that she does not need formal professional development, as she is being developed sufficiently through undertaking audit engagements.

C.

Accept that she is unlikely to meet continuing professional development requirements but look to attend training courses at the next available time.

D.

Accept that she is responsible for her own continuing professional development, develop a professional plan, and discuss it with the CAE.

Question 95

Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?

Options:

A.

Fewer internal audits

B.

More effective interviews

C.

Automated risk management strategy tools

D.

Reduced assurance costs

Question 96

Which of the following actions should the organization's governing body perform to provide the most effective governance over the organization's culture?

Options:

A.

Coordinate control activities.

B.

Provide direction.

C.

Design key controls.

D.

Deliver assurance.

Question 97

An organization allows the same individuals to physical access inventory and purchase new assets when supplies are depleted. Which of the following would best help the organization manage the risk of fraud?

Options:

A.

Accounting personnel should regularly perform reconciliation between invoices and purchase orders

B.

Accounting personnel should conduct a periodic inventory count and reconcile inventory movements

C.

internal auditors should review Vie frequency and volume of purchased assets to detect trends in the inventory levels

D.

Management should established a policy requiring new inventory asset purchases to be made on serialized order forms with copies retained

Question 98

Upon completion of an external assessment as part of the quality assurance and improvement program (QAIP), the chief audit executive (CAE) reported the results to senior management and the board The CAE included the following elements in the report

- Qualifications and independence of me external assessment team

- Conclusions of assessors

- Corrective action plans

How should the CAE improve the aforementioned approach to reporting the resets of QAIP?

Options:

A.

Senior management should be excluded from the reporting as the QAiP results must be communicated to re board only

B.

The report can be streamlined by removing unnecessary information such as the qualifications and me independence of external assessors

C.

The results must be snared with the external a auditors as well, so they can determine the extent to which they can rely on me work of the internal audit activity

D.

The report should indicate that the external assessment must be performed at least once every five years

Question 99

While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company's engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?

Options:

A.

Include the engineering department on the audit plan, use the available internal audit resources to conduct the review, and exclude procedures that cannot be adequately assessed.

B.

Advise management to accept the assessed risk until the internal auditors are able to review the area adequately.

C.

Recruit internal auditors with the required competencies and wait until they are employed before including this audit on the internal audit plan.

D.

Proceed with a review of the engineering department but supplement the internal audit team with nonauditors from an external engineering company who have the required skills to assist

Question 100

Which of the following qualifies as an acceptable consulting service provided by the internal audit activity?

Options:

A.

Develop training and system rollout plans in response to the results of the change readiness assessment of a new sales distribution model

B.

Lead a risk self assessment session for laboratory managers to help identify inherent risks and provide recommendations on how to evaluate the risks

C.

Audit a third party cloud service provider to review the effectiveness of governance and management controls in providing secure services to its customers

D.

Conduct a post-implementation assessment of the enterprise resource planning system to determine whether project objectives were met and to identify opportunities to maximize potential benefits

Question 101

Which of the following actions by an internal auditor would be the most relevant to determine the effectiveness of controls?

Options:

A.

Participate in a fraud risk-assessment session as an in-house facilitator.

B.

Send regular written updates to senior management on new control-related regulations.

C.

Lead a seminar on internal controls and provide numerous examples to the audience.

D.

Conduct a surprise inventory count at the raw materials warehouse.

Question 102

The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions The CAE was an accounting manager for the organization six months ago How should she respond to the request?

Options:

A.

Decline, if it is consulting engagement because she recently worked in the organization s accounting department

B.

Accept, 11 is an assurance engagement, as she has been out of the department long enough to not impair objectivity.

C.

Inform the accounting department mat me engagement can take place m the future once she has been removed from accounting for a longer period of time.

D.

Accept, it is a consulting engagement with agreed-upon scope and services to be provided by me internal audit activity.

Question 103

Who is held responsible for oversight of the organization's risk management framework?

Options:

A.

Operational management.

B.

Board of directors.

C.

Internal auditors.

D.

Head of risk management.

Question 104

A new internal audit activity is considering the adoption of a risk and control framework. Which of the following is the most appropriate consideration during this process?

Options:

A.

The framework should not be developed by the internal audit activity

B.

The framework should apply to individual projects rather than the organization as a whole

C.

The framework should always be tailored to the organization

D.

The framework should require fewer resources to implement

Question 105

Which of the following scenarios demonstrates an impairment to internal audit independence?

Options:

A.

The internal auditor s denied access to partner information from management of me area under review

B.

The internal auditor tarts to disclose a potential conflict of interest relationship with management of the area under review

C.

The internal auditor concludes that controls operate effectively, although he did not gather supporting evidence

D.

The internal auditor was assigned to an assurance review of an area for which he previously had responsibilities

Question 106

An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles of the MA Code of Ethics did she display?

Options:

A.

Confidentiality.

B.

Independence.

C.

Competency.

D.

Objectivity

Question 107

What is expected of internal auditors in regards to due professional care?

Options:

A.

Auditors perform assurance services without regard to cost

B.

Auditors perform assurance services effectively to identify all risks

C.

Auditors perform assurance services needed to achieve the engagement's objectives

D.

Auditors perform assurance services to guarantee all significant risks will be addressed

Question 108

At what point in time can an organization conclude that the established organizational governance framework was correctly implemented?

Options:

A.

When the internal auditor conducts observations and fieldwork.

B.

When management completes the risk assessment.

C.

When the internal auditor evaluation shows its soundness.

D.

When the organization's goals and objectives are met.

Question 109

Who is responsible for ensuring internal auditors’ continuing professional development?

Options:

A.

Individual internal auditors.

B.

Chief audit executive.

C.

The board.

D.

Engagement supervisors.

Question 110

After being assigned to an audit of the accounts payable process, an internal auditor privately notifies the chief audit executive that she is a finalist for an open manager position within the accounts payable department. Which of the following is the IIA Code of Ethics principle that the auditor upheld?

Options:

A.

Independence.

B.

Confidentiality.

C.

Objectivity.

D.

Competency

Question 111

Which of the following situations best describes an internal auditor who may have violated the IIA Code of Ethics principle of confidentiality?

Options:

A.

The auditor intentionally omitted from his resume that he was fired from his previous job for fraud allegations,

B.

The auditor decided not to notify her supervisor that her brother-in-law was responsible for the project the auditor was expected to evaluate.

C.

The auditor asked the audit client to copy requested files to her personal unencrypted memory stick because it was faster and more convenient.

D.

The auditor was assigned to analyze the organization's incentive program and spent long hours reviewing other employees’ bonuses,

Question 112

Which of the following is the most effective way for internal auditors to determine whether ethical values are followed throughout the organization?

Options:

A.

Review the organization's ethical value structure and reporting procedures.

B.

Review what the organization considers to be ethical behavior, such as the employee code of conduct.

C.

Review employee survey responses and follow up on those that suggest weaknesses in the ethical climate.

D.

Review the organization's records to ensure all employees have signed statements that they will follow ethical practices.

Question 113

Which of the following skills is most important for an internal auditor who facilitates control self-assessment workshops to possess?

Options:

A.

Groupthink.

B.

Collaboration skills.

C.

Process analysis skills.

D.

Project management skills.

Question 114

Which of the following best describes the type of risk that an adequately designed and effectively operating system of internal controls should mitigate?

Options:

A.

Net.

B.

Controllable.

C.

inherent,

D.

Residual.

Question 115

Which of the following statements best demonstrates application of due professional care during an assurance engagement?

Options:

A.

The engagement detected irregularities and noncompliance instances.

B.

The engagement supervisor had no significant comments in the supervisory review.

C.

The audit procedures were systematically planned, executed, and documented.

D.

The engagement objectives were designed to assist the engagement client.

Question 116

A newly appointed chief audit executive (CAE) started analyzing the organization's policies in an attempt to customize them to address internal audit specifics. Which of the following organizationwide practices is most likely to be acceptable to the CAE?

Options:

A.

Internal auditors1performance evaluation is primarily based on both client satisfaction surveys and cost savings identified from the audits.

B.

Standard training for each employee, including internal auditors, is 10 hours per year.

C.

To enhance efficiency, internal auditors should not be rotated regularly among engagements.

D.

Hiring practices include requiring potential auditors to disclose any significant stock ownership in the organization.

Question 117

In which of the following ways can a chief audit executive demonstrate to the board that the internal audit activity collectively possesses all of the skills needed to complete its annual goals?

Options:

A.

Involve board members in hiring activities and request advice.

B.

Require all internal audit staff to complete the same training course on a general audit subject,

C.

Require senior auditors to obtain a professional certification.

D.

Provide a competency assessment of the internal audit staff.

Question 118

Senior management has decided to adopt the key principles approach of the ISO 31000 risk management framework. According to IIA guidance, which of the following principles is most appropriate when implementing the risk management process in a dynamic agency?

Options:

A.

Everyone in the agency has a primary responsibility for identifying and managing risks as part of the risk management process.

B.

The risk management process, while evaluating risk, should develop a mechanism to rank the relative importance of each risk.

C.

The risk management process should be regularly reviewed and respond to changes in the environment, to remain relevant.

D.

The risk management process should use a formal technique to consider the consequence and likelihood of each risk.

Question 119

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

Options:

A.

ISO 26000.

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework

Question 120

Which of the following processes does the board manage to ensure adequate governance?

Options:

A.

Establish and measure performance objectives for the internal audit activity.

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization.

D.

Develop strategies to mitigate the risks to achieving the organization’s objectives

Question 121

Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?

Options:

A.

Evaluate how the organization manages fraud risk.

B.

Establish procedures for improving risk management processes.

C.

Ensure risk responses are aligned with industry standards.

D.

Verify that organizational objectives are aligned with each department’s objectives.

Question 122

Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor's most appropriate next step?

Options:

A.

Immediately notify management of the area under review and the other internal auditors involved in the engagement.

B.

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C.

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.

D.

Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.

Question 123

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy. Which of the following is the most appropriate idea to include?

Options:

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported.

C.

Management is responsible for ensuring that the organization’s CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization; thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Question 124

During a review of employee benefits, a staff internal auditor observed an ambiguity in the incentive compensation policy. If reported, it could negatively impact the internal auditor's compensation. Which of the following would encourage the internal auditor to be objective in his work?

Options:

A.

Periodic reinforcement of the internal audit activity's code of ethics disclosure practices.

B.

External assessments of the internal audit activity every five years.

C.

Audit committee review of every engagement report at the conclusion of the audit.

D.

Internal audit charter approved by the board.

Question 125

An internal auditor believes that the internal audit activity's independence is impaired. Which of the following actions should the internal auditor take first?

Options:

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Question 126

In which of the following situations may the internal audit activity report conformance with the Standards?

Options:

A.

An internal audit activity has been in existence at least five years and has not completed an external assessment,

B.

An internal auditor was assigned to an audit engagement but did not meet individual objectivity requirements.

C.

The internal audit activity prepared an internal audit plan that was not risk-based.

D.

The internal audit activity has been in existence fewer than five years, but periodic self-assessments were conducted.

Question 127

Which of the following situations undermines the independence of the internal audit activity?

Options:

A.

The internal audit activity is responsible for the company's risk management function, and its head manager reports to the chief audit executive.

B.

A senior member of the internal audit activity once worked in the corporate finance department.

C.

The organization’s CEO reviews the internal audit activity’s annual budget per the organization’s policies and procedures.

D.

The internal audit activity often uses management's risk profile to build its own risk profile for annual planning.

Question 128

An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing ( Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations.

According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?

Options:

A.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity

has addressed all areas of nonconformance and the audit committee has been notified.

B.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.

C.

Indicate that the internal audit activity operates in partial conformance with the Standards t as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.

D.

Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to ail parties who received the original reports.

Question 129

During an assurance engagement, an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies. Which of the following skills did the auditor demonstrate?

Options:

A.

Internal audit management.

B.

Conflict negotiation.

C.

Critical thinking.

D.

Persuasion and collaboration.

Question 130

An internal auditor observed that sales staff are able to modify or cancel an order in the system prior to shipping* She wonders whether they can also modify orders after shipping. Which of the following types of controls should she examine?

Options:

A.

Batch controls.

B.

Application controls.

C.

General IT controls.

D.

Logical access controls

Question 131

Which of the following statements best describes the difference between risk appetite and risk tolerance?

Options:

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization's general attitude toward risk,

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management.

C.

Risk appetite refers to an organization's general level of acceptance, while risk tolerance is a more specific and subordinate concept.

D.

There is no significant difference between the two terms.

Question 132

In which of the following ways could stakeholders be engaged in corporate social responsibility efforts?

Options:

A.

Investigation of health and safety incidents.

B.

Auditing of controls and management systems.

C.

Communication of disclosures and external reporting,

D.

Involvement in focus groups and complaint management

Question 133

Which of the following best demonstrates internal auditors performing their work with proficiency?

Options:

A.

Internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA’s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Question 134

Which of the following would be considered a violation of The HAfs mandatory guidance on independence?

Options:

A.

The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer.

B.

The board seeks senior management's recommendation before approving the annual salary adjustment of the CAE.

C.

The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity,

D.

The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline

Question 135

Applying ISO 31000, which of the following is part of the external context for risk management?

Options:

A.

Risk treatment method based on risk evaluation.

B.

Organizational culture, objectives, and processes.

C.

The regulatory and competitive environment

D.

The method of determining the risk level.

Question 136

Which of the following could increase risks to the organization’s control environment?

Options:

A.

Strong board of directors oversight.

B.

Incentive-based compensation structures.

C.

Lower than average employee turnover.

D.

Implementation of a fraud hotline.

Question 137

While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditor's relative. Which course of action should the auditor take?

Options:

A.

Proceed with the audit engagement, but do not include the relative's information.

B.

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.

Disclose in the engagement final communication that the relative is a customer.

D.

Immediately withdraw from the audit engagement.

Question 138

An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment. According to the Standards, which of the following would the auditor include in the risk register?

Options:

A.

Management’s acceptance of inadequate controls for cybersecurity risk.

B.

Discussions with senior management relating to a new revenue stream.

C.

Mitigating controls implemented by the engagement supervisor

D.

Project manager planned hours versus time spent for all prior year projects

Question 139

Which of the following best illustrates the application of due professional care during an audit of the procurement department?

Options:

A.

The internal auditor began checking purchase requisitions for proper authorizations. He stopped when he discovered an instance of noncompliance. and he concluded the controls were ineffective.

B.

The internal auditor discovered an instance where management did not follow the standard bidding processes. The auditor assessed the validity of management’s

reasons for deviating from standard practice and the supporting documentation, and determined that the deviation was acceptable.

C.

The internal auditor selected a sample of purchase orders with amounts greater than S5.000, the threshold at which the organization requires a bidding process. The auditor obtained documentation of the bidding process for each purchase order in the sample.

D.

The internal auditor analyzed bidding documents provided by management. Management indicated that the documents were purchase orders issued to a sole-source vendor Based on the analysis and management's declaration, the internal auditor determined that the procurement process was effective.

Question 140

While conducting an engagement in the procurement department, the internal auditor noticed that the department head’s travel reports showed minor travel expenses, and there were no charges for hotels, meals, or transportation. However, the auditor knew that the department head frequently traveled worldwide to meet with suppliers and visit their production sites. Which of the following would be the most appropriate next step for the auditor?

Options:

A.

The auditor should make a note of the issue for follow-up when employee travel expenses are audited.

B.

The auditor should analyze trends and changes among the organization’s suppliers over the past few years.

C.

The auditor should investigate whether there are any special arrangements regarding senior management travel.

D.

The auditor should analyze the list of destinations the department head visited to estimate typical costs.

Question 141

According to NA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

Options:

A.

To enable Triple Bottom Line reporting capability.

B.

To facilitate the conduct of risk assessment.

C.

To achieve and maintain sustainable development.

D.

To fulfill regulatory and compliance requirements.

Question 142

Operational management in the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge/skills gap,

B.

Monitoring gap.

C.

Accountability/reward failure,

D.

Communication failure.

Question 143

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Options:

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Question 144

Which of the following statements best illustrates why internal auditors assess soft controls?

Options:

A.

Assessing soft controls are an effective method of assessing risk related to personnel.

B.

Assessing soft controls, as opposed to hard controls, makes it easier to evaluate operating effectiveness.

C.

Assessing soft controls can help internal auditors in undertaking root-cause analysis.

D.

Assessing soft controls provides more objective information than assessing hard controls.

Question 145

The internal auditor obtained large volumes of transaction history data for accounts on which he suspected that some fraudulent transactions occurred. Which of the following actions best demonstrates due professional care by the internal auditor?

Options:

A.

The internal auditor carefully scrutinized the data by manually reviewing each transaction to ensure that all irregularities were identified.

B.

The internal auditor employed the use of data analytics tools to sort, analyze, and detect anomalies in the data

C.

The internal auditor started the data analysis process by selecting a random sample of transactions on which to perform further tests.

D.

The internal auditor requested that the branch supervisor assist in identifying fraudulent transactions, as he was most familiar with the accounts being audited.

Question 146

Management is installing security cameras to identify unauthorized physical access to the organization's warehouse. This is an example of which of the following types of controls?

Options:

A.

Detective controls.

B.

Key controls.

C.

Primary controls.

D.

Preventive controls

Question 147

A whistleblower reveals to the chief audit executive (CAE) detailed allegations of potential fraud at the senior management level. Although the CAE has some experience in the area, she chooses to retain an external fraud expert to conduct the investigation. When asked by the director of finance to defend the expenditure, which of the following statements represents the CAE's best response?

Options:

A.

The CAE refers to the Standards and explains that to protect her independence, she needs to remain isolated from the investigation.

B.

The CAE refers to the Standards and explains that the internal audit activity must obtain competent assistance if needed.

C.

The CAE refers to the Standards and explains that to protect her objectivity, she needs to remain isolated from the investigation.

D.

The CAE describes the specifics of the allegation to underscore the importance of the situation and the need for expert investigation

Question 148

An internal audit team received the following feedback from operational management via a post-engagement survey "Management agrees with all audit findings However, the audit team did not consider our input on the best way to resolve the issues”

This feedback is an indication that the internal audit activity may need to improve which of the following interpersonal skills?

Options:

A.

Leadership

B.

Conflict management

C.

Communication

D.

Influence

Question 149

Which of the following is an example of corruption?

Options:

A.

Recognizing revenue up front rather than over a contract’s life to inflate revenue for the current period

B.

Requesting reimbursement for overstated travel and entertainment expense amount

C.

Misstating realized foreign currency transaction gains or losses

D.

Demanding payment from a vendor for decisions made in the vendor’s favor

Question 150

Following a quality assurance review of a small internal audit activity, the external reviewer and the chief audit executive (CAE) cannot agree on the importance of several deficiencies noted during the review. Which of the following would be the most appropriate next step for the reviewer to take?

Options:

A.

Remove the areas of disagreement from the scope of the engagement and seek informal compromises with the CAE.

B.

Issue the report to senior management, noting the deficiencies for immediate resolution.

C.

Issue the report, noting the deficiencies with comments that address the areas of disagreement.

D.

Request arbitration from the audit committee to resolve discrepancies prior to issuing the final report

Question 151

Recently an organization’s internal audit activity discovered ghost employees who receive payments Senior management decides to strengthen the internal control measures to address this Which of the following is considered an effective control to mitigate payments to ghost employees?

Options:

A.

Staff transfers are reviewed by the recruiting manager and approved by the head of human resources

B.

New staff requisition forms are authorized by operational management and acknowledged by the head of human resources

C.

Staff salary payments and accounting records are approved by the head of accounting and acknowledged by the head of human resources

D.

The staff salary payment list is reviewed by the head of payroll and endorsed by the head of human resources

Question 152

What should the chief audit executive do when the internal audit activity is found to be in nonconformance with the Code of Ethics or the Standards?

Options:

A.

Assign competent staff to the area under audit to remediate the nonconformance.

B.

Determine how the deviation impacted the overall scope of the internal audit activity.

C.

Meet with the board to gam an understanding of the board's expectations.

D.

Communicate the matter to the board at the time of the next external assessment.

Question 153

According to IIA guidance, which of the following actions best demonstrates due professional care by an internal auditor when she discovers a number of fraud-related red flags during an audit engagement?

Options:

A.

Conclude the engagement and inform management that fraud has occurred

B.

Perform further testing to verify the existence of fraud.

C.

Suspend the engagement and undertake a formal fraud investigation.

D.

Notify the board of the possible fraud immediately

Question 154

Which of the following activities should the chief audit executive perform to ensure compliance with an organization's code of conduct?

Options:

A.

Act as an advisor to the committee responsible for reviewing violations of the code.

B.

Review and adjudicate all violations of the code of conduct.

C.

Lead the committee responsible for the oversight of the code.

D.

Implement a system of procedures to inform all employees of the code.

Question 155

The internal audit activity is performing an assessment of an organization's ethics program, and the engagement scope specifies a focus on the training program's design. According to IIA guidance, which of the following questions would be the most relevant?

1. Does the training include situations that require an ethical decision?

2. What percentage of employees have taken the training?

3. What are the results of the employee assessment of the organization's ethical climate?

4. Does the instructor provide feedback on the thought process to reach an ethical resolution?

Options:

A.

1 and 2.

B.

1 and 4.

C.

2 and 3.

D.

3 and 4.

Question 156

An internal auditor has suspicions that some fictitious vendors have been created in the organization's computer system. Which of the following would be the best technique to detect this fraud?

Options:

A.

Review for duplicate invoice numbers, duplicate dates, and duplicate amounts

B.

Run checks to find matches between vendor and employee addresses

C.

Check for recurring requests for refunds where invoices are paid twice

D.

Review for unexplained increases in inventory

Question 157

Which of the following statements is true regarding the disclosure of results of the quality assurance and improvement program?

Options:

A.

If the results of both internal and external assessments support conformance with the Standards, the internal audit activity must communicate this to the board and senior management in writing.

B.

If it has been in existence fewer than five years and has no documented external assessment, the internal audit activity may not indicate that it is operating in conformance with the Standards.

C.

If nonconformance affects its ability to fulfill its professional responsibilities or stakeholder expectations, the internal audit activity should disclose nonconformance as well as its impact.

D.

If an external assessment reflects an overall conclusion of nonconformance, the internal audit activity may continue to communicate that it conforms with the

Standards if it discloses a remediation plan, including timeline with subsequent validation.

Question 158

Which of the following situations undermines the independence of the internal audit activity?

Options:

A.

The internal audit activity is responsible for the company's risk management function and its head manager reports to the chief audit executive

B.

A senior member of the internal audit activity once worked in the corporate finance department

C.

The organization's CEO reviews the internal audit activity's annual budget per the organization’s policies and procedures

D.

The internal audit activity often uses management's risk profile to build its own risk profile for annual planning

Question 159

Which of the following statements is true regarding consulting and assurance engagements performed by the internal audit activity'?

Options:

A.

For both assurance and consulting engagements, the auditor must independently and objectively select the criteria for evaluation

B.

For a consulting engagement, internal auditors and management jointly agree on the adequate criteria needed to evaluate governance, risk management, and controls. This is not true of assurance engagements

C.

Engagement planning and fieldwork are similar for both types of engagements (there are no major differences) although the reporting process is different depending on which service is provided

D.

For a consulting engagement objectives must address governance risk management and control processes to the extent agreed upon with the client. This is not true of assurance engagements

Question 160

Which of the following is the best example of a computer forensic audit activity?

Options:

A.

An internal auditor compared vendor addresses to employee home addresses.

B.

An internal auditor used analytical software to trace all disbursements processed on weekends.

C.

An internal auditor tried to circumvent the logical access controls of the purchasing system.

D.

An internal auditor recovered emails of an employee who was suspected of fraudulent activities

Question 161

Guidelines need to be set for various levels of suspected fraud within an organization and when it would be reported to the audit committee. Which of the following would be

reported at the next meeting?

Options:

A.

Minor theft of less than $10,000, not involving senior management.

B.

Theft using collusion for more than $10,000. but not involving senior management.

C.

Denial of access to requested employees during an audit.

D.

Discussion of replacement of the chief audit executive.

Question 162

An internal auditor was completely honest with operational management when delivering unfavorable audit results. Which of the following best describes the IIA Code of Ethics principle that the auditor demonstrated?

Options:

A.

Integrity

B.

Objectivity

C.

Competency

D.

Transparency

Question 163

Which of the following conditions classifies an engagement as a consulting service provided by the internal audit activity?

Options:

A.

The internal auditor assigned to the engagement previously worked in the area under review and lacks objectivity.

B.

The internal audit engagement will involve providing an opinion on the effectiveness of controls.

C.

The internal auditor assigned to the engagement was specifically requested by management of the area under review.

D.

he internal audit engagement involves only two parties: the internal auditor and the engagement client.

Question 164

What should be the first step for a newly hired chief audit executive to build and maintain the proficiency of the internal audit activity'?

Options:

A.

Incorporate the basic criteria of internal audit competency into job descriptions

B.

Complete a periodic skills assessment of the internal audit activity

C.

Develop a competency or skill assessment tool.

D.

Perform benchmarking with competitors to learn what other firms are doing related to this topic

Question 165

Which of the following describes the internal audit activity's most appropriate role in an organization's risk management process?

Options:

A.

Reporting to the board on management's assessment of current risks

B.

Establishing a risk management policy and framework for the organization

C.

Assigning responsibility for identifying and managing significant risks

D.

Developing key controls to mitigate risks across the organization

Question 166

During the audit of taxation processes in the organization internal auditors have verified that all employees of the finance department received training on taxation guidelines. The training is mandatory and is automatically assigned via email invitation to all new employees in the department. Which type of controls have the auditors tested?

Options:

A.

Directive

B.

Preventive

C.

Detective

D.

Automatic

Question 167

Which of the following would the chief audit executive be required to disclose in the communication of quality assessment results to senior management and the board?

Options:

A.

The cost and frequency of both internal and external assessments.

B.

Any assumptions made by the assessment team

C.

A potential conflict of interest of the assessment team.

D.

The assessment team’s execution plan of relevant procedures.

Question 168

Which of the following is a consulting service the internal audit activity can perform with respect to the organization's risk management?

Options:

A.

Delivering assurance on the risk management system

B.

Facilitating risk assessment workshops

C.

Evaluating principal risk reporting

D.

Deciding on the appropriate risk response

Question 169

Which of the following is a primary responsibility of senior management with respect to ethical violations?

Options:

A.

Senior management provides oversight for the organization's ethical climate.

B.

Senior management promotes an ethical culture in the organization.

C.

Senior management assesses the effectiveness of the organization’s ethical programs.

D.

Senior management reviews major ethical policies in the organization for compliance

Question 170

An investment advisory firm purchased professional liability insurance to offer protection from lawsuits brought by customers claiming they received poor or erroneous advice. Which of the following best describes this risk management technique?

Options:

A.

Mitigation.

B.

Acceptance

C.

Transfer.

D.

Avoidance

Question 171

Six months after an employee was transferred to the internal audit activity his former operating manager requested that he return to assist a project team with the evaluation of a new pricing module for the organization’s online ordering system According to IIA guidance which of the following statements is true?

Options:

A.

The auditor cannot be assigned to this project, as it has been fewer than 12 months since he was transferred from that department.

B.

Another internal auditor should be appointed to the engagement to preserve the independence of the internal audit activity

C.

The auditor cannot participate in the assignment, as providing an opinion would impair his objectivity

D.

The auditor may participate on the project, as the nature of the assignment is consulting

Question 172

According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?

1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.

2. Ability to provide relevant advice and recommendations to management and the board.

3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.

4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.

Options:

A.

1 and 4 only.

B.

1, 2, and 3 only.

C.

1, 2, and 4 only.

D.

2, 3. and 4 only

Question 173

Which of the following best demonstrates that an internal auditor is applying due professional care when planning an assurance engagement?

Options:

A.

Assessing the risk of noncompliance with laws and regulations

B.

Following the policies as prescribed by the internal audit manual.

C.

Advising management of the area under review on how to mitigate internal control risks.

D.

Conducting the engagement on the presupposition that fraud exists.

Question 174

According to IIA guidance, which of the following would the internal audit activity examine in order to evaluate the organization's governance process for strategic and operational decisions'?

Options:

A.

The risk assessment process including interviews with senior management.

B.

The organization’s mission and value statements, code of conduct, and whistleblowing policy

C.

Board meeting minutes the board policy manual, and past audit reports

D.

Staff compensation objective setting and the performance evaluation policy and process

Question 175

Which of the following is the first step in the process of identifying relevant fraud risk factors?

Options:

A.

Identifying preventive and detective controls

B.

Gathering information about the organization’s business activities to gain an understanding of fraud risks

C.

Engaging in strategic reasoning to anticipate the fraud scheme

D.

The use of brainstorming, management interviews, analytical procedures and review of prior frauds.

Question 176

According to IIA guidance, which of the following statements is true regarding ISO 31000?

Options:

A.

The key principles approach checks whether each element of the risk management process is in place.

B.

The framework is effective in addressing the organization's structure, size, and risk profile but not its culture objectives.

C.

The end point for improving an organization s approach to risk management should be a gap analysis that evaluates any changes.

D.

A combination of the three primary approaches to the framework generally yields the most information despite the complexity

Question 177

Which of the following is a greater consideration for internal auditors when they are performing a consulting engagement than when they are performing an assurance engagement'?

Options:

A.

The relative complexity of the engagement

B.

The cost of the engagement relative to its benefits

C.

The extent of work needed to achieve the engagement's objective

D.

The needs and expectations of the engagement client

Question 178

According to IIA guidance, which of the following best describes the chief audit executive s responsibility for confirming to the board the organizational independence of the internal audit activity'?

Options:

A.

The CAE must do this at least annually

B.

The CAE must do this at least once every five years

C.

The CAE must do this upon completion of each external quality assessment

D.

The CAE should do this periodically in conjunction with a review of the internal audit charter

Question 179

According to IIA guidance, which of the following best describes expense reimbursement fraud?

Options:

A.

Theft of cash after it is recorded in the books

B.

Theft of cash before it is recorded in the books

C.

Theft of assets through fictitious or inflated invoices

D.

Theft of assets through false mileage travel logs and meal charges

Question 180

Who is responsible for setting the risk appetite?

Options:

A.

External auditors.

B.

Chief risk officer.

C.

Operations management.

D.

Board of directors.

Question 181

A manufacturer of power tools is experiencing regular fluctuations in the price of electrical power which is having a serious impact on the bottom line. Which of the following would be the most effective risk strategy to reduce the impact of these fluctuations?

Options:

A.

Use an average cost for power to smooth the bottom line.

B.

Analyze the amount of power used to produce each power tool.

C.

Review the current process to identify opportunities to reduce power usage.

D.

Use a forward contract for bulk power purchases

Question 182

Senior management has requested that the internal audit activity review and amend policies where necessary when auditing the purchasing department. To which of the following would the chief audit executive most likely give primary consideration when responding to this request?

Options:

A.

Auditor competency.

B.

Internal audit independence.

C.

Auditor objectivity.

D.

Engagement scope.

Question 183

Which of the following scenarios is a characterize of an organization with a highly effective ethical culture?

Options:

A.

An organization implements and communicates to staff a formal and comprehensive code of conduct, which is clear and understandable.

B.

An organization waives reference and background checks when hiring for certain sensitive positions in order to not violate potential employees' rights to privacy.

C.

An organization punishes senior management more harshly for ethics violations than it would for lower-level staff to send a message throughout the organization.

D.

An organization conducts surveys of employees, suppliers, and customers once every five years to determine the slate of the ethical climate in the organization.

Question 184

Which of the following best describes the risk created when a manager bypasses organizational policies and procedures in order to meet an organization’s objective?

Options:

A.

Accountability/reward risk.

B.

Monitoring failure risk.

C.

Communication failure risk.

D.

Knowledge/skills risk

Question 185

The internal audit activity is asked to provide consulting services regarding the risks related to implementing a proposed new Inventory management system. Which of the following would be a key consideration of the internal audit activity in accepting this engagement?

Options:

A.

Ask the inventory manager to determine whether the work planned would be sufficient to meet the consulting engagement objectives.

B.

Ensure that the method used to communicate the results of the consulting engagement is consistent with the board's preferred method.

C.

Determine whether the benefits to be derived from the requested assessment would exceed the cost of providing the consulting service.

D.

Use email and telephone conversations to convey the results of the engagement, as these may prove to be the most efficient methods for communicating.

Question 186

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently.

Which common characteristics of fraud will the practice and policy most likely reduce?

Options:

A.

Pressure or incentive.

B.

Opportunity.

C.

Rationalization.

D.

Commitment.

Question 187

During an audit of the purchasing department, an internal auditor identifies significant issues that could affect the organization's financial reporting. Management disagrees with the audit results. Which of the following responses best demonstrates the internal auditor has the necessary competencies related to professional Judgment and conflict management?

Options:

A.

The auditor maintains his convictions and continues to proceed with the review process despite management's concerns related to the results.

B.

The auditor bypasses management, discusses the results with the board, and seeks the board's input on how best to address the recommendations.

C.

The auditor consults with other members of the audit team, and together they develop alternative recommendations that management may be more likely to accept.

D.

The auditor meets with management to discuss the results and obtain a better understanding of the specific concerns.

Question 188

Considering the concepts of organization wide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?

Options:

A.

Transaction-level control.

B.

Management-oversight control.

C.

Governance control.

D.

Process-level control.

Question 189

A chief audit executive assigned an internal auditor to perform an assurance engagement. The auditor concluded with a major audit finding based on hearsay evidence Which of the following competencies did the auditor appear to be lacking?

Options:

A.

Effective communication skills

B.

Risk-based assurance knowledge

C.

Demonstration of due professional care.

D.

Demonstration of ethical behavior

Question 190

Which of the following would be considered a primary control to reduce the risk associated with setting up duplicate vendors?

Options:

A.

Receipt of a signed and approved vendor setup form.

B.

Segregation of duties between setting up vendors and making vendor payments.

C.

System validation and edit checks on vendor identification number

D.

A vendor setup policy and procedure.

Question 191

Which type of engagement requires that the client agrees with the techniques used by the internal audit activity?

Options:

A.

A performance audit.

B.

A sensitive fraud investigation.

C.

A compliance audit

D.

A consulting service.

Question 192

Which of the following statements is true regarding the role of the internal audit activity in the organization's risk management process?

Options:

A.

The internal audit activity should not be responsible for developing the organization's risk management framework, even with appropriate safeguards.

B.

The internal audit activity is typically responsible for alerting operational management to emerging risks and changes in regulatory scenarios

C.

The internal audit activity may coach management on risk response scenarios if safeguards have been implemented.

D.

The internal audit activity should avoid giving assurance regarding the accuracy of risk evaluations if safeguards have not been implemented.

Question 193

A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to IIA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

Options:

A.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees

B.

Review the investigation and implement any improvements to the process.

C.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

D.

Determine why the fraud was not detected earlier and design controls to strengthen early detection.

Question 194

An organization is considering purchasing a new banking software system and has asked the internal audit activity to evaluate the system. An internal auditor assigned to perform the engagement worked at the software company two years ago and is familiar with the system's design strengths and weaknesses. Which of the following is true regarding impairment to the auditor's objectivity?

Options:

A.

This situation does not necessitate any action related to the auditor's objectivity.

B.

The auditor should decline to perform the audit because personal conflicts of interest are likely.

C.

The auditor must disclose to the chief audit executive that this situation may impair her objectivity.

D.

The auditor can provide only consulting services, not assurance.

Question 195

An organization sells products through distributors. The organization's chief audit executive insists that the organization's code of conduct be applicable to their distributors as well. Which of the following risks would this mitigate?

Options:

A.

Business continuity

B.

Market manipulation

C.

intellectual property leakage

D.

Reputational damage

Question 196

According to the Standards, which of the following demonstrates the proficiency of an internal auditor?

Options:

A.

Each internal auditor must hold one or more certifications in the area of fraud and seek out continuing professional development related to fraud detection and fraud investigation.

B.

Each internal auditor must have sufficient knowledge of IT risks and controls, and be able to evaluate the risk of fraud and the manner in which it is managed by the organization.

C.

Each internal auditor on the engagement team must possess the same level of knowledge, skills, and other competencies as other auditors on the engagement team.

D.

Each internal auditor must be paired, by the chief audit executive, with an individual who possesses the knowledge, skills, or other competencies required to complete the audit.

Question 197

Which of the following statements is the most appropriate for a chief audit executive to include in the internal audit policy manual in order to promote objectivity?

Options:

A.

Internal auditors may conduct a financial effectiveness engagement in a business unit at any point after being transferred from that area.

B.

Internal auditors may conclude that a business unit's current control environment is adequate and effective if the review of the prior year's workpapers and audit report supports that conclusion.

C.

Internal auditors may conduct an engagement in a business unit at any point after providing a training workshop in that area.

D.

Internal auditors should limit the scope of an engagement if they become aware of a potential impairment of their objectivity in order to reduce the potential impact of the impairment on the engagement results.

Question 198

When beginning an engagement to assess the effectiveness of the organization's newly revamped risk management processes, which of the following should internal auditors review first?

Options:

A.

Key risk disclosures in the annual report.

B.

Existing risk assessment and identification processes.

C.

Organizational strategy and business plans.

D.

Risk mitigation plans and risk responses.

Question 199

Which of the following is an advantage of using nongovernmental organization (NGO) members on an assurance team when auditing corporate social responsibility?

Options:

A.

Typically less time is needed to train the NGO members on the audit process.

B.

NGO members are often more unbiased and objective

C.

A report with a positive statement from an NGO member is deemed to be more credible. As opposed to auditors.

D.

NGO members are licensed to audit corporate social responsibility.

Question 200

During the closing meeting of a procurement audit, the business manager disagrees with the observation presented by the engagement supervisor and accuses the team of not understanding the procurement objectives The engagement supervisor blames the manager for impeding the audit What skillset should the chief audit executive utilize to manage this situation?

Options:

A.

The ability to negotiate

B.

The ability to use analytical tools

C.

The ability to foresee issues

D.

The ability to manage conflict

Question 201

Which of the following would be the best choice for a continuing professional development requirement for a newly created internal audit activity?

Options:

A.

Require all internal auditors to create a training plan based on a competency self-assessment.

B.

Require internal auditors to complete all of their training through webinars, to increase efficiency and avoid traveling

C.

Require all internal auditors to become a member of The Institute of Internal Auditors.

D.

Require internal auditors to create a training plan based on their areas of interest

Question 202

Anew internal auditor suspects fraud is taking place. Which action should the new auditor take?

Options:

A.

Collect relevant audit evidence and begin working with management of the area to investigate the fraud.

B.

Inform the chief audit executive and meet with the suspect to determine whether the person committed fraud.

C.

Document supporting information and recommend an investigation to the appropriate audit management.

D.

Evaluate existing controls and implement new procedures to mitigate the opportunity for fraud.

Question 203

The chief audit executive (CAE) has hired a new internal auditor who was immediately assigned to a procurement function audit. Because the new auditor's name is similar to that of the procurement manager, some staff members think the two are related, although they are not. Which of the following actions is most appropriate for the CAE to take?

Options:

A.

Take no action, as there is no impairment to independence.

B.

Remove the new internal auditor from the engagement team.

C.

Discuss the matter with the appropriate personnel to alleviate concerns.

D.

Closely supervise the new auditor and carefully review his work.

Question 204

Which of the following is most important for an internal auditor to consider when developing an approach for an audit engagement in a foreign country?

Options:

A.

Currency exchange rates, as they relate to internal audit-related expenses.

B.

Differences in typical working hours, compared to other countries.

C.

The effects of subtle language nuances on translations.

D.

Accepted practices that may be illegal in other countries.

Question 205

Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?

Options:

A.

Determine the organization’s overall risk appetite.

B.

Establish a governance committee.

C.

Delegate authority to members of senior management.

D.

Identify key stakeholders and their expectations

Question 206

According to IIA guidance, which of the following activities would typically be examined when using the maturity model approach for assessing an organization's risk management program?

Options:

A.

Monitor and review

B.

Performance measurement.

C.

Setting the context.

D.

Communication.

Question 207

Which of the following would be the most effective in helping to detect fraud?

Options:

A.

Code of conduct.

B.

Exit interviews.

C.

Fraud awareness training

D.

Employee promotion policy.

Question 208

Which of the following represents a deficiency in the control environment?

Options:

A.

The sales department has failed to achieve targets for the last nine months.

B.

Employees report suspicious activity by calling the organization's ethics hotline.

C.

Hiring procedures do not include background checks for prospective job candidates.

D.

Management reports three potential ethics issues to the board of directors.

Question 209

According to IIA guidance, the nature and scope of assurance and consulting services to be offered must be clearly delineated in which of the following internal audit documents?

Options:

A.

The internal audit policies and procedures handbook.

B.

The internal audit charter.

C.

The internal audit mission statement.

D.

Each internal audit engagement letter.

Question 210

According to MA guidance, which of the following statements is true regarding internal auditors' use of technology-based techniques?

Options:

A.

Auditors must consider using technology if it advances the engagement, even when implementation costs exceed the benefits.

B.

Auditors must considering using technology to reduce the organization's risk by detecting all instances of fraud.

C.

Auditors must consider using technology only when the Implementation cost does not exceed benefits.

D.

Auditors must consider using technology in a variety of engagements to ensure that their work is substantiated and infallible.

Question 211

Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?

Options:

A.

Evaluating and suggesting improvements to the risk management process.

B.

Establishing the organization's risk appetite.

C.

Determining whether the risk attitude is aligned with shareholder interests.

D.

Ensuring an adequate risk management system is in place.

Question 212

Which of the following best describes a responsibility of the board of directors with regard to risk management throughout the organization?

Options:

A.

Monitor the organization's overall risk activities in relation to its risk appetite and other risk criteria.

B.

Guide the integration of risk management with other business planning and management activities.

C.

Review the portfolio of risk of the organization in relation to its risk appetite.

D.

Assume responsibility for the effectiveness and success of the risk management framework

Question 213

A third-party provider's questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization's risk management practices was most likely ineffective?

Options:

A.

The organization ensured that the third-party vendor provided the best pricing for the requested services.

B.

The organization conducted quality control reviews of provided services to ensure industry standards were met.

C.

The organization performed a due diligence review of all vendors during the bid review process.

D.

The organization planned to issue a resolution concerning the third-party provider's labor practices.

Question 214

According to MA guidance, which of the following best describes how often the chief audit executive should review the quality assurance and improvement program of the internal audit activity?

Options:

A.

Whenever the business objectives of the organization change

B.

Just prior to an external assessment of the internal audit activity

C.

At the completion of each engagement.

D.

Progressively on a day-to-day basis

Question 215

Which of the following indicates an appropriate disclosure of a potential nonconformance with the Standards?

Options:

A.

An external assessment of the internal audit activity was last performed six years ago.

B.

The internal audit activity has been in existence for four years but has not performed an external assessment.

C.

An internal assessment is not performed every year.

D.

The internal audit activity has been in existence for two years and has documented only an internal assessment.

Question 216

Which of the following is an example of a management control technique?

Options:

A.

A budget.

B.

A risk assessment.

C.

The board of directors.

D.

The control environment

Exam Detail
Vendor: IIA
Certification: CIA
Exam Code: IIA-CIA-Part1
Last Update: Dec 22, 2024
IIA-CIA-Part1 Question Answers