Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium IIA IIA-CIA-Part2 Dumps Questions Answers

Internal Audit Engagement Questions and Answers

Question 1

Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?

Options:

A.

A clothing company designs, makes, and sells a new item.

B.

A commercial construction company is hired to build a warehouse.

C.

A city department sets up a new firefighter training program.

D.

A manufacturing organization acquires component parts from a contracted vendor

Buy Now
Question 2

Which method of examining entity-level controls involves gathering information from work groups that represent different levels in an organization?

Options:

A.

Questionnaires.

B.

Surveys.

C.

Structured interviews

D.

Facilitated team workshops

Question 3

In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?

Options:

A.

To obtain sufficient audit evidence.

B.

To test the client ' s knowledge.

C.

To agree on the auditor’s scope of authority.

D.

To establish rapport.

Question 4

Which of the following information is most appropriate for the chief audit executive to share when coordinating audit plans with other internal and external assurance providers?

Options:

A.

Objectives scope and timing at a high level to support coordination while adhering to confidentiality requirements

B.

The area and timing of the audit engagement to ensure confidentially and avoid conflict of interest.

C.

All plan information, including risk assessments, planned tests and past results to maximize the opportunity for coordination with internal and external providers.

D.

No information should be shared with internal and external provider as it could introduce bias into the engagement results.

Question 5

Which of the following internal audit activity staffing models has the disadvantage that auditors are always new and in training?

Options:

A.

Career model.

B.

Center of competence model.

C.

Rotational model.

D.

Hybrid model.

Question 6

Which of the following items, included in the preliminary audit communication would be most useful for management to formulate action plans in response to audit recommendations?

Options:

A.

A condition

B.

An audit objectives

C.

An audit scope

D.

An observation rating

Question 7

According to IIA guidance, which of re following actions should the internal auditor take immediately after having considered fraud scenarios and identified and prioritized fraud risks?

Options:

A.

Determine which controls if any are in place to mitigate the fraud risks

B.

Follow protocol for internal reporting and investigating fraud allegations

C.

Research frauds that nave occurred t\ similar organizations

D.

Incorporate the fraud risk assessment into the engagement plan

Question 8

Which of the following is the primary reason to develop an audit work program?

Options:

A.

To alert operational management to the types of audit tests that will likely be performed.

B.

To help the engagement team understand which tasks have to be performed and how.

C.

To assist with communicating all relevant audit findings, conclusions, and recommendations to operational management.

D.

To facilitate the supervision of the audit engagement and enable the chief audit executive to provide relevant feedback.

Question 9

Which statistical sampling approach would an internal auditor typically utilize if she wishes to test for fraud and the expected deviation rate is very low?

Options:

A.

Stratified sampling

B.

Attribute sampling

C.

Discovery sampling

D.

Haphazard sampling

Question 10

Which of the following is not a direct benefit of control self-assessment (CSA)?

Options:

A.

CSA allows management to have input into the audit plan.

B.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

C.

CSA can improve the control environment.

D.

CSA increases control consciousness.

Question 11

Which of the following is the primary reason the chief audit executive should consider the organization ' s strategic plans when developing the annual audit plan?

Options:

A.

Strategic plans reflect the organization ' s business objectives and overall attitude toward risk.

B.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.

Strategic plans are likely to show areas of weak financial controls.

D.

The strategic plan is a relatively stable document on which to base audit planning.

Question 12

When auditing an organization ' s purchasing function, which of the following appropriately matches an engagement objective and the resulting audit procedure?

Options:

A.

Determine whether the purchasing department complies with policy by examining a random selection of purchase orders.

B.

Evaluate whether purchasing requests are properly approved by authorized staff by obtaining independent verification from the vendors.

C.

Ascertain whether material receipts are recorded on a timely basis by reviewing physical inventory stock counts.

D.

Determine whether prices charged for goods received are correct by reviewing the appropriate accounts payable record by vendor.

Question 13

A chief audit executive (CAE) determined that management chose to accept a high-level risk that may be unacceptable lo the organization. Which is the best course of action for the CAE to Follow?

Options:

A.

Include using in a subsequent audit to determine if the risks are still present

B.

Discuss the matter with senior management and it not reserved with the board

C.

Require that management implement controls to mitigate lie risks

D.

Report the risks to the process owners so that they can modify their process

Question 14

Which of the following statements is true regarding partnership liquidation?

Options:

A.

Operations can continue after the liquidation, if all partners agree.

B.

Partnership liquidation ends both the legal and economic life of an entity

C.

Partnership liquidation occurs when there is capital deficiency.

D.

When a partnership Is liquidated, each partner pays creditors from cash received

Question 15

Which of the following statements is true regarding an organization’s inventory valuation?

Options:

A.

The valuation will be incorrect if the inventory includes goods in transit shipped free on board (FOB) destination to another organization.

B.

The valuation will be correct if the inventory includes goods received on consignment from another organization.

C.

The valuation will be incorrect if the inventory includes goods in transit shipped FOB shipping point from another organization.

D.

The valuation will be correct if the inventory includes goods sent on consignment to another organization

Question 16

Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?

Options:

A.

The person responsible for performing the task

B.

Two or more people that work in the area

C.

The supervisor in charge of the process

D.

The manager that wrote the steps to be followed

Question 17

A corporate merger decision prompts the chief audit executive (CAE) to propose interm changes to the existing annual audit plan to account for emerging risks Which of the following Is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

Options:

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval.

C.

Present the revised audit plan directly to the CEO for approval.

D.

Communicate with the CEO and present the revised audit plan to the board for approval

Question 18

An internal auditor wants to determine whether the key risks identified by management in the risk register are reflective of the key risks in the industry. Which of the following techniques would the auditor apply to achieve this goal?

Options:

A.

Perform benchmarking

B.

Perform a trend analysis

C.

Perform a ratio analysis

D.

Perform observation to gather evidence

Question 19

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

Options:

A.

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.

Oversight of the coordination between the internal audit activity and independent outside auditors

C.

The internal audit activity ' s purpose, authority, responsibility, and performance relative to plan.

D.

Management ' s assertions regarding the system of internal controls.

Question 20

An internal auditor discovered fraud while performing an audit of an organization ' s procurement process. Which of the following describes the greatest benefit of using forensic auditing techniques in this scenario?

Options:

A.

Enhanced capability to prevent frauds from occurring.

B.

Greater assurance that procurement frauds will be detected in a timely manner

C.

Improved capability of evaluating fraud risks within the organization.

D.

Greater understanding of fraud through better evidence collection

Question 21

During planning, the chief audit executive submits a risk-and-control questionnaire to management of the activity under review. Which of the following statements is true regarding the questionnaire?

Options:

A.

It would be an inefficient way for internal auditors to address multiple controls in the activity under review.

B.

It would limit certain members of the internal audit team from being fully involved in the engagement.

C.

It would be the most effective way for the internal audit team to obtain a detailed understanding of the processes and controls in the activity to be audited.

D.

It would be an efficient way for the internal audit team to determine whether specified control activities are in place.

Question 22

Which of the following factors should a chief audit executive consider when determining the audit universe?

1. Components of the organization ' s strategic plan.

2. Inputs from senior management and the board.

3. Views of competitors and business associates.

4. Results of exit interviews with departing employees.

Options:

A.

1 and 2 only

B.

2 and 4 only

C.

1, 2, and 4

D.

2, 3, and 4

Question 23

During an engagement in one of the subsidiaries of an organization, an internal auditor noted the following in the workpapers:

" As a subsidiary of a multinational organization in this particular country, the entity is required to register annually with the

respective ministry. However, the subsidiary did not submit the required documentation for registration during the prior year. Failure

to comply with internal and external regulations could lead to penalties or fines from the respective authorities. It is recommended

that the management of the subsidiary ensures compliance with the relevant legislation. As a recoverable action, management

should register the subsidiary in the current year as soon as possible. "

What part of this narrative represents a condition of the observation made by auditors in the final report?

Options:

A.

" ... the subsidiary did not submit required documentation for registration in the prior year. "

B.

" ... the entity is required to register annually with the respective ministry. "

C.

" ... failure to comply with internal and external regulations might lead to penalties or fines from the respective authorities. "

D.

" ... management should register the subsidiary in the current year as soon as possible. "

Question 24

An internal auditor suspects that a program contains unauthorized code or errors. Which of the following would assist the internal auditor in this regard?

Options:

A.

Utility software

B.

Generalized audit software

C.

Application software tracing and mapping

D.

Audit expert systems

Question 25

According to IIA guidance which of the following statements is true regarding the annual audit plan?

Options:

A.

The annual audit plan should only be adjusted in response to problems with resourcing, scope, and data availability.

B.

The chief audit executive (CAE) may incorporate risk information, including risk appetite levels from management for the audit plan at her discretion.

C.

In an immature risk management environment it is preferable for the CAE to rely solely on her judgment regarding risk identification and assessment to develop the audit plan.

D.

The CAE may make adjustments to the annual audit plan as needed without senior management or board approval.

Question 26

Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?

Options:

A.

Stratification of numeric values

B.

Gap testing

C.

Joining different data sources

D.

Duplicate testing

Question 27

Which of the following describes the primary objective of an internal audit engagement supervisor?

Options:

A.

Uphold the quality of the internal audit actively

B.

Provide engagement progress updates to management of the area under review

C.

Assure risks and controls are identified and assessed

D.

Ensure timely completion of the engagement

Question 28

Which of the following statements about including consulting engagements in the annual internal audit plan is true?

Options:

A.

All requests for consulting engagements must be included in the annual internal audit plan

B.

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

Question 29

An organization ' s internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?

1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.

2. The AIC should notify HR management before the planning stage begins.

3. The AIC should schedule formal status meetings with HR management at the start of the engagement.

4. The AIC should finalize the scope of the engagement before communicating with HR management.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Question 30

An organization invests excess short-term cash in trading securities Which of the following actions should an internal auditor take to test the valuation of those securities ' *

Options:

A.

Use the equity method to recalculate the investment carrying value

B.

Confirm the securities held by the broker.

C.

Perform a calculation of premium or discount amortization.

D.

Compare the carrying value with current market quotations

Question 31

An internal auditor uses a data query tool in the purchasing process to review the vendor master file for authorizations Which of the following describes the control objective likely being tested?

Options:

A.

Effectiveness

B.

Response

C.

Efficiency

D.

Mitigation.

Question 32

Which of the following statements is true regarding the management-by-objectives method?

Options:

A.

Management by objectives is most helpful in organizations that have rapid changes

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

C.

Management by objectives helps organizations to keep employees motivated.

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Question 33

Which of the following scenarios is an example of appropriate engagement supervision?

Options:

A.

An engagement supervisor provides equal supervision to junior auditors and senior auditors.

B.

An engagement supervisor uses internal audit software.

C.

The chief audit executive personally supervises each engagement.

D.

The engagement supervisor and a team member meet regularly to discuss engagement progress.

Question 34

The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?

Options:

A.

The CAE is required to review, approve, and sign every engagement report.

B.

The CAE is required to review, approve, and sign all regulatory compliance engagement reports only

C.

The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.

D.

The internal audit charter must identify authorized signers of engagement reports.

Question 35

While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the information systems have undergone extensive changes. Which of the following actions is most appropriate for the auditor to take?

Options:

A.

Inform management and request that the plan be tested immediately.

B.

Update the recovery plan for management, as part of the review.

C.

Evaluate the recovery plan and report weaknesses to management.

D.

Recommend that management and users update and test the recovery plan.

Question 36

With regard to project management, which of the following statements about project crashing is true?

Options:

A.

It leads to an increase in risk and often results in rework.

B.

It is an optimization technique where activities are performed in parallel rather than sequentially

C.

It involves a revaluation of project requirements and/or scope.

D.

It is a compression technique in which resources are added to the project

Question 37

Which of the following is more likely to be present in a highly centralized organization?

Options:

A.

The ability to make rapid changes

B.

Micromanagement

C.

Empowered employees

D.

Authority pushed downward

Question 38

According to IIA guidance, which of the following statements about analytical procedures is true?

Options:

A.

Analytical procedures compare information against expectations

B.

Analytical procedures begin after the engagements planning phase.

C.

Analytical procedures provide internal auditors with explainable results.

D.

Analytical procedures are computer-assisted audit techniques

Question 39

An organization is expanding into a new line of business selling natural gas. The internal auditor is planning an engagement and wants to obtain a general understanding of the natural gas market the market share that the organization wants to win, and the competitive advantage that the organization may have. Which of the following would be the best source of such information?

Options:

A.

Interview responsible managers and read strategic documents

B.

Conduct internet searches on gas sales and analyze market players

C.

Review gas clients ' portfolio and compile statistics on sales margins

D.

Analyze the organization ' s revenues and calculate the proportion of gas

Question 40

Which of the following is the most important determinant of the objectives and scope of assurance engagements?

Options:

A.

The organizational chart, business objectives and policies and procedures of the area to be reviewed.

B.

The most recent risk assessment conducted by management of the area to be reviewed.

C.

The requests of operational and senior management throughout the organization.

D.

The preliminary risk assessment performed by internal auditors planning the engagement

Question 41

When using cost-volume-profit analysis, which of the following will increase operating income once the break-even point has been reached?

Options:

A.

Fixed costs per unit for each additional unit sold.

B.

Variable costs per unit for each additional unit sold.

C.

Contribution margin per unit for each additional unit sold.

D.

Gross margin per unit for each additional unit sold

Question 42

According to Herzberg’s Two-Factor Theory of Motivation, which of the following factors are mentioned most often by satisfied employees9

Options:

A.

Salary and status.

B.

Responsibility and advancement

C.

Work conditions and security.

D.

Peer relationships and personal life

Question 43

A customer has supplied personal information to a bank to facilitate opening an account. The bank is part of a larger group of companies with core businesses including general insurance, life insurance, and investment products. Considering that the customer has closed his only account with the bank and the statutory data retention period has elapsed, which of the following actions by the bank is most likely to align with appropriate data privacy principles?

Options:

A.

The bank destroys all records containing a customer ' s personal information without informing the customer.

B.

Based on an assessment of likely products of interest to the customer, the bank shares the customer’s personal information with other companies within the group and informs the customer.

C.

The bank retains customer information to facilitate easier verification of personal information in the event that the customer returns to reopen his account. The customer is not informed.

D.

The customer ' s personal information is used for market research by an external company and the customer is informed prior to publishing the results of the market research.

Question 44

According to IIA guidance which of the following statements is true regarding heat maps?

Options:

A.

A heat map sets likelihood to have higher priority than impact.

B.

A heat map sets impact to have higher priority than likelihood.

C.

A heat map recognizes that the priority of impact and likelihood can vary.

D.

A heat map recognizes impact and likelihood as equally important

Question 45

According to IIA guidance, when of the Mowing statements is true regarding an engagement supervisor ' s use of review notes?

Options:

A.

The engagement supervisor ' s review notes should be retained m the final documental or even after they are addressed.

B.

The engagement supervisor ' s review notes cannot be used as evidence of engagement supervision

C.

The engagement supervisor ' s review notes could be cleared from all final documentation after they are addressed

D.

The engagement supervisor ' s review notes must be maintained in a checklist separate from tie final documentation

Question 46

According to IIA guidance, which of the following statements is true regarding engagement planning?

Options:

A.

For both assurance and consulting engagements, planning typically occurs after the engagement objectives and scope have already been determined.

B.

The expectations and objectives of an assurance engagement are usually determined by. or in conjunction with, the engagement client

C.

Internal auditors may not need to complete a preliminary risk assessment for a consulting engagement as they would when planning an assurance engagement.

D.

For both consulting and assurance engagements, internal auditors usually form the engagement objectives prior to completing the preliminary risk assessment

Question 47

Which of the following processes does the board manage to ensure adequate governance?

Options:

A.

Establish and measure performance objectives for the internal audit activity

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization

D.

Develop strategies to mitigate the risks to achieving the organization ' s objectives

Question 48

Which of the following represents a ratio that measures short term debt-paying ability?

Options:

A.

Debt-to-equity ratio.

B.

Profit margin.

C.

Current ratio.

D.

Times interest earned.

Question 49

While reviewing warehouse inventory records, an internal auditor noticed that the warehouse has a surprisingly high number of products in storage. Over the past three years, the auditor had visited this particular warehouse numerous times for previous engagements and remembered that the warehouse was rather small. The auditor then decided to compare the square footage of the warehouse to the recorded number of products in storage. The auditor’s action is an example of which of the following?

Options:

A.

Performing a reasonableness test.

B.

Conducting a fraud investigation.

C.

Conducting trend analysis.

D.

Operating with impaired objectivity.

Question 50

During audit engagement planning, an internal auditor is determining the best approach for leveraging computer-assisted audit techniques (CAATs). Which of the following approaches maximizes the use of CAATs and why?

Options:

A.

Tracing, because it would enable the auditor to verify quickly that the record counts were properly included in the compilation.

B.

Inspection, because it would enable the auditor to verify how management enters the data into the application for processing.

C.

Testing data, because it would enable the auditor to ensure that the application processes the transaction as described by management.

D.

Reperformance, because it enables the auditor to verify that the application performed the calculation correctly.

Question 51

A senior internal auditor is hired within the internal audit activity for a period of two years before advancing to an operations manager role within the business operations team. When staffing arrangement is being used in this scenario?

Options:

A.

Comer of competence

B.

Career model

C.

Rotational model

D.

Cosourcing agreement

Question 52

A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

Options:

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals.

C.

Suboptimal decision-making.

D.

Duplication of business activities.

Question 53

A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?

1. The client manager and her superior.

2. Anyone who may object to the report’s validity.

3. Anyone required to take action.

4. The same individuals who receive the final report.

Options:

A.

1 only

B.

1 and 2 only

C.

1, 2, and 3

D.

1, 2, and 4

Question 54

An internal auditor completed a consulting engagement covering a recent advertising campaign. The audit client asked the auditor to forward a copy of the report to one of the three advertising agencies used by the organization. According to IIA guidance, which of the following statements is true regarding this request?

Options:

A.

The internal auditor may communicate the results to the advertising agency as instructed by the audit client, with approval from the chief audit executive.

B.

The internal auditor may not communicate the results to this external party regardless of the engagement client ' s instruction.

C.

The internal auditor may send the report and is required to include instructions for the advertising agency to limit further distribution and the use of results.

D.

The internal auditor may only communicate the results verbally to the advertising agency and should not provide a hard copy.

Question 55

A financial services organization ' s CEO requests that the internal audit function carry out fraud scenario testing over the supplier payment process. The engagement supervisor intends to identify these scenarios using a technique that motivates the sharing of ideas. Which of the following provides the internal audit function with this information?

Options:

A.

Fraud risk matrix

B.

Benchmarking

C.

Brainstorming

D.

Walkthroughs

Question 56

Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?

1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.

2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.

3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.

4. Communicate to senior management a summary report on the status and adequacy of audit resources.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 4

D.

2, 3, and 4

Question 57

In order to obtain background information on an assigned audit of data center operations an internal auditor administers control questionnaires to select individuals who have primary responsibilities within the process. Which of the following is a drawback of this approach?

Options:

A.

It will be difficult to quantify the information obtained through this approach

B.

This approach does not help the auditor learn about the existence of controls

C.

It takes the auditor a long time to assess the relevant controls using this approach

D.

Information on control functionality is limited

Question 58

A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?

1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.

2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.

3. Meet with the IT auditor to develop an appropriate audit program to review the organization ' s Internet-based sales process and key controls.

4. Include the incident in the next quarterly report to the audit committee.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 59

In which of the following populations would the internal auditor most likely choose to use a stratified sampling approach?

Options:

A.

Inventory comprised of the same items stored in different warehouses

B.

Batches of materials that must be confirmed as meeting quality standards

C.

Revenue that is earned by an organization through cash receipts or as receivable.

D.

Tax reports submitted to meet the requirements of the local taxation authority

Question 60

An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?

Options:

A.

The document management policy requires business client data to be stored in a specific management database

B.

Sales contracts were stored improperly because the office manager was not trained to use the electronic database and prefers to avoid it

C.

if the organization becomes subject to litigation the agreed pricing terms and conditions of the contracts may be difficult to prove

D.

All staff should be appropriately trained and required to follow the organization ' s established policies and procedures pertaining to document management

Question 61

According to IIA guidance, which of the following statements is true regarding due professional care?

Options:

A.

Internal auditors must exercise due professional care to ensure that all significant risks will be identified.

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist.

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost

Question 62

An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the

bank heading, logo, or address. Which of the following statements is true regarding this situation?

Options:

A.

The evidence may not be reliable.

B.

The evidence is not relevant.

C.

The evidence may not be sufficient.

D.

The information missing is not relevant to the audit.

Question 63

An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?

Options:

A.

Observe corrective measures.

B.

Seek a management assurance declaration.

C.

Follow up during the next scheduled audit.

D.

Conduct appropriate testing to verify management responses.

Question 64

An internal auditor has been asked to join a project team to help design controls in a software application to address specific risks that have been identified by the team Which of the following actions is most appropriate for the internal auditor to perform?

Options:

A.

Facilitate a control assessment to ensure all application risks were appropriately identified

B.

Advise the project team on how to develop effective controls

C.

Direct the project team to implement the appropriate controls within the software application

D.

Provide assurance that the design of the controls will mitigate the identified application risks

Question 65

An organization has identified new strategic goals, and a current objective is to determine an optimal course of action to meet those goals. Which data analytics method is used to achieve this objective?

Options:

A.

Diagnostic analysis

B.

Predictive analysis

C.

Network analysis

D.

Prescriptive analysis

Question 66

What is the primary reason that audit supervision includes approval of the engagement report?

Options:

A.

To ensure the objectives of the area under review are met

B.

To ensure senior management supports the reports conclusions

C.

To ensure report style and grammar are appropriate.

D.

To ensure report findings are substantiated

Question 67

During the planning stage of an assurance engagement, an internal auditor has been assigned to prepare a risk matrix. Which of the following should the internal auditor consider when attempting to identify process-level risks?

Options:

A.

Possible tests

B.

Possible scenarios

C.

Possible controls

D.

Possible samples

Question 68

Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate

option for the chief audit executive?

Options:

A.

Appoint an independent fraud investigation specialist to work with the selected internal auditors.

B.

Organize in-house fraud investigation training sessions for selected internal auditors.

C.

Assign an experienced auditor to the engagement for a development opportunity.

D.

Hire a new internal auditor who possesses fraud investigation experience.

Question 69

A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks. When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

Options:

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CCO and present the revised audit plan to the board for approval

Question 70

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 71

An internal auditor plans to conduct a walk-through to evaluate the control design of a process. Which of the following techniques is the auditor most likely to use?

Options:

A.

Observation and inspection.

B.

Inquiry and observation.

C.

Inspection and reperformance.

D.

Inquiry and reperformance.

Question 72

An organization ' s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

Options:

A.

Manage and coordinate risk management processes.

B.

Audit risk management processes.

C.

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.

Accept management ' s responsibility for risk management without board approval.

Question 73

According to IIA guidance, which of the following is the most appropriate action to be taken by the chief executive (CAE) if management refuses to accept audit recommendations and implement corrective actions, Even after escalation to senior management?

Options:

A.

The CAE should continue to meet with management to obtain their agreement for corrective action

B.

The CAE should note in the final report that management has decided to accept the risk.

C.

The CAE should ask that additional testing be undertaken to strengthen his case as to the need for corrective action.

D.

The CAE should advise senior management of his intention to escalate the matter to the board.

Question 74

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

Options:

A.

An independent third party has assessed the organization ' s system of internal controls to be adequate and effective.

B.

The chief audit executive reports both functionally and administratively to the CEO

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives

Question 75

In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?

Options:

A.

The auditor wants to receive mid-level management insight on how to improve hiring practices

B.

The auditor wants to obtain information on whether adherence to approval matrices is actually taking place in different maintenance units.

C.

The auditor wants to gain assurance that inventory counts are conducted in accordance with established procedures.

D.

The auditor wants to assess whether different subsidiaries apply centrally established procurement rules in the same manner

Question 76

Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?

Options:

A.

Evaluate how the organization manages fraud risk.

B.

Establish procedures for improving risk management processes.

C.

Ensure risk responses are aligned with industry standards

D.

Verify that organizational objectives are aligned with each departments objectives.

Question 77

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9

Options:

A.

Mitigating risks affecting achievement of organizational objectives.

B.

Enabling opportunities affecting achievement of organizational objectives.

C.

Analyzing and advising regarding costs versus benefits of control activities.

D.

Attesting to fairness of financial statements

Question 78

Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?

Options:

A.

There is no risk management and control process and risk management is solely tie responsibility of operational managers

B.

The organisation’s code of conduct is distributed to employees each year however employees are not required to attest that they will operate In compliance with the code.

C.

Reconciliation of planned board meeting agendas to meeting minutes finds that one meeting was canceled, and the agenda topics were covered at the following meeting.

D.

The review of the five-year strategic plan shows that the details of the plan have not been dearly communicated to employees throughout the organization

Question 79

Which of the following factors should be considered when determining the staff requirements for an audit engagement?

    The internal audit activity ' s time constraints.

    The nature and complexity of the area to be audited.

    The period of time since the area was last audited.

    The auditors’ preference to audit the area.

    The results of a preliminary risk assessment of the activity under review.

Options:

A.

1 and 4 only.

B.

1, 2, and 5 only.

C.

2, 3, and 5 only.

D.

1, 2, 3, 4, and 5.

Question 80

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

Options:

A.

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

B.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

C.

Reassign information systems auditors to assist in implementing management ' s action plan.

D.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

Question 81

Operational management In the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge/skills gap.

B.

Monitoring gap.

C.

Accountability reward failure

D.

Communication failure

Question 82

An internal auditor was reviewing the procurement department ' s tender documentation for completeness He documented all discrepancies but the procurement manager disagreed with his findings Upon further review, the internal auditor noted that all discrepancies had been corrected in the tender database. Which of the following courses of action would have prevented this situation?

Options:

A.

The auditor should have ensured the preservation of audit evidence by taking screenshots or extracting tender documents

B.

The auditor should have extracted a list of logs and identified any actions that were executed in the database during the audit

C.

The auditor should have instructed procurement workers that changes to the database during the course of the audit were strictly forbidden

D.

The internal auditor should have created a more thorough work program, which would address audit criteria and potential causes in more detail

Question 83

As part of an audit engagement, an internal auditor verifies whether raw material is regularly delivered to the organization ' s warehouse in a timely manner. What type of objective does this exemplify?

Options:

A.

Operations

B.

Compliance

C.

Financial reporting

D.

Strategic

Question 84

Which of the following components should be included in an audit finding?

1. The scope of the audit.

2. The standard(s) used by the auditor to make the evaluation.

3. The engagement ' s objectives.

4. The factual evidence that the internal auditor found in the course of the examination.

Options:

A.

1 and 2

B.

1 and 3 only

C.

2 and 4

D.

1, 3, and 4

Question 85

Which of the following performance measures is considered a lagging indicator to the largest degree?

Options:

A.

Return on investment

B.

Customer retention

C.

Employee satisfaction

D.

Cost of research and development

Question 86

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

Options:

A.

Leadership

B.

Documentation.

C.

Analysis.

D.

Reporting

Question 87

Which of the following statements is true regarding engagement planning?

Options:

A.

The scope of the engagement should be planned according to the internal audit activity ' s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational managements view of risk objectives

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence

Question 88

Which of the following would best prevent phishing attacks on an organization?

Options:

A.

An intrusion detection system

B.

Use of firewalls

C.

Regular security awareness training

D.

Application hardening

Question 89

Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?

Options:

A.

End the consulting engagement and report the results to management as planned

B.

Report the significant control issues to senior management and the board and recommend corrective action

C.

Mutually agree with the engagement client on corrective actions

D.

Focus on the consulting engagement and schedule an assurance engagement next to address the control issues

Question 90

Which of the following would most Holy reflect the best possible engagement objectives?

Options:

A.

Engagement objectives derived from risk assessment results from a company ' s risk function experts.

B.

Engagement objectives derived from senior management ' s risk assessment results

C.

Engagement objectives derived from the mental audit activity ' s own risk assessment results

D.

Engagement objectives derived from risk assessment results from both senior management and the company ' s risk function experts

Question 91

Which of the following statements is true regarding engagement planning?

Options:

A.

The scope of the engagement should be planned according to the internal audit activity’s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational management ' s view of risk objectives.

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence.

Question 92

The chief audit executive (CAE) for a manufacturing company included in this year s audit plan a review of the company ' s laboratory, using an experienced external service provider. The audit plan was approved by the audit committee without any changes At the time of engaging the external service provider, the CAE also secured the approval from the CEO. Who is responsible for ensuring that the conclusions reached for this exercise are adequately supported7

Options:

A.

Audit committee

B.

CEO

C.

CAE.

D.

External service provider

Question 93

During a review of the treasury function an internal auditor identified a risk that all bank accounts may net to include in the daily reconciliation process.

Which of the following responses would be most effective to mitigate this risk?

Options:

A.

The treasury supervisor establishes a threshold for amounts on bank statements to be reconciled against data in the system

B.

The treasury analyst performs a daily reconciliation of al bank statements obtained via email against data in the system

C.

The treasury analyst reviews a daily report automatically generated by the treasury system, which shows bank statements that have not been uploaded into the accounting system.

D.

The treasury supervisor seeks an annual confirmation from the bank regarding the bank statements processed within a year

Question 94

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

Options:

A.

Recommend additional segregation-of-duty reviews.

B.

Recommend appropriate awareness training for all finance department staff.

C.

Recommend rotating finance staff in this area.

D.

Recommend that management address these concerns immediately.

Question 95

An internal auditor is assigned to validate calculations on the organization ' s billing application. As part of the test, the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?

Options:

A.

Generalized audit software.

B.

Utility software.

C.

Integrated test facilities.

D.

Audit expert systems.

Question 96

When me internal audit activity does not have sufficient time to complete its usual root cause analysis which c4 the following is most appropriate?

Options:

A.

The chief audit executive may recommend that management conduct further work to identify the root cause and address the issue

B.

Internal auditors should finish the engagement without conducting the root cause analysis and draft the audit report, though the report would not be considered complete until the analysis is concluded

C.

internal auditors must adjust their future engagement schedule to ensure that the root cause analysis is always performed before the engagement is concluded

D.

Internal auditors should Instead perform a Pareto rule analysis

Question 97

According to the International Professional Practices Framework, which of the following is an appropriate reason for issuing an interim report?

To keep management informed of audit progress when audit engagements extend over a long period of time.

To provide an alternative to a final report for limited-scope audit engagements.

To communicate a change in engagement scope for the activity under review.

Options:

A.

1 and 2 only.

B.

1 and 3 only.

C.

2 and 3 only.

D.

1, 2, and 3.

Question 98

Which of the following should be included in a privacy audit engagement?

1. Assess the appropriateness of the information gathered.

2. Review the methods used to collect information.

3. Consider whether the information collected is in compliance with applicable laws.

4. Determine how the information is stored.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Question 99

When is an organic organizational structure likely to be more successful than a mechanistic organizational structure?

Options:

A.

When a manufacturing organization has stable demand for its products.

B.

When an organization is subjected to strong political and social pressures

C.

When a manufacturer has reliable resources and suppliers.

D.

When an organization is infrequently affected by technological advances

Question 100

Which of the following statements is true regarding internal auditors and other assurance providers?

Options:

A.

Assurance providers who report to management and/or are part of management cannot provide control serf-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit

D.

hours Internal auditors can rely on the work of other assurance providers only rf the other assurance providers report directly to the board

Question 101

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

Options:

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Question 102

An internal auditor is planning a consuming engagement and the objective is to identify opportunities to improve the efficiency of the organization’s procurement process. The auditor is preparing to conduct a preliminary survey of the area. Which of the following approaches would be most useful to obtain relevant information to support the engagement objective?

Options:

A.

Complete a transaction walkthrough fiat focuses on the design and operation of financial reporting controls

B.

Conduct interviews with senior management to obtain their input and insights regarding operational controls.

C.

Perform a comprehensive review of the organization s existing policies and standard operating procedures.

D.

Review the procurement process map w*h employees who carry out key activities to obtain their input and insights.

Question 103

Which of the following situations would justify the removal of a finding from the final audit report?

Options:

A.

Management disagrees with the report findings and conclusions in their responses.

B.

Management has already satisfactorily completed the recommended corrective action.

C.

Management has provided additional information that contradicts the findings.

D.

Management believes that the finding is insignificant and unfairly included in the report.

Question 104

Which of the following actions is the most appropriate response for an internal auditor to take when a significant risk is identified during a consulting engagement?

Options:

A.

Report the risk identified from the consulting engagement to senior management.

B.

Do not include the risk in the assessment of risk management processes, as that is management ' s responsibility.

C.

Do not report the risk, as it is out of scope for the consulting engagement.

D.

Include the risk identified from the consulting engagement in the next annual risk assessment only if it is part of the consulting engagement objectives.

Question 105

An organization buys crude oil on the open market and refines it into a high-quality gasoline. The price of crude oil is extremely volatile. Which of the following is the most appropriate risk management technique to protect the organization against these price fluctuations?

Options:

A.

Enter into long-term gasoline purchase agreements with end customers.

B.

Trade crude oil derivatives at financial markets in order to benefit from price fluctuations

C.

Purchase crude oil-related derivatives such as futures or options

D.

Stock as much raw materials as possible and consider Investing into additional facilities

Question 106

According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?

Options:

A.

The review should focus on the efficiency of the controls in place to prevent fraud.

B.

The scope of the review does not need to include all operating areas of the organization.

C.

The cost of the control should be compared to the benefit of mitigating the related risk.

D.

The review should assess whether the internal controls can be circumvented.

Question 107

Which of the following statements best describes the difference between risk appetite and risk tolerance?

Options:

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization ' s general attitude toward risk.

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management

C.

Risk appetite refers to an organization’s general level of acceptance, while risk tolerance is a more specific and subordinate concept

D.

There is no significant difference between the two terms

Question 108

Due to emerging new technologies that greatly affect the organization, the chief audit executive (CAE) wants to conduct frequent IT audit and is particularly focused on improving the quality of these engagements. Which of the following is the most viable solution for the CAE to ensure that IT audit quality is immediately enhanced and maintained long-term?

Options:

A.

Each year send a different member of the internal audit staff to an IT audit conference to learn about emerging technologies

B.

Contract an external IT special to offer advice and consult on IT audits

C.

Employ an independent external IT specialist to perform IT audits for the first year

D.

Invite qualified staff from the IT department to serve as guest auditors and lead IT audits

Question 109

An organization must maintain a current ratio of at least 1.2 to comply with debt covenants. Its current ratio is now 0.9. Which year-end transaction can increase the current ratio?

Options:

A.

Paying off an overdraft debt using funds from another bank current account.

B.

Purchasing inventory using funds from long-term bank loans.

C.

Acquiring a new car through leasing.

D.

Factoring short-term accounts receivable in exchange for cash.

Question 110

Which of the following should be the focus of the effect section of the preliminary observations document?

Options:

A.

Residual risk

B.

Inherent risk

C.

Compensating controls

D.

Control activities

Question 111

What is the primary purpose of creating a preliminary draft audit report?

Options:

A.

To save time during final report writing

B.

To meet the Standards requirement for developing a draft report prior to issuing a final report

C.

To use as a tool for communicating with management of the area under review.

D.

To require that management implements solutions to issues identified during the engagement

Question 112

During which phase of the contracting process are contracts drafted for a proposed business activity’

Options:

A.

Initiation phase.

B.

Bidding phase.

C.

Development phase.

D.

Management phase

Question 113

Which of the following recognized competitive strategies focuses on gaining efficiencies?

Options:

A.

Focus

B.

Cost leadership.

C.

Innovation

D.

Differentiation

Question 114

Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?

Options:

A.

The amount of experience the auditors have conducting audits in the specific area of the organization.

B.

The availability of the auditors in relation to the availability of key client staff.

C.

Whether the budgeted hours are sufficient to complete the audit within the current scope.

D.

Whether outside resources will be needed, and their availability.

Question 115

Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?

Options:

A.

Reviewing journal entries for accuracy and completeness.

B.

Comparing the policies and procedures to regulatory collections guidance.

C.

Advising management on streamlining the recording of accounts receivable.

D.

Performing a walk-through of the debt collections process to determine whether proper segregation of duties exists

Question 116

According to the IIA guidance, which of the following foes the engagement work test in a review in a review of an organization al process?

Options:

A.

Process objectives

B.

Process risks

C.

Process controls

D.

Process scope

Question 117

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?

Options:

A.

The review notes may be cleared from the final documentation once the engagement supervisors concerns have been addressed

B.

Management of the area under review must address the engagement supervisors review notes before the audit report can be finalized.

C.

The chief audit executive must initial or sign the engagement supervisors review notes to provide evidence of appropriate engagement supervision.

D.

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program

Question 118

The internal audit team judgmentally selected 60 of the 600 employee timesheets that were processed during the previous month to determine whether supervisors were properly approving timesheets in accordance with the organization ' s policies. The internal audit team found three exceptions. Based on the audit test, which of the following is most appropriate for the internal audit team to conclude?

Options:

A.

The internal control is operating with 95% effectiveness

B.

There is 90% probability that the internal control is operating as designed

C.

The internal control is not designed appropriately

D.

5% of the selected timesheets were not properly approved

Question 119

An internal auditor wants to examine the intensity of correlation between electricity price and wind speed. Which of the following analytical approaches would be most appropriate for this purpose?

Options:

A.

A Gantt chart

B.

A scatter diagram

C.

A RACI chart

D.

A SIPOC diagram

Question 120

Which of the following is one of the five basic tnanoal statement assertions when an internal auditor evaluates controls over financial reporting?

Options:

A.

Reliability or appropriateness

B.

Reasonableness

C.

Existence or occurrence

D.

Relevance

Question 121

During the filework phase of an assurance engagement the internal auditor decides that she wants to adjust the audit work program. Which of the following is the most appropriate next step for the auditor to take9

Options:

A.

Request additional information needed from management of the area under review.

B.

Obtain approval from the engagement supervisor

C.

Obtain the required resources, including IT. to complete the work

D.

Discuss the change in scope with management of the area under review.

Question 122

A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan ' '

Options:

A.

Present the revised audit plan directly to the board for approval.

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO tor approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CEO and present the revised audit plan to the board for approval.

Question 123

An internal auditor reviewed the tender documents for the procurement of manufacturing equipment and observed the following:

    Tender technical specifications were compliant with internal policies.

    The sole assessment criterion of the tender was economic feasibility.

    All bids were submitted to a designated software and could not be opened before the submission deadline.

    The winner was approved by senior management.

    The winner was selected based on which bidder offered the newest technology.

Which of the following is the most appropriate conclusion?

Options:

A.

Key controls of the procurement process operate as intended based on the analysis of the specific tender documents.

B.

IT controls implemented to ensure confidentiality of submitted bids seem to have several deficiencies.

C.

Management ' s selection of the winner should be positively acknowledged for focusing on innovative technological solution.

D.

The principles of transparency and equal treatment of bidders seem to be impaired.

Question 124

An internal auditor conducted interviews with several employees, documented the interviews analyzed the summaries, and drew a number of conclusions. What sort of audit evidence has the internal auditor primarily obtained?

Options:

A.

Documentary evidence

B.

Testimonial evidence

C.

Analytical evidence

D.

Physical evidence

Question 125

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

Options:

A.

To prepare for testing the effectiveness of controls.

B.

To plan for evaluating potential losses.

C.

To prepare a sampling plan for the engagement.

D.

To evaluate the design of controls.

Question 126

Which of the following statements is true regarding different competitive strategies?

Options:

A.

An organization that adopts a cost leadership competitive strategy generally maintains standard operating procedures to ensure efficiency.

B.

An organization that adopts a differentiation strategy generally maintains a targeted strategic approach to its operations.

C.

An organization that adopts a focus strategy is known for taking the lead in technological advancement.

D.

An organization that adopts a cost leadership strategy is known for cherishing employees who think creatively and emphasize uniqueness.

Question 127

An internal auditor discovered a control weakness that needs to be communicated to management. Which of the following is the best method for first communicating the weakness?

Options:

A.

Draft report, to be reviewed by management just prior to final report issuance.

B.

Preliminary observation document, discussed during the engagement.

C.

Final report, after review by audit management.

D.

Verbal communication during the engagement, followed by the final report issuance.

Question 128

Which of the following is a primary reason for an internal auditor to use a risk and control questionnaire when auditing financial processes?

Options:

A.

To gain an understanding of the control environment

B.

To collect as much financial data as possible before engagement fieldwork begins.

C.

To test the effectiveness of financial controls in an efficient and relatively inexpensive way

D.

To facilitate the quantification of financial data obtained

Question 129

An internal auditor wants to compare performance information from one quarter to another. Which analytics procedure would the auditor use?

Options:

A.

Ratio analysis

B.

Trend analysis

C.

Vertical analysis

D.

Benchmarking analysis

Question 130

Which of the following risk assessment approaches involves gathering data from work team representing different levels of an organisation?

Options:

A.

Surveys

B.

Management produced analysis 0

C.

Facilitated team workshops

D.

Weighted risk factors

Question 131

Which of the following statements generally true regarding audit engagement planning?

Options:

A.

The best source tor detailed process information is senior management

B.

Audit objectives should be general and do not change.

C.

Computer-assisted audit techniques are typically not useful during engagement planning

D.

Internal auditors should prepare a dented audit program for testing controls

Question 132

Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?

Options:

A.

Decline the audit engagement, because the Standards prohibit internal auditors from performing engagements where they lack the necessary competencies.

B.

Accept the audit engagement and use the engagement as an opportunity to develop the audit team’s IT expertise while performing the audit work.

C.

Temporarily hire an experienced and knowledgeable IT analyst from the organization ' s IT department to lead the audit.

D.

Outsource the audit engagement to a reputable IT audit consulting firm.

Question 133

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

Options:

A.

Senior management is charged with overseeing the establishment risk management and control processes.

B.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.

Operating managers are responsible for assessing risks and controls in their departments.

D.

Internal auditors provide assurance about risk management and control process effectiveness.

Question 134

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1.Consult on CSR program design and implementation

2.Serve as an advisor on CSR governance and risk management.

3.Review third parties for contractual compliance with CSR terms

4Identify and mitigate risks to help meet the CSR program objectives

Options:

A.

1,2, and 3.

B.

1.2. and 4.

C.

1, 3, and 4.

D.

2. 3. and 4.

Question 135

While planning for an accounts payable audit an internal auditor performs an entity level controls analysis. Which of the following statements is true regarding me approach used by the auditor?

Options:

A.

It enables the auditor to identify the inherent risks to the effective operation of accounts payable process controls.

B.

It enables the auditor to understand the framework of the activities and associated accounts payable subprocesses

C.

it enables the auditor to understand the accounts payable process and its flow, including key steps and systems.

D.

It enables the auditor to categorize the population of transactions within the accounts payable process

Question 136

Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?

Options:

A.

A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.

B.

A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.

C.

A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.

D.

A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.

Question 137

Which of the following statements is most accurate with respect to the required elements of the quality assurance and improvement program?

Options:

A.

Internal assessments provide sufficient objectivity to provide evidence to the board that the internal audit activity understands the organization ' s control processes.

B.

Quality assessments focus on the internal audit activity’s structure, relationships with stakeholders, compliance with the Standards, and internal audit staff proficiency.

C.

in order to comply with the Standards, the internal audit activity must obtain an objective assessment of its processes and function at least once a year

D.

Internal auditors completing internal assessments must demonstrate certification to perform quality assessments

Question 138

At a construction company, an internal auditor is planning an audit of the company ' s process for designing and building grid connections The process involves customers making payments m three parts

• The first payment of 10% after approval of the customer s application

• The second payment of 70% prior to construction

• The third payment of 20% after construction is complete

Which of the following key controls should the auditor test to ensure that the company is not taking any unwanted credit risks?

Options:

A.

Controls that ensure that grid connection design is finalized before construction is approved to begin

B.

Controls that ensure construction orders are initiated after the second invoice is paid

C.

Controls that ensure all three invoices are calculated correctly according to the total project cost

D.

Controls that ensure that applications are verified for approval prior to initiating design and construction

Question 139

An internal audit activity is planning its first audit of IT shared services. Which of the following controls would typically be evaluated first?

Options:

A.

Entity-level controls

B.

Application controls

C.

General controls.

D.

Transaction controls

Question 140

When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?

1. Add value.

2. Improve operations.

3. Provide assurance that the internal audit activity conforms with the Standards.

4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.

Options:

A.

1 only

B.

1 and 2 only

C.

1 and 3 only

D.

1, 2, 3, and 4

Question 141

Which of the following is most likely to be considered a control weakness?

Options:

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent

Question 142

In which of the following situations would an internal auditor consider the need to outsource competencies and skills9

Options:

A.

During the inspection of a wind turbine. an internal auditor notices that some replaced parts took used According to purchase documents, the parts still have a long lifespan.

B.

The auditor believes that the audit client ' s actions contradict the organization ' s code of conduct The audit client disagrees and says his actions are for the organization ' s benefit

C.

An audit team member is allocated to conduct an assurance engagement m the sales unit. However, the same auditor performed an assurance engagement in that area just one year prior

D.

During an inventory count, the auditor ascertained that some goods were missing. The audit client argues that the auditor does not understand how inventory should be counted

Question 143

According to IIA guidance, which of the following is a limitation of a heat map?

Options:

A.

Impact cannot be represented on a heat map unless it is quantified in financial terms

B.

Impact and likelihood at times cannot be differentiated as to which is more important.

C.

A heat map cannot be used unless a risk and control matrix has been developed.

D.

Qualitative factors cannot be incorporated into a heat map

Question 144

Which of the following would most likely form part of the engagement scope?

Options:

A.

Potential legislation on privacy topics will be employed as a compliance target.

B.

Wire transfers that exceeded $10,000 in the last 12 months will be analyzed.

C.

Both random and judgmental samplings will be used during the engagement.

D.

The probability of significant errors will be considered via risk assessment.

Question 145

Which of the following is a true statement regarding the use of flowcharts as an audit tool?

Options:

A.

Flowcharts are typically not well suited to support information provided by a risk and control matrix.

B.

Flowcharts are preferred to narratives, as they can provide much greater detail on the design and operation of a process.

C.

Flowcharts are best applied to linear process flows but cannot address all risks related to the process.

D.

Flowcharts describe process steps but cannot provide the level of detail needed to adequately assess the design of the process.

Question 146

During the preliminary survey of the procurement department, an internal auditor noted a major control weakness in the organization ' s ordering and receiving process. According to IIA guidance, which of the following is the most appropriate action the internal auditor should take?

Options:

A.

Issue a final report on the control weakness to senior management.

B.

Bring the control weakness to the attention of the process owner for resolution.

C.

Note the control weakness for discussion during the exit meeting.

D.

Carry out an investigation of the control weakness for disciplinary action.

Question 147

Internal control questionnaires are used to achieve which of the following objectives?

Options:

A.

To ascertain the operating effectiveness of a procedure

B.

To verify the accuracy of Information in a report

C.

To assess the controls mitigating major risks

D.

To determine whether specified contra procedures are in place

Question 148

An internal auditor suspects that employee turnover is unusually high at the organization ' s primary manufacturing plant To investigate this potential issue which of the following analytical approaches is the auditor likely to use?

Options:

A.

Ratio analysis

B.

Vertical analysis

C.

Benchmarking

D.

Cost-benefit analysis.

Question 149

According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?

Options:

A.

Having no active role or involvement in the risk management process.

B.

Auditing the risk management process for reasonableness.

C.

Coordinating and managing the risk management process.

D.

Participating with management in identifying and evaluating risks.

Question 150

The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable. When should this be communicated to senior management?

Options:

A.

When the CAE reports the audit outcome to senior management.

B.

When the residual risk is identified before the engagement is complete.

C.

Immediately, as residual risk should be communicated as soon as possible

D.

When management of the area under review has resolved and mitigated the residual risk

Question 151

According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?

1. Coordinate post-engagement conferences to discuss the final audit report with management.

2. Include management ' s responses in the final audit report.

3. Review and approve the final audit report.

4. Determine who will receive the final audit report.

Options:

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Question 152

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

Options:

A.

The financial interest the service provider may have in the organization.

B.

The relationship the service provider may have had with the organization or the activities being reviewed.

C.

Compensation or other incentives that may be applicable to the service provider.

D.

The service provider ' s experience in the type of work being considered.

Question 153

Which of the following would be the most helpful to a chief audit executive when developing a talent management strategy?

Options:

A.

Gap analysis

B.

Staff preferences

C.

Maturity analysis

D.

Extent of external audit coverage

Question 154

An internal auditor completed a test of 30 randomly selected accounts. For five of the accounts selected, the auditor was unable to find supporting documentation in the normal place of storage. Which of the following next steps would be most appropriate for the internal auditor to take?

Options:

A.

Conclude that the test failed because at least 17 percent of the sample items were not supported.

B.

Select five new accounts to replace the ones that were missing supporting documentation.

C.

Expand the sample size to 60 to determine whether the error rate remains the same.

D.

Contact management to determine whether the supporting documentation can be located elsewhere.

Question 155

Which type of engagement would be the most appropriate to assess the maturity and rigor of the organizationwide risk management process of a target entity that

management is considering acquiring?

Options:

A.

A due diligence engagement.

B.

An operational audit engagement.

C.

A feasibility study engagement.

D.

A risk and control self-assessment engagement.

Question 156

An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person Which of the following risks most appropriately describes this situation?

Options:

A.

Nonsampling risk

B.

Sampling risk

C.

Inherent risk

D.

Due diligence risk

Question 157

Which of the following is true regarding the communication of engagement results with stakeholders?

Options:

A.

When the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the organization, the CAE must discuss the matter with senior management. If the CAE determines that the matter has not been resolved, the CAE should seek the opinion from regulatory bodies.

B.

The CAE should avoid issuing any interim reports, even for high-risk observations, prior to the issuance of the final written report to avoid leakage of sensitive information.

C.

It is mandatory for the CAE to assess the potential risk to the organization, consult with senior management and legal counsel as appropriate, and control dissemination by restricting the use of the results prior to releasing them to parties outside of the organization if not otherwise mandated by legal, statutory, or regulatory requirements.

D.

The board should always be given the final written internal audit reports at the conclusion of all internal audit engagements. Executive summaries should be avoided in all cases.

Question 158

What is the best course of action for a chief audit executive if an internal auditor identifies in the early stage of an audit that some employees have inappropriate access to a key system?

Options:

A.

Contact the audit committee chair to discuss the finding

B.

Obtain verbal assurance from management that the inappropriate access will be removed

C.

Issue an interim audit report so that management can implement action plans

D.

Ask the auditor to create a ticket with the IT help desk requesting to revoke the inappropriate access

Question 159

An internal auditor wants to assess whether the organization ' s governing body was involved in strategic decisions for the use of social media. What could provide the most relevant evidence?

Options:

A.

The board ' s meeting minutes

B.

The executive committee’s social media budget report

C.

The organization’s marketing plan

D.

The organization’s procedures manual for daily social media management

Question 160

Which of the following is critical to the success of an effective interview?

Options:

A.

Present audit evidence and information to support the internal auditor’s line of questioning.

B.

Establish credibility, trust, and rapport.

C.

Develop flowcharts and review them with the interviewee.

D.

Observe the process and discuss it with the interviewee.

Question 161

Which of the following represents a ratio that measures short-term debt-paying ability?

Options:

A.

Debt-to-equity ratio

B.

Profit margin

C.

Current ratio

D.

Times interest earned

Question 162

An internal audit report includes a recommendation to remove inappropriate user access to an IT application. Which of the following does the recommendation represent?

Options:

A.

An agreed action adopted by management.

B.

A condition-based recommendation as an interim solution to correct a current condition.

C.

A cause-based recommendation to prevent inappropriate access being granted again.

D.

A management action plan.

Question 163

Which of the following methods is most closely associated to year over year trends?

Options:

A.

Horizontal analysts

B.

Vertical analysis.

C.

Common-size analysis.

D.

Ratio analysis.

Question 164

According to IIA guidance, which of the following activities is most likely to enhance stakeholders ' perception of the value the internal audit activity (IAA) adds to the organization?

1. The IAA uses computer-assisted audit techniques and IT applications.

2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.

3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.

4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 165

An internal auditor using the five-attribute approach to document deficiencies in a warehouse shipping process. Which of the following attributes will be included in the workpapers?

Options:

A.

Risk, impact likelihood existing control, recommendation

B.

Condition, cause, effect, recommendation

C.

Condition, cause effect test result

D.

Risk, impact test result recommendation

Question 166

Besides a chief audit executive ' s professional experience what determines the frequency and approach to assessing residual risk?

Options:

A.

The frequency of executing the internal audit engagements

B.

The frequency of changes in the organization environment

C.

The expectations set by the board and senior management

D.

The expectations set by operating management and senior management

Question 167

According to IIA guidance, organizations have the most influence on which element of fraud?

Options:

A.

Opportunity.

B.

Rationalization.

C.

Pressure.

D.

Incentives.

Question 168

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management ' s compliance with privacy laws for safeguarding customer information stored on the organization ' s servers. Which course of action is appropriate for this phase of the engagement?

Options:

A.

Solicit the services of a specialist information systems auditor

B.

Obtain the most current approved copies of the organization ' s privacy policy

C.

Consult with legal counsel about new privacy laws to establish appropriate criteria

D.

Consider the detection risk of noncompliance with the laws

Question 169

An internal auditor believes that the internal audit activity ' s independence is impaired Which of the following actions should the internal auditor take first?

Options:

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager.

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Question 170

What is a control implication for an organization that adopts a flat structure?

Options:

A.

Mid-level employees are urged to innovate.

B.

Available time for supervision is limited.

C.

There are many hierarchical levels.

D.

The organizational structure is dispersed vertically.

Question 171

Which of the following represents the best example of a strategic goal?

Options:

A.

Customer satisfaction index has to be 90% each quarter.

B.

Ten rapid charging stations will be installed next year.

C.

The organization aims to decrease the budget by 10%.

D.

The organization will be carbon neutral within 5 years.

Question 172

Which of the following is true of matrix organizations?

Options:

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various functions.

C.

Authority, responsibility, and accountability of the units involved may vary based on the projects life, or the organization ' s culture.

D.

it is best suited for firms with scattered locations or for multi-line, large-scale firms.

Question 173

The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?

1. Use an external service provider.

2. Conduct a self-assessment with independent validation.

3. Arrange for a review by qualified employees outside of the IAA.

4. Arrange for reciprocal peer review with another CAE.

Options:

A.

1 and 2

B.

2 and 4

C.

1, 2, and 3

D.

2, 3, and 4

Question 174

According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?

Options:

A.

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

B.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

C.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

D.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

Question 175

A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with managements decision, which of the following is the most appropriate next step for the CAE to take?

Options:

A.

The CAE must discuss the matter with senior management

B.

The CAE must discuss the matter with key shareholders.

C.

The CAE must discuss the matter with legal counsel.

D.

The CAE must discuss the matter with the board

Question 176

When forming an opinion on the adequacy of management ' s systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?

• During an audit of the hiring process in a law firm, it was discovered that potential employees ' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.

• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.

• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.

• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Question 177

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

Options:

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment.

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms.

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with internal policy.

Question 178

The audit committee has asked the chief audit executive (CAE) to conduct an ad hoc forensic investigation of the purchasing department within a month due to the significance and urgency of a recently discovered risk The internal audit activity currently has no available staff with relevant experience or qualifications Which of the following is the CAE ' s best option for fulfilling the internal audit activity ' s responsibilities in this case?

Options:

A.

Outsource the investigation to independent professional consultants

B.

Select certain internal auditors and remove them from their current assignments so that they can begin a forensic investigation course

C.

Recruit additional internal auditors possessing relevant qualification and experience

D.

Decline the engagement at this time

Question 179

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

Options:

A.

increased access to the organization ' s employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization ' s key business processes.

D.

increased access to the organization ' s software and proprietary data.

Question 180

Which of the following statements describes an engagement planning best practice?

Options:

A.

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

B.

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

C.

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

D.

Engagement planning activities include setting engagement objectives that align with audit client ' s business objectives.

Question 181

An organization s inventory is stored m multiple warehouses. During an inventory audit which of the following activities would most benefit from the use of computerized audit tools?

Options:

A.

Verifying the existence of inventory items in each warehouse

B.

Assigning the tolerable deviation rate to determine the sample size

C.

Valuating the obsolete Inventory from all the warehouse locations

D.

Confirming that the purchased items are recorded In the correct period

Question 182

Which of the following engagement supervision activities should be performed first?

Options:

A.

Ensure that internal audit recommendations are practical, cost-effective, and value-added

B.

Ensure that internal audit conclusions am based on sufficient and reliable evidence

C.

Ensure that risks to the timely completion of the engagement are assessed

D.

Ensure that performance assessments are completed for audit team members

Question 183

An internal auditor develops an engagement observation related to an organization ' s accumulation of large travel advances. The auditor observes that the organization ' s procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization ' s procedures?

Options:

A.

A criterion of the organization ' s accumulation of large travel advances

B.

A condition of the organization ' s accumulation of large travel advances

C.

A consequence of the organization ' s accumulation of large travel advances

D.

A cause of the organization ' s accumulation of large travel advances

Question 184

According to IIA guidance which of the following best describes reliable information?

Options:

A.

Reliable information is factual adequate, and convincing so that a prudent informed person would reach the same conclusions as the internal auditor

B.

Reliable information is the best attainable information through the use of appropriate engagement techniques

C.

Reliable information supports engagement observations and recommendations and is consistent with the objectives for the engagement

D.

Reliable information helps the organization and the internal audit activity meet its goals

Question 185

An internal auditor wants to identity potential ghost employees in the organization ' s payroll system The auditor extracts the following data

- Human resources data with employees ' names addresses employment conditions and identification codes

- Payroll data

- Logs from entrance systems

With this data, which of the following types of ghost employees will the auditor be able to identify?

Options:

A.

Employees who are being paid more than then approved wages

B.

Employees who get paid although their employment has expired

C.

Employees who are related to one of the subcontractors

D.

Employees who are physically present at the workplace but who do not perform the specified job duties

Question 186

An organization has a mature control environment but limited internal audit resources. Given this scenario, on which of the following should the internal auditors focus their testing?

Options:

A.

Detective compensating controls

B.

Preventive compensating controls.

C.

Detective key controls.

D.

Preventive key controls

Question 187

Which of the following attribute sampling methods would be most appropriate to use to measure the total misstatement posted to an accounts payable ledger?

Options:

A.

Stop-or-go sampling

B.

Probability to proportional size sampling

C.

Classical variable sampling

D.

Discovery sampling

Question 188

In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization ' s management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?

Options:

A.

Infrastructure.

B.

Emerging.

C.

Managed.

D.

Initial.

Question 189

During the planning process for a human resources audit, an internal auditor obtains an organizational chart. The auditor observes a flat organizational structure. Which of the below risks should the auditor consider for this engagement?

Options:

A.

Transactions and decision-making require multiple approvals, resulting in processing delays.

B.

Career and promotion paths are not easily visible and defined.

C.

Communication is likely to be top-down, with little feedback from lower-level employees.

D.

Employees have little autonomy, which may result in employee turnover or low morale.

Question 190

Which of the following is an example of a directive control?

Options:

A.

Segregation of duties

B.

Exception reports

C.

Training programs,

D.

Supervisory review.

Question 191

An internal audit team leader is having difficulties completing the planning phase of an assurance engagement because the business unit lacks a system of internal controls. Which of the following is the most appropriate course of action for the internal audit team leader?

Options:

A.

Defer the engagement until a system of internal control has been established

B.

Change the scheduled engagement from assurance to consulting to help correct the shortcomings

C.

Add a consulting component to the already scheduled assurance engagement

D.

Seek the involvement of the external auditor to assist with improving the internal controls

Question 192

A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan. Which of the following approaches would be most beneficial to help the CAE obtain details of the internal audit activity ' s collective knowledge, skills, and other competencies?

Options:

A.

Review or establish a documented skills assessment of the internal audit staff and gather information from post-audit surveys.

B.

Obtain from the human resources department the job descriptions and position requirements for all internal audit staff.

C.

Conduct an objective written test of the internal audit staff to assess their knowledge and skills related to core internal audit competencies.

D.

Request the internal audit staff to submit a document that summarizes their most recent performance appraisals and post audit reviews.

Question 193

An internal auditor is planning an engagement at a financial institution. Toe engagement objective is to identify whether loans were granted in accordance with the organization ' s policies. When of the following approaches would provide the auditor with the best information?

Options:

A.

Randomly select 30 cases of loans and verify whether they were repaid timely and in full

B.

Randomly select 30 cases of loans and validate them against applicable underwriting guidelines

C.

Randomly select 30 employees to complete a survey regarding whether policies and standards are followed

D.

Randomly select several months obtain ageing reports for these months and compare them with the poor year

Question 194

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended. However, during a follow-up engagement, the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

Options:

A.

Inform senior management that the branch manager decided to cancel the committed action plan without any previous communication.

B.

Discuss the issue with the board, which has ultimate responsibility to resolve this risk.

C.

Have another discussion with the branch manager, attempt to change his view, and encourage him to implement the recommendations.

D.

Document the branch manager’s decision to accept the risk; otherwise, no other specific course of action is required.

Question 195

During a review of data privacy an internal auditor is tasked with testing management ' s identification and prioritization of critical data collected by the organization. Which of the following steps would accomplish this objective?

Options:

A.

interview management to determine what types of data are collected and maintained

B.

Trace data from storage to the collection sources to determine how critical data is collected and organized

C.

Review a sample of data to determine whether the risk classification is reasonable

D.

Document and test a data inventory and classification program by determining the data classification levels and framework

Question 196

Who is responsible for ensuring internal auditors continuing professional development*

Options:

A.

Individual internal auditors

B.

Chief audit executive.

C.

The board

D.

Engagement supervisors

Question 197

A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan Which of the following approaches would be most beneficial to help the CAE obtain details of the Internal audit activity ' s collective knowledge skills, and other competencies?

Options:

A.

Review or establish a documented skills assessment of the internal audit staff and gather information from post-audit surveys

B.

Obtain from the human resources department the job descriptions and position requirements for all internal audit staff

C.

Conduct an objective written test of the internal audit staff to assess their knowledge and skills related to core internal audit competencies

D.

Request the internal audit staff to submit a document that summarizes their most recent performance appraisals and post audit reviews

Question 198

An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?

Options:

A.

Document the results and report the overall percentage of variances.

B.

Determine the significance of the variances and investigate causes as needed.

C.

Review the results and investigate the cause of all variances.

D.

Report all variances to management and request an action plan to remediate them.

Question 199

During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor ' s decision to combine both observations into one reported finding?

Options:

A.

The observation was made during the same audit, and the action plan has a common owner.

B.

The observation relates to the same control activity within a common process.

C.

The observation has a common control, and it was noted in a prior audit.

D.

The observation has a common process, and the action plan for the observation has a common owner.

Question 200

When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?

Options:

A.

The overall adequacy of the internal audit activity ' s resources.

B.

The availability of guest auditors for the engagement.

C.

The number of internal auditors used for the previous review of the same area.

D.

The available resources with the specific skill set required.

Question 201

During the planning phase of an assurance engagement, which of the following would an internal auditor use to assess and present the severity of the impact of identified risks?

Options:

A.

Kanban board

B.

Control self-assessment

C.

Heat map

D.

Risk register

Question 202

Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?

Ensure encryption keys meet ISO standards.

Determine whether an independent review of the service provider ' s operation has been conducted.

Verify that the service provider’s contracts include necessary clauses.

Verify that only public-switched data networks are used by the service provider.

Options:

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Question 203

An organization facing financial hardships is planning to reduce its internal audit function size without a reduction in workload. The organization plans to aid internal auditors by providing a generative artificial intelligence application that will process written responses from the activity under review to identify high-risk areas on which the remaining auditors will concentrate. Which of the following would be the most significant concern in this process?

Options:

A.

Slight variations in answers can result in very different risk assessments

B.

Generative artificial intelligence cannot make inferences out of free text responses

C.

Replacing auditor judgment with machine judgment is contrary to the Global Internal Audit Standards

D.

Poor acceptance of the new system by the activity under review will impact engagement outcomes

Question 204

The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program ' s activities. What is the appropriate next step?

Options:

A.

Conclude whether the ESG program ' s activities are meeting the established goals

B.

Communicate the results of the assessment to senior management

C.

Develop recommendations based on the results of the assessment

D.

Perform testing on the activities selected based on the assessment

Question 205

The only internal auditor, who was part of a larger team of individuals trained in the testing and reading of the organization’s quality control equipment, has resigned. With a scheduled audit of the quality department not yet completed for this year, what alternative approach should the internal audit function take in this scenario?

Options:

A.

Explain the situation to senior management and remove the audit from the audit plan until next year

B.

Conduct the audit of the quality department but adjust the audit program to remove the quality control testing

C.

Engage one of the other trained employees to participate in the audit review of the quality department

D.

Request that external auditors include this area as part of their review and provide independent assurance

Question 206

Which of the following statements is true regarding the reporting of tangible and intangible assets?

Options:

A.

For plant assets, cost includes the purchase price and the cost of design and construction

B.

For intangible assets, cost includes the purchase price and development costs.

C.

Due to their indefinite nature, intangible assets are not subject to amortization.

D.

The organization must expense any cost incurred in developing a plant asset

Question 207

During a consulting engagement an internal auditor wants to determine whether all principal stakeholders are involved in a project. Which tool should the auditor use?

Options:

A.

RACI (responsible, accountable, consult and inform) chart

B.

Flowchart

C.

SWOT{strengths. weaknesses opportunities, and threats) analysis

D.

Workflow analysis

Question 208

Which of the following best describes the guideline for preparing audit engagement workpapers?

Options:

A.

Workpapers should be understandable to the auditor in charge and the chief audit executive

B.

Workpapers should be understandable to the audit client and the board.

C.

Workpapers should be understandable to another internal auditor who was not involved in the engagement.

D.

Workpapers should be understandable to external auditors and regulatory agencies

Question 209

A healthcare organization ' s chief audit executive (CAE) noted that the organization ' s IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization ' s chief information officer (ClO) does not agree with the audit team ' s recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?

Options:

A.

Write a risk acceptance memo for the CIO to sign acknowledging the observation and indicating a willingness to accept the risk.

B.

Provide an example of the attestation form that vendors must use. Then, recommend that the IT team require vendors to submit the attestation form on a regular basis.

C.

Escalate the issue to the audit committee, as the CIO is unwilling to implement the recommended action plan.

D.

Escalate the issue to the CAE to assess whether the ClO ' s reasoning is acceptable.

Question 210

According to IIA guidance, which of the following statements is true regarding engagement planning?

Options:

A.

For both assurance and consulting engagements, planning typically occurs after the engagement objectives and scope have already been determined.

B.

The expectations and objectives of an assurance engagement are usually determined by, or in conjunction with, the engagement client.

C.

Internal auditors may not need to complete a preliminary risk assessment for a consulting engagement as they would when planning an assurance engagement.

D.

For both consulting and assurance engagements, internal auditors usually form the engagement objectives prior to completing the preliminary risk assessment.

Question 211

Which of the following conditions are necessary for successful change management?

1. Decisions and necessary actions are taken promptly.

2. The traditions of the organization are respected.

3. Changes result in improvement or reform.

4. Internal and external communications are controlled.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 3

D.

2 and 4

Question 212

Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?

Options:

A.

Verify that amounts are correct.

B.

Verify that payments are on time.

C.

Verify that recipients are valid employees.

D.

Verify that benefits deductions are accurate.

Question 213

An internal auditor is assigned to an advisory engagement for the launch of a new system relating to travel and expense. During fieldwork, the auditor tests interfacing controls with the procurement system. The auditor observes that a key control is missing within the procurement system. The auditor identifies that senior management has approved a temporary manual workaround for the missing control. Which of the following actions should the auditor take?

Options:

A.

Propose to include an assurance engagement for the procurement system in next year’s audit plan

B.

Perform a root cause analysis and test the workaround effectiveness

C.

Expand the scope of the advisory engagement to include the procurement system

D.

Ignore the risk as senior management has implemented the workaround

Question 214

An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?

Options:

A.

Express an opinion on the participants ' inputs and conclusions as the assessment progresses.

B.

Provide appropriate techniques and guidelines on how the exercise should be undertaken.

C.

Evaluate and report on all issues that may be uncovered during the exercise.

D.

Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.

Question 215

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a charitable contribution from the organization. Which of the following methods would best help meet this objective?

Options:

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee ' s final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions.

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities.

Question 216

Upon the completion of an audit engagement an audit manager performs a review of a staff auditor ' s workpapers. Which of the following actions by the manager is the most appropriate this review ' '

Options:

A.

Communicate the workpaper review results to management of fie area under review to validate the final report

B.

Update the final report in the file with any necessary corrections based on the workpaper review.

C.

Discuss the workpaper review results with the staff auditor where appropriate as a leaning opportunity

D.

Add the manager ' s review notes to the final documentation following the review

Question 217

An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?

Options:

A.

Select a sample of invoices for substantive testing

B.

Review the contract for evidence of authorization

C.

Document underlying reasons for noncompliance

D.

Assess the inherent risk of paying duplicate invoices

Question 218

An internal control questionnaire would be most appropriate in which of the following situations?

Options:

A.

Testing controls where operating procedures vary.

B.

Testing controls in decentralized offices.

C.

Testing controls in high risk areas.

D.

Testing controls in areas with high control failure rates.

Question 219

What information would be most useful to an internal auditor who is attempting to identify specific processes to include in the scope of an assurance engagement?

Options:

A.

Recent organizationwide recognition awards given to employees within the area.

B.

The timing of the most recent audit of the area.

C.

Management ' s presentation to the board regarding recent area achievements.

D.

Recent area performance indicators against productivity metrics.

Question 220

Which of the following statements is true regarding the audit objective for an assurance engagement?

Options:

A.

Operational management must determine the audit objective in cooperation with the internal auditor

B.

The audit objective may be adjusted after the start of an engagement and it does not need to align with the assessed risks

C.

The audit objective must consider the possibility of fraud and noncompliance

D.

The audit objective may or may not consider the possibility of fraud depending on the assessed likelihood and impact

Question 221

The chief audit executive (CAE) of an organization has completed this year’s risk-based audit plan and realized that current staff resources are insufficient to meet the needs of the plan. What course of action should the CAE take?

Options:

A.

Amend the audit plan so that available audit resources are adequate to meet the plan’s requirements.

B.

Inform the board and senior management of the resources needed, as well as the associated risks.

C.

Communicate early to those unit managers whose areas would most likely not be able to get reviewed.

D.

Get approval from human resources regarding overtime payment to be made in an effort to complete the audit plan.

Question 222

The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?

Options:

A.

Judgmental sampling

B.

Random sampling

C.

Discovery sampling

D.

Statistical sampling

Question 223

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

Options:

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.

The self-assessment results were validated by a qualified external review team three years prior.

D.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Question 224

In preparing the engagement work program, which of the following is generally true with respect to secondary controls?

Options:

A.

A separate engagement work program should be created for secondary controls

B.

Secondary controls do not necessarily need to be tested for effectiveness

C.

Any documented secondary controls are deemed essential to the adequacy of control design

D.

Secondary controls should be held to the same requirements as key controls

Exam Detail
Vendor: IIA
Certification: CIA
Exam Code: IIA-CIA-Part2
Last Update: Jul 8, 2026
IIA-CIA-Part2 Question Answers