Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?
Which method of examining entity-level controls involves gathering information from work groups that represent different levels in an organization?
In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?
Which of the following information is most appropriate for the chief audit executive to share when coordinating audit plans with other internal and external assurance providers?
Which of the following internal audit activity staffing models has the disadvantage that auditors are always new and in training?
Which of the following items, included in the preliminary audit communication would be most useful for management to formulate action plans in response to audit recommendations?
According to IIA guidance, which of re following actions should the internal auditor take immediately after having considered fraud scenarios and identified and prioritized fraud risks?
Which of the following is the primary reason to develop an audit work program?
Which statistical sampling approach would an internal auditor typically utilize if she wishes to test for fraud and the expected deviation rate is very low?
Which of the following is not a direct benefit of control self-assessment (CSA)?
Which of the following is the primary reason the chief audit executive should consider the organization ' s strategic plans when developing the annual audit plan?
When auditing an organization ' s purchasing function, which of the following appropriately matches an engagement objective and the resulting audit procedure?
A chief audit executive (CAE) determined that management chose to accept a high-level risk that may be unacceptable lo the organization. Which is the best course of action for the CAE to Follow?
Which of the following statements is true regarding partnership liquidation?
Which of the following statements is true regarding an organization’s inventory valuation?
Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?
A corporate merger decision prompts the chief audit executive (CAE) to propose interm changes to the existing annual audit plan to account for emerging risks Which of the following Is the most appropriate action for the CAE to take regarding the changes made to the audit plan?
An internal auditor wants to determine whether the key risks identified by management in the risk register are reflective of the key risks in the industry. Which of the following techniques would the auditor apply to achieve this goal?
Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?
An internal auditor discovered fraud while performing an audit of an organization ' s procurement process. Which of the following describes the greatest benefit of using forensic auditing techniques in this scenario?
During planning, the chief audit executive submits a risk-and-control questionnaire to management of the activity under review. Which of the following statements is true regarding the questionnaire?
Which of the following factors should a chief audit executive consider when determining the audit universe?
1. Components of the organization ' s strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.
During an engagement in one of the subsidiaries of an organization, an internal auditor noted the following in the workpapers:
" As a subsidiary of a multinational organization in this particular country, the entity is required to register annually with the
respective ministry. However, the subsidiary did not submit the required documentation for registration during the prior year. Failure
to comply with internal and external regulations could lead to penalties or fines from the respective authorities. It is recommended
that the management of the subsidiary ensures compliance with the relevant legislation. As a recoverable action, management
should register the subsidiary in the current year as soon as possible. "
What part of this narrative represents a condition of the observation made by auditors in the final report?
An internal auditor suspects that a program contains unauthorized code or errors. Which of the following would assist the internal auditor in this regard?
According to IIA guidance which of the following statements is true regarding the annual audit plan?
Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?
Which of the following describes the primary objective of an internal audit engagement supervisor?
Which of the following statements about including consulting engagements in the annual internal audit plan is true?
An organization ' s internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?
1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.
2. The AIC should notify HR management before the planning stage begins.
3. The AIC should schedule formal status meetings with HR management at the start of the engagement.
4. The AIC should finalize the scope of the engagement before communicating with HR management.
An organization invests excess short-term cash in trading securities Which of the following actions should an internal auditor take to test the valuation of those securities ' *
An internal auditor uses a data query tool in the purchasing process to review the vendor master file for authorizations Which of the following describes the control objective likely being tested?
Which of the following statements is true regarding the management-by-objectives method?
Which of the following scenarios is an example of appropriate engagement supervision?
The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?
While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the information systems have undergone extensive changes. Which of the following actions is most appropriate for the auditor to take?
With regard to project management, which of the following statements about project crashing is true?
Which of the following is more likely to be present in a highly centralized organization?
According to IIA guidance, which of the following statements about analytical procedures is true?
An organization is expanding into a new line of business selling natural gas. The internal auditor is planning an engagement and wants to obtain a general understanding of the natural gas market the market share that the organization wants to win, and the competitive advantage that the organization may have. Which of the following would be the best source of such information?
Which of the following is the most important determinant of the objectives and scope of assurance engagements?
When using cost-volume-profit analysis, which of the following will increase operating income once the break-even point has been reached?
According to Herzberg’s Two-Factor Theory of Motivation, which of the following factors are mentioned most often by satisfied employees9
A customer has supplied personal information to a bank to facilitate opening an account. The bank is part of a larger group of companies with core businesses including general insurance, life insurance, and investment products. Considering that the customer has closed his only account with the bank and the statutory data retention period has elapsed, which of the following actions by the bank is most likely to align with appropriate data privacy principles?
According to IIA guidance which of the following statements is true regarding heat maps?
According to IIA guidance, when of the Mowing statements is true regarding an engagement supervisor ' s use of review notes?
According to IIA guidance, which of the following statements is true regarding engagement planning?
Which of the following processes does the board manage to ensure adequate governance?
Which of the following represents a ratio that measures short term debt-paying ability?
While reviewing warehouse inventory records, an internal auditor noticed that the warehouse has a surprisingly high number of products in storage. Over the past three years, the auditor had visited this particular warehouse numerous times for previous engagements and remembered that the warehouse was rather small. The auditor then decided to compare the square footage of the warehouse to the recorded number of products in storage. The auditor’s action is an example of which of the following?
During audit engagement planning, an internal auditor is determining the best approach for leveraging computer-assisted audit techniques (CAATs). Which of the following approaches maximizes the use of CAATs and why?
A senior internal auditor is hired within the internal audit activity for a period of two years before advancing to an operations manager role within the business operations team. When staffing arrangement is being used in this scenario?
A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?
A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?
1. The client manager and her superior.
2. Anyone who may object to the report’s validity.
3. Anyone required to take action.
4. The same individuals who receive the final report.
An internal auditor completed a consulting engagement covering a recent advertising campaign. The audit client asked the auditor to forward a copy of the report to one of the three advertising agencies used by the organization. According to IIA guidance, which of the following statements is true regarding this request?
A financial services organization ' s CEO requests that the internal audit function carry out fraud scenario testing over the supplier payment process. The engagement supervisor intends to identify these scenarios using a technique that motivates the sharing of ideas. Which of the following provides the internal audit function with this information?
Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?
1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.
2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.
3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.
4. Communicate to senior management a summary report on the status and adequacy of audit resources.
In order to obtain background information on an assigned audit of data center operations an internal auditor administers control questionnaires to select individuals who have primary responsibilities within the process. Which of the following is a drawback of this approach?
A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization ' s Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.
In which of the following populations would the internal auditor most likely choose to use a stratified sampling approach?
An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?
According to IIA guidance, which of the following statements is true regarding due professional care?
An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the
bank heading, logo, or address. Which of the following statements is true regarding this situation?
An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?
An internal auditor has been asked to join a project team to help design controls in a software application to address specific risks that have been identified by the team Which of the following actions is most appropriate for the internal auditor to perform?
An organization has identified new strategic goals, and a current objective is to determine an optimal course of action to meet those goals. Which data analytics method is used to achieve this objective?
What is the primary reason that audit supervision includes approval of the engagement report?
During the planning stage of an assurance engagement, an internal auditor has been assigned to prepare a risk matrix. Which of the following should the internal auditor consider when attempting to identify process-level risks?
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate
option for the chief audit executive?
A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks. When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?
An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement.
3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.
An internal auditor plans to conduct a walk-through to evaluate the control design of a process. Which of the following techniques is the auditor most likely to use?
An organization ' s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?
According to IIA guidance, which of the following is the most appropriate action to be taken by the chief executive (CAE) if management refuses to accept audit recommendations and implement corrective actions, Even after escalation to senior management?
Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?
In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?
Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?
The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9
Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?
Which of the following factors should be considered when determining the staff requirements for an audit engagement?
The internal audit activity ' s time constraints.
The nature and complexity of the area to be audited.
The period of time since the area was last audited.
The auditors’ preference to audit the area.
The results of a preliminary risk assessment of the activity under review.
An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?
Operational management In the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?
An internal auditor was reviewing the procurement department ' s tender documentation for completeness He documented all discrepancies but the procurement manager disagreed with his findings Upon further review, the internal auditor noted that all discrepancies had been corrected in the tender database. Which of the following courses of action would have prevented this situation?
As part of an audit engagement, an internal auditor verifies whether raw material is regularly delivered to the organization ' s warehouse in a timely manner. What type of objective does this exemplify?
Which of the following components should be included in an audit finding?
1. The scope of the audit.
2. The standard(s) used by the auditor to make the evaluation.
3. The engagement ' s objectives.
4. The factual evidence that the internal auditor found in the course of the examination.
Which of the following performance measures is considered a lagging indicator to the largest degree?
Which of the following is the primary engagement responsibility of an entry-level internal auditor?
Which of the following statements is true regarding engagement planning?
Which of the following would best prevent phishing attacks on an organization?
Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?
Which of the following would most Holy reflect the best possible engagement objectives?
Which of the following statements is true regarding engagement planning?
The chief audit executive (CAE) for a manufacturing company included in this year s audit plan a review of the company ' s laboratory, using an experienced external service provider. The audit plan was approved by the audit committee without any changes At the time of engaging the external service provider, the CAE also secured the approval from the CEO. Who is responsible for ensuring that the conclusions reached for this exercise are adequately supported7
During a review of the treasury function an internal auditor identified a risk that all bank accounts may net to include in the daily reconciliation process.
Which of the following responses would be most effective to mitigate this risk?
An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?
An internal auditor is assigned to validate calculations on the organization ' s billing application. As part of the test, the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?
When me internal audit activity does not have sufficient time to complete its usual root cause analysis which c4 the following is most appropriate?
According to the International Professional Practices Framework, which of the following is an appropriate reason for issuing an interim report?
To keep management informed of audit progress when audit engagements extend over a long period of time.
To provide an alternative to a final report for limited-scope audit engagements.
To communicate a change in engagement scope for the activity under review.
Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.
When is an organic organizational structure likely to be more successful than a mechanistic organizational structure?
Which of the following statements is true regarding internal auditors and other assurance providers?
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
An internal auditor is planning a consuming engagement and the objective is to identify opportunities to improve the efficiency of the organization’s procurement process. The auditor is preparing to conduct a preliminary survey of the area. Which of the following approaches would be most useful to obtain relevant information to support the engagement objective?
Which of the following situations would justify the removal of a finding from the final audit report?
Which of the following actions is the most appropriate response for an internal auditor to take when a significant risk is identified during a consulting engagement?
An organization buys crude oil on the open market and refines it into a high-quality gasoline. The price of crude oil is extremely volatile. Which of the following is the most appropriate risk management technique to protect the organization against these price fluctuations?
According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?
Which of the following statements best describes the difference between risk appetite and risk tolerance?
Due to emerging new technologies that greatly affect the organization, the chief audit executive (CAE) wants to conduct frequent IT audit and is particularly focused on improving the quality of these engagements. Which of the following is the most viable solution for the CAE to ensure that IT audit quality is immediately enhanced and maintained long-term?
An organization must maintain a current ratio of at least 1.2 to comply with debt covenants. Its current ratio is now 0.9. Which year-end transaction can increase the current ratio?
Which of the following should be the focus of the effect section of the preliminary observations document?
What is the primary purpose of creating a preliminary draft audit report?
During which phase of the contracting process are contracts drafted for a proposed business activity’
Which of the following recognized competitive strategies focuses on gaining efficiencies?
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?
According to the IIA guidance, which of the following foes the engagement work test in a review in a review of an organization al process?
When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?
The internal audit team judgmentally selected 60 of the 600 employee timesheets that were processed during the previous month to determine whether supervisors were properly approving timesheets in accordance with the organization ' s policies. The internal audit team found three exceptions. Based on the audit test, which of the following is most appropriate for the internal audit team to conclude?
An internal auditor wants to examine the intensity of correlation between electricity price and wind speed. Which of the following analytical approaches would be most appropriate for this purpose?
Which of the following is one of the five basic tnanoal statement assertions when an internal auditor evaluates controls over financial reporting?
During the filework phase of an assurance engagement the internal auditor decides that she wants to adjust the audit work program. Which of the following is the most appropriate next step for the auditor to take9
A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan ' '
An internal auditor reviewed the tender documents for the procurement of manufacturing equipment and observed the following:
Tender technical specifications were compliant with internal policies.
The sole assessment criterion of the tender was economic feasibility.
All bids were submitted to a designated software and could not be opened before the submission deadline.
The winner was approved by senior management.
The winner was selected based on which bidder offered the newest technology.
Which of the following is the most appropriate conclusion?
An internal auditor conducted interviews with several employees, documented the interviews analyzed the summaries, and drew a number of conclusions. What sort of audit evidence has the internal auditor primarily obtained?
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
Which of the following statements is true regarding different competitive strategies?
An internal auditor discovered a control weakness that needs to be communicated to management. Which of the following is the best method for first communicating the weakness?
Which of the following is a primary reason for an internal auditor to use a risk and control questionnaire when auditing financial processes?
An internal auditor wants to compare performance information from one quarter to another. Which analytics procedure would the auditor use?
Which of the following risk assessment approaches involves gathering data from work team representing different levels of an organisation?
Which of the following statements generally true regarding audit engagement planning?
Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?
Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?
According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?
1.Consult on CSR program design and implementation
2.Serve as an advisor on CSR governance and risk management.
3.Review third parties for contractual compliance with CSR terms
4Identify and mitigate risks to help meet the CSR program objectives
While planning for an accounts payable audit an internal auditor performs an entity level controls analysis. Which of the following statements is true regarding me approach used by the auditor?
Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?
Which of the following statements is most accurate with respect to the required elements of the quality assurance and improvement program?
At a construction company, an internal auditor is planning an audit of the company ' s process for designing and building grid connections The process involves customers making payments m three parts
• The first payment of 10% after approval of the customer s application
• The second payment of 70% prior to construction
• The third payment of 20% after construction is complete
Which of the following key controls should the auditor test to ensure that the company is not taking any unwanted credit risks?
An internal audit activity is planning its first audit of IT shared services. Which of the following controls would typically be evaluated first?
When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?
1. Add value.
2. Improve operations.
3. Provide assurance that the internal audit activity conforms with the Standards.
4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.
Which of the following is most likely to be considered a control weakness?
In which of the following situations would an internal auditor consider the need to outsource competencies and skills9
According to IIA guidance, which of the following is a limitation of a heat map?
Which of the following would most likely form part of the engagement scope?
Which of the following is a true statement regarding the use of flowcharts as an audit tool?
During the preliminary survey of the procurement department, an internal auditor noted a major control weakness in the organization ' s ordering and receiving process. According to IIA guidance, which of the following is the most appropriate action the internal auditor should take?
Internal control questionnaires are used to achieve which of the following objectives?
An internal auditor suspects that employee turnover is unusually high at the organization ' s primary manufacturing plant To investigate this potential issue which of the following analytical approaches is the auditor likely to use?
According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?
The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable. When should this be communicated to senior management?
According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?
1. Coordinate post-engagement conferences to discuss the final audit report with management.
2. Include management ' s responses in the final audit report.
3. Review and approve the final audit report.
4. Determine who will receive the final audit report.
Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?
Which of the following would be the most helpful to a chief audit executive when developing a talent management strategy?
An internal auditor completed a test of 30 randomly selected accounts. For five of the accounts selected, the auditor was unable to find supporting documentation in the normal place of storage. Which of the following next steps would be most appropriate for the internal auditor to take?
Which type of engagement would be the most appropriate to assess the maturity and rigor of the organizationwide risk management process of a target entity that
management is considering acquiring?
An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person Which of the following risks most appropriately describes this situation?
Which of the following is true regarding the communication of engagement results with stakeholders?
What is the best course of action for a chief audit executive if an internal auditor identifies in the early stage of an audit that some employees have inappropriate access to a key system?
An internal auditor wants to assess whether the organization ' s governing body was involved in strategic decisions for the use of social media. What could provide the most relevant evidence?
Which of the following is critical to the success of an effective interview?
Which of the following represents a ratio that measures short-term debt-paying ability?
An internal audit report includes a recommendation to remove inappropriate user access to an IT application. Which of the following does the recommendation represent?
Which of the following methods is most closely associated to year over year trends?
According to IIA guidance, which of the following activities is most likely to enhance stakeholders ' perception of the value the internal audit activity (IAA) adds to the organization?
1. The IAA uses computer-assisted audit techniques and IT applications.
2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.
3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.
4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.
An internal auditor using the five-attribute approach to document deficiencies in a warehouse shipping process. Which of the following attributes will be included in the workpapers?
Besides a chief audit executive ' s professional experience what determines the frequency and approach to assessing residual risk?
According to IIA guidance, organizations have the most influence on which element of fraud?
An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management ' s compliance with privacy laws for safeguarding customer information stored on the organization ' s servers. Which course of action is appropriate for this phase of the engagement?
An internal auditor believes that the internal audit activity ' s independence is impaired Which of the following actions should the internal auditor take first?
What is a control implication for an organization that adopts a flat structure?
Which of the following represents the best example of a strategic goal?
Which of the following is true of matrix organizations?
The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA.
4. Arrange for reciprocal peer review with another CAE.
According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?
A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with managements decision, which of the following is the most appropriate next step for the CAE to take?
When forming an opinion on the adequacy of management ' s systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?
• During an audit of the hiring process in a law firm, it was discovered that potential employees ' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.
• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.
• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.
• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.
According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?
The audit committee has asked the chief audit executive (CAE) to conduct an ad hoc forensic investigation of the purchasing department within a month due to the significance and urgency of a recently discovered risk The internal audit activity currently has no available staff with relevant experience or qualifications Which of the following is the CAE ' s best option for fulfilling the internal audit activity ' s responsibilities in this case?
Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?
Which of the following statements describes an engagement planning best practice?
An organization s inventory is stored m multiple warehouses. During an inventory audit which of the following activities would most benefit from the use of computerized audit tools?
Which of the following engagement supervision activities should be performed first?
An internal auditor develops an engagement observation related to an organization ' s accumulation of large travel advances. The auditor observes that the organization ' s procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization ' s procedures?
According to IIA guidance which of the following best describes reliable information?
An internal auditor wants to identity potential ghost employees in the organization ' s payroll system The auditor extracts the following data
- Human resources data with employees ' names addresses employment conditions and identification codes
- Payroll data
- Logs from entrance systems
With this data, which of the following types of ghost employees will the auditor be able to identify?
An organization has a mature control environment but limited internal audit resources. Given this scenario, on which of the following should the internal auditors focus their testing?
Which of the following attribute sampling methods would be most appropriate to use to measure the total misstatement posted to an accounts payable ledger?
In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization ' s management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?
During the planning process for a human resources audit, an internal auditor obtains an organizational chart. The auditor observes a flat organizational structure. Which of the below risks should the auditor consider for this engagement?
Which of the following is an example of a directive control?
An internal audit team leader is having difficulties completing the planning phase of an assurance engagement because the business unit lacks a system of internal controls. Which of the following is the most appropriate course of action for the internal audit team leader?
A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan. Which of the following approaches would be most beneficial to help the CAE obtain details of the internal audit activity ' s collective knowledge, skills, and other competencies?
An internal auditor is planning an engagement at a financial institution. Toe engagement objective is to identify whether loans were granted in accordance with the organization ' s policies. When of the following approaches would provide the auditor with the best information?
An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended. However, during a follow-up engagement, the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?
During a review of data privacy an internal auditor is tasked with testing management ' s identification and prioritization of critical data collected by the organization. Which of the following steps would accomplish this objective?
Who is responsible for ensuring internal auditors continuing professional development*
A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan Which of the following approaches would be most beneficial to help the CAE obtain details of the Internal audit activity ' s collective knowledge skills, and other competencies?
An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?
During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor ' s decision to combine both observations into one reported finding?
When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?
During the planning phase of an assurance engagement, which of the following would an internal auditor use to assess and present the severity of the impact of identified risks?
Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?
Ensure encryption keys meet ISO standards.
Determine whether an independent review of the service provider ' s operation has been conducted.
Verify that the service provider’s contracts include necessary clauses.
Verify that only public-switched data networks are used by the service provider.
An organization facing financial hardships is planning to reduce its internal audit function size without a reduction in workload. The organization plans to aid internal auditors by providing a generative artificial intelligence application that will process written responses from the activity under review to identify high-risk areas on which the remaining auditors will concentrate. Which of the following would be the most significant concern in this process?
The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program ' s activities. What is the appropriate next step?
The only internal auditor, who was part of a larger team of individuals trained in the testing and reading of the organization’s quality control equipment, has resigned. With a scheduled audit of the quality department not yet completed for this year, what alternative approach should the internal audit function take in this scenario?
Which of the following statements is true regarding the reporting of tangible and intangible assets?
During a consulting engagement an internal auditor wants to determine whether all principal stakeholders are involved in a project. Which tool should the auditor use?
Which of the following best describes the guideline for preparing audit engagement workpapers?
A healthcare organization ' s chief audit executive (CAE) noted that the organization ' s IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization ' s chief information officer (ClO) does not agree with the audit team ' s recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?
According to IIA guidance, which of the following statements is true regarding engagement planning?
Which of the following conditions are necessary for successful change management?
1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.
Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?
An internal auditor is assigned to an advisory engagement for the launch of a new system relating to travel and expense. During fieldwork, the auditor tests interfacing controls with the procurement system. The auditor observes that a key control is missing within the procurement system. The auditor identifies that senior management has approved a temporary manual workaround for the missing control. Which of the following actions should the auditor take?
An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?
An internal audit activity has to confirm the validity of the activities reported by a grantee that received a charitable contribution from the organization. Which of the following methods would best help meet this objective?
Upon the completion of an audit engagement an audit manager performs a review of a staff auditor ' s workpapers. Which of the following actions by the manager is the most appropriate this review ' '
An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?
An internal control questionnaire would be most appropriate in which of the following situations?
What information would be most useful to an internal auditor who is attempting to identify specific processes to include in the scope of an assurance engagement?
Which of the following statements is true regarding the audit objective for an assurance engagement?
The chief audit executive (CAE) of an organization has completed this year’s risk-based audit plan and realized that current staff resources are insufficient to meet the needs of the plan. What course of action should the CAE take?
The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?
An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?
In preparing the engagement work program, which of the following is generally true with respect to secondary controls?