New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

IIA IIA-ACCA ACCA CIA Challenge Exam Exam Practice Test

Page: 1 / 60
Total 604 questions

ACCA CIA Challenge Exam Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Which of the following is not a direct benefit of control self-assessment (CSA)?

Options:

A.

CSA allows management to have input into the audit plan.

B.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

C.

CSA can improve the control environment.

D.

CSA increases control consciousness.

Question 2

An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?

Options:

A.

Disclose the information in a separate report.

B.

Distribute the information in a confidential report to the board only

C.

Distribute the reports through the use of blind copies.

D.

Exclude the results from the report and verbally report the conditions to senior management and the board.

Question 3

The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?

1. Use an external service provider.

2. Conduct a self-assessment with independent validation.

3. Arrange for a review by qualified employees outside of the IAA.

4. Arrange for reciprocal peer review with another CAE.

Options:

A.

1 and 2

B.

2 and 4

C.

1, 2, and 3

D.

2, 3, and 4

Question 4

Which of the following is not an outcome of control self-assessment?

Options:

A.

Informal, soft controls are omitted, and greater focus is placed on hard controls.

B.

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

C.

Internal auditors become involved in and knowledgeable about the self-assessment process.

D.

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

Question 5

The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?

• The annual audit plan should include audits that are consistent with the skills of the IAA.

• Audits of high-risk areas of the organization should be conducted by internal audit staff.

• External resources may be hired to provide subject-matter expertise but should be supervised.

• Auditors should develop their skills by being assigned to complex audits for learning opportunities.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 6

Which of the following components should be included in an audit finding?

1. The scope of the audit.

2. The standard(s) used by the auditor to make the evaluation.

3. The engagement's objectives.

4. The factual evidence that the internal auditor found in the course of the examination.

Options:

A.

1 and 2

B.

1 and 3 only

C.

2 and 4

D.

1, 3, and 4

Question 7

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?

Options:

A.

Evaluate and verify management's response, and determine the need and scope for additional work.

B.

Evaluate and verify management's response, and establish timelines for corrective action by management.

C.

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

Question 8

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 9

An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?

Options:

A.

Verify that approvals of purchasing documents comply with the authority matrix.

B.

Observe whether the purchase orders are sequentially numbered.

C.

Examine whether the sales department supervisor approves invoices for payment.

D.

Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

Question 10

According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?

1. Coordinate post-engagement conferences to discuss the final audit report with management.

2. Include management's responses in the final audit report.

3. Review and approve the final audit report.

4. Determine who will receive the final audit report.

Options:

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Question 11

A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?

Options:

A.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

B.

All completed training costs, and the cost of actual production hours completed to date.

C.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

D.

All completed training costs, and 50% of the contracted production costs.

Question 12

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

Options:

A.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

B.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

C.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

D.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Question 13

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

Options:

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Question 14

During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?

Options:

A.

The audit supervisor should include the new contracts in the finding for the final audit report.

B.

The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.

C.

The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.

D.

The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.

Question 15

Which of the following statements describes an engagement planning best practice?

Options:

A.

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

B.

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

C.

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

D.

Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

Question 16

The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?

Options:

A.

Coach management in responding to risks.

B.

Develop risk management strategies for board approval.

C.

Facilitate identification and evaluation of risks.

D.

Evaluate risk management processes.

Question 17

Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?

Options:

A.

Verify that amounts are correct.

B.

Verify that payments are on time.

C.

Verify that recipients are valid employees.

D.

Verify that benefits deductions are accurate.

Question 18

Which of the following statements is true pertaining to interviewing a fraud suspect?

1. Information gathered can be subjective as well as objective to be useful.

2. The primary objective is to obtain a voluntary written confession.

3. The interviewer is likely to begin the interview with open-ended questions.

4. Video recordings always should be used to provide the highest quality evidence.

Options:

A.

1 only

B.

4 only

C.

1 and 3

D.

2 and 4

Question 19

According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

Options:

A.

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B.

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

C.

The exit conference provides only anticipated results for inclusion in the final audit communication.

D.

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

Question 20

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

Options:

A.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

B.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

C.

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

D.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Question 21

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

Options:

A.

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

B.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

C.

Reassign information systems auditors to assist in implementing management's action plan.

D.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

Question 22

An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 23

A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?

Options:

A.

Integrity.

B.

Flexibility.

C.

Initiative.

D.

Curiosity.

Question 24

A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?

1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.

2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.

3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.

4. Include the incident in the next quarterly report to the audit committee.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 25

It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?

Options:

A.

The internal audit risk assessment and audit plan for the next fiscal year.

B.

The internal audit budget and resource plan for the coming fiscal year.

C.

A request for an increase of the CAE's salary for the next fiscal year.

D.

The evaluation and compensation of the internal audit team.

Question 26

Which of the followings statements describes a best practice regarding assurance engagement communication activities?

Options:

A.

All assurance engagement observations should be communicated to the audit committee.

B.

All assurance engagement observations should be included in the main section of the engagement communication.

C.

During the "communicate" phase of an assurance engagement, it is best to define the methods and timing of engagement communications.

D.

A detailed escalation process should be developed during the planning stage of an assurance engagement.

Question 27

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

Options:

A.

Acts that may endanger the health or safety of individuals.

B.

Acts that favor one party to the detriment of another.

C.

Acts that damage or have an adverse effect on the environment.

D.

Acts that conceal inappropriate activities in the organization.

Question 28

Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?

Options:

A.

To gain access to a wider variety of skills, competencies and best practices.

B.

To complement existing expertise with a required skill and competency for a particular audit engagement.

C.

To focus on and strengthen core audit competencies.

D.

To provide the organization with appropriate contingency planning for the internal audit function.

Question 29

Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?

Options:

A.

A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.

B.

A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.

C.

A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.

D.

A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.

Question 30

The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?

Options:

A.

Were audit findings relevant and useful to management?

B.

Does the audit report format present issues clearly and concisely?

C.

Does the IAA work with a high degree of professionalism and objectivity?

D.

Were the findings reported in a timely manner?

Question 31

Which of the following combinations of conditions is most likely a red flag for fraud?

Options:

A.

The practice of surprise audits and the implementation of an employee support program.

B.

Hiring an employee with a prior fraud conviction and yearly management review.

C.

Occasional accounting department overrides and discontinuation of the anonymous fraud hotline due to infrequent use.

D.

A veteran employee in upper management experiencing financial difficulties and recently implemented enhanced controls.

Question 32

According to IIA guidance, which of the following must the internal auditor consider to meet the requirements for due professional care?

Options:

A.

The training courses necessary to enhance the internal auditor's knowledge, skills, and other competencies.

B.

The appropriateness of assurance procedures necessary to ensure all significant risks will be identified.

C.

The use of innovative technology and data analysis techniques.

D.

The extent of work needed to achieve the engagement’s objectives.

Question 33

According to IIA guidance, which of the following must internal auditors consider to conform with the requirements for due professional care during a consulting engagement?

1. The cost of the engagement, as it pertains to audit time and expenses in relation to the potential benefits.

2. The needs and expectation of clients, including the nature, timing, and communication of engagement results.

3. The application of technology-based audit and other data analysis techniques, where appropriate.

4. The relative complexity and extent of work needed to achieve the engagement's objectives.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 34

An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. Which of the following statements about a common risk language is true?

Options:

A.

Management will be able to reduce inherent risk because they will have a better understanding of risk.

B.

Internal auditors will be able to reduce their sample sizes because controls will be more consistent.

C.

Stakeholders will have more assurance that the risks are assessed consistently.

D.

Decision makers will understand that the likelihood of missing or ineffective controls will be reduced.

Question 35

According to COSO, which of the following describes a principle related to the control environment?

Options:

A.

The organization identifies and assesses changes that could significantly impact the system of internal control.

B.

The organization establishes appropriate authorities and responsibilities in the pursuit of objectives.

C.

The organization selects and develops control activities that contribute to the mitigation of risks.

D.

The organization performs evaluations to ascertain whether internal control components are present and functioning.

Question 36

An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

Options:

A.

Preventive controls.

B.

Detective controls.

C.

Soft controls.

D.

Directive controls.

Question 37

An internal auditor uses a predefined macro provided in a popular spreadsheet application to verify the present value of the organization's investments. Which of the following is the most appropriate course of action regarding the auditor's use of this functionality?

Options:

A.

The auditor should accept the calculations generated by the function, as any further work or documentation would be inefficient.

B.

The auditor should perform a manual recalculation of several results to validate and document the results.

C.

The auditor should review the programming of the macro before its use to ensure that it is appropriate for the required calculations.

D.

The auditor should tabulate the results in the spreadsheet to ensure the macro has generated the correct results for all calculations.

Question 38

According to IIA guidance, which of the following statements describes one of the similarities between assurance and consulting services?

Options:

A.

When planning assurance and consulting engagements, internal auditors must consider the strategies and objectives of the activity being reviewed.

B.

Internal auditors determine the engagement objectives, scope, and work program for both assurance and consulting services.

C.

Internal auditors must not provide assurance or consulting services for an activity for which they had responsibility within the previous year.

D.

Both assurance and consulting services generally involve the internal auditor, the area under review, senior management, and the board.

Question 39

While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditor's relative. Which course of action should the auditor take?

Options:

A.

Proceed with the audit engagement, but do not include the relative's information.

B.

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.

Disclose in the engagement final communication that the relative is a customer.

D.

Immediately withdraw from the audit engagement.

Question 40

Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

Options:

A.

Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).

B.

Approve the annual budget and resource plan for the internal audit activity.

C.

Assist the CAE with hiring objective and competent internal audit staff.

D.

Encourage the CAE to communicate and coordinate with the external auditor.

Question 41

Which of the following is a weakness of observation as audit evidence?

Options:

A.

It cannot be used to test the completeness assertion.

B.

It cannot be used to test the existence assertion.

C.

It cannot be used to test the occurrence assertion.

D.

It cannot be relied upon because the evidence is not persuasive.

Question 42

Which of the following is a requirement for an assurance engagement that may not be for a consulting engagement?

Options:

A.

The internal audit activity has to ensure team members' objectivity is not impaired.

B.

Auditors cannot participate in an assurance engagement of a function for which they previously performed a consulting engagement.

C.

The scope and objective of the engagement is agreed upon based on the engagement client's needs.

D.

The internal audit activity must ensure management actions have been implemented effectively or risk accepted.

Question 43

A chief audit executive (CAE) is reviewing the internal audit activity's performance and is concerned that the average number of revisions to findings is steadily rising, making it increasingly difficult to trace the finding to the supporting evidence and workpapers. According to MA guidance, which of the following elements of the internal audit activity's quality assurance and improvement program would provide the CAE with the most helpful insight into the cause of this problem?

Options:

A.

The overall effectiveness of the internal audit activity's periodic self assessments.

B.

The type of audit productivity and performance statistics reported.

C.

The adequacy of the day-to-day supervision and review process.

D.

The scope and frequency of external assessments.

Question 44

Which of the following is not an objective of internal control?

Options:

A.

Compliance.

B.

Accuracy.

C.

Efficiency.

D.

Validation.

Question 45

According to IIA guidance, which of the following is an area in which the internal auditor should be proficient?

Options:

A.

Management principles.

B.

Computerized information systems.

C.

Internal audit standards, procedures, and techniques.

D.

Fundamentals of accounting, economics, and finance.

Question 46

According to COSO, which of the following is not considered one of the components of an organization's internal environment?

Options:

A.

Authority and responsibility to resolve issues.

B.

Framework to plan, execute and monitor activities.

C.

Integrated responses to multiple risks.

D.

Knowledge and skills needed to perform activities.

Question 47

According to IIA guidance, which of the following external groups is most likely to represent a liability risk, based on activities associated with the organization's corporate social responsibility program?

Options:

A.

Consumers.

B.

Activists.

C.

Suppliers.

D.

Investors.

Question 48

The manager for an organization's accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?

Options:

A.

An operations audit of the accounts payable department.

B.

A consulting engagement related to a new accounts payable optimization initiative.

C.

A review of the employees' sports club finances, which are overseen by the chief audit executive.

D.

An assurance review for a sales program on which she previously provided consultation.

Question 49

According to The IIA's Code of Ethics, which of the following statements is true?

Options:

A.

When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value.

B.

When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity.

C.

When an internal auditor disagrees with the treatment received by workers in the organization's foreign subsidiary and alters the audit program to highlight the issue, he fails to demonstrate objectivity.

D.

When an internal auditor continues with an audit engagement, despite the audit client's claims that the work performed is unnecessary and redundant he fails to demonstrate competency.

Question 50

Faced with a complex, highly technical construction audit engagement, the chief audit executive (CAE) considered complementing the current internal audit resources by engaging the services of a civil engineer.

Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?

1. Professional certification, license, or other recognition of the engineer's competence in the relevant discipline.

2. Experience of the engineer in the type of work being considered.

3. Compensation or other incentives that the engineer may receive.

4. The extent of other ongoing services that the engineer may be performing for the organization.

Options:

A.

1 and 4 only

B.

2 and 3 only

C.

3 and 4 only

D.

1, 2, and 4 only

Question 51

The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?

Options:

A.

The CAE's work may be reviewed by any other experienced staff member within the IAA.

B.

The CAE's work should be reviewed by an individual with the appropriate background and knowledge.

C.

The CAE may self-review his work, provided he discloses this practice in the final report.

D.

The CAE should avoid performing engagements to ensure he is able to review all audit work objectively.

Question 52

Which of the following statements is true with regard to conducting an effective quality assurance and improvement program?

Options:

A.

The IIA's Quality Assessment Manual for the Internal Audit Activity must be used as the basis for periodic assessments.

B.

Members of the internal audit activity are not permitted to perform quality assessments, as they would not be independent.

C.

Periodic internal assessments provide the most current and independent recommendations for improvement.

D.

The conclusions of periodic internal assessments are intended to assist in achieving conformity to the Standards.

Question 53

According to IIA guidance, which of the following statements is true regarding periodic internal assessments of the internal audit activity?

Options:

A.

Internal assessments are conducted to benchmark the internal audit activity's performance against industry best practices.

B.

Internal assessments must be performed at least once every five years by a qualified assessor.

C.

An internal auditor may perform a peer review of a colleague's workpapers, as long as the auditor wasn't involved in the audit under review.

D.

Follow-up to ensure appropriate improvements are implemented is a recommended, but not mandatory, element of internal assessments.

Question 54

Which of the following options is the most cost-effective and efficient way for internal auditors to keep current with the latest developments in the internal audit profession?

Options:

A.

Attending annual professional conferences and seminars.

B.

Participating in on-the-job training in various departments of the organization.

C.

Pursuing as many professional certifications as possible.

D.

Maintaining membership in The HA and similar professional organizations and subscribing to relevant email updates or news feeds.

Question 55

Which of the following is an example of a management control technique?

Options:

A.

A budget.

B.

A risk assessment.

C.

The board of directors.

D.

The control environment.

Question 56

Which of the following responsibilities would fall under the role of the chief audit executive, rather than internal audit staff or the audit manager?

Options:

A.

Manage and support a quality assurance and improvement program.

B.

Maintain industry-specific knowledge appropriate to the audit engagements

C.

Set clear performance standards for internal auditors and the internal audit activity.

D.

Apply problem-solving techniques for routine situations.

Question 57

Which of the following techniques would provide the most compelling evidence that a safety hazard exists within a manufacturing facility?

Options:

A.

Observation of the facility during operations.

B.

Questioning of facility management, including the facility safety officer.

C.

Analysis of facility operating reports, focusing on instances when breakdowns occurred.

D.

Review of records involving safety violations, filed by facility production employees.

Question 58

A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization's payroll function, which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?

Options:

A.

She may participate, but only after she has completed one year with the IAA.

B.

She may participate, because she did not previously work in the Human Resources Department.

C.

She may participate, but she must be supervised by the auditor in charge.

D.

She may participate for training purposes, to build her knowledge of the IAA.

Question 59

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Options:

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Question 60

Which of the following is an example of collusion?

Options:

A.

An employee includes a faked receipt in his expense claim, and the claim is signed by the employee's manager.

B.

A vendor inflates the price of an item and remits a portion of the excess to the purchasing manager.

C.

A vendor sends a duplicate invoice with a new invoice number, and the accounts payable system fails to detect the duplication.

D.

An employee works with the IT manager to develop a program for identifying duplicate invoice payments.

Question 61

The process of scenario planning begins with which of the following steps?

Options:

A.

Determining the trends that will influence key factors in the organization's environment.

B.

Selecting the issue or decision that will impact how the organization conducts future business.

C.

Selecting leading indicators to alert the organization of future developments.

D.

Identifying how customers, suppliers, competitors, employees, and other stakeholders will react.

Question 62

An organization produces two products, X and Y. The materials used for the production of both products are limited to 500 kilograms (kg) per month. All other resources are unlimited and their costs are fixed. Individual product details are as follows:

Product X

Product Y

Selling price per unit

$10

$13

Materials per unit (at $1/kg)

2 kg

6 kg

Monthly demand

100 units

120 units

In order to maximize profit, how much of product Y should the organization produce each month?

Options:

A.

50 units.

B.

60 units.

C.

100 units.

D.

120 units.

Question 63

Which of the following application software features is the least effective control to protect passwords?

Options:

A.

Suspension of user IDs after a user's repeated attempts to sign on with an invalid password.

B.

Encryption of passwords prior to their transmission or storage.

C.

Forced change of passwords after a designated number of days.

D.

Automatic logoff of inactive users after a specified time period of inactivity.

Question 64

Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?

Options:

A.

There is a greater need Kr organizations to rely on users to comply with policies and procedures.

B.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

C.

Incident response times are less critical in the BYOD environment. compared to a traditional environment

D.

There is greater sharing of operational risk in a BYOD environment.

Question 65

A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:

Options:

A.

Adequate segregation of duties between data processing controls and file security controls.

B.

Documented procedures for remote job entry and for local data file retention.

C.

Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.

D.

Established procedures to prevent and detect unauthorized changes to data files.

Question 66

When granting third parties temporary access to an entity's computer systems, which of the following is the most effective control?

Options:

A.

Access is approved by the supervising manager.

B.

User accounts specify expiration dates and are based on services provided.

C.

Administrator access is provided for a limited period.

D.

User accounts are deleted when the work is completed.

Question 67

At what point during the systems development process should an internal auditor verify that the new application's connectivity to the organization's other systems has been established correctly?

Options:

A.

Prior to testing the new application.

B.

During testing of the new application.

C.

During implementation of the new application.

D.

During maintenance of the new application.

Question 68

Which of the following is the most effective control to prevent unauthorized entrance of a former employee of the organization?

Options:

A.

Revoking the former employee's biometrics from the entrance systems

B.

Installing security guards who have undergone a background check at all entrances.

C.

Installing multiple high-powered surveillance cameras throughout the organization

D.

Keeping doors locked and accessible with a key that is provided only to employees

Question 69

Which of the following statements pertaining to a market skimming pricing strategy is not true?

Options:

A.

The strategy is favored when unit costs fall with the increase in units produced.

B.

The strategy is favored when buyers are relatively insensitive to price increases.

C.

The strategy is favored when there is insufficient market capacity and competitors cannot increase market capacity.

D.

The strategy is favored when high price is perceived as high quality.

Question 70

Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users?

Options:

A.

Increasing complexity over time.

B.

Interface with corporate systems.

C.

Ability to meet user needs.

D.

Hidden data columns or worksheets.

Question 71

The percentage of sales method, rather than the percentage of receivables method, would be used to estimate uncollectible accounts if an organization seeks to:

Options:

A.

Use an aging schedule to more closely estimate uncollectible accounts.

B.

Eliminate the need for an allowance for doubtful accounts.

C.

Emphasize the accuracy of the net realizable value of the receivables on the balance sheet.

D.

Use a method that approximates the matching principle.

Question 72

Providing knowledge, motivating organizational members, controlling and coordinating individual efforts, and expressing feelings and emotions are all functions of:

Options:

A.

Motivation.

B.

Performance.

C.

Organizational structure.

D.

Communication.

Question 73

In which of the following plans is an employee most likely to find guidance on action and performance standards?

Options:

A.

Operational plans.

B.

Tactical plans.

C.

Strategic plans.

D.

Mission plans.

Question 74

In which type of business environment are price cutting strategies and franchising strategies most appropriate?

Options:

A.

Embryonic, focused.

B.

Fragmented, decline.

C.

Mature, fragmented.

D.

Competitive, embryonic.

Question 75

Which of the following describes a typical desktop workstation used by most employees in their daily work?

Options:

A.

Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network.

B.

Workstation contains software that controls information flow between the organization's network and the Internet.

C.

Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network.

D.

Workstation contains software that manages user's access and processing of stored data on the organization's network.

Question 76

An organization's balance sheet indicates that the total asset amount and the total capital stock amount remained unchanged from one year to the next, and no dividends were declared or paid. However, the organization reported a loss of $200,000. Which of the following describes the most likely year-over-year change to the organization's total liabilities and total stockholder equity?

Options:

A.

The total liabilities and total stockholder equity both increased.

B.

The total liabilities and total stockholder equity both decreased.

C.

The total liabilities decreased, and the total stockholder equity increased.

D.

The total liabilities increased, and the total stockholder equity decreased.

Question 77

Which of the following conditions could lead an organization to enter into a new business through internal development rather than through acquisition?

Options:

A.

It is expected that there will be slow retaliation from incumbents.

B.

The acquiring organization has information that the selling organization is weak.

C.

The number of bidders to acquire the organization for sale is low.

D.

The condition of the economy is poor.

Question 78

Which of the following standards would be most useful in evaluating the performance of a customer-service group?

Options:

A.

The average time per customer inquiry should be kept to a minimum.

B.

Customer complaints should be processed promptly.

C.

Employees should maintain a positive attitude when dealing with customers.

D.

All customer inquiries should be answered within seven days of receipt.

Question 79

How do data analysis technologies affect internal audit testing?

Options:

A.

They improve the effectiveness of spot check testing techniques

B.

They allow greater insight into high risk areas.

C.

They reduce the overall scope of the audit engagement.

D.

They increase the internal auditor's objectivity

Question 80

Which of the following is not included in the process of user authentication?

Options:

A.

Authorization.

B.

Identification.

C.

Verification.

D.

Validation.

Question 81

Technological uncertainty, subsidy, and spin-offs are usually characteristics of:

Options:

A.

Fragmented industries.

B.

Declining industries.

C.

Mature industries.

D.

Emerging industries.

Question 82

In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?

Options:

A.

It uses the same products in all countries.

B.

It centralizes control with little decision-making authority given to the local level.

C.

It is an effective strategy when large differences exist between countries.

D.

It provides cost advantages, improves coordinated activities, and speeds product development.

Question 83

The market price is the most appropriate transfer price to be charged by one department to another in the same organization for a service provided when:

Options:

A.

There is an external market for that service.

B.

The selling department operates at 50 percent of its capacity.

C.

The purchasing department has more negotiating power than the selling department.

D.

There is no external market for that service.

Question 84

The greatest advantage of functional departmentalization is that it:

Options:

A.

Facilitates communication between primary functions.

B.

Helps to focus on the achievement of organizational goals.

C.

Provides for efficient use of specialized knowledge .

D.

Accommodates geographically dispersed companies

Question 85

Organizations use matrix management to accomplish which of the following?

Options:

A.

To improve the chain of command.

B.

To strengthen corporate headquarters.

C.

To focus better on a single market.

D.

To increase lateral communication.

Question 86

Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:

Activity Level -

Maintenance Cost

Month

Patient Days

Incurred

January

5,600

$7,900

February

7,100

$8,500

March

5,000

$7,400

April

6,500

$8,200

May

7,300

$9,100

June

8,000

$9,800

If the cost of maintenance is expressed in an equation, what is the independent variable for this data?

Options:

A.

Fixed cost.

B.

Variable cost.

C.

Total maintenance cost.

D.

Patient days.

Question 87

Which of the following are typical audit considerations for a review of authentication?

1. Authentication policies and evaluation of controls transactions.

2. Management of passwords, independent reconciliation, and audit trail.

3. Control self-assessment tools used by management.

4. Independent verification of data integrity and accuracy.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 88

An organization decided to install a motion detection system in its warehouse to protect against after-hours theft. According to the COSO enterprise risk management framework, which of the following best describes this risk management strategy?

Options:

A.

Avoidance.

B.

Reduction.

C.

Elimination.

D.

Sharing.

Question 89

The critical path for any project is the path that exhibits which of the following characteristics?

Options:

A.

Has the longest duration in time.

B.

Costs the most money.

C.

Requires the largest amount of labor

D.

Is deemed most important to the project.

Question 90

Which of the following IT-related activities is most commonly performed by the second line of defense?

Options:

A.

Block unauthorized traffic.

B.

Encrypt data.

C.

Review disaster recovery test results.

D.

Provide independent assessment of IT security.

Page: 1 / 60
Total 604 questions