IIA IIA-ACCA ACCA CIA Challenge Exam Exam Practice Test

CSA allows management to have input into the audit plan.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

CSA can improve the control environment.

CSA increases control consciousness.

Disclose the information in a separate report.

Distribute the information in a confidential report to the board only

Distribute the reports through the use of blind copies.

Exclude the results from the report and verbally report the conditions to senior management and the board.

1 and 2

2 and 4

1, 2, and 3

2, 3, and 4

Informal, soft controls are omitted, and greater focus is placed on hard controls.

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

Internal auditors become involved in and knowledgeable about the self-assessment process.

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

1 and 2

1 and 3 only

2 and 4

1, 3, and 4

Evaluate and verify management's response, and determine the need and scope for additional work.

Evaluate and verify management's response, and establish timelines for corrective action by management.

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

1 and 2

1 and 3

2 and 4

3 and 4

Verify that approvals of purchasing documents comply with the authority matrix.

Observe whether the purchase orders are sequentially numbered.

Examine whether the sales department supervisor approves invoices for payment.

Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

1 and 2

1 and 4

2 and 3

3 and 4

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

All completed training costs, and the cost of actual production hours completed to date.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

All completed training costs, and 50% of the contracted production costs.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Cost.

Independence.

Familiarity.

Flexibility.

The audit supervisor should include the new contracts in the finding for the final audit report.

The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.

The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.

The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

Coach management in responding to risks.

Develop risk management strategies for board approval.

Facilitate identification and evaluation of risks.

Evaluate risk management processes.

Verify that amounts are correct.

Verify that payments are on time.

Verify that recipients are valid employees.

Verify that benefits deductions are accurate.

1 only

4 only

1 and 3

2 and 4

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

The exit conference provides only anticipated results for inclusion in the final audit communication.

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

Reassign information systems auditors to assist in implementing management's action plan.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

Option A

Option B

Option C

Option D

Integrity.

Flexibility.

Initiative.

Curiosity.

1 and 2

1 and 3

2 and 4

3 and 4

The internal audit risk assessment and audit plan for the next fiscal year.

The internal audit budget and resource plan for the coming fiscal year.

A request for an increase of the CAE's salary for the next fiscal year.

The evaluation and compensation of the internal audit team.

All assurance engagement observations should be communicated to the audit committee.

All assurance engagement observations should be included in the main section of the engagement communication.

During the "communicate" phase of an assurance engagement, it is best to define the methods and timing of engagement communications.

A detailed escalation process should be developed during the planning stage of an assurance engagement.

Acts that may endanger the health or safety of individuals.

Acts that favor one party to the detriment of another.

Acts that damage or have an adverse effect on the environment.

Acts that conceal inappropriate activities in the organization.

To gain access to a wider variety of skills, competencies and best practices.

To complement existing expertise with a required skill and competency for a particular audit engagement.

To focus on and strengthen core audit competencies.

To provide the organization with appropriate contingency planning for the internal audit function.

A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.

A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.

A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.

A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.

Were audit findings relevant and useful to management?

Does the audit report format present issues clearly and concisely?

Does the IAA work with a high degree of professionalism and objectivity?

Were the findings reported in a timely manner?

The practice of surprise audits and the implementation of an employee support program.

Hiring an employee with a prior fraud conviction and yearly management review.

Occasional accounting department overrides and discontinuation of the anonymous fraud hotline due to infrequent use.

A veteran employee in upper management experiencing financial difficulties and recently implemented enhanced controls.

The training courses necessary to enhance the internal auditor's knowledge, skills, and other competencies.

The appropriateness of assurance procedures necessary to ensure all significant risks will be identified.

The use of innovative technology and data analysis techniques.

The extent of work needed to achieve the engagement’s objectives.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

Management will be able to reduce inherent risk because they will have a better understanding of risk.

Internal auditors will be able to reduce their sample sizes because controls will be more consistent.

Stakeholders will have more assurance that the risks are assessed consistently.

Decision makers will understand that the likelihood of missing or ineffective controls will be reduced.

The organization identifies and assesses changes that could significantly impact the system of internal control.

The organization establishes appropriate authorities and responsibilities in the pursuit of objectives.

The organization selects and develops control activities that contribute to the mitigation of risks.

The organization performs evaluations to ascertain whether internal control components are present and functioning.

Preventive controls.

Detective controls.

Soft controls.

Directive controls.

The auditor should accept the calculations generated by the function, as any further work or documentation would be inefficient.

The auditor should perform a manual recalculation of several results to validate and document the results.

The auditor should review the programming of the macro before its use to ensure that it is appropriate for the required calculations.

The auditor should tabulate the results in the spreadsheet to ensure the macro has generated the correct results for all calculations.

When planning assurance and consulting engagements, internal auditors must consider the strategies and objectives of the activity being reviewed.

Internal auditors determine the engagement objectives, scope, and work program for both assurance and consulting services.

Internal auditors must not provide assurance or consulting services for an activity for which they had responsibility within the previous year.

Both assurance and consulting services generally involve the internal auditor, the area under review, senior management, and the board.

Proceed with the audit engagement, but do not include the relative's information.

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

Disclose in the engagement final communication that the relative is a customer.

Immediately withdraw from the audit engagement.

Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).

Approve the annual budget and resource plan for the internal audit activity.

Assist the CAE with hiring objective and competent internal audit staff.

Encourage the CAE to communicate and coordinate with the external auditor.

It cannot be used to test the completeness assertion.

It cannot be used to test the existence assertion.

It cannot be used to test the occurrence assertion.

It cannot be relied upon because the evidence is not persuasive.

The internal audit activity has to ensure team members' objectivity is not impaired.

Auditors cannot participate in an assurance engagement of a function for which they previously performed a consulting engagement.

The scope and objective of the engagement is agreed upon based on the engagement client's needs.

The internal audit activity must ensure management actions have been implemented effectively or risk accepted.

The overall effectiveness of the internal audit activity's periodic self assessments.

The type of audit productivity and performance statistics reported.

The adequacy of the day-to-day supervision and review process.

The scope and frequency of external assessments.

Compliance.

Accuracy.

Efficiency.

Validation.

Management principles.

Computerized information systems.

Internal audit standards, procedures, and techniques.

Fundamentals of accounting, economics, and finance.

Authority and responsibility to resolve issues.

Framework to plan, execute and monitor activities.

Integrated responses to multiple risks.

Knowledge and skills needed to perform activities.

Consumers.

Activists.

Suppliers.

Investors.

An operations audit of the accounts payable department.

A consulting engagement related to a new accounts payable optimization initiative.

A review of the employees' sports club finances, which are overseen by the chief audit executive.

An assurance review for a sales program on which she previously provided consultation.

When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value.

When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity.

When an internal auditor disagrees with the treatment received by workers in the organization's foreign subsidiary and alters the audit program to highlight the issue, he fails to demonstrate objectivity.

When an internal auditor continues with an audit engagement, despite the audit client's claims that the work performed is unnecessary and redundant he fails to demonstrate competency.

1 and 4 only

2 and 3 only

3 and 4 only

1, 2, and 4 only

The CAE's work may be reviewed by any other experienced staff member within the IAA.

The CAE's work should be reviewed by an individual with the appropriate background and knowledge.

The CAE may self-review his work, provided he discloses this practice in the final report.

The CAE should avoid performing engagements to ensure he is able to review all audit work objectively.

The IIA's Quality Assessment Manual for the Internal Audit Activity must be used as the basis for periodic assessments.

Members of the internal audit activity are not permitted to perform quality assessments, as they would not be independent.

Periodic internal assessments provide the most current and independent recommendations for improvement.

The conclusions of periodic internal assessments are intended to assist in achieving conformity to the Standards.

Internal assessments are conducted to benchmark the internal audit activity's performance against industry best practices.

Internal assessments must be performed at least once every five years by a qualified assessor.

An internal auditor may perform a peer review of a colleague's workpapers, as long as the auditor wasn't involved in the audit under review.

Follow-up to ensure appropriate improvements are implemented is a recommended, but not mandatory, element of internal assessments.

Attending annual professional conferences and seminars.

Participating in on-the-job training in various departments of the organization.

Pursuing as many professional certifications as possible.

Maintaining membership in The HA and similar professional organizations and subscribing to relevant email updates or news feeds.

A budget.

A risk assessment.

The board of directors.

The control environment.

Manage and support a quality assurance and improvement program.

Maintain industry-specific knowledge appropriate to the audit engagements

Set clear performance standards for internal auditors and the internal audit activity.

Apply problem-solving techniques for routine situations.

Observation of the facility during operations.

Questioning of facility management, including the facility safety officer.

Analysis of facility operating reports, focusing on instances when breakdowns occurred.

Review of records involving safety violations, filed by facility production employees.

She may participate, but only after she has completed one year with the IAA.

She may participate, because she did not previously work in the Human Resources Department.

She may participate, but she must be supervised by the auditor in charge.

She may participate for training purposes, to build her knowledge of the IAA.

Workshops.

Surveys.

Interviews.

Observation.

An employee includes a faked receipt in his expense claim, and the claim is signed by the employee's manager.

A vendor inflates the price of an item and remits a portion of the excess to the purchasing manager.

A vendor sends a duplicate invoice with a new invoice number, and the accounts payable system fails to detect the duplication.

An employee works with the IT manager to develop a program for identifying duplicate invoice payments.

Determining the trends that will influence key factors in the organization's environment.

Selecting the issue or decision that will impact how the organization conducts future business.

Selecting leading indicators to alert the organization of future developments.

Identifying how customers, suppliers, competitors, employees, and other stakeholders will react.

50 units.

60 units.

100 units.

120 units.

Suspension of user IDs after a user's repeated attempts to sign on with an invalid password.

Encryption of passwords prior to their transmission or storage.

Forced change of passwords after a designated number of days.

Automatic logoff of inactive users after a specified time period of inactivity.

There is a greater need Kr organizations to rely on users to comply with policies and procedures.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

Incident response times are less critical in the BYOD environment. compared to a traditional environment

There is greater sharing of operational risk in a BYOD environment.

Adequate segregation of duties between data processing controls and file security controls.

Documented procedures for remote job entry and for local data file retention.

Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.

Established procedures to prevent and detect unauthorized changes to data files.

Access is approved by the supervising manager.

User accounts specify expiration dates and are based on services provided.

Administrator access is provided for a limited period.

User accounts are deleted when the work is completed.

Prior to testing the new application.

During testing of the new application.

During implementation of the new application.

During maintenance of the new application.

Revoking the former employee's biometrics from the entrance systems

Installing security guards who have undergone a background check at all entrances.

Installing multiple high-powered surveillance cameras throughout the organization

Keeping doors locked and accessible with a key that is provided only to employees

The strategy is favored when unit costs fall with the increase in units produced.

The strategy is favored when buyers are relatively insensitive to price increases.

The strategy is favored when there is insufficient market capacity and competitors cannot increase market capacity.

The strategy is favored when high price is perceived as high quality.

Increasing complexity over time.

Interface with corporate systems.

Ability to meet user needs.

Hidden data columns or worksheets.

Use an aging schedule to more closely estimate uncollectible accounts.

Eliminate the need for an allowance for doubtful accounts.

Emphasize the accuracy of the net realizable value of the receivables on the balance sheet.

Use a method that approximates the matching principle.

Motivation.

Performance.

Organizational structure.

Communication.

Operational plans.

Tactical plans.

Strategic plans.

Mission plans.

Embryonic, focused.

Fragmented, decline.

Mature, fragmented.

Competitive, embryonic.

Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network.

Workstation contains software that controls information flow between the organization's network and the Internet.

Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network.

Workstation contains software that manages user's access and processing of stored data on the organization's network.

The total liabilities and total stockholder equity both increased.

The total liabilities and total stockholder equity both decreased.

The total liabilities decreased, and the total stockholder equity increased.

The total liabilities increased, and the total stockholder equity decreased.

It is expected that there will be slow retaliation from incumbents.

The acquiring organization has information that the selling organization is weak.

The number of bidders to acquire the organization for sale is low.

The condition of the economy is poor.

The average time per customer inquiry should be kept to a minimum.

Customer complaints should be processed promptly.

Employees should maintain a positive attitude when dealing with customers.

All customer inquiries should be answered within seven days of receipt.

They improve the effectiveness of spot check testing techniques

They allow greater insight into high risk areas.

They reduce the overall scope of the audit engagement.

They increase the internal auditor's objectivity

Authorization.

Identification.

Verification.

Validation.

Fragmented industries.

Declining industries.

Mature industries.

Emerging industries.

It uses the same products in all countries.

It centralizes control with little decision-making authority given to the local level.

It is an effective strategy when large differences exist between countries.

It provides cost advantages, improves coordinated activities, and speeds product development.

There is an external market for that service.

The selling department operates at 50 percent of its capacity.

The purchasing department has more negotiating power than the selling department.

There is no external market for that service.

Facilitates communication between primary functions.

Helps to focus on the achievement of organizational goals.

Provides for efficient use of specialized knowledge .

Accommodates geographically dispersed companies

To improve the chain of command.

To strengthen corporate headquarters.

To focus better on a single market.

To increase lateral communication.

Fixed cost.

Variable cost.

Total maintenance cost.

Patient days.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

Avoidance.

Reduction.

Elimination.

Sharing.

Has the longest duration in time.

Costs the most money.

Requires the largest amount of labor

Is deemed most important to the project.

Block unauthorized traffic.

Encrypt data.

Review disaster recovery test results.

Provide independent assessment of IT security.