New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

IIA IIA-CIA-Part1 Essentials of Internal Auditing Exam Practice Test

Essentials of Internal Auditing Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

A significant number of employees expressed concerns of a hostile work environment within a large manufacturing plant, which is in contrast to the organization's stated culture of tolerance and open communication. Which of the following approaches would be most effective for an internal auditor to assess whether the organization supports a culture of tolerance and open communication?

Options:

A.

Assess plant employees' social media activity for specific messages related to tolerance and open communication

B.

Compare plant employees’ compensation and benefits with those at similar sized organizations that have a stated culture of tolerance and open communication.

C.

Evaluate organization policies and procedures for references related to encouraging tolerance and open communication.

D.

Conduct a meeting with all plant employees and management to discuss tolerance and open communication

Question 2

Due to the increased operational responsibility of the CEO the chief audit executive (CAE) of an organization currently reports to the chief financial officer (CFO) What is the likely impact of such a situation?

Options:

A.

There may be limitation in the scope of engagements that can be undertaken

B.

The CFO could provide expert advice when auditing areas under his purview

C.

The internal audit activity is adequately positioned when the CAE reports to a member of executive management

D.

The expertise of finance staff can be called upon during an audit of finance-related areas

Question 3

An internal audit team analyzed the organization's value-at-risk model during an assurance engagement and suggested several useful improvements. Management was impressed by the internal audit team’s work and requested additional actions. Which of the following requested actions would impact internal audit independence most severely if fulfilled?

Options:

A.

Assess the effectiveness of the model at least semi-annually.

B.

Modify model inputs and suggest courses of action based on outcomes.

C.

Employ acquired experience to test other models used by the company.

D.

Validate whether model outputs serve the purpose stated by the model.

Question 4

An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank's IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?

Options:

A.

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

B.

Not allow the audit manager to hire the contractor, as it would be a conflict of interest

C.

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

D.

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

Question 5

According to The IIA’s Code of Ethics, which of the following statements is true?

Options:

A.

When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value.

B.

When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity.

C.

When an internal auditor disagrees with the treatment received by workers in the organization’s foreign subsidiary and alters the audit program to highlight the issue, the fails to demonstrate objectivity.

D.

When an internal auditor continues with an audit engagement, despite the audit client’s claims that the work performed is unnecessary and redundant, he fails to demonstrate competency.

Question 6

Which of the following scenarios best illustrates due professional care?

Options:

A.

An internal auditor who previously worked in the payroll department within the last year was intentionally excluded by the chief audit executive from the audit team assigned to a payroll audit

B.

While performing a payroll audit an auditor became skeptical about significant payments made to a manager. The auditor sought to determine whether these payments were reasonable through discussion with a manager in a different department in the organization

C.

The head of the payroll department being audited is a business partner of the engagement supervisor During the audit the engagement supervisor sought to maintain his objectivity by not participating in fieldwork

D.

An auditor assigned to a payroll audit was unable to reperform some complex payroll computations for a small number of employees The sum of these payments was below the materiality thresholds provided so the auditor did not perform further tests

Question 7

Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?

Options:

A.

Accommodation.

B.

Reaction.

C.

Defense.

D.

Proaction.

Question 8

Which competency is required of all staff internal auditors prior to the commencement of an IT audit?

Options:

A.

The ability to assess IT governance.

B.

The ability to provide an explanation on the risk profile of the organization to the board and senior management.

C.

The ability to ensure that proposals for improvements to internal controls are balanced with organizational objectives and capabilities.

D.

The ability to assess the potential for fraud risk and identifying common types of fraud associated with the engagement.

Question 9

Which of the following is the best way for internal auditors to demonstrate their proficiency to effectively carry out their professional responsibilities?

Options:

A.

Volunteer for audit engagements in areas or industries in which the auditor is unfamiliar

B.

Sign an annual attestation indicating that the auditor has all required competencies to perform her job effectively.

C.

Obtain appropriate professional certifications or other designations.

D.

Disclose potential impairments to independence or objectivity prior to performing an audit engagement.

Question 10

According to The IIA’s Code of Ethics, which of the following scenarios offers the best example of violating the principle of integrity?

Options:

A.

An internal audit manager collaborates with senior management to provide misleading information to government authorities.

B.

An internal audit manager provides sample audit reports and workpapers to a friend without obtaining prior approval

C.

An internal audit manager carries out a technical audit request without seeking expert opinion, despite a lack of the requisite skills.

D.

An internal audit manager assigned to audit a sales process failed to reveal that the process owner is a relative

Question 11

Which of the following is an example of corruption?

Options:

A.

Recognizing revenue up front rather than over a contract’s life to inflate revenue for the current period

B.

Requesting reimbursement for overstated travel and entertainment expense amount

C.

Misstating realized foreign currency transaction gains or losses

D.

Demanding payment from a vendor for decisions made in the vendor’s favor

Question 12

Which of the following statements is true regarding consulting engagements?

Options:

A.

Internal auditors cannot provide consulting services related to operations for which they had previous responsibilities.

B.

The nature of consulting services to be performed by internal auditors must be defined in the internal audit charter

C.

If internal auditors have potential impairments to objectivity related to the proposed consulting engagement, the engagement must be declined.

D.

If internal auditors lack the knowledge, skills, or other competencies needed to perform the consulting engagement, the engagement can proceed with proper disclosures.

Question 13

Which of the following is a detective control strategy against fraud?

Options:

A.

Requiring employees to attend ethics training.

B.

Performing background checks on employees.

C.

Implementing a control self-assessment.

D.

Performing a surprise audit

Question 14

An internal auditor has completed an assurance engagement Which of the following is most likely true regarding the engagement?

Options:

A.

During audit planning, the auditor provided the client with the scope of the engagement for their agreement

B.

The results of the engagement were included in a written report that was issued to the client who requested the engagement

C.

During audit planning, the auditor determined that the engagement scope would include a review of the security and privacy of payroll records

D.

The client requested the review of a new payroll system in order to improve the security of the system

Question 15

A newly appointed chief audit executive (CAE) is tasked with creating a new internal audit activity within the organization. Which of the following would the CAE need to include in the new internal audit charter?

Options:

A.

The requirement to provide an annual cost analysis that justifies having an internal audit activity

B.

The specific engagements that the internal audit activity will perform for the organization

C.

The board s oversight role and responsibilities pertaining to the internal audit activity

D.

The relevant regulations that will guide the internal audit activity's regulatory compliance assessments

Question 16

Which of the following statements is true regarding consulting and assurance engagements performed by the internal audit activity'?

Options:

A.

For both assurance and consulting engagements, the auditor must independently and objectively select the criteria for evaluation

B.

For a consulting engagement, internal auditors and management jointly agree on the adequate criteria needed to evaluate governance, risk management, and controls. This is not true of assurance engagements

C.

Engagement planning and fieldwork are similar for both types of engagements (there are no major differences) although the reporting process is different depending on which service is provided

D.

For a consulting engagement objectives must address governance risk management and control processes to the extent agreed upon with the client. This is not true of assurance engagements

Question 17

Following a quality assurance review of a small internal audit activity, the external reviewer and the chief audit executive (CAE) cannot agree on the importance of several deficiencies noted during the review. Which of the following would be the most appropriate next step for the reviewer to take?

Options:

A.

Remove the areas of disagreement from the scope of the engagement and seek informal compromises with the CAE.

B.

Issue the report to senior management, noting the deficiencies for immediate resolution.

C.

Issue the report, noting the deficiencies with comments that address the areas of disagreement.

D.

Request arbitration from the audit committee to resolve discrepancies prior to issuing the final report

Question 18

Which of the following should catch the internal auditor's attention as a potential red flag for fraud?

Options:

A.

The accounting unit keeps detailed records and preserves supporting documentation in excess of company requirements

B.

One of the subsidiaries has more bank accounts than any other comparable subsidiary

C.

The same external audit firm has been with the company for three years without rotation

D.

The arithmetic median tenure of employees working at production facilities is 15 years

Question 19

The internal audit activity audited an organization's risk management function multiple times, and the recommendations that were made remain unaddressed by the head of risk management. Which of the following would be the next step for the internal audit activity?

Options:

A.

The internal audit activity should add value by implementing the recommendations on management's behalf.

B.

The chief audit executive (CAE) must discuss this matter with senior management and the board

C.

The CAE should determine which recommendations to implement based on the severity of the associated risks.

D.

The internal audit activity, led by the CAE. should assume responsibility for risk management function.

Question 20

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments. The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International

Standards for the Professional Practice of Internal Auditing ( Standards) Which of the following justifies inclusion of this clause in the reports?

Options:

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause

C.

The self-assessment results were validated by a qualified external review team three years prior

D.

The internal audit charter, approved by the audit committee requires conformance with the Standards

Question 21

According to IIA guidance, which of the following statements is true regarding the internal audit activity’s responsibilities in providing consulting services?

Options:

A.

The chief audit executive is responsible for deciding the priority of consulting services in the internal audit plan

B.

The scope of consulting services is determined primarily by the internal auditor with input from management of the area under review

C.

The board defines the internal audit activity’s responsibilities over consulting activities

D.

Adding value to an organization requires the internal audit activity to initiate a consulting engagement

Question 22

According to IIA guidance, which of the following best describes expense reimbursement fraud?

Options:

A.

Theft of cash after it is recorded in the books

B.

Theft of cash before it is recorded in the books

C.

Theft of assets through fictitious or inflated invoices

D.

Theft of assets through false mileage travel logs and meal charges

Question 23

According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization’s social responsibility program is effective?

Options:

A.

Senior management

B.

Internal audit activity.

C.

All employees.

D.

Board of directors.

Question 24

The chief audit executive of a large national retailer is reviewing the purpose and objectives of the organization's internal audit activity

Which of the following objectives is best aligned with The IIA's Mission of Internal Audit?

Options:

A.

To implement a quality assurance and improvement program

B.

To assess the effectiveness of internal controls over organizational assets

C.

To ensure internal auditors possess the competencies needed to perform their responsibilities

D.

To operate within the budget established by the board of directors

Question 25

The chief audit executive of an organization assigns audit resources to undertake a consulting engagement requested by senior management the previous year, and a scheduled assurance audit of the procurement process Which of the following appropriately differentiates the two engagements?

Options:

A.

The details of assurance services are expected to be included in the risk-based audit plan; this is not the case for consulting services.

B.

The objectivity of assurance services is impaired when undertaken by internal auditors who have had recent prior responsibility in the area under review; this is not the case for consulting services

C.

The performance of assurance services may be outsourced for competency gaps: this is not the case for consulting services.

D.

The results of assurance services are required to be monitored; this is not the case for consulting services

Question 26

Which of the following is true with regard to an organization's risk management practices?

Options:

A.

Risks represent a single point estimate

B.

Each organization faces the same types of risk.

C.

Risks may relate to failing to achieve positive outcomes.

D.

Mitigated risks are no longer considered to be inherent.

Question 27

An employee accepts cash payments from customers and does not record the sale. This is an example of which of the following types of fraud?

Options:

A.

Asset misappropriation.

B.

Skimming

C.

Corruption.

D.

Lapping.

Question 28

Which of the following statements is most likely to be true regarding a consulting engagement involving an organization's new payroll system?

Options:

A.

The internal auditor and engagement client established an understanding that the scope would include the new payroll system project.

B.

The payroll system engagement was scheduled as a result of internal audit's risk-based annual planning process.

C.

The internal auditor concluded that the engagement objectives would include assessing the effectiveness of the payroll process controls.

D.

The internal auditor acknowledged the engagement client’s satisfactory performance in the final engagement results that were communicated to senior management and the board.

Question 29

Which of the following is true regarding the use of a formal risk management framework?

1. It facilitates a methodical approach to risk mitigation.

2. It defines and standardizes the terminology used in risk communication.

3. It establishes the risk tolerance levels to be accommodated in the strategy.

4. It facilitates the alignment of risk mitigation strategies with management priorities.

Options:

A.

1. 2. and 3.

B.

1.2. and 4.

C.

1.3. and 4.

D.

2. 3, and 4.

Question 30

Which of the following is a primary responsibility of senior management with respect to ethical violations?

Options:

A.

Senior management provides oversight for the organization's ethical climate.

B.

Senior management promotes an ethical culture in the organization.

C.

Senior management assesses the effectiveness of the organization’s ethical programs.

D.

Senior management reviews major ethical policies in the organization for compliance

Question 31

When issuing his department’s performance report, a sales director in an insurance company knowingly fails to correct the reserves for unearned income that resulted from cancellations of policy subscriptions. This could be considered which of the following types of fraud?

Options:

A.

Asset misappropriation

B.

Skimming

C.

Disbursement fraud

D.

Information misrepresentation

Question 32

Which of the following best demonstrates the authority of the internal audit activity?

Options:

A.

Suggesting alternatives to decision makers.

B.

Improving the integrity of information.

C.

Determining the scope of internal audit services

D.

Achieving engagement objectives.

Question 33

Which of the following is a greater consideration for internal auditors when they are performing a consulting engagement than when they are performing an assurance engagement'?

Options:

A.

The relative complexity of the engagement

B.

The cost of the engagement relative to its benefits

C.

The extent of work needed to achieve the engagement's objective

D.

The needs and expectations of the engagement client

Question 34

An accounts payable clerk who has access to the vendor master file replaced the payment details of a legitimate vendor with those of a friend before processing the payment through the organization's cashier. Immediately afterward, he restored the original vendor information. Which of the following controls could have prevented this fraud?

Options:

A.

Approval of master file change requests by the accounts payable supervisor

B.

Comparison of the check register to original invoices.

C.

Segregation of duties between accounts payable and the cashier.

D.

Frequent issuance of account statements sent to the vendors.

Question 35

An internal auditor performed a risk assessment and concluded that the controls over access privileges to a bank account were appropriate. Later, the auditor learned that a contractor was using a shared password provided by an authorized user of the account. Which of the following statements best describes the auditor's application of due professional care?

Options:

A.

Due professional care was exercised, despite the auditor’s failure to identify the significant risk.

B.

Due professional care was not exercised because the auditor failed to identify all the significant risks during the risk assessment.

C.

Due professional care was not exercised because the residual risk from the possibility of authorized users sharing their passwords was not considered.

D.

Due professional care was not exercised because the auditor failed to conduct interviews to obtain testimonial evidence of possible password sharing

Question 36

According to IIA guidance, which of the following would the internal audit activity examine in order to evaluate the organization's governance process for strategic and operational decisions'?

Options:

A.

The risk assessment process including interviews with senior management.

B.

The organization’s mission and value statements, code of conduct, and whistleblowing policy

C.

Board meeting minutes the board policy manual, and past audit reports

D.

Staff compensation objective setting and the performance evaluation policy and process

Question 37

IT management requires all employees in the IT department to attend annual training on the department’s mission values and key performance measures This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge’s kills gap

B.

Monitoring gap

C.

Accountability/reward failure

D.

Communication failure

Question 38

As a result of a high-profile processing error, respective business unit managers are implementing new controls. The internal audit team was asked for their advice regarding the controls. The objective of this consulting engagement would be determined by which of the following?

Options:

A.

The organization's board of directors.

B.

The chief audit executive.

C.

The business unit manager and the engagement supervisor.

D.

The compliance manager and the business unit manager.

Question 39

Which of the following scenarios depicts an appropriate role for the internal audit activity to take regarding an organization's risk management process?

Options:

A.

Internal audit designs and implements the organization's controls to help manage risk.

B.

Internal audit sets the organization's risk tolerance and promotes awareness throughout the organization.

C.

Internal audit assesses whether the organization's risk management processes are effective.

D.

Internal audit is responsible for safeguarding the organization's assets and preventing loss from occurring.

Question 40

Which of the following organizations has reached the most mature level of corporate social responsibility?

Options:

A.

An organization that is able to provide goods and services society needs and thus maximizes profit to its owners.

B.

An organization that ensures compliance to legal frameworks of the countries in which it operates and sells its products.

C.

An organization that is willing to make contributions not mandated by law or economics and expects no payback.

D.

An organization that requires its decision makers to act with equity, fairness, and respect for the rights of individuals.

Question 41

The internal audit activity was asked to conduct an investigation for potential fraud in the treasury department and subsequently contracted with a forensic accountant to join the team for the engagement. Which of the following parties has the primary responsibility for resolving any fraud incidents found as a result of this investigation?

Options:

A.

Chief audit executive.

B.

Senior management.

C.

The forensic accountant.

D.

The legal department.

Question 42

Which of the following actions by an internal auditor would be the most relevant to determine the effectiveness of controls?

Options:

A.

Participate in a fraud risk-assessment session as an in-house facilitator.

B.

Send regular written updates to senior management on new control-related regulations.

C.

Lead a seminar on internal controls and provide numerous examples to the audience.

D.

Conduct a surprise inventory count at the raw materials warehouse.

Question 43

During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids. Which of the following would be the most effective preventative control to reduce these losses?

Options:

A.

Ensure that returned merchandise is restocked to shelves or sent to the manufacturer by an independent employee.

B.

Call a sample of customers who returned merchandise to test the legitimacy of the returns and check refund amounts.

C.

Require that a manager use a reserved register code to approve voids or refunds.

D.

Analyze voids and refunds by employee, credit card number, and amount for unusual numbers, amounts, or patterns.

Question 44

Which of the following actions should the organization's governing body perform to provide the most effective governance over the organization's culture?

Options:

A.

Coordinate control activities.

B.

Provide direction.

C.

Design key controls.

D.

Deliver assurance.

Question 45

An internal auditor is assessing fraud risks and creating a fraud risk matrix for a particular branch location. Which of the following is most likely to be included in the matrix?

Options:

A.

Risks and relevant mitigating controls.

B.

Business processes and relevant fraud risks.

C.

Fraud scenarios and relevant risks.

D.

Opportunity, rationalization, and pressure to commit fraud.

Question 46

During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company's expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?

Options:

A.

Skills in evaluating the risk of fraud.

B.

Knowledge of key IT risks and controls

C.

Soft skills such as communication and negotiation.

D.

Knowledge and understanding of the company's expenses policy

Question 47

Which of the following scenarios demonstrates nonconformance with the Standards?

Options:

A.

An internal auditor failed to expand the engagement and include managements preferences when determining the scope of an upcoming assurance engagement.

B.

An internal audit activity lacks the skills need to perform a high-risk security engagement included on the annual audit plan.

C.

A chief audit executive fated to perform a risk assessment prior to preparing the audit plan

D.

An internal audit activity has existed for two years and has not undergone external quality assessment

Question 48

An organization’s board of directors has decided that the internal audit activity must have greater access to different pans of the organization in order to perform their assurance work effectively Which of !he following areas is the board seeking to improve by making this change?

Options:

A.

Internal audit authority.

B.

Internal audit reporting structure.

C.

Internal audit independence and objectivity.

D.

Internal audit interaction with the board

Question 49

It is important for the chief audit executive to consider the level of competence of the internal audit staff because their competence influences which of the following?

Options:

A.

The cost-benefit relationship of planned audits.

B.

Proficiency needed to carry out engagements.

C.

Achievement of the objectives of internal control.

D.

Quantity of the audits performed.

Question 50

Which of the following would most likely be classified as a consulting engagement?

Options:

A.

Examining the internal control effectiveness of the marketing department

B.

Assessing the adequacy of the IT system's business process design

C.

Facilitating a self assessment of the organizations business risk and control identification

D.

Reviewing the application controls in the human resources system

Question 51

Which of the following statements is true regarding the internal audit activity's quality assurance and improvement program (QAIP)?

Options:

A.

Internal assessments must be performed by the chief audit executive.

B.

An internal assessment must be performed at least once every five years.

C.

It Is permissible to share the results of the QAIP with the organization's external auditors.

D.

Results of ongoing monitoring must be validated annually by an independent external assessor.

Question 52

Which of the following scenarios demonstrates an impairment to internal audit independence?

Options:

A.

The internal auditor s denied access to partner information from management of me area under review

B.

The internal auditor tarts to disclose a potential conflict of interest relationship with management of the area under review

C.

The internal auditor concludes that controls operate effectively, although he did not gather supporting evidence

D.

The internal auditor was assigned to an assurance review of an area for which he previously had responsibilities

Question 53

Which of the following policies promotes internal audit objectivity?

Options:

A.

The chief audit executive (CAE) reports functionally to the CEO

B.

The CAE s compensation is approved by the chief financial officer

C.

The CAF's appointment is determined by the CEO

D.

The CAE reports administratively to the chief operating officer

Question 54

Who is held responsible for oversight of the organization's risk management framework?

Options:

A.

Operational management.

B.

Board of directors.

C.

Internal auditors.

D.

Head of risk management.

Question 55

Which of the following concepts is emphasized in the Mission of Internal Audit?

Options:

A.

Support of good governance and controls.

B.

Enhancement of organizational value.

C.

Protection of tangible and intangible assets.

D.

Provision of professional advisory and assurance services.

Question 56

An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles of the MA Code of Ethics did she display?

Options:

A.

Confidentiality.

B.

Independence.

C.

Competency.

D.

Objectivity

Question 57

Upon completion of an external assessment as part of the quality assurance and improvement program (QAIP), the chief audit executive (CAE) reported the results to senior management and the board The CAE included the following elements in the report

- Qualifications and independence of me external assessment team

- Conclusions of assessors

- Corrective action plans

How should the CAE improve the aforementioned approach to reporting the resets of QAIP?

Options:

A.

Senior management should be excluded from the reporting as the QAiP results must be communicated to re board only

B.

The report can be streamlined by removing unnecessary information such as the qualifications and me independence of external assessors

C.

The results must be snared with the external a auditors as well, so they can determine the extent to which they can rely on me work of the internal audit activity

D.

The report should indicate that the external assessment must be performed at least once every five years

Question 58

Which of the following skills is critical for assessing corporate social responsibility through a self-assessment?

Options:

A.

Assessment skills

B.

Assurance skills

C.

Interviewing skills

D.

Facilitation skills

Question 59

Which of the following statements is true regarding an organization's code of ethics?

Options:

A.

It should be written with primary consideration given to using a rule-based approach.

B.

It should be of two variations: one applicable internally and one applicable for third parties.

C.

Its operational effectiveness cannot be tested using traditional audit and rating systems such as maturity models.

D.

It should require an annual attestation of compliance with the code of conduct by all employees.

Question 60

A whistle blower notified internal audit of a conflict of interest between an organization's employee and a major supplier. Which of the following steps should be undertaken first?

Options:

A.

Interview the employee identified by the whistleblower.

B.

Attain an understanding of the employee's role, responsibilities, and relationship with the supplier.

C.

Notify senior management, the board, and the external auditor about the alleged fraud

D.

Review all the orders issued to the supplier to investigate potential fraud.

Question 61

Of all the common characteristics of frauds, which of the following can the organization influence the most?

Options:

A.

Pressure or incentive.

B.

Rationalization

C.

Opportunity

D.

Commitment.

Question 62

Which of the following is a key determinant used by external auditors to decide whether they can rely on work performed by the internal audit activity?

Options:

A.

The auditors' independence.

B.

The auditors' objectivity.

C.

The auditors' integrity.

D.

The auditors' confidentiality.

Question 63

While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company's engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?

Options:

A.

Include the engineering department on the audit plan, use the available internal audit resources to conduct the review, and exclude procedures that cannot be adequately assessed.

B.

Advise management to accept the assessed risk until the internal auditors are able to review the area adequately.

C.

Recruit internal auditors with the required competencies and wait until they are employed before including this audit on the internal audit plan.

D.

Proceed with a review of the engineering department but supplement the internal audit team with nonauditors from an external engineering company who have the required skills to assist

Question 64

An internal auditor notes that inventory counts are conducted on Mondays only and that all documentation is on paper as there are no computers in the underground warehouses. Also she notices that the person responsible for receiving the goods is the same one who distributes materials and spare parts Finally, she sees that spare parts are written off and taken by the heads of mining units to different underground locations to wait for their turn to be installed. Which of the described findings requires more consideration from a fraud risk perspective?

Options:

A.

The job responsibilities of the warehouse employee compromise segregation of duties

B.

Spare parts are written off before their actual usage and installation

C.

Warehouse management is conducted on paper and requires further investigation

D.

The inventory counts take place on specific days of the week for no apparent reason

Question 65

In which of the following situations would the organizational independence of an internal audit activity be impaired?

Options:

A.

The chief audit executive reports administratively to the CEO.

B.

Scope limitations are imposed on internal audits.

C.

The internal audit activity provides assurance services for an activity for which the engagement supervisor had responsibility within the previous year.

D.

The compensation committee of the board approves the remuneration of the chief audit executive.

Question 66

The chief audit executive (CAE) is drafting the annual internal audit plan and seeks input from senior management and the external auditor prior to submitting it for approval to the board. According to MA guidance, which of the following statements is true regarding this scenario?

Options:

A.

The CAE's actions are likely to impair the Independence of the internal audit activity.

B.

The CAE acted appropriately, and the independence of the internal audit activity was not impaired.

C.

The CAE should have developed the audit plan without outside influence to maintain objectivity.

D.

The CAE acted appropriately, as he has authority to determine who reviews and approves the audit plan.

Question 67

The manager of the payroll department requested a review of the payroll process, but only wants the engagement to include processes related to approval of time worked. What type of activity is this?

Options:

A.

Financial assurance engagement.

B.

Operational consulting engagement.

C.

Compliance assurance engagement.

D.

Risk management consulting engagement.

Question 68

An internal auditor assessed that the risk of steel theft at a plant is high. In response, the plant's management introduced a number of controls, including fences around the facility, a metal detector at the entrance, and monthly steel inventory counts. If the controls operate as intended, which of the following outcomes would the internal auditor hope to see?

Options:

A.

The inherent risk will be mitigated to a level lower than the residual risk.

B.

The inherent risk will be reduced to an acceptable level.

C.

The residual risk will be reduced to an acceptable level.

D.

The residual risk will be eliminated

Question 69

Which of the following actions would best help the internal audit activity promote continuous improvement in control effectiveness within the organization?

Options:

A.

Determining whether management measures and monitors the costs and benefits of controls.

B.

Providing training on controls and ongoing self-monitoring processes.

C.

Developing flowcharts to obtain information about control design adequacy.

D.

Identifying objectives and the risks involved in achieving them.

Question 70

Which of the following is true regarding risk analysis?

Options:

A.

Impact and likelihood should be assessed together.

B.

Impact and likelihood should be given equal consideration by the internal auditor.

C.

Impact and likelihood should be measured using quantitative methods.

D.

Impact and likelihood should be used to determine risk response.

Question 71

Which of the following engagements would be considered an appropriate consulting service?

Options:

A.

The internal audit activity of a commercial bank routinely performs branch audits for compliance with regulations.

B.

The internal audit activity participates in a cosourcing arrangement with an IT audit firm to test information systems security.

C.

The internal audit activity facilitates biannual training of the risk management team in risk identification methodologies.

D.

The internal audit activity partners with external auditors annually to complete fieldwork required as a part of the external audit exercise.

Question 72

Which of the following best demonstrates organizational independence of the internal audit activity?

Options:

A.

The chief audit executive reports directly to the board

B.

Internal auditors may not disclose personal data of the audit client

C.

Internal auditors may not accept gifts from management of the area under review

D.

Internal auditors must observe the law and make required disclosures

Question 73

Which of the following is ultimately responsible for the continuing professional development of internal audit activity staff?

Options:

A.

Individual internal auditors.

B.

Chief audit executive.

C.

Board of directors.

D.

CEO.

Question 74

What is the primary purpose of The IIA's Code of Ethics?

Options:

A.

Communicate specific activities appropriate to the performance of internal auditing

B.

Promote ethical culture within corporations and other business organizations

C.

Establish mandatory standards of competence for the practice of internal auditing

D.

Establish principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing

Question 75

An organization has limited resources to spend on corporate social responsibility initiatives. Which is the most suitable approach to determine how these resources should be used?

Options:

A.

Support a mix of environmental economic and social initiatives to ensure a balanced approach is taken

B.

Survey employees and external stakeholders to see which causes are best suited to the organization.

C.

Select corporate social responsibility initiatives that support the overall strategic goals of the organization

D.

Conduct a financial analysis to determine where the most impact can be made with the budget available

Question 76

According to IIA guidance, an internal audit charter should detail which of the following?

Options:

A.

The objectives and goals of management

B.

The process used by the CAE to manage the organization's internal controls

C.

The nature of services that the internal audit activity will provide to external third parties

D.

The responsibilities of the audit committee

Question 77

Which of the following frauds is most likely to occur in the accounts payable function?

Options:

A.

Factitious vendors are entered into the system, possibly resulting in improper disbursements.

B.

Bad debt expense is intentionally omitted from the financial statements.

C.

Certain costs are capitalized, rather than expensed.

D.

A related party receives benefits not appropriate in an arm's-length transaction.

Question 78

How should the internal audit activity promote continuous improvement of organizational controls?

Options:

A.

By assessing implementation of controls m individual processes during audit engagements

B.

By identifying the most significant business processes and designing effective controls for those processes

C.

By implementing an internationally accepted internal control framework across the organization

D.

By facilitating control self-assessment sessions for managers responsible for business processes

Question 79

A chief audit executive added more money to the IT training budget to ensure the organization's internal auditors were able to perform data analytics while performing an audit. Which core competency is being addressed?

Options:

A.

Data analytics

B.

IT fraud detection.

C.

Continuing professional development

D.

Due professional care.

Question 80

Regarding the chief audit executive (CAE). which ot the following is considered an impairment to the independence of the internal audit activity?

Options:

A.

The CAE reports administratively to the CEO.

B.

The CAE is asked to submit the liquidation of her travel allowances to human resources for approval.

C.

The CAE's supervisor is responsible for the risk management function.

D.

The CAE is asked to review new procedures before implementation.

Question 81

Which of the following most accurately describes corporate social responsibility at an organization?

Options:

A.

An organizational locus on improving the overall environment, even it is to the detriment of the local community.

B.

A philosophy driven by employees that flows up to senior management and the board of directors.

C.

An overall commitment of the organization to improve the quality of life for not only the employees but the community at large.

D.

A policy of ensuring that the organization is socially responsible, even if it leads to unprofitability due to increased costs.

Question 82

Which of the following must be considered by the chief audit executive before writing the internal audit charter?

Options:

A.

Internal auditors' level of competencies and skills.

B.

The manner in which the internal audit activity is viewed by the board.

C.

Evaluation of staff certifications and continued development.

D.

Effectiveness of the quality assurance and improvement program.

Question 83

Senior management asks the chief audit executive to review the organization's compliance with recently introduced legislation on international transfer pricing. The review requires an internal auditor who thoroughly understands the legislation and pricing methods. The internal audit activity does not have an auditor with those skills. Which of the following is the most appropriate course of action?

Options:

A.

Outsource the engagement to an external audit firm that has appropriate skills.

B.

Recruit a lawyer with knowledge of the legislation to the audit team and ask the new auditor to perform the engagement.

C.

Decline to perform the engagement, as the internal audit activity does not have the appropriate skill set.

D.

Carry out the engagement using existing internal audit staff to help them gain the appropriate experience.

Question 84

According to IIA guidance, the internal audit activity must be free from interference in which of the following areas in order to maintain organizational independence?

Options:

A.

Monitoring resources.

B.

Compensating the chief audit executive.

C.

Determining scope.

D.

Allocating internal costs.

Question 85

Which of the following Code of Ethics principles specifically requires internal auditors to disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review?

Options:

A.

Confidentiality.

B.

Transparency.

C.

Integrity.

D.

Objectivity.

Question 86

Which of the following offers the feast evidence that the internal audit activity has achieved organizational independence?

Options:

A.

An independent third party has assessed the organization's system of internal controls to be adequate and effective.

B.

The chief audit executive reports both functionally and administratively to the CEO.

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

Question 87

An existing Internal audit charter is currently under review for revision. Who is responsible for assuring that all required components are included?

Options:

A.

The audit committee.

B.

The head of legal and compliance.

C.

The chief audit executive.

D.

Senior management.

Question 88

Which of the following situations would best indicate to the chief audit executive that one of the audit team members is struggling with application of due professional care?

Options:

A.

The engagement supervisor requests that an auditor carry out improvements to workpapers to address numerous problems: evidence is missing, references are incorrect, and conclusions are superfluous

B.

Audit work was completed m accordance with the established goals; however, a material misstatement was later uncovered in the audited area by another assurance provider.

C.

According to the audit report, several control failures occurred due to irresponsible behavior of local management, who was consequently deprived of bonuses and wrote a negative feedback to the auditor

D.

The delivery of audit results was several weeks late because the internal auditor had to spend additional time trying to understand the nature of certain transactions with derivation.

Question 89

The chief audit executive (CAE) has decided to outsource an audit of the organization's cloud governance in the annual audit plan. Why would the CAE outsource this audit?

Options:

A.

Lack of internal audit staff proficiency.

B.

Lack of audit planning.

C.

Lack of internal assessments.

D.

Lack of due professional care.

Question 90

According to IIA guidance, which of the following activities would typically be examined when using the maturity model approach for assessing an organization's risk management program?

Options:

A.

Monitor and review.

B.

Performance measurement.

C.

Setting the context.

D.

Communication.

Question 91

An internal auditor in a newly established internal audit activity identifies many control weaknesses and raises a number of high-priority recommendations in her first few audit engagements. The internal auditor is concerned that there seems to be a poor understanding by management of risk and control. Which of the following is the most likely reason for this?

Options:

A.

Poor performance by individual operational managers in the areas audited.

B.

Unrealistic expectations by the internal audit activity on the quality of risk management and control.

C.

A lack of an effective organizational framework for risk management and control.

D.

A failure by the internal audit activity to identify and manage the organization's risks.

Question 92

Which of the following principles of The IIA's Code of Ethics implies that internal auditors should refrain from performing assurance services when there is an impairment to audit independence that has not been declared?

Options:

A.

Confidentiality.

B.

Objectivity.

C.

Integrity.

D.

Competency.

Question 93

The CEO has delegated several responsibilities to the internal audit activity. Which of the following directives should concern the chief audit executive the most?

Options:

A.

Internal auditors shall perform engagement-level risk assessments

B.

Internal auditors shall perform risk management activities.

C.

Internal auditors shall perform risk-based engagements

D.

Internal auditors shall perform organization wide risk assessments

Question 94

An engagement supervisor notes that an internal auditor usually documents and submits draft audit reports for review without giving the process owners the opportunity to state their position on the issues raised. How should the engagement supervisor respond?

Options:

A.

Encourage the auditor to continue this practice, as it demonstrates objectivity.

B.

Encourage the auditor to improve communication skills.

C.

Encourage the auditor to conduct post-engagement surveys to obtain the audit client's position on the issues raised.

D.

Encourage the auditor to sign the draft reports before submitting them.

Question 95

According to IIA guidance, which of the following statements is true regarding consulting engagements performed by the internal audit activity?

Options:

A.

Consulting engagements typically involve four or five parties: the internal audit activity, engagement client, senior management, board, and sometimes the external auditor.

B.

The scope of a consulting engagement is determined by either the engagement supervisor or chief audit executive, and it is finalized prior to beginning fieldwork.

C.

According to the Standards, internal auditors are permitted to carry out certain management functions during a consulting engagement.

D.

A preliminary risk assessment may not be needed for consulting engagements, because the expectations and objectives of the engagement are determined by the engagement client.

Question 96

Once an organization's risks are identified, what would be the next step to ensure resources are properly allocated to manage those risks?

Options:

A.

Risk responses must be selected.

B.

Risks must be assessed.

C.

The risk universe must be established.

D.

Risk responses must be aligned.

Question 97

Which of the following fraud prevention measures is most likely to trigger undesired adverse behavior if improperly designed?

Options:

A.

Disclosure of outside business activities

B.

Ethics training programs

C.

Compensation programs

D.

Exit interviews

Question 98

A chief audit executive (CAE) is concerned that the internal audit activity is not receiving adequate training and continuing education. Which of the following approaches should the CAE take?

Options:

A.

Implement a uniform professional development plan for the internal audit activity.

B.

Create a formal development agreement with each individual staff auditor.

C.

Require each internal auditor to obtain the same professional certifications.

D.

Require training and developmental activities that are sponsored by The HA.

Question 99

According to The IIA’s Code of Ethics, which of the following best describes the principle of integrity?

Options:

A.

Auditors shall observe the law and make disclosures expected by the law and the profession

B.

Auditors shall disclose all material facts known to them that if not disclosed may distort the reporting of activities under review

C.

Auditors shall engage only in those services for which they have the necessary knowledge skills and experience

D.

Auditors shall be prudent in the use and protection of information acquired in the course of their duties

Question 100

According to the IIA Code of Ethics, which of the following best describes the conduct of an internal auditor who demonstrates the principle of competency?

Options:

A.

The auditor is prudent in the use and protection of information acquired in the course of his work.

B.

The auditor does not accept anything that may impair or be presumed to impair his professional judgment.

C.

The auditor does not perform services in a particular area when he lacks skills in that area.

D.

The auditor performs work with honesty, diligence, and responsibility.

Question 101

Which of the following is the primary benefit of establishing a formal training program for the internal audit activity?

Options:

A.

It is useful to reinforce the independence of the internal audit activity.

B.

It is useful to guide internal auditors as they perform specific engagements.

C.

It is useful to maintain the skills and competencies of internal audit staff.

D.

It is useful to measure the effectiveness and maturity of the internal audit activity.

Question 102

An internal audit team was assigned to review the organization’s information security protocol After fieldwork was completed an internal auditor identified an error in the review of security access The error could affect the overall results of the engagement Which of the following is the most appropriate course of action for the internal auditor?

Options:

A.

Proceed with addressing the error and report any corrections to the engagement supervisor during the scheduled exit meeting

B.

Issue the audit report to senior management on schedule but include a disclaimer about the error

C.

Proceed with the scheduled closing of the engagement without consideration of the identified error

D.

Inform the engagement supervisor of the error and allow the supervisor to determine the appropriate action to take

Question 103

Which of the following is true regarding internal audit role's in The IIA's Three Lines Model?

Options:

A.

As internal control is part of risk management, the internal audit role in risk management implies reduced emphasis on internal control.

B.

Internal audit can blur the distinction between the second and the third lines as long as value is added.

C.

Internal audit cannot rely on other assurance providers when opining on the effectiveness of risk management.

D.

Internal audit should be aligned with first- and second-line functions through effective communication, cooperation, and collaboration.

Question 104

A chief audit executive (CAE) has been asked by the board to evaluate the effectiveness of ethical programs created by management. Which of the following would be the most appropriate action for the CAE to take?

Options:

A.

Compare the design of the organization's ethical programs with best practices.

B.

Verify that a code of conduct and related policies exist and are communicated.

C.

Use employee surveys to assess whether ethical programs are achieving desired outcomes.

D.

Compare the cost of the ethical programs with the achieved outcomes.

Question 105

According to HA guidance, which of the following would best support the internal auditor's conclusion that the organization's risk management processes are effective?

Options:

A.

The organization has identified all applicable operational and financial risks.

B.

The organization has documented its strategic and business objectives.

C.

The organization has selected risk responses aligned with its risk appetite.

D.

The organization has documented risk information pertinent to its business.

Question 106

Which of the following best describes the role of internal control frameworks?

Options:

A.

They outline specific internal controls for an organization to implement to ensure business objectives will be achieved.

B.

They provide guidance related to internal control design and implementation to assist with the evaluation and benchmarking of business practices.

C.

They serve as a list of appropriate internal controls for auditors to ensure an organization is using best practices.

D.

They serve as a template for identifying standardized best practices in effective risk management across industries and countries.

Question 107

Which of the following practices, applied by the chief audit executive {CAE), most likely indicates an effective continuing professional educational program for the internal audit activity?

Options:

A.

The CAE tasks internal auditors with coordinating assurance activities with other providers across the organization.

B.

The CAE encourages auditors to volunteer to support research work of the local professional institute.

C.

The CAE requires auditors to periodically attest to the profession's Code of Ethics.

D.

The CAE reminds auditors to ensure workpapers are completed for audit engagements.

Question 108

Which of the following best illustrates the principle of due professional care?

Options:

A.

The internal audit activity uses key performance indicators for all staff members after all audit engagements.

B.

The internal auditors provide assurance to third parties indicating that their work was properly supervised.

C.

The internal auditors demonstrate they have an understanding of engagement objectives and scope.

D.

The internal auditors are heavily involved in training and development to enhance their skills.

Question 109

According to IIA guidance, which of the following statements is true regarding due professional care?

Options:

A.

Internal auditors must exercise due professional care to Insure that all significant risks will be identified,

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist,

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost.

Question 110

Which of the following statements is true with regard to services provided by the internal audit activity?

Options:

A.

For consulting engagements, internal auditors do not need to be alert to control issues.

B.

Assurance and consulting services have similar objectives.

C.

Internal auditors may not perform assurance and consulting roles at the same time.

D.

Both assurance and consulting engagements require a final engagement report

Question 111

Which of the following is an example of a detective control?

Options:

A.

Automatic shut-off valve.

B.

Auto-correct software functionality.

C.

Confirmation with suppliers and vendors.

D.

Safety instructions.

Question 112

Which of the following scenarios would most significantly restrict the areas where internal audit could perform assurance services?

Options:

A.

Regulators mandate specific audit engagements to be included in the audit plan.

B.

The internal audit activity reports functionally to the chief financial officer

C.

The internal audit activity reports administratively to the CEO and functionally to the audit committee.

D.

The internal audit activity reports administratively to the chief financial officer.

Question 113

Which of the following controls would best mitigate the risk of fraud in the bidding process?

Options:

A.

Have a bidding committee open the tender bids.

B.

Restrict the time to submit tender bids.

C.

Keep minutes of pre-bid meetings.

D.

Allow the higher tenders to rebid.

Question 114

Which of the following best demonstrates internal auditors performing their work with proficiency?

Options:

A.

Internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA’s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Question 115

Which of the following best describes the Standards requirement for collective proficiency of the internal audit activity?

Options:

A.

The internal audit activity must have auditors on staff who collectively possess all of the competencies required to fulfill the internal audit plan,

B.

All internal auditors on staff should possess the knowledge, skills, and competencies needed to perform any assurance engagement on the audit plan.

C.

The internal audit activity must possess or obtain the competencies needed to carry out their professional responsibilities, including providing relevant advice and recommendations.

D.

Internal auditors collectively are responsible for ensuring that the internal audit activity has the competencies required to fulfill the internal audit plan.

Question 116

Which of the following actions is a chief audit executive most likely to take in order to identify gaps in the internal audit activity’s knowledge, skills, and competencies?

Options:

A.

Complete a skills assessment of the internal audit activity based on. The IIA Global Internal Audit Competency Framework.

B.

Develop a competency assessment tool for the internal audit activity based on The IIA Global Internal Audit Competency Framework.

C.

Incorporate the basic criteria for competency of the internal audit activity into the job descriptions of potential internal auditors,

D.

Develop an internal audit activity plan for training internal auditors to perform required assurance and consulting activities.

Question 117

Which of the following is most likely to be considered a control weakness?

Options:

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms.

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent.

Question 118

Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

Options:

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud.

C.

Interrogating a suspected fraudster

D.

Completing a process review to improve controls to prevent fraud

Question 119

Which of the following best describes the risk contained in an initial public offering for a new stock?

Options:

A.

Residual risk.

B.

Net risk.

C.

Inherent risk.

D.

Underlying risk.

Question 120

Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large

organization?

Options:

A.

The internal assessment results should be discussed once every five years,

B.

The rating conclusions and the impact from results of the external assessment should be explained,

C.

The results of the external assessment should be discussed every seven years,

D.

The qualifications and independence of the internal assessment team should be discussed

Question 121

Which of the following skills is most important for an internal auditor who facilitates control self-assessment workshops to possess?

Options:

A.

Groupthink.

B.

Collaboration skills.

C.

Process analysis skills.

D.

Project management skills.

Question 122

After being assigned to an audit of the accounts payable process, an internal auditor privately notifies the chief audit executive that she is a finalist for an open manager position within the accounts payable department. Which of the following is the IIA Code of Ethics principle that the auditor upheld?

Options:

A.

Independence.

B.

Confidentiality.

C.

Objectivity.

D.

Competency

Question 123

Which of the following procedures will best help an internal auditor assess operating effectiveness of fraud prevention and detection controls?

Options:

A.

Benchmarking best practices

B.

Testing,

C.

Mapping,

D.

Interviewing

Question 124

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments. The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International! Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

Options:

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.

The self-assessment results were validated by a qualified external review team three years prior.

D.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Question 125

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

Options:

A.

Residual.

B.

Net.

C.

Inherent.

D.

Accepted.

Question 126

Which of the following statements is most accurate with respect to the required elements of the quality assurance and improvement program?

Options:

A.

Internal assessments provide sufficient objectivity to provide evidence to the board that the internal audit activity understands the organization’s control processes.

B.

Quality assessments focus on the internal audit activity's structure, relationships with stakeholders, compliance with the Standards, and internal audit staff proficiency.

C.

In order to comply with the Standards, the internal audit activity must obtain an objective assessment of its processes and function at least once a year.

D.

Internal auditors completing internal assessments must demonstrate certification to perform quality assessments.

Question 127

For a new board chair who has not previously served on the organization's board, which of the following steps should first be undertaken to ensure effective leadership to the board?

Options:

A.

Chair should learn the current organizational culture of the company.

B.

Chair should learn the current risk management system of the company.

C.

Chair should determine the appropriateness of the current strategic risks.

D.

Chair should gain an understanding of the needs of key stakeholders.

Question 128

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

Options:

A.

ISO 26000.

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework

Question 129

Which of the following situations is most likely to heighten an internal auditor's professional skepticism regarding potential fraud?

Options:

A.

A procurement manager does not have the expected academic credentials for his position.

B.

A salesperson frequently complains about the organization's policy on sales commissions.

C.

The accounts payable supervisor has requested advances against her monthly salary on several occasions.

D.

A financial accountant is absent from work frequently due to regular medical procedures.

Question 130

During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as he are earning a significantly higher salary. The auditor noted the names and amounts of each, and he planned to prepare a request to the chief audit executive for a salary increase based on this information. Which of the following IIA Code of Ethics principles was violated in this scenario?

Options:

A.

Competency.

B.

Objectivity,

C.

Integrity.

D.

Confidentiality

Question 131

A newly appointed chief audit executive (CAE) started analyzing the organization's policies in an attempt to customize them to address internal audit specifics. Which of the following organizationwide practices is most likely to be acceptable to the CAE?

Options:

A.

Internal auditors1performance evaluation is primarily based on both client satisfaction surveys and cost savings identified from the audits.

B.

Standard training for each employee, including internal auditors, is 10 hours per year.

C.

To enhance efficiency, internal auditors should not be rotated regularly among engagements.

D.

Hiring practices include requiring potential auditors to disclose any significant stock ownership in the organization.

Question 132

Which of the following best describes the type of risk that an adequately designed and effectively operating system of internal controls should mitigate?

Options:

A.

Net.

B.

Controllable.

C.

inherent,

D.

Residual.

Question 133

An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing ( Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations.

According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?

Options:

A.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity

has addressed all areas of nonconformance and the audit committee has been notified.

B.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.

C.

Indicate that the internal audit activity operates in partial conformance with the Standards t as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.

D.

Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to ail parties who received the original reports.

Question 134

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy. Which of the following is the most appropriate idea to include?

Options:

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported.

C.

Management is responsible for ensuring that the organization’s CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization; thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Question 135

In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?

Options:

A.

The CAE previously undertook a consulting assignment in that area to improve processes,

B.

A couple of years ago, the CAE performed accounting functions for the payroll department.

C.

Prior to becoming the CAE, the CAE was the payroll manager.

D.

The assurance review was initiated following issues identified during a consulting assignment requested by management.

Question 136

Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?

Options:

A.

Evaluate how the organization manages fraud risk.

B.

Establish procedures for improving risk management processes.

C.

Ensure risk responses are aligned with industry standards.

D.

Verify that organizational objectives are aligned with each department’s objectives.

Question 137

An internal auditor observed that sales staff are able to modify or cancel an order in the system prior to shipping* She wonders whether they can also modify orders after shipping. Which of the following types of controls should she examine?

Options:

A.

Batch controls.

B.

Application controls.

C.

General IT controls.

D.

Logical access controls

Question 138

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Options:

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Question 139

According to NA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

Options:

A.

To enable Triple Bottom Line reporting capability.

B.

To facilitate the conduct of risk assessment.

C.

To achieve and maintain sustainable development.

D.

To fulfill regulatory and compliance requirements.

Question 140

Which of the following could increase risks to the organization’s control environment?

Options:

A.

Strong board of directors oversight.

B.

Incentive-based compensation structures.

C.

Lower than average employee turnover.

D.

Implementation of a fraud hotline.

Question 141

Which of the following statements best describes the difference between risk appetite and risk tolerance?

Options:

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization's general attitude toward risk,

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management.

C.

Risk appetite refers to an organization's general level of acceptance, while risk tolerance is a more specific and subordinate concept.

D.

There is no significant difference between the two terms.

Question 142

During an assurance engagement, an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies. Which of the following skills did the auditor demonstrate?

Options:

A.

Internal audit management.

B.

Conflict negotiation.

C.

Critical thinking.

D.

Persuasion and collaboration.

Question 143

Which of the following is a true statement regarding whistleblowing?

Options:

A.

Whistleblowing is one of several possible ethical structures an organization can undertake to encourage ethical behavior.

B.

Whistleblowing programs help employees deal with ethical questions and instill ethical values into everyday behavior

C.

Whistleblowers are current or former employees who are disgruntled and looking to retaliate.

D.

Whistleblowers should inform the organization about actual criminal circumstances, not assumed allegations

Question 144

Which of the following situations undermines the independence of the internal audit activity?

Options:

A.

The internal audit activity is responsible for the company's risk management function, and its head manager reports to the chief audit executive.

B.

A senior member of the internal audit activity once worked in the corporate finance department.

C.

The organization’s CEO reviews the internal audit activity’s annual budget per the organization’s policies and procedures.

D.

The internal audit activity often uses management's risk profile to build its own risk profile for annual planning.

Question 145

An organization is considering purchasing a new banking software system and has asked the internal audit activity to evaluate the system. An internal auditor assigned to perform the engagement worked at the software company two years ago and is familiar with the system's design strengths and weaknesses. Which of the following is true regarding impairment to the auditor's objectivity?

Options:

A.

This situation does not necessitate any action related to the auditor's objectivity.

B.

The auditor should decline to perform the audit because personal conflicts of interest are likely.

C.

The auditor must disclose to the chief audit executive that this situation may impair her objectivity.

D.

The auditor can provide only consulting services, not assurance.

Question 146

Anew internal auditor suspects fraud is taking place. Which action should the new auditor take?

Options:

A.

Collect relevant audit evidence and begin working with management of the area to investigate the fraud.

B.

Inform the chief audit executive and meet with the suspect to determine whether the person committed fraud.

C.

Document supporting information and recommend an investigation to the appropriate audit management.

D.

Evaluate existing controls and implement new procedures to mitigate the opportunity for fraud.

Question 147

An organization sells products through distributors. The organization's chief audit executive insists that the organization's code of conduct be applicable to their distributors as well. Which of the following risks would this mitigate?

Options:

A.

Business continuity

B.

Market manipulation

C.

intellectual property leakage

D.

Reputational damage

Question 148

Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?

Options:

A.

The risk of collusion between parties.

B.

The risk of falsified reconciliations.

C.

The risk of low-liquidity inventory.

D.

The risk of damages to the inventory.

Question 149

According to IIA guidance, which of the following training methods is considered most effective in assisting new entry-level internal auditors in achieving competence with internal audit practices in the workplace?

Options:

A.

Pursuance of an internal audit certification.

B.

Enrollment in internal audit practice webinars.

C.

Attendance of internal audit workshops.

D.

Involvement in a variety of audit assignments.

Question 150

An organization's operations management is aware of existing internal control deficiencies but they lack the competency to execute internal control measures. Which of the following actions if taken by the internal audit activity is appropriate to assist operating management in achieving continuous improvement on internal controls?

Options:

A.

Foster the importance of the control environment

B.

Provide training on controls and on self-monitoring processes

C.

Recommend installing an enterprisewide risk management system.

D.

Conduct more assurance assignments on high risk areas

Question 151

Which of the following would be considered a primary control to reduce the risk associated with setting up duplicate vendors?

Options:

A.

Receipt of a signed and approved vendor setup form.

B.

Segregation of duties between setting up vendors and making vendor payments.

C.

System validation and edit checks on vendor identification number

D.

A vendor setup policy and procedure.

Question 152

Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?

Options:

A.

Describe data analytics and the application of data analytics methods in internal auditing.

B.

Apply data analytics methods in internal auditing.

C.

Evaluate the use of data analytics in an internal audit.

D.

Understand the definition of data analytics only.

Question 153

Which of the following would be the most effective in helping to detect fraud?

Options:

A.

Code of conduct.

B.

Exit interviews.

C.

Fraud awareness training

D.

Employee promotion policy.

Question 154

Which of the following best describes the risk created when a manager bypasses organizational policies and procedures in order to meet an organization’s objective?

Options:

A.

Accountability/reward risk.

B.

Monitoring failure risk.

C.

Communication failure risk.

D.

Knowledge/skills risk

Question 155

According to IIA guidance, which of the following actions by a new chief audit executive would be most appropriate to gain an understanding of the current level of knowledge, skills, and competencies required by an internal audit activity to fulfill its responsibilities?

Options:

A.

Identify gaps in the activity’s proficiency, based on criteria defined by a widely accepted competency framework.

B.

Have a quality assessment review performed by an expert external entity.

C.

Identify a mature internal audit activity to serve as a benchmark for measuring the internal audit activity’s competence.

D.

Assess whether members of the internal audit activity understand and apply the 11As mandatory guidance.

Question 156

A technology company recently hired an entry-level internal auditor. To achieve conformance with the Standards, which of the following must the newly hired internal auditor possess?

Options:

A.

An understanding of fraud and fraud risk.

B.

IT audit expertise.

C.

Industry-specific knowledge

D.

At least one audit-related certification

Question 157

According to IIA guidance, which of the following would be included in an internal audit charter to help establish the authority of the internal audit activity?

Options:

A.

Outline expectations for communicating the results of all aspects of the internal audit activity.

B.

Declare the internal audit activity’s accountability for safeguarding assets and confidentiality.

C.

Document the chief audit executive’s (CAE's) reporting line

D.

Document agreement between the CAE and the individual to whom the CAE reports

Question 158

An engagement supervisor noted that an internal auditor's personal relationship with a process owner resulted in the auditor providing a favorable and partial assessment during an audit within that process owner's area. According to MA guidance, which of the following should be used to manage this impairment?

Options:

A.

An internal audit charter.

B.

An employee disciplinary policy.

C.

A functional audit committee.

D.

A functional reporting placement.

Question 159

Which of the following scenarios violates The IIA's standard regarding internal audit independence?

Options:

A.

The chief audit executive (CAE) reports on the internal audit activity's day-to-day tasks and responsibilities to the CEO.

B.

An assessment of the risk management function is reviewed by an outside consulting firm because the CAE is temporarily fulfilling the role of risk manager.

C.

The CAE regularly meets with the organization's chief risk officer, who validates all reported audit findings and dictates which will be Included In the package to the audit committee.

D.

The internal audit activity will experience staffing shortages for the next six months due to planned and unplanned leaves of absence; therefore the CAE proposed including fewer audits in the annual audit plan compared to the previous financial year.

Question 160

A third-party provider's questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization's risk management practices was most likely ineffective?

Options:

A.

The organization ensured that the third-party vendor provided the best pricing for the requested services.

B.

The organization conducted quality control reviews of provided services to ensure industry standards were met.

C.

The organization performed a due diligence review of all vendors during the bid review process.

D.

The organization planned to issue a resolution concerning the third-party provider's labor practices.

Question 161

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently.

Which common characteristics of fraud will the practice and policy most likely reduce?

Options:

A.

Pressure or incentive.

B.

Opportunity.

C.

Rationalization.

D.

Commitment.

Question 162

To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?

Options:

A.

Require board oversight of the QAIP.

B.

Assess Standards conformance for each individual engagement.

C.

Conduct a self assessment at least once every five years.

D.

Report the results of the QAIP to senior management

Question 163

As part of a fraud investigation by regulators, a court order was issued to a bank. The court order requested the chief audit executive (CAE) to provide access to a number of audit reports and workpapers, some of which included customers' confidential information such as transaction activity and other personal details. What is the appropriate response by the CAE?

Options:

A.

Reject the court order, citing a potential breach of customers' confidentiality agreement

B.

Consult with legal counsel to determine what information to provide.

C.

Respond promptly and provide all that was requested by the court order.

D.

Seek permission from customers prior to sharing their information.

Question 164

According to IIA guidance, which of the following activities would typically be examined when using the maturity model approach for assessing an organization's risk management program?

Options:

A.

Monitor and review

B.

Performance measurement.

C.

Setting the context.

D.

Communication.

Question 165

According to the Standards, which of the following is a requirement for internal audit professional development plans?

Options:

A.

Plans must include a path to certification so that each internal auditor has a certification in auditing finances.

B.

Plans must ensure that staff development activities are based primarily on the skills and competencies needed to complete the audit plan.

C.

Plans must include rotating audit areas so that auditors acquire business knowledge to be efficient in performing engagements.

D.

Plans must include rotating auditors out into business units for temporary assignments so they can obtain more business knowledge.

Question 166

Which of the following statements best describes internal auditors' role in fraud detection?

Options:

A.

Internal auditors' roles are similar to those performed by loss prevention managers or fraud investigators.

B.

Internal auditors' demonstration of adequate professional skepticism during an audit engagement is of paramount importance.

C.

Internal auditors should consider fraud risks in every assignment and demonstrate due care by detecting fraud instances.

D.

Internal auditors should possess a fraud-related body of knowledge, enabling them to carry out preventative and detective measures.

Question 167

According to IIA guidance, the nature and scope of assurance and consulting services to be offered must be clearly delineated in which of the following internal audit documents?

Options:

A.

The internal audit policies and procedures handbook.

B.

The internal audit charter.

C.

The internal audit mission statement.

D.

Each internal audit engagement letter.

Question 168

Which of the following is a limitation of detective internal controls in fraud management?

Options:

A.

Implementation costs tend to be higher than the expected benefits.

B.

They tend to be easy for fraudsters to circumvent.

C.

They are not designed to improve efficiency of operations.

D.

They are not effective in preventing fraud.

Question 169

A chief audit executive assigned an internal auditor to perform an assurance engagement. The auditor concluded with a major audit finding based on hearsay evidence Which of the following competencies did the auditor appear to be lacking?

Options:

A.

Effective communication skills

B.

Risk-based assurance knowledge

C.

Demonstration of due professional care.

D.

Demonstration of ethical behavior

Question 170

The internal audit activity is asked to provide consulting services regarding the risks related to implementing a proposed new Inventory management system. Which of the following would be a key consideration of the internal audit activity in accepting this engagement?

Options:

A.

Ask the inventory manager to determine whether the work planned would be sufficient to meet the consulting engagement objectives.

B.

Ensure that the method used to communicate the results of the consulting engagement is consistent with the board's preferred method.

C.

Determine whether the benefits to be derived from the requested assessment would exceed the cost of providing the consulting service.

D.

Use email and telephone conversations to convey the results of the engagement, as these may prove to be the most efficient methods for communicating.

Question 171

During an audit engagement, a junior staff internal auditor begins to suspect a fraud may have occurred involving a friend of the engagement supervisor. He reports his concerns to the engagement supervisor, who disagrees with his suspicions and directs him to continue with the engagement as planned. Given the circumstance, what is the most appropriate action for the junior auditor to take?

Options:

A.

Document in the workpapers and expand testing.

B.

Continue with the engagement as planned, per the more senior auditor.

C.

Report the suspected fraud to law enforcement officials and seek financial restitution.

D.

Escalate the concern to the chief audit executive.

Question 172

Which of the following represents a deficiency in the control environment?

Options:

A.

The sales department has failed to achieve targets for the last nine months.

B.

Employees report suspicious activity by calling the organization's ethics hotline.

C.

Hiring procedures do not include background checks for prospective job candidates.

D.

Management reports three potential ethics issues to the board of directors.

Question 173

Which principle of the HA Code of Ethics focuses on continuing education and professional development?

Options:

A.

Due professional care

B.

Professionalism

C.

Proficiency

D.

Competency

Question 174

Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?

Options:

A.

Evaluating and suggesting improvements to the risk management process.

B.

Establishing the organization's risk appetite.

C.

Determining whether the risk attitude is aligned with shareholder interests.

D.

Ensuring an adequate risk management system is in place.

Question 175

Which of the following is the best reason why the engagement supervisor should take care in explaining to local management the criteria that will be used to measure the effectiveness of the control environment?

Options:

A.

The assessment will cover soft controls and company values.

B.

The assessment will focus on the policy for a particular process.

C.

The assessment will lack a defined scope

D.

The assessment will probably uncover fraud risks.

Question 176

Which of the following statements is true with regard to the quality assurance and improvement program (GAIP)?

Options:

A.

As the head of the organization, the CEO selects and appoints the external quality assessment team to perform the OAIP reviews.

B.

The chief audit executive determines the scope and frequency of both internal and external quality assessments based on the availability and capacity of resources in accordance with the annual internal audit plan.

C.

Minutes of meetings held with senior management and the board to discuss the scope and frequency of internal and external assessments support the OAIP reporting requirement.

D.

The internal audit activity needs to assess whether each engagement on the annual internal audit plan is conducted in conformance with the Standards.

Question 177

Which of the following would be considered an indicator that an organization's ethics program is not yet well developed?

Options:

A.

Disciplinary actions for ethics compliance violations are reviewed by the internal audit activity for consistency.

B.

Communication of ethics compliance expectations is the responsibility of employees' direct managers.

C.

The organization's code of ethics and related compliance policy are reviewed annually for potential updates.

D.

The board of directors reviews ethics oversight metrics for violations and compliance.

Question 178

Which of the following should an internal auditor take into consideration when making a judgement regarding whether management selected appropriate risk responses?

Options:

A.

Significant risks

B.

Risk capacity

C.

Risk appetite

D.

Risk tolerance

Question 179

The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization's automobiles. However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization s production process?

Options:

A.

A general web-based training on auditing manufacturing processes.

B.

Self-study courses on the industry's production practices

C.

Industry publications that discuss production methods

D.

A virtual meeting with management that explains the production of automobiles

Question 180

Senior management has requested that the internal audit activity review and amend policies where necessary when auditing the purchasing department. To which of the following would the chief audit executive most likely give primary consideration when responding to this request?

Options:

A.

Auditor competency.

B.

Internal audit independence.

C.

Auditor objectivity.

D.

Engagement scope.

Question 181

Which of the following would be considered advanced expertise which most internal auditors are not expected to possess'?

Options:

A.

The ability to evaluate fraud risk

B.

The ability to detect and investigate fraud

C.

The ability to assess risk management strategies

D.

The ability to create test databases

Question 182

An accounts payable clerk has recently transferred Into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible Which of the following is the best action for the new internal auditor to take?

Options:

A.

If it is an assurance engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

B.

If it is a consulting engagement decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible

C.

If it is a consulting engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

D.

If it is an assurance engagement accept the assignment becausethe chief audit executive had knowledge of the internal auditor's previous role when this engagement was assigned

Question 183

Upon completion of an external quality assessment, which of the following would the chief audit executive be required to report to the board?

Options:

A.

The total time spent to accomplish the external assessment

B.

The detailed evaluation results of the external assessment

C.

The competency and independence of the external assessment team

D.

The timetable and schedule of the next external assessment

Question 184

According to IIA guidance, which of the following is true of the internal audit activity’s quality assurance and improvement program?

1 Monitoring the internal audit activity’s performance must be ongoing

2 All aspects of the internal audit activity should be evaluated

3 The requirement for external assessments can be satisfied through self-assessments that are validated by an independent external party

4 The review of assurance services should be the primary focus

Options:

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2 and 3

D.

1 3 and 4

Question 185

During a complex financial compliance engagement, a senior internal auditor determines that current audit procedures are not sufficient for adequate testing She consults with a colleague and learns that a spreadsheet application contains a helpful tool She proceeds to use the tool to properly complete the evaluation Which of the following best describes the core competency displayed by the senior auditor?

Options:

A.

Business acumen

B.

Persuasion and collaboration

C.

Critical thinking

D.

Communication

Question 186

An auditor for a large wholesaler is evaluating the controls over the approval and oversight of credit sales. Which of the following procedures would be a control weakness?

Options:

A.

The credit department is responsible for approving shipments to all customers

B.

The finance committee of the board of directors periodically reviews credit standards

C.

Customers who fail to meet credit requirements must pay cash for shipments upon delivery

D.

The sales department is responsible for determining the credit ratings of customers

Question 187

An internal auditor was assigned to work in the procurement department for six months to gam m-depth knowledge about the procurement process. Which of the following personnel development practices was applied in this situation?

Options:

A.

Cosourcing

B.

Inbound rotation

C.

Guest auditor

D.

Outbound rotation

Question 188

According to IIA guidance, which of the following most appropriately justifies the CEO’s decision that the internal audit activity shall be responsible for risk management and investigation at a multinational organization?

Options:

A.

The recommendation of the parent office external auditors.

B.

The provisions of the internal audit charter

C.

The authority of the CEO.

D.

The level of proficiency of the chief audit executive

Question 189

According to ISO 31000, which of the following statements is correct?

Options:

A.

The board is responsible for setting the organizational attitude through tone at the top,

B.

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities,

C.

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.

The framework is designed to be effective for organizations no matter how small.

Question 190

In the COSO internal control framework, which of the following components serves as the foundation for the other components?

Options:

A.

Control activities.

B.

Control environment.

C.

Risk assessment.

D.

Monitoring

Question 191

An internal auditor is providing consulting services on an area he was responsible for three years ago. Part of the consulting scope covers a review of a performance measuring system that the auditor helped to develop. What is the best course of action for the auditor to take concerning the consulting service?

Options:

A.

Accept the consulting services only after receiving approval to do so from the board.

B.

Accept the consulting services. The objectivity won't be impaired if it has been more than a year since he last worked in the area under review.

C.

Refrain from providing the consulting service because he was responsible for that area and his objectivity will be impaired,

D.

Disclose the potential impairment to the customer before accepting the consulting engagement

Question 192

Which of the following statements is true regarding corporate social responsibility (CSR)?

Options:

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan,

B.

Despite significant corporate resources spent on CSR reporting, investors generally do not rely on CSR information.

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary.

D.

Typically, operating management does not have a major role to play based on the public nature of reporting

Question 193

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

Options:

A.

An independent third party has assessed the organization's system of internal controls to be adequate and effective,

B.

The chief audit executive reports both functionally and administratively to the CEO.

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

Question 194

Which of the following best describes the board’s role in establishing effective organizational governance?

Options:

A.

The board is involved in approving operational policy

B.

The board monitors key processes and procedures

C.

The board has oversight responsibility for organizational resources

D.

The board approves management's detailed plans and objectives

Question 195

An accounts payable clerk has recently transferred into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible. Which of the following is the best action for the new internal auditor to take?

Options:

A.

If it is an assurance engagement, accept the assignment because direct knowledge of the existing accounts payable processes wifi provide depth and add more value.,

B.

If it is a consulting engagement, decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible.

C.

If it is a consulting engagement, accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value.

D.

If it is an assurance engagement, accept the assignment because the chief audit executive had knowledge of the internal auditor's previous role when this engagement was assigned.

Question 196

According to IIA guidance, which of the following statements is true regarding mentoring programs designed to assist internal auditors with their professional development?

Options:

A.

The mentor must have a higher position in the organization than the mentee

B.

An auditor s supervisor is best positioned to serve as the auditor's mentor

C.

Meetings between a mentor and a mentee should be formal and well documented

D.

Auditors at the same level may be assigned different mentors and some auditors may have no mentor

Question 197

When dealing with various stakeholders which of the following is true regarding an internal auditor's responsibility to remain objective and independent?

Options:

A.

When deciding between conflicting reports of a control's performance from a control operator and the operator's manager the internal auditor should generally believe the manager

B.

Some audit issues may remain unremediated and unreported if management will accept recommendations that the internal auditor deems more important

C.

The internal auditor may initially disagree with management s acceptance of a risk, but reevaluate and agree with management’s judgment after further discussion

D.

When working on business unit audits it is sometimes sufficient for the internal auditor to report deficiencies only to the unit manager when remediation is not complex

Question 198

Which of the following statements relating to risk management is true?

Options:

A.

The high-level risk assessment performed during engagement planning is a detailed step-by-step analytical process

B.

External auditors must be engaged to evaluate the potential for fraud and how the organization manages fraud risk

C.

A lack of controls is acceptable if the risk is reduced to an acceptable level in some other way

D.

Internal auditors are responsible for managing the risks of the organization

Question 199

A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?

Options:

A.

Low-level audit expertise

B.

Narrow industry experience

C.

MPotential conflict of interest

D.

Weak interpersonal skills

Question 200

Regarding assurance and consulting services provided by the internal audit activity which of the following statements is correct?

Options:

A.

The nature and scope of a consulting engagement are determined by the internal audit activity based on its risk assessment

B.

The nature and scope of an assurance engagement are subject to agreement with management of the area under review

C.

Both assurance services and consulting services can be focused on controls or performance or both

D.

The assurance engagement process ends with reporting

Question 201

A new company’s risk management function is developing its cybersecurity risk management program Which of the following actions should be the first priority when developing the program?

Options:

A.

Start building a cybersecurity culture and set the desired behavior using a bottom-up approach

B.

Determine the cybersecurity framework that will establish and report on the effectiveness of the program

C.

Define the cybersecurity risk appetite and perform a cost-benefit analysis of the program

D.

Raise cybersecurity awareness across various departments outside of the IT department

Question 202

Which of the following characteristics is typical of the internal audit activity?

Options:

A.

Serves third parties that need reliable financial information from audit engagements

B.

Responds to the needs and desires of senior management and the board, but remains independent of areas under review

C.

Ensures the organization complies with laws and regulations in the area under review

D.

Is completely independent of senior management, the board and the area under review

Question 203

Which of the following preventative controls would be most effective for organizations facing business disruptions and respective financial losses?

Options:

A.

Develop a business continuity plan for contingent situations,

B.

Insure the organization against financial losses.

C.

Rely on third-party cloud solution providers for the organization's systems.

D.

Hedge company assets via purchasing derivatives.

Question 204

Which of the following parties would be responsible for ongoing monitoring of the organization's corporate social responsibility activities to reduce its carbon footprint?

Options:

A.

Chief audit executive

B.

Facility operation manager

C.

Public relations manager

D.

Regulatory agency

Question 205

Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?

Options:

A.

Reviewing journal entries for accuracy and completeness.

B.

Comparing the policies and procedures to regulatory collections guidance.

C.

Advising management on streamlining the recording of accounts receivable.

D.

Performing a walk-through of the debt collections process to determine whether proper segregation of duties exists

Question 206

The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?

Options:

A.

Audits of risk management and compliance functions should be overseen by a competent external assurance provider

B.

Audits of risk management and compliance functions should be overseen by a senior audit manager within the internal audit activity other than the CAE

C.

Audits of risk management and compliance functions should be conducted by internal auditors under the supervision of management from both functions

D.

Audits of risk management and compliance functions should be earned out by a team of the most experienced auditors overseen by the CAE

Question 207

According to IIA guidance, which of the following actions is a chief audit executive required to take with regard to reporting the results of the quality assurance and improvement program?

Options:

A.

Report external assessments upon completion of such assessments

B.

Report external assessments at least annually

C.

Report ongoing monitoring quarterly

D.

Report post-engagement reviews at least once every five years

Question 208

A global organization established a new internal audit activity and the recently hired chief audit executive needs to develop an internal audit manual for internal auditors Among the following policies in the manual, which would facilitate internal auditors in upholding their objectivity?

Options:

A.

Internal auditors shall attend professional workshops to refresh internal audit norms and concepts

B.

Internal auditors' performance is synchronized with satisfaction ratings given by audit clients

C.

Internal auditors take prior audit results into account when conducting current audit engagements

D.

Internal auditors observe the audit client’s expectations when scoping audit engagements

Question 209

Which of the following statements represents the most appropriate correlation between an organization's risk maturity and the internal audit activity’s consulting role in risk management processes?

Options:

A.

When an organization has a high level of risk maturity the internal audit activity is less likely to provide consulting services related to risk management

B.

When an organization has a low level of risk maturity, the internal audit activity is less likely to provide consulting services related to risk management

C.

When an organization has a high level of risk maturity the internal audit activity is more likely to provide consulting services related to risk management

D.

There is typically no correlation between an organization’s risk maturity and the extent to which the internal audit activity’s consulting role in risk management processes

Question 210

Which of the following best demonstrates conformance with the Standards regarding the internal audit activity's purpose authority, and responsibility?

Options:

A.

Discussion and formal presentation of the internal audit charter to the board of directors

B.

Certification by external auditors on the purpose, authority and responsibility of the internal audit activity

C.

Approval of senior management that the internal audit activity is functioning as originally designed

D.

Self-assessment of the internal audit activity completed by the chief audit executive

Question 211

Which of the following is a legitimate role for the internal audit activity in the organization's risk management process'?

Options:

A.

Championing the establishment of a risk management framework

B.

Creating and implementing new risk management processes

C.

Maintaining sole responsibility for risk management within the organization

D.

Setting the risk appetite of the organization

Question 212

Senior management relies on the professional judgment of an internal auditor and uses outcomes of her audit work to make business decisions Which of the following personal qualities displayed by the internal auditor is most likely the foundation for this relationship?

Options:

A.

Integrity

B.

Negotiation skills.

C.

Business acumen

D.

Flexibility

Question 213

Which of the following is an example of an entity-level control pertaining to the finance area of an organization'?

Options:

A.

Key account reconciliation such as bank reconciliation

B.

Segregation of duties between posting and reviewing journal entnes

C.

A signing authority matrix for spending approvals

D.

The establishment of a finance and audit committee

Question 214

After the final audit report was issued, the engagement supervisor received an expensive gift from management recognizing her assistance in improving the business, if the gift is accepted, which of the following would be true?

Options:

A.

The engagement supervisor violated The IIA's Code of Ethics principle of integrity.

B.

The engagement supervisor violated The IIA's Code of Ethics principle of objectivity.

C.

The engagement supervisor violated The IIA’s Code of Ethics principle of confidentiality.

D.

The engagement supervisor did not violate any principles of The IIA’s Code of Ethics.

Question 215

An automobile manufacturer will become one of the first in the industry to adopt a new inventory management software. Despite the system being new to the market, senior management believes that the benefits are great enough to offset the potential risks. Which of the following aspects of risk management does senior management’s decision best illustrate?

Options:

A.

Residual risk.

B.

Inherent risk.

C.

Risk tolerance.

D.

Risk appetite.

Question 216

An internal auditor extended the scope of testing for a disbursements engagement following a fraud risk assessment Despite the investment of additional audit resources no significant issues were found Unfortunately a major payment fraud was discovered several

months later According to IIA guidance which of the following statements is true regarding the internal auditor's application of due professional care?

Options:

A.

Due professional care was not applied because no additional work should have been performed unless there was actual evidence of fraud

B.

Due professional care was not applied because the extended scope resulted in no issues being identified, while fraud actually existed

C.

Due professional care was applied as the internal auditor modified the scope based on reasonable judgment, despite the additional cost of resources

D.

Due professional care was applied as the cost of audit resources should not be a determining factor in the degree of testing undertaken