New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > IIA > CIA Challenge Exam > IIA-ACCA

IIA-ACCA ACCA CIA Challenge Exam Question and Answers

Question # 4

A new internal audit activity is creating its first charter. According to IIA guidance, which of the following objectives would be appropriate for inclusion in the charter?

A.

Continuously monitor the organization's overall risk activities in relation to its risk appetite.

B.

Evaluate the adequacy and effectiveness of the organization's governance activities.

C.

Oversee the establishment and administration of an effective risk management program.

D.

Assist management in implementing recommended control improvements.

Full Access
Question # 5

According to The MA Global Internal Audit Competency Framework, which of the following areas of training would best assist the internal audit activity in improving its use of tools and techniques?

A.

Negotiation and conflict resolution.

B.

Project management.

C.

Financial accounting.

D.

Ethics and fraud.

Full Access
Question # 6

According to IIA guidance, which of the following statements about working papers is false?

A.

They assist in the implementation of recommendations.

B.

They provide support for communication to third parties.

C.

They demonstrate compliance with auditing standards.

D.

They contribute to development of the internal audit staff.

Full Access
Question # 7

According to the International Professional Practices Framework, which of the following are allowable activities for an internal auditor?

1. Advocating the establishment of a risk management function.

2. Identifying and evaluating significant risk exposures during audit engagements.

3. Developing a risk response for the organization if there is no chief risk officer.

4. Benchmarking risk management activities with other organizations.

5. Documenting risk mitigation strategies and techniques.

A.

4 and 5 only.

B.

1.2, and 3 only.

C.

1.2. 4. and 5 only.

D.

2. 3. 4. and 5 only.

Full Access
Question # 8

Which of the following control methods is effective in reducing the risk of purchasing-scheme fraud?

1. Periodically reviewing the vendor list for unusual vendors and addresses.

2. Segregating duties for amount purchasing, receiving, shipping, and accounting.

3. Validating sequential integrity of purchase orders.

4. Verifying the validity of invoices with post office box addresses.

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4 only

D.

1, 2, 3, and 4

Full Access
Question # 9

Which of the following control activities is the most effective to ensure users' levels of access are appropriate for their current roles?

A.

The human resources department generates a monthly list of terminated and transferred employees and requests IT to update the user access as required.

B.

Standardized user access profiles are developed and the appropriate access profiles are automatically assigned to new or transferred employees.

C.

System administrator rights are assigned to one user in each department who can update user access of terminated or transferred employees immediately.

D.

Department managers are required to perform periodic user access reviews of relevant systems and applications.

Full Access
Question # 10

An internal audit activity is using the auditing-by-element approach to audit the organization's controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?

A.

Working conditions.

B.

Employees' families.

C.

Marketplace competition.

D.

Shareholders and investors.

Full Access
Question # 11

An assurance mapping exercise helps an organization do which of the following?

1. Provide assurance to stakeholders that risks are managed and reported, and regulatory and legal obligations are met.

2. Fulfill best practices in the industry.

3. Identify and address any gaps in the risk management process.

4. Identify fraud.

A.

1 and 4.

B.

1 and 3.

C.

2 and 3.

D.

3 and 4.

Full Access
Question # 12

Which of the following is an example of a risk avoidance strategy?

A.

Hedging against exchange rate variations.

B.

Limiting access to an organization's data center.

C.

Selling a nonstrategic business unit.

D.

Outsourcing a high-risk activity.

Full Access
Question # 13

An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

A.

Preventive controls.

B.

Detective controls.

C.

Soft controls.

D.

Directive controls.

Full Access
Question # 14

Non-statistical sampling does not require which of the following?

A.

The sample to be representative of the population.

B.

The sample to be selected haphazardly.

C.

A smaller sample size than if selected using statistical sampling.

D.

Projecting the results to the population.

Full Access
Question # 15

As a matter of policy, the chief audit executive routinely rotates internal audit staff assignments and periodically interviews the staff to discuss the potential for conflicts of interest. These actions help fulfill which of the following internal audit mandates?

A.

Organizational independence.

B.

Professional objectivity.

C.

Due professional care.

D.

Individual proficiency.

Full Access
Question # 16

According to IIA guidance, which of the following roles would be appropriate for an internal auditor regarding fraud risk?

1. Identification.

2. Mitigation.

3. Remediation.

4. Reduction.

A.

1 only. |

B.

1 and 4 only.

C.

1, 3, and 4 only.

D.

1,2, 3, and 4.

Full Access
Question # 17

Which of the following options is the most cost-effective and efficient way for internal auditors to keep current with the latest developments in the internal audit profession?

A.

Attending annual professional conferences and seminars.

B.

Participating in on-the-job training in various departments of the organization.

C.

Pursuing as many professional certifications as possible.

D.

Maintaining membership in The HA and similar professional organizations and subscribing to relevant email updates or news feeds.

Full Access
Question # 18

Which of the following is true regarding the use of a formal risk management framework?

1. It facilitates a methodical approach to risk mitigation.

2. It defines and standardizes the terminology used in risk communication.

3. It establishes the risk tolerance levels to be accommodated in the strategy.

4. It facilitates the alignment of risk mitigation strategies with management priorities.

A.

1.2, and 3.

B.

1,2, and 4.

C.

1.3, and 4.

D.

2. 3, and 4.

Full Access
Question # 19

Forty-five percent of an organization's customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates $1.25 million customer payments due during the contract period.

Which of the following represents the organization's residual risk for online customer payments due?

A.

$11, 250

B.

$25, 000

C.

$33, 750

D.

$45, 000

Full Access
Question # 20

According to IIA guidance, which of the following scenarios demonstrates an internal auditor exercising due professional care?

When auditing investments, the auditor identified instruments with which he was unfamiliar. He decided not to select that type of investment in his sample, as he did not have the knowledge needed to A. perform a proper assessment.

B. An auditor was reviewing inventory counts conducted by the warehouse staff. One truck containing an immaterial amount of inventory was off-site and wasn't verified by the auditor.

C. An auditor visited a plant that produces a significant portion of the organization's inventory. The day he arrived, the plant manager was out sick, so the auditor issued the report without interviewing the manager.

D. An auditor in charge needed to have testing completed by the end of the month, but was behind schedule. He identified a junior auditor to conduct the work for him on a complex area of the organization.

Full Access
Question # 21

Which of the following is considered a violation of The IIA's Code of Ethics?

A.

An auditor conveys public information about an organization's financial condition.

B.

An auditor reports a manager's illegal activity to senior management, rather than reporting the incident to the appropriate external authority.

C.

An auditor receives allegations of fraud from a whistleblower and immediately reports the allegations to senior management.

D.

An auditor reports material deficiencies, despite the fact that management is already aware of the defects.

Full Access
Question # 22

Which of the following enhances the independence of the internal audit activity?

A.

The chief audit executive (CAE) approves the annual internal audit plan.

B.

The CAE administratively reports to the board.

C.

The audit committee approves the CAE's annual salary increase.

D.

The chief executive officer approves the internal audit charter.

Full Access
Question # 23

The internal audit activity is planning a procurement audit and needs to obtain a thorough understanding of the subcontracting process, which can involve multiple individuals in multiple countries.

Which of the following internal audit tools would be most effective to document the process and the key controls?

A.

Internal control checklist.

B.

Procurement employee survey.

C.

Cross-functional flow chart.

D.

Segregation of duties matrix.

Full Access
Question # 24

An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank's IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?

A.

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

B.

Not allow the audit manager to hire the contractor, as it would be a conflict of interest.

C.

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

D.

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

Full Access
Question # 25

According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor's need for objectivity?

A.

An internal auditor assessed the effectiveness of controls over payroll software, which he had helped implement with a previous employer.

B.

An internal auditor participated in an audit of controls around absenteeism, despite providing some consultation on controls in this area earlier in the year.

C.

An internal auditor performed an assurance engagement for the effectiveness of accounts payable access controls, one of which he previously helped to design.

D.

An internal auditor, previously employed in the quality assurance operations area, performed a consulting engagement for the operations manager.

Full Access
Question # 26

An organization is facing a financial downturn and needs to impose major budget reductions to all departments. According to MA guidance, which of the following actions is most appropriate for the board to take to evaluate the potential impact on the internal audit activity?

A.

Ask management to determine which internal audit engagements are lower risk and could be considered for removal from the annual audit plan.

B.

Ask appropriate stakeholders for their opinion on the potential impacts of reducing the scope of the internal audit plan.

C.

Ask the chief audit executive to determine whether budgetary limitations impede the ability of the internal audit activity to execute its responsibilities.

D.

Ask The human resources department to determine how the annual compensation and salary of the audit staff could be adjusted to achieve savings.

Full Access
Question # 27

Sometimes, internal audit staff may partner with operating managers to rank risks. Which of the following outcomes may be the most beneficial aspects of this strategy?

1. Reappraising risks levels.

2. Providing accurate information to management.

3. Marketing the internal audit activity.

4. Planning safeguards for assets in high-risk areas.

A.

1 and 2.

B.

1 and 3.

C.

2 and 3.

D.

3 and 4.

Full Access
Question # 28

Which of the following is true regarding the COSO enterprise risk management framework?

A.

The framework categorizes an organization's objectives to distinct, non overlapping objectives.

B.

Control environment is one of the framework's eight components.

C.

The framework facilitates effective risk management, even if objectives have not been established.

D.

The framework integrates with, but is not dependent upon, the corresponding internal control framework.

Full Access
Question # 29

Which of the following characteristics is most important specifically for a global manager to possess in order to be successful?

A.

Knowledge of different languages.

B.

Understanding of uncertainty avoidance differences

C.

Emotional intelligence

D.

Cultural intelligence

Full Access
Question # 30

Which is the least effective form of risk management?

A.

Systems-based preventive control.

B.

People-based preventive control.

C.

Systems-based detective control.

D.

People-based detective control.

Full Access
Question # 31

Which of the following principles is shared by both hierarchical and open organizational structures?

1. A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions

2. A supervisor's span of control should not exceed seven subordinates

3. Responsibility should be accompanied by adequate authority

4. Employees at all levels should be empowered to make decisions.

A.

1 and 3 only.

B.

1 and 4 only.

C.

2 and 3 only

D.

3 and 4 only.

Full Access
Question # 32

An organization is considering the outsourcing of its business processes related to payroll and information technology functions. Which of the following is the most significant area of concern for management regarding this proposed agreement?

A.

Ensuring that payments to the vendor are appropriate and timely for the services delivered.

B.

Ensuring that the vendor has complete management control of the outsourced process.

C.

Ensuring that there are means of monitoring the efficiency of the outsourced process.

D.

Ensuring that there are means of monitoring the effectiveness of the outsourced process.

Full Access
Question # 33

Which of the following examples demonstrates that the internal audit activity uses descriptive analytics in its engagements?

A.

An internal auditor analyzed electricity production and sales interim reports and compiled a risk assessment.

B.

An internal auditor extracted sales data to a spreadsheet and applied judgmental analysis for sampling.

C.

An internal auditor classified solar panel sales by region and discovered unsuccessful sales representatives.

D.

An internal auditor broke down a complex process into smaller pieces to make it more understandable.

Full Access
Question # 34

Which of the following statements are true regarding the use of heat maps as risk assessment tools?

1. They focus primarily on known risks, limiting the ability to identify new risks.

2. They rely heavily on objective assessments and related risk tolerances.

3. They are too complex to provide an easily understandable view of key risks.

4. They are helpful but limited in value in a rapidly changing environment.

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Full Access
Question # 35

Which of the following stages of contracting focuses on aligning the markets with objectives of the organization?

A.

Initiation stage

B.

Bidding stage

C.

Development stage

D.

Negotiation stage

Full Access
Question # 36

Which of the following statements is true regarding the resolution of interpersonal conflict?

A.

Unrealized expectations can be avoided with open and honest discussion.

B.

Reorganization would probably not help ambiguous or overlapping jurisdictions.

C.

Deferring action should be used until there is sufficient time to fully deal with the issue.

D.

Timely and unambiguous clarification of roles and responsibilities will eliminate most interpersonal conflict.

Full Access
Question # 37

When auditing an application change control process, which of the following procedures should be included in the scope of the audit?

1. Ensure system change requests are formally initiated, documented, and approved.

2. Ensure processes are in place to prevent emergency changes from taking place.

3. Ensure changes are adequately tested before being placed into the production environment.

4. Evaluate whether the procedures for program change management are adequate.

A.

1 only

B.

1 and 3 only

C.

2 and 4 only

D.

1, 3, and 4 only

Full Access
Question # 38

During which phase of disaster recovery planning should an organization identify the business units, assets, and systems that are critical to continuing an acceptable level of operations?

A.

Scope and initiation phase.

B.

Business impact analysis.

C.

Plan development.

D.

Testing.

Full Access
Question # 39

Refer to the exhibit.

A company's financial balance sheet is presented below:

The company has net working capital of:

A.

$160

B.

$210

C.

$350

D.

$490

Full Access
Question # 40

For an engineering department with a total quality management program, important elements of quality management include all of the following except:

A.

Basing performance evaluations on the number of projects completed.

B.

Comparing results with those of other engineering departments.

C.

Creating a quality council within the engineering department.

D.

Conducting post-project surveys on performance.

Full Access
Question # 41

Data encryption is an example of which of the following controls?

A.

Application control.

B.

IT general control

C.

Data input control

D.

Data output control

Full Access
Question # 42

According to IIA guidance, which of the following steps are most important for an internal auditor to perform when evaluating an organization's social and environmental impact on the local community?

  • Determine whether previous incidents have been reported, managed, and resolved.
  • Determine whether a business contingency plan exists.
  • Determine the extent of transparency in reporting.
  • Determine whether a cost/benefit analysis was performed for all related projects.

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Full Access
Question # 43

Which of the following is a primary objective of the theory of constraints?

A.

Full or near capacity in processes.

B.

Smooth workflow among processes.

C.

Few or no defects.

D.

Lowered inventory levels.

Full Access
Question # 44

Which of the following is false with regard to Internet connection firewalls?

A.

Firewalls can protect against computer viruses.

B.

Firewalls monitor attacks from the Internet.

C.

Firewalls provide network administrators tools to retaliate against hackers.

D.

Firewalls may be software-based or hardware-based.

Full Access
Question # 45

An internal auditor performed a review of IT outsourcing and found that the service provider was failing to meet the terms of the service level agreement. Which of the following approaches is most appropriate to address this concern?

A.

The organization should review the skill requirements and ensure that the service provider is maintaining sufficient expertise and retaining skilled resources.

B.

The organization should proactively monitor the performance of the service provider, escalate concerns, and use penalty clauses in the contract where necessary.

C.

The organization should ensure that there is a clear management communication strategy and path for evaluating and reporting on all outsourced services concerns.

D.

The organization should work with the service provider to review the current agreement and expectations relating to objectives, processes, and overall performance.

Full Access
Question # 46

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation.

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Full Access
Question # 47

An employee frequently uses a personal smart device to send and receive work-related emails. Which of the following controls would be most effective to mitigate security risks related to these transmissions?

A.

Hardware encryption.

B.

Software encryption

C.

Data encryption.

D.

Authentication.

Full Access
Question # 48

Which of the following factors is considered a disadvantage of vertical integration?

A.

It may reduce the flexibility to change partners.

B.

It may not reduce the bargaining power of suppliers.

C.

It may limit the organization's ability to differentiate the product.

D.

It may lead to limited control of proprietary knowledge.

Full Access
Question # 49

When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?

A.

Direct product costs

B.

Indirect product costs

C.

Direct period costs

D.

Indirect period costs.

Full Access
Question # 50

Which of the following budgets must be prepared first?

A.

Cash budget.

B.

Production budget.

C.

Sales budget.

D.

Selling and administrative expenses budget.

Full Access
Question # 51

Which of the following most accurately describes the purpose of application authentication controls?

A.

To ensure that data input into business applications is valid, complete, and accurate.

B.

To prevent or detect errors in data processed using business applications.

C.

To ensure that business applications are protected from unauthorized logical access.

D.

To ensure the validity, accuracy, and completeness of outputs from business applications.

Full Access
Question # 52

Which of the following steps should an internal auditor take during an audit of an organization's business continuity plans?

1. Evaluate the business continuity plans for adequacy and currency.

2. Prepare a business impact analysis regarding the loss of critical business.

3. Identify key personnel who will be required to implement the plans.

4. Identify and prioritize the resources required to support critical business processes.

A.

1 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Full Access
Question # 53

The percentage of sales method, rather than the percentage of receivables method, would be used to estimate uncollectible accounts if an organization seeks to:

A.

Use an aging schedule to more closely estimate uncollectible accounts.

B.

Eliminate the need for an allowance for doubtful accounts.

C.

Emphasize the accuracy of the net realizable value of the receivables on the balance sheet.

D.

Use a method that approximates the matching principle.

Full Access
Question # 54

A chief audit executive (CAE) was asked to participate in the selection of an external auditor. Which of the following would not be a typical responsibility for the CAE?

A.

Evaluate the proposed external auditor fee.

B.

Recommend criteria to be used in the selection process.

C.

Develop appropriate performance metrics.

D.

Monitor the work of the external auditors.

Full Access
Question # 55

Within an enterprise, IT governance relates to the:

1. Alignment between the enterprise's IT long term plan and the organization's objectives.

2. Organizational structures of the company that are designed to ensure that IT supports the organization's strategies and objectives.

3. Operational plans established to support the IT strategies and objectives.

4. Role of the company's leadership in ensuring IT supports the organization's strategies and objectives.

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4 only

D.

2, 3, and 4 only

Full Access
Question # 56

In order to provide useful information for an organization's risk management decisions, which of the following factors is least important to assess?

A.

The underlying causes of the risk.

B.

The impact of the risk on the organization's objectives.

C.

The risk levels of current and future events.

D.

The potential for eliminating risk factors.

Full Access
Question # 57

Which of the following is the best example of a compliance risk that is likely to arise when adopting a bring-your-own-device (BYOD) policy?

A.

The risk that users try to bypass controls and do not install required software updates.

B.

The risk that smart devices can be lost or stolen due to their mobile nature.

C.

The risk that an organization intrusively monitors personal information stored on smart devices.

D.

The risk that proprietary information is not deleted from the device when an employee leaves.

Full Access
Question # 58

The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?

• The annual audit plan should include audits that are consistent with the skills of the IAA.

• Audits of high-risk areas of the organization should be conducted by internal audit staff.

• External resources may be hired to provide subject-matter expertise but should be supervised.

• Auditors should develop their skills by being assigned to complex audits for learning opportunities.

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Full Access
Question # 59

Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's board?

1. Intervening during an audit involving ethical wrongdoing.

2. Discussing periodic reports of ethical breaches.

3. Authorizing an investigation of an unsafe product.

4. Negotiating a settlement of an employee claim for personal damages.

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Full Access
Question # 60

After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?

A.

The CAE should send the final report to operational and senior management and the audit committee.

B.

The CAE should send the final report to operational management only, as there is no need to communicate this information to higher levels.

C.

The CAE should notify operational and senior management that the audit engagement was completed with no significant findings to report.

D.

The CAE should send the final report to operational management and notify senior management and the audit committee that no significant findings were identified.

Full Access
Question # 61

The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?

1. Use an external service provider.

2. Conduct a self-assessment with independent validation.

3. Arrange for a review by qualified employees outside of the IAA.

4. Arrange for reciprocal peer review with another CAE.

A.

1 and 2

B.

2 and 4

C.

1, 2, and 3

D.

2, 3, and 4

Full Access
Question # 62

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

A.

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

B.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

C.

Reassign information systems auditors to assist in implementing management's action plan.

D.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

Full Access
Question # 63

An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?

A.

Express an opinion on the participants' inputs and conclusions as the assessment progresses.

B.

Provide appropriate techniques and guidelines on how the exercise should be undertaken.

C.

Evaluate and report on all issues that may be uncovered during the exercise.

D.

Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.

Full Access
Question # 64

A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?

A.

Integrity.

B.

Flexibility.

C.

Initiative.

D.

Curiosity.

Full Access
Question # 65

Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?

A.

Strategic plans reflect the organization's business objectives and overall attitude toward risk.

B.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.

Strategic plans are likely to show areas of weak financial controls.

D.

The strategic plan is a relatively stable document on which to base audit planning.

Full Access
Question # 66

Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?

A.

To help develop process maps.

B.

To determine segregation of duties.

C.

To identify residual risks.

D.

To test the adequacy of controls.

Full Access
Question # 67

Which of the following conditions are necessary for successful change management?

1. Decisions and necessary actions are taken promptly.

2. The traditions of the organization are respected.

3. Changes result in improvement or reform.

4. Internal and external communications are controlled.

A.

1 and 2

B.

1 and 3

C.

2 and 3

D.

2 and 4

Full Access
Question # 68

Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?

A.

Verify that amounts are correct.

B.

Verify that payments are on time.

C.

Verify that recipients are valid employees.

D.

Verify that benefits deductions are accurate.

Full Access
Question # 69

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

A.

The corporate risk register.

B.

The strategic plan.

C.

Internal and external audit reports.

D.

The board's meeting records.

Full Access
Question # 70

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Full Access
Question # 71

For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?

A.

Independently evaluating conflicts of interests.

B.

Assessing contracts for relevant terms and conditions.

C.

Performing statistical analysis for data anomalies.

D.

Preparing evidentiary documentation.

Full Access
Question # 72

An organization's internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?

1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.

2. The AIC should notify HR management before the planning stage begins.

3. The AIC should schedule formal status meetings with HR management at the start of the engagement.

4. The AIC should finalize the scope of the engagement before communicating with HR management.

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Full Access
Question # 73

When forming an opinion on the adequacy of management's systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?

• During an audit of the hiring process in a law firm, it was discovered that potential employees' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.

• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.

• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.

• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Full Access
Question # 74

Which of the following situations would justify the removal of a finding from the final audit report?

A.

Management disagrees with the report findings and conclusions in their responses.

B.

Management has already satisfactorily completed the recommended corrective action.

C.

Management has provided additional information that contradicts the findings.

D.

Management believes that the finding is insignificant and unfairly included in the report.

Full Access
Question # 75

It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?

A.

The internal audit risk assessment and audit plan for the next fiscal year.

B.

The internal audit budget and resource plan for the coming fiscal year.

C.

A request for an increase of the CAE's salary for the next fiscal year.

D.

The evaluation and compensation of the internal audit team.

Full Access
Question # 76

Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?

1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.

2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.

3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.

4. Communicate to senior management a summary report on the status and adequacy of audit resources.

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 4

D.

2, 3, and 4

Full Access
Question # 77

A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?

A.

Operational management, because they are responsible for the day-to-day management of the operational risks.

B.

The CRO, because he is responsible for coordinating and project managing risk activities based on his specialized skills and knowledge.

C.

The chief audit executive, although he is not accountable for risk management in the organization.

D.

The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed tolerance limits set by the board.

Full Access
Question # 78

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

A.

Acts that may endanger the health or safety of individuals.

B.

Acts that favor one party to the detriment of another.

C.

Acts that damage or have an adverse effect on the environment.

D.

Acts that conceal inappropriate activities in the organization.

Full Access
Question # 79

According to IIA guidance,which of the following is true about the supervising internal auditor's review notes?

• They are discussed with management prior to finalizing the audit.

• They may be discarded after working papers are amended as appropriate.

• They are created by the auditor to support her fieldwork in case of questions.

• They are not required to support observations issued in the audit report.

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Full Access
Question # 80

An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 81

Which of the following components should be included in an audit finding?

1. The scope of the audit.

2. The standard(s) used by the auditor to make the evaluation.

3. The engagement's objectives.

4. The factual evidence that the internal auditor found in the course of the examination.

A.

1 and 2

B.

1 and 3 only

C.

2 and 4

D.

1, 3, and 4

Full Access
Question # 82

Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?

A.

Advance notice may result in management making corrections to reduce the number of potential deficiencies.

B.

Previous management action plans addressing prior internal audit recommendations remain incomplete.

C.

The engagement includes audit assurance procedures such as sensitive or restricted asset verifications.

D.

The audit engagement has already been communicated and approved through the annual audit plan.

Full Access
Question # 83

While conducting an audit of a third party's Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?

1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.

2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.

3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.

4. Submit management's plan of action to the external auditors for additional review.

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Full Access
Question # 84

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

A.

Recommend additional segregation-of-duty reviews.

B.

Recommend appropriate awareness training for all finance department staff.

C.

Recommend rotating finance staff in this area.

D.

Recommend that management address these concerns immediately.

Full Access
Question # 85

According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?

A.

The employee’s name listed on organization’s payroll is compared to the personnel records.

B.

Payroll time sheets are reviewed and approved by the timekeeper before processing.

C.

Employee access to the payroll database is deactivated immediately upon termination.

D.

Changes to payroll are validated by the personnel department before being processed.

Full Access
Question # 86

Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?

A.

To evaluate controls regarding the computer security of an oil refinery.

B.

To examine the processes involved in exploring, developing, and operating a gold mine.

C.

To assess the likelihood and impact of events associated with operating a finished goods warehouse.

D.

To link a financial institution's business objectives to a work unit responsible for the associated risk.

Full Access
Question # 87

An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?

A.

Conduct a joint brainstorming session with management.

B.

Ask the chief audit executive to mediate.

C.

Disclose the client's differing opinion in the final report.

D.

Escalate the issue to senior management for a decision.

Full Access
Question # 88

According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization's social responsibility program is effective?

A.

Senior management.

B.

Internal audit activity.

C.

All employees.

D.

Board of directors.

Full Access
Question # 89

According to IIA guidance, which of the following statements is true regarding periodic internal assessments of the internal audit activity?

A.

Internal assessments are conducted to benchmark the internal audit activity's performance against industry best practices.

B.

Internal assessments must be performed at least once every five years by a qualified assessor.

C.

An internal auditor may perform a peer review of a colleague's workpapers, as long as the auditor wasn't involved in the audit under review.

D.

Follow-up to ensure appropriate improvements are implemented is a recommended, but not mandatory, element of internal assessments.

Full Access
Question # 90

Which of the following professional development approaches would offer internal auditors the most opportunities to broaden their engagement experiences?

A.

Assign more experienced internal auditors to mentor the less experienced auditors.

B.

Send internal auditors to external trainings in advanced internal audit topics.

C.

Appraise internal auditors' performance and competencies at least annually and issue constructive feedback.

D.

Rotate internal auditors among different engagement assignments.

Full Access