New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

IIA-CIA-Part1 Essentials of Internal Auditing Questions and Answers

Questions 4

Which of the following specifications in an internal audit charter is the most important factor in the internal audit activity’s independence?

Options:

A.

Description of internal audit activity's responsibilities

B.

Definition of internal auditing

C.

Statement of internal audit activity's authority

D.

Description of internal audit activity's reporting structure

Buy Now
Questions 5

An automobile manufacturer will become one of the first in the industry to adopt a new inventory management software. Despite the system being new to the market, senior management believes that the benefits are great enough to offset the potential risks. Which of the following aspects of risk management does senior management’s decision best illustrate?

Options:

A.

Residual risk.

B.

Inherent risk.

C.

Risk tolerance.

D.

Risk appetite.

Buy Now
Questions 6

Senior management purchased surveillance cameras and installed them over a door that provides entry to an area where according to a recent internal audit report, hazardous materials exist and there is a high risk of explosion Which type of control was implemented in this situation?

Options:

A.

A corrective control

B.

A detective control

C.

A preventive control

D.

A directive control

Buy Now
Questions 7

Which of the following disclosures must the chief audit executive (CAE) include when communicating the results of the quality assurance and improvement program to senior management and the board?

Options:

A.

Authority and responsibility of the internal audit activity

B.

Hours and sources of continuing professional education

C.

Scope and frequency of both the internal and external assessments

D.

independence and objectivity impairments of the CAE

Buy Now
Questions 8

An internal auditor was assigned to work in the procurement department for six months to gam m-depth knowledge about the procurement process. Which of the following personnel development practices was applied in this situation?

Options:

A.

Cosourcing

B.

Inbound rotation

C.

Guest auditor

D.

Outbound rotation

Buy Now
Questions 9

Which of the following fraud schemes is often an off-book fraud*?

Options:

A.

Payroll fraud

B.

Disbursement fraud

C.

Corruption

D.

Information misrepresentation

Buy Now
Questions 10

Which of the following best describes the board’s role in establishing effective organizational governance?

Options:

A.

The board is involved in approving operational policy

B.

The board monitors key processes and procedures

C.

The board has oversight responsibility for organizational resources

D.

The board approves management's detailed plans and objectives

Buy Now
Questions 11

According to NA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?

Options:

A.

Developing policies and procedures for the internal audit activity.

B.

Ensuring the internal audit activity is not found fallible during audit engagements.

C.

Undertaking all engagements that management requests of the internal audit activity.

D.

Ensuring the internal audit activity reports functionally to the board of directors.

Buy Now
Questions 12

Which of the following is most likely to impair the organizational independence of the internal audit activity?

Options:

A.

The chief audit executive (CAE) reports administratively to the chief financial officer.

B.

The CAE oversees the effectiveness of the organization’s risk management function.

C.

The CAE reports functionally to the CEO.

D.

The CAE managed the finance department for the past five years.

Buy Now
Questions 13

Which of the following would be included in quality assurance and improvement program (QAIP) reporting?

Options:

A.

Descriptions of standardized work practices.

B.

Outcomes of internal audit key performance indicators.

C.

Conformance of individual engagements with the Standards,

D.

Annual summaries of consulting and audit engagements.

Buy Now
Questions 14

A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?

Options:

A.

Low-level audit expertise

B.

Narrow industry experience

C.

MPotential conflict of interest

D.

Weak interpersonal skills

Buy Now
Questions 15

Which of the following actions should an organization take to detect an emerging risk of potential fraud?

Options:

A.

Adopt reward and recognition programs that promote good behaviors

B.

Undertake background checks for new employees as part of the hiring process

C.

Establish an anonymous platform for reporting suspected unethical behaviors

D.

Institute periodic educational training on expected ethical behaviors

Buy Now
Questions 16

Which of the following statements represents the most appropriate correlation between an organization's risk maturity and the internal audit activity’s consulting role in risk management processes?

Options:

A.

When an organization has a high level of risk maturity the internal audit activity is less likely to provide consulting services related to risk management

B.

When an organization has a low level of risk maturity, the internal audit activity is less likely to provide consulting services related to risk management

C.

When an organization has a high level of risk maturity the internal audit activity is more likely to provide consulting services related to risk management

D.

There is typically no correlation between an organization’s risk maturity and the extent to which the internal audit activity’s consulting role in risk management processes

Buy Now
Questions 17

Which of the following activities would an internal auditor perform as a consulting engagement for an organization?

Options:

A.

Advising new internal auditors working for the organization on how to develop strategies on planning audits for the upcoming fiscal year

B.

Assessing whether the organization's corporate social responsibility program is meeting its yearly goals to reduce carbon emissions.

C.

Briefing the organization's department managers on how to implement risk management processes into their daily operations.

D.

Communicating with senior management to better understand how new purchasing controls will minimize payment processing time.

Buy Now
Questions 18

Which of the following activities best ensures that internal auditors grow professionally in alignment with current industry trends to meet the expectations of primary stakeholders?

Options:

A.

Deploying self-assessments against a competency benchmark.

B.

Acquiring memberships in professional organizations.

C.

Developing professional succession plans.

D.

Obtaining subscriptions to professional journals in their area of interest.

Buy Now
Questions 19

According to the Standards, which of the following demonstrates the proficiency of an internal auditor?

Options:

A.

Each internal auditor must hold one or more certifications in the area of fraud and seek out continuing professional development related to fraud detection and fraud investigation.

B.

Each internal auditor must have sufficient knowledge of IT risks and controls, and be able to evaluate the risk of fraud and the manner in which it is managed by the organization.

C.

Each internal auditor on the engagement team must possess the same level of knowledge, skills, and other competencies as other auditors on the engagement team.

D.

Each internal auditor must be paired, by the chief audit executive, with an individual who possesses the knowledge, skills, or other competencies required to complete the audit.

Buy Now
Questions 20

An organization sells products through distributors. The organization's chief audit executive insists that the organization's code of conduct be applicable to their distributors as well. Which of the following risks would this mitigate?

Options:

A.

Business continuity

B.

Market manipulation

C.

intellectual property leakage

D.

Reputational damage

Buy Now
Questions 21

Which of the following threatens internal audit objectivity'?

Options:

A.

Internal auditors are expected by senior management to identify a minimum of five major control weaknesses in each area audited

B.

Internal auditors are prevented from accessing information necessary to undertake their audit engagements

C.

The chief audit executive reports directly to the chief financial officer who previously led the internal audit activity

D.

The CEO requests the internal audit activity develop a charter that clearly delineates its purpose and responsibilities within the organization

Buy Now
Questions 22

According to IIA guidance, which of the following activities would typically be examined when using the maturity model approach for assessing an organization's risk management program?

Options:

A.

Monitor and review

B.

Performance measurement.

C.

Setting the context.

D.

Communication.

Buy Now
Questions 23

According to IIA guidance, the nature and scope of assurance and consulting services to be offered must be clearly delineated in which of the following internal audit documents?

Options:

A.

The internal audit policies and procedures handbook.

B.

The internal audit charter.

C.

The internal audit mission statement.

D.

Each internal audit engagement letter.

Buy Now
Questions 24

A manufacturer of power tools is experiencing regular fluctuations in the price of electrical power which is having a serious impact on the bottom line. Which of the following would be the most effective risk strategy to reduce the impact of these fluctuations?

Options:

A.

Use an average cost for power to smooth the bottom line.

B.

Analyze the amount of power used to produce each power tool.

C.

Review the current process to identify opportunities to reduce power usage.

D.

Use a forward contract for bulk power purchases

Buy Now
Questions 25

Which of the following indicates an appropriate disclosure of a potential nonconformance with the Standards?

Options:

A.

An external assessment of the internal audit activity was last performed six years ago.

B.

The internal audit activity has been in existence for four years but has not performed an external assessment.

C.

An internal assessment is not performed every year.

D.

The internal audit activity has been in existence for two years and has documented only an internal assessment.

Buy Now
Questions 26

According to the Standards, which of the following is a requirement for internal audit professional development plans?

Options:

A.

Plans must include a path to certification so that each internal auditor has a certification in auditing finances.

B.

Plans must ensure that staff development activities are based primarily on the skills and competencies needed to complete the audit plan.

C.

Plans must include rotating audit areas so that auditors acquire business knowledge to be efficient in performing engagements.

D.

Plans must include rotating auditors out into business units for temporary assignments so they can obtain more business knowledge.

Buy Now
Questions 27

Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?

Options:

A.

Evaluating and suggesting improvements to the risk management process.

B.

Establishing the organization's risk appetite.

C.

Determining whether the risk attitude is aligned with shareholder interests.

D.

Ensuring an adequate risk management system is in place.

Buy Now
Questions 28

Considering the concepts of organization wide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?

Options:

A.

Transaction-level control.

B.

Management-oversight control.

C.

Governance control.

D.

Process-level control.

Buy Now
Questions 29

Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?

Options:

A.

Describe data analytics and the application of data analytics methods in internal auditing.

B.

Apply data analytics methods in internal auditing.

C.

Evaluate the use of data analytics in an internal audit.

D.

Understand the definition of data analytics only.

Buy Now
Questions 30

According to MA guidance, which of the following best describes how often the chief audit executive should review the quality assurance and improvement program of the internal audit activity?

Options:

A.

Whenever the business objectives of the organization change

B.

Just prior to an external assessment of the internal audit activity

C.

At the completion of each engagement.

D.

Progressively on a day-to-day basis

Buy Now
Questions 31

An internal audit of an organization's disbursement department revealed that multiple payments were made to legitimate vendors bearing fraudulent banking information belonging lo employees in the department. These vendors were initially set up with accurate banking information but were subsequently modified by disbursement officers with access to the vendor management system. Which of the following controls would have likely prevented the fraudulent modification of vendors' banking information?

Options:

A.

Management periodically reviews and verifies the information in the vendor master Tile.

B.

Management's approval is required for update to vendors' banking information.

C.

Management randomly audits a sample of payments to verify the accuracy of vendors' banking information.

D.

Management's approval is required before payments can be processed.

Buy Now
Questions 32

Anew internal auditor suspects fraud is taking place. Which action should the new auditor take?

Options:

A.

Collect relevant audit evidence and begin working with management of the area to investigate the fraud.

B.

Inform the chief audit executive and meet with the suspect to determine whether the person committed fraud.

C.

Document supporting information and recommend an investigation to the appropriate audit management.

D.

Evaluate existing controls and implement new procedures to mitigate the opportunity for fraud.

Buy Now
Questions 33

During fieldwork, an internal auditor located a significant internal control issue. Without identifying the origins of the issue, the auditor concluded the engagement and included the issue in the final audit report. To enhance audit quality, which of the following skills should the internal auditor improve?

Options:

A.

Business acumen.

B.

Critical thinking.

C.

Communication.

D.

Audit report writing.

Buy Now
Questions 34

The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization's automobiles. However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization s production process?

Options:

A.

A general web-based training on auditing manufacturing processes.

B.

Self-study courses on the industry's production practices

C.

Industry publications that discuss production methods

D.

A virtual meeting with management that explains the production of automobiles

Buy Now
Questions 35

The internal audit activity is asked to provide consulting services regarding the risks related to implementing a proposed new Inventory management system. Which of the following would be a key consideration of the internal audit activity in accepting this engagement?

Options:

A.

Ask the inventory manager to determine whether the work planned would be sufficient to meet the consulting engagement objectives.

B.

Ensure that the method used to communicate the results of the consulting engagement is consistent with the board's preferred method.

C.

Determine whether the benefits to be derived from the requested assessment would exceed the cost of providing the consulting service.

D.

Use email and telephone conversations to convey the results of the engagement, as these may prove to be the most efficient methods for communicating.

Buy Now
Questions 36

Which of the following best describes the risk created when a manager bypasses organizational policies and procedures in order to meet an organization’s objective?

Options:

A.

Accountability/reward risk.

B.

Monitoring failure risk.

C.

Communication failure risk.

D.

Knowledge/skills risk

Buy Now
Questions 37

Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?

Options:

A.

Determine the organization’s overall risk appetite.

B.

Establish a governance committee.

C.

Delegate authority to members of senior management.

D.

Identify key stakeholders and their expectations

Buy Now
Questions 38

As part of a fraud investigation by regulators, a court order was issued to a bank. The court order requested the chief audit executive (CAE) to provide access to a number of audit reports and workpapers, some of which included customers' confidential information such as transaction activity and other personal details. What is the appropriate response by the CAE?

Options:

A.

Reject the court order, citing a potential breach of customers' confidentiality agreement

B.

Consult with legal counsel to determine what information to provide.

C.

Respond promptly and provide all that was requested by the court order.

D.

Seek permission from customers prior to sharing their information.

Buy Now
Questions 39

Which of the following statements is true regarding internal controls?

Options:

A.

Strategic objectives are prerequisites to establishing internal controls.

B.

Internal controls eliminate process breakdowns caused by human errors.

C.

Well-established internal controls cannot be overridden.

D.

Robust internal controls ensure business success.

Buy Now
Questions 40

In which of the following scenarios would the internal auditor’s objectivity be best protected?

Options:

A.

A former human resources manager conducts an effectiveness review of the appointment and termination process six months after transferring to the internal audit activity.

B.

An accounts payable clerk assists the internal auditors during an effectiveness review of the physical access controls to the server room.

C.

An internal auditor writes the system manual for a newly acquired payroll software application prior to conducting an effectiveness review of the system.

D.

An internal auditor conducts an effectiveness review of an organization's business continuity plan in which his son is a minority stockholder.

Buy Now
Questions 41

Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?

Options:

A.

The risk of collusion between parties.

B.

The risk of falsified reconciliations.

C.

The risk of low-liquidity inventory.

D.

The risk of damages to the inventory.

Buy Now
Questions 42

According to IIA guidance, which of the following training methods is considered most effective in assisting new entry-level internal auditors in achieving competence with internal audit practices in the workplace?

Options:

A.

Pursuance of an internal audit certification.

B.

Enrollment in internal audit practice webinars.

C.

Attendance of internal audit workshops.

D.

Involvement in a variety of audit assignments.

Buy Now
Questions 43

According to NA guidance which of the following should be documented in the internal audit chatter?

Options:

A.

The risk assessment process applied by the internal audit activity

B.

The organization's internal control framework used by the internal audit activity

C.

The nature of consulting services provided by the internal audit activity

D.

The performance evaluation process used by the internal audit activity

Buy Now
Questions 44

Which of the following best describes a responsibility of the board of directors with regard to risk management throughout the organization?

Options:

A.

Monitor the organization's overall risk activities in relation to its risk appetite and other risk criteria.

B.

Guide the integration of risk management with other business planning and management activities.

C.

Review the portfolio of risk of the organization in relation to its risk appetite.

D.

Assume responsibility for the effectiveness and success of the risk management framework

Buy Now
Questions 45

According to IIA guidance, which of the following actions by a new chief audit executive would be most appropriate to gain an understanding of the current level of knowledge, skills, and competencies required by an internal audit activity to fulfill its responsibilities?

Options:

A.

Identify gaps in the activity’s proficiency, based on criteria defined by a widely accepted competency framework.

B.

Have a quality assessment review performed by an expert external entity.

C.

Identify a mature internal audit activity to serve as a benchmark for measuring the internal audit activity’s competence.

D.

Assess whether members of the internal audit activity understand and apply the 11As mandatory guidance.

Buy Now
Questions 46

Which of the following is considered to be a threat to the internal auditor's objectivity?

Options:

A.

The auditor drafted the operational procedures of the area that she is currently auditing.

B.

The auditor received a bonus that was approved by the board of directors.

C.

The assigned auditor recommended operational procedures for the organization.

D.

The assigned auditor rotated out of the same business activity three years ago

Buy Now
Questions 47

Which of the following scenarios best illustrates the concept of due professional care?

Options:

A.

After establishing engagement objectives and reviewing a process, the internal auditor assured process owners that all significant risk events were identified and tested using a systematic, disciplined approach.

B.

After conducting an audit based upon a predefined scope and objective, the internal auditor guaranteed management that the system of internal controls in an audited area operates effectively.

C.

As head of the internal audit activity, the chief audit executive reported functionally to the organization's board and administratively to senior management.

D.

As head of the internal audit activity, the chief audit executive ensures that engagement supervisors conduct post-engagement staff meetings.

Buy Now
Questions 48

Which of the following statements is true with regard to the quality assurance and improvement program (GAIP)?

Options:

A.

As the head of the organization, the CEO selects and appoints the external quality assessment team to perform the OAIP reviews.

B.

The chief audit executive determines the scope and frequency of both internal and external quality assessments based on the availability and capacity of resources in accordance with the annual internal audit plan.

C.

Minutes of meetings held with senior management and the board to discuss the scope and frequency of internal and external assessments support the OAIP reporting requirement.

D.

The internal audit activity needs to assess whether each engagement on the annual internal audit plan is conducted in conformance with the Standards.

Buy Now
Questions 49

Which of the following statements is the most appropriate for a chief audit executive to include in the internal audit policy manual in order to promote objectivity?

Options:

A.

Internal auditors may conduct a financial effectiveness engagement in a business unit at any point after being transferred from that area.

B.

Internal auditors may conclude that a business unit's current control environment is adequate and effective if the review of the prior year's workpapers and audit report supports that conclusion.

C.

Internal auditors may conduct an engagement in a business unit at any point after providing a training workshop in that area.

D.

Internal auditors should limit the scope of an engagement if they become aware of a potential impairment of their objectivity in order to reduce the potential impact of the impairment on the engagement results.

Buy Now
Questions 50

Which of the following would be the best choice for a continuing professional development requirement for a newly created internal audit activity?

Options:

A.

Require all internal auditors to create a training plan based on a competency self-assessment.

B.

Require internal auditors to complete all of their training through webinars, to increase efficiency and avoid traveling

C.

Require all internal auditors to become a member of The Institute of Internal Auditors.

D.

Require internal auditors to create a training plan based on their areas of interest

Buy Now
Questions 51

An internal audit activity is using the auditing-by-element approach to audit the organization's controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?

Options:

A.

Working conditions.

B.

Employees' families.

C.

Marketplace competition.

D.

Shareholders and investors

Buy Now
Questions 52

Senior management has requested that the internal audit activity review and amend policies where necessary when auditing the purchasing department. To which of the following would the chief audit executive most likely give primary consideration when responding to this request?

Options:

A.

Auditor competency.

B.

Internal audit independence.

C.

Auditor objectivity.

D.

Engagement scope.

Buy Now
Questions 53

According to MA guidance, which of the following gives the internal audit activity the authority to request supporting documentation for the invoices of a third-party service provider?

Options:

A.

The internal audit policy manual.

B.

The internal audit charter.

C.

The board of directors.

D.

The quality assurance and improvement program.

Buy Now
Questions 54

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently.

Which common characteristics of fraud will the practice and policy most likely reduce?

Options:

A.

Pressure or incentive.

B.

Opportunity.

C.

Rationalization.

D.

Commitment.

Buy Now
Questions 55

An audit engagement required that an internal auditor, using available tools, test a transaction population for a period The auditor decided to test a sample of transactions rather than the full population.

Results of the audit were reported as satisfactory to management. Subsequent to the audit report, fraud was discovered in the area audited and was found to include transactions that were in the relevant transaction population not tested by the auditor. The auditor later disclosed that he decided to test a sample because it was representative of the population and facilitated quicker testing. Which of the following skills below, if improved, would most likely have prevented this situation?

Options:

A.

Objectivity

B.

Critical thinking.

C.

Empathy.

D.

Communication

Buy Now
Questions 56

For a high-risk observation, which is the best approach to follow when management takes an aggressive, uncompromising position in opposition to the internal audit activity?

Options:

A.

The parties should work together to develop a mutually beneficial solution.

B.

The internal audit activity should share the observation with other business units to get their opinions.

C.

The internal audit activity should discuss with senior management, and if still not resolved, discuss with the board.

D.

The internal audit activity should accommodate management's position, since the relationship is more important than the fight.

Buy Now
Questions 57

Which of the following should play a leading role in overseeing ihe ethical atmosphere of an organization?

Options:

A.

Internal audit activity.

B.

Operating management.

C.

Senior management.

D.

Board of directors.

Buy Now
Questions 58

A chief audit executive (CAE) has been asked by the board to evaluate the effectiveness of ethical programs created by management. Which of the following would be the most appropriate action for the CAE to take?

Options:

A.

Compare the design of the organization's ethical programs with best practices.

B.

Verify that a code of conduct and related policies exist and are communicated.

C.

Use employee surveys to assess whether ethical programs are achieving desired outcomes.

D.

Compare the cost of the ethical programs with the achieved outcomes.

Buy Now
Questions 59

A risk assessment showed that the cost of addressing a particular risk in the organization's human resources department is greater than the perceived benefit. Which risk response approach should the organization take in this scenario?

Options:

A.

Reduce the risk.

B.

Transfer the risk.

C.

Accept the risk.

D.

Share the risk.

Buy Now
Questions 60

According to IIA guidance, which of the following is accurate regarding the chief audit executive's (CAE's) requirement to report the results of quality assessments?

1. The CAE must report the results of external assessments at least annually.

2. The CAE must report the results of ongoing monitoring at least annually.

3. The CAE must report the results of quality assessments to senior management.

4. The CAE must report the results of quality assessments to the board.

Options:

A.

1 and 3 only.

B.

2 and 4 only.

C.

1,2. and 3.

D.

2,3, and 4.

Buy Now
Questions 61

According to IIA guidance, which of the following statements is true of assurance services provided by the internal audit activity?

Options:

A.

Internal auditors cannot assess an operation for which they were responsible within the previous year.

B.

Management of the area under review must agree with the engagement objectives, scope, and techniques.

C.

The engagement results will vary in form and content depending upon the needs and wishes of the engagement client.

D.

The only parties involved in the engagement are the internal auditor and management of the area under review.

Buy Now
Questions 62

Which of the following best describes the role of internal control frameworks?

Options:

A.

They outline specific internal controls for an organization to implement to ensure business objectives will be achieved.

B.

They provide guidance related to internal control design and implementation to assist with the evaluation and benchmarking of business practices.

C.

They serve as a list of appropriate internal controls for auditors to ensure an organization is using best practices.

D.

They serve as a template for identifying standardized best practices in effective risk management across industries and countries.

Buy Now
Questions 63

Which of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

Options:

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system.

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed in the last year.

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistleblower hotline.

Buy Now
Questions 64

Which of the following would best preserve the organizational independence of the internal audit activity?

Options:

A.

The internal audit charter is approved by the chief audit executive (CAE).

B.

The CAE reports functionally to the CEO.

C.

The CAE's internal audit plan is endorsed by the board.

D.

The chief financial officer determines the appointment of the CAE.

Buy Now
Questions 65

Which statement is accurate regarding reporting on the quality assurance and improvement program (OAIP) to conform with the International Standards for the Professional Practice of Internal Auditing?

Options:

A.

The chief audit executive (CAE) should report all stages of the OAlP's development and key milestones.

B.

The CAE should report only corrective action plans that meet external assessor or stakeholder requirements.

C.

The CAE should establish the form and content of program communication so that it is in alignment with the internal audit activity charter.

D.

The CAE should disclose program details only after both internal and external assessments have been completed.

Buy Now
Questions 66

An existing Internal audit charter is currently under review for revision. Who is responsible for assuring that all required components are included?

Options:

A.

The audit committee.

B.

The head of legal and compliance.

C.

The chief audit executive.

D.

Senior management.

Buy Now
Questions 67

Which of the following factors are commonly assessed to determine the magnitude of risk events?

Options:

A.

Tolerance and appetite

B.

Inherent and residual risk

C.

Cost and benefit

D.

Impact and likelihood

Buy Now
Questions 68

A newly hired chief audit executive is reviewing available documentation to provide evidence of conformance with the standard for continuing professional development. Which of the following documents is the most reliable source for this purpose?

Options:

A.

The organization's training policy.

B.

A list of auditors who requested to attend the next audit conference.

C.

Self-assessments against an internally developed audit benchmark

D.

In house training manual

Buy Now
Questions 69

According to HA guidance, if an internal auditor suspects fraud during an assurance engagement, what should the auditor do first?

Options:

A.

Recommend parties involved to be sanctioned in accordance with the organization's policy.

B.

Determine whether any additional audit work needs to be performed.

C.

Launch an investigation to obtain details of the fraud and parties involved.

D.

Request that the responsible process owner remediate the issue immediately.

Buy Now
Questions 70

According to The IIA's Competency Framework, which competency is considered the mandatory minimum for internal auditors to possess when performing internal audit engagements?

Options:

A.

To recognize red flags that indicate fraud.

B.

To recommend controls to prevent fraud.

C.

To apply forensic auditing techniques to detect fraud.

D.

To evaluate the potential for fraud.

Buy Now
Questions 71

Once an organization's risks are identified, what would be the next step to ensure resources are properly allocated to manage those risks?

Options:

A.

Risk responses must be selected.

B.

Risks must be assessed.

C.

The risk universe must be established.

D.

Risk responses must be aligned.

Buy Now
Questions 72

According to IIA guidance, which policy, established by the chief audit executive, would most likely ensure internal audits are conducted with due professional care?

Options:

A.

The initial review of workpapers should be conducted after the final engagement report is issued.

B.

Independent internal assessments of the internal audit activity should be performed by entry-level staff as part of on-the-job training.

C.

Internal audit staff should be informed regularly of changes to policies and procedures.

D.

Training documents should be destroyed at the end of the year to create space for the next year's training documents.

Buy Now
Questions 73

The head of human resources notified the internal audit activity that a key account manager was fired because he did not register a large number of contracts with clients As a result the organization was unaware of its duties and would suffer some financial loss Which of the following should be expected from a competent internal auditor who is analyzing this situation?

Options:

A.

The ability to apply forensic methods to obtain legally admissible evidence

B.

The ability to conduct admission-seeking interviews with potential suspects

C.

The ability to evaluate whether such attributes as intent and personal gain were present

D.

The ability to retrieve concealed or deleted information from the former employee's laptop

Buy Now
Questions 74

Which of the following situations is most likely to prompt the internal audit activity to disclose its nonconformance with the Standards?

Options:

A.

One of the organization's senior internal auditors owns a side business, though to date, no sales have been made to this business.

B.

The annual internal audit plan includes performance audits of main business processes, but reviews of high-risk development projects were not considered.

C.

The internal audit activity committed to carrying out an audit of documentation on investment hedging, and a hedging expert was contracted to assist with the engagement.

D.

A periodic quality self-assessment of the internal audit activity identified a number of improvement areas with regard to key performance indicators.

Buy Now
Questions 75

An internal auditor believes that a weakness exists in the control environment relating to the delegation of authority and responsibility within the management structure. Which of the following actions should the internal auditor first consider in this matter?

Options:

A.

Recommend a control change and obtain management support

B.

Evaluate the potential impact on related controls

C.

Address the risk with senior management and the board

D.

Develop and communicate the scope and evaluation criteria to be used by management

Buy Now
Questions 76

Which of the following is true about corporate social responsibility (CSR)?

Options:

A.

Social and environmental considerations are required parts of an organization's decision making

B.

The Global Reporting Initiative provides standards on required disclosures of CSR.

C.

CSR activities are overseen and managed by operational management.

D.

Internal auditors can provide assurance on reported sustainability results.

Buy Now
Questions 77

Which of the following statements is true regarding how the scope of a consulting engagement should be established?

Options:

A.

The engagement client should be able to determine the scope to be applied to the engagement

B.

The internal auditor should establish a scope that does not impair her objectivity

C.

Any attempts by the engagement client to limit the scope should be considered a scope limitation

D.

The scope should include reviewing the effectiveness of the internal control environment

Buy Now
Questions 78

An internal auditor is assessing the effectiveness of the organization's risk management practices She checks to see whether risk management is an intégrai part of decision making and whether risk management is transparent, responsive to change and addresses uncertainty. According to HA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?

Options:

A.

Maturity model approach

B.

Process element approach

C.

Key principles approach

D.

Key performance indicators approach.

Buy Now
Questions 79

When performing an audit of the risk management process an auditor makes the observations listed below. Which poses the greatest risk to the organization?

Options:

A.

The identified risks have not undergone a detailed review to ensure completeness in the past two years.

B.

The controls in place to mitigate the risks are not tested on an annual basis to confirm operating effectiveness.

C.

The process in place to identify and evaluate new risks to the organization is informal and poorly documented.

D.

The identified risks have not been ranked to establish their importance and risk management priority.

Buy Now
Questions 80

A subsidiary of the organization was preparing for an initial public offering (IPO). Af the request of the audit committee, the chief audit executive (CAE) and all senior audit staff were actively involved in the process by helping collect and validate financial data, conducting assessments, and participating in meetings with IPO advisors. Six months later, it became obvious that the IPO had to be canceled. Newly appointed audit committee members requested an assurance engagement that v/ould assess the IPO preparation process. Which of the following would be the best course of action for the chief audit executive (CAE) to take?

Options:

A.

The decision to involve auditors in the IPO was made by former audit committee members; therefore, the CAE is not responsible and can proceed with the new assignment.

B.

The CAE should reject the assignment, as such engagements are beyond the scope of auditors who are usually not familiar with root cause analysis methodology.

C.

The engagement should be undertaken by audit assistants and other junior staff members who were not involved in the IPO process.

D.

The CAE should disclose objectivity limitations to the audit committee and suggest alternatives, such as outsourcing the engagement.

Buy Now
Questions 81

A new chief audit executive wants to develop a formal internal control framework for her organization. She uses globally accepted frameworks as a guide. Which of the following would she likely find critical in creating the new framework for her organization?

Options:

A.

Independent assessments.

B.

Continuous monitoring.

C.

Business continuity and backups.

D.

Organization wide objectives.

Buy Now
Questions 82

Which of the following offers the feast evidence that the internal audit activity has achieved organizational independence?

Options:

A.

An independent third party has assessed the organization's system of internal controls to be adequate and effective.

B.

The chief audit executive reports both functionally and administratively to the CEO.

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

Buy Now
Questions 83

During a procurement process audit the internal audit activity undertakes a fraud risk assessment and considers a range of possible fraud scenarios within the process. Which of the following scenarios constitutes a pressure to commit fraud?

Options:

A.

An employee believes his poor compensation package justifies engaging in unethical behavior.

B.

The head of the department is the only signatory to purchase orders issued to third party contractors.

C.

Some employees strongly believe monetary gifts from vendors is a means of saving for life after employment.

D.

One of the employees was found to have an obsession with expensive jewelry

Buy Now
Questions 84

Which of the following situations would best indicate to the chief audit executive that one of the audit team members is struggling with application of due professional care?

Options:

A.

The engagement supervisor requests that an auditor carry out improvements to workpapers to address numerous problems: evidence is missing, references are incorrect, and conclusions are superfluous

B.

Audit work was completed m accordance with the established goals; however, a material misstatement was later uncovered in the audited area by another assurance provider.

C.

According to the audit report, several control failures occurred due to irresponsible behavior of local management, who was consequently deprived of bonuses and wrote a negative feedback to the auditor

D.

The delivery of audit results was several weeks late because the internal auditor had to spend additional time trying to understand the nature of certain transactions with derivation.

Buy Now
Questions 85

Which of the following would a chief audit executive most likely use to identify a need for improvement in a staff internal auditor's business acumen?

Options:

A.

A quality assessment review.

B.

An internal audit client survey.

C.

A control self-assessment.

D.

A peer review of the internal audit activity.

Buy Now
Questions 86

Which of the following best describes the approach the internal audit activity should take to assess and make appropriate recommendations to improve the organization?

Options:

A.

To evaluate an organization s governance processes for making strategic and operational decisions eternal auditors should review the organization s policies and processes related to staff compensation

B.

To determine how an organization provides oversight of its risk management and control activities internal auditors should review board meeting minutes and the board policy manual

C.

To assess how an organization promotes ethics and values both internally and among its external business partners, internal auditors should review the organization' s related objectives programs and activities

D.

To evaluate how an organization ensures effective performance management and accountability internal auditors should review previously conducted risk assessments

Buy Now
Questions 87

Which of the following must be considered by the chief audit executive before writing the internal audit charter?

Options:

A.

Internal auditors' level of competencies and skills.

B.

The manner in which the internal audit activity is viewed by the board.

C.

Evaluation of staff certifications and continued development.

D.

Effectiveness of the quality assurance and improvement program.

Buy Now
Questions 88

After the draft engagement report is issued, the manager of the area that was reviewed is informally interviewed by the engagement supervisor regarding the audit experience. Which of the following is most likely the purpose for this interview?

Options:

A.

Such an interview is performed when there is a need to dismiss an internal auditor

B.

Feedback from the manager will contribute to the audit team's professional development

C.

The manager's opinion will be used to form the final audit assessment and report rating.

D.

The manager will provide insights into the audited industry's trends

Buy Now
Questions 89

Which of the following actions by the internal audit activity requires disclosure to the board of nonconformance with the Standards?

Options:

A.

The internal audit activity did not complete an external assessment within the last seven years

B.

The internal audit activity performed an engagement with limited scope due to lack of knowledge

C.

The internal audit activity failed to consider risk when conducting a review of a department

D.

An internal auditor was assigned to an engagement m an area where she previously worked more than 10 years ago

Buy Now
Questions 90

Which of the following items related to the quality assurance and improvement program should the chief audit executive report to the board?

Options:

A.

Ongoing monitoring results

B.

Periodic management assessment results

C.

Annual risk assessment results

D.

Internal auditors' training evaluation results

Buy Now
Questions 91

Tr» chiet audit executive (CAE) of large organization is preparing job descriptions to hire five new general internal audit staff, two new IT auditors and a senior auditer how is the CAE likely to describe IT requirements for me general internal audit statt positions?

Options:

A.

The candidate must be able to apply data analytics tolls methodologies

B.

The candidate must be able to evaluate IT governance and cybersecurity frameworks.

C.

The candidate must be able to understand IT-elated risk and general controls

D.

The candidate must be able to execute web servers, applications, and databases testing procedures.

Buy Now
Questions 92

Who is held responsible for oversight of the organization's risk management framework?

Options:

A.

Operational management.

B.

Board of directors.

C.

Internal auditors.

D.

Head of risk management.

Buy Now
Questions 93

According to MA guidance, which of the following is an appropriate role for the internal audit activity?

Options:

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management's behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Buy Now
Questions 94

Which of the following statements is true regarding intangible assets?

Options:

A.

The amortization period of an intangible asset cannot exceed 20 years.

B.

The cost intangible assets with indefinite lives should be amortized.

C.

Intangible assets are categorized as having either a limited life or an indefinite life.

D.

Companies should record intangible assets at fair market value

Buy Now
Questions 95

Which of the following best describes a purpose for the internal audit charter?

Options:

A.

The internal audit charter authorizes the internal audit activity's reporting structure and clearly defines the roles of each internal auditor.

B.

The internal audit charter defines the roles and responsibilities of the chief audit executive, board of directors, and senior management.

C.

The internal audit charter authorizes access to records, personnel, and physical properties relevant to the performance of audit engagements.

D.

The internal audit charter defines the criteria by which the internal audit activity's performance will be evaluated

Buy Now
Questions 96

Which type(s) of assessments in an internal audit activity’s quality assurance and improvement program requires ongoing monitoring to evaluate internal audit activity's efficiency and effectiveness?

Options:

A.

Neither internal nor external assessment

B.

internal assessment

C.

Both internal and external assessment

D.

External assessment

Buy Now
Questions 97

What is expected of internal auditors in regards to due professional care?

Options:

A.

Auditors perform assurance services without regard to cost

B.

Auditors perform assurance services effectively to identify all risks

C.

Auditors perform assurance services needed to achieve the engagement's objectives

D.

Auditors perform assurance services to guarantee all significant risks will be addressed

Buy Now
Questions 98

During a review of the procurement function, an internal auditor identified an existing control for adding new vendors into the vendor contract system. Which of the following would best help the auditor determine the adequacy of the control's design?

Options:

A.

Flowchart of the vendor addition process.

B.

Independent confirmations sent to vendors.

C.

Analysis of the control's costs and benefits.

D.

Interview with management of the procurement function.

Buy Now
Questions 99

Which of the following concepts is emphasized in the Mission of Internal Audit?

Options:

A.

Support of good governance and controls.

B.

Enhancement of organizational value.

C.

Protection of tangible and intangible assets.

D.

Provision of professional advisory and assurance services.

Buy Now
Questions 100

Which of the following statements is correct regarding disclosure of conformance or Standards?

Options:

A.

An internal audit activity that has been in existence fewer than five years cannot Indicate that it is operating in conformance with the Standards because it has not yet undergone an external assessment.

B.

Once an external assessment validates conformance with the Standards, the internal audit activity may continue to use the statement until the next external assessment.

C.

If it has been more than five years since the last external assessment was conducted, the Internal audit activity must cease indicating that it operates in conformance with the Standards.

D.

The chief audit executive must disclose every instance of noncompliance with the Code of Ethics or the Standards.

Buy Now
Questions 101

A whistle blower notified internal audit of a conflict of interest between an organization's employee and a major supplier. Which of the following steps should be undertaken first?

Options:

A.

Interview the employee identified by the whistleblower.

B.

Attain an understanding of the employee's role, responsibilities, and relationship with the supplier.

C.

Notify senior management, the board, and the external auditor about the alleged fraud

D.

Review all the orders issued to the supplier to investigate potential fraud.

Buy Now
Questions 102

In its five years of existence, an internal audit activity conducted a single internal assessment of its quality assurance and improvement program (QAIP). The results of that assessment showed that the internal audit activity did not conform with the Standards. Prior to this, an external assessment of the internal audit activity's QAIP was conducted, which reported that the internal audit activity was in conformance with the Standards. Considering the two assessments, what would be the internal audit activity's current state of conformance with the Standards?

Options:

A.

Conformance with the Standards.

B.

Nonconformance with the Standards

C.

Unable to determine conformance with the Standards.

D.

Partial conformance with the Standards

Buy Now
Questions 103

In order for an internal auditor to assess the opportunity for fraud to occur in an organization, which of the following does the auditor first need to understand?

Options:

A.

Fraud prevention.

B.

Fraud detection.

C.

Corporate culture.

D.

Forensic analysis techniques.

Buy Now
Questions 104

Which of the following actions best demonstrates an internal auditor exercising due professional care?

Options:

A.

Testing an entire population, even when a sample would suffice

B.

Using technology and data analysis techniques for efficiency

C.

Enhancing knowledge, skills, and other competencies through professional development

D.

Establishing audit objectives, performing audit tests, and implementing missing controls

Buy Now
Questions 105

Which of the following actions by an internal auditor would be the most relevant to determine the effectiveness of controls?

Options:

A.

Participate in a fraud risk-assessment session as an in-house facilitator.

B.

Send regular written updates to senior management on new control-related regulations.

C.

Lead a seminar on internal controls and provide numerous examples to the audience.

D.

Conduct a surprise inventory count at the raw materials warehouse.

Buy Now
Questions 106

Prior to commencing a financial compliance engagement, the engagement supervisor reads the business plan for the finance department and meets informally with the director to learn more about any key issues. Which of the following competencies is the engagement supervisor demonstrating?

Options:

A.

The ability to inspire trust

B.

The ability to communicate effectively

C.

The ability to display courage

D.

The ability to understand the needs of stakeholders

Buy Now
Questions 107

According to IIA guidance which of the following statements regarding ethics is true?

Options:

A.

Business ethics may vary within an organization with both domestic and foreign operations

B.

Business ethics are universal n nature and organizations across the world are expected to comply with smear standards

C.

A business ethics policy for an organization s established solely to direct me behavior and expectations of employees

D.

Business ethics of an organization must remain independent torn those of supplier’s customers and business partners

Buy Now
Questions 108

Of all the common characteristics of frauds, which of the following can the organization influence the most?

Options:

A.

Pressure or incentive.

B.

Rationalization

C.

Opportunity

D.

Commitment.

Buy Now
Questions 109

Which of the following indicates that internal audit independence may be compromised?

Options:

A.

The internal auditor maintains a close personal relationship with operational management.

B.

Material observations were intentionally left out of the audit report.

C.

Internal auditors assigned to the audit engagement did not have the knowledge, skills, and competencies needed to perform their responsibilities.

D.

An internal auditor failed to apply professional skepticism while performing audit tests in an area overseen by an experienced, reputable manager

Buy Now
Questions 110

Which of the following would best serve to deter unethical behavior and encourage internal auditors to be objective in their work?

Options:

A.

A requirement that internal auditors undergo objectivity training periodically

B.

Periodic communications reminding internal auditors of Standards requirements

C.

A review of the final audit report by the audit committee

D.

Ongoing monitoring and periodic internal quality assessments

Buy Now
Questions 111

The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions The CAE was an accounting manager for the organization six months ago How should she respond to the request?

Options:

A.

Decline, if it is consulting engagement because she recently worked in the organization s accounting department

B.

Accept, 11 is an assurance engagement, as she has been out of the department long enough to not impair objectivity.

C.

Inform the accounting department mat me engagement can take place m the future once she has been removed from accounting for a longer period of time.

D.

Accept, it is a consulting engagement with agreed-upon scope and services to be provided by me internal audit activity.

Buy Now
Questions 112

Which of the following actions should the organization's governing body perform to provide the most effective governance over the organization's culture?

Options:

A.

Coordinate control activities.

B.

Provide direction.

C.

Design key controls.

D.

Deliver assurance.

Buy Now
Questions 113

Which of the following organizations has reached the most mature level of corporate social responsibility?

Options:

A.

An organization that is able to provide goods and services society needs and thus maximizes profit to its owners.

B.

An organization that ensures compliance to legal frameworks of the countries in which it operates and sells its products.

C.

An organization that is willing to make contributions not mandated by law or economics and expects no payback.

D.

An organization that requires its decision makers to act with equity, fairness, and respect for the rights of individuals.

Buy Now
Questions 114

In addition to her internal audit activity responsibilities, the chief audit executive has been asked to oversee the organization's insurance function. Which of the following responses is most appropriate?

Options:

A.

Welcome the additional responsibility, as it represents an opportunity to gain more information for future audits.

B.

Revise the internal audit charter to include oversight of the insurance function, ensuring that all of her responsibilities are properly documented.

C.

Report the request to the board and recommend alternate processes to obtain assurance related to insurance activities.

D.

Promptly remove the organization's insurance function from the audit universe.

Buy Now
Questions 115

Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?

Options:

A.

Fewer internal audits

B.

More effective interviews

C.

Automated risk management strategy tools

D.

Reduced assurance costs

Buy Now
Questions 116

Which of the following written documents typically offers the best evidence that internal auditors exercise due professional care in conformance with the Standards?

Options:

A.

Internal audit charter.

B.

Workpaper.

C.

Audit report.

D.

Code of ethics.

Buy Now
Questions 117

Which documents would help a forensic auditor identify instances of collusion between an employee and vendor to defraud the organization?

Options:

A.

Email correspondence.

B.

Payment request forms.

C.

Vendor invoices.

D.

Bank statements.

Buy Now
Questions 118

During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company's expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?

Options:

A.

Skills in evaluating the risk of fraud.

B.

Knowledge of key IT risks and controls

C.

Soft skills such as communication and negotiation.

D.

Knowledge and understanding of the company's expenses policy

Buy Now
Questions 119

Which of the following is an appropriate roe fa the internal audit activity?

Options:

A.

Ensuring the organization's key risks are managed through appropriate controls.

B.

Assisting the organization in maintaining effective controls.

C.

implementing new controls to promote continuous improvement

D.

Validating control assessments performed by the external auditor.

Buy Now
Questions 120

Which of the following is a preventive control the organization could implement to mitigate fraudulent activity in the accounts payable department?

Options:

A.

Delivering fraud awareness training to employees in the department.

B.

Segregating duties between employees in the department.

C.

Requesting the internal audit activity perform an independent evaluation of fraud risk in the department.

D.

Requiring accounts payable employees to sign a code of conduct awareness confirmation.

Buy Now
Questions 121

What is the primary reason a chief audit executive should dedicate time and resources to support continuing professional development of internal audit staff?

Options:

A.

To ensure that internal audit staff maintains high overall job satisfaction.

B.

To ensure that internal audit staff acquired continuing professional education credits timely.

C.

To ensure that top risks are mitigated to an acceptance level.

D.

To ensure that internal audit staff have the competency to address high-priority risks.

Buy Now
Questions 122

A new internal audit activity is considering the adoption of a risk and control framework. Which of the following is the most appropriate consideration during this process?

Options:

A.

The framework should not be developed by the internal audit activity

B.

The framework should apply to individual projects rather than the organization as a whole

C.

The framework should always be tailored to the organization

D.

The framework should require fewer resources to implement

Buy Now
Questions 123

A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?

Options:

A.

The annual audit plan.

B.

The audit report.

C.

The annual risk assessment.

D.

The audit charter.

Buy Now
Questions 124

An internal auditor notes that inventory counts are conducted on Mondays only and that all documentation is on paper as there are no computers in the underground warehouses. Also she notices that the person responsible for receiving the goods is the same one who distributes materials and spare parts Finally, she sees that spare parts are written off and taken by the heads of mining units to different underground locations to wait for their turn to be installed. Which of the described findings requires more consideration from a fraud risk perspective?

Options:

A.

The job responsibilities of the warehouse employee compromise segregation of duties

B.

Spare parts are written off before their actual usage and installation

C.

Warehouse management is conducted on paper and requires further investigation

D.

The inventory counts take place on specific days of the week for no apparent reason

Buy Now
Questions 125

An organization’s board of directors has decided that the internal audit activity must have greater access to different pans of the organization in order to perform their assurance work effectively Which of !he following areas is the board seeking to improve by making this change?

Options:

A.

Internal audit authority.

B.

Internal audit reporting structure.

C.

Internal audit independence and objectivity.

D.

Internal audit interaction with the board

Buy Now
Questions 126

In which of the following situations would the organizational independence of an internal audit activity be impaired?

Options:

A.

The chief audit executive reports administratively to the CEO.

B.

Scope limitations are imposed on internal audits.

C.

The internal audit activity provides assurance services for an activity for which the engagement supervisor had responsibility within the previous year.

D.

The compensation committee of the board approves the remuneration of the chief audit executive.

Buy Now
Questions 127

The chief audit executive of a large national retailer is reviewing the purpose and objectives of the organization's internal audit activity

Which of the following objectives is best aligned with The IIA's Mission of Internal Audit?

Options:

A.

To implement a quality assurance and improvement program

B.

To assess the effectiveness of internal controls over organizational assets

C.

To ensure internal auditors possess the competencies needed to perform their responsibilities

D.

To operate within the budget established by the board of directors

Buy Now
Questions 128

An internal audit team received the following feedback from operational management via a post-engagement survey "Management agrees with all audit findings However, the audit team did not consider our input on the best way to resolve the issues”

This feedback is an indication that the internal audit activity may need to improve which of the following interpersonal skills?

Options:

A.

Leadership

B.

Conflict management

C.

Communication

D.

Influence

Buy Now
Questions 129

Which of the following is the best example of a computer forensic audit activity?

Options:

A.

An internal auditor compared vendor addresses to employee home addresses.

B.

An internal auditor used analytical software to trace all disbursements processed on weekends.

C.

An internal auditor tried to circumvent the logical access controls of the purchasing system.

D.

An internal auditor recovered emails of an employee who was suspected of fraudulent activities

Buy Now
Questions 130

Which of the following activities aligns with The IIA's Core Principles for the Professional Practice of Internal Auditing?

Options:

A.

The chief audit executive reports to senior management for compensation decisions and communications of audit results to the board

B.

Final reports from consulting engagements show the summary of findings, and the internal auditor’s advice is clearly distinct and separate from management's decisions

C.

Internal auditors rotate through operations and management positions then perform audit engagements on these areas to ensure timely application of their knowledge

D.

Due to limited resources, internal auditors prioritize assurance on internal controls and risk management and exclude evaluating governance processes, which are deemed outside of their core responsibilities

Buy Now
Questions 131

Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?

Options:

A.

Accommodation.

B.

Reaction.

C.

Defense.

D.

Proaction.

Buy Now
Questions 132

Who is responsible for setting the risk appetite?

Options:

A.

External auditors.

B.

Chief risk officer.

C.

Operations management.

D.

Board of directors.

Buy Now
Questions 133

An employee accepts cash payments from customers and does not record the sale. This is an example of which of the following types of fraud?

Options:

A.

Asset misappropriation.

B.

Skimming

C.

Corruption.

D.

Lapping.

Buy Now
Questions 134

The internal auditor obtained large volumes of transaction history data for accounts on which he suspected that some fraudulent transactions occurred. Which of the following actions best demonstrates due professional care by the internal auditor?

Options:

A.

The internal auditor carefully scrutinized the data by manually reviewing each transaction to ensure that all irregularities were identified.

B.

The internal auditor employed the use of data analytics tools to sort, analyze, and detect anomalies in the data

C.

The internal auditor started the data analysis process by selecting a random sample of transactions on which to perform further tests.

D.

The internal auditor requested that the branch supervisor assist in identifying fraudulent transactions, as he was most familiar with the accounts being audited.

Buy Now
Questions 135

Which of the following internal control components has COSO identified as the most important?

Options:

A.

Information and communication

B.

Risk assessment

C.

Control activities

D.

Control environment

Buy Now
Questions 136

What should the chief audit executive do when the internal audit activity is found to be in nonconformance with the Code of Ethics or the Standards?

Options:

A.

Assign competent staff to the area under audit to remediate the nonconformance.

B.

Determine how the deviation impacted the overall scope of the internal audit activity.

C.

Meet with the board to gam an understanding of the board's expectations.

D.

Communicate the matter to the board at the time of the next external assessment.

Buy Now
Questions 137

The chief audit executive of an organization assigns audit resources to undertake a consulting engagement requested by senior management the previous year, and a scheduled assurance audit of the procurement process Which of the following appropriately differentiates the two engagements?

Options:

A.

The details of assurance services are expected to be included in the risk-based audit plan; this is not the case for consulting services.

B.

The objectivity of assurance services is impaired when undertaken by internal auditors who have had recent prior responsibility in the area under review; this is not the case for consulting services

C.

The performance of assurance services may be outsourced for competency gaps: this is not the case for consulting services.

D.

The results of assurance services are required to be monitored; this is not the case for consulting services

Buy Now
Questions 138

The internal audit activity is performing an assessment of an organization's ethics program, and the engagement scope specifies a focus on the training program's design. According to IIA guidance, which of the following questions would be the most relevant?

1. Does the training include situations that require an ethical decision?

2. What percentage of employees have taken the training?

3. What are the results of the employee assessment of the organization's ethical climate?

4. Does the instructor provide feedback on the thought process to reach an ethical resolution?

Options:

A.

1 and 2.

B.

1 and 4.

C.

2 and 3.

D.

3 and 4.

Buy Now
Questions 139

Guidelines need to be set for various levels of suspected fraud within an organization and when it would be reported to the audit committee. Which of the following would be

reported at the next meeting?

Options:

A.

Minor theft of less than $10,000, not involving senior management.

B.

Theft using collusion for more than $10,000. but not involving senior management.

C.

Denial of access to requested employees during an audit.

D.

Discussion of replacement of the chief audit executive.

Buy Now
Questions 140

Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

Options:

A.

Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).

B.

Approve the annual budget and resource plan for the internal audit activity.

C.

Assist the CAE with hiring objective and competent internal audit staff.

D.

Encourage the CAE to communicate and coordinate with the external auditor.

Buy Now
Questions 141

According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?

1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.

2. Ability to provide relevant advice and recommendations to management and the board.

3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.

4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.

Options:

A.

1 and 4 only.

B.

1, 2, and 3 only.

C.

1, 2, and 4 only.

D.

2, 3. and 4 only

Buy Now
Questions 142

Which of the following statements is true regarding control activities'?

Options:

A.

Control activities are defined by management through risk mitigation strategies

B.

Control activities should be defined for all business processes

C.

If two organizations have identical objectives and structures their control activities would be the same

D.

Organizations that are less regulated generally have more complex control activities than highly regulated organizations

Buy Now
Questions 143

An internal auditor has completed an assurance engagement Which of the following is most likely true regarding the engagement?

Options:

A.

During audit planning, the auditor provided the client with the scope of the engagement for their agreement

B.

The results of the engagement were included in a written report that was issued to the client who requested the engagement

C.

During audit planning, the auditor determined that the engagement scope would include a review of the security and privacy of payroll records

D.

The client requested the review of a new payroll system in order to improve the security of the system

Buy Now
Questions 144

Which of the following is true regarding the use of a formal risk management framework?

1. It facilitates a methodical approach to risk mitigation.

2. It defines and standardizes the terminology used in risk communication.

3. It establishes the risk tolerance levels to be accommodated in the strategy.

4. It facilitates the alignment of risk mitigation strategies with management priorities.

Options:

A.

1. 2. and 3.

B.

1.2. and 4.

C.

1.3. and 4.

D.

2. 3, and 4.

Buy Now
Questions 145

Which of the following statements is most likely to be true regarding a consulting engagement involving an organization's new payroll system?

Options:

A.

The internal auditor and engagement client established an understanding that the scope would include the new payroll system project.

B.

The payroll system engagement was scheduled as a result of internal audit's risk-based annual planning process.

C.

The internal auditor concluded that the engagement objectives would include assessing the effectiveness of the payroll process controls.

D.

The internal auditor acknowledged the engagement client’s satisfactory performance in the final engagement results that were communicated to senior management and the board.

Buy Now
Questions 146

To assure that the technical proficiency of internal auditors is appropriate for the audit engagements to be performed, a chief audit executive should:

Options:

A.

Consider the scope of work and level of responsibility when establishing criteria for education and experience in filling internal audit positions.

B.

Ensure that each newly hired auditor is qualified in all of the disciplines needed to accomplish the department’s audit mission.

C.

Oversee a training program that matches the actual training provided with the interests of individual auditors.

D.

Require all of the audit staff to pursue a minimum number of continuing professional education hours each year

Buy Now
Questions 147

Which of the following best describes organizational governance processes?

Options:

A.

Processes employed by internal and external assurance providers to authorize, direct, and provide oversight to management to better enable the meeting of organizational objectives

B.

Processes employed by the board of directors to authorize and provide guidance and oversight to management to promote the achievement of organizational objectives.

C.

Processes employed by the board of directors and senior management to mitigate risks to acceptable levels.

D.

Processes employed by risk owners to mitigate risks to acceptable levels within the organization's risk appetite

Buy Now
Questions 148

According to IIA guidance, which of the following statements is true regarding ISO 31000?

Options:

A.

The key principles approach checks whether each element of the risk management process is in place.

B.

The framework is effective in addressing the organization's structure, size, and risk profile but not its culture objectives.

C.

The end point for improving an organization s approach to risk management should be a gap analysis that evaluates any changes.

D.

A combination of the three primary approaches to the framework generally yields the most information despite the complexity

Buy Now
Questions 149

With regard to IT governance, which of the following is the most effective and appropriate role for the internal audit activity?

Options:

A.

Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization's risk appetite.

B.

Evaluate the organization’s governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization’s risk appetite.

C.

Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.

D.

Assess whether governance activities are aligned with the organization's risk appetite and take into consideration emerging risks

Buy Now
Questions 150

The internal audit activity audited an organization's risk management function multiple times, and the recommendations that were made remain unaddressed by the head of risk management. Which of the following would be the next step for the internal audit activity?

Options:

A.

The internal audit activity should add value by implementing the recommendations on management's behalf.

B.

The chief audit executive (CAE) must discuss this matter with senior management and the board

C.

The CAE should determine which recommendations to implement based on the severity of the associated risks.

D.

The internal audit activity, led by the CAE. should assume responsibility for risk management function.

Buy Now
Questions 151

What should be the first step for a newly hired chief audit executive to build and maintain the proficiency of the internal audit activity'?

Options:

A.

Incorporate the basic criteria of internal audit competency into job descriptions

B.

Complete a periodic skills assessment of the internal audit activity

C.

Develop a competency or skill assessment tool.

D.

Perform benchmarking with competitors to learn what other firms are doing related to this topic

Buy Now
Questions 152

Which of the following conditions classifies an engagement as a consulting service provided by the internal audit activity?

Options:

A.

The internal auditor assigned to the engagement previously worked in the area under review and lacks objectivity.

B.

The internal audit engagement will involve providing an opinion on the effectiveness of controls.

C.

The internal auditor assigned to the engagement was specifically requested by management of the area under review.

D.

he internal audit engagement involves only two parties: the internal auditor and the engagement client.

Buy Now
Questions 153

Which of the following statements is true regarding consulting engagements?

Options:

A.

Internal auditors cannot provide consulting services related to operations for which they had previous responsibilities.

B.

The nature of consulting services to be performed by internal auditors must be defined in the internal audit charter

C.

If internal auditors have potential impairments to objectivity related to the proposed consulting engagement, the engagement must be declined.

D.

If internal auditors lack the knowledge, skills, or other competencies needed to perform the consulting engagement, the engagement can proceed with proper disclosures.

Buy Now
Questions 154

According to IIA guidance, which of the following best describes expense reimbursement fraud?

Options:

A.

Theft of cash after it is recorded in the books

B.

Theft of cash before it is recorded in the books

C.

Theft of assets through fictitious or inflated invoices

D.

Theft of assets through false mileage travel logs and meal charges

Buy Now
Questions 155

According to IIA guidance, which of the following actions best demonstrates due professional care by an internal auditor when she discovers a number of fraud-related red flags during an audit engagement?

Options:

A.

Conclude the engagement and inform management that fraud has occurred

B.

Perform further testing to verify the existence of fraud.

C.

Suspend the engagement and undertake a formal fraud investigation.

D.

Notify the board of the possible fraud immediately

Buy Now
Questions 156

An internal auditor was completely honest with operational management when delivering unfavorable audit results. Which of the following best describes the IIA Code of Ethics principle that the auditor demonstrated?

Options:

A.

Integrity

B.

Objectivity

C.

Competency

D.

Transparency

Buy Now
Questions 157

Which of the following statements would typically be included in the responsibility section of the internal audit charter?

Options:

A.

The internal audit activity will have free and unrestricted access to the chief executive officer, audit committee, and chairman of the board of directors.

B.

The internal audit activity shall develop a flexible audit plan, based on a risk assessment conducted at least annually and taking into consideration the risks or control concerns identified by management, and shall submit the plan to the board for approval.

C.

The chief audit executive shall obtain the necessary assistance of personnel in areas where audits are performed, as well as specialized services within or outside of the organization.

D.

The internal audit activity will not implement controls, develop procedures, install systems, prepare records, or engage in activities that may impair internal auditors’ judgments.

Buy Now
Questions 158

An engagement supervisor noticed that a newly hired internal auditor struggles with large data samples because he appears reluctant to apply available spreadsheet statistical functions and tends to perform testing of transactions manually In which of the following areas does the internal auditor most likely need training?

Options:

A.

Critical thinking.

B.

International Professional Practices Framework

C.

Professional ethics

D.

Business acumen

Buy Now
Questions 159

Which of the following is the first step in the process of identifying relevant fraud risk factors?

Options:

A.

Identifying preventive and detective controls

B.

Gathering information about the organization’s business activities to gain an understanding of fraud risks

C.

Engaging in strategic reasoning to anticipate the fraud scheme

D.

The use of brainstorming, management interviews, analytical procedures and review of prior frauds.

Buy Now
Questions 160

Which of the following techniques should an internal auditor use in order to conduct an effective interview?

Options:

A.

Use technical language to establish credibility with the employee being interviewed

B.

Avoid straightforward questions to make the person being interviewed think before answering

C.

Prepare the next question while the interviewee is responding to demonstrate preparedness

D.

Appear confident but not arrogant during the interview to show professionalism

Buy Now
Questions 161

Which of the following activities should the chief audit executive perform to ensure compliance with an organization's code of conduct?

Options:

A.

Act as an advisor to the committee responsible for reviewing violations of the code.

B.

Review and adjudicate all violations of the code of conduct.

C.

Lead the committee responsible for the oversight of the code.

D.

Implement a system of procedures to inform all employees of the code.

Buy Now
Questions 162

According to IIA guidance, which of the following is most critical to ensuring that an organization's risk management program remains effective over time?

Options:

A.

Ensuring a fully executed assurance role for the internal audit activity.

B.

Conducting risk evaluations that include ranking the relative importance of each risk.

C.

Establishing a risk management function and appointing a chief risk officer.

D.

Conducting a combination of ongoing risk reviews and individual evaluations.

Buy Now
Questions 163

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Options:

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Buy Now
Questions 164

Which of the following documents would promote objectivity within an organization's internal audit activity?

Options:

A.

Internal audit charter.

B.

Internal audit manual.

C.

Audit committee charter

D.

Human resources employee handbook.

Buy Now
Questions 165

According to IIA guidance, which of the following statements regarding the internal audit charter is true?

Options:

A.

The nature of consulting services typically is not included in the charter.

B.

The chief audit executive must formally review the charter at least once a year

C.

The nature of assurances provided to parties outside of the organization typically is not included in the charter.

D.

The charter typically defines the internal audit activity's position within the organization.

Buy Now
Questions 166

Which of the following best demonstrates conformance with the Standards relating to continuing professional development of internal auditors?

Options:

A.

Regulatory approval from an accrediting agency.

B.

Self-assessments against a competency framework.

C.

Approval and signoff from the board of directors.

D.

A review by external auditors on an annual basis

Buy Now
Questions 167

Applying ISO 31000, which of the following is part of the external context for risk management?

Options:

A.

Risk treatment method based on risk evaluation.

B.

Organizational culture, objectives, and processes.

C.

The regulatory and competitive environment

D.

The method of determining the risk level.

Buy Now
Questions 168

According to IIA guidance, which of the following statements is true regarding reporting the results of the quality assurance and improvement program?

Options:

A.

Results of internal assessments need to be reported to the board at least once every five years.

B.

The external assessor must present the findings from the external assessment to senior management and the board upon completion.

C.

Deficiencies within the internal audit activity must be reported to the board as soon as they are noted.

D.

Results of ongoing monitoring of the internal audit activity's performance must be reported to senior management and the board at least annually

Buy Now
Questions 169

Which of the following statements best describes the difference between risk appetite and risk tolerance?

Options:

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization's general attitude toward risk,

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management.

C.

Risk appetite refers to an organization's general level of acceptance, while risk tolerance is a more specific and subordinate concept.

D.

There is no significant difference between the two terms.

Buy Now
Questions 170

A chief audit executive (CAE) has no direct access to the board. According to IIA guidance, which of the following is the most appropriate way for the CAE to react?

Options:

A.

Ensure all subsequent audit reports include a disclaimer as to the lack of access to the board,

B.

Focus on operational audit work and disregard lack of direct access to the members of the board.

C.

Initiate changes to the internal audit charter to report to senior management for the time being,

D.

Engage in written communications with the board and present relevant issues in writing

Buy Now
Questions 171

Who is responsible for ensuring internal auditors’ continuing professional development?

Options:

A.

Individual internal auditors.

B.

Chief audit executive.

C.

The board.

D.

Engagement supervisors.

Buy Now
Questions 172

During a review of employee benefits, a staff internal auditor observed an ambiguity in the incentive compensation policy. If reported, it could negatively impact the internal auditor's compensation. Which of the following would encourage the internal auditor to be objective in his work?

Options:

A.

Periodic reinforcement of the internal audit activity's code of ethics disclosure practices.

B.

External assessments of the internal audit activity every five years.

C.

Audit committee review of every engagement report at the conclusion of the audit.

D.

Internal audit charter approved by the board.

Buy Now
Questions 173

Which of the following best describes the type of risk that an adequately designed and effectively operating system of internal controls should mitigate?

Options:

A.

Net.

B.

Controllable.

C.

inherent,

D.

Residual.

Buy Now
Questions 174

During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as he are earning a significantly higher salary. The auditor noted the names and amounts of each, and he planned to prepare a request to the chief audit executive for a salary increase based on this information. Which of the following IIA Code of Ethics principles was violated in this scenario?

Options:

A.

Competency.

B.

Objectivity,

C.

Integrity.

D.

Confidentiality

Buy Now
Questions 175

A multinational organization has asked the internal audit activity to assist in setting up the organization’s risk management system. The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

Options:

A.

Coordinate and facilitate risk workshops for management to attend.

B.

Establish the degree of risk appetite for management to accept.

C.

Set risk indicators and mitigation plans for management to implement

D.

Determine the number of significant risks for management to report to the board.

Buy Now
Questions 176

Which of the following is most likely to be considered a control weakness?

Options:

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms.

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent.

Buy Now
Questions 177

Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor's most appropriate next step?

Options:

A.

Immediately notify management of the area under review and the other internal auditors involved in the engagement.

B.

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C.

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.

D.

Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.

Buy Now
Questions 178

According to NA guidance, which of the following conditions would enhance the independence of the internal audit activity?

Options:

A.

The organizational culture rewards critical and objective thinking.

B.

The quality of work performed by the internal audit activity is periodically reviewed,

C.

The organization establishes effective governing body oversight,

D.

Audit assignments are rotated among internal audit staff

Buy Now
Questions 179

Which of the following is an example of a detective control?

Options:

A.

Automatic shut-off valve.

B.

Auto-correct software functionality.

C.

Confirmation with suppliers and vendors.

D.

Safety instructions.

Buy Now
Questions 180

When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports?

1. Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.

2. Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management

reporting and the negative consequences of intentional misreporting.

3. Setting up a hotline for employees to report fraudulent behavior anonymously,

4. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.

Options:

A.

1 and 2 only.

B.

2 and 3 only.

C.

2 and 4 only.

D.

3 and 4 only

Buy Now
Questions 181

After being assigned to an audit of the accounts payable process, an internal auditor privately notifies the chief audit executive that she is a finalist for an open manager position within the accounts payable department. Which of the following is the IIA Code of Ethics principle that the auditor upheld?

Options:

A.

Independence.

B.

Confidentiality.

C.

Objectivity.

D.

Competency

Buy Now
Questions 182

Senior management has decided to adopt the key principles approach of the ISO 31000 risk management framework. According to IIA guidance, which of the following principles is most appropriate when implementing the risk management process in a dynamic agency?

Options:

A.

Everyone in the agency has a primary responsibility for identifying and managing risks as part of the risk management process.

B.

The risk management process, while evaluating risk, should develop a mechanism to rank the relative importance of each risk.

C.

The risk management process should be regularly reviewed and respond to changes in the environment, to remain relevant.

D.

The risk management process should use a formal technique to consider the consequence and likelihood of each risk.

Buy Now
Questions 183

Which of the following could increase risks to the organization’s control environment?

Options:

A.

Strong board of directors oversight.

B.

Incentive-based compensation structures.

C.

Lower than average employee turnover.

D.

Implementation of a fraud hotline.

Buy Now
Questions 184

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation.

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

Options:

A.

1,2, and 3,

B.

1 2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4.

Buy Now
Questions 185

Which of the following best demonstrates internal auditors performing their work with proficiency?

Options:

A.

Internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA’s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Buy Now
Questions 186

Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?

Options:

A.

Appoint the chief audit executive as a member of the board.

B.

Adopt written policies and procedures for the internal audit activity, approved by the board.

C.

Ensure the chief audit executive reports administratively to the audit committee.

D.

Establish the internal audit activity’s position within the organization in an audit charter.

Buy Now
Questions 187

Management assessed the organization’s risk of expanding operations into a new, but volatile, region and began looking for a compatible local partner to manage sales and distribution. Which of the following best describes this risk management technique?

Options:

A.

Avoidance.

B.

Acceptance.

C.

Reduction.

D.

Sharing

Buy Now
Questions 188

Which of the following statements best illustrates why internal auditors assess soft controls?

Options:

A.

Assessing soft controls are an effective method of assessing risk related to personnel.

B.

Assessing soft controls, as opposed to hard controls, makes it easier to evaluate operating effectiveness.

C.

Assessing soft controls can help internal auditors in undertaking root-cause analysis.

D.

Assessing soft controls provides more objective information than assessing hard controls.

Buy Now
Questions 189

According to NA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

Options:

A.

To enable Triple Bottom Line reporting capability.

B.

To facilitate the conduct of risk assessment.

C.

To achieve and maintain sustainable development.

D.

To fulfill regulatory and compliance requirements.

Buy Now
Questions 190

Operational management in the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge/skills gap,

B.

Monitoring gap.

C.

Accountability/reward failure,

D.

Communication failure.

Buy Now
Questions 191

According to NA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?

Options:

A.

CAE reviews and approves the annual audit plan,

B.

CAE meets privately with the CEO at least annually.

C.

CAE meets privately with the board at least annually,

D.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Buy Now
Questions 192

Which of the following would be considered a violation of The HAfs mandatory guidance on independence?

Options:

A.

The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer.

B.

The board seeks senior management's recommendation before approving the annual salary adjustment of the CAE.

C.

The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity,

D.

The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline

Buy Now
Questions 193

Which of the following is an example of a directive control?

Options:

A.

Segregation of duties.

B.

Exception reports.

C.

Training programs.

D.

Supervisory review.

Buy Now
Questions 194

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy. Which of the following is the most appropriate idea to include?

Options:

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported.

C.

Management is responsible for ensuring that the organization’s CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization; thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Buy Now
Questions 195

Which of the following is a true statement regarding whistleblowing?

Options:

A.

Whistleblowing is one of several possible ethical structures an organization can undertake to encourage ethical behavior.

B.

Whistleblowing programs help employees deal with ethical questions and instill ethical values into everyday behavior

C.

Whistleblowers are current or former employees who are disgruntled and looking to retaliate.

D.

Whistleblowers should inform the organization about actual criminal circumstances, not assumed allegations

Buy Now
Questions 196

Which of the following processes does the board manage to ensure adequate governance?

Options:

A.

Establish and measure performance objectives for the internal audit activity.

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization.

D.

Develop strategies to mitigate the risks to achieving the organization’s objectives

Buy Now
Questions 197

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

A description of their job responsibilities,

Options:

A.

A non-disclosure agreement.

B.

An annual declaration of commitment to

C.

The IIA s Code of Ethics.

D.

The internal audit charter.

Buy Now
Questions 198

An internal auditor believes that the internal audit activity's independence is impaired. Which of the following actions should the internal auditor take first?

Options:

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Buy Now
Questions 199

According to IIA guidance, which of the following threats to objectivity is described as familiarity'?

Options:

A.

An internal auditor is a close friend or relative of the manager or an employee of the audit client

B.

An internal auditor has a long-term business relationship with the audit client.

C.

An internal auditor has an economic stake in the performance of the organization

D.

An internal auditor is exposed to or perceived to be exposed to pressures from external parties

Buy Now
Questions 200

Which of the following is a typical characteristic of an organization's risk management framework?

Options:

A.

Risk tolerance may or may not align with risk appetite depending on whether the assessment is quantitative or qualitative

B.

Risk is assessed on both an inherent and a residual basis

C.

The framework addresses four organizational objective categories strategic, historical, operational, and investment

D.

External risks and internal opportunities are omitted from the risk assessment scope

Buy Now
Questions 201

Which of the following would be considered advanced expertise which most internal auditors are not expected to possess'?

Options:

A.

The ability to evaluate fraud risk

B.

The ability to detect and investigate fraud

C.

The ability to assess risk management strategies

D.

The ability to create test databases

Buy Now
Questions 202

Which of the following is the best way for an internal auditor to demonstrate due professional care?

Options:

A.

Conduct an audit to the same extent that another prudent auditor would under similar circumstances

B.

Seek feedback from the engagement supervisor during the engagement

C.

Execute internal audit work in such a manner as to provide absolute assurance of compliance

D.

Request and receive client feedback surveys during the engagement

Buy Now
Questions 203

An internal auditor assigned to a supplier management process engagement reviews the risk assessment with the process owner The auditor inquires about the risk response for potentially engaging unqualified third-party service providers The process owner responds that due diligence checks are undertaken to make sure that third parties possess requisite competencies before they are engaged Which of the following risk management techniques is the process owner using?

Options:

A.

Risk avoidance

B.

Risk reduction

C.

Risk sharing

D.

Risk acceptance

Buy Now
Questions 204

According to IIA guidance, which of the following is required of an internal audit activity?

Options:

A.

The internal audit activity should refrain from conducting an assurance engagement for which it lacks the necessary competencies or skills

B.

The chief audit executive must decline a consulting engagement or obtain competent advice and assistance if internal auditors lack the necessary competencies or skills

C.

The audit committee should ensure that the internal audit activity continuously improves its knowledge and skills in order to fulfill its responsibilities

D.

In today's business climate which is dominated by technology and big data, it is imperative that each staff internal auditor has detailed knowledge about IT risks and technology-based audit techniques

Buy Now
Questions 205

The organization's internal audit charter was last updated six years ago. To update the charter, which of the following actions is most appropriate for the chief audit executive to take?

Options:

A.

Wait for the next external assessment and address all of the missing information in the charter based on the recommendations from the external assessment team.

B.

Perform a review of IIA guidance to become acquainted with the latest mandatory elements prior to updating the charter

C.

Use an internal audit charter template from another organization that operates within the same industry.

D.

Identify an individual within the internal audit activity who has in-depth knowledge of mandatory IIA guidance elements to address any gaps or areas of the current version of the charter that could be improved.

Buy Now
Questions 206

Which of the following would be considered an impairment to an internal auditor's objectivity when performing a review of the organization's procurement function'?

Options:

A.

The internal auditor worked on the implementation of the accounting system within the organization before joining the internal audit activity last year

B.

The internal auditor is part of a multidisciplinary team tasked to assist with a new project implementation checklist within the organization

C.

The internal auditor worked as a sourcing specialist before joining the internal audit activity last year

D.

The internal auditor participates in a cross-departmental team for information and data security within the organization

Buy Now
Questions 207

An external assessment of an organization's internal audit activity was last completed four years ago Which of the following options would be acceptable this year if the internal audit activity is to fulfill the requirements of the Standards?

Options:

A.

The internal audit activity conducts a self-assessment that is validated by a qualified and experienced internal auditor and then schedules a qualified, independent external assessor

B.

The board nominates an independent individual from senior management in the organization to conduct an assessment of the internal audit activity

C.

An external auditor conducts an audit of the organization which includes information about the internal audit activity

D.

The chief audit executive schedules a self-assessment and the board approves the results

Buy Now
Questions 208

Which of the following represents an example of an ethical issue that the organization should address'?

Options:

A.

An employee discovered that there is no personal protective equipment at a temporary construction site

B.

An employee saw that a group of other employees were smoking in close proximity to petrol distribution tanks

C.

A supervisor insists that an employee complete time sheets regularly

D.

An employee received concert tickets from a vendor and asked whether she could keep them

Buy Now
Questions 209

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

Options:

A.

An independent third party has assessed the organization's system of internal controls to be adequate and effective,

B.

The chief audit executive reports both functionally and administratively to the CEO.

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

Buy Now
Questions 210

In the COSO internal control framework, which of the following components serves as the foundation for the other components?

Options:

A.

Control activities.

B.

Control environment.

C.

Risk assessment.

D.

Monitoring

Buy Now
Questions 211

After the final audit report was issued, the engagement supervisor received an expensive gift from management recognizing her assistance in improving the business, if the gift is accepted, which of the following would be true?

Options:

A.

The engagement supervisor violated The IIA's Code of Ethics principle of integrity.

B.

The engagement supervisor violated The IIA's Code of Ethics principle of objectivity.

C.

The engagement supervisor violated The IIA’s Code of Ethics principle of confidentiality.

D.

The engagement supervisor did not violate any principles of The IIA’s Code of Ethics.

Buy Now
Questions 212

A global organization established a new internal audit activity and the recently hired chief audit executive needs to develop an internal audit manual for internal auditors Among the following policies in the manual, which would facilitate internal auditors in upholding their objectivity?

Options:

A.

Internal auditors shall attend professional workshops to refresh internal audit norms and concepts

B.

Internal auditors' performance is synchronized with satisfaction ratings given by audit clients

C.

Internal auditors take prior audit results into account when conducting current audit engagements

D.

Internal auditors observe the audit client’s expectations when scoping audit engagements

Buy Now
Questions 213

The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?

Options:

A.

Request the internal audit activity to perform an ethics-related assurance engagement.

B.

Offer in-house ethics-related training seminars for employees to attend.

C.

Reaffirm the importance of the organization's code of ethics to all employees.

D.

Conduct an organizationwide employee survey on ethical practices

Buy Now
Questions 214

Which of the following is an example of impairment to internal auditor independence or objectivity'?

Options:

A.

Assurance engagements for functions over which the chief audit executive (CAE) has responsibility are overseen by a party outside the internal audit activity

B.

Internal auditors provide consulting services relating to operations for which they had previous responsibilities

C.

Internal auditors provide consulting services relating to operations for which they have current responsibilities

D.

Consulting engagements for functions over which the CAE has responsibility are overseen by a party outside the internal audit activity

Buy Now
Questions 215

Which of the following statements is true regarding organizational culture and an audit of the control environment?

Options:

A.

For multinational organizations it is important to ensure that the organizational culture is consistent at all locations

B.

Because the chief audit executive (CAE) is part of the organizational culture, external auditors should be engaged to evaluate the control environment

C.

If there are unresolved scope restrictions, the CAE should consider whether to pursue the audit and note the scope restrictions in the audit report

D.

Because it will create a conflict of interest relating to the control environment, senior management should not be consulted during the audit

Buy Now
Questions 216

When dealing with various stakeholders which of the following is true regarding an internal auditor's responsibility to remain objective and independent?

Options:

A.

When deciding between conflicting reports of a control's performance from a control operator and the operator's manager the internal auditor should generally believe the manager

B.

Some audit issues may remain unremediated and unreported if management will accept recommendations that the internal auditor deems more important

C.

The internal auditor may initially disagree with management s acceptance of a risk, but reevaluate and agree with management’s judgment after further discussion

D.

When working on business unit audits it is sometimes sufficient for the internal auditor to report deficiencies only to the unit manager when remediation is not complex

Buy Now
Exam Code: IIA-CIA-Part1
Exam Name: Essentials of Internal Auditing
Last Update: Dec 26, 2024
Questions: 721
IIA-CIA-Part1 pdf

IIA-CIA-Part1 PDF

$25.5  $84.99
IIA-CIA-Part1 Engine

IIA-CIA-Part1 Testing Engine

$30  $99.99
IIA-CIA-Part1 PDF + Engine

IIA-CIA-Part1 PDF + Testing Engine

$40.5  $134.99