New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

IIA-CIA-Part2 Practice of Internal Auditing Questions and Answers

Questions 4

An internal auditor e assessing the design of a control and has identified a potential significant weakness. The auditor shared his concern with management however management does not agree that the weakness is significant. What should the internet auditor do next?

Options:

A.

Perform additional audit work to better articulate the risk

B.

Report the finding that management has accepted a level of risk that is unacceptable.

C.

Proceed to testing how effectively the control is opening.

D.

Because the design weakness has been identified no additional audit work is needed

Buy Now
Questions 5

An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?

Options:

A.

Disclose the information in a separate report.

B.

Distribute the information in a confidential report to the board only

C.

Distribute the reports through the use of blind copies.

D.

Exclude the results from the report and verbally report the conditions to senior management and the board.

Buy Now
Questions 6

Which of the following describes the primary objective of an internal audit engagement supervisor?

Options:

A.

Uphold the quality of the internal audit actively

B.

Provide engagement progress updates to management of the area under review

C.

Assure risks and controls are identified and assessed

D.

Ensure timely completion of the engagement

Buy Now
Questions 7

While reviewing the workpapers and draft report from an audit engagement, the chief audit executive (CAE) found that an important compensating control had not been considered adequately by the audit team when it reported a major control weakness. Therefore, the CAE returned the documentation to the auditor in charge for correction. Based on this information, which of the following sections of the workpapers most likely would require changes?

Effect of the control weakness.

Cause of the control weakness.

Conclusion on the control weakness.

Recommendation for the control weakness.

Options:

A.

1, 2, and 3.

B.

1, 2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4.

Buy Now
Questions 8

According to IIA guidance, which of the following statements is true regarding audit workpapers?

Options:

A.

Review notes on audit workpapers must be retained to provide a record of questions raised by the reviewer.

B.

Audit workpaper documentation policies are reviewed and approved by the audit committee.

C.

Management of the department being audited should review the prepared workpapers for accuracy.

D.

Audit workpaper preparation contributes to the professional development of the internal audit staff.

Buy Now
Questions 9

An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.

Which of the following techniques will help the audit team achieve this sampling objective?

Options:

A.

Systematic sampling.

B.

Stratified sampling.

C.

Stop-or-go sampling

D.

Discovery sampling.

Buy Now
Questions 10

The internal audit activity is currently working on several engagements, including a consulting engagement on the management process in the human resources department. Which of the following actions should the chief audit executive take to most efficiently and effectively ensure the quality of the engagement?

Options:

A.

Assign an experienced manager to monitor the whole engagement process.

B.

Employ fieldwork peer review to enhance the work quality.

C.

Require internal auditors to follow a standardized work program.

D.

Personally supervise the engagement.

Buy Now
Questions 11

Which of the following is critical to the success of an effective interview?

Options:

A.

Present audit evidence and information to support the internal auditor’s line of questioning.

B.

Establish credibility, trust, and rapport.

C.

Develop flowcharts and review them with the interviewee.

D.

Observe the process and discuss it with the interviewee.

Buy Now
Questions 12

An internal auditor plans to conduct a walk-through to evaluate the control design of a process. Which of the following techniques is the auditor most likely to use?

Options:

A.

Observation and inspection.

B.

Inquiry and observation.

C.

Inspection and reperformance.

D.

Inquiry and reperformance.

Buy Now
Questions 13

The internal audit activity plans to assess the effectiveness of management's self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

Options:

A.

Review corporate policies and board minutes for examples of risk discussions.

B.

Conduct interviews with line and senior management on current practices.

C.

Research and review relevant industry information concerning key risks.

D.

Observe and test control and monitoring procedures and related reporting.

Buy Now
Questions 14

An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?

Options:

A.

Express an opinion on the participants' inputs and conclusions as the assessment progresses.

B.

Provide appropriate techniques and guidelines on how the exercise should be undertaken.

C.

Evaluate and report on all issues that may be uncovered during the exercise.

D.

Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.

Buy Now
Questions 15

Which of the following statements is true regarding internal controls?

Options:

A.

For assurance engagements internal auditors should plan to assess the effectiveness of all entity-level controls

B.

Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.

C.

During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review to prevent tipping off probable audit lasts

D.

Reviewing process maps and flowcharts is an appropriate method for the internal a auditor to identify all key risks and controls during engagement planning

Buy Now
Questions 16

According to IIA guidance which of the following represents sufficient information?

Options:

A.

Information that is factual adequate and convincing

B.

Information that is best attainable through the use of appropriate engagement techniques

C.

Information that supports engagement objectives and recommendations

D.

Information that helps the organization meet its goals

Buy Now
Questions 17

Options:

A.

Reviewing quality department survey results, which show 96% of employees believe all defective products are removed prior To shipping.

B.

Physically inspecting a sample of completed processing cycles for detective products prior to shipment.

C.

Observing employees while they raped products for defects

D.

Reviewing a quality report provided by management mat snows 13 products were identified and removed during me most recent processing cycle

Buy Now
Questions 18

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a charitable contribution from the organization. Which of the following methods would best help meet this objective?

Options:

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee's final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions.

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities.

Buy Now
Questions 19

An internal auditor suspects that employee turnover is unusually high at the organization's primary manufacturing plant To investigate this potential issue which of the following analytical approaches is the auditor likely to use?

Options:

A.

Ratio analysis

B.

Vertical analysis

C.

Benchmarking

D.

Cost-benefit analysis.

Buy Now
Questions 20

Which of the following sources of audit evidence is most reliable?

Options:

A.

Evidence obtained directly from an untested third party.

B.

Uncorroborated audit evidence obtained indirectly from an employee.

C.

Undocumented audit evidence obtained directly from a manager.

D.

Timely audit evidence obtained directly from a customer.

Buy Now
Questions 21

Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?

Options:

A.

Verify that amounts are correct.

B.

Verify that payments are on time.

C.

Verify that recipients are valid employees.

D.

Verify that benefits deductions are accurate.

Buy Now
Questions 22

Which of the following statements about including consulting engagements in the annual internal audit plan is true?

Options:

A.

All requests for consulting engagements must be included in the annual internal audit plan

B.

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

Buy Now
Questions 23

Internal control questionnaires are used to achieve which of the following objectives?

Options:

A.

To ascertain the operating effectiveness of a procedure

B.

To verify the accuracy of Information in a report

C.

To assess the controls mitigating major risks

D.

To determine whether specified contra procedures are in place

Buy Now
Questions 24

An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person Which of the following risks most appropriately describes this situation?

Options:

A.

Nonsampling risk

B.

Sampling risk

C.

Inherent risk

D.

Due diligence risk

Buy Now
Questions 25

An internal auditor receives a document displaying all the steps of a process and the path taken as transactions flow between each step of the process How is the internal auditor most likely to use This document during the engagement?

Options:

A.

To perform an assessment of the adequacy of process controls.

B.

To perform an assessment of the effectiveness of process controls

C.

To perform a detailed assessment of process risks

D.

To perform an assessment of the sufficiency of residual process risks.

Buy Now
Questions 26

For an action plan to be effective, it should be designed primarily to address which of the following elements of an observation?

Options:

A.

Condition

B.

Root cause

C.

Criteria

D.

Recommendation

Buy Now
Questions 27

An internal auditor is examining the organization's internal control processes. Which of the following would the auditor do to test the reliability of a customer database1?

Options:

A.

Perform a site visit to see whether the organization's servers are operational

B.

Interview end users to determine whether they understand how to use the database information

C.

Determine whether policies are in place on how to use the database information

D.

Review for indications of potential issues with the database information

Buy Now
Questions 28

Which of the following statements is false regarding audit criteria?

Options:

A.

Audit criteria should be consistent across audit assignments.

B.

Audit criteria should represent reasonable standards against which to assess existing conditions.

C.

Audit criteria should provide flexibility but allow identification of nonadherence.

D.

Audit criteria should equate to good or acceptable management practices.

Buy Now
Questions 29

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

Options:

A.

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

B.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

C.

Reassign information systems auditors to assist in implementing management's action plan.

D.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

Buy Now
Questions 30

Which of the following is the primary purpose of financial statement audit engagements?

Options:

A.

To assess the efficiency and effectiveness of the accounting department.

B.

To evaluate organizational and departmental structures, including assessments of process flows related to financial matters.

C.

To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.

D.

To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.

Buy Now
Questions 31

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

Options:

A.

Acts that may endanger the health or safety of individuals.

B.

Acts that favor one party to the detriment of another.

C.

Acts that damage or have an adverse effect on the environment.

D.

Acts that conceal inappropriate activities in the organization.

Buy Now
Questions 32

According to IIA guidance, which of the following is true regarding audit supervision?

1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.

2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.

3. Supervision should include review of engagement workpapers, with documented evidence of the review.

Options:

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 3 only

D.

1, 2, and 3

Buy Now
Questions 33

Which of the following recommendation types is most likely to propose the most long-term solutions?

Options:

A.

Condition-based recommendations

B.

Cause-based recommendations

C.

Effect-based recommendations

D.

Root cause-based recommendations

Buy Now
Questions 34

While performing fieldwork for an assurance engagement, a member of the internal audit team identified a key control that was not identified during the planning phase of the engagement Which of the following actions by the internal auditor would be most appropriate?

Options:

A.

Promptly adjust the audit work program to include tests that address the newly identified control and notify the other audit team members of the change

B.

Proceed with the current audit work program because the engagement scope has already been finalized but plan to address the newly identified control as part of the follow up engagement

C.

Adjust the audit work program to account for the new control, but only with approval from the engagement supervisor

D.

Discuss the control with management of the area under review and seek their approval prior to including the control in the current audit engagement

Buy Now
Questions 35

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

Options:

A.

Inform senior management that the branch manager deeded to cancel the committed action plan without any previous communication

B.

Discuss the issue with the board which has ultimate responsibility to resolve the risk

C.

Have another discussion with the branch manager attempt to change his view, and encourage him to movement the recommendations

D.

Document the branch manager's decision to accept the risk otherwise, no other speak: course of action is required.

Buy Now
Questions 36

The chief audit executive (CAE) is developing a workpaper preparation policy for a new internal audit activity. The CAE wants to ensure that all workpapers relate directly to the engagement objectives. Which of the following statements should be included in the policy specifically to address this concern?

Options:

A.

The workpapers should be understandable.

B.

The workpapers should be relevant.

C.

The workpapers should be economical.

D.

The workpapers should be complete.

Buy Now
Questions 37

Which of the following actions best describes an internal auditor's use of test data to determine whether an organization's new accounts payable system avoids processing questionable invoices for payment?

Options:

A.

Creating an automated tool that monitors the computer program on a daily basis for potential issues that need corrective actions.

B.

Using an automated system that assists internal auditors with automating the risk analysis of the computer program for invoicing

C.

Embedding tools in the computer program to analyze the review processes of invoices for potential issues that may hamper payments

D.

Adding invoices to the computer program to assess the reliability and effectiveness of the review process and whether controls work.

Buy Now
Questions 38

An internal auditor wanted to determine whether the organization's 200 employees are charging their work hours accurately to the correct project. The internal auditor selected a sample of 30 employee time reports for testing. Based on the testing, the internal auditor determined the following:

- 5 Time reports were incorrect.

- 21 Time reports were correct.

- 4 Time reports were not supported.

Options:

A.

The organization has significant flaws in its reporting of employee time, which could lead to the overstatement of project labor costs. The organization's failure to report accurate and complete employee time could lead to potential fraud and abuse.

B.

The organization needs to ensure that all reporting of employee time is accurate and complete for each of its projects By dang so the organization can minimize potential issues related to overstating employee tames and labor project costs.

C.

The organization overstated project costs due to inaccurate and incomplete reporting of employee time charged to the affected accounts As a result the organization cannot ensure at protects costs are accurately reported to stakeholders

D.

The organization generally ensured that employee hours charged to each project were accurate and complete. However, there were instances of employee time reports that were incorrect or not supported to justify the multiple project labor coats

Buy Now
Questions 39

Which of the following would most likely prompt special notification from the chief audit executive to same management?

Options:

A.

Operational management has decried to weigh an audit issue against the organization's risk tolerance

B.

A controls inaccurate operation has materially impacted the accuracy of the poor year's financial statements

C.

Occurrences of asset misappropriation have been identified as a result of an ineffective operational control design

D.

The controls that management performed to confirm compliance with health and safety standards were not systematically documented

Buy Now
Questions 40

What is the best course of action for a chief audit executive if an internal auditor identifies in the early stage of an audit that some employees have inappropriate access to a key system?

Options:

A.

Contact the audit committee chair to discuss the finding

B.

Obtain verbal assurance from management that the inappropriate access will be removed

C.

Issue an interim audit report so that management can implement action plans

D.

Ask the auditor to create a ticket with the IT help desk requesting to revoke the inappropriate access

Buy Now
Questions 41

An internal auditor collected several employee testimonials Which of the following is the best action for the internal auditor to take before drawing a conclusion?

Options:

A.

Ensure the testimonials are well documented

B.

Substantiate the testimonials with physical or documentary evidence

C.

Corroborate testimonials with the results from other soft control techniques

D.

Review the testimonials with the interviewed employees

Buy Now
Questions 42

Which of the blowing is an example of a compliance assurance engagement?

Options:

A.

Proving in-house training to senior management regarding applicable laws and regulations

B.

Proving an assessment of the design adequacy of controls related to consumer privacy and confidentially.

C.

Providing an assessment of customer satisfaction with customer service provided by the organization

D.

Providing testing on the operating effectiveness of controls ever the reliability of financial reporting

Buy Now
Questions 43

Which of the following is the most important determinant of the objectives and scope of assurance engagements?

Options:

A.

The organizational chart, business objectives and policies and procedures of the area to be reviewed.

B.

The most recent risk assessment conducted by management of the area to be reviewed.

C.

The requests of operational and senior management throughout the organization.

D.

The preliminary risk assessment performed by internal auditors planning the engagement

Buy Now
Questions 44

According to HA guidance, which of the following statements regarding audit workpapers is true?

Options:

A.

Audit reports should include the workpapers as a reference for the audit conclusions.

B.

The internal auditor's workpapers are the primary reference for reported control deficiencies.

C.

Ad-hoc communications with management of the area under review should be excluded from the workpapers.

D.

Both draft and final versions of workpapers should be saved at the end of the engagement

Buy Now
Questions 45

Which of the following statements about internal audit's follow-up process is true?

Options:

A.

The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure quality performance.

B.

The actions of external auditors and other external assurance providers is not encompassed by internal audit's follow-up process.

C.

Internal auditors have responsibility for determining if management and the board have implemented the recommended action or otherwise accepted the risk.

D.

The follow-up process must be complete and documented in the working papers in order to conclude the engagement.

Buy Now
Questions 46

Which of the following should be included in a privacy audit engagement?

1. Assess the appropriateness of the information gathered.

2. Review the methods used to collect information.

3. Consider whether the information collected is in compliance with applicable laws.

4. Determine how the information is stored.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Buy Now
Questions 47

Which of the following are advantages of flowcharts over internal control questionnaires''

1 Flowcharts reduce the need to test whether employees are observing internal control processes

2 Flowcharts provide a visual depiction of the processes in the area under review 3. Flowcharts identify and prioritize internal control design weaknesses.

4 Flowcharts highlight the control points to help internal auditors evaluate control design

Options:

A.

1 and 3 only

B.

2 and 4 only.

C.

1.2. and 3 only

D.

2. 3 and 4 only

Buy Now
Questions 48

Which of the following is a true statement regarding the use of flowcharts as an audit tool?

Options:

A.

Flowcharts are typically not well suited to support information provided by a risk and control matrix.

B.

Flowcharts are preferred to narratives, as they can provide much greater detail on the design and operation of a process.

C.

Flowcharts are best applied to linear process flows but cannot address all risks related to the process.

D.

Flowcharts describe process steps but cannot provide the level of detail needed to adequately assess the design of the process.

Buy Now
Questions 49

An internal audit activity plans its engagements based on an organization-wide risk assessment. According to IIA guidance, which of the following statements is true regarding the required frequency of the risk assessment?

Options:

A.

The risk assessment must be performed at least quarterly.

B.

The risk assessment must be performed at least annually.

C.

The risk assessment must be performed at least once every five years, in alignment with the internal audit activity's quality assurance and improvement program.

D.

There is no specific requirement; a risk assessment should be performed as needed to account for changes in the business environment.

Buy Now
Questions 50

According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?

Options:

A.

The review should focus on the efficiency of the controls in place to prevent fraud.

B.

The scope of the review does not need to include all operating areas of the organization.

C.

The cost of the control should be compared to the benefit of mitigating the related risk.

D.

The review should assess whether the internal controls can be circumvented.

Buy Now
Questions 51

Which of the following methodologies consists of the internal auditor holding individual meetings with different people, asking them the same questions, and aggregating the results?

Options:

A.

Facilitated workshops.

B.

Surveys.

C.

Structured interviews.

D.

Elicitation.

Buy Now
Questions 52

Management has taken immediate action to address an observation received during an audit of the organization's manufacturing process Which of the following is true regarding the validity of the observation closure?

Options:

A.

Valid closure requires evidence that ensures the corrected process will function as expected in the future

B.

Valid closure requires the client lo address not only the condition, but also the cause of the condition

C.

Valid closure of an observation ensures it will be included in the final engagement report

D.

Valid closure requires assurance from management that the original problem will not recur in the future

Buy Now
Questions 53

According to IIA guidance, which of the following activities is most likely to enhance stakeholders' perception of the value the internal audit activity (IAA) adds to the organization?

1. The IAA uses computer-assisted audit techniques and IT applications.

2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.

3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.

4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Buy Now
Questions 54

Which of the following has the greatest effect on the efficiency of an audit?

Options:

A.

The complexity of deficiency findings.

B.

The adequacy of preliminary survey information.

C.

The organization and content of workpapers.

D.

The method and amount of supporting detail used for the audit report.

Buy Now
Questions 55

An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?

Options:

A.

Select a sample of invoices for substantive testing

B.

Review the contract for evidence of authorization

C.

Document underlying reasons for noncompliance

D.

Assess the inherent risk of paying duplicate invoices

Buy Now
Questions 56

An internal auditor discovered a control weakness that needs to be communicated to management. Which of the following is the best method for first communicating the weakness?

Options:

A.

Draft report, to be reviewed by management just prior to final report issuance.

B.

Preliminary observation document, discussed during the engagement.

C.

Final report, after review by audit management.

D.

Verbal communication during the engagement, followed by the final report issuance.

Buy Now
Questions 57

The internal audit activity has requested that new vendor information be summarized once per week in a single report, and that all invoices each week for these vendors be automatically flagged in the invoice processing system. Which of the following computerized audit techniques is the internal audit activity most likely applying?

Options:

A.

Enabling continuous auditing.

B.

Employing generalized audit software.

C.

Facilitating electronic workpapers.

D.

Using machine learning.

Buy Now
Questions 58

Which of the following is an appropriate activity when supervising engagements?

Options:

A.

During engagement planning, the audit work program should be discussed between auditors and the engagement supervisor with the supervisor approving the work program.

B.

During fieldwork, scope changes made to the work program are at the auditor's discretion and should be supported adequately in the workpapers.

C.

Engagement supervision is most critical to the fieldwork and reporting phases of the audit, as this is where the majority of the work takes place.

D.

A degree of high supervision to no supervision may be provided to an auditor depending on his level of competence and the complexity of the engagement.

Buy Now
Questions 59

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

Options:

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment.

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms.

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with internal policy.

Buy Now
Questions 60

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

Options:

A.

Recommend additional segregation-of-duty reviews.

B.

Recommend appropriate awareness training for all finance department staff.

C.

Recommend rotating finance staff in this area.

D.

Recommend that management address these concerns immediately.

Buy Now
Questions 61

A chief audit executive (CAE) is trying to balance the internal audit activity's needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?

Options:

A.

Strategic sourcing

B.

Loan staff arrangement

C.

Flat organizational structure

D.

Hierarchical organizational structure

Buy Now
Questions 62

Which phase of an audit engagement is typically the most effective time for an internal auditor to develop a risk and control matrix?

Options:

A.

When preparing to recap audit test results.

B.

At sample selection, to determine sampling methodology.

C.

At the start of fieldwork, as part of developing the annual audit plan.

D.

At planning, to assist in developing the engagement work program.

Buy Now
Questions 63

Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?

Options:

A.

Improper segregation of duties.

B.

Incentives and bonus programs.

C.

An employee's reported concerns.

D.

Lack of an ethics policy.

Buy Now
Questions 64

During the filework phase of an assurance engagement the internal auditor decides that she wants to adjust the audit work program. Which of the following is the most appropriate next step for the auditor to take9

Options:

A.

Request additional information needed from management of the area under review.

B.

Obtain approval from the engagement supervisor

C.

Obtain the required resources, including IT. to complete the work

D.

Discuss the change in scope with management of the area under review.

Buy Now
Questions 65

A healthcare organization's chief audit executive (CAE) noted that the organization's IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization's chief information officer (ClO) does not agree with the audit team's recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?

Options:

A.

Write a risk acceptance memo for the CIO to sign acknowledging the observation and indicating a willingness to accept the risk.

B.

Provide an example of the attestation form that vendors must use. Then, recommend that the IT team require vendors to submit the attestation form on a regular basis.

C.

Escalate the issue to the audit committee, as the CIO is unwilling to implement the recommended action plan.

D.

Escalate the issue to the CAE to assess whether the ClO's reasoning is acceptable.

Buy Now
Questions 66

An internal auditor examined a nostatistical sample of open accounts receivable balances and discovered that 10 out of 60 exceeded the approved unseated credit limit threshold defined by the organization's policy What should the auditor document in the workpapers?

Options:

A.

Credit limit over drafts are not monitored in accordance with the organizations policy

B.

Seventeen percent of customers' open balances in the sample exceed their approved unsecured credit rent

C.

The threshold for credit limits defined by the organization's policy is not adequate

D.

Management should perform monthly monitoring of open customer balances

Buy Now
Questions 67

An internal audit activity is planning its first audit of IT shared services. Which of the following controls would typically be evaluated first?

Options:

A.

Entity-level controls

B.

Application controls

C.

General controls.

D.

Transaction controls

Buy Now
Questions 68

According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?

Options:

A.

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

B.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

C.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

D.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

Buy Now
Questions 69

'Internal policy prohibits employees from entering into contacts with financial obligations without proper approval.

A project manager signed a change to an important service agreement without obtaining the proper approval As a result the organization is receiving $5,000 per month less for its services.’’

Which of the following should be added to the observation?

Options:

A.

The reason for not following the internal policy

B.

A description of what constitutes proper approval

C.

The annual impact of the changed agreement on cash flows

D.

Details regarding when the change to the agreement was signed

Buy Now
Questions 70

An internal auditor conducted interviews with several employees, documented the interviews analyzed the summaries, and drew a number of conclusions. What sort of audit evidence has the internal auditor primarily obtained?

Options:

A.

Documentary evidence

B.

Testimonial evidence

C.

Analytical evidence

D.

Physical evidence

Buy Now
Questions 71

According to HA guidance on IT, which of the following actions would be performed as part of the "Define IT Universe" stage of the IT audit plan development process?

Options:

A.

Identify significant applications that support the business operations

B.

Assess risk and rank subjects using business risk factors

C.

Identify how the organization structures its business operations

D.

Select audit subjects and bundle into distinct audit engagements

Buy Now
Questions 72

Which of the following statements is true regarding engagement planning?

Options:

A.

The scope of the engagement should be planned according to the internal audit activity’s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational management's view of risk objectives.

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence.

Buy Now
Questions 73

According to IIA guidance which of the following statements is true regarding the annual audit plan?

Options:

A.

The annual audit plan should only be adjusted in response to problems with resourcing, scope, and data availability.

B.

The chief audit executive (CAE) may incorporate risk information, including risk appetite levels from management for the audit plan at her discretion.

C.

In an immature risk management environment it is preferable for the CAE to rely solely on her judgment regarding risk identification and assessment to develop the audit plan.

D.

The CAE may make adjustments to the annual audit plan as needed without senior management or board approval.

Buy Now
Questions 74

New environmental regulations require the board to certify that the organization's reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization's compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?

Options:

A.

The audit committee of the board.

B.

The environmental, health, and safety manager.

C.

The organization's external environmental lawyers.

D.

The organization's insurance department.

Buy Now
Questions 75

An internal audit team was conducting an assurance engagement to review segregation of duties in the purchasing function. The internal auditors reviewed a sample of purchase orders from the past two year and discovered that 2 percent were signed by employees who were operating in a designated acting capacity due to employee absence. According to IIA guidance, which of the following attributes of information would most likely assist the auditor in deciding whether to report this finding?

Options:

A.

Sufficiency

B.

Reliability

C.

Relevance

D.

Usefulness

Buy Now
Questions 76

The chief audit executive (CAE) determined that the internal audit activity lacks the resources needed to complete the internal audit plan Which of the following would be the most appropriate action tor the CAE to take?

Options:

A.

Use guest auditors from within the organization, and leverage their experience by assigning them to lead engagements m areas where they previously worked

B.

Outsource some of the audits to the organization s external auditor who is already familiar with the organization

C.

Invite nonauditors to join the internal audit activity for a two-year rotational position, and assign them to join audit teams that are reviewing areas where they have no previous management responsibility

D.

Recruit recent college graduates and employ them as audit interns with an aim to offer permanent employment

Buy Now
Questions 77

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

Options:

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Buy Now
Questions 78

When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?

1. The competency and qualifications of the audit staff for specific assignments.

2. The effectiveness of IAA staff performance measures.

3. The number of training hours received by staff auditors compared to the budget.

4. The geographical dispersion of audit staff across the organization.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Buy Now
Questions 79

Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?

Options:

A.

To gain access to a wider variety of skills, competencies and best practices.

B.

To complement existing expertise with a required skill and competency for a particular audit engagement.

C.

To focus on and strengthen core audit competencies.

D.

To provide the organization with appropriate contingency planning for the internal audit function.

Buy Now
Questions 80

The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management's corrective actions Doing so would help the CAE assess which of the following?

Options:

A.

Disclosure risk.

B.

Residual risk

C.

Compliance risk

D.

Inherent risk

Buy Now
Questions 81

The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable. When should this be communicated to senior management?

Options:

A.

When the CAE reports the audit outcome to senior management.

B.

When the residual risk is identified before the engagement is complete.

C.

Immediately, as residual risk should be communicated as soon as possible

D.

When management of the area under review has resolved and mitigated the residual risk

Buy Now
Questions 82

Which of the following statements is true regarding internal control questionnaires?

Options:

A.

Internal control questionnaires are useful m evaluating the effectiveness of standard operating procedures

B.

internal control questionnaires provide reliable documents allowing internal auditors to cover many control procedures in little time

C.

Internal control questionnaires can be used by internal auditors as an interview guide

D.

Internal control questionnaires provide direct audit evidence which may need corroboration

Buy Now
Questions 83

According to HA guidance, which of the following is the Key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?

Options:

A.

Review the organizational structure, management roles and responsibilities and operating procedures

B.

Evaluate management's risk assessment and the internal audit activity's risk assessment

C.

Assess process How and control documents used to meet regulatory requirements

D.

Review meeting notes from discussions involving management of the area to be reviewed.

Buy Now
Questions 84

An internal auditor was reviewing the procurement department's tender documentation for completeness He documented all discrepancies but the procurement manager disagreed with his findings Upon further review, the internal auditor noted that all discrepancies had been corrected in the tender database. Which of the following courses of action would have prevented this situation?

Options:

A.

The auditor should have ensured the preservation of audit evidence by taking screenshots or extracting tender documents

B.

The auditor should have extracted a list of logs and identified any actions that were executed in the database during the audit

C.

The auditor should have instructed procurement workers that changes to the database during the course of the audit were strictly forbidden

D.

The internal auditor should have created a more thorough work program, which would address audit criteria and potential causes in more detail

Buy Now
Questions 85

An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?

Options:

A.

Verify that approvals of purchasing documents comply with the authority matrix.

B.

Observe whether the purchase orders are sequentially numbered.

C.

Examine whether the sales department supervisor approves invoices for payment.

D.

Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

Buy Now
Questions 86

The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?

1. Use an external service provider.

2. Conduct a self-assessment with independent validation.

3. Arrange for a review by qualified employees outside of the IAA.

4. Arrange for reciprocal peer review with another CAE.

Options:

A.

1 and 2

B.

2 and 4

C.

1, 2, and 3

D.

2, 3, and 4

Buy Now
Questions 87

As part of the preliminary survey, an internal auditor sent an internal control questionnaire to the accounts payable function Based on the questionnaire responses, the auditor determines that there is no established procedure for adding and approving new vendors. What would the auditor do next?

Options:

A.

Determine that this situation is acceptable and focus on more significant issues

B.

Document the issue m the draft audit report

C.

Document the observation for further follow up when testing the operating effectiveness of controls

D.

Interview the personnel associated with this observation.

Buy Now
Questions 88

Which of The following best describes a risk that is deemed "unacceptable" to the organization?

Options:

A.

A risk where likelihood and impact are high

B.

A risk where inherent risk exceeds its residual risk

C.

A risk where inherent risk exceeds the tolerance level

D.

A risk where residual risk exceeds the tolerance level

Buy Now
Questions 89

Which of the following should be described in the recognition element of a typical internal audit repot?

Options:

A.

Positive aspects of the process or area under review

B.

A brief synopsis of the process of area under review

C.

Outcomes and ratings of the process or area under review

D.

Report issuance and the communication process of the engagement.

Buy Now
Questions 90

Which of the following should be the focus of the effect section of the preliminary observations document?

Options:

A.

Residual risk

B.

Inherent risk

C.

Compensating controls

D.

Control activities

Buy Now
Questions 91

Which of the following statement is consistent with IIA guidance the use of mentoring for internal auditors?

Options:

A.

The member and the internal auditor should opt for informal meetings even if it means that no formal documentation will be created.

B.

The mentor relationship is usually not suitable for internal audit staff, as it does not leas to professional development.

C.

The value of mentoring is derived primarily from the personal relationship between the two parties involved, and the mentor’s level of relevant experience should not be a key factor.

D.

The mentor should be the internal auditor’s supervisor to ensure that the auditor performance is assessed in a relevant and meaningful context.

Buy Now
Questions 92

The chief audit executive of an international organization is planning an audit of the treasury function located at the organization's headquarters. The current internal audit team at headquarters lacks expertise in the area of financial markets which is needed tor the engagement When of the following would be the most approbate solution considering the time constraint?

Options:

A.

Outsource the engagement 10 tie organization's external auditor who has expertise in the area of financial markets

B.

Hire additional internal auditors who have expertise in the area of financial markets.

C.

Invite a guest auditor from one of the organization's affiliates who has expertise m the area of financial markets.

D.

Limit the scope of the engagement to the knowledge and skills possessed by the internal audit team.

Buy Now
Questions 93

Which statistical sampling approach would an internal auditor typically utilize if she wishes to test for fraud and the expected deviation rate is very low?

Options:

A.

Stratified sampling

B.

Attribute sampling

C.

Discovery sampling

D.

Haphazard sampling

Buy Now
Questions 94

An internal auditor completed a test of 30 randomly selected accounts. For five of the accounts selected, the auditor was unable to find supporting documentation in the normal place of storage. Which of the following next steps would be most appropriate for the internal auditor to take?

Options:

A.

Conclude that the test failed because at least 17 percent of the sample items were not supported.

B.

Select five new accounts to replace the ones that were missing supporting documentation.

C.

Expand the sample size to 60 to determine whether the error rate remains the same.

D.

Contact management to determine whether the supporting documentation can be located elsewhere.

Buy Now
Questions 95

According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?

Options:

A.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Buy Now
Questions 96

An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization's health and safety program?

Options:

A.

The CAE has no role to play, because the chief health and safety officer reports to a senior executive.

B.

The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.

C.

The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.

D.

The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.

Buy Now
Questions 97

Which of the following audit steps would an internal auditor perform when reviewing cash disbursements to satisfy IIA guidance on due professional care?

Options:

A.

The calculated statistical sample size is 50 however the internal auditor believes errors exist so he decides to increase the sample size to 80

B.

The internal auditor traces serial numbers of computer equipment listed on an invoice to the fixed asset inventory

C.

The internal auditor reviews the accounts payable manager's petty cash fund and vouchers

D.

The internal auditor reviews the related invoice purchase order and receiving report for each sample selection

Buy Now
Questions 98

An internal auditor has been asked to join a project team to help design controls in a software application to address specific risks that have been identified by the team Which of the following actions is most appropriate for the internal auditor to perform?

Options:

A.

Facilitate a control assessment to ensure all application risks were appropriately identified

B.

Advise the project team on how to develop effective controls

C.

Direct the project team to implement the appropriate controls within the software application

D.

Provide assurance that the design of the controls will mitigate the identified application risks

Buy Now
Questions 99

Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?

Options:

A.

Decline the audit engagement, because the Standards prohibit internal auditors from performing engagements where they lack the necessary competencies.

B.

Accept the audit engagement and use the engagement as an opportunity to develop the audit team's IT expertise while performing the audit work.

C.

Temporarily hire an experienced and knowledgeable IT analyst from the organization's IT department to lead the audit.

D.

Outsource the audit engagement to a reputable IT audit consulting firm.

Buy Now
Questions 100

According to IIA guidance,which of the following is true about the supervising internal auditor's review notes?

• They are discussed with management prior to finalizing the audit.

• They may be discarded after working papers are amended as appropriate.

• They are created by the auditor to support her fieldwork in case of questions.

• They are not required to support observations issued in the audit report.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Buy Now
Questions 101

When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

Options:

A.

Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.

B.

Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.

C.

Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.

D.

Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Buy Now
Questions 102

Which of the following is the primary reason an internal auditor would issue an interim report during an engagement?

Options:

A.

To provide a status update on a short engagement to management of the area under review and to the audit supervisor.

B.

To confirm agreement with preliminary observations and conclusions identified during the engagement.

C.

To provide those responsible for the area under review with the opportunity to act on certain observations immediately.

D.

To verify that the corrective actions required by senior management are completed as agreed.

Buy Now
Questions 103

During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?

Options:

A.

The observation was made during the same audit, and the action plan has a common owner.

B.

The observation relates to the same control activity within a common process.

C.

The observation has a common control, and it was noted in a prior audit.

D.

The observation has a common process, and the action plan for the observation has a common owner.

Buy Now
Questions 104

An internal auditor wants to identity potential ghost employees in the organization's payroll system The auditor extracts the following data

- Human resources data with employees' names addresses employment conditions and identification codes

- Payroll data

- Logs from entrance systems

With this data, which of the following types of ghost employees will the auditor be able to identify?

Options:

A.

Employees who are being paid more than then approved wages

B.

Employees who get paid although their employment has expired

C.

Employees who are related to one of the subcontractors

D.

Employees who are physically present at the workplace but who do not perform the specified job duties

Buy Now
Questions 105

An internal auditor used a risk and control matrix to prepare a work program for testing a software release. During the engagement planning stage, he tested the design of

the release procedure as a key control and concluded that the control was not designed well. During the performance stage, he tested the operation of this control and

concluded that it was implemented as designed. Which of the following statements is true regarding this scenario?

Options:

A.

The test of the control design should have occurred at the performance stage.

B.

The test of the operating effectiveness of the control was not necessary.

C.

A risk and control matrix is not appropriate for this type of engagement.

D.

The test of the operating effectiveness of the control should have occurred at the planning stage.

Buy Now
Questions 106

The chief audit executive was asked to define me internal audit activity s key performance indicators (KPIs) tor the upcoming year. The KPIs must measure efficiency and effectiveness. Which of the following is an example of a KPI that measures effectiveness?

Options:

A.

Internal audit reports are consistently submitted prior to the audit report deadline

B.

Post engagement surveys completed by management indicate a "meets or exceeds expectations" idling

C.

There is a significant reduction of travel costs per project over the next fiscal year

D.

Internal auditors identify a minimum number of issues and provide recommendations to address them for each audit

Buy Now
Questions 107

An internal auditor completed a consulting engagement covering a recent advertising campaign. The audit client asked the auditor to forward a copy of the report to one of the three advertising agencies used by the organization. According to IIA guidance, which of the following statements is true regarding this request?

Options:

A.

The internal auditor may communicate the results to the advertising agency as instructed by the audit client, with approval from the chief audit executive.

B.

The internal auditor may not communicate the results to this external party regardless of the engagement client's instruction.

C.

The internal auditor may send the report and is required to include instructions for the advertising agency to limit further distribution and the use of results.

D.

The internal auditor may only communicate the results verbally to the advertising agency and should not provide a hard copy.

Buy Now
Questions 108

An internal auditor has discovered that duplicate payments were made to one vendor. Management has recouped the duplicate payments as a corrective action. Which of the following describes management’s action in this case?

Options:

A.

A condition-based action plan.

B.

A cause-based action plan.

C.

A root cause-based action plan.

D.

An effect-based action plan.

Buy Now
Questions 109

Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?

Options:

A.

Comparing the current ratio of the subsidiary with the current ratio of another company for the same period

B.

Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods

C.

Comparing the sales of the subsidiary with the sales of another subsidiary for the last two periods.

D.

Comparing the sales of the subsidiary with the budgeted figures for the last two periods

Buy Now
Questions 110

During a review of data privacy an internal auditor is tasked with testing management's identification and prioritization of critical data collected by the organization. Which of the following steps would accomplish this objective?

Options:

A.

interview management to determine what types of data are collected and maintained

B.

Trace data from storage to the collection sources to determine how critical data is collected and organized

C.

Review a sample of data to determine whether the risk classification is reasonable

D.

Document and test a data inventory and classification program by determining the data classification levels and framework

Buy Now
Questions 111

Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?

Options:

A.

Proposing fine item recommendation lot the annual financial budget of the accounting department

B.

Making recommendations regarding financial approval authority limits for the operations department

C.

Validating whether employees are following established policies and procedures in the procurement department

D.

Generating expense report metrics for employees in the finance department

Buy Now
Questions 112

The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?

Options:

A.

Refuse to accept the consulting engagement because it would be a violation of independence.

B.

Collaborate with the external auditor to ensure the most efficient use of resources.

C.

Accept the engagement but hire an external training specialist to provide the necessary expertise.

D.

Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.

Buy Now
Questions 113

According to HA guidance, the chief audit executive is directly responsible for which of the following?

Options:

A.

Maintaining a quality assurance program even in the absence of management support

B.

Periodically reviewing and approving the internal audit charier

C.

Providing opportunities for all staff auditors to satisfy their professional development requirements

D.

Establishing the objectives scope and plan for each engagement

Buy Now
Questions 114

According to IIA guidance, which of the following reflects a valid principle for the internal audit activity to rely on the work of internal or external assurance providers?

Options:

A.

Elements of evaluation

B.

Elements of organization

C.

Elements of practice

D.

Elements of confidentiality

Buy Now
Questions 115

Considering the five-attribute approach to documenting deficiencies in an area under review which of the following answers the question. "What should be in place?’’

Options:

A.

Action plan

B.

Recommendation

C.

Condition

D.

Criteria

Buy Now
Questions 116

The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?

Options:

A.

The CAE is required to review, approve, and sign every engagement report.

B.

The CAE is required to review, approve, and sign all regulatory compliance engagement reports only

C.

The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.

D.

The internal audit charter must identify authorized signers of engagement reports.

Buy Now
Questions 117

Which of the following statements concerning workpapers is the most accurate?

Options:

A.

The organization and the format of workpapers is the same for all engagements

B.

The extent of what is included in workpapers is a matter of professional judgment

C.

Workpapers should be complete so that every conceivable question that can be raised should be answered

D.

Copies of operational managements records should not be included, but referenced so that they can be located

Buy Now
Questions 118

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Buy Now
Questions 119

The following is a list of major findings in the executive summary report for an audit of the contract management process

- Noncompliance with contract provisions requiring vendors to obtain insurance policies with indemnity value of not less than $1 million

- Compliance with contract obligations and deliverables is not monitored

- No contract agreement with five vendors providing core services

Which of the following is an appropriate conclusion that can be drawn from these findings?

Options:

A.

These are weaknesses resulting from a lack of a documented contracting policy

B.

Substandard service delivery by vendors may not be detected

C.

Management should expedite actions to rectify the observations identified

D.

The internal controls guiding contract management are not operating effectively

Buy Now
Questions 120

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

Options:

A.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

B.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

C.

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

D.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Buy Now
Questions 121

In which of the following populations would the internal auditor most likely choose to use a stratified sampling approach?

Options:

A.

Inventory comprised of the same items stored in different warehouses

B.

Batches of materials that must be confirmed as meeting quality standards

C.

Revenue that is earned by an organization through cash receipts or as receivable.

D.

Tax reports submitted to meet the requirements of the local taxation authority

Buy Now
Questions 122

When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?

Options:

A.

Intern accounting management via an interim memorandum update

B.

Note the item in the workpapers for inclusion in the final audit report

C.

Call a meeting and discuss me issue with the audit committee

D.

Alert the CEO as soon as the issue is discovered

Buy Now
Questions 123

If there is a significant error or omission in the final audit report that was communicated to management, which of the following is the key action for the internal audit activity?

Options:

A.

Communicate the corrected information to the manager of the audited department.

B.

There should be a follow-up audit to address the error or omission.

C.

The auditor should update the scope of the audit to include the omission.

D.

The corrected communication should be redistributed to the original recipients.

Buy Now
Questions 124

According to IIA guidance, organizations have the most influence on which element of fraud?

Options:

A.

Opportunity.

B.

Rationalization.

C.

Pressure.

D.

Incentives.

Buy Now
Questions 125

The audit committee has asked the chief audit executive (CAE) to conduct an ad hoc forensic investigation of the purchasing department within a month due to the significance and urgency of a recently discovered risk The internal audit activity currently has no available staff with relevant experience or qualifications Which of the following is the CAE's best option for fulfilling the internal audit activity's responsibilities in this case?

Options:

A.

Outsource the investigation to independent professional consultants

B.

Select certain internal auditors and remove them from their current assignments so that they can begin a forensic investigation course

C.

Recruit additional internal auditors possessing relevant qualification and experience

D.

Decline the engagement at this time

Buy Now
Questions 126

Which of the following is one of the five basic tnanoal statement assertions when an internal auditor evaluates controls over financial reporting?

Options:

A.

Reliability or appropriateness

B.

Reasonableness

C.

Existence or occurrence

D.

Relevance

Buy Now
Questions 127

A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?

1. Graded positive opinion.

2. Negative assurance opinion.

3. Limited assurance opinion.

4. Third-party opinion.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Buy Now
Questions 128

According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

Options:

A.

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B.

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

C.

The exit conference provides only anticipated results for inclusion in the final audit communication.

D.

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

Buy Now
Questions 129

Which of the following best exemplifies having effective risk management and internal control processes?

Options:

A.

Relevant risk indicators and mitigation plans are in place

B.

All risks are identified and assessed

C.

Business profitability is likely to be achieved

D.

Risk information is communicated to customers and suppliers

Buy Now
Questions 130

Below is a flowchart detailing an organization's bank reconciliation process. Which of the following conclusions can be drawn from the flowchart?

Options:

A.

There is a conflict in the segregation of duties between preparing bank reconciliations and posting payments to the accounting books.

B.

There is an appropriate segregation of duties in the treasury department during the bank reconciliation process.

C.

There is a large workload for the treasury accountant during the bank reconciliation process.

D.

Bank statements should be obtained at a higher level, such as through the treasury supervisor.

Buy Now
Questions 131

A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan''

Options:

A.

Present the revised audit plan directly to the board for approval.

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO tor approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CEO and present the revised audit plan to the board for approval.

Buy Now
Questions 132

Which of the following is the primary reason for internal auditors to conduct interim communications with management of the area under review?

Options:

A.

To demonstrate good project oversight

B.

To provide timely discussion of results

C.

To demonstrate internal auditor proficiency

D.

To follow up on previously requested information

Buy Now
Questions 133

Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?

Options:

A.

End the consulting engagement and report the results to management as planned

B.

Report the significant control issues to senior management and the board and recommend corrective action

C.

Mutually agree with the engagement client on corrective actions

D.

Focus on the consulting engagement and schedule an assurance engagement next to address the control issues

Buy Now
Questions 134

The engagement supervisor would like lo change the audit program's scope poor to beginning fieldwork According to IIA guidance before any change is implemented what is the most important action that should be undertaken?

Options:

A.

Document in the engagement workpapers the rationale for changing the scope.

B.

Confirm that the scope change would align to the organization's objectives and goals

C.

Confirm that the internal audit activity continues to have the necessary knowledge and skills

D.

Seek approval from the chief audit executive for the proposed scope change

Buy Now
Questions 135

Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?

Options:

A.

The amount of experience the auditors have conducting audits in the specific area of the organization.

B.

The availability of the auditors in relation to the availability of key client staff.

C.

Whether the budgeted hours are sufficient to complete the audit within the current scope.

D.

Whether outside resources will be needed, and their availability.

Buy Now
Questions 136

Which of the following attribute sampling methods would be most appropriate to use to measure the total misstatement posted to an accounts payable ledger?

Options:

A.

Stop-or-go sampling

B.

Probability to proportional size sampling

C.

Classical variable sampling

D.

Discovery sampling

Buy Now
Questions 137

When estimating the impact of an inherent risk, which of the following should internal auditors consider?

Options:

A.

The probability and frequency of occurrence

B.

Financial and nonfinancial factors related to the risk

C.

The number of risks identified on the heat map

D.

The residual risk following implementation of appropriate controls

Buy Now
Questions 138

A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks. When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

Options:

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CCO and present the revised audit plan to the board for approval

Buy Now
Questions 139

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

Options:

A.

Increased access to the organization’s employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization's key business processes.

D.

Increased access to the organization’s software and proprietary data.

Buy Now
Questions 140

After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the

organization. What is the most appropriate first step for the CAE to take?

Options:

A.

Discuss the issue with senior management.

B.

Discuss the issue only with the CEO.

C.

Inform the board.

D.

Discuss the issue with the members of management responsible for the risk area.

Buy Now
Questions 141

The audit manager asked the internal auditor to perform additional testing because several irregularities were found in the financial information. Which of the following would be the most appropriate analytical review for the auditor to perform?

Options:

A.

Compare the firm's financial performance with organizations in the same industry

B.

Interview all managers involved in preparing the financial statements

C.

Perform a bank reconciliation to confirm the cash balance in the financial statements.

D.

Trace each financial transaction to the original supporting document

Buy Now
Questions 142

An internal auditor is conducting a preliminary survey of the investments area, and sends an internal control questionnaire to the management of the function. (An extract of the survey is provided below).

1. Are there any restrictions for any company's investments?

2. Are there any written policies and procedures that document the flow of investment processing?

3. Are investment purchases recorded in the general ledger on the date traded?

4. Is the documentation easily accessible to an persons who need in to perform their job?

Which of the following is a drawback of testing methods like this?

Options:

A.

They ore kitted as they do not allow the auditor to test many controls.

B.

They do not highlight control gaps

C.

They are not useful for identifying areas on which the auditor should locus.

D.

They are limited as there is a risk that management may not answer fairly.

Buy Now
Questions 143

Which of the following is an example of a properly supervised engagement?

Options:

A.

Auditors are asked to keep a daily record of their activity for review by the auditor in charge following the engagement.

B.

The senior internal auditor requires each auditor to review and initial colleagues' workpapers for completeness and format.

C.

A new internal auditor is accompanied by an experienced auditor during a highly sensitive fraud investigation.

D.

The auditor in charge provides reasonable assurance that engagement objectives were met.

Buy Now
Questions 144

Upon the completion of an audit engagement an audit manager performs a review of a staff auditor's workpapers. Which of the following actions by the manager is the most appropriate this review''

Options:

A.

Communicate the workpaper review results to management of fie area under review to validate the final report

B.

Update the final report in the file with any necessary corrections based on the workpaper review.

C.

Discuss the workpaper review results with the staff auditor where appropriate as a leaning opportunity

D.

Add the manager's review notes to the final documentation following the review

Buy Now
Exam Code: IIA-CIA-Part2
Exam Name: Practice of Internal Auditing
Last Update: Dec 26, 2024
Questions: 482
IIA-CIA-Part2 pdf

IIA-CIA-Part2 PDF

$25.5  $84.99
IIA-CIA-Part2 Engine

IIA-CIA-Part2 Testing Engine

$30  $99.99
IIA-CIA-Part2 PDF + Engine

IIA-CIA-Part2 PDF + Testing Engine

$40.5  $134.99