According to IIA guidance, which of the following roles would be appropriate for an internal auditor regarding fraud risk?
1. Identification.
2. Mitigation.
3. Remediation.
4. Reduction.
Which of the following are typical responsibilities for operational management within a risk management program?
1. Implementing corrective actions to address process deficiencies.
2. Identifying shifts in the organization's risk management environment.
3. Providing guidance and training on risk management processes.
4. Assessing the impact of mitigation strategies and activities.
A government agency maintains a system of internal control, according to the COSO model, and has made a change to its employee performance reviews and rewards program. This change relates to which of the following components of COSO's internal control framework?
Which of the following standards would be most useful in evaluating the performance of a customer-service group?
A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.
Which of the following controls is correctly classified?
1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.
2. Defensive driver training is an example of a directive control.
3. The installation of tracking devices in delivery vehicles is an example of a corrective control.
4. Providing a vehicle driver handbook is an example of a detective control.
Which of the following steps should an internal auditor take during an audit of an organization's business continuity plans?
1. Evaluate the business continuity plans for adequacy and currency.
2. Prepare a business impact analysis regarding the loss of critical business.
3. Identify key personnel who will be required to implement the plans.
4. Identify and prioritize the resources required to support critical business processes.
Which of the following is a primary driver behind the creation and prioritization of new strategic initiatives established by an organization?
Organizational activities that complement each other and create a competitive advantage are called a:
A capital investment project will have a higher net present value, everything else being equal, if it has:
Which of the following factors would reduce dissatisfaction for a management trainee but would not particularly motivate the trainee?
An internal auditor is investigating a potential fraudulent activity. What is the first test the auditor should perform on the transaction data under scrutiny?
According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?
1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.
2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.
3. Provide structured learning opportunities for engagement auditors when possible.
4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.
The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?
Which of the following statements is most accurate with respect to various forms, elements, and characteristics of business contracts?
An organization uses a database management system (DBMS) as a repository for data. The DBMS, in turn, supports a number of end-user developed applications which were created using fourth-generation programming languages. Some of the applications update the database. Which of the following is the most important control related to the integrity of the data in the database?
According to the HA Code of Ethics, which of the following statements best describes the principle of competency?
Which of the following scenarios best illustrates the principle of due professional care?
Which of the following statements is true regarding assurance services provided to clients outside of the organization?
An internal auditor in a small broadcasting organization was assigned to review the revenue collection process. The auditor discovered that some checks from three customers were never recorded in the organization's financial records. Which of the following documents would be the least useful for the auditor to verify the finding?
An internal auditor completed an audit of a bank's loan department and found all significant risks to be managed adequately through effective internal controls. Which of the following would be an appropriate conclusion to report to management?
Which of the following statements is true regarding outsourced business processes?
Which of the following does not provide operational assurance that a computer system is operating properly?
An organization produces two products, X and Y. The materials used for the production of both products are limited to 500 kilograms (kg) per month. All other resources are unlimited and their costs are fixed. Individual product details are as follows:
Product X
Product Y
Selling price per unit
$10
$13
Materials per unit (at $1/kg)
2 kg
6 kg
Monthly demand
100 units
120 units
In order to maximize profit, how much of product Y should the organization produce each month?
Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?
When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?
1. Add value.
2. Improve operations.
3. Provide assurance that the internal audit activity conforms with the Standards.
4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.
Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?
1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.
2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.
3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.
4. Communicate to senior management a summary report on the status and adequacy of audit resources.
A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annua snowfall for the coming winter. Which of the following best describes this type of risk?
Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?
Which of the following statements is true regarding the roles and responsibilities associated with a corporate social responsibility (CSR) program?
An internal auditor discovered that several unauthorized modifications were made to the production version of an organization's accounting application. Which of the following best describes this deficiency?
Capacity overbuilding is most likely to occur when management is focused on which of the following?
Which of the following actions is most likely to gain support for process change?
Which of the following statements accurately describes one of the characteristics that distinguishes a multinational company from a domestic company?
In an analysis of alternative credit-management policies, which of the following components will cause the net present value of receivables on credit sales to increase, if everything else remains constant?
Which of the following COSO internal control framework components encompasses establishing structures, reporting lines, authorities, and responsibilities?
Which of the following is the primary benefit of including end users in the system development process?
Which of the following network types should an organization choose if it wants to allow access only to its own personnel?
Which of the following would best prevent unauthorized external changes to an organization's data?
A headquarters-based internal auditor has been sent to a major overseas subsidiary to conduct various engagements. Initially, the internal auditor spends time to become familiar with local customs and organization's practices while embarking on the first engagement. Which of the following competencies does the internal auditor exercise?
Which of the following control methods is effective in reducing the risk of purchasing-scheme fraud?
1. Periodically reviewing the vendor list for unusual vendors and addresses.
2. Segregating duties for amount purchasing, receiving, shipping, and accounting.
3. Validating sequential integrity of purchase orders.
4. Verifying the validity of invoices with post office box addresses.
Which of the following would be considered a violation of The IIA's mandatory guidance on independence?
An internal auditor who is carrying out an engagement to review controls related to corporate tax reporting must possess which of the following competencies?
1. Proficiency in analyzing key IT risks and controls.
2. The ability to recognize significant deviations from good business practices.
3. Knowledge of key indicators of fraud in tax reporting.
4. The ability to recognize the existence of problems related to tax accounting.
According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor's need for objectivity?
According to IIA guidance, which of the following statements is true when an internal auditor performs consulting services that improve an organization's operations?
When developing the organization's first risk universe, which of the following would the chief audit executive be least likely to consider?
Which of the following is the primary engagement responsibility of an entry-level internal auditor?
A furniture manufacturer has installed a new fire sprinkler system at its central warehouse and canceled the existing fire insurance policy on that property. What change of risk response strategy does this course of action most likely reflect?
A chief audit executive (CAE) is selecting an internal audit team to perform an audit engagement that requires a high level of knowledge in the areas of finance, investment portfolio management, and taxation. If neither the CAE nor the existing internal audit staff possess the required knowledge, which of the following actions should the CAE take?
An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. Which of the following is an example of risk reduction?
According to IIA guidance, which of the following should be included in the internal audit charter?
An internal auditor is performing analytical reviews as part of an audit of a supermarket's merchandising department. Because the economy has declined since midyear, the auditor can expect to encounter which of the following?
A chief audit executive (CAE) reports functionally to the CEO and administratively to the chief financial officer, both of whom serve on the company's board of directors. According to IIA guidance, which of the following would offer the greatest protection for the independence of the internal audit activity?
Which of the following controls could an internal auditor reasonably conclude is effective by observing the physical controls of a large server room?
A new internal audit activity is creating its first charter. According to IIA guidance, which of the following objectives would be appropriate for inclusion in the charter?
The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?
Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?
Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?
Which of the following situations would justify the removal of a finding from the final audit report?
Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.
A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?
For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?
An organization's internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?
1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.
2. The AIC should notify HR management before the planning stage begins.
3. The AIC should schedule formal status meetings with HR management at the start of the engagement.
4. The AIC should finalize the scope of the engagement before communicating with HR management.
An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?
The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?
According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?
An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement.
3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.
A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?
An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
Which of the following factors should a chief audit executive consider when determining the audit universe?
1. Components of the organization's strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.
The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?
• The annual audit plan should include audits that are consistent with the skills of the IAA.
• Audits of high-risk areas of the organization should be conducted by internal audit staff.
• External resources may be hired to provide subject-matter expertise but should be supervised.
• Auditors should develop their skills by being assigned to complex audits for learning opportunities.
An internal control questionnaire would be most appropriate in which of the following situations?
Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?
Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?
When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?
An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?
According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?
According to IIA guidance, which of the following is true regarding audit supervision?
1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.
2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.
3. Supervision should include review of engagement workpapers, with documented evidence of the review.