Which of the following statements is true regarding internal control questionnaires?
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?
1. Graded positive opinion.
2. Negative assurance opinion.
3. Limited assurance opinion.
4. Third-party opinion.
The chief audit executive was asked to define me internal audit activity s key performance indicators (KPIs) tor the upcoming year. The KPIs must measure efficiency and effectiveness. Which of the following is an example of a KPI that measures effectiveness?
A bank uses customer departmentalization to categorize its departments. Which of the following groups best exemplifies this method of categorization?
An internal auditor wants to identity potential ghost employees in the organization's payroll system The auditor extracts the following data
- Human resources data with employees' names addresses employment conditions and identification codes
- Payroll data
- Logs from entrance systems
With this data, which of the following types of ghost employees will the auditor be able to identify?
An organization obtains maintenance personnel from a third-party service provider. The third-party service provider submits monthly timetables of contracted maintenance personnel and bills the organization on an hourly basis. Which of the following will most likely help an internal auditor validate the number of hours billed by the third-party service provider?
According to the Standards, which of the following is true regarding the auditor's inclusion of management's satisfactory performance in the final audit report?
According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?
According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?
Which of the following is an advantage of nonstatistical sampling over statistical sampling?
Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?
Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?
An organization's healthcare insurance costs have been rising approximately 10 percent per year for several years. Which of the following analytical review procedures would best evaluate the reasonableness of the increase in healthcare costs?
The audit engagement objective is to identify vendors who might be involved in money laundering processes or tax evasion schemes. How would the internal auditor use data analytics to fulfill this objective?
How should an internal auditor approach preparing a detailed risk assessment during engagement planning?
While conducting a review of the logistics department the internal audit team identified a crucial control weakness. The chief audit executive (CAE) decided to prepare an audit memorandum for management of the logistics department followed by an informal meeting What is the most likely reason the CAE decided to prepare the audit memorandum?
An internal auditor is asked to review a recently completed renovation to a retail outlet. Which of the following would provide the most reliable evidence that the completed work conformed to the plan?
An engagement work program o of greatest value to audit management when which of the following is true?
An internal auditor is analyzing sates records and is concerned whether a transaction is recorded in the coned period. The accounting manager explains that the external auditor approved the records and produces an email from the external audit team leader. How should tie internal auditor respond?
The objective of an internal audit engagement is to evaluate the organization's ethics program. Which of the following should be included in the scope of the engagement?
An internal auditor is performing a review of an organization's vendor for any possible conflicts of interest. Which of the following would provide the greatest assistance to the auditor in meeting this objective?
An internal auditor wants to obtain management's evaluation of the organizational risk culture. Because there are more than 30 geographically dispersed managers, one-to-one interviews are not possible. Which of the following is the most efficient option for the auditor to adopt?
The engagement supervisor would like lo change the audit program's scope poor to beginning fieldwork According to IIA guidance before any change is implemented what is the most important action that should be undertaken?
While reviewing the workpapers and draft report from an audit engagement, the chief audit executive (CAE) found that an Important compensating control had not been considered adequately by the audit team when it reported a major control weakness Therefore, the CAE returned the documentation to the auditor in charge for correction Based on this Information, which of the following sections of the workpapers most likely would require changes?
1.Effect of the control weakness.
2.Cause of the control weakness
3.Conclusion on the control weakness.
4.Recommendation for the control weakness.
In which of the following situations would it be most appropriate for an internal audit function to issue an interim report or memo?
Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?
Which of the following is the most important determinant of the objectives and scope of assurance engagements?
A chief audit executive's report to the board showed a significant trend of recent aud4s going over planned budgeted hours. Which of the following factors could cause this trend?
According to IIA guidance, which of the following should be a primary objective for an internal auditor who is conducting an exit conference?
A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?
Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?
Which of the following internal audit activities is performed in the design evaluation phase?
What type of audit engagement would be the most appropriate to determine how an organization could be more profitable in the long term?
Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?
Which of the following recognized competitive strategies focuses on gaining efficiencies?
Which of the following actions best describes an internal auditor's use of test data to determine whether an organization's new accounts payable system avoids processing questionable invoices for payment?
When addressing the excessive overtime being paid lo employees in an organization's customer service call center, which of the following would be most relevant for the internal auditor to use?
1 Confirmation.
2. Trend analysis.
3 External benchmarking
4. Internal benchmarking
An internal auditor plans to conduct a walk-through to evaluate the control design of a process. Which of the following techniques is the auditor most likely to use?
Operational management In the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?
A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?
A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?
A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?
Which of the following statements is true regarding a drawback of using internal control questionnaires (ICQs)?
During which phase of the contracting process are contracts drafted for a proposed business activity’
Which of the following is the primary purpose of implementing a program whereby employees are rotated from other parts of the organization into the internal audit activity?
Which of the following is one of the advantages of organizing the risk universe by processes?
An internal auditor performed a test of controls and found that a statistically selected representative sample of recorded transactions within the account receivables ledger had an error rate that was within management expectations. The associated revenue account was outside the scope of the audit engagement. How should the conclusion to this engagement be reported?
An internal auditor performed a review that focused on the organization’s process for vetting vendors. The internal auditor’s testing identified that 120 out of 130 vendors had a business relationship with the organization’s procurement manager that violated conflict-of-interest policies. Which of the following conclusions could the internal auditor draw from these results?
In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?
Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?
Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?
Where should internal auditor focus their attention when identify and assessing key risks during the planning stage of an assurance engagement?
An internal auditor completed a consulting engagement covering a recent advertising campaign. The audit client asked the auditor to forward a copy of the report to one of the three advertising agencies used by the organization. According to IIA guidance, which of the following statements is true regarding this request?
In order to obtain background information on an assigned audit of data center operations an internal auditor administers control questionnaires to select individuals who have primary responsibilities within the process. Which of the following is a drawback of this approach?
Which of the following best exemplifies having effective risk management and internal control processes?
The audit plan of an internal audit function includes an assurance engagement of the organization’s cybersecurity protocols. However, the engagement supervisor assigned to execute the engagement identifies that the internal auditors with competencies in cybersecurity are scheduled for upcoming leave and are involved in other engagements. Those auditors would not be available to participate in the cybersecurity engagement. Which of the following would be the appropriate action for the engagement supervisor?
An audit observation states the following:
"Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history"
Which of the following components are missing in the observation?
According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?
White planning an audit engagement of a procurement card activity. which of the following actions should an internal auditor take to denary relevant risks and controls?
Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?
During engagement planning, which party provides the most accurate and up-to-date description of how organizational processes and key controls operate?
Upon completing a follow-up audit engagement, the chief audit executive (CAE) noted that management has not implemented any mitigation measures to address the high
risks that were reported in the initial audit report. What initial step must the CAE take to address this situation?
An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for
testing. Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?
During the preliminary survey of the procurement department, an internal auditor noted a major control weakness in the organization's ordering and receiving process. According to IIA guidance, which of the following is the most appropriate action the internal auditor should take?
Which of the following describes the primary objective of an internal audit engagement supervisor?
Which of the following is one of the five basic tnanoal statement assertions when an internal auditor evaluates controls over financial reporting?
Which of the following would most likely be found in an organization that uses a decentralized organizational structure?
During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?
While reviewing warehouse inventory records, an internal auditor noticed that the warehouse has a surprisingly high number of products in storage. Over the past three years, the auditor had visited this particular warehouse numerous times for previous engagements and remembered that the warehouse was rather small. The auditor then decided to compare the square footage of the warehouse to the recorded number of products in storage. The auditor’s action is an example of which of the following?
After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?
A financial services organization's CEO requests that the internal audit function carry out fraud scenario testing over the supplier payment process. The engagement supervisor intends to identify these scenarios using a technique that motivates the sharing of ideas. Which of the following provides the internal audit function with this information?
The following is a list of major findings in the executive summary report for an audit of the contract management process
- Noncompliance with contract provisions requiring vendors to obtain insurance policies with indemnity value of not less than $1 million
- Compliance with contract obligations and deliverables is not monitored
- No contract agreement with five vendors providing core services
Which of the following is an appropriate conclusion that can be drawn from these findings?
Which of the following is true regarding the monitoring of internal audit activities?
The final internal audit report should be distributed to which of the following individuals?
During follow-up, the chief audit executive (CAE) is having a discussion with management about the internal audit team's recommendations related to a significant issue Management accepted the issue but took no remedial action What is the next step for the CAE?
Which of the following factors would be the most critical in determining which engagements should be included in the annual internal audit plan?
Who is responsible for ensuring internal auditors continuing professional development*
An internal auditor conducted interviews with several employees, documented the interviews analyzed the summaries, and drew a number of conclusions. What sort of audit evidence has the internal auditor primarily obtained?
During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?
Which of the following is an appropriate role for the internal audit activity with regard to the organization's risk management program?
According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?
Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?
An internal auditor believes that the internal audit activity's independence is impaired Which of the following actions should the internal auditor take first?
While performing fieldwork for an assurance engagement, a member of the internal audit team identified a key control that was not identified during the planning phase of the engagement Which of the following actions by the internal auditor would be most appropriate?
In which of following scenarios is the internal auditor performing benchmarking?
Which of the following components should be included in an audit finding?
1. The scope of the audit.
2. The standard(s) used by the auditor to make the evaluation.
3. The engagement's objectives.
4. The factual evidence that the internal auditor found in the course of the examination.
Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?
A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?
Following an audit, management developed an action plan to improve controls over the handling of scrap metal. Which of the following would be the most appropriate course of action for the auditor to follow up?
Which of the following best describes the engagement objective in a banking compliance audit?
For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?
An internal auditor is planning to audit the organization's payroll function, which was recently outsourced. Which of the following is the most appropriate first step for the auditor?
According to IIA guidance, when of the Mowing statements is true regarding an engagement supervisor's use of review notes?
Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?
A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?
At the conclusion of a quality assurance review, the chief audit executive (CAE) was informed that several audits included incomplete workpapers, and some workpapers were not completed within the established timeframe. How should the CAE address the issue of incomplete workpapers?
A code of business conduct should include which of the following to increase its deterrent effect?
1. Appropriate descriptions of penalties for misconduct.
2. A notification that code of conduct violations may lead to criminal prosecution.
3. A description of violations that injure the interests of the employer.
4. A list of employees covered by the code of conduct.
Which of the following performance measures is considered a lagging indicator to the largest degree?
Which of the following is the primary reason for internal auditors to conduct interim communications with management of the area under review?
Which of the following is the advantage of using internal control questionnaires (ICQs) as part of a preliminary survey for an engagement?
Which of the following processes does the board manage to ensure adequate governance?
Which of the following conditions are necessary for successful change management?
1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.
According to IIA guidance, which of the following statements is true regarding engagement planning?
A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan. Which of the following approaches would be most beneficial to help the CAE obtain details of the internal audit activity's collective knowledge, skills, and other competencies?
Which of the following is required to classify, label, organize, and search big data stored and used in an organization?
According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?
For a new board chair who has not previously served on the organization’s board, which of the following steps should first be undertaken to ensure effective leadership to the board*?
An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?
There is a clear strategy and timeline to migrate risk management responsibility back to management.
The internal audit activity has the final approval on any risk management decisions.
The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.
The nature of services provided to the organization is documented in the internal audit charter.
Which of the following would offer the strongest evidence to support the internal auditor's conclusion that a product is in stock, as stated in the accounting records?
The chief audit executive (CAE) is developing a workpaper preparation policy for a new internal audit activity. The CAE wants to ensure that all workpapers relate directly to the engagement objectives. Which of the following statements should be included in the policy specifically to address this concern?
During the planning phase of an assurance engagement, which of the following would an internal auditor use to assess and present the severity of the impact of identified risks?
Which of the following statements describes an engagement planning best practice?
Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?
A technology organization is developing an artificial intelligence (AI) program for use on its social media platform. The AI program is meant to help content creators with images and posts that will acquire followers more efficiently. The internal audit function is planning an engagement of the AI program development. Which of the following should be considered a significant, immediate, and inherent risk?
Which of the followings statements describes a best practice regarding assurance engagement communication activities?
An internal auditor for a regional bank suspects that the head of commercial lending has been granting loans without the required collateral Which of the following sampling techniques will be most effective for investigating the auditor's suspicion?
An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable pacts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor's theory?
An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?
Acceding to MA guidance, when of the Mowing strategies would like provide the most assurance to the chief audit executive (CAE) that the internal audit activity's recommendations are being acted upon?
The audit manager asked the internal auditor to perform additional testing because several irregularities were found in the financial information. Which of the following would be the most appropriate analytical review for the auditor to perform?
According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?
1. Coordinate post-engagement conferences to discuss the final audit report with management.
2. Include management's responses in the final audit report.
3. Review and approve the final audit report.
4. Determine who will receive the final audit report.
According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?
Which of the following should be the focus of the effect section of the preliminary observations document?
Which of the following recommendation types is most likely to propose the most long-term solutions?
An organization s inventory is stored m multiple warehouses. During an inventory audit which of the following activities would most benefit from the use of computerized audit tools?
The internal audit activity is currently working on several engagements, including a consulting engagement on the management process in the human resources department. Which of the following actions should the chief audit executive take to most efficiently and effectively ensure the quality of the engagement?
Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?
Besides a chief audit executive's professional experience what determines the frequency and approach to assessing residual risk?
Senior management decides to adopt a conservative working capital policy. What would be the expected result for the organization?
When using cost-volume-profit analysis, which of the following will increase operating income once the break-even point has been reached?
According to IIA guidance, how should an internal auditor apply any relevant information obtained from an internal consulting engagement during a related internal audit engagement?
Some lime after the final audit report was issued, the engagement supervisor teamed that several internal control deficiencies were not remedied, despite management's previous agreement to remedy them According to IIA guidance, which of the following is the most appropriate response'5
Which of the following is the primary weakness of internal control questionnaires (ICQs)?
According to IIA guidance, which of the following statements regarding the internal audit charter is true?
Which of the following statements is true regarding the chief audit executive's (CAT$) responsibilities after completing an assurance or consulting engagement?
Which of the following is a true statement regarding the use of flowcharts as an audit tool?
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?
According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?
As a result of server managements assumption of risk there is residual risk that exceeds me organisation's risk appetite. Which of the following actions would be most appropriate for the chief audit executive to take?
During an operational audit of the cash receipts process, internal auditors uncovered many red flags related to possible misappropriation of cash and other cash-flow problems indicative of potential employee fraud. Which of the following statements is true regarding the follow-up investigative audit?
While planning for an accounts payable audit an internal auditor performs an entity level controls analysis. Which of the following statements is true regarding me approach used by the auditor?
According to IIA guidance, which of the following is true regarding audit supervision?
1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.
2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.
3. Supervision should include review of engagement workpapers, with documented evidence of the review.
Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?
Ensure encryption keys meet ISO standards.
Determine whether an independent review of the service provider's operation has been conducted.
Verify that the service provider’s contracts include necessary clauses.
Verify that only public-switched data networks are used by the service provider.
An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?
An internal auditor s testing tor proper authorization of contracts and finds that the rate of deviations discovered in the sample is equal to the tolerable deviation rate. When of the following is the most appropriate conclusion for the internal auditor to make based on this result?
If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?
Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?
Which of the following must be in existence as a precondition to developing an effective system of internal controls?
Which of the following statements is true pertaining to interviewing a fraud suspect?
1. Information gathered can be subjective as well as objective to be useful.
2. The primary objective is to obtain a voluntary written confession.
3. The interviewer is likely to begin the interview with open-ended questions.
4. Video recordings always should be used to provide the highest quality evidence.
An internal auditor collected several employee testimonials Which of the following is the best action for the internal auditor to take before drawing a conclusion?
An internal auditor is preparing an internal control questionnaire for the procurement department as part of a preliminary survey. Which of the following would provide the best source of information for questions?
Which of the following best demonstrates internal auditors performing their work with proficiency?
A chief audit executive (CAE) identifies that the internal audit activity lacks a necessary skill to perform a management request for a consulting engagement. According to IIA guidance, which of the following Is the most appropriate action the CAE should take regarding the request?
Internal control questionnaires are used to achieve which of the following objectives?
The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?
According to IIA guidance,which of the following is true about the supervising internal auditor's review notes?
• They are discussed with management prior to finalizing the audit.
• They may be discarded after working papers are amended as appropriate.
• They are created by the auditor to support her fieldwork in case of questions.
• They are not required to support observations issued in the audit report.
According to IIA guidance which of the following best describes reliable information?
An internal audit report includes a recommendation to remove inappropriate user access to an IT application. Which of the following does the recommendation represent?
When me internal audit activity does not have sufficient time to complete its usual root cause analysis which c4 the following is most appropriate?
Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?
An internal audit activity plans its engagements based on an organization-wide risk assessment. According to IIA guidance, which of the following statements is true regarding the required frequency of the risk assessment?
In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?
According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?
According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?
An internal auditor completed a review of expenses related to the launch of a new project. The auditor sampled 45 transactions approved by a senior project manager and identified 30 with questionable vendor documentation. Which of the following is the most appropriate conclusion for the auditor to include in the audit report?
According to IIA guidance, which of the following most appropriately justifies the CEO’s decision that the internal audit activity shall be responsible for risk management and Investigation at multinational organization?
During an entity-level controls assessment, internal auditors deploy an internal control questionnaire to test the controls. Which of the following is a major drawback of this testing method?
When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisor’s review notes?
Prior to performing testing an internal auditor has determined that a primary process control failed due to design weakness. Which of the following actions should the auditor perform next?
Which of the following offers the best explanation of why the auditor in charge would assign a junior auditor to complete a complex part of the audit engagement?
A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days What conditions would an auditor look for as an Indicator of employee theft of food from a specific store?
According to the IIA guidance, which of the following foes the engagement work test in a review in a review of an organization al process?
Which statement best describes the benefit of using workpapers from recent internal audit engagements of the area under review to plan new engagements?
A team of internal auditors is assigned to audit the employee relations process in an organization, which includes employee conduct and disciplinary hearings. Which of the following audit approaches would provide the auditors with the best evidence to determine the degree to which disciplinary decisions are complying with documented policy?
An IT auditor is reviewing the access controls in an organization's accounting application. The auditor intends to deploy a tool that can help test the logical controls embedded in the system to ensure employee access is granted according to need. Which of the following would help achieve this objective?
Which of the following statements best demonstrates application of due professional care during an assurance engagement?
Which of the following is least likely to help ensure that risk is considered in a work program?
Upon the completion of an audit engagement an audit manager performs a review of a staff auditor's workpapers. Which of the following actions by the manager is the most appropriate this review''
Which of the following constitutes supervisory activity undertaken during the planning phase of an assurance engagement?
The final engagement communication contains the following observation:
The internal auditor discovered that three of the 10 contracts reviewed failed to meet the organization's competitive bidding requirements Management explained that senior management deemed these purchases to be critical and awarded them as sole-source."
Which of the following components is missing in the documentation of the observation?
Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?
Which of the following best describes the risk contained in an initial public offering for a new stock?
Which of the following is the primary reason to develop an audit work program?
As part of the preliminary survey, an internal auditor sent an internal control questionnaire to the accounts payable function Based on the questionnaire responses, the auditor determines that there is no established procedure for adding and approving new vendors. What would the auditor do next?
The internal audit activity has requested that new vendor information be summarized once per week in a single report, and that all invoices each week for these vendors be automatically flagged in the invoice processing system. Which of the following computerized audit techniques is the internal audit activity most likely applying?
An internal auditor selects a sample of paid invoices and matches them to receiving reports. What is the most likely purpose for this procedure?
An internal auditor is performing testing to gather evidence regarding an organization's inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is The auditor's concern best describes which of the following risks?
If there is a significant error or omission in the final audit report that was communicated to management, which of the following is the key action for the internal audit activity?
The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?
Which of the following situations is most critical for the chief audit executive to report to the board?
Which of the following statements generally true regarding audit engagement planning?
Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?
The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?
An internal auditor is assigned to an advisory engagement for the launch of a new system relating to travel and expense. During fieldwork, the auditor tests interfacing controls with the procurement system. The auditor observes that a key control is missing within the procurement system. The auditor identifies that senior management has approved a temporary manual workaround for the missing control. Which of the following actions should the auditor take?
It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?
If an engagement supervisor discovers insufficient information to draw a conclusion in workpapers, which action should she take first?
The internal audit function is in the fieldwork stage of the annual staff performance appraisal assurance engagement. A new auditor is hired and added to the engagement team. The auditor reviews the engagement work program with another member of the team and suggests improvements to make the fieldwork easier to complete. What action should be taken next?
An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?
What is the primary reason that audit supervision includes approval of the engagement report?
The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?
Which of the following contributes to the reliability of information collected for an audit engagement?
An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?
Which of the following is most likely to impair the organizational independence of the internal audit activity?
When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?
An organization invests excess short-term cash in trading securities Which of the following actions should an internal auditor take to test the valuation of those securities'*
According to IIA guidance, which of the following steps should precede the development of audit engagement objectives?
An internal auditor uses a data query tool in the purchasing process to review the vendor master file for authorizations Which of the following describes the control objective likely being tested?
During an audit of the accounts payable process, an internal auditor was assigned to confirm the quantity of goods received on receiving documents to invoices for those goods and subsequent postings in the accounting system. Which of the following procedures would be most appropriate for this test?
Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?
Which of the following parties is accountable for ensuring adequate support for conclusions and opinions readied by the internal audit activity while relying on external auditors' work?