IIA-ACCA_passquestion.docx

QUESTION & ANSWER 1. What should the internal auditor\'s role be in assessing the organization\'s ethical climate? A. Perform ongoing surveys of the employees, customers, and partners of the organization to assess the organization\'s ethical climate. \^Evaluate the effectiveness of the organization\'s strategies and B. processes for achieving the desired level of legal and ethical compliance. B. Maintain a whistleblower hotline to identify inappropriate or illegal activity within the organization. C. Perform background checks of potential new employees before they are hired by the organization. Answer: B ========= 2. According to COSO, which of the following is not considered one of the components of an organization\'s internal environment? D. Authority and responsibility to resolve issues. E. Framework to plan, execute and monitor activities. F. Integrated responses to multiple risks. G. Knowledge and skills needed to perform activities. Answer: C ========= 3. Which of the following enhances the independence of the internal audit activity? H. The chief audit executive (CAE) approves the annual internal audit plan. I. The CAE administratively reports to the board. J. The audit committee approves the CAE\'s annual salary increase. K. The chief executive officer approves the internal audit charter. Answer: C ========= 4. A medical insurance provider uses an electronic claims-submission process and suspects that a number of physicians have submitted claims for treatments that were not performed. L. Require the physician to submit a signed statement attesting that the treatments had been performed. M. Send confirmations to the physicians, requesting them to verify the exact nature of the claims submitted to the insurance provider. N. Develop an integrated test facility and submit false claims to verify that the system is detecting such claims on a consistent basis. O. Use computer software to identify abnormal claims based on the insured\'s age and medical history. Answer: D ========= 5. Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity? P. Planning an engagement of the area in which fraud is suspected. Q. Employing audit tests to detect fraud. R. Interrogating a suspected fraudster. S. Completing a process review to improve controls to prevent fraud. Answer: B ========= 6. Non-statistical sampling does not require which of the following? T. The sample to be representative of the population. U. The sample to be selected haphazardly. V. A smaller sample size than if selected using statistical sampling. W. Projecting the results to the population. Answer: C ========= 7. The internal audit activity is planning a procurement audit and needs to obtain a thorough understanding of the subcontracting process, which can involve multiple individuals in multiple countries. Which of the following internal audit tools would be most effective to document the process and the key controls? X. Internal control checklist. Y. Procurement employee survey. Z. Cross-functional flow chart. A. Segregation of duties matrix. Answer: C ========= 8. An auditor identifies three errors in the sample of 25 entries selected for review (a 12 percent error rate). Based on this result, the auditor assumes that approximately 59 of the total population of 492 entries are incorrect. B. Variability tolerance. C. Ratio estimation. D. Stratification. E. Acceptance sampling. Answer: B ========= 9. Which of the following is most likely to enhance an internal auditor\'s objectivity? F. An auditor is appropriately able to communicate results. G. An auditor performs his work free from interference. H. An auditor is unrestricted in determination of scope. I. An auditor avoids conflicts of interest. Answer: D ========= 10. According to IIA guidance, which of the following should be formally documented in the internal audit charter? J. The internal audit activity\'s responsibility for imposing risk management processes. K. The internal audit activity\'s responsibility for the organization\'s governance framework. L. The nature of consulting services provided by the internal audit activity. M. The budgeting process for the internal audit activity. Answer: C ========= 11. An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use? N. Statistical sampling only O. Nonstatistical sampling only P. A combination of both statistical and nonstatistical sampling. Q. Neither approach to testing the audit theory would be cost effective. Answer: B ========= 12. According to IIA guidance, when preparing the charter for the internal audit activity, the chief audit executive (CAE), board, and senior management should agree on which of the following? 1. The standards to be used by the internal audit activity. 2. The internal audit activity\'s code of ethics. 3. The CAE\'s reporting line. 4. The internal audit activity\'s responsibilities. A. 4 only. B. 1 and 2 only. C. 3 and 4. D. 1,2, and 3. Answer: C ========= 13. Which of the following would not be considered part of preliminary survey of an engagement area? R. Interviews with individuals affected by the entity. S. Functional walk through test. T. Analytical reviews. U. Sampling scope. Answer: D ========= 14. Which of the following best ensures the independence of the internal audit activity? 1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis. 2. The audit committee reviews the performance of the chief audit executive (CAE) periodically. 3. The internal audit charter requires the CAE to report functionally to the audit committee. A. 3 only B. 1 and 2 only C. 2 and 3 only D. 1, 2, and 3 Answer: C ========= 15. Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. V. Workshops. W. Surveys. X. Interviews. Y. Observation. Answer: B ========= 16. According to IIA guidance, which of the following are considerations of due professional care when an internal auditor conducts a formal consulting engagement? 1. The complexity of the work required. 2. The needs and expectations of the client. 3. The potential value of the engagement compared to the effort. 4. Information regarding assumptions and procedures to be employed. A. 1 and 4 only B. 2 and 3 only C. 1, 2, and 3 only D. 1, 2, 3, and 4 Answer: C ========= 17. In the area of business acumen, which of the following competencies would be the sole responsibility of an internal audit staff member? Z. Maintaining industry-specific knowledge appropriate to the organization. A. Assessing how IT contributes to organization objectives, risks, and relevance to audit. B. Maintaining technical aspects of accounting standards and reporting processes. C. Understanding regulatory and legal framework and assessing its relevance. Answer: D ========= 18. When developing the organization\'s first risk universe, which of the following would the chief audit executive be least likely to consider? D. The amount of risk that an organization is willing to seek or accept. E. The extent and degree of interdependency for identified key risks. F. The boundaries established to manage the amount of risk taken. G. The exposure to risks following management\'s risk responses. Answer: D ========= 19. A multinational organization has asked the internal audit activity to assist in setting up the organization\'s risk management system. The chief audit executive (CAE) agrees to take on the engagement as a consultant. H. Coordinate and facilitate risk workshops for management to attend. I. Establish the degree of risk appetite for management to accept. J. Set risk indicators and mitigation plans for management to implement. K. Determine the number of significant risks for management to report to the board. Answer: D ========= 20. Which of the following is a common type of payroll fraud? L. Unauthorized overtime. M. Fictitious employees. N. Unearned bonuses or commissions. O. Skimming. Answer: B ========= 21. Which of the following types of fraud includes embezzlement? P. Fraudulent statements. Q. Bribery. R. Misappropriation of assets. S. Corruption. Answer: C ========= 22. A furniture manufacturer has installed a new fire sprinkler system at its central warehouse and canceled the existing fire insurance policy on that property. T. From sharing to reduction. U. From acceptance to reduction. V. From sharing to avoidance. W. From acceptance to avoidance. Answer: A ========= 23. A large trucking organization wants to reduce traffic accidents by improving its system of internal controls. 1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control. 2. Defensive driver training is an example of a directive control. 3. The installation of tracking devices in delivery vehicles is an example of a corrective control. 4. Providing a vehicle driver handbook is an example of a detective control. A. 1 and 2. B. 1 and 4. C. 2 and 3. D. 3 and 4. Answer: A ========= 24. Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud? X. Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions. Y. The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff. Z. Security cameras that monitor cash handling at the register are not functioning. A. The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff. Answer: B ========= 25. Who is responsible for setting the risk appetite? B. External auditors. C. Chief risk officer. D. Operations management. E. Board of directors. Answer: D ========= 26. Which of the following offers the best evidence that the internal audit activity has achieved organizational independence? F. An independent third party has assessed the organization\'s system of internal controls to be adequate and effective. G. The chief audit executive reports both functionally and administratively to the CEO. H. The internal audit charter is drafted properly and approved by the appropriate parties. I. The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives. Answer: B ========= 27. When auditing the award of a major contract, which of the following should an internal auditor suspect as a red flag for a bidding fraud scheme? 1. Subsequent change orders increase requirements for low-bid items. 2. Material contract requirements are different on the actual contract than on the request for bids. 3. A high percentage of employees are charged to indirect accounts. 4. Losing bidders are hired as subcontractors. A. 1 only B. 2 only C. 1 and 3. D. 2 and 4. Answer: D ========= 28. Which of the following responsibilities would fall under the role of the chief audit executive, rather than internal audit staff or the audit manager? J. Manage and support a quality assurance and improvement program. K. Maintain industry-specific knowledge appropriate to the audit engagements L. Set clear performance standards for internal auditors and the internal audit activity. M. Apply problem-solving techniques for routine situations. Answer: C ========= 29. According to The IIA\'s Code of Ethics, which of the following statements is true? N. When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value. O. When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity. P. When an internal auditor disagrees with the treatment received by workers in the organization\'s foreign subsidiary and alters the audit program to highlight the issue, he fails to demonstrate objectivity. Q. When an internal auditor continues with an audit engagement, despite the audit client\'s claims that the work performed is unnecessary and redundant he fails to demonstrate competency. Answer: C ========= 30. Which of the following controls could an internal auditor reasonably conclude is effective by observing the physical controls of a large server room? R. Adequate signs are in place to assist in locating safety equipment. S. Servers are secured individually to their racks by locks. T. Foam fire extinguishers are operable to protect against electrical fires. U. Swipe card access is required to gain access to the server room. Answer: A ========= 31. Which of the following are generally recognized as essential elements of a corporate social responsibility program? V. Human rights and the environment. W. Organizational governance and financial reporting. X. Fair operating practices and government regulation. Y. Consumer issues and return on investment. Answer: A ========= 32. While preparing for an audit of senior management expenses, the chief audit executive (CAE) learns that management is unable to locate a number of original expense claims to support the related disbursements. She decides to defer the engagement until they can be located. Z. Objectivity. A. Proficiency. B. Independence. C. Due professional care. Answer: D ========= 33. According to IIA guidance, which of the following must the internal auditor consider to meet the requirements for due professional care? D. The training courses necessary to enhance the internal auditor\'s knowledge, skills, and other competencies. E. The appropriateness of assurance procedures necessary to ensure all significant risks will be identified. F. The use of innovative technology and data analysis techniques. G. The extent of work needed to achieve the engagement's objectives. Answer: D ========= 34. Which of the following is not an objective of internal control? H. Compliance. I. Accuracy. J. Efficiency. K. Validation. Answer: D ========= 35. A headquarters-based internal auditor has been sent to a major overseas subsidiary to conduct various engagements. Initially, the internal auditor spends time to become familiar with local customs and organization\'s practices while embarking on the first engagement. L. Communication. M. Persuasion and collaboration. N. Business acumen. O. Governance, risk, and control. Answer: A ========= 36. According to IIA guidance, which of the following statements describes one of the similarities between assurance and consulting services? P. When planning assurance and consulting engagements, internal auditors must consider the strategies and objectives of the activity being reviewed. Q. Internal auditors determine the engagement objectives, scope, and work program for both assurance and consulting services. R. Internal auditors must not provide assurance or consulting services for an activity for which they had responsibility within the previous year. S. Both assurance and consulting services generally involve the internal auditor, the area under review, senior management, and the board. Answer: A ========= 37. An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. T. Management will be able to reduce inherent risk because they will have a better understanding of risk. U. Internal auditors will be able to reduce their sample sizes because controls will be more consistent. V. Stakeholders will have more assurance that the risks are assessed consistently. W. Decision makers will understand that the likelihood of missing or ineffective controls will be reduced. Answer: C ========= 38. Which of the following is the primary engagement responsibility of an entry-level internal auditor? X. Leadership. Y. Documentation. Z. Analysis. A. Reporting. Answer: C ========= 39. Which of the following options is the most cost-effective and efficient way for internal auditors to keep current with the latest developments in the internal audit profession? B. Attending annual professional conferences and seminars. C. Participating in on-the-job training in various departments of the organization. D. Pursuing as many professional certifications as possible. E. Maintaining membership in The HA and similar professional organizations and subscribing to relevant Answer: D ========= 40. According to The MA Global Internal Audit Competency Framework, which of the following areas of training would best assist the internal audit activity in improving its use of tools and techniques? F. Negotiation and conflict resolution. G. Project management. H. Financial accounting. I. Ethics and fraud. Answer: B ========= 41. Forty-five percent of an organization\'s customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates \$1.25 million customer payments due during the contract period. J. \$11, 250 K. \$25, 000 L. \$33, 750 M. \$45, 000 Answer: A ========= 42. Which of the following is the most common way that occupational fraud is detected? N. Internal audits. O. Whistleblower hotline. P. Key controls. Q. External audits. Answer: B ========= 43. An internal auditor completed an audit of a bank\'s loan department and found all significant risks to be managed adequately through effective internal controls. R. The residual risk is lower than or equal to the risk appetite. S. The residual risk is higher than or equal to the risk appetite. T. The inherent risk is lower than or equal to the risk tolerance. U. The inherent risk is higher than or equal to the risk tolerance. Answer: A ========= 44. An organization is facing a financial downturn and needs to impose major budget reductions to all departments. V. Ask management to determine which internal audit engagements are lower risk and could be considered for removal from the annual audit plan. W. Ask appropriate stakeholders for their opinion on the potential impacts of reducing the scope of the internal audit plan. X. Ask the chief audit executive to determine whether budgetary limitations impede the ability of the internal audit activity to execute its responsibilities. Y. Ask The human resources department to determine how the annual compensation and salary of the audit staff could be adjusted to achieve savings. Answer: C ========= 45. Which of the following control activities is the most effective to ensure users\' levels of access are appropriate for their current roles? Z. The human resources department generates a monthly list of terminated and transferred employees and requests IT to update the user access as required. A. Standardized user access profiles are developed and the appropriate access profiles are automatically assigned to new or transferred employees. B. System administrator rights are assigned to one user in each department who can update user access of terminated or transferred employees immediately. C. Department managers are required to perform periodic user access reviews of relevant systems and applications. Answer: D ========= 46. Which of the following items should the chief audit executive disclose to senior management regarding the results of the internal audit activity\'s quality assessments? D. The internal audit activity\'s plan for resource allocation. E. The amount of the organization\'s potential loss prevented by the risk-based auditing of the internal audit activity. F. The number of audits from the annual internal audit plan that were completed last year. G. The qualifications and independence of the assessment Team. Answer: B ========= 47. Which of the following is an example of a management control technique? H. A budget. I. A risk assessment. J. The board of directors. K. The control environment. Answer: A ========= 48. An internal auditor uses a predefined macro provided in a popular spreadsheet application to verify the present value of the organization\'s investments. L. The auditor should accept the calculations generated by the function, as any further work or documentation would be inefficient. M. The auditor should perform a manual recalculation of several results to validate and document the results. N. The auditor should review the programming of the macro before its use to ensure that it is appropriate for the required calculations. O. The auditor should tabulate the results in the spreadsheet to ensure the macro has generated the correct results for all calculations. Answer: B ========= 49. CORRECT TEXT A. perform a proper assessment. B. An auditor was reviewing inventory counts conducted by the warehouse staff. One truck containing an immaterial amount of inventory was off-site and wasn\'t verified by the auditor. C. An auditor visited a plant that produces a significant portion of the organization\'s inventory. The day he arrived, the plant manager was out sick, so the auditor issued the report without interviewing the manager. D. An auditor in charge needed to have testing completed by the end of the month, but was behind schedule. He identified a junior auditor to conduct the work for him on a complex area of the organization. **Answer:** A 50. A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annua snowfall for the coming winter. P. Residual. Q. Net. R. Inherent. S. Accepted. Answer: C ========= 51. An internal auditor needs to recommend a policy element to be included in an organization\'s code of ethics. T. Ethics should vary with local customs in the organization\'s foreign operations. U. Whistleblowing should be discouraged because it can cause distrust among employees. V. Ethical behavior should be incorporated into performance evaluations. W. Senior management should be granted specific exemptions to the code of ethics. Answer: C ========= 52. An internal audit activity is using the auditing-by-element approach to audit the organization\'s controls around corporate social responsibility. X. Working conditions. Y. Employees\' families. Z. Marketplace competition. A. Shareholders and investors. Answer: B ========= 53. According to IIA guidance, which of the following statements about working papers is false? B. They assist in the implementation of recommendations. C. They provide support for communication to third parties. D. They demonstrate compliance with auditing standards. E. They contribute to development of the internal audit staff. Answer: A ========= 54. Which of the following factors have the greatest influence on the independence of the internal audit activity? F. Quality assessments and cultural biases of the internal audit activity. G. Rotational assignments and familiarity of the internal audit activity. H. Employee incentives and self review of the internal audit activity. I. Organizational positioning and scope control of the internal audit activity. Answer: D ========= 55. Which of the following is a requirement for an assurance engagement that may not be for a consulting engagement? J. The internal audit activity has to ensure team members\' objectivity is not impaired. K. Auditors cannot participate in an assurance engagement of a function for which they previously performed a consulting engagement. L. The scope and objective of the engagement is agreed upon based on the engagement client\'s needs. M. The internal audit activity must ensure management actions have been implemented effectively or risk accepted. Answer: B ========= 56. Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance? N. Determine the organization\'s overall risk appetite. O. Establish a governance committee. P. Delegate authority to members of senior management. Q. Identify key stakeholders and their expectations. Answer: D ========= 57. Sometimes, internal audit staff may partner with operating managers to rank risks. Which of the following outcomes may be the most beneficial aspects of this strategy? 1. Reappraising risks levels. 2. Providing accurate information to management. 3. Marketing the internal audit activity. 4. Planning safeguards for assets in high-risk areas. A. 1 and 2. B. 1 and 3. C. 2 and 3. D. 3 and 4. Answer: B ========= 58. If appropriate safeguards exist, which of the following is considered a legitimate internal audit role within risk management at an organization? R. Imposing risk management processes. S. Providing consolidated reporting on risks. T. Taking accountability for risk management. U. Making decisions on risk responses. Answer: B ========= 59. According to COSO, which of the following describes a principle related to the control environment? V. The organization identifies and assesses changes that could significantly impact the system of internal control. W. The organization establishes appropriate authorities and responsibilities in the pursuit of objectives. X. The organization selects and develops control activities that contribute to the mitigation of risks. Y. The organization performs evaluations to ascertain whether internal control components are present and functioning. Answer: B ========= 60. The manager for an organization\'s accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Z. An operations audit of the accounts payable department. A. A consulting engagement related to a new accounts payable optimization initiative. B. A review of the employees\' sports club finances, which are overseen by the chief audit executive. C. An assurance review for a sales program on which she previously provided consultation. Answer: C ========= 61. A chief audit executive (CAE) is reviewing the internal audit activity\'s performance and is concerned that the average number of revisions to findings is steadily rising, making it increasingly difficult to trace the finding to the supporting evidence and workpapers. D. The overall effectiveness of the internal audit activity\'s periodic self assessments. E. The type of audit productivity and performance statistics reported. F. The adequacy of the day-to-day supervision and review process. G. The scope and frequency of external assessments. Answer: C ========= 62. Which of the following is most likely to be considered a control weakness? H. Vendor invoice payment requests are accompanied by a purchase order and receiving report. I. Purchase orders are typed by the purchasing department using prenumbered forms. J. Buyers promptly update the official vendor listing as new supplier sources become known. K. Department managers initiate purchase requests that must be approved by the plant superintendent. Answer: C ========= 63. A new director was hired to lead the internal audit activity at a small start-up company. Which of the following assignments would impair the director\'s independence? L. Preparing the financial statements for the company\'s defined contribution plan. M. Performing a pre-implementation review of the company\'s payroll application. N. Providing the COBIT framework as a possible IT management tool. O. Reviewing the company\'s policy for foreign currency translation adjustments for compliance with accounting standards. Answer: A ========= 64. A credit card company detects potential errors in credit card numbers by checking whether all entered numbers contain the correct amount of digits. P. Logic test. Q. Check digits. R. Data integrity tests. S. Balancing control activities. Answer: A ========= 65. According to IIA guidance, the results of a formal quality assessment should be reported to which of the following groups? T. The audit committee and senior management. U. The audit committee and the external auditors. V. Senior management and management of the audited area. W. Senior management and the external auditors. Answer: A ========= 66. Which of the following documents is most appropriate in promoting the objectivity of the internal audit activity? X. Usage of IT system policy. Y. Risk management framework. Z. Acceptance of gifts policy. A. Personal responsibility policy. Answer: C ========= 67. An organization decides to take no action on one of its financial risks because the cost of implementing the control outweighs the value of the asset being protected. B. Risk avoidance. C. Risk-benefit analysis. D. Risk sharing. E. Risk acceptance. Answer: D ========= 68. An internal auditor in a small broadcasting organization was assigned to review the revenue collection process. The auditor discovered that some checks from three customers were never recorded in the organization\'s financial records. F. Bank statements. G. Customer confirmation letters. H. Copies of sales invoices. I. Copies of deposit slips. Answer: D ========= 69. Which two of the following are preventive controls in a check disbursement process? 1. Daily reconciliation of the bank account used for check disbursements and prompt follow-up of un-reconciled items. 2. Segregation of the following duties: establishing new vendors, approving checks, and reconciling the bank account. 3. An activity report detailing who accesses the check disbursement system and the nature of any action taken in the system. 4. Evidence of strong access controls ensuring that authorized individuals have access only to the functions related to their responsibilities. A. 1 and 3. B. 1 and 4. C. 2 and 3. D. 2 and 4. Answer: D ========= 70. A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. J. Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees. K. Review the investigation and implement any improvements to the process. L. Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed. M. Determine why The fraud was not detected earlier and design controls to strengthen early detection. Answer: C ========= 71. Which of the following statements is true about The IIA Global Internal Audit Competency Framework? N. The core competencies outlined in the framework are not expected of a person undertaking an entry-level position as an internal auditor. O. The framework is designed to be used primarily by chief audit executives that are developing indicators to measure the performance of the internal audit activity for which they are responsible. P. The framework lists the core competencies internal auditors should possess before attempting to attain The IIA\'s Certified Internal Auditor certification. Q. The framework describes competencies needed for individual internal auditors, but not those necessary at the chief audit executive level. Answer: B ========= 72. Which of the following is an example of a directive control? R. Segregation of duties. S. Exception reports. T. Incentive compensation plans. U. Automated reconciliations. Answer: C ========= 73. An assurance mapping exercise helps an organization do which of the following? 1. Provide assurance to stakeholders that risks are managed and reported, and regulatory and legal obligations are met. 2. Fulfill best practices in the industry. 3. Identify and address any gaps in the risk management process. 4. Identify fraud. A. 1 and 4. B. 1 and 3. C. 2 and 3. D. 3 and 4. Answer: B ========= 74. According to IIA guidance, which of the following best describes internal auditors\' responsibility regarding fraud? V. Internal auditors should take a leading role in investigating all fraud-related cases. W. Internal auditors must have sufficient knowledge to evaluate the risk of fraud. X. Internal auditors should report all fraud cases to law enforcement agents, in accordance with the Code of Ethics. Y. Internal auditors are responsible for ensuring that fraud does not occur. Answer: B ========= 75. Which of the following types of social responsibilities is voluntary and guided purely by the organization\'s desire to make social contributions? Z. The bottom of the pyramid responsibility. A. Innovative responsibility. B. Ethical responsibility. C. Discretionary responsibility. Answer: C ========= 76. Which of the following combinations of conditions is most likely a red flag for fraud? D. The practice of surprise audits and the implementation of an employee support program. E. Hiring an employee with a prior fraud conviction and yearly management review. F. Occasional accounting department overrides and discontinuation of the anonymous fraud hotline due to infrequent use. G. A veteran employee in upper management experiencing financial difficulties and recently implemented enhanced controls. Answer: C ========= 77. According to IIA guidance, which of the following statements is true when an internal auditor performs consulting services that improve an organization\'s operations? H. The services must be aligned with those defined in the internal audit charter. I. The services must not be performed by the same internal auditor who performed assurance services, in order to maintain objectivity. J. The services may preclude assurance services from the consulting engagement. K. The services impose no responsibility to communicate information other than to the engagement client. Answer: B ========= 78. Faced with a complex, highly technical construction audit engagement, the chief audit executive (CAE) considered complementing the current internal audit resources by engaging the services of a civil engineer. 1. Professional certification, license, or other recognition of the engineer\'s competence in the relevant discipline. 2. Experience of the engineer in the type of work being considered. 3. Compensation or other incentives that the engineer may receive. 4. The extent of other ongoing services that the engineer may be performing for the organization. A. 1 and 4 only B. 2 and 3 only C. 3 and 4 only D. 1, 2, and 4 only Answer: D ========= 79. According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM? L. Assessing the risk factors. M. Aligning risk appetite and strategy. N. Enhancing risk response decisions. O. Reducing operational surprises and losses. Answer: A ========= 80. According to IIA guidance, which of the following statements is true regarding periodic internal assessments of the internal audit activity? P. Internal assessments are conducted to benchmark the internal audit activity\'s performance against industry best practices. Q. Internal assessments must be performed at least once every five years by a qualified assessor. R. An internal auditor may perform a peer review of a colleague\'s workpapers, as long as the auditor wasn\'t involved in the audit under review. S. Follow-up to ensure appropriate improvements are implemented is a recommended, but not mandatory, element of internal assessments. Answer: C ========= 81. Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity\'s responsibility with regard to assessing an organization\'s privacy framework? T. If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework. U. Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is V. required to conduct privacy assessments. Answer: D ========= 82. Which of the following best demonstrates the authority of the internal audit activity? W. Suggesting alternatives to decision makers. X. Improving the integrity of information. Y. Determining the scope of internal audit services. Z. Achieving engagement objectives. Answer: C ========= 83. Which of the following would be the most important consideration by the internal audit activity when selecting employees to perform an internal quality assessment? A. Their understanding of auditing standards. B. Previous experience working with the internal audit activity. C. Their reporting line within the organization. D. The nature of their regular duties and responsibilities. Answer: A ========= 84. Which of the following actions best demonstrates that an internal auditor is exercising due professional care? E. The auditor performs thorough reviews and provides absolute assurance of regulatory compliance. F. The auditor is alert to the possibility of fraud and activities where irregularities are most likely to occur. G. The auditor recommends improvements for all of the organization\'s procedures and practices. H. The auditor is cognizant of reducing travel expenses by combining a personal vacation with a business trip. Answer: B ========= 85. An internal auditor is reviewing the accounts receivable when she discovers account balances more than three years old. The auditor was previously supervising the area during this time, and she subsequently advises the chief audit executive (CAE) of a potential conflict. I. Replace the auditor with another audit staff member. J. Continue with the present auditor, as more than one year has passed. K. Withdraw the audit team and outsource the financial audit of the division. L. Work with the division\'s management to resolve the situation. Answer: A ========= 86. An internal auditor who is carrying out an engagement to review controls related to corporate tax reporting must possess which of the following competencies? 1. Proficiency in analyzing key IT risks and controls. 2. The ability to recognize significant deviations from good business practices. 3. Knowledge of key indicators of fraud in tax reporting. 4. The ability to recognize the existence of problems related to tax accounting. A. 1 and 4 only. B. 3 and 4 only. C. 2, 3, and 4 only. D. 1,2, 3, and 4. Answer: B ========= 87. According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity? M. CAE reviews and approves the annual audit plan. N. CAE meets privately with The CEO at least annually. O. CAE meets privately with The board at least annually. P. CAE reports to the board regarding audit staff performance evaluation and compensation. Answer: D ========= 88. Evidence discovered during the course of an engagement suggests that multiple incidents Q. Immediately notify management of the area under review and the other internal auditors involved in the engagement. R. Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly. S. Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud. T. Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud. Answer: A ========= 89. While performing an accounts payable engagement, a senior auditor wants to conduct several tests of controls for travel expenses. 1. Ensure all tests use a random sampling technique. 2. Consider a judgmental approach for the sample size. 3. Assess testing errors through root cause analysis. 4. Ensure that the entire data set is tested. A. 1 and 2. B. 1 and 3. C. 2 and 3. D. 2 and 4. Answer: C ========= 90. What is the primary benefit to the internal audit activity for undertaking an internal quality assessment? U. To help the internal audit activity complete its annual assurance plan. V. To identify inefficiencies within the internal audit team. W. To help improve the overall quality of the internal audit activity\'s work. X. To identify key risks and areas of concern within the organization. Answer: C ========= 91. According to IIA guidance, which of the following statements is true regarding the reporting of results from an external quality assessment of the internal audit activity? Y. The external assessment results are reported upon completion in confidence directly to the board, and senior management is advised only of the recommendations and improvement action plans. Z. The results of self-assessments with independent external validation are shared with the board upon completion, and monitoring of recommended improvements must be reported monthly. A. The external assessment results are communicated upon completion to senior management and the board, but action plans for recommended improvements do not have to be reported. B. The requirements for reporting quality assessment results are the same for external assessments and self-assessments with independent external validation. Answer: B ========= 92. A large sales organization maintains a system of internal control according to the COSO model and has updated its code of conduct. C. Control activities. D. Information and communication. E. Commitment. F. Control environment. Answer: D ========= 93. Which of the following techniques would provide the most compelling evidence that a safety hazard exists within a manufacturing facility? G. Observation of the facility during operations. H. Questioning of facility management, including the facility safety officer. I. Analysis of facility operating reports, focusing on instances when breakdowns occurred. J. Review of records involving safety violations, filed by facility production employees. Answer: A ========= 94. An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank\'s IT security manager two years ago. K. Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security. L. Not allow the audit manager to hire the contractor, as it would be a conflict of interest. M. Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year. N. Not allow the audit manager to hire the contractor and ask the individual to apply again in one year. Answer: A ========= 95. A new internal audit activity is creating its first charter. O. Continuously monitor the organization\'s overall risk activities in relation to its risk appetite. P. Evaluate the adequacy and effectiveness of the organization\'s governance activities. Q. Oversee the establishment and administration of an effective risk management program. R. Assist management in implementing recommended control improvements. Answer: C ========= 96. An internal audit charter, approved by the board, restricts the internal audit activity to providing assurance only on the reliability of financial information and the effectiveness of internal accounting controls. S. The external auditor may make full use of the work, as the audit charter is very specific as to the work the internal audit activity may undertake. T. The external auditor may use the work, as the board has approved the charter, thus taking responsibility for any deficiencies. U. The external auditor must disregard the work, as the scope of the charter may introduce bias and result in a lack of due professional care. V. The external auditor may use the work with caution, due to the internal audit activity\'s scope and responsibility restrictions. Answer: D ========= 97. An internal auditor is performing analytical reviews as part of an audit of a supermarket\'s merchandising department. W. Higher inventory turnover. X. Higher operating margin. Y. Lower obsolete stock disposal. Z. Lower sales volume. Answer: D ========= 98. Which of the following is an example of collusion? A. An employee includes a faked receipt in his expense claim, and the claim is signed by the employee\'s manager. B. A vendor inflates the price of an item and remits a portion of the excess to the purchasing manager. C. A vendor sends a duplicate invoice with a new invoice number, and the accounts payable system fails to detect the duplication. D. An employee works with the IT manager to develop a program for identifying duplicate invoice payments. Answer: B ========= 99. In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment? E. The CAE would need to procure external services to deliver the internal audit assurance program. F. There is no expertise within the internal audit team for detecting and investigating fraud. G. There is no expertise within the internal audit team for auditing an IT engagement. H. There is no available expertise on the internal audit team to perform a consulting engagement. Answer: B ========= 100. Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity? I. Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE). J. Approve the annual budget and resource plan for the internal audit activity. K. Assist the CAE with hiring objective and competent internal audit staff. L. Encourage the CAE to communicate and coordinate with the external auditor. Answer: A ========= 101. With regard To IT governance, which of the following is the most effective and appropriate role for the internal audit activity? M. Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization\'s risk appetite. N. Evaluate the organization\'s governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization\'s risk appetite. O. Assist management in interpreting complex IT-related privacy and security risk exposures and P. Assess whether governance activities are aligned with the organization\'s risk appetite and take into consideration emerging risks. Answer: D ========= 102. Which of the following best describes the misdirection of payments on accounts receivable to an employee\'s bank account? Q. Fraud open on the books. R. Fraud hidden on the books. S. Fraud off the books. T. Fraud on the balance sheet. Answer: C ========= 103. The chief audit executive (CAE) is planning to conduct an internal assessment of the internal audit activity (IAA). Part of this assessment will include benchmarking. 1. Average client customer satisfaction score for a given year. 2. Client survey comments on how to improve the IAA. 3. Auditor interviews once an audit has been completed. 4. Percentage of audits completed within 90 days. A. 1 and 2. B. 1 and 3. C. 2 and 3. D. 3 and 4. Answer: C ========= 104. Which of the following is the best way to detect fraud? U. Conduct anti-fraud training. V. Perform background investigations. W. Implement process controls. X. Activate a whistleblower hotline. Answer: D ========= 105. In which of the following functions would fraud be most likely to occur? Y. Maintaining custody of inventory records. Z. Collecting payments on accounts. A. Approving changes to employee records. B. Preparing customer statements. Answer: B ========= 106. An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. A. Management sells the product division to a competitor. B. Management outsources the product division to a third party. C. Management allows the product division to remain unchanged. D. Management modifies the product division to minimize errors. Answer: D ========= 107. According to the HA Code of Ethics, which of the following statements best describes the principle of competency? C. Internal auditors shall perform their work with honesty, diligence, and responsibility. D. Internal auditors shall perform their work in accordance with the Standards. E. Internal auditors shall perform their work in accordance with the law and make disclosures expected by the law. F. Internal auditors shall be prudent in the use of information acquired while performing their work. Answer: B ========= 108. An internal auditor is conducting an assessment of the organization\'s fraud prevention program using the COSO enterprise risk management framework. 1. The organization uses an automated authority approval matrix to control payments. 2. The organization has a whistleblower hotline that is available to employees. 3. Annually, every manager completes a comprehensive fraud assessment of his or her department. 4. Annually, the organization reviews and communicates the code of expected behavior. A. 1 and 2. B. 1 and 3. C. 2 and 3. D. 2 and 4. Answer: D ========= 109. Management is developing and implementing a risk and control framework for use throughout the organization. 1. Appropriate levels of authority and responsibility. 2. Supervision of staff and appropriate review of work. 3. The seniority of management in the organization. 4. The ability to trace each transaction to an accountable and responsible individual. A. 1,2, and 3. B. 1.2, and 4. C. 1.3, and 4. D. 2, 3, and 4. Answer: D ========= 110. According to IIA guidance, which of the following is an area in which the internal auditor should be proficient? G. Management principles. H. Computerized information systems. I. Internal audit standards, procedures, and techniques. J. Fundamentals of accounting, economics, and finance. Answer: C ========= 111. According to IIA guidance, which of the following should be included in the internal audit charter? K. The minimum resources and competencies needed for the internal audit activity. L. Identification of the organizational units where engagements are to be performed. M. Organizational relationships and reporting lines. N. Assigned responsibilities for designing and implementing controls. Answer: C ========= 112. According to the COSO enterprise risk management framework, which of the following best describes the activity that helps ensure risk responses are carried out effectively? O. Objective setting. P. Control activities. Q. Information and communication. R. Event identification. Answer: B ========= 113. A manufacturing line supervisor joins the internal audit activity for a two-year rotational job assignment and is assigned to an accounts receivable audit. S. Due professional care. T. Individual independence. U. Individual objectivity. V. Organizational independence. Answer: A ========= 114. Which of the following is an example of a detective control? W. Automatic shut-off valve. X. Auto-correct software functionality. Y. Confirmation with suppliers and vendors. Z. Safety instructions. Answer: C ========= 115. According to IIA guidance, which of the following must internal auditors consider to conform with the requirements for due professional care during a consulting engagement? 1. The cost of the engagement, as it pertains to audit time and expenses in relation to the potential benefits. 2. The needs and expectation of clients, including the nature, timing, and communication of engagement results. 3. The application of technology-based audit and other data analysis techniques, where appropriate. 4. The relative complexity and extent of work needed to achieve the engagement\'s objectives. A. 1, 2, and 3 B. 1, 2, and 4 C. 1, 3, and 4 D. 2, 3, and 4 Answer: B ========= 116. Click the Exhibit. ![](media/image2.jpeg) A. Graph A only B. Graph B only C. Both A and B. D. Neither A nor B. Answer: C ========= 117. Reviewing prior audit reports and supporting workpapers before an engagement starts enables an internal auditor to do which of the following? 1. To understand better the activity and processes that will be audited. 2. To identify the audit procedures that will be used during the engagement. 3. To ensure that matters of greatest vulnerability will be addressed. 4. To use the information obtained as evidence in the current engagement. A. 4 only B. 1 and 3 only C. 1 and 4 only D. 2, 3, and 4 only Answer: B ========= 118. Which of the following activities should the chief audit executive perform to ensure compliance with an organization\'s code of conduct? A. Act as an adviser to the committee responsible for reviewing violations of the code. B. Review and adjudicate all violations of the code of conduct. C. Lead the committee responsible for the oversight of the code. D. Implement a system of procedures to inform all employees of the code. Answer: A ========= 119. An auditor in charge was reviewing the workpapers submitted by a newly hired internal auditor. She noted that the new auditor\'s analytical work did not include any rating or quantification of the risk assessment results, and she returned the workpapers for correction. E. Condition section. F. Criteria section. G. Effect section. H. Cause section. Answer: C ========= 120. According to IIA guidance, which of the following are macro-level audit activities performed for an assurance engagement of the purchasing department? 1. Obtain and review all purchasing-related audit reports issued within the past year. 2. Meet with the quality assurance group to discuss its previous reports of any purchasing-related findings. 3. Review a memo written by the purchasing manager that outlines ongoing problems with the purchasing software. 4. Request a copy of the report from a purchasing audit conducted last year by an external service provider. A. 1 and 2. B. 1 and 3. C. 2 and 4. D. 3 and 4. Answer: A ========= 121. Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit? 1. Acceptance of CAATs findings by entity management. 2. Computer knowledge and expertise of the auditor. 3. Time constraints. 4. Level of audit risk. A. 1 and 4 B. 2 and 3 only C. 1, 2, and 3 D. 2, 3, and 4 Answer: D ========= 122. Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance? 1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization. 2. The internal audit activity must assess whether the IT governance of the organization supports the organization\'s strategies and objectives. 3. The internal audit activity may assess whether the IT governance of the organization supports the organization\'s strategies and objectives. 4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization\'s strategies and objectives. A. 1 only. B. 4 only. C. 2 and 4. D. 3 and 4. Answer: A ========= 123. Which of the following is most likely to function as a directive control? I. Security dogs. J. Alert employees. K. Insurance claims. L. Cycle counts. Answer: B ========= 124. A chief audit executive (CAE) reports functionally to the CEO and administratively to the chief financial officer, both of whom serve on the company\'s board of directors. M. Appoint the CAE as a member of the board. N. Move the CAE\'s functional reporting to an executive who is not on the board. O. Obtain full board approval of the internal audit activity\'s annual audit plan. P. Move the CAE\'s functional reporting to the audit committee. Answer: D ========= 125. An internal audit charter should do which of the following? Q. Outline the schedule of future audits. R. Define the scope of internal audit activities. S. Establish the size of the internal audit activity. T. Communicate the internal audit activity\'s goals. Answer: B ========= 126. Which of the following best explains why integrity is a necessary personal quality for internal auditors at all levels? U. Internal auditor integrity enables stakeholders to constantly question the work of the internal audit activity. V. Internal auditor integrity enables the internal auditor to avoid being challenged by any party in the organization. W. Internal auditor integrity enables the internal audit activity to be able to demonstrate independence. X. Internal auditor integrity enables users of internal auditors\' work to make important business decisions. Answer: D ========= 127. Which of the following are core responsibilities to be included in the internal audit charter? 1. Review reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information. 2. Determine the adequacy and effectiveness of the organization's systems of internal accounting and operating controls. 3. Participate in the planning and performance of audits of potential acquisitions with the organization\'s outside accountants and other members of the corporate staff. 4. Report to those members of management who should be informed of results of audit examinations, the audit opinions formed, and the recommendations made. A. 1 and 2. B. 1 and 4. C. 2 and 3. D. 2 and 4. Answer: A ========= 128. According to the International Professional Practices Framework, which of the following are allowable activities for an internal auditor? 1. Advocating the establishment of a risk management function. 2. Identifying and evaluating significant risk exposures during audit engagements. 3. Developing a risk response for the organization if there is no chief risk officer. 4. Benchmarking risk management activities with other organizations. 5. Documenting risk mitigation strategies and techniques. A. 4 and 5 only. B. 1.2, and 3 only. C. 1.2. 4. and 5 only. D. 2\. 3. 4. and 5 only. Answer: C ========= 129. Which of the following best describes the details that must be included in the quality assurance and Y. The scope and frequency of internal and external assessments as well as the qualifications and independence of the assessor. Z. The scope and cost of the QAIP. frequency of internal and external assessments, and conclusions of the assessor. A. The scope, findings, risks, recommendations, and agreed-upon improvement actions. B. The number and types of people involved in the assessment, costs, and duration of the QAIP Answer: C ========= 130. A government agency maintains a system of internal control, according to the COSO model, and has made a change to its employee performance reviews and rewards program. C. Control environment. D. Control activities. E. Information and communication. F. Monitoring activities. Answer: A ========= 131. While auditing an organization\'s credit approval process, an internal auditor learns that the organization has made a large loan to another auditor\'s relative. G. Proceed with the audit engagement, but do not include the relative\'s information. H. Have the chief audit executive and management determine whether the auditor should continue with the audit engagement. I. Disclose in the engagement final communication that the relative is a customer. J. Immediately withdraw from the audit engagement. Answer: B ========= 132. According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor\'s need for objectivity? K. An internal auditor assessed the effectiveness of controls over payroll software, which he had helped implement with a previous employer. L. An internal auditor participated in an audit of controls around absenteeism, despite providing some consultation on controls in this area earlier in the year. M. An internal auditor performed an assurance engagement for the effectiveness of accounts payable access controls, one of which he previously helped to design. N. An internal auditor, previously employed in the quality assurance operations area, performed a consulting engagement for the operations manager. Answer: C ========= 133. The security department uncovered what appears to be a complex fraud in the accounting department. The CEO has requested the internal audit activity to investigate the fraud. A. Disclose the deficiency, and request that the investigation be reassigned to the first line of defense. B. Proceed with the investigation, as internal auditors are not required to have fraud expertise. C. Outsource the sensitive investigation to a third-party consultant with fraud expertise. D. Select a member of the accounting department who is not involved in the fraud to join the investigation team in a consulting capacity. Answer: C ========= 134. Which of the following describes a key characteristic related to effective organizational communication? O. Comprehensive supervisory and verification procedures. P. A well-designed system of internal controls. Q. A culture of integrity and transparency. R. Unique operating environments with varying complexity. Answer: B ========= 135. The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently. S. Pressure or incentive. T. Opportunity. U. Rationalization. V. Commitment. Answer: A ========= 136. Which of the following is an example of a risk management avoidance response? W. Exiting a marketplace. X. Recalling a product. Y. Obtaining product insurance. Z. Outsourcing production. Answer: A ========= 137. Which of the following is true regarding the use of a formal risk management framework? 1. It facilitates a methodical approach to risk mitigation. 2. It defines and standardizes the terminology used in risk communication. 3. It establishes the risk tolerance levels to be accommodated in the strategy. 4. It facilitates the alignment of risk mitigation strategies with management priorities. A. 1.2, and 3. B. 1,2, and 4. C. 1.3, and 4. D. 2\. 3, and 4. Answer: B ========= 138. To fill a critical vacancy, an internal auditor is assigned temporarily to a nonaudit role in the purchasing department, where she worked previously before joining the internal audit activity. A. The chief audit executive (CAE) should review all work performed by the auditor during her temporary assignment to ensure no impairments. B. The CAE may conduct audits in the purchasing department during the auditor\'s temporary assignment. C. The auditor should obtain the CAE\'s approval as to the nature and scope of the duties she is permitted to perform during her temporary assignment. D. Any work performed by the auditor during her temporary assignment must conform to the internal audit charter. Answer: C ========= 139. Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook. Which of the following handbook policies has the greatest risk of compromising audit objectivity? E. Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related. F. Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization\'s operations. G. Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board. H. Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer. Answer: B ========= 140. The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement? I. The assigned internal auditor must determine the objectives, scope, and techniques of the engagement. J. The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them. K. The assigned internal auditor must not assume management responsibilities while performing the engagement. L. The assigned internal auditor must maintain objectivity while performing the engagement. Answer: A ========= 141. According to IIA guidance, which of the following external groups is most likely to represent a liability risk, based on activities associated with the organization\'s corporate social responsibility program? M. Consumers. N. Activists. O. Suppliers. P. Investors. Answer: B ========= 142. Which of the following is an activity that an internal auditor must not perform? Q. Establish and provide continuing assurance on an anti-money laundering program for new hires. R. Survey employees for their understanding of anti-money laundering practices. S. Provide assurance for the effectiveness of anti-money laundering training. T. Assess the risk of being fined for ineffective anti-money laundering practices. Answer: A ========= 143. Which of the following is an example of a risk avoidance strategy? U. Hedging against exchange rate variations. V. Limiting access to an organization\'s data center. W. Selling a nonstrategic business unit. X. Outsourcing a high-risk activity. Answer: C ========= 144. Which of the following actions would be characterized as a preventive control to safeguard inventory from the risk of theft? 1. Locking doors and physically securing inventory items. 2. Independently observing the receipt of materials. 3. Conducting monthly inventory counts. 4. Requiring the use of employee ID badges at all times. A. 1 and 3. B. 1 and 4. C. 2 and 3. D. 2 and 4. Answer: B ========= 145. As a matter of policy, the chief audit executive routinely rotates internal audit staff assignments and periodically interviews the staff to discuss the potential for conflicts of interest. Y. Organizational independence. Z. Professional objectivity. A. Due professional care. B. Individual proficiency. Answer: B ========= 146. According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions? C. Rating each engagement record to assess its relevance and accessibility for the organization\'s board. D. Controlling access to engagement records, including access by senior management. E. Developing retention requirements for engagement records that are consistent with organizational guidelines. F. Forming policies governing the custody and retention of consulting engagement records before their release to other parties. Answer: A ========= 147. During an audit, the client questions the internal audit activity\'s authority to perform procedures over A. Definition of Internal Auditing. B. MA Standards. C. Internal audit charter. D. The IIA\'s Code of Ethics. Answer: C ========= 148. Which segregation of duties would best reduce the risk of payroll fraud? G. Human resources personnel add employees, and payroll personnel process hours and enter employee bank account numbers. Paychecks are automatically deposited in the employee\'s bank account. H. Human resources personnel add employees, payroll personnel process hours, and human resources personnel deliver paychecks to employees. I. Human resources personnel add employees, review and submit payroll hours to the payroll department for processing, and deliver paychecks to employees. J. Human resources personnel add employees and enter employee bank information. Answer: A ========= 149. An internal audit team is performing an audit of workplace accident claims. K. Having an occupational health officer on the engagement team. L. Determining that the claims have been classified properly. M. Placing reliance on medical reports from the injured worker\'s doctor. N. Reviewing claims to ensure all accidents actually occurred in the workplace. Answer: A ========= 150. According to The IIA\'s Code of Ethics, which of the following is true? O. Confidentiality requires that auditors disclose all material facts known to them. P. Integrity requires that auditors perform internal audit services in accordance with the Standards. Q. Objectivity requires that auditors perform their work with honesty, diligence, and responsibility. R. Confidentiality requires that auditors be prudent in the use and protection of client information. Answer: D ========= 151. According to The IIA\'s Code of Ethics, which of the following actions violates the principle of confidentiality? S. Accepting a consulting request in the IT department without possessing the requisite experience. T. Providing personal tax preparation services for a fee for several employees during the lunch hour. U. Providing a friend with the marketing strategic plan, which she will use to prepare her university thesis. V. Agreeing to reword an observation to avoid the client complaining directly to the auditor\'s supervisor. Answer: C ========= 152. Which of the following situations is most likely to impair internal audit objectivity? W. An internal auditor reports both functionally and administratively to the chief financial officer (CFO). X. An internal auditor, who was an accounts receivable intern for the organization three years prior, performs an audit of the accounts receivable cycle. Y. Z. An internal auditor performs an audit in a department that is led by the auditor\'s close friend. Answer: D ========= 153. Which of the following control methods is effective in reducing the risk of purchasing-scheme fraud? 1. Periodically reviewing the vendor list for unusual vendors and addresses. 2. Segregating duties for amount purchasing, receiving, shipping, and accounting. 3. Validating sequential integrity of purchase orders. 4. Verifying the validity of invoices with post office box addresses. A. 1 and 2 only B. 3 and 4 only C. 1, 2, and 4 only D. 1, 2, 3, and 4 Answer: B ========= 154. An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. A. Preventive controls. B. Detective controls. C. Soft controls. D. Directive controls. Answer: A ========= 155. Which of the following statements is true with regard to conducting an effective quality assurance and improvement program? E. The IIA\'s Quality Assessment Manual for the Internal Audit Activity must be used as the basis for periodic assessments. F. Members of the internal audit activity are not permitted to perform quality assessments, as they would not be independent. G. Periodic internal assessments provide the most current and independent recommendations for improvement. H. The conclusions of periodic internal assessments are intended to assist in achieving conformity to the Standards. Answer: D ========= 156. Which of the following is considered a violation of The IIA\'s Code of Ethics? I. An auditor conveys public information about an organization\'s financial condition. J. An auditor reports a manager\'s illegal activity to senior management, rather than reporting the incident to the appropriate external authority. K. An auditor receives allegations of fraud from a whistleblower and immediately reports the allegations to senior management. L. An auditor reports material deficiencies, despite the fact that management is already aware of the defects. Answer: C ========= 157. Which of the following statements is true regarding assurance services provided to clients outside of the organization? M. Assurance services for outside clients are not covered under the internal audit charter. N. Assurance services for outside clients must be approved on a case-by-case basis by the board of directors. O. The nature of assurance services for outside clients should be defined in the internal audit charter. P. The nature of assurance services for outside clients is the same as for internal clients. Answer: C ========= 158. Which of the following is the most common method of fraud detection? Q. Analytical reviews of high-risk areas. R. Detective controls built into the daily processes. S. Unannounced audits or reviews of programs or departments. T. Tips received from employees or citizens. Answer: D ========= 159. A chief audit executive (CAE) is selecting an internal audit team to perform an audit engagement that requires a high level of knowledge in the areas of finance, investment portfolio management, and taxation. U. Postpone the audit until the CAE hires internal audit staff with the required knowledge. V. Ask the audit committee to decide the course of action. W. Select the most experienced auditors in the department to perform the engagement. X. Hire consultants who possess the required knowledge to perform the engagement. Answer: D ========= 160. During an audit engagement, the internal auditor discussed a risk mitigation recommendation with the manager of the area under review. The manager disagreed with the risk assessment and recommendation. The two failed to come up with an alternative solution, and the auditor decided to proceed with including the original recommendation in the engagement report. Y. Soft skills in communication, negotiation, and collaboration. Z. Technical skills in the area under review. A. Professional qualifications and certification in internal auditing. B. Confidentiality and independence. Answer: A ========= 161. An organization invests its savings in a volatile stock with the potential for high gains rather than a mutual fund with a lower expected return and lower volatility. C. Risk identification. D. Risk appetite. E. Risk capacity. F. Risk tolerance. Answer: D ========= 162. Which of the following behaviors could represent a significant ethical risk if exhibited by an organization\'s board? G. Requesting a private meeting with senior management, without the presence of the chief audit executive. H. Intervening during an audit involving ethical wrongdoing. I. Discussing periodic reports of ethical breaches. J. Authorizing an investigation of an unsafe product. Answer: B ========= 163. According to IIA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization? K. To enable Triple Bottom Line reporting capability. L. To facilitate the conduct of risk assessment. M. To achieve and maintain sustainable development. N. To fulfill regulatory and compliance requirements. Answer: C ========= 164. An internal auditor is using a spreadsheet application to review a cash flow forecast prepared by management. O. Competent, corroborative evidence of future working capital requirements. P. Sufficient, analytical evidence of the cash flow position at a given point of time in the future. Q. Competent, documentary evidence of future cash flow changes within the organization. R. Sufficient, circumstantial evidence of the future solvency of the organization. Answer: C ========= 165. Which of the following must be in existence as a precondition to developing an effective system of internal controls? S. A monitoring process. T. A risk assessment process. U. A strategic objective-setting process. V. An information and communication process. Answer: B ========= 166. According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization\'s social responsibility program is effective? W. Senior management. X. Internal audit activity. Y. All employees. Z. Board of directors. Answer: D ========= 167. Which of the following are components of the ISO 31000 risk management process? 1. Setting the context. 2. Risk treatment. 3. Risk avoidance. 4. Communication. A. 1 and 2 only. B. 2 and 3. C. 3 and 4. D. 1,2, and 4. Answer: A ========= 168. A former line supervisor from the Financial Services Department has completed six months of a A. She may participate, but only after she has completed one year with the IAA. B. She may participate, because she did not previously work in the Human Resources Department. C. She may participate, but she must be supervised by the auditor in charge. D. She may participate for training purposes, to build her knowledge of the IAA. Answer: B ========= 169. Which of the following scenarios best illustrates the principle of due professional care? A. An internal auditor evaluates the significant risks arising from a consulting engagement. B. An internal auditor declares that he would have a conflict of interest in providing planned audit support. C. An internal auditor has been given sufficient authority to access documents needed to make an appraisal of an issue. D. An internal auditor uses technology-based audit techniques to ensure that all significant risks are identified. Answer: A ========= 170. Which of the following professional development approaches would offer internal auditors the most opportunities to broaden their engagement experiences? E. Assign more experienced internal auditors to mentor the less experienced auditors. F. Send internal auditors to external trainings in advanced internal audit topics. G. Appraise internal auditors\' performance and competencies at least annually and issue constructive feedback. H. Rotate internal auditors among different engagement assignments. Answer: D ========= 171. What is the purpose of a secondary control? I. It replaces primary controls that are either ineffective or cannot fully mitigate a risk. J. It partially reduces the residual risk level when a key control does not operate effectively. K. lt combines with other controls to help reduce significant risk exposures to an acceptable level. L. It helps to ensure the completeness and accuracy of automated controls in a system environment. Answer: C ========= 172. According to The MA Code of Ethics, which of the following is one of the rules of conduct for objectivity? M. Internal auditors shall continually improve their proficiency and effectiveness and quality of their services. N. Internal auditors shall respect and contribute to legitimate and ethical objectives of the organization. O. Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment. P. Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties. Answer: C ========= 173. According to the COSO internal control framework, which of the following best describes the use of continuous auditing programs by the internal audit activity? Q. Control environment. R. Control activities. S. Risk assessment. T. Monitoring. Answer: D ========= 174. Which of the following would be considered a violation of The IIA\'s mandatory guidance on independence? U. The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer. V. The board seeks senior management\'s recommendation before approving the annual salary adjustment of the CAE. W. The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity. X. The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline. Answer: B ========= 175. Which of the following statements describes impairment to the internal auditor\'s objectivity? Y. An internal auditor reviews a purchasing agent\'s contract drafts prior to their execution. Z. An internal auditor reduces the scope of an audit engagement due to budget restrictions. A. An internal auditor receives a promotional gift that is available to the organization\'s employees. B. An internal auditor performs an assessment of the operations for which he was recently responsible. Answer: D ========= 176. Which of the following is a detective control strategy against fraud? C. Requiring employees to attend ethics training. D. Performing background checks on employees. E. Implementing a control self-assessment. F. Performing a surprise audit. Answer: D ========= 177. What is the additional advantage of facilitated workshops, in comparison with structured interviews, used when testing the effectiveness of entity-level controls? G. During facilitated workshops, people more openly say things to internal auditors than during private interviews. H. Internal auditors do not need other sources of information, as the data gathered during facilitated workshops is sufficient. I. Facilitated workshops create a synergy of discussion that can bring multiple perspectives to the same issue. J. The testimonial evidence obtained during facilitated workshops is generally considered more reliable. Answer: C ========= 178. Which of the following statements accurately describes an internal auditor\'s responsibility with regard to due professional care? K. An internal auditor should express an opinion only when consensus with top management has been achieved. L. An internal auditor\'s opinion should be based on experience and free of all bias. M. An internal auditor\'s opinion should be based on factual evidence. N. An internal auditor\'s opinion should be limited to the effectiveness of internal controls. Answer: C ========= 179. The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. O. The CAE\'s work may be reviewed by any other experienced staff member within the IAA. P. The CAE\'s work should be reviewed by an individual with the appropriate background and knowledge. Q. The CAE may self-review his work, provided he discloses this practice in the final report. R. The CAE should avoid performing engagements to ensure he is able to review all audit work objectively. Answer: B ========= 180. According to IIA guidance, which of the following roles would be appropriate for an internal auditor regarding fraud risk? 1. Identification. 2. Mitigation. 3. Remediation. 4. Reduction. A. 1 only. \| B. 1 and 4 only. C. 1, 3, and 4 only. D. 1,2, 3, and 4. Answer: B ========= 181. Internal auditors must exercise due professional care by considering which of the following? 1. Cost of assurance in relation to potential benefits. 2. Adequacy and effectiveness of governance, risk management, and control processes. 3. Management\'s competency level in the area being evaluated. 4. Probability of significant errors, fraud, or noncompliance. A. 1 and 2 only B. 1, 2, and 3 only C. 1, 2, and 4 only D. 2, 3, and 4 only Answer: C ========= 182. An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing A. Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity has addressed all areas of nonconformance and the audit committee has been notified. B. Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed. C. Indicate that the internal audit activity operates in partial conformance with the Standards, as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment. D. Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to all parties who received the original reports. Answer: B ========= 183. Which of the following is a weakness of observation as audit evidence? S. It cannot be used to test the completeness assertion. T. It cannot be used to test the existence assertion. U. It cannot be used to test the occurrence assertion. V. It cannot be relied upon because the evidence is not persuasive. Answer: A ========= 184. Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement? W. Advance notice may result in management making corrections to reduce the number of potential deficiencies. X. Previous management action plans addressing prior internal audit recommendations remain incomplete. Y. The engagement includes audit assurance procedures such as sensitive or restricted asset verifications. Z. The audit engagement has already been communicated and approved through the annual audit plan. Answer: C ========= 185. The board has asked the internal audit activity (IAA) to be involved in the organization\'s enterprise risk management process. A. Coach management in responding to risks. B. Develop risk management strategies for board approval. C. Facilitate identification and evaluation of risks. D. Evaluate risk management processes. Answer: D ========= 186. Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program? E. Improper segregation of duties. F. Incentives and bonus programs. G. An employee\'s reported concerns. H. Lack of an ethics policy. Answer: C ========= 187. When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives? 1. Add value. 2. Improve operations. 3. Provide assurance that the internal audit activity conforms with the Standards. 4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics. A. 1 only B. 1 and 2 only C. 1 and 3 only D. 1, 2, 3, and 4 Answer: D ========= 188. The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. 1. Use an external service provider. 2. Conduct a self-assessment with independent validation. 3. Arrange for a review by qualified employees outside of the IAA. 4. Arrange for reciprocal peer review with another CAE. A. 1 and 2 B. 2 and 4 C. 1, 2, and 3 D. 2, 3, and 4 Answer: A ========= 189. Which of the following statements describes an engagement planning best practice? I. It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement. J. If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase. K. The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final. L. Engagement planning activities include setting engagement objectives that align with audit client\'s business objectives. Answer: D ========= 190. An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. M. Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization. N. Confirm the decision with management and document this decision in the audit file. O. Document the issue in the audit file and follow up until the issues are resolved. P. Initiate an assurance engagement on the unresolved issues. Answer: B ========= 191. A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. Q. Integrity. R. Flexibility. S. Initiative. T. Curiosity. Answer: D ========= 192. According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement? 1. Coordinate audit team members to ensure the efficient execution of all engagement procedures. 2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions. 3. Provide structured learning opportunities for engagement auditors when possible. 4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly. A. 1, 2, and 3 B. 1, 2, and 4 C. 1, 3, and 4 D. 2, 3, and 4 Answer: B ========= 193. Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review? U. The financial interest the service provider may have in the organization. V. The relationship the service provider may have had with the organization or the activities being reviewed. W. Compensation or other incentives that may be applicable to the service provider. X. The service provider\'s experience in the type of work being considered. Answer: D ========= 194. While conducting an audit of a third party\'s Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. 1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated. 2. Evaluate the adequacy and effectiveness of the corrective action proposed by management. 3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated. 4. Submit management\'s plan of action to the external auditors for additional review. A. 1 and 2 B. 1 and 4 C. 2 and 3 D. 3 and 4 Answer: A ========= 195. Which of the following should be included in a privacy audit engagement? 1. Assess the appropriateness of the information gathered. 2. Review the methods used to collect information. 3. Consider whether the information collected is in compliance with applicable laws. 4. Determine how the information is stored. A. 1 and 3 only B. 2 and 4 only C. 1, 3, and 4 only D. 1, 2, 3, and 4 Answer: D ========= 196. The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Y. It minimizes the amount of time spent and cost incurred to gather the necessary information. Z. Responses can be confidential, thus encouraging participants to be candid expressing their concerns. A. Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors. B. Workshop participants have an opportunity to learn while contributing ideas toward the objectives. Answer: D ========= 197. The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. C. Refuse to accept the consulting engagement because it would be a violation of independence. D. Collaborate with the external auditor to ensure the most efficient use of resources. E. Accept the engagement but hire an external trai

IIA-ACCA_passquestion.docx

Document Details

Tags

Related

Full Transcript

Upgrade to continue