Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

IIA-CIA-Part1 Internal Audit Fundamentals Questions and Answers

Questions 4

At the beginning of an IT development project key risks were identified and assessed and risk owners were appointed Six months later the IT development team reported that the project Is significantly over budget, it will not be completed on time and key personnel had left the organization. Which of the following risk management practices should be improved for future projects?

Options:

A.

Risk response.

B.

Risk assessment

C.

Risk monitoring.

D.

Risk avoidance.

Buy Now
Questions 5

Which of the following is an indicator that an organization ' s risk management processes are effective?

Options:

A.

Departmental objectives are managed by department heads and are independent of the organization ' s mission.

B.

Organization wide mechanisms exist to enable the identification and assessment of all significant risks.

C.

Department heads have the autonomy to determine risk responses that fall outside of the organizations risk appetite

D.

Relevant risk information is captured and communicated primarily between management and the board

Buy Now
Questions 6

If an internal auditor suspects fraud during an engagement which of the following is expected of the auditor?

Options:

A.

Evaluate the suspected activities to determine whether a forma! investigation is warranted,

B.

Immediately inform senior management and the board of the suspected fraud.

C.

Ascertain the level of resources needed to formally investigate the fraud, and proceed with the investigation if resources permit,

D.

Include in the engagement documentation all possible effects and the potential impact of the fraud to the organization

Buy Now
Questions 7

Which of the following best describes the role of internal control frameworks?

Options:

A.

They outline specific internal controls for an organization to implement to ensure business objectives will be achieved.

B.

They provide guidance related to internal control design and implementation to assist with the evaluation and benchmarking of business practices.

C.

They serve as a list of appropriate internal controls for auditors to ensure an organization is using best practices.

D.

They serve as a template for identifying standardized best practices in effective risk management across industries and countries.

Buy Now
Questions 8

Which of the following is an example of corruption?

Options:

A.

Recognizing revenue up front rather than over a contract’s life to inflate revenue for the current period

B.

Requesting reimbursement for overstated travel and entertainment expense amount

C.

Misstating realized foreign currency transaction gains or losses

D.

Demanding payment from a vendor for decisions made in the vendor’s favor

Buy Now
Questions 9

In which of the following situations would the organizational independence of an internal audit activity be impaired?

Options:

A.

The chief audit executive reports administratively to the CEO.

B.

Scope limitations are imposed on internal audits.

C.

The internal audit activity provides assurance services for an activity for which the engagement supervisor had responsibility within the previous year.

D.

The compensation committee of the board approves the remuneration of the chief audit executive.

Buy Now
Questions 10

With regard to IT governance, which of the following is the most effective and appropriate role for the internal audit activity?

Options:

A.

Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization ' s risk appetite.

B.

Evaluate the organization’s governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization’s risk appetite.

C.

Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.

D.

Assess whether governance activities are aligned with the organization ' s risk appetite and take into consideration emerging risks

Buy Now
Questions 11

Regarding the chief audit executive (CAE). which ot the following is considered an impairment to the independence of the internal audit activity?

Options:

A.

The CAE reports administratively to the CEO.

B.

The CAE is asked to submit the liquidation of her travel allowances to human resources for approval.

C.

The CAE ' s supervisor is responsible for the risk management function.

D.

The CAE is asked to review new procedures before implementation.

Buy Now
Questions 12

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

Options:

A.

Leadership.

B.

Documentation.

C.

Analysis.

D.

Reporting.

Buy Now
Questions 13

Which of the following best describes organizational governance processes?

Options:

A.

Processes employed by internal and external assurance providers to authorize, direct, and provide oversight to management to better enable the meeting of organizational objectives

B.

Processes employed by the board of directors to authorize and provide guidance and oversight to management to promote the achievement of organizational objectives.

C.

Processes employed by the board of directors and senior management to mitigate risks to acceptable levels.

D.

Processes employed by risk owners to mitigate risks to acceptable levels within the organization ' s risk appetite

Buy Now
Questions 14

What is the primary purpose of The IIA ' s Code of Ethics?

Options:

A.

Communicate specific activities appropriate to the performance of internal auditing.

B.

Promote ethical culture within corporations and other business organizations.

C.

Establish mandatory standards of competence for the practice of internal auditing.

D.

Establish principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing.

Buy Now
Questions 15

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy. Which of the following is the most appropriate idea to include?

Options:

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported.

C.

Management is responsible for ensuring that the organization’s CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization; thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Buy Now
Questions 16

A newly hired chief audit executive is reviewing available documentation to provide evidence of conformance with the standard for continuing professional development. Which of the following documents is the most reliable source for this purpose?

Options:

A.

The organization ' s training policy.

B.

A list of auditors who requested to attend the next audit conference.

C.

Self-assessments against an internally developed audit benchmark

D.

In house training manual

Buy Now
Questions 17

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

A description of their job responsibilities,

Options:

A.

A non-disclosure agreement.

B.

An annual declaration of commitment to

C.

The IIA s Code of Ethics.

D.

The internal audit charter.

Buy Now
Questions 18

According to NA guidance, which of the following conditions would enhance the independence of the internal audit activity?

Options:

A.

The organizational culture rewards critical and objective thinking.

B.

The quality of work performed by the internal audit activity is periodically reviewed,

C.

The organization establishes effective governing body oversight,

D.

Audit assignments are rotated among internal audit staff

Buy Now
Questions 19

For a new board chair who has not previously served on the organization ' s board, which of the following steps should first be undertaken to ensure effective leadership to the board?

Options:

A.

Chair should learn the current organizational culture of the company.

B.

Chair should learn the current risk management system of the company.

C.

Chair should determine the appropriateness of the current strategic risks.

D.

Chair should gain an understanding of the needs of key stakeholders.

Buy Now
Questions 20

Management of an area under review is aggressive, upset, and questioning the knowledge and experience of the organization ' s internal auditors, as the audit results highlight critical findings. The relationship between the internal audit activity and management has continued to degenerate. as previous audit reports also showed a large number of issues. What would be the best strategy for working through the current audit results while also attempting to repair the relationship with management?

Options:

A.

Take an accommodating approach and change the overall rating of the audit report.

B.

Take a compromising approach by modifying the tone of the report, while maintaining the critical findings.

C.

Take an assertive approach and be persistent in attempting to convince the director.

D.

Take an assisting approach and offer to assist with the implementation of action plans.

Buy Now
Questions 21

During the audit of taxation processes in the organization internal auditors have verified that all employees of the finance department received training on taxation guidelines. The training is mandatory and is automatically assigned via email invitation to all new employees in the department. Which type of controls have the auditors tested?

Options:

A.

Directive

B.

Preventive

C.

Detective

D.

Automatic

Buy Now
Questions 22

After the final audit report was issued, the engagement supervisor received an expensive gift from management recognizing her assistance in improving the business, if the gift is accepted, which of the following would be true?

Options:

A.

The engagement supervisor violated The IIA ' s Code of Ethics principle of integrity.

B.

The engagement supervisor violated The IIA ' s Code of Ethics principle of objectivity.

C.

The engagement supervisor violated The IIA’s Code of Ethics principle of confidentiality.

D.

The engagement supervisor did not violate any principles of The IIA’s Code of Ethics.

Buy Now
Questions 23

To comply with the proficiency standard, which of the following would the chief audit executive likely consider as the primary hiring criterion when choosing a new internal auditor?

Options:

A.

The auditor ' s demonstrated problem-solving skills.

B.

The auditor ' s skills compared to those already possessed by other audit staff.

C.

The auditor ' s ability to be self-motivated and a good team player.

D.

The length and consistency of the auditor ' s work experience.

Buy Now
Questions 24

Regarding assurance and consulting services provided by the internal audit activity which of the following statements is correct?

Options:

A.

The nature and scope of a consulting engagement are determined by the internal audit activity based on its risk assessment

B.

The nature and scope of an assurance engagement are subject to agreement with management of the area under review

C.

Both assurance services and consulting services can be focused on controls or performance or both

D.

The assurance engagement process ends with reporting

Buy Now
Questions 25

Which of the following actions by an internal auditor would be the most relevant to determine the effectiveness of controls?

Options:

A.

Participate in a fraud risk-assessment session as an in-house facilitator.

B.

Send regular written updates to senior management on new control-related regulations.

C.

Lead a seminar on internal controls and provide numerous examples to the audience.

D.

Conduct a surprise inventory count at the raw materials warehouse.

Buy Now
Questions 26

The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization ' s automobiles. However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization s production process?

Options:

A.

A general web-based training on auditing manufacturing processes.

B.

Self-study courses on the industry ' s production practices

C.

Industry publications that discuss production methods

D.

A virtual meeting with management that explains the production of automobiles

Buy Now
Questions 27

According to MA guidance, which of the following best describes how often the chief audit executive should review the quality assurance and improvement program of the internal audit activity?

Options:

A.

Whenever the business objectives of the organization change

B.

Just prior to an external assessment of the internal audit activity

C.

At the completion of each engagement.

D.

Progressively on a day-to-day basis

Buy Now
Questions 28

The internal auditor obtained large volumes of transaction history data for accounts on which he suspected that some fraudulent transactions occurred. Which of the following actions best demonstrates due professional care by the internal auditor?

Options:

A.

The internal auditor carefully scrutinized the data by manually reviewing each transaction to ensure that all irregularities were identified.

B.

The internal auditor employed the use of data analytics tools to sort, analyze, and detect anomalies in the data

C.

The internal auditor started the data analysis process by selecting a random sample of transactions on which to perform further tests.

D.

The internal auditor requested that the branch supervisor assist in identifying fraudulent transactions, as he was most familiar with the accounts being audited.

Buy Now
Questions 29

Which of the following scenarios best demonstrates the application of internal audit proficiency?

Options:

A.

Management requests that the internal audit activity review and provide feedback on its strategic plans for a merger, but the chief audit executive (CAE) declines the engagement due to the team ' s lack of experience with mergers.

B.

A CAE reassigns auditors from other audits to perform testing on all of the fixed asset additions for a period, including amounts below the materiality level stated by external auditors.

C.

Due to the routine and recurring nature of bank branch audits, an audit manager often excludes detailed planning at the beginning of the audit and immediately performs fieldwork.

D.

During fieldwork, an auditor observed a lack of segregation of duties over cash management. The auditor reported this observation to his supervisor, who decided that the area should be examined in a subsequent audit.

Buy Now
Questions 30

Which of the following statements best represents the due professional care that is required of internal auditors?

Options:

A.

Internal auditors should perform assurance procedures to ensure that all significant risks are identified.

B.

Internal auditors should not perform consulting engagements for operations for which they had previous responsibilities.

C.

Internal auditors should consider the cost of assurance in relation to the potential benefits.

D.

Internal auditors should devise internal audit programs to confirm that the results are accurate.

Buy Now
Questions 31

An internal auditor is assessing the effectiveness of the organization ' s risk management practices. She checks to see whether risk management is an integral part of decision making and whether risk management is transparent, responsive to change, and addresses uncertainty. According to IIA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?

Options:

A.

Maturity model approach.

B.

Process element approach.

C.

Key principles approach.

D.

Key performance indicators approach.

Buy Now
Questions 32

An organization is in the process of hiring a new chief audit executive (CAE). Which of the following can the potential candidates expect to be a part of the recruiting process or in place when the CAE is hired?

Options:

A.

There are checks to determine the existence of any potential conflict of interest.

B.

The CAE reports functionally to the highest level of management, the CEO.

C.

The CAE’s compensation depends on the performance of the organizational departments.

D.

Hiring and termination of the CAE is dependent on the decision of senior executives.

Buy Now
Questions 33

Which of the following would be an important aspect of an internal auditor ' s role in fraud management?

Options:

A.

Utilizing analytical techniques to actively discover instances of potential fraud

B.

Conducting fraud based audits to ensure that fraud will be detected during engagements

C.

Implementing fraud prevention controls to minimize and mitigate the risk of fraud

D.

Reporting instances of fraud discovered during engagements to regulatory bodies

Buy Now
Questions 34

Which of the following most accurately describes the role of the board when it comes to organizational governance?

Options:

A.

Responsibility for outcome of the process.

B.

Responsibility to be involved in management of the organization.

C.

Responsibility to determine who is accountable for outcomes.

D.

Responsibility to identify risks in the organization’s business environment

Buy Now
Questions 35

Which of the following relates to the concept of due professional care?

Options:

A.

An auditor attempts to obtain information needed to complete an assurance engagement but is denied access.

B.

The appointment of the chief audit executive is ratified by the board.

C.

An auditor demonstrates a good understanding of the steps involved in carrying out a consulting engagement.

D.

The internal audit resource plan is only approved by the chief financial officer.

Buy Now
Questions 36

Which should the internal auditor first consider when assessing fraud risks during an engagement?

Options:

A.

Compare the organizations fraud strategies with the industry ' s strategies.

B.

Review any related prior fraud investigations.

C.

Investigate any related fraud allegations.

D.

Communicate any suspicious fraud activities to management.

Buy Now
Questions 37

Whch ol the following would show appropriate disclosure of nonconformance with the Standards?

Options:

A.

The chief audit executive (CAE) documented in the personal file a critical conflict of interest involving an internal audit on a upcoming contracting engagement.

B.

The CAE discussed with the board an issue regarding the internal activity performing an IT engagement without proper skills and knowledge.

C.

The CAE met with the peer review team to discuss an internal auditor’s failure to meet the annual requirements for continuing professional education.

D.

The CAE revealed to revealed to operational manager that he failed to appropriately consider risks while he was developing the audit plan.

Buy Now
Questions 38

Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?

Options:

A.

Accommodation.

B.

Reaction.

C.

Defense.

D.

Proaction.

Buy Now
Questions 39

During an assurance engagement, an internal auditor identified that a developer of the organization ' s enterprise resource planning (ERP) system had intentionally modified the production code to commit a fraudulent transaction. Which control activity should be implemented to prevent such issues in the future?

Options:

A.

Segregate duties between code development and migrating changes into production.

B.

Conduct fraud training for the IT team responsible for the ERP system.

C.

Penalize the developer who committed the fraud by terminating employment.

D.

Restrict developers ' access to the ERP system ' s test environment.

Buy Now
Questions 40

Management decided to post the organization ' s newly established code of conduct on its website. This decision is primarily intended to mitigate which of the following risks?

Options:

A.

Accountability risk.

B.

Communication risk.

C.

Knowledge risk.

D.

Cultural risk.

Buy Now
Questions 41

Which of the following would best describe a control implemented to detect cash register disbursement fraud in a large retail store?

Options:

A.

Separate the duties of processing and authorizing refunds on merchandise

B.

Post signs in the register area prompting customers to ask for and examine their sales receipts

C.

Periodically count the cash in the register and compare it to the expected amount

D.

Use cash registers with internal tapes that are tamper proof and that require a manager to process voids or refunds

Buy Now
Questions 42

Which of the following factors are commonly assessed to determine the magnitude of risk events?

Options:

A.

Tolerance and appetite

B.

Inherent and residual risk

C.

Cost and benefit

D.

Impact and likelihood

Buy Now
Questions 43

Which of the following scenarios depicts an appropriate role for the internal audit activity to take regarding an organization ' s risk management process?

Options:

A.

Internal audit designs and implements the organization ' s controls to help manage risk.

B.

Internal audit sets the organization ' s risk tolerance and promotes awareness throughout the organization.

C.

Internal audit assesses whether the organization ' s risk management processes are effective.

D.

Internal audit is responsible for safeguarding the organization ' s assets and preventing loss from occurring.

Buy Now
Questions 44

An organization ' s board recommends revising the internal audit charter by adding requirements regarding the hiring and compensation of the chief audit executive as well as information on approving the internal audit budget. Which of the following is the board most likely defining in the charter?

Options:

A.

Functional and administrative responsibilities of internal audit activity.

B.

Authority and objectivity of internal audit activity.

C.

Independence and objectivity of internal audit activity.

D.

Assurance and improvement of internal audit activity.

Buy Now
Questions 45

Which of the following activities should the chief audit executive perform to ensure compliance with an organization ' s code of conduct?

Options:

A.

Act as an advisor to the committee responsible for reviewing violations of the code.

B.

Review and adjudicate all violations of the code of conduct.

C.

Lead the committee responsible for the oversight of the code.

D.

Implement a system of procedures to inform all employees of the code.

Buy Now
Questions 46

Which of the following statements is true with regard to services provided by the internal audit activity?

Options:

A.

For consulting engagements, internal auditors do not need to be alert to control issues.

B.

Assurance and consulting services have similar objectives.

C.

Internal auditors may not perform assurance and consulting roles at the same time.

D.

Both assurance and consulting engagements require a final engagement report

Buy Now
Questions 47

Which of the following is an indicator that the organization s risk management process is effective?

Options:

A.

The organization s risk appetite mission, and objectives are dearly outlined.

B.

The organization s risk management practices are assessed as mature.

C.

The organization has adopted risk management frameworks and global models.

D.

The organization s significant risks are identified and adequately assessed

Buy Now
Questions 48

An organization is conducting a fraud risk assessment as part ol its risk management program. Which of the following steps is the organization most likely to perform first?

Options:

A.

Identify relevant fraud risk factors.

B.

Identify potential fraud schemes.

C.

Identify existing controls for preventing and detecting fraud.

D.

Identify red flags by conducting data analysis.

Buy Now
Questions 49

According to IIA guidance, which of the following conditions would enhance the independence of the internal audit activity?

Options:

A.

The organizational culture rewards critical and objective thinking.

B.

The quality of work performed by the internal audit activity is periodically reviewed.

C.

The organization establishes effective governing body oversight.

D.

Audit assignments are rotated among internal audit staff.

Buy Now
Questions 50

As part of a fraud investigation by regulators, a court order was issued to a bank. The court order requested the chief audit executive (CAE) to provide access to a number of audit reports and workpapers, some of which included customers ' confidential information such as transaction activity and other personal details. What is the appropriate response by the CAE?

Options:

A.

Reject the court order, citing a potential breach of customers ' confidentiality agreement

B.

Consult with legal counsel to determine what information to provide.

C.

Respond promptly and provide all that was requested by the court order.

D.

Seek permission from customers prior to sharing their information.

Buy Now
Questions 51

When the chief audit executive Is responsible for risk management in an organization, which of the following parties is responsible for overseeing the internal audit activity ' s assurance over risk management?

Options:

A.

The chief audit executive.

B.

A member of the compliance function.

C.

A party outside of the internal audit activity.

D.

A member of the risk management function.

Buy Now
Questions 52

An organization is considering purchasing a new banking software system and has asked the internal audit activity to evaluate the system. An internal auditor assigned to perform the engagement worked at the software company two years ago and is familiar with the system ' s design strengths and weaknesses. Which of the following is true regarding impairment to the auditor ' s objectivity?

Options:

A.

This situation does not necessitate any action related to the auditor ' s objectivity.

B.

The auditor should decline to perform the audit because personal conflicts of interest are likely.

C.

The auditor must disclose to the chief audit executive that this situation may impair her objectivity.

D.

The auditor can provide only consulting services, not assurance.

Buy Now
Questions 53

Due to unfavorable economic conditions management decided to postpone new investments for the next year. Which of the following best describes the risk management strategy used to address this situation?

Options:

A.

Risk mitigation

B.

Risk avoidance

C.

Risk reduction

D.

Risk transfer

Buy Now
Questions 54

How do assurance services and consulting services differ?

Options:

A.

There is less variety of consulting services that an internal audit activity might provide compared to assurance services

B.

Assurance services are limited to financial events or actions, and consulting services are not limited in this way

C.

Consulting services do not have to be included in the internal audit charter

D.

Other employees in an organization can provide consulting services but only an internal audit activity can provide assurance services

Buy Now
Questions 55

The organization ' s internal audit charter was last updated six years ago. To update the charter, which of the following actions is most appropriate for the chief audit executive to take?

Options:

A.

Wait for the next external assessment and address all of the missing information in the charter based on the recommendations from the external assessment team.

B.

Perform a review of IIA guidance to become acquainted with the latest mandatory elements prior to updating the charter

C.

Use an internal audit charter template from another organization that operates within the same industry.

D.

Identify an individual within the internal audit activity who has in-depth knowledge of mandatory IIA guidance elements to address any gaps or areas of the current version of the charter that could be improved.

Buy Now
Questions 56

Which of the following tools would be most useful to an internal auditor performing an assessment of the effectiveness of the organization ' s risk responses?

Options:

A.

Heat map.

B.

Risk and control matrix.

C.

Risk register.

D.

Process map.

Buy Now
Questions 57

Which of the following demonstrates that the internal audit activity exercises due professional care?

Options:

A.

Supervisors provide feedback to internal auditors after workpapers are reviewed

B.

A self-assessment is conducted through the quality assurance and improvement program every five years

C.

Internal auditors are required to give absolute assurance of regulatory compliance

D.

The chief audit executive reports functionally to the board

Buy Now
Questions 58

Which of the following is the best way for internal auditors to demonstrate their proficiency to effectively carry out their professional responsibilities?

Options:

A.

Volunteer for audit engagements in areas or industries in which the auditor is unfamiliar

B.

Sign an annual attestation indicating that the auditor has all required competencies to perform her job effectively.

C.

Obtain appropriate professional certifications or other designations.

D.

Disclose potential impairments to independence or objectivity prior to performing an audit engagement.

Buy Now
Questions 59

The internal audit activity was denied access to expenditure and budget reports because they were considered to be confidential. This situation would result in which of the following limitations of the internal audit activity?

Options:

A.

Independence

B.

Integrity

C.

objectivity

D.

Authority

Buy Now
Questions 60

The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigator. Which of the following would most likely be the next step?

Options:

A.

Ask internal auditors to gather all relevant information and evidence.

B.

Identify and interview witnesses first and potential suspects later.

C.

Conduct a fraud risk assessment to identify the most vulnerable areas.

D.

Determine the competencies needed and assess whether team members have a conflict of Interest.

Buy Now
Questions 61

Which of the following procedures will best help an internal auditor assess operating effectiveness of fraud prevention and detection controls?

Options:

A.

Benchmarking best practices

B.

Testing,

C.

Mapping,

D.

Interviewing

Buy Now
Questions 62

According to IIA guidance, which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

Options:

A.

Internal assessments rely solely on the review of completed audit engagements for demonstrated performance.

B.

The chief audit executive is responsible for assessing the suitability and competence of an external assessor.

C.

QAIP results must first be discussed with the board and approval obtained for distribution to senior management.

D.

At the board ' s discretion, the frequency of external assessments can exceed the five-year guideline.

Buy Now
Questions 63

Which of the following types of fraud tests would be most effective if an internal auditor was looking for possible fictitious vendors?

Options:

A.

Checking for invoice amounts that do not match that of the purchase order.

B.

Searching for identical invoice numbers and payment amounts.

C.

Running checks to uncover post office box addresses matching employee addresses.

D.

Comparing prices across vendors to see whether one vendor is unreasonably high.

Buy Now
Questions 64

Which of the following written documents typically offers the best evidence that internal auditors exercise due professional care in conformance with the Standards?

Options:

A.

Internal audit charter.

B.

Workpaper.

C.

Audit report.

D.

Code of ethics.

Buy Now
Questions 65

During an audit of a foreign subsidiary an internal audit team discovered that products were sold to a prohibited country due to sanctions. What is the best course of action for the internal audit team?

Options:

A.

Include the facts m the engagement communications

B.

Inform me external auditors of the violation.

C.

Report the violation to the government regulators

D.

Consult with the legal department

Buy Now
Questions 66

Which of the followIng would permit an internal audit activity to use the statement " conducted m conformance with the International Standards for the Professional Practice of Internal Auditing m audit reports?

Options:

A.

The result of a quality assurance and improvement program confirm there are no material issues.

B.

Engagement workpapers are retained by the internet audit activity according to the retention and deletion policy.

C.

The internal audit activity receives positive feedback from the managers of the areas that were under review.

D.

internal auditors demonstrate proficiency by maintaining professional internal audit certifications

Buy Now
Questions 67

Who is responsible for setting the risk appetite?

Options:

A.

External auditors.

B.

Chief risk officer.

C.

Operations management.

D.

Board of directors.

Buy Now
Questions 68

A global manufacturing company has three regional offices. The chief audit executive (CAE) is concerned about the cost of an upcoming external quality assessment of the internal audit activity. The last external assessment was performed six years ago. Recently, the internal audit staff at one of the regional offices performed an internal assessment. To ensure conformance with the Standards, what is the most appropriate action for the CAE to take?

Options:

A.

Request from the audit committee an additional budget and an extension so that the external assessment could be performed next year.

B.

Review the results of the internal assessment, identify weaknesses, and implement improvements at the remaining offices.

C.

Request the regional office that performed the internal assessment to perform an assessment of the remaining offices.

D.

Request that an external assessor validate the results of the internal assessment and review the remaining offices.

Buy Now
Questions 69

Which of the following is the most effective way for internal auditors to determine whether ethical values are followed throughout the organization?

Options:

A.

Review the organization ' s ethical value structure and reporting procedures.

B.

Review what the organization considers to be ethical behavior, such as the employee code of conduct.

C.

Review employee survey responses and follow up on those that suggest weaknesses in the ethical climate.

D.

Review the organization ' s records to ensure all employees have signed statements that they will follow ethical practices.

Buy Now
Questions 70

Which of the following is true regarding internal audit role ' s in The IIA ' s Three Lines Model?

Options:

A.

As internal control is part of risk management, the internal audit role in risk management implies reduced emphasis on internal control.

B.

Internal audit can blur the distinction between the second and the third lines as long as value is added.

C.

Internal audit cannot rely on other assurance providers when opining on the effectiveness of risk management.

D.

Internal audit should be aligned with first- and second-line functions through effective communication, cooperation, and collaboration.

Buy Now
Questions 71

During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management ' s request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?

Options:

A.

Assurance services

B.

Blended services

C.

Consulting services

D.

Prohibited services

Buy Now
Questions 72

Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?

Options:

A.

Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions.

B.

The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff.

C.

Security cameras that monitor cash handling at the register are not functioning.

D.

The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff

Buy Now
Questions 73

Which of the following is true for consulting engagements ' ?

Options:

A.

The internal audit activity must ensure management actions have been effectively implemented or risk accepted

B.

A work program for the engagement is not required but may be developed

C.

The nature of consulting services does not have to be in the internal audit charter

D.

Risks identified from the engagement must be considered when evaluating the organization ' s risk management processes

Buy Now
Questions 74

Which of the following statements is true regarding occupational fraud?

Options:

A.

An employee who diverts the organization ' s purchases for personal use is demonstrating asset misappropriation

B.

An employee who intentionally omits negative information in the financial statement disclosures is demonstrating an example of corruption

C.

An employee who made an error in estimating losses may have committed fraud even if the error was not intentional

D.

An employee who creates a denial of service in the organization’s computer systems is committing asset misappropriation

Buy Now
Questions 75

Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?

Options:

A.

Evaluating and suggesting improvements to the risk management process.

B.

Establishing the organization ' s risk appetite.

C.

Determining whether the risk attitude is aligned with shareholder interests.

D.

Ensuring an adequate risk management system is in place.

Buy Now
Questions 76

During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids. Which of the following would be the most effective preventative control to reduce these losses?

Options:

A.

Ensure that returned merchandise is restocked to shelves or sent to the manufacturer by an independent employee.

B.

Call a sample of customers who returned merchandise to test the legitimacy of the returns and check refund amounts.

C.

Require that a manager use a reserved register code to approve voids or refunds.

D.

Analyze voids and refunds by employee, credit card number, and amount for unusual numbers, amounts, or patterns.

Buy Now
Questions 77

The largest risks facing an organization should be mitigated by which type of controls?

Options:

A.

Entity-level

B.

Activity-level

C.

Transaction-level

D.

Process-level

Buy Now
Questions 78

Which of the following scenarios best illustrates the Fraud Triangle component known as " perceived opportunity " ?

Options:

A.

Substantial bonuses are awarded if financial targets are met.

B.

Duties are not properly segregated.

C.

Employees may perceive favoritism and feel overlooked and resentful.

D.

Bonuses may not be paid this year.

Buy Now
Questions 79

Which of the following scenarios would cause a chief audit executive (CAE) to immediately discontinue using any statements that would indicate conformance with the Standards in an audit report?

Options:

A.

The internal audit activity used a risk-based approach to create the internal audit plan.

B.

The engagement supervisor considered requests from senior management regarding engagements to include in the internal audit plan.

C.

The CAE only accepted engagements that the internal audit activity collectively had the knowledge to perform.

D.

The area under review restricted the internal audit activity ' s ability to access records, impacting the audit results.

Buy Now
Questions 80

Senior management has requested that the internal audit activity review and amend policies where necessary when auditing the purchasing department. To which of the following would the chief audit executive most likely give primary consideration when responding to this request?

Options:

A.

Auditor competency.

B.

Internal audit independence.

C.

Auditor objectivity.

D.

Engagement scope.

Buy Now
Questions 81

According to the Standards, which of the following is a requirement for internal audit professional development plans?

Options:

A.

Plans must include a path to certification so that each internal auditor has a certification in auditing finances.

B.

Plans must ensure that staff development activities are based primarily on the skills and competencies needed to complete the audit plan.

C.

Plans must include rotating audit areas so that auditors acquire business knowledge to be efficient in performing engagements.

D.

Plans must include rotating auditors out into business units for temporary assignments so they can obtain more business knowledge.

Buy Now
Questions 82

Which of the following is most accurate concerning corporate social responsibility?

Options:

A.

A moral agent in an organization makes decisions that are based on the rules and regulations of the organization as they apply to human resources decisions

B.

The utilitarian approaching deciding on ethical dilemmas is concerned with choosing the simplest solution that will apply to the most people

C.

Ethics are not defined by laws but they are not a matter of free choice ethics are based on standards of conduct derived from shared principles and values

D.

The individualism approach to ethical decision making is focused on implementing a customized long-term outcome that is most beneficial for the entire organization

Buy Now
Questions 83

Prior to commencing a financial compliance engagement, the engagement supervisor reads the business plan for the finance department and meets informally with the director to learn more about any key issues. Which of the following competencies is the engagement supervisor demonstrating?

Options:

A.

The ability to inspire trust

B.

The ability to communicate effectively

C.

The ability to display courage

D.

The ability to understand the needs of stakeholders

Buy Now
Questions 84

Which of the following is most likely to be considered a control weakness?

Options:

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms.

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent.

Buy Now
Questions 85

When beginning an engagement to assess the effectiveness of the organization ' s newly revamped risk management processes, which of the following should internal auditors review first?

Options:

A.

Key risk disclosures in the annual report.

B.

Existing risk assessment and identification processes.

C.

Organizational strategy and business plans.

D.

Risk mitigation plans and risk responses.

Buy Now
Questions 86

Which of the following statements is correct regarding disclosure of conformance or Standards?

Options:

A.

An internal audit activity that has been in existence fewer than five years cannot Indicate that it is operating in conformance with the Standards because it has not yet undergone an external assessment.

B.

Once an external assessment validates conformance with the Standards, the internal audit activity may continue to use the statement until the next external assessment.

C.

If it has been more than five years since the last external assessment was conducted, the Internal audit activity must cease indicating that it operates in conformance with the Standards.

D.

The chief audit executive must disclose every instance of noncompliance with the Code of Ethics or the Standards.

Buy Now
Questions 87

Wi ch of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

Options:

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed the last year

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistieblower hotline.

Buy Now
Questions 88

In a small organization, management is unable to achieve adequate segregation of duties for its cash-handling procedures Therefore hidden surveillance cameras were installed to monitor cash-handling activities Which of the following best describes this type of control?

Options:

A.

Corrective control

B.

Process-level control

C.

Compensating control

D.

Preventive control

Buy Now
Questions 89

The CEO has delegated several responsibilities to the internal audit activity. Which of the following directives should concern the chief audit executive the most?

Options:

A.

Internal auditors shall perform engagement-level risk assessments

B.

Internal auditors shall perform risk management activities.

C.

Internal auditors shall perform risk-based engagements

D.

Internal auditors shall perform organization wide risk assessments

Buy Now
Questions 90

Which of the following statements demonstrates that internal auditors are in conformance with the standard of due professional care?

Options:

A.

Internal auditors have shown they have the freedom to carry out their responsibilities.

B.

Internal auditors have demonstrated the skills needed to carry out the audit engagement.

C.

Internal auditors have strictly followed a formal audit process in conducting their work.

D.

Internal auditors have demonstrated an unbiased mental attitude.

Buy Now
Questions 91

According to MA guidance, which of the following gives the internal audit activity the authority to request supporting documentation for the invoices of a third-party service provider?

Options:

A.

The internal audit policy manual.

B.

The internal audit charter.

C.

The board of directors.

D.

The quality assurance and improvement program.

Buy Now
Questions 92

While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company ' s engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?

Options:

A.

Include the engineering department on the audit plan, use the available internal audit resources to conduct the review, and exclude procedures that cannot be adequately assessed.

B.

Advise management to accept the assessed risk until the internal auditors are able to review the area adequately.

C.

Recruit internal auditors with the required competencies and wait until they are employed before including this audit on the internal audit plan.

D.

Proceed with a review of the engineering department but supplement the internal audit team with nonauditors from an external engineering company who have the required skills to assist

Buy Now
Questions 93

Which of the following is an example of a detective control?

Options:

A.

Automatic shut-off valve.

B.

Auto-correct software functionality.

C.

Confirmation with suppliers and vendors.

D.

Safety instructions.

Buy Now
Questions 94

A newly hired internal auditor is performing an engagement that requires significant IT expertise that he does not possess. If the auditor does not alert the chief audit executive about his lack of expertise and decides to perform the engagement anyhow, which principle of the IIA ' s Code of Ethics would he violate?

Options:

A.

Due professional care.

B.

Competency.

C.

Effective communication

D.

Professionalism

Buy Now
Questions 95

During fieldwork, an internal auditor located a significant internal control issue. Without identifying the origins of the issue, the auditor concluded the engagement and included the issue in the final audit report. To enhance audit quality, which of the following skills should the internal auditor improve?

Options:

A.

Business acumen.

B.

Critical thinking.

C.

Communication.

D.

Audit report writing.

Buy Now
Questions 96

According to The IIA’s Code of Ethics, which of the following best describes the principle of integrity?

Options:

A.

Auditors shall observe the law and make disclosures expected by the law and the profession

B.

Auditors shall disclose all material facts known to them that if not disclosed may distort the reporting of activities under review

C.

Auditors shall engage only in those services for which they have the necessary knowledge skills and experience

D.

Auditors shall be prudent in the use and protection of information acquired in the course of their duties

Buy Now
Questions 97

Nine months ago, an employee who was responsible for collections in the accounts receivables department joined the internal audit team. There is an accounts receivables assurance audit scheduled as part of this year ' s approved audit plan, which will include a review of the collections unit. With the knowledge and experience of this individual in the area, which of the following is the best approach for the chief audit executive (CAE) to take?

Options:

A.

Have the auditor formerly with the collections unit assist with planning and documenting the audit field work.

B.

Have the auditor formerly with the collections unit not participate on the audit team.

C.

Have the auditor formerly with the collections unit conduct the fieldwork and ensure it is reviewed by the CAE.

D.

Have the auditor formerly with the collections unit review all fieldwork done to ensure that there was adequate coverage.

Buy Now
Questions 98

Which of the following is a detective control?

Options:

A.

An organization requires certain employees who occupy sensitive positions to sign attestation to the code of conduct on an annual basis.

B.

A compliance specialist carries out quarterly reviews of an organization ' s compliance with regulatory requirements.

C.

A front desk officer in an organization requires that visitors are identified by the host before access is granted.

D.

An internal audit activity deploys audit management policies and procedures for team members.

Buy Now
Questions 99

Which of the following skills is critical for assessing corporate social responsibility through a self-assessment?

Options:

A.

Assessment skills

B.

Assurance skills

C.

Interviewing skills

D.

Facilitation skills

Buy Now
Questions 100

Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?

Options:

A.

Fewer internal audits

B.

More effective interviews

C.

Automated risk management strategy tools

D.

Reduced assurance costs

Buy Now
Questions 101

Which of the following engagements would be considered an appropriate consulting service?

Options:

A.

The internal audit activity of a commercial bank routinely performs branch audits for compliance with regulations.

B.

The internal audit activity participates in a cosourcing arrangement with an IT audit firm to test information systems security.

C.

The internal audit activity facilitates biannual training of the risk management team in risk identification methodologies.

D.

The internal audit activity partners with external auditors annually to complete fieldwork required as a part of the external audit exercise.

Buy Now
Questions 102

To assure that the technical proficiency of internal auditors is appropriate for the audit engagements to be performed, a chief audit executive should:

Options:

A.

Consider the scope of work and level of responsibility when establishing criteria for education and experience in filling internal audit positions.

B.

Ensure that each newly hired auditor is qualified in all of the disciplines needed to accomplish the department’s audit mission.

C.

Oversee a training program that matches the actual training provided with the interests of individual auditors.

D.

Require all of the audit staff to pursue a minimum number of continuing professional education hours each year

Buy Now
Questions 103

The chief audit executive (CAE) of a new internal audit activity is creating an internal audit charter According to IIA guidance, which of the following terms is most likely to

be included in the charter?

Options:

A.

Senior management will be present whenever the CAE interacts with the board, to ensure effective communication among all three parties.

B.

Internal auditors will advise on the design of control policies and procedures in any area where the organization does not possess the requisite expertise,

C.

Internal auditors will demonstrate competence, concern, and the dedication expected of a professional,

D.

Internal auditors will receive performance-based compensation, including bonuses for reporting more than a stipulated number of observations.

Buy Now
Questions 104

The chief audit executive of a large national retailer is reviewing the purpose and objectives of the organization ' s internal audit activity

Which of the following objectives is best aligned with The IIA ' s Mission of Internal Audit?

Options:

A.

To implement a quality assurance and improvement program

B.

To assess the effectiveness of internal controls over organizational assets

C.

To ensure internal auditors possess the competencies needed to perform their responsibilities

D.

To operate within the budget established by the board of directors

Buy Now
Questions 105

How should the internal audit activity promote continuous improvement of organizational controls?

Options:

A.

By assessing implementation of controls m individual processes during audit engagements

B.

By identifying the most significant business processes and designing effective controls for those processes

C.

By implementing an internationally accepted internal control framework across the organization

D.

By facilitating control self-assessment sessions for managers responsible for business processes

Buy Now
Questions 106

A chief audit executive (CAE) has just joined an organization with an existing internal audit activity. Based on her review of the current organizational structure, the CAE determines that the internal audit activity lacks adequate independence. Which of the following actions is the CAE ' s best step to take next to move the internal audit activity toward organizational independence?

Options:

A.

Ensure the limitations are disclosed through communication with the board and senior management, so that the internal audit activity can continue operating under the same organizational structure.

B.

Request that the board restructure the reporting line of the internal audit activity to ensure the CAE has unrestricted access to the board.

C.

Rotate internal audit assignments among members of the internal audit activity to minimize the effects of the current structure.

D.

Train internal auditors about organizational independence and have them sign an acknowledgment of understanding.

Buy Now
Questions 107

The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions. The CAE was an accounting manager for the organization six months ago.

How should she respond to the request?

Options:

A.

Decline, if it is a consulting engagement, because she recently worked in the organization ' s accounting department.

B.

Accept, if it is an assurance engagement, as she has been out of the department long enough to not impair objectivity.

C.

Inform the accounting department that the engagement can take place in the future, once she has been removed from accounting for a longer period of time.

D.

Accept, if it is a consulting engagement with agreed-upon scope and services to be provided by the internal audit activity.

Buy Now
Questions 108

An internal auditor performed a consulting engagement last year which included assisting with management ' s design of controls over the procurement function. How should the chief audit executive plan an assurance engagement on the adequacy of the internal control system in the procurement function in the current year?

Options:

A.

Assign the engagement to another internal auditor on staff

B.

Outsource the engagement to ensure independence

C.

Harness the auditor ' s knowledge of the procurement function by assigning the engagement to the same internal auditor

D.

Postpone the engagement to the following year to ensure enough time has passed since the controls were designed

Buy Now
Questions 109

When performing an audit of the risk management process an auditor makes the observations listed below. Which poses the greatest risk to the organization?

Options:

A.

The identified risks have not undergone a detailed review to ensure completeness in the past two years.

B.

The controls in place to mitigate the risks are not tested on an annual basis to confirm operating effectiveness.

C.

The process in place to identify and evaluate new risks to the organization is informal and poorly documented.

D.

The identified risks have not been ranked to establish their importance and risk management priority.

Buy Now
Questions 110

The manager of the payroll department requested a review of the payroll process, but only wants the engagement to include processes related to approval of time worked. What type of activity is this?

Options:

A.

Financial assurance engagement.

B.

Operational consulting engagement.

C.

Compliance assurance engagement.

D.

Risk management consulting engagement.

Buy Now
Questions 111

Which of the following should the internal audit activity establish to ensure auditors develop the appropriate skills for conducting audits?

Options:

A.

An audit charter that includes the internal audit activity mission and vision

B.

A policy encouraging audit staff to earn certifications

C.

A quality assurance and improvement program to address audit risk areas

D.

An internal audit plan that links engagements to strategic objectives

Buy Now
Questions 112

An internal auditor is trying to evaluate what could go wrong after determining that a risk management technique is operating effectively. What type of risk is the auditor assessing?

Options:

A.

Inherent risk.

B.

Residual risk.

C.

Impact risk.

D.

Detection risk.

Buy Now
Questions 113

Which of the following best describes why a chief audit executive might obtain the services of a fraud specialist to assist in a major fraud investigation ' ?

Options:

A.

Fraud specialists are better at using computer-assisted audit techniques

B.

Fraud specialists are better equipped to act as an expert witness in court

C.

Fraud specialists are better able to properly apply due professional care

D.

Fraud specialists are better at using crime scene investigation techniques

Buy Now
Questions 114

Which of the following statements represents the most appropriate correlation between an organization ' s risk maturity and the internal audit activity’s consulting role in risk management processes?

Options:

A.

When an organization has a high level of risk maturity the internal audit activity is less likely to provide consulting services related to risk management

B.

When an organization has a low level of risk maturity, the internal audit activity is less likely to provide consulting services related to risk management

C.

When an organization has a high level of risk maturity the internal audit activity is more likely to provide consulting services related to risk management

D.

There is typically no correlation between an organization’s risk maturity and the extent to which the internal audit activity’s consulting role in risk management processes

Buy Now
Questions 115

Which of the following statements is true regarding management ' s use of judgement to design, implement, and conduct internal control?

Options:

A.

The use of judgment enhances management ' s ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.

Introducing judgment generally diminishes management ' s ability to make good decisions about internal control.

C.

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

Buy Now
Questions 116

Which of the following is (he most effective way any organization can ensure proper governance over its internal controls?

Options:

A.

By adopting the best practices of similar organizations in the industry.

B.

By adjusting their internal control framework as business practices evolve.

C.

By introducing the universally accepted COSO internal control framework.

D.

By encouraging the internal audit activity to provide training on internal controls.

Buy Now
Questions 117

According to IIA guidance, which of the following would be the most appropriate to help a new internal auditor understand the nature and positioning of the internal audit activity within his organization?

Options:

A.

The internal audit charter.

B.

Examples of internal audit reports.

C.

The internal audit policy and procedures manual.

D.

The IIA’s International Professional Practices Framework.

Buy Now
Questions 118

A new chief audit executive wants to develop a formal internal control framework for her organization. She uses globally accepted frameworks as a guide. Which of the following would she likely find critical in creating the new framework for her organization?

Options:

A.

Independent assessments.

B.

Continuous monitoring.

C.

Business continuity and backups.

D.

Organization wide objectives.

Buy Now
Questions 119

Which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

Options:

A.

Internal assessments must be performed by the chief audit executive.

B.

An internal assessment must be performed at least once every five years.

C.

It Is permissible to share the results of the QAIP with the organization ' s external auditors.

D.

Results of ongoing monitoring must be validated annually by an independent external assessor.

Buy Now
Questions 120

A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to IIA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

Options:

A.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees

B.

Review the investigation and implement any improvements to the process.

C.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

D.

Determine why the fraud was not detected earlier and design controls to strengthen early detection.

Buy Now
Questions 121

The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

Options:

A.

The internal audit charter does not identify which audit services are outsourced

B.

The internal audit charter has not been reviewed by the legal department

C.

The internal audit charter has not been approved by the board within the past year

D.

The internal audit charter does not describe the authority of the internal audit activity

Buy Now
Questions 122

Which of the following accurately describes the concept of inherent risk?

Options:

A.

Risk factors that exist when controls are in place and operating effectively

B.

Internal risk factors assuming no controls are in place

C.

Risk factors that cannot be mitigated because they are innate to a process

D.

Combination of internal and external risk factors in their pure state assuming no controls are in place

Buy Now
Questions 123

According to IIA guidance, which of the following would the internal audit activity examine in order to evaluate the organization ' s governance process for strategic and operational decisions ' ?

Options:

A.

The risk assessment process including interviews with senior management.

B.

The organization’s mission and value statements, code of conduct, and whistleblowing policy

C.

Board meeting minutes the board policy manual, and past audit reports

D.

Staff compensation objective setting and the performance evaluation policy and process

Buy Now
Questions 124

When testing a sample of payroll records during an engagement, an internal auditor suspects mat fraud has been committed. What should be the next step?

Options:

A.

The auditor should increase the sample size to determine the extent ol the fraud.

B.

The suspicions should be communicated to the chief audit executive.

C.

The testing should be completed with the results reported in the final audit report.

D.

A fraud investigator should examine the evidence and report back to the auditor.

Buy Now
Questions 125

To encourage internal audit objectivity, which of the following is an appropriate policy the chief audit executive should establish?

Options:

A.

Internal auditors should report their audit findings directly to the audit committee.

B.

To receive an outstanding performance rating, internal auditors are required to generate audit findings.

C.

Prior to hiring a new internal auditor, the chief audit executive must determine whether the auditor owns stock in the organization.

D.

Internal auditors are permitted to audit an entity managed by a close friend or relative, as long as they notify the chief audit executive.

Buy Now
Questions 126

Which of the following statements is true regarding the disclosure of results of the quality assurance and improvement program?

Options:

A.

If the results of both internal and external assessments support conformance with the Standards, the internal audit activity must communicate this to the board and senior management in writing.

B.

If it has been in existence fewer than five years and has no documented external assessment, the internal audit activity may not indicate that it is operating in conformance with the Standards.

C.

If nonconformance affects its ability to fulfill its professional responsibilities or stakeholder expectations, the internal audit activity should disclose nonconformance as well as its impact.

D.

If an external assessment reflects an overall conclusion of nonconformance, the internal audit activity may continue to communicate that it conforms with theStandards if it discloses a remediation plan, including timeline with subsequent validation.

Buy Now
Questions 127

Which of the following is a legitimate requirement for an internal audit activity’s quality assurance and improvement program (QAIP)?

Options:

A.

Quality assessments should be performed by individuals with sufficient knowledge of the internal audit practices

B.

External quality assessments should be conducted every seven years

C.

All quality assessments should be either conducted or validated by an independent assessment team

D.

The results of the QAIP should be communicated to shareholders annually

Buy Now
Questions 128

Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor ' s most appropriate next step?

Options:

A.

Immediately notify management of the area under review and the other internal auditors involved in the engagement.

B.

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C.

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.

D.

Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.

Buy Now
Questions 129

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

Options:

A.

An independent third party has assessed the organization ' s system of internal controls to be adequate and effective,

B.

The chief audit executive reports both functionally and administratively to the CEO.

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

Buy Now
Questions 130

According to the Standards, in today ' s technology and business environments, how much computer and information systems-related knowledge and skills must an internal auditor have to be effective in fulfilling his job responsibilities?

Options:

A.

Auditors must have an IT specialty in at least one of their organization ' s key information technology systems.

B.

Auditors must be proficient in data analysis and computer assisted audit techniques for their organization.

C.

Auditors must understand their organization ' s integrated test facilities and generalized audit software.

D.

Auditors must understand their organization ' s IT governance, risk, and control processes.

Buy Now
Questions 131

Which of the following is an area that an organization would most likely include as part of its corporate social responsibility reporting?

Options:

A.

The profitability impact of its products in developing markets.

B.

The amount of political donations to local government races.

C.

The number of complaints related to traffic from its new factory.

D.

The compensation packages awarded to senior management.

Buy Now
Questions 132

Which of the following drivers of fraud is directly controllable by an organization?

Options:

A.

Pressure

B.

Rationalization

C.

Opportunity

D.

Incentive

Buy Now
Questions 133

Which of the following best describes the risk contained in an initial public offering for a new stock?

Options:

A.

Residual risk.

B.

Net risk.

C.

Inherent risk.

D.

Underlying risk.

Buy Now
Questions 134

According to IIA guidance, which of the following best demonstrates that the chief audit executive is properly reporting the results of the quality assurance and improvement program to senior management and the board?

Options:

A.

Providing a written conformance statement to both senior management and the board.

B.

Giving copies of both external and internal assessments to the board.

C.

Keeping files of reports of ongoing external assessment monitoring.

D.

Retaining copies of board meeting minutes showing that discussions of assessments took place.

Buy Now
Questions 135

Which of the following would be a red flag for potential issues in the control environment?

Options:

A.

Segregation of duties during preparation of the financial statements

B.

Compensation structures that are based on commissions

C.

A low rate of turnover in key financial positions

D.

The presence of a whistleblower policy and fraud hotlinea

Buy Now
Questions 136

Which of the following would be most helpful to measure whether an internal audit activity successfully provides risk-based assurance?

Options:

A.

Percentage of highly significant risks covered by internal audit plan.

B.

Percentage of previously unknown risks identified per engagement.

C.

Percentage of internal audit staff skilled in alignment with the organization ' s structure and key risks.

D.

Percentage of observations made in assurance engagements compared to advisory engagements.

Buy Now
Questions 137

An internal auditor found that his organization did not make a disclosure that is required by law. However, the auditor decided not to raise an audit finding. Which of the following Code of Ethics principles was violated?

Options:

A.

Objectivity.

B.

Integrity.

C.

Proficiency.

D.

Confidentiality.

Buy Now
Questions 138

Which of the following statements is true regarding consulting and assurance engagements performed by the internal audit activity ' ?

Options:

A.

For both assurance and consulting engagements, the auditor must independently and objectively select the criteria for evaluation

B.

For a consulting engagement, internal auditors and management jointly agree on the adequate criteria needed to evaluate governance, risk management, and controls. This is not true of assurance engagements

C.

Engagement planning and fieldwork are similar for both types of engagements (there are no major differences) although the reporting process is different depending on which service is provided

D.

For a consulting engagement objectives must address governance risk management and control processes to the extent agreed upon with the client. This is not true of assurance engagements

Buy Now
Questions 139

Which of the following is an example of impairment to internal auditor independence or objectivity ' ?

Options:

A.

Assurance engagements for functions over which the chief audit executive (CAE) has responsibility are overseen by a party outside the internal audit activity

B.

Internal auditors provide consulting services relating to operations for which they had previous responsibilities

C.

Internal auditors provide consulting services relating to operations for which they have current responsibilities

D.

Consulting engagements for functions over which the CAE has responsibility are overseen by a party outside the internal audit activity

Buy Now
Questions 140

Senior management purchased surveillance cameras and installed them over a door that provides entry to an area where according to a recent internal audit report, hazardous materials exist and there is a high risk of explosion Which type of control was implemented in this situation?

Options:

A.

A corrective control

B.

A detective control

C.

A preventive control

D.

A directive control

Buy Now
Questions 141

An internal auditor has documented several instances in which management asked employees to ad against the policies and procedures. Which of the following is the most appropriate next step?

Options:

A.

Report the non-compliance cases to the board of directors.

B.

Recommend that management update its policies and procedures based on the circumstances.

C.

Investigate the rationale for management ' s actions.

D.

Recommend those employees to report the cases through the designed whistleblowing channel for the appropriate treatment.

Buy Now
Questions 142

Which of the following describes an ongoing monitoring activity that could be performed as part of an internal assessment for a quality assurance and improvement program (QAIP)?

Options:

A.

Planning and supervising engagements

B.

Evaluating the quality of supervision

C.

Identifying opportunities for improvement m internal audit ' s processes and procedures

D.

Determining if the objectives of QAIP are current

Buy Now
Questions 143

An investment advisory firm purchased professional liability insurance to offer protection from lawsuits brought by customers claiming they received poor or erroneous advice. Which of the following best describes this risk management technique?

Options:

A.

Mitigation.

B.

Acceptance

C.

Transfer.

D.

Avoidance

Buy Now
Questions 144

Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?

Options:

A.

Evaluate how the organization manages fraud risk.

B.

Establish procedures for improving risk management processes.

C.

Ensure risk responses are aligned with industry standards.

D.

Verify that organizational objectives are aligned with each department’s objectives.

Buy Now
Questions 145

A manufacturer of power tools is experiencing regular fluctuations in the price of electrical power which is having a serious impact on the bottom line. Which of the following would be the most effective risk strategy to reduce the impact of these fluctuations?

Options:

A.

Use an average cost for power to smooth the bottom line.

B.

Analyze the amount of power used to produce each power tool.

C.

Review the current process to identify opportunities to reduce power usage.

D.

Use a forward contract for bulk power purchases

Buy Now
Questions 146

According to IIA guidance, which of the following activities would typically be examined when using the maturity model approach for assessing an organization ' s risk management program?

Options:

A.

Monitor and review.

B.

Performance measurement.

C.

Setting the context.

D.

Communication.

Buy Now
Questions 147

In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?

Options:

A.

The CAE previously undertook a consulting assignment in that area to improve processes,

B.

A couple of years ago, the CAE performed accounting functions for the payroll department.

C.

Prior to becoming the CAE, the CAE was the payroll manager.

D.

The assurance review was initiated following issues identified during a consulting assignment requested by management.

Buy Now
Questions 148

Which of the following can be used to minimize employees’ resentment of controls?

Options:

A.

Making sure employees are exempt from participating in control creation

B.

Implementing controls without lengthy explanations of their purpose

C.

Developing general constricting controls rather than detailed ones

D.

Not using controls to achieve goals

Buy Now
Questions 149

A series of incidents over the past year reveals several members of senior management possess a limited understanding of the concept and impact of fraud. Which of the following would be the most effective way to approach this issue?

Options:

A.

The board should ask the internal audit activity to perform additional assurance engagements.

B.

A comprehensive fraud risk assessment and management program should be carried out.

C.

The organization should conduct training sessions on fraud, which should be attended by senior management and staff.

D.

Anti-fraud and whistleblowing policies should be implemented and their importance should be clearly stated.

Buy Now
Questions 150

An organization allows the same individuals to physical access inventory and purchase new assets when supplies are depleted. Which of the following would best help the organization manage the risk of fraud?

Options:

A.

Accounting personnel should regularly perform reconciliation between invoices and purchase orders

B.

Accounting personnel should conduct a periodic inventory count and reconcile inventory movements

C.

internal auditors should review Vie frequency and volume of purchased assets to detect trends in the inventory levels

D.

Management should established a policy requiring new inventory asset purchases to be made on serialized order forms with copies retained

Buy Now
Questions 151

An internal audit team analyzed the organization ' s value-at-risk model during an assurance engagement and suggested several useful improvements. Management was impressed by the internal audit team’s work and requested additional actions. Which of the following requested actions would impact internal audit independence most severely if fulfilled?

Options:

A.

Assess the effectiveness of the model at least semi-annually.

B.

Modify model inputs and suggest courses of action based on outcomes.

C.

Employ acquired experience to test other models used by the company.

D.

Validate whether model outputs serve the purpose stated by the model.

Buy Now
Questions 152

Which of the following statements best describes a functional difference between external auditors and internal auditors?

Options:

A.

Internal auditors evaluate past achievements to understand whether controls are operating effectively, and external auditors focus on the accuracy of financial reporting.

B.

Internal auditors provide assurance about the sufficiency of controls to manage risks. Including risks of failure to achieve future goals, and external auditors evaluate the accuracy and understandability of financial reporting.

C.

internal auditors are always employed by the organization, rather than outsourced, and external auditors are never employed by the organization but contracted independently.

D.

Internal auditors are most directly concerned with the detection of fraud, while external auditors are most directly concerned with the prevention of fraud.

Buy Now
Questions 153

In which of the following situations has the internal auditor violated the IIA ' s Code of Ethics?

Options:

A.

An employee confided in an internal auditor and told him about fradulent activities. Although the employee asked for confidentially, the auditor disclosed her identity later during police questioning.

B.

While auditing payroll controls, an auditor was granted temporary access to salary data. The auditor referred to the acquired information while negotiating her work conditions three months later.

C.

Management considers an auditor to be highly competent and asked the audit to participate in an upcoming acquisition project. The auditor declined the request, calming a lack of knowledge.

D.

An internal auditor failed to acquire the continuing education credits needed for the year and requested that. The IIA change his certification status to inactive until the completed the required education activities.

Buy Now
Questions 154

According to IIA guidance, which of the following statements is true regarding due professional care?

Options:

A.

Internal auditors must exercise due professional care to Insure that all significant risks will be identified,

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist,

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost.

Buy Now
Questions 155

Which of the following indicates that internal audit independence may be compromised?

Options:

A.

The internal auditor maintains a close personal relationship with operational management.

B.

Material observations were intentionally left out of the audit report.

C.

Internal auditors assigned to the audit engagement did not have the knowledge, skills, and competencies needed to perform their responsibilities.

D.

An internal auditor failed to apply professional skepticism while performing audit tests in an area overseen by an experienced, reputable manager

Buy Now
Questions 156

According to IIA guidance, the internal audit activity must be free from interference in which of the following areas in order to maintain organizational independence?

Options:

A.

Monitoring resources.

B.

Compensating the chief audit executive.

C.

Determining scope.

D.

Allocating internal costs.

Buy Now
Questions 157

Senior management asks the chief audit executive to review the organization ' s compliance with recently introduced legislation on international transfer pricing. The review requires an internal auditor who thoroughly understands the legislation and pricing methods. The internal audit activity does not have an auditor with those skills. Which of the following is the most appropriate course of action?

Options:

A.

Outsource the engagement to an external audit firm that has appropriate skills.

B.

Recruit a lawyer with knowledge of the legislation to the audit team and ask the new auditor to perform the engagement.

C.

Decline to perform the engagement, as the internal audit activity does not have the appropriate skill set.

D.

Carry out the engagement using existing internal audit staff to help them gain the appropriate experience.

Buy Now
Questions 158

A large commercial bank was fined by regulators for fraudulent practices when employees, over a period of time, opened thousands of new accounts for existing clients without the clients ' consent. It was later found that employees were given unrealistic new account targets and were aggressively monitored by management on a daily basis.

Which of the following controls would have most likely reduced the likelihood of the fraudulent practice from occurring?

Options:

A.

An evaluation of the current performance and compensation program.

B.

The performance of background investigations on all existing employees.

C.

The availability of fraud training to all employees.

D.

The availability of an employee whistleblower hotline

Buy Now
Questions 159

An organization has limited resources to spend on corporate social responsibility initiatives. Which is the most suitable approach to determine how these resources should be used?

Options:

A.

Support a mix of environmental economic and social initiatives to ensure a balanced approach is taken

B.

Survey employees and external stakeholders to see which causes are best suited to the organization.

C.

Select corporate social responsibility initiatives that support the overall strategic goals of the organization

D.

Conduct a financial analysis to determine where the most impact can be made with the budget available

Buy Now
Questions 160

According to IIA guidance, which of the following statements regarding ethics is true?

Options:

A.

Business ethics may vary within an organization with both domestic and foreign operations.

B.

Business ethics are universal in nature and organizations across the world are expected to comply with similar standards.

C.

A business ethics policy for an organization is established solely to direct the behavior and expectations of employees.

D.

Business ethics of an organization must remain independent from those of suppliers, customers, and business partners.

Buy Now
Questions 161

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation.

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

Options:

A.

1,2, and 3,

B.

1 2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4.

Buy Now
Questions 162

Which of the following is a true statement regarding whistleblowing?

Options:

A.

Whistleblowing is one of several possible ethical structures an organization can undertake to encourage ethical behavior.

B.

Whistleblowing programs help employees deal with ethical questions and instill ethical values into everyday behavior

C.

Whistleblowers are current or former employees who are disgruntled and looking to retaliate.

D.

Whistleblowers should inform the organization about actual criminal circumstances, not assumed allegations

Buy Now
Questions 163

What is the ultimate goal of establishing a robust risk management framework in an organization?

Options:

A.

To support the organization ' s risk culture, involving employees at all levels.

B.

To ensure that the organization attains a better financial position.

C.

To assist the organization in identifying and mitigating key risks.

D.

To facilitate the organization ' s achievement of business goals and objectives.

Buy Now
Questions 164

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments. The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International! Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

Options:

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.

The self-assessment results were validated by a qualified external review team three years prior.

D.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Buy Now
Questions 165

Which of the following would provide the best support for internal auditors to meet their continuing professional development requirements?

Options:

A.

Access to online internal audit and business skills courses.

B.

Records of self-assessment reports completed by the internal audit staff.

C.

Cosourcing arrangements with external providers on specific engagements.

D.

Performance reviews comparing internal auditors ' achievements against specified goals.

Buy Now
Questions 166

An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?

Options:

A.

The policies and procedures of the internal audit activity.

B.

The provisions of the internal audit charter.

C.

The authority of the CEO.

D.

The IIA ' s Code of Ethics.

Buy Now
Questions 167

A technology company recently hired an entry-level internal auditor. To achieve conformance with the Standards, which of the following must the newly hired internal auditor possess?

Options:

A.

An understanding of fraud and fraud risk.

B.

IT audit expertise.

C.

Industry-specific knowledge

D.

At least one audit-related certification

Buy Now
Questions 168

Which of the following indicates an appropriate disclosure of a potential nonconformance with the Standards?

Options:

A.

An external assessment of the internal audit activity was last performed six years ago.

B.

The internal audit activity has been in existence for four years but has not performed an external assessment.

C.

An internal assessment is not performed every year.

D.

The internal audit activity has been in existence for two years and has documented only an internal assessment.

Buy Now
Questions 169

An internal auditor discovered that a former colleague from the internal audit activity now works in a junior position in a department scheduled for an upcoming audit. How can the auditor best ensure his objectivity for this engagement?

Options:

A.

Recommend mat the chief audit executive outsource the upcoming audit engagement

B.

Proceed with the audit engagement in accordance with the internal audit manual

C.

Increase the amount of fieldwork in order to build greater credibility for audit conclusions

D.

Declare a conflict of interest and hand over the engagement to another auditor

Buy Now
Questions 170

Which of the following best describes the board’s role in establishing effective organizational governance?

Options:

A.

The board is involved in approving operational policy

B.

The board monitors key processes and procedures

C.

The board has oversight responsibility for organizational resources

D.

The board approves management ' s detailed plans and objectives

Buy Now
Questions 171

According to IIA guidance, which of the following actions by the chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity?

Options:

A.

The CAE seeks senior management approval of the internal audit charter

B.

The CAE obtains senior management ' s approval to hire staff

C.

The CAE reports significant issues to the organization ' s CEO

D.

The CAE provides the board with an annual budget for approval

Buy Now
Questions 172

Which of the following would best preserve the organizational independence of the internal audit activity?

Options:

A.

The internal audit charter is approved by the chief audit executive (CAE).

B.

The CAE reports functionally to the CEO.

C.

The CAE ' s internal audit plan is endorsed by the board.

D.

The chief financial officer determines the appointment of the CAE.

Buy Now
Questions 173

An audit client who was unsatisfied with the audit report rating called the chief audit executive (CAE) and complained that the internal auditor who performed the audit was biased because his spouse, who worked in the area under review, was on a list of employees to be terminated. Which of the following measures would be most appropriate to prevent this situation from arising?

Options:

A.

Initiating an internal investigation to clarify whether a biased judgment took place.

B.

Requiring the internal auditors to disclose any potential conflicts of interest.

C.

Requiring that the audit client disclose any potential conflicts of interest with the auditor.

D.

Requiring human resources manager to submit all future job applicants ' data in order to identify relatives of auditors.

Buy Now
Questions 174

Which of the following is an example of an entity-level control pertaining to the finance area of an organization ' ?

Options:

A.

Key account reconciliation such as bank reconciliation

B.

Segregation of duties between posting and reviewing journal entnes

C.

A signing authority matrix for spending approvals

D.

The establishment of a finance and audit committee

Buy Now
Questions 175

According to IIA guidance, the nature and scope of assurance and consulting services to be offered must be clearly delineated in which of the following internal audit documents?

Options:

A.

The internal audit policies and procedures handbook.

B.

The internal audit charter.

C.

The internal audit mission statement.

D.

Each internal audit engagement letter.

Buy Now
Questions 176

Which of the following actions should the organization ' s governing body perform to provide the most effective governance over the organization ' s culture?

Options:

A.

Coordinate control activities.

B.

Provide direction.

C.

Design key controls.

D.

Deliver assurance.

Buy Now
Questions 177

A new chief audit executive realized that the internal audit charter has not been updated in five years and only includes the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, and the Standards. What mandatory component is missing?

Options:

A.

Statement of Independence.

B.

Operating Procedures of Internal Auditing.

C.

Definition of Internal Auditing.

D.

Attestation of Quality Assurance.

Buy Now
Questions 178

At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).

However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization. According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

Options:

A.

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards,

D.

The auditor breached the conflict of interest standard by accepting payment for travel costs

Buy Now
Questions 179

Which of the following needs to be established prior to undertaking an assessment of the quality assurance and improvement program?

Options:

A.

Department performance standards.

B.

Remediation timeframes.

C.

Nonconformance disclosures.

D.

External assessment resources

Buy Now
Questions 180

Which of the following best demonstrates the authority of the internal audit activity?

Options:

A.

Suggesting alternatives to decision makers.

B.

Improving the integrity of information.

C.

Determining the scope of internal audit services

D.

Achieving engagement objectives.

Buy Now
Questions 181

Which of the following is most likely to result in the impairment of independence for the internal audit activity?

Options:

A.

The chief audit executive (CAE) has a dual reporting relationship within the organization.

B.

The CAE performs an audit of a functional area that is also under the CAE ' s oversight.

C.

The CAE has unrestricted access to information throughout the organization and to the board.

D.

The board is involved in decisions to hire or remove the CAE and in drafting and approving an internal audit charter.

Buy Now
Questions 182

Upon completion of an external quality assessment, which of the following would the chief audit executive be required to report to the board?

Options:

A.

The total time spent to accomplish the external assessment

B.

The detailed evaluation results of the external assessment

C.

The competency and independence of the external assessment team

D.

The timetable and schedule of the next external assessment

Buy Now
Questions 183

Which of the following parties would be responsible for ongoing monitoring of the organization ' s corporate social responsibility activities to reduce its carbon footprint?

Options:

A.

Chief audit executive

B.

Facility operation manager

C.

Public relations manager

D.

Regulatory agency

Buy Now
Questions 184

Which of the following disclosures must the chief audit executive (CAE) include when communicating the results of the quality assurance and improvement program to senior management and the board?

Options:

A.

Authority and responsibility of the internal audit activity

B.

Hours and sources of continuing professional education

C.

Scope and frequency of both the internal and external assessments

D.

independence and objectivity impairments of the CAE

Buy Now
Questions 185

According to HA guidance, which of the following is true regarding independence and objectivity for small internal audit activities?

Options:

A.

The chief audit executive (CAE) may consider including a disclaimer on independence in audit reports.

B.

The CAE may consider greater involvement of those with suitable knowledge of audit practice.

C.

Conformance with this Standard is not dependent upon the size of the internal audit activity.

D.

Due to the small size of the internal audit activity, having an external assessment once every seven years is acceptable.

Buy Now
Questions 186

After the draft engagement report is issued, the manager of the area that was reviewed is informally interviewed by the engagement supervisor regarding the audit experience. Which of the following is most likely the purpose for this interview?

Options:

A.

Such an interview is performed when there is a need to dismiss an internal auditor

B.

Feedback from the manager will contribute to the audit team ' s professional development

C.

The manager ' s opinion will be used to form the final audit assessment and report rating.

D.

The manager will provide insights into the audited industry ' s trends

Buy Now
Questions 187

Which of the following statements about internal audit consulting engagements is true?

Options:

A.

The primary purpose of a consulting engagement is to assess evidence and provide conclusions.

B.

The internal audit activity determines the nature and scope of work for the specific consulting engagement

C.

Internal auditors may provide consulting services relating to operations for which they had previous responsibilities.

D.

It is not appropriate to communicate control issues identified during consulting engagements to the board

Buy Now
Questions 188

Which of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

Options:

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system.

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed in the last year.

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistleblower hotline.

Buy Now
Questions 189

To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?

Options:

A.

Require board oversight of the QAIP.

B.

Assess Standards conformance for each individual engagement.

C.

Conduct a self assessment at least once every five years.

D.

Report the results of the QAIP to senior management

Buy Now
Questions 190

Which of the following statements is true regarding organizational culture and an audit of the control environment?

Options:

A.

For multinational organizations it is important to ensure that the organizational culture is consistent at all locations

B.

Because the chief audit executive (CAE) is part of the organizational culture, external auditors should be engaged to evaluate the control environment

C.

If there are unresolved scope restrictions, the CAE should consider whether to pursue the audit and note the scope restrictions in the audit report

D.

Because it will create a conflict of interest relating to the control environment, senior management should not be consulted during the audit

Buy Now
Questions 191

Which of the following statements is true with regard to the quality assurance and improvement program (GAIP)?

Options:

A.

As the head of the organization, the CEO selects and appoints the external quality assessment team to perform the OAIP reviews.

B.

The chief audit executive determines the scope and frequency of both internal and external quality assessments based on the availability and capacity of resources in accordance with the annual internal audit plan.

C.

Minutes of meetings held with senior management and the board to discuss the scope and frequency of internal and external assessments support the OAIP reporting requirement.

D.

The internal audit activity needs to assess whether each engagement on the annual internal audit plan is conducted in conformance with the Standards.

Buy Now
Questions 192

Which of the following best describes a consulting engagement rather than an assurance engagement?

Options:

A.

Bank internal auditors review an activity checklist to determine that the loan officer followed proper procedures.

B.

The chief financial officer asks for the internal auditor ' s opinion regarding whether the new accounting pronouncements were properly and comprehensively adopted.

C.

An internal auditor is assigned to assess whether a proposed new initiative to convert a customer service system would be cost-effective.

D.

Senior management asks the internal audit activity to review compliance with customer data security regulations.

Buy Now
Questions 193

Which of the following is a detective control strategy against fraud?

Options:

A.

Requiring employees to attend ethics training.

B.

Performing background checks on employees.

C.

Implementing a control self-assessment.

D.

Performing a surprise audit

Buy Now
Questions 194

Which of the following is a way to demonstrate an individual internal auditor ' s competency through continuing professional development?

Options:

A.

Create different training budgets for each of the internal auditors

B.

Define average training hours per auditor as a team performance measure

C.

Analyze internal audit client survey feedback following audits

D.

Review training records for all internal auditors

Buy Now
Questions 195

Which of the following would most likely be classified as a consulting engagement?

Options:

A.

Examining the internal control effectiveness of the marketing department

B.

Assessing the adequacy of the IT system ' s business process design

C.

Facilitating a self assessment of the organizations business risk and control identification

D.

Reviewing the application controls in the human resources system

Buy Now
Questions 196

According to the 11A Code of Ethics, which of the following is required with regard to communicating results?

Options:

A.

The internal auditor should present material information to appropriate personnel within the organization without revealing confidential matters that could be detrimental to the organization.

B.

The internal auditor should disclose all material information obtained by the date of the final engagement communication.

C.

The internal auditor should obtain all material information within the established time and budget parameters.

D.

The internal auditor should reveal material facts that could potentially distort the reporting of activities under review.

Buy Now
Questions 197

Which of the following describes the primary objective when implementing a risk management framework?

Options:

A.

To achieve planned profitability for business expansion.

B.

To enhance an organization ' s confidence in achieving strategy.

C.

To strengthen corporate governance standards.

D.

To eliminate business risks and uncertainties.

Buy Now
Questions 198

The internal audit activity is asked to provide consulting services regarding the risks related to implementing a proposed new Inventory management system. Which of the following would be a key consideration of the internal audit activity in accepting this engagement?

Options:

A.

Ask the inventory manager to determine whether the work planned would be sufficient to meet the consulting engagement objectives.

B.

Ensure that the method used to communicate the results of the consulting engagement is consistent with the board ' s preferred method.

C.

Determine whether the benefits to be derived from the requested assessment would exceed the cost of providing the consulting service.

D.

Use email and telephone conversations to convey the results of the engagement, as these may prove to be the most efficient methods for communicating.

Buy Now
Questions 199

According to IIA guidance, an internal audit charter should detail which of the following?

Options:

A.

The objectives and goals of management

B.

The process used by the CAE to manage the organization ' s internal controls

C.

The nature of services that the internal audit activity will provide to external third parties

D.

The responsibilities of the audit committee

Buy Now
Questions 200

Which action by senior management indicates to the internal auditor that there may be fraudulent activities occurring within the organization?

Options:

A.

Setting unrealistic targets for staff to achieve

B.

Granting external audit firms access to staff and records.

C.

Automating some processes and allowing others to be performed manually

D.

Enforcing a zero-tolerance policy for misconduct

Buy Now
Questions 201

The internal audit activity conducted an organization wide risk assessment. One of the most significant risks identified is associated with the oil price market. The chief audit executive (CAE) is considering including in the annual audit plan an assessment of the effectiveness of oil price risk management. The manager responsible commented that the assessment was not needed, as market risks were regularly addressed by the financial risk committee. If the CAE decides to include this activity in the annual audit plan anyway, how should it be recorded?

Options:

A.

A consulting engagement independent of the financial risk committee ' s review.

B.

A risk assessment.

C.

An assurance engagement.

D.

A joint consulting engagement with input from the financial risk committee.

Buy Now
Questions 202

Which of the following statements best describes internal auditors ' role in fraud detection?

Options:

A.

Internal auditors ' roles are similar to those performed by loss prevention managers or fraud investigators.

B.

Internal auditors ' demonstration of adequate professional skepticism during an audit engagement is of paramount importance.

C.

Internal auditors should consider fraud risks in every assignment and demonstrate due care by detecting fraud instances.

D.

Internal auditors should possess a fraud-related body of knowledge, enabling them to carry out preventative and detective measures.

Buy Now
Questions 203

A subsidiary of the organization was preparing for an initial public offering (IPO). Af the request of the audit committee, the chief audit executive (CAE) and all senior audit staff were actively involved in the process by helping collect and validate financial data, conducting assessments, and participating in meetings with IPO advisors. Six months later, it became obvious that the IPO had to be canceled. Newly appointed audit committee members requested an assurance engagement that v/ould assess the IPO preparation process. Which of the following would be the best course of action for the chief audit executive (CAE) to take?

Options:

A.

The decision to involve auditors in the IPO was made by former audit committee members; therefore, the CAE is not responsible and can proceed with the new assignment.

B.

The CAE should reject the assignment, as such engagements are beyond the scope of auditors who are usually not familiar with root cause analysis methodology.

C.

The engagement should be undertaken by audit assistants and other junior staff members who were not involved in the IPO process.

D.

The CAE should disclose objectivity limitations to the audit committee and suggest alternatives, such as outsourcing the engagement.

Buy Now
Questions 204

Which of the following situations best describes an internal auditor who may have violated the IIA Code of Ethics principle of confidentiality?

Options:

A.

The auditor intentionally omitted from his resume that he was fired from his previous job for fraud allegations,

B.

The auditor decided not to notify her supervisor that her brother-in-law was responsible for the project the auditor was expected to evaluate.

C.

The auditor asked the audit client to copy requested files to her personal unencrypted memory stick because it was faster and more convenient.

D.

The auditor was assigned to analyze the organization ' s incentive program and spent long hours reviewing other employees’ bonuses,

Buy Now
Questions 205

Which of the following scenarios provides the most concerning red flag or indicator of possible fraud?

Options:

A.

An employee receives a bonus for perfect attendance

B.

During the past 18 months three chief financial officers have left the organization after having been promoted to the position

C.

The organization does not perform any due diligence research on third party service providers

D.

Three competitors are highly profitable but a fourth equal in size is approaching bankruptcy limits

Buy Now
Questions 206

According to IIA guidance, which of the following corporate social responsibility {CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

Options:

A.

1,2, and 3.

B.

1,2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4

Buy Now
Questions 207

Which of the following scenarios is a characterize of an organization with a highly effective ethical culture?

Options:

A.

An organization implements and communicates to staff a formal and comprehensive code of conduct, which is clear and understandable.

B.

An organization waives reference and background checks when hiring for certain sensitive positions in order to not violate potential employees ' rights to privacy.

C.

An organization punishes senior management more harshly for ethics violations than it would for lower-level staff to send a message throughout the organization.

D.

An organization conducts surveys of employees, suppliers, and customers once every five years to determine the slate of the ethical climate in the organization.

Buy Now
Questions 208

Which of the following is part of a fraud detection program?

Options:

A.

Whistleblower hotline.

B.

Authority limits.

C.

Background investigations

D.

Evaluation of compensation programs.

Buy Now
Questions 209

According to IIA guidance, which policy, established by the chief audit executive, would most likely ensure internal audits are conducted with due professional care?

Options:

A.

The initial review of workpapers should be conducted after the final engagement report is issued.

B.

Independent internal assessments of the internal audit activity should be performed by entry-level staff as part of on-the-job training.

C.

Internal audit staff should be informed regularly of changes to policies and procedures.

D.

Training documents should be destroyed at the end of the year to create space for the next year ' s training documents.

Buy Now
Questions 210

Which of the following would be considered a violation of The HAfs mandatory guidance on independence?

Options:

A.

The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer.

B.

The board seeks senior management ' s recommendation before approving the annual salary adjustment of the CAE.

C.

The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity,

D.

The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline

Buy Now
Questions 211

Which of the following tests would most likely help discover a fictitious invoice?

Options:

A.

Compare vendor addresses to employee addresses.

B.

Match cancelled checks to invoices.

C.

Search for duplicate payment amounts.

D.

Check employee bank records against invoice amounts.

Buy Now
Questions 212

Which of the following situations is most likely to prompt the internal audit activity to disclose its nonconformance with the Standards?

Options:

A.

One of the organization ' s senior internal auditors owns a side business, though to date, no sales have been made to this business.

B.

The annual internal audit plan includes performance audits of main business processes, but reviews of high-risk development projects were not considered.

C.

The internal audit activity committed to carrying out an audit of documentation on investment hed ging, and a hedging expert was contracted to assist with the engagement.

D.

A periodic quality self-assessment of the internal audit activity identified a number of improvement areas with regard to key performance indicators.

Buy Now
Questions 213

During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company ' s expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?

Options:

A.

Skills in evaluating the risk of fraud.

B.

Knowledge of key IT risks and controls

C.

Soft skills such as communication and negotiation.

D.

Knowledge and understanding of the company ' s expenses policy

Buy Now
Questions 214

According to IIA guidance, which of the following would be included in an internal audit charter to help establish the authority of the internal audit activity?

Options:

A.

Outline expectations for communicating the results of all aspects of the internal audit activity.

B.

Declare the internal audit activity’s accountability for safeguarding assets and confidentiality.

C.

Document the chief audit executive’s (CAE ' s) reporting line

D.

Document agreement between the CAE and the individual to whom the CAE reports

Buy Now
Questions 215

Which of the following statements relating to risk management is true?

Options:

A.

The high-level risk assessment performed during engagement planning is a detailed step-by-step analytical process

B.

External auditors must be engaged to evaluate the potential for fraud and how the organization manages fraud risk

C.

A lack of controls is acceptable if the risk is reduced to an acceptable level in some other way

D.

Internal auditors are responsible for managing the risks of the organization

Buy Now
Questions 216

A newly hired internal auditor is most likely to need further education in the area of business acumen in which of the following situations?

Options:

A.

She was transferred from the managerial accounting department of the same organization.

B.

She was recruited from the internal audit activity of another organization that operates in a different industry.

C.

She was offered a permanent position after she had worked with the organization for two years in a temporary auditor-in-training position.

D.

She previously served on the organization ' s external audit team and was recruited to the internal audit activity following the current year ' s financial audit.

Buy Now
Questions 217

An Internal auditor accepted a role as an engagement supervisor on a highly specialized and technical engagement for which she did not have the expertise. Which of the following fundamental principles of The IIA ' s Code of Ethics did she violate?

Options:

A.

Objectivity.

B.

Confidentiality.

C.

Competency.

D.

Due professional care.

Buy Now
Questions 218

In which of the following scenarios would the internal auditor’s objectivity be best protected?

Options:

A.

A former human resources manager conducts an effectiveness review of the appointment and termination process six months after transferring to the internal audit activity.

B.

An accounts payable clerk assists the internal auditors during an effectiveness review of the physical access controls to the server room.

C.

An internal auditor writes the system manual for a newly acquired payroll software application prior to conducting an effectiveness review of the system.

D.

An internal auditor conducts an effectiveness review of an organization ' s business continuity plan in which his son is a minority stockholder.

Buy Now
Questions 219

Which of the following best demonstrates conformance with the Standards relating to continuing professional development of internal auditors?

Options:

A.

Regulatory approval from an accrediting agency.

B.

Self-assessments against a competency framework.

C.

Approval and signoff from the board of directors.

D.

A review by external auditors on an annual basis

Buy Now
Questions 220

According to NA guidance, which of the following provides the best evidence of conformance with the Standards with respect to the proficiency required of the internal audit activity?

Options:

A.

Discussions with the chief audit executive.

B.

A listing of employee profiles and certifications.

C.

Inquiry of external auditors.

D.

Validation by human resources.

Buy Now
Exam Code: IIA-CIA-Part1
Exam Name: Internal Audit Fundamentals
Last Update: Jul 3, 2026
Questions: 735
IIA-CIA-Part1 pdf

IIA-CIA-Part1 PDF

$25.5  $84.99
IIA-CIA-Part1 Engine

IIA-CIA-Part1 Testing Engine

$30  $99.99
IIA-CIA-Part1 PDF + Engine

IIA-CIA-Part1 PDF + Testing Engine

$40.5  $134.99