An internal auditor performed a review that focused on the organization’s process for vetting vendors. The internal auditor’s testing identified that 120 out of 130 vendors had a business relationship with the organization’s procurement manager that violated conflict-of-interest policies. Which of the following conclusions could the internal auditor draw from these results?
How should an internal auditor approach preparing a detailed risk assessment during engagement planning?
An internal auditor developed a list of internal and external risk considerations across the organization ' s processes, developed a scale to assess each risk and allocated the relative importance of each risk. When of the following approaches did the auditor take?
A bank uses customer departmentalization to categorize its departments. Which of the following groups best exemplifies this method of categorization?
An internal auditor at an electricity provider analyzes data sets related to customers’ household electricity usage, including payments, consumption, profiles, etc. The objective is to assess the completeness of the invoicing process. Which of the following would be the best approach to fulfill this purpose?
How do internal auditors generally determine the priority of the areas within the engagement scope?
Which of the following statements is true regarding corporate social responsibility (CSR)?
An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?
During the planning stage of an assurance engagement, an internal auditor has been assigned to prepare a risk matrix. Which of the following should the internal auditor consider when attempting to identify process-level risks?
The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?
The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?
An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
A multinational organization has multiple divisions that sell their products internally to other divisions When selling internally, which of the following transfer prices would lead to the best decisions for the organization?
An internal auditor suspects that employee turnover is unusually high at the organization ' s primary manufacturing plant To investigate this potential issue which of the following analytical approaches is the auditor likely to use?
During an operational audit of the cash receipts process, internal auditors uncovered many red flags related to possible misappropriation of cash and other cash-flow problems indicative of potential employee fraud. Which of the following statements is true regarding the follow-up investigative audit?
While auditing an organization ' s credit approval process, an internal auditor learns that the organization has made a large loan to another auditors relative. Which course of action should the auditor take?
A compliance engagement is underway, and management of the activity under review has asked the internal auditor to provide regular status updates and information regarding preliminary observations before the engagement is complete. Which of the following would be the internal auditor’s most appropriate response?
Which of the following is a primary reason for an internal auditor to use a risk and control questionnaire when auditing financial processes?
The internal audit function is in the fieldwork stage of the annual staff performance appraisal assurance engagement. A new auditor is hired and added to the engagement team. The auditor reviews the engagement work program with another member of the team and suggests improvements to make the fieldwork easier to complete. What action should be taken next?
Which of the following constitutes supervisory activity undertaken during the planning phase of an assurance engagement?
Which of the following best describes the internal audit activity ' s responsibility within a risk and control framework?
An internal auditor is examining the organization ' s internal control processes. Which of the following would the auditor do to test the reliability of a customer database1?
According to IIA guidance, which of the following most appropriately justifies the CEO’s decision that the internal audit activity shall be responsible for risk management and Investigation at multinational organization?
An internal audit activity has to confirm the validity of the activities reported by a grantee that received a charitable contribution from the organization. Which of the following methods would best help meet this objective?
An internal auditor has suspicions that the management of a department splits me number of planned purchases to avoid the approval process required for larger purchases. Which of the following would be the most efficient technique to help the auditor identify the seventy of this malpractice?
According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the Internal audit activity^
A bicycle manufacturer incurs a combination of fixed and variable costs with the production of each bicycle. Which of the following statements is true regarding these costs?
An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization ' s board under which of the tollowing circumstances ' ?
1. In the opinion of the CAE the level of residual risk assumed by senior management is too high
2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales
3. The cost of modifying the sales system to include a preventive control is less than S100.000
Which of the following statements best describes the difference between risk appetite and risk tolerance?
A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks. When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?
Which of the following activities Is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?
The internal audit activity has adopted the balanced scorecard approach to assess its performance According to MA guidance which of the following is a key performance indicator relevant to the audit client?
A corporate merger decision prompts the chief audit executive (CAE) to propose interm changes to the existing annual audit plan to account for emerging risks Which of the following Is the most appropriate action for the CAE to take regarding the changes made to the audit plan?
For a new board chair who has not previously served on the organization’s board, which of the following steps should first be undertaken to ensure effective leadership to the board*?
Which of the following is a disadvantage of using flowcharts during a risk assessment?
An organization buys crude oil on the open market and refines it into a high-quality gasoline. The price of crude oil is extremely volatile. Which of the following is the most appropriate risk management technique to protect the organization against these price fluctuations?
Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?
According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?
Considering the five-attribute approach to documenting deficiencies in an area under review which of the following answers the question. " What should be in place?’’
The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the Internal auditor was assigned to an assurance engagement?
According to IIA guidance, which of the following statements is true regarding due professional care?
At a construction company, an internal auditor is planning an audit of the company ' s process for designing and building grid connections The process involves customers making payments m three parts
• The first payment of 10% after approval of the customer s application
• The second payment of 70% prior to construction
• The third payment of 20% after construction is complete
Which of the following key controls should the auditor test to ensure that the company is not taking any unwanted credit risks?
In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization ' s management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?
Which phase of an audit engagement is typically the most effective time for an internal auditor to develop a risk and control matrix?
When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?
An audit reveals that a manager ' s spouse is receiving paychecks, but is not employed by the organization. According to IIA guidance, which of the following actions should the internal auditor take?
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?
1. Graded positive opinion.
2. Negative assurance opinion.
3. Limited assurance opinion.
4. Third-party opinion.
The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed. How should the internal audit team proceed?
A code of business conduct should include which of the following to increase its deterrent effect?
1. Appropriate descriptions of penalties for misconduct.
2. A notification that code of conduct violations may lead to criminal prosecution.
3. A description of violations that injure the interests of the employer.
4. A list of employees covered by the code of conduct.
In preparing the engagement work program, which of the following is generally true with respect to secondary controls?
During follow-up. the internal auditor discovered that operational management did not implement effective actions to address a significant control breach If the issue is left unresolved it may result in regulatory sanctions and damage the organization ' s reputation What is the most appropriate next step for the chief audit executive to lake?
The audit committee has asked the chief audit executive (CAE) to conduct an ad hoc forensic investigation of the purchasing department within a month due to the significance and urgency of a recently discovered risk The internal audit activity currently has no available staff with relevant experience or qualifications Which of the following is the CAE ' s best option for fulfilling the internal audit activity ' s responsibilities in this case?
The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program ' s activities. What is the appropriate next step?
According to IIA guidance, which of the following steps should precede the development of audit engagement objectives?
Which type of assurance engagement is conducted to determine whether a process or area is performing as intended, accomplishing its objectives, and doing so in an efficient and economical way?
The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?
Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding Which of the following is a reason to use narrative memoranda?
Which of the following statements is true regarding internal auditors and other assurance providers?
An internal auditor uses a data query tool in the purchasing process to review the vendor master file for authorizations Which of the following describes the control objective likely being tested?
The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review Which of the following would be the most appropriate approach?
Which of the following would be the most reliable source of documentary evidence?
Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address the risks highlighted by the internal audit. Which of the following is the most appropriate action to address the outstanding audit recommendation?
An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?
An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?
Which statistical sampling approach would an internal auditor typically utilize if she wishes to test for fraud and the expected deviation rate is very low?
Which of the following analytical procedures should an internal auditor use to determine whether monthly expenses for the accounting department are reasonable?
At a conference an internal auditor presented a new computer-assisted audit technique developed by his organization The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers and the trip was approved by the chief audit executive (CAE). However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?
An internal control questionnaire would be most appropriate in which of the following situations?
Management has taken immediate action to address an observation received during an audit of the organization ' s manufacturing process Which of the following is true regarding the validity of the observation closure?
Which of the following internal audit activities is performed in the design evaluation phase?
According to IIA guidance, which of the following is the key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?
An internal auditor is performing an assessment in a vehicle brake manufacturing company. The auditor learned that the product quality test conditions are aligned with the company’s written test procedures. However, the test conditions are not similar to conditions experienced by vehicles in the real world. Documentation shows that a significant percentage of products fail the quality tests. Products that fail the tests are discarded. Which perspective is appropriate?
Operational management In the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?
During an audit of the accounts payable process, an internal auditor was assigned to confirm the quantity of goods received on receiving documents to invoices for those goods and subsequent postings in the accounting system. Which of the following procedures would be most appropriate for this test?
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?
Which of the following is the advantage of using internal control questionnaires (ICQs) as part of a preliminary survey for an engagement?
Management testimony of improper segregation of duties in the cash receipt process can be considered which of the following?
An internal auditor is performing testing to gather evidence regarding an organization ' s inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is The auditor ' s concern best describes which of the following risks?
An engagement supervisor reviewed a staff internal auditor ' s documentation and noted that several edits should be made. The internal audit activity uses an electronic workpaper database and does not maintain paper files for its system of record. A system error prevents the engagement supervisor from adding her electronic signature to any workpaper in the database Given this situation which is the most appropriate response to provide evidence of supervisory review?
According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?
1.Consult on CSR program design and implementation
2.Serve as an advisor on CSR governance and risk management.
3.Review third parties for contractual compliance with CSR terms
4Identify and mitigate risks to help meet the CSR program objectives
A healthcare organization ' s chief audit executive (CAE) noted that the organization ' s IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization ' s chief information officer (ClO) does not agree with the audit team ' s recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?
An internal auditor completed a review of expenses related to the launch of a new project. The auditor sampled 45 transactions approved by a senior project manager and identified 30 with questionable vendor documentation. Which of the following is the most appropriate conclusion for the auditor to include in the audit report?
Which of the following should be included in a company ' s year-end inventory valuation?
According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?
Which of the following is the primary reason an internal auditor would issue an interim report during an engagement?
A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline ' s pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?
Which of the following is one of the five basic tnanoal statement assertions when an internal auditor evaluates controls over financial reporting?
Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?
A multinational organization has asked the internal audit activity to assist in setting up the organization ' s risk management system The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?
Which of the following is the primary purpose of financial statement audit engagements?
An internal auditor is preparing for an auditor of newly implemented software that is used by 3,000 employees in South America and Europe. What would be the best way for the auditor to gather relevant feedback?
An internal auditor is assigned to validate calculations on the organization ' s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?
Which of the following is one of the differences between probability-proportional-to-size (PPS) and attribute sampling?
A team of internal auditors is assigned to audit the employee relations process in an organization, which includes employee conduct and disciplinary hearings. Which of the following audit approaches would provide the auditors with the best evidence to determine the degree to which disciplinary decisions are complying with documented policy?
An internal auditor wanted to determine whether the organization ' s 200 employees are charging their work hours accurately to the correct project. The internal auditor selected a sample of 30 employee time reports for testing. Based on the testing, the internal auditor determined the following:
- 5 Time reports were incorrect.
- 21 Time reports were correct.
- 4 Time reports were not supported.
Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?
An internal audit engagement supervisor approved the engagement work program submitted by an internal auditor and concluded that it satisfied engagement objectives. At the end of the engagement, the engagement supervisor reviewed the completed work program and found numerous deficiencies and inconsistencies in the engagement workpapers. Which of the following should be improved in the process of engagement supervision?
The chief audit executive (CAE) for a manufacturing company included in this year s audit plan a review of the company ' s laboratory, using an experienced external service provider. The audit plan was approved by the audit committee without any changes At the time of engaging the external service provider, the CAE also secured the approval from the CEO. Who is responsible for ensuring that the conclusions reached for this exercise are adequately supported7
Acceding to IIA guidance, which of the following statements is true regarding the risk assessment process performed by the internal audit activity?
In a small internal audit function, a single auditor is responsible for conducting the entire audit engagement. In this situation, what is the benefit of using a checklist as part of an engagement work program?
A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization ' s Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.
An organization is experiencing a significant risk that threatens its financial well-being Senior management requested that the chief audit executive (CAE) meet with them to discuss the risk. Which of the following would best describe the CAE ' s responsibility at the meeting?
Which of the following statement is consistent with IIA guidance the use of mentoring for internal auditors?
When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?
Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?
An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?
1.There is a clear strategy and timeline to migrate risk management responsibility back to management.
2.The internal audit activity has the final approval on any risk management decisions.
3.The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.
4.The nature of services provided to the organization is documented in the internal audit charter.
An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?
There is a clear strategy and timeline to migrate risk management responsibility back to management.
The internal audit activity has the final approval on any risk management decisions.
The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.
The nature of services provided to the organization is documented in the internal audit charter.
An internal auditor is asked to review a recently completed renovation to a retail outlet. Which of the following would provide the most reliable evidence that the completed work conformed to the plan?
According to IIA guidance which of the following statements is true regarding the annual audit plan?
An internal auditor is performing an engagement to determine whether quality control checks of electronic gaming systems are performed consistently among a technology company’s factories. Which of the following tests would support the audit engagement objectives?
Which of the following activities would an internal auditor perform as a consulting engagement for an organization?
Due to emerging new technologies that greatly affect the organization, the chief audit executive (CAE) wants to conduct frequent IT audit and is particularly focused on improving the quality of these engagements. Which of the following is the most viable solution for the CAE to ensure that IT audit quality is immediately enhanced and maintained long-term?
In which of the following situations would it be most appropriate for an internal audit function to issue an interim report or memo?
The internal audit activity plans to assess the effectiveness of management ' s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?
Which of the following activities best demonstrates an internal auditor ' s commitment to developing professional competencies?
An internal auditor finds inconsistencies in a risk area that needs immediate attention. Which of the following actions is most appropriate for the auditor?
A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy Which of the following is the most appropriate idea to include?
The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management ' s corrective actions Doing so would help the CAE assess which of the following?
Which of the following statements regarding the risk management process ' support of the internal audit activity is true?
Which of the following technologies will best reduce human processing errors and enable seamless exchange of business transactions among business partners?
According to IIA guidance which of the following best describes reliable information?
The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?
Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large organization?
An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?
Which of the following statements is true regarding different competitive strategies?
As part of internal audit ' s assistance with an annual external audit, the internal auditors are required to do a preliminary analytical review of an bank account balances. This involves verifying the current year end balances as web as comparing the current year end balances with previous year end balances to highlight significant changes. Which of the following is the most reliable source for verification of the current year end bank balances?
Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?
Senior management is challenging regulatory fines that were assessed to the organization due to questionable business practices. Their actions and the fines could have an adverse effect on the organization ' s ability to continue business. How would the chief audit executive respond?
Which of the following should be described in the recognition element of a typical internal audit repot?
After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?
A customer has supplied personal information to a bank to facilitate opening an account. The bank is part of a larger group of companies with core businesses including general insurance, life insurance, and investment products. Considering that the customer has closed his only account with the bank and the statutory data retention period has elapsed, which of the following actions by the bank is most likely to align with appropriate data privacy principles?
When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?
A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?
An internal auditor is assessing the organization ' s risk management framework. Which of the following formulas should he use to calculate the residual risk?
A)
B)
C)
D)
When using cost-volume-profit analysis, which of the following will increase operating income once the break-even point has been reached?
According to IIA guidance, which of the following is true regarding typical fraud schemes?
1.A diversion occurs when an employee has an undisclosed personal economic interest in a transaction that adversely affects the organization
2.Tax evasion is intentional reporting of false or misleading information on a tax return by an organization to reduce taxes owed.
3.Skimming involves stealing cash or assets from the organization and is normally concealed by adjusting the organization’s records
4Disbursement fraud occurs when a person causes the organization to issue a payment for fictitious goods or services
During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as the are earning a significantly higher salary. The auditor noted the names and amounts of each; and he planned to prepare a request to the chief audit executive for a salary Increase based on this Information. Which of the following IIA Code of Ethics principles was violated in this scenario?
An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?
An organization has a mature control environment but limited internal audit resources Given this scenario, on which of the following should the internal auditors focus their testing?
Internal control questionnaires are used to achieve which of the following objectives?
As part of the preliminary survey, an internal auditor sent an internal control questionnaire to the accounts payable function Based on the questionnaire responses, the auditor determines that there is no established procedure for adding and approving new vendors. What would the auditor do next?
A company makes a product at a cost of $26 per unit, of which $10 is fixed cost. The product is usually sold for $30 per unit; however, the company has been approached by a new customer who would like to purchase 3,500 units for $18 each Further, the company would Incur additional cost to deliver the units to this customer If the company has the excess manufacturing capacity and all other factors are constant, what is the additional cost that the company would Incur in order to make a profit of $1.50 per unit for this order?
Upon completing a follow-up audit engagement, the chief audit executive (CAE) noted that management has not implemented any mitigation measures to address the high
risks that were reported in the initial audit report. What initial step must the CAE take to address this situation?
According to IIA guidance, which of the following statements is true regarding engagement planning?
Which of the following would offer the strongest evidence to support the internal auditor ' s conclusion that a product is in stock, as stated in the accounting records?
An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the
bank heading, logo, or address. Which of the following statements is true regarding this situation?
In the years after the mid-service point of a depreciable asset, which of the following depreciation methods will result in the highest depreciation expense?
The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?
Which of the following performance measures is considered a lagging indicator to the largest degree?
An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?
An auditor reviews tender results for the procurement of construction equipment. Based on her significant experience the auditor believes that the obtained bid prices are too high. Which of the following is required to develop a relevant conclusion?
An internal auditor examined a nostatistical sample of open accounts receivable balances and discovered that 10 out of 60 exceeded the approved unseated credit limit threshold defined by the organization ' s policy What should the auditor document in the workpapers?
While reviewing warehouse inventory records, an internal auditor noticed that the warehouse has a surprisingly high number of products in storage. Over the past three years, the auditor had visited this particular warehouse numerous times for previous engagements and remembered that the warehouse was rather small. The auditor then decided to compare the square footage of the warehouse to the recorded number of products in storage. The auditor’s action is an example of which of the following?
After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the
organization. What is the most appropriate first step for the CAE to take?
According to IIA guidance, which of the following provides additional insight into errors, problems, missed opportunities, or noncompliance to improve the effectiveness and efficiency of an organization ' s control process?
Which of The following best describes a risk that is deemed " unacceptable " to the organization?
Which of the following is most likely to impair the organizational independence of the internal audit activity?
An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?
An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement.
3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.
According to the theory of constraints, which of the following is most influenced by various bottlenecks the organization encounters?
Which of the following would be most useful for an internal auditor to obtain during the preliminary survey of an engagement on internal controls over user access management?
A chief audit executive (CAE) determined that management chose to accept a high-level risk that may be unacceptable lo the organization. Which is the best course of action for the CAE to Follow?
A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components ' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?
During a review of data privacy an internal auditor is tasked with testing management ' s identification and prioritization of critical data collected by the organization. Which of the following steps would accomplish this objective?
Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?
During an organization’s management meetings, employees who report bad news and significant risks are treated as if they were to blame for those circumstances. As a result, employees tend to postpone delivering bad news to management for as long as possible. Which of the following should be addressed to improve this culture?
Which of the following sampling techniques is typically used when an internal auditor wants to test a large sample for fraud?
The chief audit executive can illustrate the value of the internal audit activity by reporting which of the following to the board?
According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?
Which of the following statements is true regarding the audit objective for an assurance engagement?
Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?
An engagement work program o of greatest value to audit management when which of the following is true?
When auditing an organization ' s purchasing function, which of the following appropriately matches an engagement objective and the resulting audit procedure?
Which of the following statements is true regarding managements use of judgement to design, implement, and conduct internal control?
While conducting an audit of a third party ' s Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?
1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
4. Submit management ' s plan of action to the external auditors for additional review.
An organization ' s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?
Which of the following describes the primary objective of an internal audit engagement supervisor?
According to IIA guidance, which of the following is a limitation of a heat map?
According to Maslow ' s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement^
The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?
Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?
An internal auditor wants to assess whether the organization ' s governing body was involved in strategic decisions for the use of social media. What could provide the most relevant evidence?
Which of the following structures would best suit a maintenance organization that needs to adapt quickly to rapidly changing technology?
Flowcharts are useful during audit planning because they contain information that may help internal auditors with which of the following?
Which of the following is most likely to be judged as a significant residual risk that would exceed the organization ' s acceptable risk level?
Which informal ion- gathering method would be most efficient for an internal auditor to determine whether specified control procedures are in place?
An internal auditor is conducting an assurance engagement in the procurement area. The auditor follows a checklist of tasks prepared for the engagement. During the process, the auditor notices some deviations from the procurement procedure requirements. However, these deviations are not directly linked to and do not prevent the auditor from completing the checklist tasks. So, the auditor does not investigate these deviations further. Which checklist drawback most likely applies to this situation?
An internal auditor is starting the fieldwork of an assurance engagement. The auditor will conduct a walkthrough of selected controls with control owners. What should be the primary objective of this walkthrough?
A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with management ' s decision, which of the following is the most appropriate next step for the CAE to take?
The internal audit activity has requested that new vendor information be summarized once per week in a single report, and that all invoices each week for these vendors be automatically flagged in the invoice processing system. Which of the following computerized audit techniques is the internal audit activity most likely applying?
An internal auditor s examination of accounts receivable generates the following results:
What is the projected misstatement for the population if ratio estimation is used?
In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?
Organizations that adopt just-in-time purchasing systems often experience which of the following?
An organization ' s healthcare insurance costs have been rising approximately 10 percent per year for several years. Which of the following analytical review procedures would best evaluate the reasonableness of the increase in healthcare costs?
Which of the following would most likely prompt special notification from the chief audit executive to same management?
Which of the following recommendation types is most likely to propose the most long-term solutions?
A chief audit executive (CAE) identifies that the internal audit activity lacks a necessary skill to perform a management request for a consulting engagement. According to IIA guidance, which of the following Is the most appropriate action the CAE should take regarding the request?
Which of the following statements about including consulting engagements in the annual internal audit plan is true?
A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?
Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?
An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?
During a review of the organization ' s waste management processes, the internal auditor discovered that wastewater is being disposed of inappropriately. The auditor ' s recommendations, suggested to mitigate the risk of regulatory sanctions and reputational damages, were accepted and timelines for implementation were agreed. However, during the internal audit activity ' s periodic follow-up exercise, management indicated that the recommendation was too expensive to implement and the current disposal method has been cost-effective. What should the chief audit executive do in this case?
An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?
Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
An internal auditor used a risk and control matrix to prepare a work program for testing a software release. During the engagement planning stage, he tested the design of
the release procedure as a key control and concluded that the control was not designed well. During the performance stage, he tested the operation of this control and
concluded that it was implemented as designed. Which of the following statements is true regarding this scenario?
Which of the following would be most likely found in an internal audit procedures manual?
Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?
CIA | IIA-CIA-Part2 Questions Answers | IIA-CIA-Part2 Test Prep | Practice of Internal Auditing Questions PDF | IIA-CIA-Part2 Online Exam | IIA-CIA-Part2 Practice Test | IIA-CIA-Part2 PDF | IIA-CIA-Part2 Test Questions | IIA-CIA-Part2 Study Material | IIA-CIA-Part2 Exam Preparation | IIA-CIA-Part2 Valid Dumps | IIA-CIA-Part2 Real Questions | CIA IIA-CIA-Part2 Exam Questions