Spring Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

IIA-CIA-Part2 Internal Audit Engagement Questions and Answers

Questions 4

The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?

Options:

A.

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Buy Now
Questions 5

A company makes a product at a cost of $26 per unit, of which $10 is fixed cost. The product is usually sold for $30 per unit; however, the company has been approached by a new customer who would like to purchase 3,500 units for $18 each Further, the company would Incur additional cost to deliver the units to this customer If the company has the excess manufacturing capacity and all other factors are constant, what is the additional cost that the company would Incur in order to make a profit of $1.50 per unit for this order?

Options:

A.

$0.50

B.

$1.50

C.

$2 50

D.

$3.50

Buy Now
Questions 6

Which of the following is the most appropriate reason for a chief audit executive to conduct an external assessment more frequently than five years?

Options:

A.

Significant changes in the organization's accounting policies or procedures would warrant timely analysis and feedback.

B.

More frequent external assessments can serve as an equivalent substitute for internal assessments.

C.

The parent organization's internal audit activity agreed to perform biennial reciprocal external assessments to provide greater assurance at a reduced cost.

D.

A change in senior management or internal audit leadership may change expectations and commitment to conformance

Buy Now
Questions 7

An organization's chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?

Options:

A.

It allows the internal audit function to provide more subjective conclusions that would help the organization meet its goals and objectives.

B.

It allows the internal audit function to perform the appropriate engagements that minimize audit fatigue within the organization.

C.

It allows the internal audit function to focus more attention on ensuring that solutions and risks adhere to defined regulations.

D.

It allows the internal audit function to obtain more resources to perform more engagements of departments within the organization.

Buy Now
Questions 8

Which of the following statements is true regarding engagement planning?

Options:

A.

The scope of the engagement should be planned according to the internal audit activity’s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational management's view of risk objectives.

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence.

Buy Now
Questions 9

An internal control questionnaire would be most appropriate in which of the following situations?

Options:

A.

Testing controls where operating procedures vary.

B.

Testing controls in decentralized offices.

C.

Testing controls in high risk areas.

D.

Testing controls in areas with high control failure rates.

Buy Now
Questions 10

Which of the following is least likely to help ensure that risk is considered in a work program?

Options:

A.

Risks are discussed with audit client.

B.

All available information from the risk-based plan is used.

C.

Client efforts to affect risk management are considered.

D.

Prior risk assessments are considered.

Buy Now
Questions 11

Which of the following statements is true regarding an organization’s inventory valuation?

Options:

A.

The valuation will be incorrect if the inventory includes goods in transit shipped free on board (FOB) destination to another organization.

B.

The valuation will be correct if the inventory includes goods received on consignment from another organization.

C.

The valuation will be incorrect if the inventory includes goods in transit shipped FOB shipping point from another organization.

D.

The valuation will be correct if the inventory includes goods sent on consignment to another organization

Buy Now
Questions 12

According to IIA guidance, which of the following activities is most likely to enhance stakeholders' perception of the value the internal audit activity (IAA) adds to the organization?

1. The IAA uses computer-assisted audit techniques and IT applications.

2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.

3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.

4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Buy Now
Questions 13

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

Options:

A.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

B.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

C.

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

D.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Buy Now
Questions 14

Which of the following is an example of internal benchmarking?

Options:

A.

Book value per common share ratio is lower than that of the prior year.

B.

Staff turnover ratio is higher than the comparable organization in the same industry.

C.

Utilities expense of the sales unit is higher than that of the customer service unit.

D.

Sales are significantly higher than the industry’s average for five years.

Buy Now
Questions 15

A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with managements decision, which of the following is the most appropriate next step for the CAE to take?

Options:

A.

The CAE must discuss the matter with senior management

B.

The CAE must discuss the matter with key shareholders.

C.

The CAE must discuss the matter with legal counsel.

D.

The CAE must discuss the matter with the board

Buy Now
Questions 16

According to IIA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

Options:

A.

To enable Triple Bottom Line reporting capability.

B.

To facilitate the conduct of risk assessment

C.

To achieve and maintain sustainable development.

D.

To fulfill regulatory and compliance requirements.

Buy Now
Questions 17

When is an organic organizational structure likely to be more successful than a mechanistic organizational structure?

Options:

A.

When a manufacturing organization has stable demand for its products.

B.

When an organization is subjected to strong political and social pressures

C.

When a manufacturer has reliable resources and suppliers.

D.

When an organization is infrequently affected by technological advances

Buy Now
Questions 18

According to IIA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?

Options:

A.

Developing policies and procedures for the internal audit activity

B.

Ensuring the internal audit activity is not found fallible during audit engagements.

C.

Undertaking all engagements that management requests of the internal audit activity.

D.

Ensuring the internal audit activity reports functionally to the board of directors

Buy Now
Questions 19

A multinational organization has multiple divisions that sell their products internally to other divisions When selling internally, which of the following transfer prices would lead to the best decisions for the organization?

Options:

A.

Full cost

B.

Full cost plus a markup.

C.

Market price of the product.

D.

Variable cost plus a markup.

Buy Now
Questions 20

As a result of server managements assumption of risk there is residual risk that exceeds me organisation's risk appetite. Which of the following actions would be most appropriate for the chief audit executive to take?

Options:

A.

ignore the responsibility of addressing the residual risk

B.

Assume the responsibility of addressing the residual risk

C.

Ensure senior management acknowledges residual risk

D.

Communicate with the board the issue of residual risk

Buy Now
Questions 21

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?

Options:

A.

The review notes may be cleared from the final documentation once the engagement supervisors concerns have been addressed

B.

Management of the area under review must address the engagement supervisors review notes before the audit report can be finalized.

C.

The chief audit executive must initial or sign the engagement supervisors review notes to provide evidence of appropriate engagement supervision.

D.

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program

Buy Now
Questions 22

What is the primary reason that audit supervision includes approval of the engagement report?

Options:

A.

To ensure the objectives of the area under review are met.

B.

To ensure senior management supports the report's conclusions.

C.

To ensure report style and grammar are appropriate.

D.

To ensure report findings are substantiated.

Buy Now
Questions 23

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9

Options:

A.

Mitigating risks affecting achievement of organizational objectives.

B.

Enabling opportunities affecting achievement of organizational objectives.

C.

Analyzing and advising regarding costs versus benefits of control activities.

D.

Attesting to fairness of financial statements

Buy Now
Questions 24

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisor’s review notes?

Options:

A.

The review notes may be cleared from the final documentation once the engagement supervisor’s concerns have been addressed.

B.

Management of the area under review must address the engagement supervisor's review notes before the audit report can be finalized.

C.

The chief audit executive must initial or sign the engagement supervisor’s review notes to provide evidence of appropriate engagement supervision.

D.

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program.

Buy Now
Questions 25

In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization's management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?

Options:

A.

Infrastructure.

B.

Emerging.

C.

Managed.

D.

Initial.

Buy Now
Questions 26

A compliance engagement is underway, and management of the activity under review has asked the internal auditor to provide regular status updates and information regarding preliminary observations before the engagement is complete. Which of the following would be the internal auditor’s most appropriate response?

Options:

A.

The auditor should accommodate the request for information and brief management on significant preliminary observations as they develop.

B.

The auditor should advise management that the requested information cannot be communicated until the engagement is complete and the results undergo a quality check by the engagement supervisor.

C.

The auditor should share the requested information but clearly communicate that it is not appropriate for him to correct any observations based on further information that may be provided by management.

D.

The auditor should partially accommodate the request, explaining that he can provide status updates regarding the engagement procedures and timeline but he is unable to provide information regarding preliminary observations.

Buy Now
Questions 27

The audit engagement objective is to identify vendors who might be involved in money laundering processes or tax evasion schemes. How would the internal auditor use data analytics to fulfill this objective?

Options:

A.

Run reports listing all payments made in countries other than vendor locations

B.

Run reports listing all credit limit overrides

C.

Run reports listing all instances of delayed revenue recognition

D.

Run three-way match reports, matching invoices, purchase orders, and receiving reports

Buy Now
Questions 28

Which of the following methodologies consists of the internal auditor holding individual meetings with different people, asking them the same questions, and aggregating the results?

Options:

A.

Facilitated workshops.

B.

Surveys.

C.

Structured interviews.

D.

Elicitation.

Buy Now
Questions 29

Which of the following is the primary purpose of implementing a program whereby employees are rotated from other parts of the organization into the internal audit activity?

Options:

A.

It provides the internal audit activity with more resourcing options to meet the audit plan

B.

It offers internal auditors the opportunity to learn more about other work areas.

C.

It gives nonauditors a better understanding of the control environment.

D.

It provides an opportunity for the recruitment of employees as permanent internal auditors

Buy Now
Questions 30

An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?

Options:

A.

The policies and procedures of the internal audit activity.

B.

The provisions of the internal audit charter.

C.

The authority of the CEO.

D.

The IIA's Code of Ethics.

Buy Now
Questions 31

A manufacturing organization specializes in the production of evaporated milk and breakfast cereals. The manufacturing processes create significant loss in the form of waste and byproducts. The provision for normal production loss is known to senior management, but little action is taken when abnormal production losses occur. The organization sells its production byproducts to fish farmers at a reduced price. The byproducts are a widely recognized and used product in the fish farming industry. The organization has a policy that also allows its employees to purchase the byproducts at a negligible price. Based on the above, which of the following risks should the internal audit function consider when planning an engagement of the production process?

Options:

A.

The production team may be incentivized to increase production losses.

B.

The production team may work overtime and be overworked.

C.

Increased misappropriation of finished products.

D.

Risk that the finished product quality may be impaired.

Buy Now
Questions 32

While conducting a review of the logistics department the internal audit team identified a crucial control weakness. The chief audit executive (CAE) decided to prepare an audit memorandum for management of the logistics department followed by an informal meeting What is the most likely reason the CAE decided to prepare the audit memorandum?

Options:

A.

To report up-to-date audit progress to management

B.

To ensure that the internal audit team and the CAE are aligned with regard to the identified weakness

C.

To allow management to address the identified weakness timely

D.

To obtain management's agreement with regard to the identified weakness

Buy Now
Questions 33

Which of the following recommendation types is most likely to propose the most long-term solutions?

Options:

A.

Condition-based recommendations

B.

Cause-based recommendations

C.

Effect-based recommendations

D.

Root cause-based recommendations

Buy Now
Questions 34

Which of the following internal control attributes should internal auditors consider testing during a review of the board of directors?

Options:

A.

The presence of an independent critical mass

B.

The established philosophy and operating style of senior management

C.

The articulated internal control objectives of the organization

D.

The organization's employee recruiting and retention policies

Buy Now
Questions 35

During the review of an organization's retail fraud deterrence program, an employee mentions that an expensive fraud surveillance information system is rarely used. The internal auditor concludes that additional staff are required to properly utilize the system to its full potential. According to IIA guidance, which criteria for evidence is most lacking to reach this conclusion?

Options:

A.

Sufficiency.

B.

Reliability.

C.

Relevancy.

D.

Usefulness.

Buy Now
Questions 36

Which of the following should the chief audit executive do when evaluating the possibility of relying on external auditors' work?

Options:

A.

Perform comprehensive background checks on all independent auditors on the engagement.

B.

Recalculate all financial calculations to confirm competency.

C.

Examine objectivity and any perceived or actual conflicts of interest.

D.

Review audit tests employed in all previous audits.

Buy Now
Questions 37

The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?

Options:

A.

Refuse to accept the consulting engagement because it would be a violation of independence.

B.

Collaborate with the external auditor to ensure the most efficient use of resources.

C.

Accept the engagement but hire an external training specialist to provide the necessary expertise.

D.

Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.

Buy Now
Questions 38

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

Options:

A.

Recommend additional segregation-of-duty reviews.

B.

Recommend appropriate awareness training for all finance department staff.

C.

Recommend rotating finance staff in this area.

D.

Recommend that management address these concerns immediately.

Buy Now
Questions 39

Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?

Options:

A.

Reviewing journal entries for accuracy and completeness.

B.

Comparing the policies and procedures to regulatory collections guidance.

C.

Advising management on streamlining the recording of accounts receivable.

D.

Performing a walk-through of the debt collections process to determine whether proper segregation of duties exists

Buy Now
Questions 40

Which of the following is the primary purpose of financial statement audit engagements?

Options:

A.

To assess the efficiency and effectiveness of the accounting department.

B.

To evaluate organizational and departmental structures, including assessments of process flows related to financial matters.

C.

To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.

D.

To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.

Buy Now
Questions 41

During a consulting engagement an internal auditor wants to determine whether all principal stakeholders are involved in a project. Which tool should the auditor use?

Options:

A.

RACI (responsible, accountable, consult and inform) chart

B.

Flowchart

C.

SWOT{strengths. weaknesses opportunities, and threats) analysis

D.

Workflow analysis

Buy Now
Questions 42

The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program's activities. What is the appropriate next step?

Options:

A.

Conclude whether the ESG program's activities are meeting the established goals

B.

Communicate the results of the assessment to senior management

C.

Develop recommendations based on the results of the assessment

D.

Perform testing on the activities selected based on the assessment

Buy Now
Questions 43

According to HA guidance, which of the following is the Key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?

Options:

A.

Review the organizational structure, management roles and responsibilities and operating procedures

B.

Evaluate management's risk assessment and the internal audit activity's risk assessment

C.

Assess process How and control documents used to meet regulatory requirements

D.

Review meeting notes from discussions involving management of the area to be reviewed.

Buy Now
Questions 44

A manager has allowed a subordinate employee to have greater control and responsibility over the tasks that he performs This is an example of which of the following?

Options:

A.

Job enlargement

B.

Job enrichment

C.

Horizontal loading of the job.

D.

Job rotation.

Buy Now
Questions 45

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management's compliance with privacy laws for safeguarding customer information stored on the organization's servers. Which course of action is appropriate for this phase of the engagement?

Options:

A.

Solicit the services of a specialist information systems auditor

B.

Obtain the most current approved copies of the organization's privacy policy

C.

Consult with legal counsel about new privacy laws to establish appropriate criteria

D.

Consider the detection risk of noncompliance with the laws

Buy Now
Questions 46

The chief audit executive was asked to define me internal audit activity s key performance indicators (KPIs) tor the upcoming year. The KPIs must measure efficiency and effectiveness. Which of the following is an example of a KPI that measures effectiveness?

Options:

A.

Internal audit reports are consistently submitted prior to the audit report deadline

B.

Post engagement surveys completed by management indicate a "meets or exceeds expectations" idling

C.

There is a significant reduction of travel costs per project over the next fiscal year

D.

Internal auditors identify a minimum number of issues and provide recommendations to address them for each audit

Buy Now
Questions 47

According to ISO 31000, which of the following statements is correct?

Options:

A.

The board is responsible for setting the organizational attitude through tone at the top.

B.

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities

C.

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.

The framework is designed to be effective for organizations no matter how small.

Buy Now
Questions 48

A multinational organization has asked the internal audit activity to assist in setting up the organization's risk management system The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

Options:

A.

Coordinate and facilitate risk workshops for management to attend

B.

Establish the degree of risk appetite for management to accept.

C.

Set risk Indicators and mitigation plans for management to Implement.

D.

Determine the number of significant risks for management to report to the board

Buy Now
Questions 49

Two internal auditors are conducting an audit engagement concerning derivatives. The auditors meet with the organization's head of accounting. The head of accounting later complains to the chief audit executive (CAE) that it took hours for the auditors to understand basic derivatives concepts and how derivatives are typically recorded in bookkeeping. What should the CAE have considered more thoroughly?

Options:

A.

The engagement objectives.

B.

The head of accounting’s schedule availability.

C.

The auditors' qualifications.

D.

The details of the audit test plan.

Buy Now
Questions 50

For a new board chair who has not previously served on the organization’s board, which of the following steps should first be undertaken to ensure effective leadership to the board*?

Options:

A.

Chair should learn the current organizational culture of the company.

B.

Chair should learn the current risk management system of the company

C.

Chair should determine the appropriateness of the current strategic risks.

D.

Chair should gain an understanding of the needs of key stakeholders.

Buy Now
Questions 51

During an assurance engagement an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies. Which of the following skills did the auditor demonstrate?

Options:

A.

Internal audit management

B.

Conflict negotiation.

C.

Critical thinking

D.

Persuasion and collaboration

Buy Now
Questions 52

An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 53

According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?

Options:

A.

Criteria

B.

Cause

C.

Effect

D.

Condition

Buy Now
Questions 54

When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?

1. The competency and qualifications of the audit staff for specific assignments.

2. The effectiveness of IAA staff performance measures.

3. The number of training hours received by staff auditors compared to the budget.

4. The geographical dispersion of audit staff across the organization.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Buy Now
Questions 55

In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?

Options:

A.

The CAE previously undertook a consulting assignment in that area to improve processes.

B.

A couple of years ago, the CAE performed accounting functions for the payroll department.

C.

Prior to becoming the CAE, the CAE was the payroll manager.

D.

The assurance review was initiated following issues identified during a consulting assignment requested by management.

Buy Now
Questions 56

An organization recently acquired a subsidiary in a new industry, and management asked the chief audit executive (CAE) to perform a comprehensive audit of the subsidiary prior to recommencing operations The CAE is unsure her team has the necessary skills and knowledge to accept the engagement According to IIAguidance, which of the following responses by the CAE would be most appropriate?

Options:

A.

The CAE should accept the engagement and ensure that an explanation of the expertise limitations is included in the final audit report.

B.

The CAE should ask management to hire an external expert who is familiar with the industry to perform an independent audit for management

C.

The CAE should accept the engagement and hire an external expert to assist the audit team with the audit of the subsidiary

D.

The CAE should recommend postponing the engagement until the internal audit team is able to develop sufficient knowledge of the new industry

Buy Now
Questions 57

After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?

Options:

A.

The CAE should send the final report to operational and senior management and the audit committee.

B.

The CAE should send the final report to operational management only, as there is no need to communicate this information to higher levels.

C.

The CAE should notify operational and senior management that the audit engagement was completed with no significant findings to report.

D.

The CAE should send the final report to operational management and notify senior management and the audit committee that no significant findings were identified.

Buy Now
Questions 58

An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?

Options:

A.

Utility software

B.

Integrated test facility

C.

Parallel simulation

D.

Generalized audit software

Buy Now
Questions 59

To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?

Options:

A.

Assess controls for potential compliance issues that may affect me consolidation

B.

Brief vendors on the potential risks that will occur without continued business

C.

Advise division managers on how to streamline operations for better efficiency

D.

Determine whether the organization’s controls are effective in meeting business objectives

Buy Now
Questions 60

According to the theory of constraints, which of the following is most influenced by various bottlenecks the organization encounters?

Options:

A.

Manufacturing.

B.

Profitability.

C.

Overheads.

D.

Quality.

Buy Now
Questions 61

Which of the following activities Is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

Options:

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud

C.

Interrogating a suspected fraudster.

D.

Completing a process review to improve controls to prevent fraud.

Buy Now
Questions 62

According to IIA guidance which of the following represents sufficient information?

Options:

A.

Information that is factual adequate and convincing

B.

Information that is best attainable through the use of appropriate engagement techniques

C.

Information that supports engagement objectives and recommendations

D.

Information that helps the organization meet its goals

Buy Now
Questions 63

According to IIA guidance, which of re following actions should the internal auditor take immediately after having considered fraud scenarios and identified and prioritized fraud risks?

Options:

A.

Determine which controls if any are in place to mitigate the fraud risks

B.

Follow protocol for internal reporting and investigating fraud allegations

C.

Research frauds that nave occurred t\ similar organizations

D.

Incorporate the fraud risk assessment into the engagement plan

Buy Now
Questions 64

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

Options:

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Buy Now
Questions 65

A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?

Options:

A.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

B.

All completed training costs, and the cost of actual production hours completed to date.

C.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

D.

All completed training costs, and 50% of the contracted production costs.

Buy Now
Questions 66

According to HA guidance on IT, which of the following actions would be performed as part of the "Define IT Universe" stage of the IT audit plan development process?

Options:

A.

Identify significant applications that support the business operations

B.

Assess risk and rank subjects using business risk factors

C.

Identify how the organization structures its business operations

D.

Select audit subjects and bundle into distinct audit engagements

Buy Now
Questions 67

Which of the following statements is true regarding internal auditors and other assurance providers?

Options:

A.

Assurance providers who report to management and/or are part of management cannot provide control serf-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit

D.

hours Internal auditors can rely on the work of other assurance providers only rf the other assurance providers report directly to the board

Buy Now
Questions 68

Which of the following constitutes supervisory activity undertaken during the planning phase of an assurance engagement?

Options:

A.

Ensuring the process owner with the engagement objectives

B.

Reviewing engagement draft reports

C.

Ensuring workpapers support audit findings

D.

Approving audit work programs

Buy Now
Questions 69

Which statement best describes the benefit of using workpapers from recent internal audit engagements of the area under review to plan new engagements?

Options:

A.

Recent workpapers can help during the planning of a new engagement to understand any corrective actions taken by management to address previous engagement observations.

B.

Tests described in recent workpapers can be copied into the new workpapers to save time from reperforming a risk assessment.

C.

Recent workpapers serve as the best source for identification of the risks to be examined in the new engagement.

D.

The new engagement scope can be derived from recent workpapers to ensure the reperformance of engagement procedures.

Buy Now
Questions 70

An organization obtains maintenance personnel from a third-party service provider. The third-party service provider submits monthly timetables of contracted maintenance personnel and bills the organization on an hourly basis. Which of the following will most likely help an internal auditor validate the number of hours billed by the third-party service provider?

Options:

A.

Conduct a due diligence review of the third-party service provider

B.

Ask the third-party service provider to provide internal time-keeping records

C.

Obtain access logs from entrances to the organization's facilities

D.

Interview the manager responsible for contracting external personnel

Buy Now
Questions 71

During the planning phase of an assurance engagement, an internal auditor seeks to gam an understanding of now when the area under review is accomplishing its objectives When of the

Following information-gathering techniques is the auditor most likely to use?

Options:

A.

A review of the key performance indicators of me area under review.

B.

A walkthrough of the key processes of the area under review.

C.

An interview with the manager regarding the area's business plan.

D.

A review of previous audit and follow- up results of the area under review

Buy Now
Questions 72

A senior IT auditor is performing an audit of inventory valuation. The auditor misinterprets the sampling results. Which of the following best describes this situation?

Options:

A.

Sampling risk.

B.

Control risk.

C.

Nonsampling risk.

D.

Residual risk.

Buy Now
Questions 73

A financial services organization's CEO requests that the internal audit function carry out fraud scenario testing over the supplier payment process. The engagement supervisor intends to identify these scenarios using a technique that motivates the sharing of ideas. Which of the following provides the internal audit function with this information?

Options:

A.

Fraud risk matrix

B.

Benchmarking

C.

Brainstorming

D.

Walkthroughs

Buy Now
Questions 74

How should an internal auditor approach preparing a detailed risk assessment during engagement planning?

Options:

A.

Complete the risk assessment independently to prevent conflicts of interest with the function being reviewed.

B.

Work with external auditors to ensure that the risk assessment includes items reflected on the independent auditor's report.

C.

Work with management of the function being reviewed, as management would be most familiar with the business objectives and related risks.

D.

Consult with the compliance department, which typically has a more comprehensive view of the organization.

Buy Now
Questions 75

What is the primary reason that audit supervision includes approval of the engagement report?

Options:

A.

To ensure the objectives of the area under review are met

B.

To ensure senior management supports the reports conclusions

C.

To ensure report style and grammar are appropriate.

D.

To ensure report findings are substantiated

Buy Now
Questions 76

Which of the following statements is true regarding the reporting of tangible and intangible assets?

Options:

A.

For plant assets, cost includes the purchase price and the cost of design and construction

B.

For intangible assets, cost includes the purchase price and development costs.

C.

Due to their indefinite nature, intangible assets are not subject to amortization.

D.

The organization must expense any cost incurred in developing a plant asset

Buy Now
Questions 77

Which of the following is true regarding the monitoring of internal audit activities?

Options:

A.

The form and content of monitoring policies could vary by industry

B.

The board of directors is responsible for the establishment of monitoring polities

C.

Both large and small audit departments must have written policies on monitoring.

D.

The chief audit executive must develop all monitoring policies related to the activity

Buy Now
Questions 78

Which of the following best describes the four components of a balanced scorecard?

Options:

A.

Customers, innovation, growth, and internal processes.

B.

Business objectives, critical success factors, innovation, and growth.

C.

Customers, support, critical success factors, and learning.

D.

Financial measures, learning and growth, customers, and internal processes.

Buy Now
Questions 79

With regard to project management, which of the following statements about project crashing is true?

Options:

A.

It leads to an increase in risk and often results in rework.

B.

It is an optimization technique where activities are performed in parallel rather than sequentially

C.

It involves a revaluation of project requirements and/or scope.

D.

It is a compression technique in which resources are added to the project

Buy Now
Questions 80

Which of the following would offer the strongest evidence to support the internal auditor's conclusion that a product is in stock, as stated in the accounting records?

Options:

A.

The auditor performs an observation.

B.

The vendor provides third-party confirmation.

C.

The auditor documents interviews with multiple warehouse personnel.

D.

Warehouse management submits photographs of the product on the inventory shelf.

Buy Now
Questions 81

According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?

Options:

A.

The CAE can release prior internal audit reports with the approval of the board and senior management.

B.

The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

C.

The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

D.

The CAE can release prior information provided it is as originally published and distributed within the organization.

Buy Now
Questions 82

During an audit of the human resources department, an internal auditor adopts benchmarking to test the employee turnover rate. How should the internal auditor apply this technique?

Options:

A.

Compare turnover m the organization to published turnover rates of peer organizations.

B.

Compare turnover in one period with turnover in the previous period in the organization

C.

Compare turnover in the period to total employees in the organization

D.

Compare turnover with the auditor's general knowledge of the organization

Buy Now
Questions 83

Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?

Options:

A.

Criteria

B.

Condition

C.

Cause

D.

Effect

Buy Now
Questions 84

During an engagement in one of the subsidiaries of an organization, an internal auditor noted the following in the workpapers:

"As a subsidiary of a multinational organization in this particular country, the entity is required to register annually with the

respective ministry. However, the subsidiary did not submit the required documentation for registration during the prior year. Failure

to comply with internal and external regulations could lead to penalties or fines from the respective authorities. It is recommended

that the management of the subsidiary ensures compliance with the relevant legislation. As a recoverable action, management

should register the subsidiary in the current year as soon as possible."

What part of this narrative represents a condition of the observation made by auditors in the final report?

Options:

A.

" ... the subsidiary did not submit required documentation for registration in the prior year."

B.

" ... the entity is required to register annually with the respective ministry."

C.

" ... failure to comply with internal and external regulations might lead to penalties or fines from the respective authorities."

D.

" ... management should register the subsidiary in the current year as soon as possible."

Buy Now
Questions 85

Which of the following audit steps would an internal auditor perform when reviewing cash disbursements to satisfy IIA guidance on due professional care?

Options:

A.

The calculated statistical sample size is 50 however the internal auditor believes errors exist so he decides to increase the sample size to 80

B.

The internal auditor traces serial numbers of computer equipment listed on an invoice to the fixed asset inventory

C.

The internal auditor reviews the accounts payable manager's petty cash fund and vouchers

D.

The internal auditor reviews the related invoice purchase order and receiving report for each sample selection

Buy Now
Questions 86

An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the

bank heading, logo, or address. Which of the following statements is true regarding this situation?

Options:

A.

The evidence may not be reliable.

B.

The evidence is not relevant.

C.

The evidence may not be sufficient.

D.

The information missing is not relevant to the audit.

Buy Now
Questions 87

An internal auditor wants to assess the completeness of sales invoices issued by the organization over a period of time Providing that at the necessary data and analytics software is which of the following types of analyse would be appropriate to satisfy the auditor's objective?

Options:

A.

Payment terms analysis

B.

Duplicates analysts

C.

Aging analysis

D.

Gap analysis

Buy Now
Questions 88

Which of the following should be described in the recognition element of a typical internal audit repot?

Options:

A.

Positive aspects of the process or area under review

B.

A brief synopsis of the process of area under review

C.

Outcomes and ratings of the process or area under review

D.

Report issuance and the communication process of the engagement.

Buy Now
Questions 89

Which of the following engagement techniques would be best to meet the objective of denting a personal conflict -of -interest situation affecting an organization’s procurement function?

Options:

A.

Inquiry

B.

Analytical review

C.

Observation

D.

Inspection of documents

Buy Now
Questions 90

In which of the following situations would an internal auditor consider the need to outsource competencies and skills9

Options:

A.

During the inspection of a wind turbine. an internal auditor notices that some replaced parts took used According to purchase documents, the parts still have a long lifespan.

B.

The auditor believes that the audit client's actions contradict the organization's code of conduct The audit client disagrees and says his actions are for the organization's benefit

C.

An audit team member is allocated to conduct an assurance engagement m the sales unit. However, the same auditor performed an assurance engagement in that area just one year prior

D.

During an inventory count, the auditor ascertained that some goods were missing. The audit client argues that the auditor does not understand how inventory should be counted

Buy Now
Questions 91

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

Options:

A.

The corporate risk register.

B.

The strategic plan.

C.

Internal and external audit reports.

D.

The board's meeting records.

Buy Now
Questions 92

Which of the following items, included in the preliminary audit communication would be most useful for management to formulate action plans in response to audit recommendations?

Options:

A.

A condition

B.

An audit objectives

C.

An audit scope

D.

An observation rating

Buy Now
Questions 93

While reviewing warehouse inventory records, an internal auditor noticed that the warehouse has a surprisingly high number of products in storage. Over the past three years, the auditor had visited this particular warehouse numerous times for previous engagements and remembered that the warehouse was rather small. The auditor then decided to compare the square footage of the warehouse to the recorded number of products in storage. The auditor’s action is an example of which of the following?

Options:

A.

Performing a reasonableness test.

B.

Conducting a fraud investigation.

C.

Conducting trend analysis.

D.

Operating with impaired objectivity.

Buy Now
Questions 94

The internal audit manager has been delegated the task of preparing the annual internal audit plan for the forthcoming fiscal year. All engagements should be appropriately categorized and presented to the chief audit executive for review. Which of the following would most likely be classified as a consulting engagement?

Options:

A.

Evaluating procurement department process effectiveness.

B.

Helping in the design of the risk management program.

C.

Assessing financial reporting control adequacy.

D.

Reviewing environmental, social, and governance reporting compliance.

Buy Now
Questions 95

Which of the following is more likely to be present in a highly centralized organization?

Options:

A.

The ability to make rapid changes

B.

Micromanagement

C.

Empowered employees

D.

Authority pushed downward

Buy Now
Questions 96

Which of the following is required to classify, label, organize, and search big data stored and used in an organization?

Options:

A.

Metadata

B.

Data security

C.

A business application

D.

Data owner

Buy Now
Questions 97

An internal auditor is planning an audit engagement of a subsidiary organization. The auditor learns that a corporate investigator from the holding organization is investigating the subsidiary regarding a fraud case. Which of the following is true regarding the scope of the internal auditor’s engagement?

Options:

A.

As the fraud is already being investigated by the corporate investigator, it should be excluded from the scope of the audit engagement

B.

The engagement should be framed as an advisory engagement to support the corporate investigator's work

C.

The area under investigation should be excluded from the engagement scope if the auditor does not have the technical skills required to support a fraud investigation

D.

The scope should consider the nature of the fraud risk and control weaknesses identified from the fraud case

Buy Now
Questions 98

According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the Internal audit activity^

Options:

A.

CAE reviews and approves the annual audit plan.

B.

CAE meets privately with the CEO at least annually

C.

CAE meets privately with the board at least annually.

D.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Buy Now
Questions 99

An internal audit engagement supervisor approved the engagement work program submitted by an internal auditor and concluded that it satisfied engagement objectives. At the end of the engagement, the engagement supervisor reviewed the completed work program and found numerous deficiencies and inconsistencies in the engagement workpapers. Which of the following should be improved in the process of engagement supervision?

Options:

A.

The supervisor should regularly review the engagement team's workpapers throughout the engagement, including raising questions and providing guidance.

B.

The supervisor should evaluate whether the engagement work program includes audit procedures relevant to engagement objectives.

C.

The supervisor should thoroughly document all concerns prior to signing off the completed workpapers and finalizing the work program.

D.

The supervisor should issue a satisfaction questionnaire to management of the activity that was under review to understand the root causes of deficient performances.

Buy Now
Questions 100

Which of the following sampling techniques is typically used when an internal auditor wants to test a large sample for fraud?

Options:

A.

Stratified sampling

B.

Haphazard sampling

C.

Discovery sampling

D.

Probability-proportional-to-size sampling

Buy Now
Questions 101

An internal auditor is asked to perform an assurance engagement in the organization's newly acquired subsidiary When developing the objectives tor the engagement which ot the following statements describes the most important items that the auditor needs to consider?

Options:

A.

Previous performance of the subsidiary specifically its financial results over the last three years and the outcome of external audit reviews

B.

The results of previous internal audits of the subsidiary the recommendations provided and whether the recommended actions have been implemented

C.

Organizational strategy objectives, risks, control framework and the expectations of stakeholders regarding the audit

D.

The qualifications and competencies of the subsidiary's management team and their understanding of risk and control

Buy Now
Questions 102

An internal auditor completed a test of 30 randomly selected accounts. For five of the accounts selected, the auditor was unable to find supporting documentation in the normal place of storage. Which of the following next steps would be most appropriate for the internal auditor to take?

Options:

A.

Conclude that the test failed because at least 17 percent of the sample items were not supported.

B.

Select five new accounts to replace the ones that were missing supporting documentation.

C.

Expand the sample size to 60 to determine whether the error rate remains the same.

D.

Contact management to determine whether the supporting documentation can be located elsewhere.

Buy Now
Questions 103

Which of the following statements about including consulting engagements in the annual internal audit plan is true?

Options:

A.

All requests for consulting engagements must be included in the annual internal audit plan

B.

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

Buy Now
Questions 104

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a charitable contribution from the organization. Which of the following methods would best help meet this objective?

Options:

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee's final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions.

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities.

Buy Now
Questions 105

Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?

Options:

A.

The amount of experience the auditors have conducting audits in the specific area of the organization.

B.

The availability of the auditors in relation to the availability of key client staff.

C.

Whether the budgeted hours are sufficient to complete the audit within the current scope.

D.

Whether outside resources will be needed, and their availability.

Buy Now
Questions 106

To which of the following aspects should the chief audit executive give the most consideration while communicating an identified unacceptable risk to management?

Options:

A.

The organization's attitude to hierarchy

B.

The organization's whistleblowing strategy

C.

The organization's ongoing risk monitoring process

D.

The organization's risk management policy

Buy Now
Questions 107

At the conclusion of a quality assurance review, the chief audit executive (CAE) was informed that several audits included incomplete workpapers, and some workpapers were not completed within the established timeframe. How should the CAE address the issue of incomplete workpapers?

Options:

A.

Delete incomplete workpapers from the audit folder.

B.

Establish a task force to complete workpapers for audits that are contested.

C.

Develop guidelines and procedures for completing workpapers.

D.

Verify that the workpapers that support audit findings are complete; if so, no further action is required.

Buy Now
Questions 108

An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?

Options:

A.

It is particularly helpful to management when the organization is facing rapid change.

B.

It is a more successful approach when adopted by mechanistic organizations.

C.

it is more successful when goal-setting Is performed not only by management, but by all team members, including lower-level staff

D.

it is particularly successful in environments that are prone to having poor employer-employee relations

Buy Now
Questions 109

During the planning phase of an assurance engagement, the internal audit engagement team identifies and evaluates the inherent fraud risks within the procurement function. What should be the engagement team’s next step?

Options:

A.

Identify and map existing controls to their relevant inherent fraud risks

B.

Detect fraudulent activities in the activity under review for the audited period

C.

Select the appetite level for each inherent fraud risk

D.

Evaluate and respond to residual fraud risks that need to be mitigated

Buy Now
Questions 110

Which of the following is the primary reason for internal auditors to conduct interim communications with management of the area under review?

Options:

A.

To demonstrate good project oversight

B.

To provide timely discussion of results

C.

To demonstrate internal auditor proficiency

D.

To follow up on previously requested information

Buy Now
Questions 111

Which of the following is a primary reason for an internal auditor to use a risk and control questionnaire when auditing financial processes?

Options:

A.

To gain an understanding of the control environment

B.

To collect as much financial data as possible before engagement fieldwork begins.

C.

To test the effectiveness of financial controls in an efficient and relatively inexpensive way

D.

To facilitate the quantification of financial data obtained

Buy Now
Questions 112

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

Options:

A.

The financial interest the service provider may have in the organization.

B.

The relationship the service provider may have had with the organization or the activities being reviewed.

C.

Compensation or other incentives that may be applicable to the service provider.

D.

The service provider's experience in the type of work being considered.

Buy Now
Questions 113

During an audit of suspense accounts the internal auditor found that there were no written policies on how suspense accounts should be treated. The auditor also found that suspense account balances were cleared once per week, not daily. Which of the following is the most appropriate first response by the auditor?

Options:

A.

The auditor should conclude that suspense accounts were not being cleared on a timely basis because they should be cleared daily

B.

The auditor should ask management whether any undocumented policies exist and. if so, determine whether they are adequate

C.

The auditor should conclude that the clearing of suspense accounts was timely and appropriate because weekly clearing is sufficient.

D.

The auditor should rely on his professional judgment and experience to develop criteria for evaluating the existing controls over suspense accounts

Buy Now
Questions 114

When estimating the impact of an inherent risk, which of the following should internal auditors consider?

Options:

A.

The probability and frequency of occurrence

B.

Financial and nonfinancial factors related to the risk

C.

The number of risks identified on the heat map

D.

The residual risk following implementation of appropriate controls

Buy Now
Questions 115

While reviewing the organization’s financial year-end processes, an internal auditor discovered an erroneous journal entry. If the error is not addressed, it will result in a material misstatement of the financial records. The internal auditor needs an additional four weeks to complete the audit engagement. How should the auditor communicate this finding?

Options:

A.

The auditor should issue an interim report to management prior to completion of the audit and issuance of the final report.

B.

The auditor should include this item in the final audit report, marked with an asterisk, indicating that it is a high-risk item.

C.

The auditor should discuss the finding with the appropriate accounting staff who can make the correction immediately, and if corrected before the engagement is concluded, the finding would not need to be included in the audit report.

D.

The auditor is obligated to bypass management and immediately report the error directly to regulatory authorities.

Buy Now
Questions 116

According to the International Professional Practices Framework, which of the following is an appropriate reason for issuing an interim report?

To keep management informed of audit progress when audit engagements extend over a long period of time.

To provide an alternative to a final report for limited-scope audit engagements.

To communicate a change in engagement scope for the activity under review.

Options:

A.

1 and 2 only.

B.

1 and 3 only.

C.

2 and 3 only.

D.

1, 2, and 3.

Buy Now
Questions 117

Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address the risks highlighted by the internal audit. Which of the following is the most appropriate action to address the outstanding audit recommendation?

Options:

A.

The auditor examines the system documentation of the new system to verify that the risk has been addressed in the new system, then reports to senior management the closure of the issue.

B.

The auditor accepts management's explanation that the previously identified issue is adequately addressed by the new IT system, as management understands the concern and is most knowledgeable about the new system, and closes the outstanding issue.

C.

The auditor advises management that replacing the IT system does not dismiss the prior obligation to implement the agreed action plan, and escalates the issue to senior management and the board.

D.

The auditor requires management to provide details regarding the process for selecting the new IT system and whether other systems were evaluated, and closure of the issue would depend on the new information provided.

Buy Now
Questions 118

An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable parts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production. The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor's theory?

Options:

A.

Compare purchase orders generated from test data Input into the LAN with purchase orders generated from production data for the most recent period.

B.

Develop a report of excess inventory and compare the inventory with current production volume.

C.

Compare the parts needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

D.

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Buy Now
Questions 119

According to IIA guidance, which of the following provides additional insight into errors, problems, missed opportunities, or noncompliance to improve the effectiveness and efficiency of an organization's control process?

Options:

A.

Reperformance.

B.

Vouching.

C.

Independent confirmation.

D.

Root cause analysis.

Buy Now
Questions 120

The internal audit activity plans to assess the effectiveness of management’s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

Options:

A.

Review corporate policies and board minutes for examples of risk discussions.

B.

Conduct interviews with line and senior management on current practices.

C.

Research and review relevant industry information concerning key risks.

D.

Observe and test control and monitoring procedures and related reporting.

Buy Now
Questions 121

An internal auditor is tasked with evaluating the adequacy of the organization's inventory fraud controls. What is the most relevant information that the auditor can obtain from the documentation of cyclic counting for this purpose?

Options:

A.

Accounting adjustments of inventories are approved by the management in accordance with a signature policy

B.

Root causes of inventory differences are analyzed and corrective measures are followed

C.

High value items are inventoried more frequently throughout the year

D.

Value of accounting adjustments matches with the value of inventory differences and are made in a timely manner

Buy Now
Questions 122

Which of the following is the primary reason an internal auditor would issue an interim report during an engagement?

Options:

A.

To provide a status update on a short engagement to management of the area under review and to the audit supervisor.

B.

To confirm agreement with preliminary observations and conclusions identified during the engagement.

C.

To provide those responsible for the area under review with the opportunity to act on certain observations immediately.

D.

To verify that the corrective actions required by senior management are completed as agreed.

Buy Now
Questions 123

According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?

Options:

A.

The review should focus on the efficiency of the controls in place to prevent fraud.

B.

The scope of the review does not need to include all operating areas of the organization.

C.

The cost of the control should be compared to the benefit of mitigating the related risk.

D.

The review should assess whether the internal controls can be circumvented.

Buy Now
Questions 124

Which of the following is the best audit procedure to obtain evidence of an organization's legal ownership of a new property?

Options:

A.

Review documents registered with the appropriate governmental authority.

B.

Examine the board of directors' minutes and look for approvals to acquire property.

C.

Confirm with senior management and legal counsel concerning property acquisition.

D.

Confirm ownership with the title company that handles the escrow account.

Buy Now
Questions 125

In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?

Options:

A.

To obtain sufficient audit evidence.

B.

To test the client's knowledge.

C.

To agree on the auditor’s scope of authority.

D.

To establish rapport.

Buy Now
Questions 126

The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?

Options:

A.

The CAE is required to review, approve, and sign every engagement report.

B.

The CAE is required to review, approve, and sign all regulatory compliance engagement reports only

C.

The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.

D.

The internal audit charter must identify authorized signers of engagement reports.

Buy Now
Questions 127

An internal auditor receives a document displaying all the steps of a process and the path taken as transactions flow between each step of the process How is the internal auditor most likely to use This document during the engagement?

Options:

A.

To perform an assessment of the adequacy of process controls.

B.

To perform an assessment of the effectiveness of process controls

C.

To perform a detailed assessment of process risks

D.

To perform an assessment of the sufficiency of residual process risks.

Buy Now
Questions 128

Which of the following factors should be considered when determining the staff requirements for an audit engagement?

    The internal audit activity's time constraints.

    The nature and complexity of the area to be audited.

    The period of time since the area was last audited.

    The auditors’ preference to audit the area.

    The results of a preliminary risk assessment of the activity under review.

Options:

A.

1 and 4 only.

B.

1, 2, and 5 only.

C.

2, 3, and 5 only.

D.

1, 2, 3, 4, and 5.

Buy Now
Questions 129

Which of the following manual audit approaches describes testing the validity of a document by following it backward to a previously prepared record?

Options:

A.

Tracing

B.

Reperformance

C.

Vouching

D.

Walkthrough

Buy Now
Questions 130

An internal auditor wants to assess whether the organization's governing body was involved in strategic decisions for the use of social media. What could provide the most relevant evidence?

Options:

A.

The board's meeting minutes

B.

The executive committee’s social media budget report

C.

The organization’s marketing plan

D.

The organization’s procedures manual for daily social media management

Buy Now
Questions 131

Which of the following statements is true regarding the chief audit executive's (CAT$) responsibilities after completing an assurance or consulting engagement?

Options:

A.

The CAE must establish a follow-up process tor both assurance and consulting engagements to monitor that management actions have been effectively implemented to address observations

B.

The CAE must communicate the results of assurance and consulting engagements lo whoever can ensure that the results are given due consideration.

C.

The CAE must acknowledge satisfactory performance when communicating the results of assurance and consulting engagements

D.

The CAE may delegate the responsibility for communicating the results of consulting engagements although this responsibility cannot be delegated for assurance engagements

Buy Now
Questions 132

Which of the following has the greatest effect on the efficiency of an audit?

Options:

A.

The complexity of deficiency findings.

B.

The adequacy of preliminary survey information.

C.

The organization and content of workpapers.

D.

The method and amount of supporting detail used for the audit report.

Buy Now
Questions 133

According to IIA guidance, which of the following statements regarding the internal audit charter is true?

Options:

A.

The nature of consulting services typically is not included in the charter.

B.

The chief audit executive must formally review the charter at least once a year

C.

The nature of assurances provided to parties outside of the organization typically is not included in the charter.

D.

The charter typically defines the internal audit activity’s position within the organization.

Buy Now
Questions 134

Which of the following is applicable to both a job order cost system and a process cost system'?

Options:

A.

Total manufacturing costs are determined at the end of each period.

B.

Costs are summarized in a production cost report for each department

C.

Three manufacturing cost elements are tracked: direct materials, direct labor, and manufacturing overhead.

D.

The unit cost can be calculated by dividing the total manufacturing costs for the period by the units produced during the period.

Buy Now
Questions 135

While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the information systems have undergone extensive changes. Which of the following actions is most appropriate for the auditor to take?

Options:

A.

Inform management and request that the plan be tested immediately.

B.

Update the recovery plan for management, as part of the review.

C.

Evaluate the recovery plan and report weaknesses to management.

D.

Recommend that management and users update and test the recovery plan.

Buy Now
Questions 136

Upon the completion of an audit engagement an audit manager performs a review of a staff auditor's workpapers. Which of the following actions by the manager is the most appropriate this review''

Options:

A.

Communicate the workpaper review results to management of fie area under review to validate the final report

B.

Update the final report in the file with any necessary corrections based on the workpaper review.

C.

Discuss the workpaper review results with the staff auditor where appropriate as a leaning opportunity

D.

Add the manager's review notes to the final documentation following the review

Buy Now
Questions 137

According to IIA guidance, organizations have the most influence on which element of fraud?

Options:

A.

Opportunity.

B.

Rationalization.

C.

Pressure.

D.

Incentives.

Buy Now
Questions 138

The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?

Options:

A.

Contract with the software vendor to provide an appropriate resource.

B.

Ask for a knowledgeable resource from the IT department.

C.

Make use of an external service provider.

D.

Request audit resources through the external auditor.

Buy Now
Questions 139

After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the

organization. What is the most appropriate first step for the CAE to take?

Options:

A.

Discuss the issue with senior management.

B.

Discuss the issue only with the CEO.

C.

Inform the board.

D.

Discuss the issue with the members of management responsible for the risk area.

Buy Now
Questions 140

In which of the following situations would an internal control questionnaire best suit the internal auditor's purpose?

Options:

A.

The auditor wants to receive mid-level management insight on how to improve hiring practices

B.

The auditor wants to obtain information on whether adherence to approval matrices is actually taking place in different maintenance units.

C.

The auditor wants to gain assurance that inventory counts are conducted in accordance with established procedures.

D.

The auditor wants to assess whether different subsidiaries apply centrally established procurement rules in the same manner

Buy Now
Questions 141

According to IIA guidance, which of the following statements about analytical procedures is true?

Options:

A.

Analytical procedures compare information against expectations.

B.

Analytical procedures begin after the engagement’s planning phase.

C.

Analytical procedures provide internal auditors with explainable results.

D.

Analytical procedures are computer-assisted audit techniques.

Buy Now
Questions 142

Which of the following is the primary reason a chief audit executive should network with an organization’s executives?

Options:

A.

To better understand and influence executives' planning.

B.

To make executives aware of the benefits that the internal audit activity can provide.

C.

To assist executives in setting the organization’s risk appetite.

D.

To have a better understanding of the training needed to strengthen the audit team.

Buy Now
Questions 143

Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?

Options:

A.

Limited resources should be employed since the actual engagement is already completed and the onus of corrective actions rests with management

B.

No resources should be exclusively deployed for that at all rather it should be planned as part of future engagements in the same area

C.

Resources should only be provided towards this if doing so does not result in depletion of resources for new engagements planned in the current period

D.

Resources should be allocated to this without conditions as long as doing so meets the expectations of management and the judgment of the chief audit executive.

Buy Now
Questions 144

Which of the following statements accurately describes the Standards requirement for ret internal audit records?

Options:

A.

Retention requirements for internal audit records should be compliant with ones set for external audit records

B.

Retention requirements should take into account the medium in which internal audit records are stored

C.

Retention requirements should be set by the chief audit executive and aligned will the organization s process and procedures

D.

Retention requirements should set a minimum period of the for records storage and the process of archiving documents

Buy Now
Questions 145

An internal auditor discovered that equipment used to monitor air quality was not maintained according to the established maintenance schedule. If the issue is not addressed, the equipment may not provide accurate information on pollutant levels, which could result in regulatory sanctions and reputational damage. The auditor discussed the issue with both the manager in charge and the CEO, who explained that they understand the risk, but it has become too expensive to maintain the equipment as scheduled. In this situation, what should the chief audit executive do?

Options:

A.

Add value to the organization by taking initiative and implementing corrective actions to mitigate the identified risks.

B.

Communicate to the board the current situation, including the risk exposure to the organization.

C.

Discuss the matter with external auditors and request that they persuade management to address the issue.

D.

Contact the regulatory agency and inform them of the risk exposure.

Buy Now
Questions 146

Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?

1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.

2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.

3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.

4. Communicate to senior management a summary report on the status and adequacy of audit resources.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 4

D.

2, 3, and 4

Buy Now
Questions 147

Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?

Options:

A.

Create an assurance map to illustrate each provider's level of assurance and planned activities for each area of the organization

B.

LIMIT© ricks inventory to identify the risks and controls in place and the relevant control owners.

C.

Rely on the risk and control and management testing information maintained for compliance with the regulatory framework

D.

Prepare a risk likelihood and impact heal map to prioritize assurance coverage coordination.

Buy Now
Questions 148

An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

Options:

A.

Manage and coordinate risk management processes.

B.

Audit risk management processes.

C.

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.

Accept management's responsibility for risk management without board approval.

Buy Now
Questions 149

Senior management requested that the internal audit activity perform a consulting project to assist in making a decision on a new software system. Which of the following would be used to determine the engagement objectives?

Options:

A.

An assessment of risks to the business objectives

B.

An understanding of the engagement client's expectations

C.

The probability of significant errors fraud or noncompliance

D.

Criteria previously established by the board

Buy Now
Questions 150

Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate

option for the chief audit executive?

Options:

A.

Appoint an independent fraud investigation specialist to work with the selected internal auditors.

B.

Organize in-house fraud investigation training sessions for selected internal auditors.

C.

Assign an experienced auditor to the engagement for a development opportunity.

D.

Hire a new internal auditor who possesses fraud investigation experience.

Buy Now
Questions 151

While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditors relative. Which course of action should the auditor take?

Options:

A.

Proceed with the audit engagement, but do not include the relative's information.

B.

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.

Disclose in the engagement final communication that the relative Is a customer

D.

Immediately withdraw from the audit engagement

Buy Now
Questions 152

Which of the following contributes to the reliability of information collected for an audit engagement?

Options:

A.

The information is gathered from a system where the controls are operating effectively

B.

The information is obtained directly from an experienced manager in writing

C.

The information is consistent with the objectives for the engagement

D.

The information is useful to help the organization meet its goals

Buy Now
Questions 153

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Buy Now
Questions 154

Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?

Options:

A.

There is no risk management and control process and risk management is solely tie responsibility of operational managers

B.

The organisation’s code of conduct is distributed to employees each year however employees are not required to attest that they will operate In compliance with the code.

C.

Reconciliation of planned board meeting agendas to meeting minutes finds that one meeting was canceled, and the agenda topics were covered at the following meeting.

D.

The review of the five-year strategic plan shows that the details of the plan have not been dearly communicated to employees throughout the organization

Buy Now
Questions 155

According to IIA guidance, which of the following statements is true regarding reporting the results of the quality assurance and improvement program?

Options:

A.

Results of internal assessments need to be reported to the board at least once every five years.

B.

The external assessor must present the findings from the external assessment to senior management and the board upon completion.

C.

Deficiencies within the internal audit activity must be reported to the board as soon as they are noted

D.

Results of ongoing monitoring of the internal audit activity’s performance must be reported to senior management and the board at least annually

Buy Now
Questions 156

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?

Options:

A.

Evaluate and verify management's response, and determine the need and scope for additional work.

B.

Evaluate and verify management's response, and establish timelines for corrective action by management.

C.

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

Buy Now
Questions 157

An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?

Options:

A.

As soon as possible, no later than two months after the audit

B.

When convenient for both parties

C.

When management has indicated that the issue has been resolved

D.

Before financial year end

Buy Now
Questions 158

Which of the following best describes the manual audit procedure known as vouching?

Options:

A.

Testing the validity of information by following it backward to a previously prepared record

B.

Testing the accuracy of the control by reperforming the task or process required

C.

Soliciting and obtaining written verification of the accuracy from an independent third party

D.

Testing the completeness of information forward from a record to a subsequently prepared document

Buy Now
Questions 159

Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?

Options:

A.

Appoint the chief audit executive as a member of the board.

B.

Adopt written policies and procedures for the internal audit activity, approved by the board.

C.

Ensure the chief audit executive reports administratively to the audit committee.

D.

Establish the internal audit activity's position within the organization in an audit charter

Buy Now
Questions 160

An internal audit activity plans its engagements based on an organization-wide risk assessment. According to IIA guidance, which of the following statements is true regarding the required frequency of the risk assessment?

Options:

A.

The risk assessment must be performed at least quarterly.

B.

The risk assessment must be performed at least annually.

C.

The risk assessment must be performed at least once every five years, in alignment with the internal audit activity's quality assurance and improvement program.

D.

There is no specific requirement; a risk assessment should be performed as needed to account for changes in the business environment.

Buy Now
Questions 161

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

Options:

A.

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

B.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

C.

Reassign information systems auditors to assist in implementing management's action plan.

D.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

Buy Now
Questions 162

According to IIA guidance, which of the following is the most appropriate action to be taken by the chief executive (CAE) if management refuses to accept audit recommendations and implement corrective actions, Even after escalation to senior management?

Options:

A.

The CAE should continue to meet with management to obtain their agreement for corrective action

B.

The CAE should note in the final report that management has decided to accept the risk.

C.

The CAE should ask that additional testing be undertaken to strengthen his case as to the need for corrective action.

D.

The CAE should advise senior management of his intention to escalate the matter to the board.

Buy Now
Questions 163

While planning for an accounts payable audit an internal auditor performs an entity level controls analysis. Which of the following statements is true regarding me approach used by the auditor?

Options:

A.

It enables the auditor to identify the inherent risks to the effective operation of accounts payable process controls.

B.

It enables the auditor to understand the framework of the activities and associated accounts payable subprocesses

C.

it enables the auditor to understand the accounts payable process and its flow, including key steps and systems.

D.

It enables the auditor to categorize the population of transactions within the accounts payable process

Buy Now
Questions 164

Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?

Options:

A.

To help develop process maps.

B.

To determine segregation of duties.

C.

To identify residual risks.

D.

To test the adequacy of controls.

Buy Now
Questions 165

An internal auditor performed a review that focused on the organization’s process for vetting vendors. The internal auditor’s testing identified that 120 out of 130 vendors had a business relationship with the organization’s procurement manager that violated conflict-of-interest policies. Which of the following conclusions could the internal auditor draw from these results?

Options:

A.

The organization is exposed to significant fraud and abuse risks as a result of the vendor and employee business relationships.

B.

Due to improper relationships and favoritism, vendors are not providing goods or services at a reasonable price to meet the objectives.

C.

The organization’s conflict-of-interest policies are not clear or well communicated throughout the organization.

D.

Improper relationships and favoritism means that controls are not effective and significant fraud occurs.

Buy Now
Questions 166

What is the best course of action for a chief audit executive if an internal auditor identifies in the early stage of an audit that some employees have inappropriate access to a key system?

Options:

A.

Contact the audit committee chair to discuss the finding

B.

Obtain verbal assurance from management that the inappropriate access will be removed

C.

Issue an interim audit report so that management can implement action plans

D.

Ask the auditor to create a ticket with the IT help desk requesting to revoke the inappropriate access

Buy Now
Questions 167

According to IIA guidance, which of the following statements is true regarding due professional care?

Options:

A.

Internal auditors must exercise due professional care to ensure that all significant risks will be identified.

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist.

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost

Buy Now
Questions 168

Which of the following statement is consistent with IIA guidance the use of mentoring for internal auditors?

Options:

A.

The member and the internal auditor should opt for informal meetings even if it means that no formal documentation will be created.

B.

The mentor relationship is usually not suitable for internal audit staff, as it does not leas to professional development.

C.

The value of mentoring is derived primarily from the personal relationship between the two parties involved, and the mentor’s level of relevant experience should not be a key factor.

D.

The mentor should be the internal auditor’s supervisor to ensure that the auditor performance is assessed in a relevant and meaningful context.

Buy Now
Questions 169

A customer has supplied personal information to a bank to facilitate opening an account. The bank is part of a larger group of companies with core businesses including general insurance, life insurance, and investment products. Considering that the customer has closed his only account with the bank and the statutory data retention period has elapsed, which of the following actions by the bank is most likely to align with appropriate data privacy principles?

Options:

A.

The bank destroys all records containing a customer's personal information without informing the customer.

B.

Based on an assessment of likely products of interest to the customer, the bank shares the customer’s personal information with other companies within the group and informs the customer.

C.

The bank retains customer information to facilitate easier verification of personal information in the event that the customer returns to reopen his account. The customer is not informed.

D.

The customer's personal information is used for market research by an external company and the customer is informed prior to publishing the results of the market research.

Buy Now
Questions 170

A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?

Options:

A.

Operational management, because they are responsible for the day-to-day management of the operational risks.

B.

The CRO, because he is responsible for coordinating and project managing risk activities based on his specialized skills and knowledge.

C.

The chief audit executive, although he is not accountable for risk management in the organization.

D.

The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed tolerance limits set by the board.

Buy Now
Questions 171

The human resources (HR) department was last reviewed three years ago and is due for an assurance engagement after undergoing recent process changes. Which of the following would the most effective option identify the HR department's risks and controls?

Options:

A.

Meet with the chief operating officer 10 obtain Information about the MR department

B.

Review the previous internal audit report and locus on key audit observations and action plans

C.

Review the organization's risk strategy and risk appetite framework

D.

Discuss the department's present strategies ‘and objectives with the head of the HR department

Buy Now
Questions 172

An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.

Which of the following techniques will help the audit team achieve this sampling objective?

Options:

A.

Systematic sampling.

B.

Stratified sampling.

C.

Stop-or-go sampling

D.

Discovery sampling.

Buy Now
Questions 173

An internal auditor wanted to determine whether the organization's 200 employees are charging their work hours accurately to the correct project. The internal auditor selected a sample of 30 employee time reports for testing. Based on the testing, the internal auditor determined the following:

- 5 Time reports were incorrect.

- 21 Time reports were correct.

- 4 Time reports were not supported.

Options:

A.

The organization has significant flaws in its reporting of employee time, which could lead to the overstatement of project labor costs. The organization's failure to report accurate and complete employee time could lead to potential fraud and abuse.

B.

The organization needs to ensure that all reporting of employee time is accurate and complete for each of its projects By dang so the organization can minimize potential issues related to overstating employee tames and labor project costs.

C.

The organization overstated project costs due to inaccurate and incomplete reporting of employee time charged to the affected accounts As a result the organization cannot ensure at protects costs are accurately reported to stakeholders

D.

The organization generally ensured that employee hours charged to each project were accurate and complete. However, there were instances of employee time reports that were incorrect or not supported to justify the multiple project labor coats

Buy Now
Questions 174

An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?

Options:

A.

The document management policy requires business client data to be stored in a specific management database

B.

Sales contracts were stored improperly because the office manager was not trained to use the electronic database and prefers to avoid it

C.

if the organization becomes subject to litigation the agreed pricing terms and conditions of the contracts may be difficult to prove

D.

All staff should be appropriately trained and required to follow the organization's established policies and procedures pertaining to document management

Buy Now
Questions 175

According to IIA guidance, which of the following reflects a valid principle for the internal audit activity to rely on the work of internal or external assurance providers?

Options:

A.

Elements of evaluation

B.

Elements of organization

C.

Elements of practice

D.

Elements of confidentiality

Buy Now
Questions 176

Which of the following statements concerning workpapers is the most accurate?

Options:

A.

The organization and the format of workpapers is the same for all engagements

B.

The extent of what is included in workpapers is a matter of professional judgment

C.

Workpapers should be complete so that every conceivable question that can be raised should be answered

D.

Copies of operational managements records should not be included, but referenced so that they can be located

Buy Now
Questions 177

The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management's corrective actions Doing so would help the CAE assess which of the following?

Options:

A.

Disclosure risk.

B.

Residual risk

C.

Compliance risk

D.

Inherent risk

Buy Now
Questions 178

A technology firm's internal audit function is slated to perform a series of engagements assessing the security of its software development processes. To successfully perform these engagements, which competency should the internal audit function possess?

Options:

A.

Expertise in IT general controls

B.

Understanding of change management processes

C.

Proficiency in using design software

D.

Fluency in multiple programming languages

Buy Now
Questions 179

Which of the following statements is true regarding the audit objective for an assurance engagement?

Options:

A.

Operational management must determine the audit objective in cooperation with the internal auditor

B.

The audit objective may be adjusted after the start of an engagement and it does not need to align with the assessed risks

C.

The audit objective must consider the possibility of fraud and noncompliance

D.

The audit objective may or may not consider the possibility of fraud depending on the assessed likelihood and impact

Buy Now
Questions 180

Which of the following statements is true regarding engagement planning?

Options:

A.

The scope of the engagement should be planned according to the internal audit activity's budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational managements view of risk objectives

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence

Buy Now
Questions 181

Which of the following are advantages of flowcharts over internal control questionnaires''

1 Flowcharts reduce the need to test whether employees are observing internal control processes

2 Flowcharts provide a visual depiction of the processes in the area under review 3. Flowcharts identify and prioritize internal control design weaknesses.

4 Flowcharts highlight the control points to help internal auditors evaluate control design

Options:

A.

1 and 3 only

B.

2 and 4 only.

C.

1.2. and 3 only

D.

2. 3 and 4 only

Buy Now
Questions 182

An internal auditor is performing a review of an organization's vendor for any possible conflicts of interest. Which of the following would provide the greatest assistance to the auditor in meeting this objective?

Options:

A.

Vendor contracts.

B.

Employee master list.

C.

Payment records.

D.

Purchasing policy.

Buy Now
Questions 183

An internal auditor performed a test of controls and found that a statistically selected representative sample of recorded transactions within the account receivables ledger had an error rate that was within management expectations. The associated revenue account was outside the scope of the audit engagement. How should the conclusion to this engagement be reported?

Options:

A.

The auditor should state that the error rate was within the selected confidence level.

B.

Negative assurance should be provided, as the associated revenue account was not examined.

C.

The auditor should state that controls over the recording of transactions in the revenue account are operating effectively.

D.

Positive assurance could be provided for the effectiveness of the accounts receivable controls.

Buy Now
Questions 184

An organization has a mature control environment but limited internal audit resources Given this scenario, on which of the following should the internal auditors focus their testing?

Options:

A.

Detective compensating controls

B.

Preventive compensating controls

C.

Detective Key controls

D.

Preventive key controls

Buy Now
Questions 185

A chief audit executive (CAE) is trying to balance the internal audit activity's needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?

Options:

A.

Strategic sourcing

B.

Loan staff arrangement

C.

Flat organizational structure

D.

Hierarchical organizational structure

Buy Now
Questions 186

Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?

Options:

A.

End the consulting engagement and report the results to management as planned

B.

Report the significant control issues to senior management and the board and recommend corrective action

C.

Mutually agree with the engagement client on corrective actions

D.

Focus on the consulting engagement and schedule an assurance engagement next to address the control issues

Buy Now
Questions 187

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

Options:

A.

Report the monitoring status to senior management when requested.

B.

Assist management with implementing corrective actions.

C.

Determine the frequency and approach to monitoring.

D.

Include all types of observations in the monitoring process.

Buy Now
Questions 188

The chief audit executive (CAE) for a manufacturing company included in this year s audit plan a review of the company's laboratory, using an experienced external service provider. The audit plan was approved by the audit committee without any changes At the time of engaging the external service provider, the CAE also secured the approval from the CEO. Who is responsible for ensuring that the conclusions reached for this exercise are adequately supported7

Options:

A.

Audit committee

B.

CEO

C.

CAE.

D.

External service provider

Buy Now
Questions 189

Senior management is challenging regulatory fines that were assessed to the organization due to questionable business practices. Their actions and the fines could have an adverse effect on the organization's ability to continue business. How would the chief audit executive respond?

Options:

A.

Assume responsibility for quantifying and minimizing the residual risks to the organization.

B.

Assess the level of financial risks that may affect the organization's stability.

C.

Inform the regulatory agency about senior management's action and seek guidance.

D.

Proceed with a consulting engagement to benchmark similar organizations' business practices in the region.

Buy Now
Questions 190

Which of the following statements about assurance maps is correct?

Options:

A.

An assurance map is used by the chief audit executive to coordinate assurance activities with other internal and external assurance providers

B.

An assurance map is a picture of all assurance engagements performed by the internal audit activity across the organization

C.

An assurance map is used by the engagement supervisor to coordinate the roles of various internal audit team members assigned to assurance engagements

D.

An assurance map lists the procedures and testing activities performed by an internal audit team during an assurance engagement

Buy Now
Questions 191

A bicycle manufacturer incurs a combination of fixed and variable costs with the production of each bicycle. Which of the following statements is true regarding these costs?

Options:

A.

if the number of bicycles produced is increased by 15 percent, the variable cost per unit will increase proportionally

B.

The fixed cost per unit will vary directly based on the number of bicycles produced during the production cycle.

C.

The total variable cost will vary proportionally and inversely with the number of bicycles produced during a production run.

D.

if the number of bicycles produced is increased by 30 percent, the fixed cost per unit will decline.

Buy Now
Questions 192

In the following risk control map risks have been categorized based on the level of significance and the associated level of control. Which of the following statements is true regarding Risk C?

Options:

A.

The level of control is appropriate given the level of risk

B.

The level of control is excessive given the level of risk

C.

The level of control is inadequate given the level of risk

D.

There is not enough of information to determine whether the controls are appropriate or not

Buy Now
Questions 193

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?

1.There is a clear strategy and timeline to migrate risk management responsibility back to management.

2.The internal audit activity has the final approval on any risk management decisions.

3.The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.

4.The nature of services provided to the organization is documented in the internal audit charter.

Options:

A.

1 and 4 only.

B.

2 and 4 only.

C.

1 and 3 only.

D.

2 and 3 only.

Buy Now
Questions 194

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Options:

A.

Report follow-up activities to senior management.

B.

Implement follow-up procedures to evaluate residual risk.

C.

Determine the costs of implementing the recommendations.

D.

Evaluate the extent of improvements.

Buy Now
Questions 195

When auditing an organization's cash-handling activates which of the following is the most reliable form of testimonial evidence an internal auditor can obtain?

Options:

A.

Testimony from the cashier who performs the processes being reviewed

B.

Testimony from me cashier's supervisor who knows how processes should be performed

C.

Testimony from a knowledgeable person who is independent of the cashiering duty

D.

Testimony from a manager who oversees all cashiering activities being reviewed

Buy Now
Questions 196

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

Options:

A.

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.

Oversight of the coordination between the internal audit activity and independent outside auditors

C.

The internal audit activity's purpose, authority, responsibility, and performance relative to plan.

D.

Management's assertions regarding the system of internal controls.

Buy Now
Questions 197

An engagement work program o of greatest value to audit management when which of the following is true?

Options:

A.

The work program provides more detailed support for the audit report

B.

The work program helps determined the required amount of audit resources

C.

The work program helps ensure tie achievement of the engagement objectives

D.

The work program assists the auditor n developing and managing audit tests

Buy Now
Questions 198

An internal audit team leader is having difficulties completing the planning phase of an assurance engagement because the business unit lacks a system of internal controls. Which of the following is the most appropriate course of action for the internal audit team leader?

Options:

A.

Defer the engagement until a system of internal control has been established

B.

Change the scheduled engagement from assurance to consulting to help correct the shortcomings

C.

Add a consulting component to the already scheduled assurance engagement

D.

Seek the involvement of the external auditor to assist with improving the internal controls

Buy Now
Questions 199

Some lime after the final audit report was issued, the engagement supervisor teamed that several internal control deficiencies were not remedied, despite management's previous agreement to remedy them According to IIA guidance, which of the following is the most appropriate response'5

Options:

A.

The engagement supervisor must notify the chief audit executive (CAE) that the deficiencies have not been rectified

B.

The engagement supervisor should rely on professional judgment as to whether the CAE should be informed, or the management action plan should be adjusted

C.

The engagement supervisor should rely on his negotiation skills and issue an ultimatum to management to remedy the control deficiencies

D.

Ensure that these deficiencies are captured in the documentation as high-priority areas to be reviewed during the next audit.

Buy Now
Questions 200

According to IIA guidance, which of the following statements is true regarding audit workpapers?

Options:

A.

Review notes on audit workpapers must be retained to provide a record of questions raised by the reviewer.

B.

Audit workpaper documentation policies are reviewed and approved by the audit committee.

C.

Management of the department being audited should review the prepared workpapers for accuracy.

D.

Audit workpaper preparation contributes to the professional development of the internal audit staff.

Buy Now
Questions 201

An internal auditor plans to conduct a walk-through to evaluate the control design of a process. Which of the following techniques is the auditor most likely to use?

Options:

A.

Observation and inspection.

B.

Inquiry and observation.

C.

Inspection and reperformance.

D.

Inquiry and reperformance.

Buy Now
Questions 202

According to Herzberg’s Two-Factor Theory of Motivation, which of the following factors are mentioned most often by satisfied employees9

Options:

A.

Salary and status.

B.

Responsibility and advancement

C.

Work conditions and security.

D.

Peer relationships and personal life

Buy Now
Questions 203

Which of the following is critical to the success of an effective interview?

Options:

A.

Present audit evidence and information to support the internal auditor’s line of questioning.

B.

Establish credibility, trust, and rapport.

C.

Develop flowcharts and review them with the interviewee.

D.

Observe the process and discuss it with the interviewee.

Buy Now
Questions 204

An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for

testing. Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?

Options:

A.

Review logs of the vehicles assigned to employees for the delivery of goods during the engagement period.

B.

Visit the home address of the specific employee to see the selected vehicle.

C.

Compare the registered details of the vehicle in the fixed asset register to a date-stamped photograph of the vehicle.

D.

Seek independent confirmation of the vehicle's details from one of the delivery employees.

Buy Now
Questions 205

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

Options:

A.

Determine process outputs

B.

Determine process inputs.

C.

Determine process activities.

D.

Determine process goals

Buy Now
Questions 206

Which of the following measures immediate short-term liquidity?

Options:

A.

Current ratio

B.

Profit margin

C.

Quick ratio

D.

Times interest earned

Buy Now
Questions 207

An internal auditor is assigned to an advisory engagement for the launch of a new system relating to travel and expense. During fieldwork, the auditor tests interfacing controls with the procurement system. The auditor observes that a key control is missing within the procurement system. The auditor identifies that senior management has approved a temporary manual workaround for the missing control. Which of the following actions should the auditor take?

Options:

A.

Propose to include an assurance engagement for the procurement system in next year’s audit plan

B.

Perform a root cause analysis and test the workaround effectiveness

C.

Expand the scope of the advisory engagement to include the procurement system

D.

Ignore the risk as senior management has implemented the workaround

Buy Now
Questions 208

Which of the following types of policies best helps promote objectivity in the internal audit activity’s work?

Options:

A.

Policies that are distributed to all members of the internal audit activity and require a signed acknowledgment.

B.

Policies that match internal auditors' performance with feedback from management of the area under review

C.

Policies that keep internal auditors in areas where they have vast audit expertise.

D.

Policies that provide examples of Inappropriate business relationships

Buy Now
Questions 209

Which of the following is the most appropriate approach for the internal audit activity to follow up on management action plans?

Options:

A.

Create a tracking system for follow up

B.

Ensure that follow-up activities are performed at least weekly.

C.

Delegate follow-up activities to qualified administrative staff within the business unit

D.

Ensure that follow-up activities are performed by the most senior auditor on staff

Buy Now
Questions 210

Which of the following would best prevent phishing attacks on an organization?

Options:

A.

An intrusion detection system

B.

Use of firewalls

C.

Regular security awareness training

D.

Application hardening

Buy Now
Questions 211

An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?

Options:

A.

Observe corrective measures.

B.

Seek a management assurance declaration.

C.

Follow up during the next scheduled audit.

D.

Conduct appropriate testing to verify management responses.

Buy Now
Questions 212

Who is responsible for ensuring internal auditors continuing professional development*

Options:

A.

Individual internal auditors

B.

Chief audit executive.

C.

The board

D.

Engagement supervisors

Buy Now
Questions 213

An internal auditor suspects that a program contains unauthorized code or errors. Which of the following would assist the internal auditor in this regard?

Options:

A.

Utility software

B.

Generalized audit software

C.

Application software tracing and mapping

D.

Audit expert systems

Buy Now
Questions 214

Which of the following represents the best example of a strategic goal?

Options:

A.

Customer satisfaction index has to be 90% each quarter.

B.

Ten rapid charging stations will be installed next year.

C.

The organization aims to decrease the budget by 10%.

D.

The organization will be carbon neutral within 5 years.

Buy Now
Questions 215

Which of The following best justifies an internal auditor's decision to issue a preliminary audit report?

Options:

A.

The internal audit team and audit client have a serious dispute over the scope and objective of the engagement

B.

The internal audit team expects management to address certain issues immediately due to their severe impact

C.

The internal audit team anticipates that the formal final audit report would be undesirable for management due to the significance of outlined risks

D.

The internal audit team would like to issue a clean final audit report without any material observations or risks

Buy Now
Questions 216

An organization's healthcare insurance costs have been rising approximately 10 percent per year for several years. Which of the following analytical review procedures would best evaluate the reasonableness of the increase in healthcare costs?

Options:

A.

Develop a comparison of the costs incurred with similar costs incurred by other organizations.

B.

Obtain the government index of healthcare costs for the comparable period of time and compare the rate of increase with that of the cost per employee incurred by the organization.

C.

Obtain a bid from another healthcare administrator to provide the same administrative services as the current healthcare administrator.

D.

Review all claims and compare with appropriate procedures to ensure that overpayments have not occurred.

Buy Now
Questions 217

When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?

Options:

A.

The need and availability of automated support.

B.

The potential impact of key risks.

C.

The expected outcomes and deliverables.

D.

The operational and geographic boundaries.

Buy Now
Questions 218

An internal auditor is examining the organization's internal control processes. Which of the following would the auditor do to test the reliability of a customer database1?

Options:

A.

Perform a site visit to see whether the organization's servers are operational

B.

Interview end users to determine whether they understand how to use the database information

C.

Determine whether policies are in place on how to use the database information

D.

Review for indications of potential issues with the database information

Buy Now
Questions 219

Which of the following is not an outcome of control self-assessment?

Options:

A.

Informal, soft controls are omitted, and greater focus is placed on hard controls.

B.

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

C.

Internal auditors become involved in and knowledgeable about the self-assessment process.

D.

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

Buy Now
Questions 220

During an internal audit engagement, which of the following is true regarding the decision to use statistical sampling or nonstatistical sampling?

Options:

A.

The decision affects the test procedures performed.

B.

The auditor's response to errors detected will be influenced.

C.

The competence of the evidence obtained is greater with statistical sampling.

D.

Nonstatistical sampling may be more cost effective.

Buy Now
Questions 221

An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?

Options:

A.

Document the results and report the overall percentage of variances.

B.

Determine the significance of the variances and investigate causes as needed.

C.

Review the results and investigate the cause of all variances.

D.

Report all variances to management and request an action plan to remediate them.

Buy Now
Questions 222

According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?

Options:

A.

The employee’s name listed on organization’s payroll is compared to the personnel records.

B.

Payroll time sheets are reviewed and approved by the timekeeper before processing.

C.

Employee access to the payroll database is deactivated immediately upon termination.

D.

Changes to payroll are validated by the personnel department before being processed.

Buy Now
Questions 223

The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?

Options:

A.

The scope of the engagement, the estimated time frame, and the names of the auditors.

B.

The estimated time frame, the names of the auditors, and the resources and travel budget

C.

The names of the auditors, the resources and travel budget, and the scope of the engagement.

D.

The resources and travel budget, the scope of the engagement, and the estimated time frame.

Buy Now
Questions 224

The internal audit function is in the fieldwork stage of the annual staff performance appraisal assurance engagement. A new auditor is hired and added to the engagement team. The auditor reviews the engagement work program with another member of the team and suggests improvements to make the fieldwork easier to complete. What action should be taken next?

Options:

A.

Refer the suggested changes to the engagement supervisor for approval.

B.

Note the suggested changes to be included in next year’s engagement program.

C.

Update the engagement work program with the suggested changes.

D.

No action is required as the work program has been approved and is underway.

Buy Now
Exam Code: IIA-CIA-Part2
Exam Name: Internal Audit Engagement
Last Update: Feb 21, 2026
Questions: 747
IIA-CIA-Part2 pdf

IIA-CIA-Part2 PDF

$25.5  $84.99
IIA-CIA-Part2 Engine

IIA-CIA-Part2 Testing Engine

$30  $99.99
IIA-CIA-Part2 PDF + Engine

IIA-CIA-Part2 PDF + Testing Engine

$40.5  $134.99