Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

IIA-CIA-Part2 Internal Audit Engagement Questions and Answers

Questions 4

An internal auditor performed a review that focused on the organization’s process for vetting vendors. The internal auditor’s testing identified that 120 out of 130 vendors had a business relationship with the organization’s procurement manager that violated conflict-of-interest policies. Which of the following conclusions could the internal auditor draw from these results?

Options:

A.

The organization is exposed to significant fraud and abuse risks as a result of the vendor and employee business relationships.

B.

Due to improper relationships and favoritism, vendors are not providing goods or services at a reasonable price to meet the objectives.

C.

The organization’s conflict-of-interest policies are not clear or well communicated throughout the organization.

D.

Improper relationships and favoritism means that controls are not effective and significant fraud occurs.

Buy Now
Questions 5

How should an internal auditor approach preparing a detailed risk assessment during engagement planning?

Options:

A.

Complete the risk assessment independently to prevent conflicts of interest with the function being reviewed.

B.

Work with external auditors to ensure that the risk assessment includes items reflected on the independent auditor ' s report.

C.

Work with management of the function being reviewed, as management would be most familiar with the business objectives and related risks.

D.

Consult with the compliance department, which typically has a more comprehensive view of the organization.

Buy Now
Questions 6

An internal auditor developed a list of internal and external risk considerations across the organization ' s processes, developed a scale to assess each risk and allocated the relative importance of each risk. When of the following approaches did the auditor take?

Options:

A.

Top-down approach

B.

Process-Metrix approach

C.

Risk-factor approach

D.

Bottom up approach

Buy Now
Questions 7

A bank uses customer departmentalization to categorize its departments. Which of the following groups best exemplifies this method of categorization?

Options:

A.

Community, institutional, and agricultural banking

B.

Mortgages, credit cards, and savings.

C.

South, southwest and east.

D.

Teller, manager, and IT specialist

Buy Now
Questions 8

An internal auditor at an electricity provider analyzes data sets related to customers’ household electricity usage, including payments, consumption, profiles, etc. The objective is to assess the completeness of the invoicing process. Which of the following would be the best approach to fulfill this purpose?

Options:

A.

Conduct a trend analysis of customers ' payment history and flag those with the most inconsistent payments and debts

B.

Conduct a ratio analysis by calculating the relationship between sums paid in local currency and volume of electricity billed in megawatt hours

C.

Conduct an analysis of clients’ electricity consumption patterns within a specified period and identify consumption spikes

D.

Conduct a comparison to identify deviations between electricity amounts billed to customers and information regarding actual consumption

Buy Now
Questions 9

How do internal auditors generally determine the priority of the areas within the engagement scope?

Options:

A.

By calculating the period of time when the area was last audited try internal auditors

B.

By totaling the monetary value of the processes within the organization in the scope of the engagement

C.

By counting the number of red flags indicating the potential fraudulent activities within the area.

D.

By estimating the likelihood of a risks occurring and the potential impact of that risk on the organization

Buy Now
Questions 10

Which of the following statements is true regarding corporate social responsibility (CSR)?

Options:

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan

B.

Despite significant corporate resources spent on CSR reporting, investors generally do not rely on CSR information.

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary.

D.

Typically, operating management does not have a major role to play based on the public nature of reporting

Buy Now
Questions 11

An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?

Options:

A.

Disclose the information in a separate report.

B.

Distribute the information in a confidential report to the board only

C.

Distribute the reports through the use of blind copies.

D.

Exclude the results from the report and verbally report the conditions to senior management and the board.

Buy Now
Questions 12

During the planning stage of an assurance engagement, an internal auditor has been assigned to prepare a risk matrix. Which of the following should the internal auditor consider when attempting to identify process-level risks?

Options:

A.

Possible tests

B.

Possible scenarios

C.

Possible controls

D.

Possible samples

Buy Now
Questions 13

The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?

Options:

A.

Refuse to accept the consulting engagement because it would be a violation of independence.

B.

Collaborate with the external auditor to ensure the most efficient use of resources.

C.

Accept the engagement but hire an external training specialist to provide the necessary expertise.

D.

Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.

Buy Now
Questions 14

The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?

Options:

A.

Contract with the software vendor to provide an appropriate resource.

B.

Ask for a knowledgeable resource from the IT department.

C.

Make use of an external service provider.

D.

Request audit resources through the external auditor.

Buy Now
Questions 15

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

Options:

A.

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

B.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

C.

Reassign information systems auditors to assist in implementing management ' s action plan.

D.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

Buy Now
Questions 16

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

Options:

A.

To prepare for testing the effectiveness of controls

B.

To plan for evaluating potential losses

C.

To prepare a sampling plan for the engagement

D.

To evaluate the design of controls

Buy Now
Questions 17

A multinational organization has multiple divisions that sell their products internally to other divisions When selling internally, which of the following transfer prices would lead to the best decisions for the organization?

Options:

A.

Full cost

B.

Full cost plus a markup.

C.

Market price of the product.

D.

Variable cost plus a markup.

Buy Now
Questions 18

An internal auditor suspects that employee turnover is unusually high at the organization ' s primary manufacturing plant To investigate this potential issue which of the following analytical approaches is the auditor likely to use?

Options:

A.

Ratio analysis

B.

Vertical analysis

C.

Benchmarking

D.

Cost-benefit analysis.

Buy Now
Questions 19

During an operational audit of the cash receipts process, internal auditors uncovered many red flags related to possible misappropriation of cash and other cash-flow problems indicative of potential employee fraud. Which of the following statements is true regarding the follow-up investigative audit?

Options:

A.

The audit team that conducted the operational audit must also conduct the investigative audit.

B.

The investigative audit must be conducted by an independent third-party service provider.

C.

To preserve objectivity, auditors who participated on the initial operational audit engagement team must not partake in the investigative audit.

D.

The investigative audit engagement team must include at least one auditor who possesses fraud-related skills and competencies.

Buy Now
Questions 20

While auditing an organization ' s credit approval process, an internal auditor learns that the organization has made a large loan to another auditors relative. Which course of action should the auditor take?

Options:

A.

Proceed with the audit engagement, but do not include the relative ' s information.

B.

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.

Disclose in the engagement final communication that the relative Is a customer

D.

Immediately withdraw from the audit engagement

Buy Now
Questions 21

A compliance engagement is underway, and management of the activity under review has asked the internal auditor to provide regular status updates and information regarding preliminary observations before the engagement is complete. Which of the following would be the internal auditor’s most appropriate response?

Options:

A.

The auditor should accommodate the request for information and brief management on significant preliminary observations as they develop.

B.

The auditor should advise management that the requested information cannot be communicated until the engagement is complete and the results undergo a quality check by the engagement supervisor.

C.

The auditor should share the requested information but clearly communicate that it is not appropriate for him to correct any observations based on further information that may be provided by management.

D.

The auditor should partially accommodate the request, explaining that he can provide status updates regarding the engagement procedures and timeline but he is unable to provide information regarding preliminary observations.

Buy Now
Questions 22

Which of the following is true about surveys?

Options:

A.

A survey with open-ended questions is weaker than a structured interview

B.

A survey with closed-ended questions can produce quantifiable evidence

C.

A survey ' s participants are likely to volunteer information that was not specifically requested

D.

A survey, like inspections and confirmations are best used to test the operating effectiveness of controls

Buy Now
Questions 23

Which of the following is an example of a properly supervised engagement?

Options:

A.

Auditors are asked to keep a daily record of their activity for review by the auditor in charge following the engagement.

B.

The senior internal auditor requires each auditor to review and initial colleagues’ workpapers for completeness and format

C.

A new internal auditor is accompanied by an experienced auditor during a highly sensitive fraud investigation.

D.

The auditor in charge provides reasonable assurance that engagement objectives were met

Buy Now
Questions 24

Which of the following is a primary reason for an internal auditor to use a risk and control questionnaire when auditing financial processes?

Options:

A.

To gain an understanding of the control environment

B.

To collect as much financial data as possible before engagement fieldwork begins.

C.

To test the effectiveness of financial controls in an efficient and relatively inexpensive way

D.

To facilitate the quantification of financial data obtained

Buy Now
Questions 25

The internal audit function is in the fieldwork stage of the annual staff performance appraisal assurance engagement. A new auditor is hired and added to the engagement team. The auditor reviews the engagement work program with another member of the team and suggests improvements to make the fieldwork easier to complete. What action should be taken next?

Options:

A.

Refer the suggested changes to the engagement supervisor for approval.

B.

Note the suggested changes to be included in next year’s engagement program.

C.

Update the engagement work program with the suggested changes.

D.

No action is required as the work program has been approved and is underway.

Buy Now
Questions 26

What is the purpose of an internal control questionnaire?

Options:

A.

To gather information from a sample of people who are geographically dispersed

B.

To assess risks that could prevent an audited area from achieving its objectives.

C.

To evaluate tie level of compliance of remote offices with centrally designed procedures

D.

To perform testing of controls more frequently

Buy Now
Questions 27

Which of the following constitutes supervisory activity undertaken during the planning phase of an assurance engagement?

Options:

A.

Ensuring the process owner with the engagement objectives

B.

Reviewing engagement draft reports

C.

Ensuring workpapers support audit findings

D.

Approving audit work programs

Buy Now
Questions 28

Which of the following best describes the internal audit activity ' s responsibility within a risk and control framework?

Options:

A.

The internal audit activity constitutes the first line of defense in effective risk management.

B.

The internal audit activity provides direction regarding internal controls implementation.

C.

The internal audit activity verifies that management has met its responsibility for implementing effective controls.

D.

The internal audit activity implements the internal control framework and advises management regarding best practices

Buy Now
Questions 29

An internal auditor is examining the organization ' s internal control processes. Which of the following would the auditor do to test the reliability of a customer database1?

Options:

A.

Perform a site visit to see whether the organization ' s servers are operational

B.

Interview end users to determine whether they understand how to use the database information

C.

Determine whether policies are in place on how to use the database information

D.

Review for indications of potential issues with the database information

Buy Now
Questions 30

According to IIA guidance, which of the following most appropriately justifies the CEO’s decision that the internal audit activity shall be responsible for risk management and Investigation at multinational organization?

Options:

A.

The recommendation of the parent office external auditors.

B.

The provisions of the internal audit charter.

C.

The authority of the CEO.

D.

The level of proficiency of the chief audit executive

Buy Now
Questions 31

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a charitable contribution from the organization. Which of the following methods would best help meet this objective?

Options:

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee ' s final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions.

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities.

Buy Now
Questions 32

An internal auditor has suspicions that the management of a department splits me number of planned purchases to avoid the approval process required for larger purchases. Which of the following would be the most efficient technique to help the auditor identify the seventy of this malpractice?

Options:

A.

Examining the entire population

B.

Asking management about the malpractice

C.

Testing a sample of random transactions.

D.

Using data analytics

Buy Now
Questions 33

According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the Internal audit activity^

Options:

A.

CAE reviews and approves the annual audit plan.

B.

CAE meets privately with the CEO at least annually

C.

CAE meets privately with the board at least annually.

D.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Buy Now
Questions 34

Which of the following is an example of a compliance assurance engagement?

Options:

A.

Providing in-house training to senior management regarding applicable laws and regulations.

B.

Providing an assessment of the design adequacy of controls related to consumer privacy and confidentiality.

C.

Providing an assessment of customer satisfaction with customer service provided by the organization.

D.

Providing testing on the operating effectiveness of controls over the reliability of financial reporting.

Buy Now
Questions 35

A bicycle manufacturer incurs a combination of fixed and variable costs with the production of each bicycle. Which of the following statements is true regarding these costs?

Options:

A.

if the number of bicycles produced is increased by 15 percent, the variable cost per unit will increase proportionally

B.

The fixed cost per unit will vary directly based on the number of bicycles produced during the production cycle.

C.

The total variable cost will vary proportionally and inversely with the number of bicycles produced during a production run.

D.

if the number of bicycles produced is increased by 30 percent, the fixed cost per unit will decline.

Buy Now
Questions 36

An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization ' s board under which of the tollowing circumstances ' ?

1. In the opinion of the CAE the level of residual risk assumed by senior management is too high

2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales

3. The cost of modifying the sales system to include a preventive control is less than S100.000

Options:

A.

1 only

B.

3 only

C.

1 and 3 only

D.

1, 2, and3

Buy Now
Questions 37

Which of the following statements best describes the difference between risk appetite and risk tolerance?

Options:

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization ' s general attitude toward risk.

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management

C.

Risk appetite refers to an organization’s general level of acceptance, while risk tolerance is a more specific and subordinate concept

D.

There is no significant difference between the two terms

Buy Now
Questions 38

A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks. When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

Options:

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CCO and present the revised audit plan to the board for approval

Buy Now
Questions 39

Which of the following activities Is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

Options:

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud

C.

Interrogating a suspected fraudster.

D.

Completing a process review to improve controls to prevent fraud.

Buy Now
Questions 40

The internal audit activity has adopted the balanced scorecard approach to assess its performance According to MA guidance which of the following is a key performance indicator relevant to the audit client?

Options:

A.

Percentage of recommendations implemented by corrective action date

B.

Staff experience

C.

Percentage of planned audits completed

D.

Conformance with the International Professional Practices Framework

Buy Now
Questions 41

Which of the following sources of audit evidence is most reliable?

Options:

A.

Evidence obtained directly from an untested third party.

B.

Uncorroborated audit evidence obtained indirectly from an employee.

C.

Undocumented audit evidence obtained directly from a manager.

D.

Timely audit evidence obtained directly from a customer.

Buy Now
Questions 42

A corporate merger decision prompts the chief audit executive (CAE) to propose interm changes to the existing annual audit plan to account for emerging risks Which of the following Is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

Options:

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval.

C.

Present the revised audit plan directly to the CEO for approval.

D.

Communicate with the CEO and present the revised audit plan to the board for approval

Buy Now
Questions 43

For a new board chair who has not previously served on the organization’s board, which of the following steps should first be undertaken to ensure effective leadership to the board*?

Options:

A.

Chair should learn the current organizational culture of the company.

B.

Chair should learn the current risk management system of the company

C.

Chair should determine the appropriateness of the current strategic risks.

D.

Chair should gain an understanding of the needs of key stakeholders.

Buy Now
Questions 44

Which of the following is a disadvantage of using flowcharts during a risk assessment?

Options:

A.

People cannot quickly understand the processes via flowcharts

B.

Flowcharts are not applicable for evaluating the design of controls

C.

Some serious risks that are not part of the linear process can be missed

D.

Flowcharts do not enable auditors to identify missing controls

Buy Now
Questions 45

An organization buys crude oil on the open market and refines it into a high-quality gasoline. The price of crude oil is extremely volatile. Which of the following is the most appropriate risk management technique to protect the organization against these price fluctuations?

Options:

A.

Enter into long-term gasoline purchase agreements with end customers.

B.

Trade crude oil derivatives at financial markets in order to benefit from price fluctuations

C.

Purchase crude oil-related derivatives such as futures or options

D.

Stock as much raw materials as possible and consider Investing into additional facilities

Buy Now
Questions 46

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

Options:

A.

A description of their job responsibilities.

B.

A non-disclosure agreement

C.

An annual declaration of commitment to The HAs Code of Ethics.

D.

The internal audit charter

Buy Now
Questions 47

According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?

Options:

A.

It documents the audit steps and procedures to be performed.

B.

it documents preliminary information useful to the audit team.

C.

It documents events that could hinder the achievement of process objectives.

D.

It documents existing measures that manage risks in the area under review

Buy Now
Questions 48

Considering the five-attribute approach to documenting deficiencies in an area under review which of the following answers the question. " What should be in place?’’

Options:

A.

Action plan

B.

Recommendation

C.

Condition

D.

Criteria

Buy Now
Questions 49

The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the Internal auditor was assigned to an assurance engagement?

Options:

A.

The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.

B.

The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.

C.

The assigned internal auditor must not assume management responsibilities while performing the engagement.

D.

The assigned internal auditor must maintain objectivity while performing the engagement

Buy Now
Questions 50

According to IIA guidance, which of the following statements is true regarding due professional care?

Options:

A.

Internal auditors must exercise due professional care to ensure that all significant risks will be identified.

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist.

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost

Buy Now
Questions 51

At a construction company, an internal auditor is planning an audit of the company ' s process for designing and building grid connections The process involves customers making payments m three parts

• The first payment of 10% after approval of the customer s application

• The second payment of 70% prior to construction

• The third payment of 20% after construction is complete

Which of the following key controls should the auditor test to ensure that the company is not taking any unwanted credit risks?

Options:

A.

Controls that ensure that grid connection design is finalized before construction is approved to begin

B.

Controls that ensure construction orders are initiated after the second invoice is paid

C.

Controls that ensure all three invoices are calculated correctly according to the total project cost

D.

Controls that ensure that applications are verified for approval prior to initiating design and construction

Buy Now
Questions 52

In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization ' s management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?

Options:

A.

Infrastructure.

B.

Emerging.

C.

Managed.

D.

Initial.

Buy Now
Questions 53

Which phase of an audit engagement is typically the most effective time for an internal auditor to develop a risk and control matrix?

Options:

A.

When preparing to recap audit test results.

B.

At sample selection, to determine sampling methodology.

C.

At the start of fieldwork, as part of developing the annual audit plan.

D.

At planning, to assist in developing the engagement work program.

Buy Now
Questions 54

When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

Options:

A.

Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.

B.

Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.

C.

Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.

D.

Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Buy Now
Questions 55

An audit reveals that a manager ' s spouse is receiving paychecks, but is not employed by the organization. According to IIA guidance, which of the following actions should the internal auditor take?

Options:

A.

Contact the external auditor and provide all relevant documentation.

B.

Report the finding to senior management in a timely manner, following the normal chain of command.

C.

Meet with the local manager to obtain more information on the finding before taking further action.

D.

Bypass the normal chain of command and contact the board directly to report the finding.

Buy Now
Questions 56

A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?

1. Graded positive opinion.

2. Negative assurance opinion.

3. Limited assurance opinion.

4. Third-party opinion.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Buy Now
Questions 57

The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed. How should the internal audit team proceed?

Options:

A.

Communicate immediately to the relevant regulatory agency the information regarding the company ' s control breaches along with details of recommended corrective actions to address the issue.

B.

Complete the branch reviews, ensure that the issue and impact are adequately detailed in the audit report, hold an exit meeting to discuss the issue with branch management, and provide recommendations for corrective actions.

C.

Have a discussion with branch management on the matter and recommend in an interim audit report that management take appropriate corrective action in order to address the current identified issues.

D.

Expand the audit to include the branches that were not previously selected and determine whether there are similar control breaches at those branches prior to compiling a comprehensive audit report and reporting the issue to senior management and the board.

Buy Now
Questions 58

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Buy Now
Questions 59

In preparing the engagement work program, which of the following is generally true with respect to secondary controls?

Options:

A.

A separate engagement work program should be created for secondary controls

B.

Secondary controls do not necessarily need to be tested for effectiveness

C.

Any documented secondary controls are deemed essential to the adequacy of control design

D.

Secondary controls should be held to the same requirements as key controls

Buy Now
Questions 60

During follow-up. the internal auditor discovered that operational management did not implement effective actions to address a significant control breach If the issue is left unresolved it may result in regulatory sanctions and damage the organization ' s reputation What is the most appropriate next step for the chief audit executive to lake?

Options:

A.

Report the matter to the board

B.

Implement the recommended control to address the exposure

C.

Discuss the matter with senior management

D.

Ask the regulatory agency to persuade management to address the issue

Buy Now
Questions 61

The audit committee has asked the chief audit executive (CAE) to conduct an ad hoc forensic investigation of the purchasing department within a month due to the significance and urgency of a recently discovered risk The internal audit activity currently has no available staff with relevant experience or qualifications Which of the following is the CAE ' s best option for fulfilling the internal audit activity ' s responsibilities in this case?

Options:

A.

Outsource the investigation to independent professional consultants

B.

Select certain internal auditors and remove them from their current assignments so that they can begin a forensic investigation course

C.

Recruit additional internal auditors possessing relevant qualification and experience

D.

Decline the engagement at this time

Buy Now
Questions 62

The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program ' s activities. What is the appropriate next step?

Options:

A.

Conclude whether the ESG program ' s activities are meeting the established goals

B.

Communicate the results of the assessment to senior management

C.

Develop recommendations based on the results of the assessment

D.

Perform testing on the activities selected based on the assessment

Buy Now
Questions 63

According to IIA guidance, which of the following steps should precede the development of audit engagement objectives?

Options:

A.

Identification of controls.

B.

Scope establishment.

C.

Risk assessment.

D.

Review of resources.

Buy Now
Questions 64

Which type of assurance engagement is conducted to determine whether a process or area is performing as intended, accomplishing its objectives, and doing so in an efficient and economical way?

Options:

A.

Compliance audit.

B.

Operational audit.

C.

Financial audit.

D.

Provider audit.

Buy Now
Questions 65

The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?

Options:

A.

The scope of the engagement, the estimated time frame, and the names of the auditors.

B.

The estimated time frame, the names of the auditors, and the resources and travel budget

C.

The names of the auditors, the resources and travel budget, and the scope of the engagement.

D.

The resources and travel budget, the scope of the engagement, and the estimated time frame.

Buy Now
Questions 66

Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding Which of the following is a reason to use narrative memoranda?

Options:

A.

To create a detailed risk assessment

B.

To identify individuals who perform key roles

C.

To explain a simple process.

D.

To document which outputs support other activities.

Buy Now
Questions 67

Which of the following statements is true regarding internal auditors and other assurance providers?

Options:

A.

Assurance providers who report to management and/or are part of management cannot provide control serf-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit

D.

hours Internal auditors can rely on the work of other assurance providers only rf the other assurance providers report directly to the board

Buy Now
Questions 68

An internal auditor uses a data query tool in the purchasing process to review the vendor master file for authorizations Which of the following describes the control objective likely being tested?

Options:

A.

Effectiveness

B.

Response

C.

Efficiency

D.

Mitigation.

Buy Now
Questions 69

The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review Which of the following would be the most appropriate approach?

Options:

A.

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

B.

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

C.

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures

D.

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

Buy Now
Questions 70

Which of the following would be the most reliable source of documentary evidence?

Options:

A.

Confirmation letters.

B.

Remittance advices.

C.

Policy statements.

D.

Canceled checks.

Buy Now
Questions 71

Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address the risks highlighted by the internal audit. Which of the following is the most appropriate action to address the outstanding audit recommendation?

Options:

A.

The auditor examines the system documentation of the new system to verify that the risk has been addressed in the new system, then reports to senior management the closure of the issue.

B.

The auditor accepts management ' s explanation that the previously identified issue is adequately addressed by the new IT system, as management understands the concern and is most knowledgeable about the new system, and closes the outstanding issue.

C.

The auditor advises management that replacing the IT system does not dismiss the prior obligation to implement the agreed action plan, and escalates the issue to senior management and the board.

D.

The auditor requires management to provide details regarding the process for selecting the new IT system and whether other systems were evaluated, and closure of the issue would depend on the new information provided.

Buy Now
Questions 72

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

Options:

A.

Inform senior management that the branch manager deeded to cancel the committed action plan without any previous communication

B.

Discuss the issue with the board which has ultimate responsibility to resolve the risk

C.

Have another discussion with the branch manager attempt to change his view, and encourage him to movement the recommendations

D.

Document the branch manager ' s decision to accept the risk otherwise, no other speak: course of action is required.

Buy Now
Questions 73

An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?

Options:

A.

Verify that approvals of purchasing documents comply with the authority matrix.

B.

Observe whether the purchase orders are sequentially numbered.

C.

Examine whether the sales department supervisor approves invoices for payment.

D.

Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

Buy Now
Questions 74

Which statistical sampling approach would an internal auditor typically utilize if she wishes to test for fraud and the expected deviation rate is very low?

Options:

A.

Stratified sampling

B.

Attribute sampling

C.

Discovery sampling

D.

Haphazard sampling

Buy Now
Questions 75

Which of the following analytical procedures should an internal auditor use to determine whether monthly expenses for the accounting department are reasonable?

Options:

A.

Review year-over-year trending of total dollars spent in each period.

B.

Review changes to the vendor master file for suspicious activity.

C.

Review the percentage of on-time payments against prior periods.

D.

Review total expenses for accounting against other department expenses in the organization.

Buy Now
Questions 76

At a conference an internal auditor presented a new computer-assisted audit technique developed by his organization The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers and the trip was approved by the chief audit executive (CAE). However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

Options:

A.

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards

D.

The auditor breached the conflict of interest standard by accepting payment for travel costs

Buy Now
Questions 77

An internal control questionnaire would be most appropriate in which of the following situations?

Options:

A.

Testing controls where operating procedures vary.

B.

Testing controls in decentralized offices.

C.

Testing controls in high risk areas.

D.

Testing controls in areas with high control failure rates.

Buy Now
Questions 78

Management has taken immediate action to address an observation received during an audit of the organization ' s manufacturing process Which of the following is true regarding the validity of the observation closure?

Options:

A.

Valid closure requires evidence that ensures the corrected process will function as expected in the future

B.

Valid closure requires the client lo address not only the condition, but also the cause of the condition

C.

Valid closure of an observation ensures it will be included in the final engagement report

D.

Valid closure requires assurance from management that the original problem will not recur in the future

Buy Now
Questions 79

Which of the following internal audit activities is performed in the design evaluation phase?

Options:

A.

The internal auditor reviews prior audits and workpapers.

B.

The internal auditor identifies the controls over segregation of duties.

C.

The internal auditor checks a process for completeness.

D.

The internal auditor communicates the audit results to management.

Buy Now
Questions 80

According to IIA guidance, which of the following is the key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?

Options:

A.

Review the organizational structure, management roles and responsibilities, and operating procedures.

B.

Evaluate management ' s risk assessment and the internal audit activity ' s risk assessment.

C.

Assess process flow and control documents used to meet regulatory requirements.

D.

Review meeting notes from discussions involving management of the area to be reviewed.

Buy Now
Questions 81

An internal auditor is performing an assessment in a vehicle brake manufacturing company. The auditor learned that the product quality test conditions are aligned with the company’s written test procedures. However, the test conditions are not similar to conditions experienced by vehicles in the real world. Documentation shows that a significant percentage of products fail the quality tests. Products that fail the tests are discarded. Which perspective is appropriate?

Options:

A.

The tests are acceptable since they are good enough to detect quality problems and failure products are not sent to the market.

B.

Despite a significant rejection percentage, the test conditions are not useful because they are not similar to real world conditions. The significance of the finding is reduced because tests are performed in accordance with written procedures.

C.

The quality tests must be run in similar conditions as vehicles experience in the real world. This is a major finding since there is a risk to life considering the type of product being evaluated.

D.

Despite the risk of an accident, the severity of the finding can be reduced because the company discards the failed products. Due to this, the likelihood of occurrence is low.

Buy Now
Questions 82

Operational management In the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge/skills gap.

B.

Monitoring gap.

C.

Accountability reward failure

D.

Communication failure

Buy Now
Questions 83

During an audit of the accounts payable process, an internal auditor was assigned to confirm the quantity of goods received on receiving documents to invoices for those goods and subsequent postings in the accounting system. Which of the following procedures would be most appropriate for this test?

Options:

A.

Independent confirmation

B.

Tracing

C.

Vouching

D.

Reperformance

Buy Now
Questions 84

An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

Options:

A.

Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.

B.

Confirm the decision with management and document this decision in the audit file.

C.

Document the issue in the audit file and follow up until the issues are resolved.

D.

Initiate an assurance engagement on the unresolved issues.

Buy Now
Questions 85

Which of the following is the advantage of using internal control questionnaires (ICQs) as part of a preliminary survey for an engagement?

Options:

A.

ICQs provide testimonial evidence.

B.

ICQs are efficient.

C.

ICQs provide tangible evidence to be quantified.

D.

ICQs put observations into perspective.

Buy Now
Questions 86

Management testimony of improper segregation of duties in the cash receipt process can be considered which of the following?

Options:

A.

Analytical

B.

Reliable

C.

Relevant

D.

Sufficient

Buy Now
Questions 87

An internal auditor is performing testing to gather evidence regarding an organization ' s inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is The auditor ' s concern best describes which of the following risks?

Options:

A.

Incorrect rejection risk.

B.

Incorrect acceptance risk.

C.

Tolerable misstatement risk

D.

Anticipated misstatement risk

Buy Now
Questions 88

An engagement supervisor reviewed a staff internal auditor ' s documentation and noted that several edits should be made. The internal audit activity uses an electronic workpaper database and does not maintain paper files for its system of record. A system error prevents the engagement supervisor from adding her electronic signature to any workpaper in the database Given this situation which is the most appropriate response to provide evidence of supervisory review?

Options:

A.

The engagement supervisor should print sign and date each workpaper after the review is complete and scan the document into the database as evidence of review

B.

Because the engagement supervisor called the help desk to correct the IT problem, he should upload the support-request ticket from the help desk to serve as evidence of the review

C.

The engagement supervisor should ask another manager-level internal auditor not associated with the project to sign the workpaper on his behalf

D.

The engagement supervisor should instruct the staff internal auditor to add a note in the workpaper on his behalf indicating that the workpaper was reviewed and feedback was provided

Buy Now
Questions 89

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1.Consult on CSR program design and implementation

2.Serve as an advisor on CSR governance and risk management.

3.Review third parties for contractual compliance with CSR terms

4Identify and mitigate risks to help meet the CSR program objectives

Options:

A.

1,2, and 3.

B.

1.2. and 4.

C.

1, 3, and 4.

D.

2. 3. and 4.

Buy Now
Questions 90

A healthcare organization ' s chief audit executive (CAE) noted that the organization ' s IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization ' s chief information officer (ClO) does not agree with the audit team ' s recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?

Options:

A.

Write a risk acceptance memo for the CIO to sign acknowledging the observation and indicating a willingness to accept the risk.

B.

Provide an example of the attestation form that vendors must use. Then, recommend that the IT team require vendors to submit the attestation form on a regular basis.

C.

Escalate the issue to the audit committee, as the CIO is unwilling to implement the recommended action plan.

D.

Escalate the issue to the CAE to assess whether the ClO ' s reasoning is acceptable.

Buy Now
Questions 91

An internal auditor completed a review of expenses related to the launch of a new project. The auditor sampled 45 transactions approved by a senior project manager and identified 30 with questionable vendor documentation. Which of the following is the most appropriate conclusion for the auditor to include in the audit report?

Options:

A.

The organization incurred excessive cost overruns that resulted in significant financial and legal risk to the project.

B.

The organization experienced a potential conflict of interest

C.

The organization had weaknesses in its review process which allowed questionable transactions with some vendors

D.

The organization allowed the project to launch without assurance that all transactions were regularly approved

Buy Now
Questions 92

Which of the following should be included in a company ' s year-end inventory valuation?

Options:

A.

Company goods that were sold during the year, free on board shipping point, that have been shipped but not yet received by the customer

B.

Goods purchased by the company, free on board destination, that have not yet been received.

C.

Goods on consignment, which the company is trying to sell for its customers.

D.

Company goods for sale on consignment at a consignment shop

Buy Now
Questions 93

According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?

Options:

A.

Criteria

B.

Cause

C.

Effect

D.

Condition

Buy Now
Questions 94

Which of the following is the primary reason an internal auditor would issue an interim report during an engagement?

Options:

A.

To provide a status update on a short engagement to management of the area under review and to the audit supervisor.

B.

To confirm agreement with preliminary observations and conclusions identified during the engagement.

C.

To provide those responsible for the area under review with the opportunity to act on certain observations immediately.

D.

To verify that the corrective actions required by senior management are completed as agreed.

Buy Now
Questions 95

A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline ' s pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?

Options:

A.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

B.

All completed training costs, and the cost of actual production hours completed to date.

C.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

D.

All completed training costs, and 50% of the contracted production costs.

Buy Now
Questions 96

Which of the following is one of the five basic tnanoal statement assertions when an internal auditor evaluates controls over financial reporting?

Options:

A.

Reliability or appropriateness

B.

Reasonableness

C.

Existence or occurrence

D.

Relevance

Buy Now
Questions 97

Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?

Options:

A.

Improper segregation of duties.

B.

Incentives and bonus programs.

C.

An employee ' s reported concerns.

D.

Lack of an ethics policy.

Buy Now
Questions 98

A multinational organization has asked the internal audit activity to assist in setting up the organization ' s risk management system The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

Options:

A.

Coordinate and facilitate risk workshops for management to attend

B.

Establish the degree of risk appetite for management to accept.

C.

Set risk Indicators and mitigation plans for management to Implement.

D.

Determine the number of significant risks for management to report to the board

Buy Now
Questions 99

Which of the following is the primary purpose of financial statement audit engagements?

Options:

A.

To assess the efficiency and effectiveness of the accounting department.

B.

To evaluate organizational and departmental structures, including assessments of process flows related to financial matters.

C.

To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.

D.

To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.

Buy Now
Questions 100

An internal auditor is preparing for an auditor of newly implemented software that is used by 3,000 employees in South America and Europe. What would be the best way for the auditor to gather relevant feedback?

Options:

A.

interview IT management in both regions

B.

Inspect regional user software training records

C.

Interview propel management and the vendor responsible for implementation

D.

Distribute surveys to software users in both regions

Buy Now
Questions 101

An internal auditor is assigned to validate calculations on the organization ' s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?

Options:

A.

Generalized audit software.

B.

Utility software

C.

integrated test facilities

D.

Audit expert systems

Buy Now
Questions 102

Which of the following is one of the differences between probability-proportional-to-size (PPS) and attribute sampling?

Options:

A.

PPS sampling s used to reach conclusions regarding monetary amounts, attribute sampling is not.

B.

PPS sampling is used to roach conclusions regarding rates of occurrence, attribute sampling is not.

C.

PPS sampling a applied within the context of testing controls attribute sampling s not.

D.

Attribute sampling is affected by the monetary book value of the population PPS sampling is not

Buy Now
Questions 103

A team of internal auditors is assigned to audit the employee relations process in an organization, which includes employee conduct and disciplinary hearings. Which of the following audit approaches would provide the auditors with the best evidence to determine the degree to which disciplinary decisions are complying with documented policy?

Options:

A.

Review a random sample of concluded disciplinary reports to assess how the policy was applied in each case.

B.

Interview a sample of impacted employees for their opinions on the clarity and fairness of the policy.

C.

Observe several disciplinary hearings to determine whether they are in compliance with the policy.

D.

Conduct an interview to assess the disciplinary hearing chairman’s understanding of the policy and its appropriate use.

Buy Now
Questions 104

An internal auditor wanted to determine whether the organization ' s 200 employees are charging their work hours accurately to the correct project. The internal auditor selected a sample of 30 employee time reports for testing. Based on the testing, the internal auditor determined the following:

- 5 Time reports were incorrect.

- 21 Time reports were correct.

- 4 Time reports were not supported.

Options:

A.

The organization has significant flaws in its reporting of employee time, which could lead to the overstatement of project labor costs. The organization ' s failure to report accurate and complete employee time could lead to potential fraud and abuse.

B.

The organization needs to ensure that all reporting of employee time is accurate and complete for each of its projects By dang so the organization can minimize potential issues related to overstating employee tames and labor project costs.

C.

The organization overstated project costs due to inaccurate and incomplete reporting of employee time charged to the affected accounts As a result the organization cannot ensure at protects costs are accurately reported to stakeholders

D.

The organization generally ensured that employee hours charged to each project were accurate and complete. However, there were instances of employee time reports that were incorrect or not supported to justify the multiple project labor coats

Buy Now
Questions 105

Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?

Options:

A.

Decline the audit engagement, because the Standards prohibit internal auditors from performing engagements where they lack the necessary competencies.

B.

Accept the audit engagement and use the engagement as an opportunity to develop the audit team ' s IT expertise while performing the audit work.

C.

Temporarily hire an experienced and knowledgeable IT analyst from the organization ' s IT department to lead the audit.

D.

Outsource the audit engagement to a reputable IT audit consulting firm.

Buy Now
Questions 106

An internal audit engagement supervisor approved the engagement work program submitted by an internal auditor and concluded that it satisfied engagement objectives. At the end of the engagement, the engagement supervisor reviewed the completed work program and found numerous deficiencies and inconsistencies in the engagement workpapers. Which of the following should be improved in the process of engagement supervision?

Options:

A.

The supervisor should regularly review the engagement team ' s workpapers throughout the engagement, including raising questions and providing guidance.

B.

The supervisor should evaluate whether the engagement work program includes audit procedures relevant to engagement objectives.

C.

The supervisor should thoroughly document all concerns prior to signing off the completed workpapers and finalizing the work program.

D.

The supervisor should issue a satisfaction questionnaire to management of the activity that was under review to understand the root causes of deficient performances.

Buy Now
Questions 107

The chief audit executive (CAE) for a manufacturing company included in this year s audit plan a review of the company ' s laboratory, using an experienced external service provider. The audit plan was approved by the audit committee without any changes At the time of engaging the external service provider, the CAE also secured the approval from the CEO. Who is responsible for ensuring that the conclusions reached for this exercise are adequately supported7

Options:

A.

Audit committee

B.

CEO

C.

CAE.

D.

External service provider

Buy Now
Questions 108

Acceding to IIA guidance, which of the following statements is true regarding the risk assessment process performed by the internal audit activity?

Options:

A.

The assessment of high-level risks is typically a linear process.

B.

Management should create the preliminary risk matrix

C.

The analysis should begin with ne identification of objectives

D.

Likelihood should receive greater consideration than impact

Buy Now
Questions 109

Which of the following should management action plans include at a minimum?

Options:

A.

An implementer for the action plan

B.

An owner of the action plan

C.

The internal auditor ' s next review date of the action plan

D.

Detailed procedures for the action plan

Buy Now
Questions 110

In a small internal audit function, a single auditor is responsible for conducting the entire audit engagement. In this situation, what is the benefit of using a checklist as part of an engagement work program?

Options:

A.

Allocation of tasks and responsibilities within the team.

B.

Facilitation of review by business representatives involved.

C.

Overview of results from previous audits.

D.

Retention of an audit trail regarding completion of tasks.

Buy Now
Questions 111

A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?

1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.

2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.

3. Meet with the IT auditor to develop an appropriate audit program to review the organization ' s Internet-based sales process and key controls.

4. Include the incident in the next quarterly report to the audit committee.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Buy Now
Questions 112

An organization is experiencing a significant risk that threatens its financial well-being Senior management requested that the chief audit executive (CAE) meet with them to discuss the risk. Which of the following would best describe the CAE ' s responsibility at the meeting?

Options:

A.

Inform senior management of the appropriate actions they should take to control the risk

B.

Recommend that the internal audit activity provide consulting services to help minimize the risk

C.

Assume the responsibility of resolving the significant risk that will affect the organization

D.

Determine whether senior management accepted risk that may be deemed unacceptable for the organization

Buy Now
Questions 113

Which of the following statement is consistent with IIA guidance the use of mentoring for internal auditors?

Options:

A.

The member and the internal auditor should opt for informal meetings even if it means that no formal documentation will be created.

B.

The mentor relationship is usually not suitable for internal audit staff, as it does not leas to professional development.

C.

The value of mentoring is derived primarily from the personal relationship between the two parties involved, and the mentor’s level of relevant experience should not be a key factor.

D.

The mentor should be the internal auditor’s supervisor to ensure that the auditor performance is assessed in a relevant and meaningful context.

Buy Now
Questions 114

When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?

Options:

A.

The need and availability of automated support.

B.

The potential impact of key risks.

C.

The expected outcomes and deliverables.

D.

The operational and geographic boundaries.

Buy Now
Questions 115

Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?

Options:

A.

Cost-benefit analysis of management not implementing a recommendation to address an observation.

B.

Inquiry of corrective action to be completed within a certain period

C.

Reporting the status of every observation for every engagement in a detailed manner.

D.

Soliciting management ' s feedback after completion of the audit engagement.

Buy Now
Questions 116

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?

1.There is a clear strategy and timeline to migrate risk management responsibility back to management.

2.The internal audit activity has the final approval on any risk management decisions.

3.The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.

4.The nature of services provided to the organization is documented in the internal audit charter.

Options:

A.

1 and 4 only.

B.

2 and 4 only.

C.

1 and 3 only.

D.

2 and 3 only.

Buy Now
Questions 117

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?

There is a clear strategy and timeline to migrate risk management responsibility back to management.

The internal audit activity has the final approval on any risk management decisions.

The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.

The nature of services provided to the organization is documented in the internal audit charter.

Options:

A.

1 and 4 only.

B.

2 and 4 only.

C.

1 and 3 only.

D.

2 and 3 only.

Buy Now
Questions 118

An internal auditor is asked to review a recently completed renovation to a retail outlet. Which of the following would provide the most reliable evidence that the completed work conformed to the plan?

Options:

A.

An interview with the employee who performed the work

B.

An analysis of purchasing and receiving documentation

C.

Existence of a signed completion document accepting the work

D.

A physical inspection of the retail outlet.

Buy Now
Questions 119

According to IIA guidance which of the following statements is true regarding the annual audit plan?

Options:

A.

The annual audit plan should only be adjusted in response to problems with resourcing, scope, and data availability.

B.

The chief audit executive (CAE) may incorporate risk information, including risk appetite levels from management for the audit plan at her discretion.

C.

In an immature risk management environment it is preferable for the CAE to rely solely on her judgment regarding risk identification and assessment to develop the audit plan.

D.

The CAE may make adjustments to the annual audit plan as needed without senior management or board approval.

Buy Now
Questions 120

An internal auditor is performing an engagement to determine whether quality control checks of electronic gaming systems are performed consistently among a technology company’s factories. Which of the following tests would support the audit engagement objectives?

Options:

A.

Obtain and review the organization’s policies and procedures to gain an understanding of the quality control checks performed on the gaming systems.

B.

Perform unannounced onsite observations at factories to help determine how employees perform quality control checks of the gaming systems in real time.

C.

Meet and discuss with the quality control supervisors at the facilities to obtain information about the processes related to the quality control of gaming systems.

D.

Use the organization’s manufacturing documentation to create a flowchart that shows how the gaming systems are built to meet the established quality control standards.

Buy Now
Questions 121

Which of the following activities would an internal auditor perform as a consulting engagement for an organization?

Options:

A.

Advising new internal auditors working for the organization on how to develop strategies on planning audits for the upcoming fiscal year

B.

Assessing whether the organization ' s corporate social responsibility program is meeting its yearly goals to reduce carbon emissions.

C.

Briefing the organization ' s department managers on how to implement risk management processes into their daily operations.

D.

Communicating with senior management to better understand how new purchasing controls will minimize payment processing time

Buy Now
Questions 122

Due to emerging new technologies that greatly affect the organization, the chief audit executive (CAE) wants to conduct frequent IT audit and is particularly focused on improving the quality of these engagements. Which of the following is the most viable solution for the CAE to ensure that IT audit quality is immediately enhanced and maintained long-term?

Options:

A.

Each year send a different member of the internal audit staff to an IT audit conference to learn about emerging technologies

B.

Contract an external IT special to offer advice and consult on IT audits

C.

Employ an independent external IT specialist to perform IT audits for the first year

D.

Invite qualified staff from the IT department to serve as guest auditors and lead IT audits

Buy Now
Questions 123

In which of the following situations would it be most appropriate for an internal audit function to issue an interim report or memo?

Options:

A.

A scheduled audit observed that several agreed improvements from the previous audit were still being implemented.

B.

A planned inventory count at the production plant revealed a material variance.

C.

An employee shared concerns of suspected fraud but did not provide evidence.

D.

An auditor responsible for the fieldwork has carried out only half of the planned audit procedures and has no observations so far.

Buy Now
Questions 124

The internal audit activity plans to assess the effectiveness of management ' s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

Options:

A.

Review corporate policies and board minutes for examples of risk discussions.

B.

Conduct interviews with line and senior management on current practices.

C.

Research and review relevant industry information concerning key risks.

D.

Observe and test control and monitoring procedures and related reporting.

Buy Now
Questions 125

Which of the following activities best demonstrates an internal auditor ' s commitment to developing professional competencies?

Options:

A.

Requesting to be part of all engagements on the annual audit plan

B.

Attending a series of locally offered training courses.

C.

Completing a skills assessment and development plan for targeted training needs.

D.

Attending a webinar on how to use data analytics

Buy Now
Questions 126

An internal auditor finds inconsistencies in a risk area that needs immediate attention. Which of the following actions is most appropriate for the auditor?

Options:

A.

Prepare an action plan to address the inconsistencies

B.

Contact regulatory agencies to report the inconsistencies and recommended corrective actions

C.

Assess the risk of the inconsistencies against the organization ' s mission

D.

Issue an interim report to senior management

Buy Now
Questions 127

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy Which of the following is the most appropriate idea to include?

Options:

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board Is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported

C.

Management is responsible for ensuring that the organization ' s CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization, thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Buy Now
Questions 128

The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management ' s corrective actions Doing so would help the CAE assess which of the following?

Options:

A.

Disclosure risk.

B.

Residual risk

C.

Compliance risk

D.

Inherent risk

Buy Now
Questions 129

Which of the following statements regarding the risk management process ' support of the internal audit activity is true?

Options:

A.

The risk management process can provide more extensive internal audit services to the organization if it does not have an internal audit department

B.

The risk management process supports internal audit by evaluating whether critical controls are adequate and effective.

C.

The risk management process can determine whether all significant risks have been identified and are being treated.

D.

The risk management process establishes an organization-specific documented risk management framework.

Buy Now
Questions 130

Which of the following statements is true regarding partnership liquidation?

Options:

A.

Operations can continue after the liquidation, if all partners agree.

B.

Partnership liquidation ends both the legal and economic life of an entity

C.

Partnership liquidation occurs when there is capital deficiency.

D.

When a partnership Is liquidated, each partner pays creditors from cash received

Buy Now
Questions 131

Which of the following technologies will best reduce human processing errors and enable seamless exchange of business transactions among business partners?

Options:

A.

Enterprise resource planning

B.

Material requirements planning

C.

Electronic data interchange

D.

Customer relationship management

Buy Now
Questions 132

According to IIA guidance which of the following best describes reliable information?

Options:

A.

Reliable information is factual adequate, and convincing so that a prudent informed person would reach the same conclusions as the internal auditor

B.

Reliable information is the best attainable information through the use of appropriate engagement techniques

C.

Reliable information supports engagement observations and recommendations and is consistent with the objectives for the engagement

D.

Reliable information helps the organization and the internal audit activity meet its goals

Buy Now
Questions 133

The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?

Options:

A.

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Buy Now
Questions 134

Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large organization?

Options:

A.

The internal assessment results should be discussed once every five years

B.

The rating conclusions and the impact from results of the external assessment should be explained

C.

The results of the external assessment should be discussed every seven years.

D.

The qualifications and independence of the internal assessment team should be discussed

Buy Now
Questions 135

An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?

Options:

A.

Document the results and report the overall percentage of variances.

B.

Determine the significance of the variances and investigate causes as needed.

C.

Review the results and investigate the cause of all variances.

D.

Report all variances to management and request an action plan to remediate them.

Buy Now
Questions 136

Which of the following statements is true regarding different competitive strategies?

Options:

A.

An organization that adopts a cost leadership competitive strategy generally maintains standard operating procedures to ensure efficiency.

B.

An organization that adopts a differentiation strategy generally maintains a targeted strategic approach to its operations.

C.

An organization that adopts a focus strategy is known for taking the lead in technological advancement.

D.

An organization that adopts a cost leadership strategy is known for cherishing employees who think creatively and emphasize uniqueness.

Buy Now
Questions 137

Which of the following is an example of internal benchmarking?

Options:

A.

Book value per common share ratio is lower than that of the prior year.

B.

Staff turnover ratio is higher than the comparable organization in the same industry.

C.

Utilities expense of the sales unit is higher than that of the customer service unit.

D.

Sales are significantly higher than the industry’s average for five years.

Buy Now
Questions 138

As part of internal audit ' s assistance with an annual external audit, the internal auditors are required to do a preliminary analytical review of an bank account balances. This involves verifying the current year end balances as web as comparing the current year end balances with previous year end balances to highlight significant changes. Which of the following is the most reliable source for verification of the current year end bank balances?

Options:

A.

Bank confirmations

B.

Internal bonk statements

C.

Bank reconciliations as of the end of the year

D.

Bank account general ledger balancer as of the end of the year

Buy Now
Questions 139

Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?

Options:

A.

Limited resources should be employed since the actual engagement is already completed and the onus of corrective actions rests with management

B.

No resources should be exclusively deployed for that at all rather it should be planned as part of future engagements in the same area

C.

Resources should only be provided towards this if doing so does not result in depletion of resources for new engagements planned in the current period

D.

Resources should be allocated to this without conditions as long as doing so meets the expectations of management and the judgment of the chief audit executive.

Buy Now
Questions 140

According to ISO 31000, which of the following statements is correct?

Options:

A.

The board is responsible for setting the organizational attitude through tone at the top.

B.

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities

C.

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.

The framework is designed to be effective for organizations no matter how small.

Buy Now
Questions 141

Senior management is challenging regulatory fines that were assessed to the organization due to questionable business practices. Their actions and the fines could have an adverse effect on the organization ' s ability to continue business. How would the chief audit executive respond?

Options:

A.

Assume responsibility for quantifying and minimizing the residual risks to the organization.

B.

Assess the level of financial risks that may affect the organization ' s stability.

C.

Inform the regulatory agency about senior management ' s action and seek guidance.

D.

Proceed with a consulting engagement to benchmark similar organizations ' business practices in the region.

Buy Now
Questions 142

Which of the following should be described in the recognition element of a typical internal audit repot?

Options:

A.

Positive aspects of the process or area under review

B.

A brief synopsis of the process of area under review

C.

Outcomes and ratings of the process or area under review

D.

Report issuance and the communication process of the engagement.

Buy Now
Questions 143

After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?

Options:

A.

The process objectives.

B.

The process risks

C.

The process controls

D.

The process scope

Buy Now
Questions 144

A customer has supplied personal information to a bank to facilitate opening an account. The bank is part of a larger group of companies with core businesses including general insurance, life insurance, and investment products. Considering that the customer has closed his only account with the bank and the statutory data retention period has elapsed, which of the following actions by the bank is most likely to align with appropriate data privacy principles?

Options:

A.

The bank destroys all records containing a customer ' s personal information without informing the customer.

B.

Based on an assessment of likely products of interest to the customer, the bank shares the customer’s personal information with other companies within the group and informs the customer.

C.

The bank retains customer information to facilitate easier verification of personal information in the event that the customer returns to reopen his account. The customer is not informed.

D.

The customer ' s personal information is used for market research by an external company and the customer is informed prior to publishing the results of the market research.

Buy Now
Questions 145

When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?

Options:

A.

Intern accounting management via an interim memorandum update

B.

Note the item in the workpapers for inclusion in the final audit report

C.

Call a meeting and discuss me issue with the audit committee

D.

Alert the CEO as soon as the issue is discovered

Buy Now
Questions 146

A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

Options:

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals.

C.

Suboptimal decision-making.

D.

Duplication of business activities.

Buy Now
Questions 147

An internal auditor is assessing the organization ' s risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 148

When using cost-volume-profit analysis, which of the following will increase operating income once the break-even point has been reached?

Options:

A.

Fixed costs per unit for each additional unit sold.

B.

Variable costs per unit for each additional unit sold.

C.

Contribution margin per unit for each additional unit sold.

D.

Gross margin per unit for each additional unit sold

Buy Now
Questions 149

According to IIA guidance, which of the following is true regarding typical fraud schemes?

1.A diversion occurs when an employee has an undisclosed personal economic interest in a transaction that adversely affects the organization

2.Tax evasion is intentional reporting of false or misleading information on a tax return by an organization to reduce taxes owed.

3.Skimming involves stealing cash or assets from the organization and is normally concealed by adjusting the organization’s records

4Disbursement fraud occurs when a person causes the organization to issue a payment for fictitious goods or services

Options:

A.

1 and 3.

B.

1 and 4

C.

2 and 3.

D.

2 and 4

Buy Now
Questions 150

During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as the are earning a significantly higher salary. The auditor noted the names and amounts of each; and he planned to prepare a request to the chief audit executive for a salary Increase based on this Information. Which of the following IIA Code of Ethics principles was violated in this scenario?

Options:

A.

Competency.

B.

Objectivity.

C.

integrity

D.

Confidentiality

Buy Now
Questions 151

An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?

Options:

A.

Inform the audit supervisor.

B.

Investigate the potential conflict of interest.

C.

Inform the external auditors of the potential conflict of interest.

D.

Disregard the potential conflict, because it is outside the scope of the audit assignment.

Buy Now
Questions 152

An organization has a mature control environment but limited internal audit resources Given this scenario, on which of the following should the internal auditors focus their testing?

Options:

A.

Detective compensating controls

B.

Preventive compensating controls

C.

Detective Key controls

D.

Preventive key controls

Buy Now
Questions 153

Internal control questionnaires are used to achieve which of the following objectives?

Options:

A.

To ascertain the operating effectiveness of a procedure

B.

To verify the accuracy of Information in a report

C.

To assess the controls mitigating major risks

D.

To determine whether specified contra procedures are in place

Buy Now
Questions 154

As part of the preliminary survey, an internal auditor sent an internal control questionnaire to the accounts payable function Based on the questionnaire responses, the auditor determines that there is no established procedure for adding and approving new vendors. What would the auditor do next?

Options:

A.

Determine that this situation is acceptable and focus on more significant issues

B.

Document the issue m the draft audit report

C.

Document the observation for further follow up when testing the operating effectiveness of controls

D.

Interview the personnel associated with this observation.

Buy Now
Questions 155

Which of the following statements is true regarding internal controls?

Options:

A.

For assurance engagements internal auditors should plan to assess the effectiveness of all entity-level controls

B.

Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.

C.

During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review to prevent tipping off probable audit lasts

D.

Reviewing process maps and flowcharts is an appropriate method for the internal a auditor to identify all key risks and controls during engagement planning

Buy Now
Questions 156

A company makes a product at a cost of $26 per unit, of which $10 is fixed cost. The product is usually sold for $30 per unit; however, the company has been approached by a new customer who would like to purchase 3,500 units for $18 each Further, the company would Incur additional cost to deliver the units to this customer If the company has the excess manufacturing capacity and all other factors are constant, what is the additional cost that the company would Incur in order to make a profit of $1.50 per unit for this order?

Options:

A.

$0.50

B.

$1.50

C.

$2 50

D.

$3.50

Buy Now
Questions 157

Upon completing a follow-up audit engagement, the chief audit executive (CAE) noted that management has not implemented any mitigation measures to address the high

risks that were reported in the initial audit report. What initial step must the CAE take to address this situation?

Options:

A.

Communicate the issue to senior management.

B.

Discuss the issue with members of management responsible for the risk area.

C.

Report the situation to the external auditors.

D.

Escalate the issue to the board.

Buy Now
Questions 158

According to IIA guidance, which of the following statements is true regarding engagement planning?

Options:

A.

For both assurance and consulting engagements, planning typically occurs after the engagement objectives and scope have already been determined.

B.

The expectations and objectives of an assurance engagement are usually determined by, or in conjunction with, the engagement client.

C.

Internal auditors may not need to complete a preliminary risk assessment for a consulting engagement as they would when planning an assurance engagement.

D.

For both consulting and assurance engagements, internal auditors usually form the engagement objectives prior to completing the preliminary risk assessment.

Buy Now
Questions 159

Which of the following would offer the strongest evidence to support the internal auditor ' s conclusion that a product is in stock, as stated in the accounting records?

Options:

A.

The auditor performs an observation.

B.

The vendor provides third-party confirmation.

C.

The auditor documents interviews with multiple warehouse personnel.

D.

Warehouse management submits photographs of the product on the inventory shelf.

Buy Now
Questions 160

An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the

bank heading, logo, or address. Which of the following statements is true regarding this situation?

Options:

A.

The evidence may not be reliable.

B.

The evidence is not relevant.

C.

The evidence may not be sufficient.

D.

The information missing is not relevant to the audit.

Buy Now
Questions 161

In the years after the mid-service point of a depreciable asset, which of the following depreciation methods will result in the highest depreciation expense?

Options:

A.

Sum of the years’ digits.

B.

Declining balance.

C.

Double-declining balance.

D.

Straight line.

Buy Now
Questions 162

The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?

Options:

A.

The CAE is required to review, approve, and sign every engagement report.

B.

The CAE is required to review, approve, and sign all regulatory compliance engagement reports only

C.

The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.

D.

The internal audit charter must identify authorized signers of engagement reports.

Buy Now
Questions 163

Which of the following performance measures is considered a lagging indicator to the largest degree?

Options:

A.

Return on investment

B.

Customer retention

C.

Employee satisfaction

D.

Cost of research and development

Buy Now
Questions 164

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

Options:

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.

The self-assessment results were validated by a qualified external review team three years prior.

D.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Buy Now
Questions 165

An auditor reviews tender results for the procurement of construction equipment. Based on her significant experience the auditor believes that the obtained bid prices are too high. Which of the following is required to develop a relevant conclusion?

Options:

A.

Description of the procurement policy

B.

Summary of the tendering process

C.

Substantiated and comparative evidence

D.

Impact analysis of unfavorable prices

Buy Now
Questions 166

An internal auditor examined a nostatistical sample of open accounts receivable balances and discovered that 10 out of 60 exceeded the approved unseated credit limit threshold defined by the organization ' s policy What should the auditor document in the workpapers?

Options:

A.

Credit limit over drafts are not monitored in accordance with the organizations policy

B.

Seventeen percent of customers ' open balances in the sample exceed their approved unsecured credit rent

C.

The threshold for credit limits defined by the organization ' s policy is not adequate

D.

Management should perform monthly monitoring of open customer balances

Buy Now
Questions 167

While reviewing warehouse inventory records, an internal auditor noticed that the warehouse has a surprisingly high number of products in storage. Over the past three years, the auditor had visited this particular warehouse numerous times for previous engagements and remembered that the warehouse was rather small. The auditor then decided to compare the square footage of the warehouse to the recorded number of products in storage. The auditor’s action is an example of which of the following?

Options:

A.

Performing a reasonableness test.

B.

Conducting a fraud investigation.

C.

Conducting trend analysis.

D.

Operating with impaired objectivity.

Buy Now
Questions 168

After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the

organization. What is the most appropriate first step for the CAE to take?

Options:

A.

Discuss the issue with senior management.

B.

Discuss the issue only with the CEO.

C.

Inform the board.

D.

Discuss the issue with the members of management responsible for the risk area.

Buy Now
Questions 169

According to IIA guidance, which of the following provides additional insight into errors, problems, missed opportunities, or noncompliance to improve the effectiveness and efficiency of an organization ' s control process?

Options:

A.

Reperformance.

B.

Vouching.

C.

Independent confirmation.

D.

Root cause analysis.

Buy Now
Questions 170

Which of The following best describes a risk that is deemed " unacceptable " to the organization?

Options:

A.

A risk where likelihood and impact are high

B.

A risk where inherent risk exceeds its residual risk

C.

A risk where inherent risk exceeds the tolerance level

D.

A risk where residual risk exceeds the tolerance level

Buy Now
Questions 171

Which of the following is most likely to impair the organizational independence of the internal audit activity?

Options:

A.

The chief audit executive (CAE) reports administratively to the chief financial officer

B.

The CAE oversees the effectiveness of the organization’s risk management function.

C.

The CAE reports functionally to the CEO.

D.

The CAE managed the finance department for the past five years.

Buy Now
Questions 172

An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?

Options:

A.

The policies and procedures of the internal audit activity.

B.

The provisions of the internal audit charter.

C.

The authority of the CEO.

D.

The IIA ' s Code of Ethics.

Buy Now
Questions 173

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Buy Now
Questions 174

According to the theory of constraints, which of the following is most influenced by various bottlenecks the organization encounters?

Options:

A.

Manufacturing.

B.

Profitability.

C.

Overheads.

D.

Quality.

Buy Now
Questions 175

Which of the following would be most useful for an internal auditor to obtain during the preliminary survey of an engagement on internal controls over user access management?

Options:

A.

The policy for granting, modifying, and deleting user access to ensure processing requirements are clearly articulated.

B.

A sample of change request forms to verify whether the forms bear the required approval for the user access change.

C.

User access reports that were reviewed by management to ensure that access rights are appropriate for employee roles.

D.

A current listing of system users and an employee listing to determine whether system users are active employees of the organization.

Buy Now
Questions 176

A chief audit executive (CAE) determined that management chose to accept a high-level risk that may be unacceptable lo the organization. Which is the best course of action for the CAE to Follow?

Options:

A.

Include using in a subsequent audit to determine if the risks are still present

B.

Discuss the matter with senior management and it not reserved with the board

C.

Require that management implement controls to mitigate lie risks

D.

Report the risks to the process owners so that they can modify their process

Buy Now
Questions 177

A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components ' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?

Options:

A.

A risk assessment

B.

An operational audit

C.

A third-party audit

D.

A fraud investigation

Buy Now
Questions 178

An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?

Options:

A.

Names and work titles of employees

B.

Description of responsibilities of business units.

C.

Average fuel consumption data of vehicles

D.

Location and route data of vehicles

Buy Now
Questions 179

During a review of data privacy an internal auditor is tasked with testing management ' s identification and prioritization of critical data collected by the organization. Which of the following steps would accomplish this objective?

Options:

A.

interview management to determine what types of data are collected and maintained

B.

Trace data from storage to the collection sources to determine how critical data is collected and organized

C.

Review a sample of data to determine whether the risk classification is reasonable

D.

Document and test a data inventory and classification program by determining the data classification levels and framework

Buy Now
Questions 180

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

Options:

A.

Senior management is charged with overseeing the establishment risk management and control processes.

B.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.

Operating managers are responsible for assessing risks and controls in their departments.

D.

Internal auditors provide assurance about risk management and control process effectiveness.

Buy Now
Questions 181

During an organization’s management meetings, employees who report bad news and significant risks are treated as if they were to blame for those circumstances. As a result, employees tend to postpone delivering bad news to management for as long as possible. Which of the following should be addressed to improve this culture?

Options:

A.

Tone at the top

B.

Risk accountability

C.

Risk leadership

D.

Code of ethics

Buy Now
Questions 182

Which of the following sampling techniques is typically used when an internal auditor wants to test a large sample for fraud?

Options:

A.

Stratified sampling

B.

Haphazard sampling

C.

Discovery sampling

D.

Probability-proportional-to-size sampling

Buy Now
Questions 183

The chief audit executive can illustrate the value of the internal audit activity by reporting which of the following to the board?

Options:

A.

The overall performance resulting from the internal audit balanced scorecard

B.

The number of outstanding and overdue management actions

C.

The experience of the organization ' s internal auditors

D.

The number of audits in the annual audit plan relative to similar organizations

Buy Now
Questions 184

According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?

Options:

A.

Sufficiency.

B.

Appropriateness.

C.

Effective deployment.

D.

Cost effectiveness.

Buy Now
Questions 185

Which of the following statements is true regarding engagement planning?

Options:

A.

The engagement objectives are the boundaries for the engagement, which outline what will be included in the review

B.

The risk-based objectives of the engagement can be determined once the scope of the engagement has been formed

C.

For a consulting engagement, planning typically occurs after the engagement objectives and scope have already been determined

D.

For an assurance engagement, once the scope is established and testing has begun, the scope cannot be modified.

Buy Now
Questions 186

Which of the following statements is true regarding the audit objective for an assurance engagement?

Options:

A.

Operational management must determine the audit objective in cooperation with the internal auditor

B.

The audit objective may be adjusted after the start of an engagement and it does not need to align with the assessed risks

C.

The audit objective must consider the possibility of fraud and noncompliance

D.

The audit objective may or may not consider the possibility of fraud depending on the assessed likelihood and impact

Buy Now
Questions 187

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

Options:

A.

Report the monitoring status to senior management when requested.

B.

Assist management with implementing corrective actions.

C.

Determine the frequency and approach to monitoring.

D.

Include all types of observations in the monitoring process.

Buy Now
Questions 188

An engagement work program o of greatest value to audit management when which of the following is true?

Options:

A.

The work program provides more detailed support for the audit report

B.

The work program helps determined the required amount of audit resources

C.

The work program helps ensure tie achievement of the engagement objectives

D.

The work program assists the auditor n developing and managing audit tests

Buy Now
Questions 189

When auditing an organization ' s purchasing function, which of the following appropriately matches an engagement objective and the resulting audit procedure?

Options:

A.

Determine whether the purchasing department complies with policy by examining a random selection of purchase orders.

B.

Evaluate whether purchasing requests are properly approved by authorized staff by obtaining independent verification from the vendors.

C.

Ascertain whether material receipts are recorded on a timely basis by reviewing physical inventory stock counts.

D.

Determine whether prices charged for goods received are correct by reviewing the appropriate accounts payable record by vendor.

Buy Now
Questions 190

Which of the following statements is true regarding managements use of judgement to design, implement, and conduct internal control?

Options:

A.

The use of judgment enhances managements ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.

introducing judgment generally diminishes managements ability to make good decisions about internal control

C.

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

Buy Now
Questions 191

While conducting an audit of a third party ' s Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?

1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.

2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.

3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.

4. Submit management ' s plan of action to the external auditors for additional review.

Options:

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Buy Now
Questions 192

An organization ' s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

Options:

A.

Manage and coordinate risk management processes.

B.

Audit risk management processes.

C.

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.

Accept management ' s responsibility for risk management without board approval.

Buy Now
Questions 193

Which of the following describes the primary objective of an internal audit engagement supervisor?

Options:

A.

Uphold the quality of the internal audit actively

B.

Provide engagement progress updates to management of the area under review

C.

Assure risks and controls are identified and assessed

D.

Ensure timely completion of the engagement

Buy Now
Questions 194

According to IIA guidance, which of the following is a limitation of a heat map?

Options:

A.

Impact cannot be represented on a heat map unless it is quantified in financial terms

B.

Impact and likelihood at times cannot be differentiated as to which is more important.

C.

A heat map cannot be used unless a risk and control matrix has been developed.

D.

Qualitative factors cannot be incorporated into a heat map

Buy Now
Questions 195

According to Maslow ' s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement^

Options:

A.

Esteem by colleagues.

B.

Self-fulfillment.

C.

Sense of belonging in the organization

D.

Job security.

Buy Now
Questions 196

The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?

Options:

A.

The scope of the engagement, the estimated time frame, and the names of the auditors.

B.

The estimated time frame, the names of the auditors, and the resources and travel budget.

C.

The names of the auditors, the resources and travel budget, and the scope of the engagement.

D.

The resources and travel budget, the scope of the engagement, and the estimated time frame.

Buy Now
Questions 197

Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?

Options:

A.

Stratification of numeric values

B.

Gap testing

C.

Joining different data sources

D.

Duplicate testing

Buy Now
Questions 198

An internal auditor wants to assess whether the organization ' s governing body was involved in strategic decisions for the use of social media. What could provide the most relevant evidence?

Options:

A.

The board ' s meeting minutes

B.

The executive committee’s social media budget report

C.

The organization’s marketing plan

D.

The organization’s procedures manual for daily social media management

Buy Now
Questions 199

Which of the following structures would best suit a maintenance organization that needs to adapt quickly to rapidly changing technology?

Options:

A.

Traditional

B.

Decentralized

C.

Centralized

D.

Customer-centric

Buy Now
Questions 200

Flowcharts are useful during audit planning because they contain information that may help internal auditors with which of the following?

Options:

A.

Understanding management ' s risk tolerance.

B.

Understanding business processes.

C.

Determining the size of the audit team needed to perform the review.

D.

Understanding organizational objectives.

Buy Now
Questions 201

Which of the following is most likely to be judged as a significant residual risk that would exceed the organization ' s acceptable risk level?

Options:

A.

Any risk involving organizational expansion into a new geographical area with an unstable political environment.

B.

Any risk involving investments into bitcoin and suspicious derivatives

C.

Any risk that can cause material or financial loss

D.

Any risk that could cause injuries or pollute the environment

Buy Now
Questions 202

Which informal ion- gathering method would be most efficient for an internal auditor to determine whether specified control procedures are in place?

Options:

A.

Interviews

B.

Observations

C.

Reperformance

D.

Internal control questionnaires

Buy Now
Questions 203

An internal auditor is conducting an assurance engagement in the procurement area. The auditor follows a checklist of tasks prepared for the engagement. During the process, the auditor notices some deviations from the procurement procedure requirements. However, these deviations are not directly linked to and do not prevent the auditor from completing the checklist tasks. So, the auditor does not investigate these deviations further. Which checklist drawback most likely applies to this situation?

Options:

A.

Over-reliance and a false sense of security

B.

Limited flexibility

C.

Inability to keep the checklist up to date

D.

Standardization and a systematic approach

Buy Now
Questions 204

An internal auditor is starting the fieldwork of an assurance engagement. The auditor will conduct a walkthrough of selected controls with control owners. What should be the primary objective of this walkthrough?

Options:

A.

Collect the policies and procedures relevant to the audited area

B.

Understand the financial results published for the period under review

C.

Assess the design of the internal controls in place

D.

Define the objectives of the assurance engagement

Buy Now
Questions 205

A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with management ' s decision, which of the following is the most appropriate next step for the CAE to take?

Options:

A.

The CAE must discuss the matter with senior management

B.

The CAE must discuss the matter with key shareholders

C.

The CAE must discuss the matter with legal counsel

D.

The CAE must discuss the matter with the board

Buy Now
Questions 206

The internal audit activity has requested that new vendor information be summarized once per week in a single report, and that all invoices each week for these vendors be automatically flagged in the invoice processing system. Which of the following computerized audit techniques is the internal audit activity most likely applying?

Options:

A.

Enabling continuous auditing.

B.

Employing generalized audit software.

C.

Facilitating electronic workpapers.

D.

Using machine learning.

Buy Now
Questions 207

An internal auditor s examination of accounts receivable generates the following results:

What is the projected misstatement for the population if ratio estimation is used?

Options:

A.

$84,000

B.

$238,095

C.

$700,000

D.

$2100.000

Buy Now
Questions 208

In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?

Options:

A.

The auditor wants to receive mid-level management insight on how to improve hiring practices.

B.

The auditor wants to obtain information on whether adherence to approval matrices is actually taking place in different maintenance units.

C.

The auditor wants to gain assurance that inventory counts are conducted in accordance with established procedures.

D.

The auditor wants to assess whether different subsidiaries apply centrally established procurement rules in the same manner.

Buy Now
Questions 209

Organizations that adopt just-in-time purchasing systems often experience which of the following?

Options:

A.

A slight increase in carrying costs.

B.

A greater need for inspection of goods as the goods arrive

C.

A greater need for linkage with a vendors computerized order entry system.

D.

An Increase in the number of suitable suppliers

Buy Now
Questions 210

An organization ' s healthcare insurance costs have been rising approximately 10 percent per year for several years. Which of the following analytical review procedures would best evaluate the reasonableness of the increase in healthcare costs?

Options:

A.

Develop a comparison of the costs incurred with similar costs incurred by other organizations.

B.

Obtain the government index of healthcare costs for the comparable period of time and compare the rate of increase with that of the cost per employee incurred by the organization.

C.

Obtain a bid from another healthcare administrator to provide the same administrative services as the current healthcare administrator.

D.

Review all claims and compare with appropriate procedures to ensure that overpayments have not occurred.

Buy Now
Questions 211

Which of the following would most likely prompt special notification from the chief audit executive to same management?

Options:

A.

Operational management has decried to weigh an audit issue against the organization ' s risk tolerance

B.

A controls inaccurate operation has materially impacted the accuracy of the poor year ' s financial statements

C.

Occurrences of asset misappropriation have been identified as a result of an ineffective operational control design

D.

The controls that management performed to confirm compliance with health and safety standards were not systematically documented

Buy Now
Questions 212

Which of the following recommendation types is most likely to propose the most long-term solutions?

Options:

A.

Condition-based recommendations

B.

Cause-based recommendations

C.

Effect-based recommendations

D.

Root cause-based recommendations

Buy Now
Questions 213

A chief audit executive (CAE) identifies that the internal audit activity lacks a necessary skill to perform a management request for a consulting engagement. According to IIA guidance, which of the following Is the most appropriate action the CAE should take regarding the request?

Options:

A.

Assign the engagement to a more senior internal auditor.

B.

Decline the engagement request.

C.

Allow the internal auditors to acquire the needed skills while performing the engagement.

D.

Supervise the assigned internal auditors throughout the engagement.

Buy Now
Questions 214

Which of the following statements about including consulting engagements in the annual internal audit plan is true?

Options:

A.

All requests for consulting engagements must be included in the annual internal audit plan

B.

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

Buy Now
Questions 215

A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?

Options:

A.

On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.

B.

On a sunny day, total sales are less than expected when compared to the cost of ingredients used.

C.

Both total sales and cost of ingredients used are greater than expected.

D.

Both total sales and cost of ingredients used are less than expected.

Buy Now
Questions 216

Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?

Options:

A.

The person responsible for performing the task

B.

Two or more people that work in the area

C.

The supervisor in charge of the process

D.

The manager that wrote the steps to be followed

Buy Now
Questions 217

An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?

Options:

A.

Analytical procedures.

B.

Detail testing.

C.

Test of design.

D.

Test of control.

Buy Now
Questions 218

During a review of the organization ' s waste management processes, the internal auditor discovered that wastewater is being disposed of inappropriately. The auditor ' s recommendations, suggested to mitigate the risk of regulatory sanctions and reputational damages, were accepted and timelines for implementation were agreed. However, during the internal audit activity ' s periodic follow-up exercise, management indicated that the recommendation was too expensive to implement and the current disposal method has been cost-effective. What should the chief audit executive do in this case?

Options:

A.

Nothing, as the internal audit activity has fulfilled its responsibility of providing recommendations to mitigate the risks to which the organization is exposed.

B.

Contact the regulatory agency responsible for monitoring such matters in order to convince management to implement the recommendations.

C.

Convene a meeting with senior management and discuss the issue and the potential impact it may have on the organization.

D.

Highlight the current exposure to the external auditors so they too can highlight the issue and further pressure management to address the concern.

Buy Now
Questions 219

An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?

Options:

A.

Utility software

B.

Integrated test facility

C.

Parallel simulation

D.

Generalized audit software

Buy Now
Questions 220

Which of the following statements concerning workpapers is the most accurate?

Options:

A.

The organization and the format of workpapers is the same for all engagements

B.

The extent of what is included in workpapers is a matter of professional judgment

C.

Workpapers should be complete so that every conceivable question that can be raised should be answered

D.

Copies of operational managements records should not be included, but referenced so that they can be located

Buy Now
Questions 221

Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?

1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.

2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.

3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.

4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Buy Now
Questions 222

An internal auditor used a risk and control matrix to prepare a work program for testing a software release. During the engagement planning stage, he tested the design of

the release procedure as a key control and concluded that the control was not designed well. During the performance stage, he tested the operation of this control and

concluded that it was implemented as designed. Which of the following statements is true regarding this scenario?

Options:

A.

The test of the control design should have occurred at the performance stage.

B.

The test of the operating effectiveness of the control was not necessary.

C.

A risk and control matrix is not appropriate for this type of engagement.

D.

The test of the operating effectiveness of the control should have occurred at the planning stage.

Buy Now
Questions 223

Which of the following would be most likely found in an internal audit procedures manual?

Options:

A.

A summary of the strategic plan of the area under review.

B.

Appropriate response options for when findings are disputed by management.

C.

An explanation of the resources needed for each engagement.

D.

The extent of the auditor ' s authority to collect data from management.

Buy Now
Questions 224

Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?

Options:

A.

Criteria

B.

Condition

C.

Cause

D.

Effect

Buy Now
Exam Code: IIA-CIA-Part2
Exam Name: Internal Audit Engagement
Last Update: Jul 3, 2026
Questions: 747
IIA-CIA-Part2 pdf

IIA-CIA-Part2 PDF

$25.5  $84.99
IIA-CIA-Part2 Engine

IIA-CIA-Part2 Testing Engine

$30  $99.99
IIA-CIA-Part2 PDF + Engine

IIA-CIA-Part2 PDF + Testing Engine

$40.5  $134.99