IIA IIA-ACCA Dumps

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure quality performance.

The actions of external auditors and other external assurance providers is not encompassed by internal audit's follow-up process.

Internal auditors have responsibility for determining if management and the board have implemented the recommended action or otherwise accepted the risk.

The follow-up process must be complete and documented in the working papers in order to conclude the engagement.

The CAE is required to review, approve, and sign every engagement report.

The CAE is required to review, approve, and sign all regulatory compliance engagement reports only

The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.

The internal audit charter must identify authorized signers of engagement reports.

Degree of effort and cost needed to correct the reported condition.

Complexity of the corrective action.

Impact that may result should the corrective action fail.

Amount of resources required to conduct the follow-up activities.

Manage and coordinate risk management processes.

Audit risk management processes.

Become involved in risk oversight committees, monitoring activities, and status reporting.

Accept management's responsibility for risk management without board approval.

Cost.

Independence.

Familiarity.

Flexibility.

The organization's audit universe is extensive and diverse.

There has been an increase in unanticipated requests for advisory work.

Previous work provided by the external service provider has been of great quality and value.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

The audit supervisor should include the new contracts in the finding for the final audit report.

The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.

The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.

The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.

The observation was made during the same audit, and the action plan has a common owner.

The observation relates to the same control activity within a common process.

The observation has a common control, and it was noted in a prior audit.

The observation has a common process, and the action plan for the observation has a common owner.

Advance notice may result in management making corrections to reduce the number of potential deficiencies.

Previous management action plans addressing prior internal audit recommendations remain incomplete.

The engagement includes audit assurance procedures such as sensitive or restricted asset verifications.

The audit engagement has already been communicated and approved through the annual audit plan.

It minimizes the amount of time spent and cost incurred to gather the necessary information.

Responses can be confidential, thus encouraging participants to be candid expressing their concerns.

Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.

Workshop participants have an opportunity to learn while contributing ideas toward the objectives.

Scheme.

Opportunity.

Rationalization.

Pressure.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

Compare employee addresses to vendor addresses to identify potential employee fraud.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

1 and 3

1 and 4

2 and 3

2 and 4

Opportunity.

Rationalization.

Pressure.

Incentives.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Assert whether the described and reported control processes and systems exist.

Assess whether senior management adequately supports and promotes the internal control culture described in the report.

Evaluate the completeness of the report and management's responses to identified deficiencies.

Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.

To evaluate controls regarding the computer security of an oil refinery.

To examine the processes involved in exploring, developing, and operating a gold mine.

To assess the likelihood and impact of events associated with operating a finished goods warehouse.

To link a financial institution's business objectives to a work unit responsible for the associated risk.

Recommend additional segregation-of-duty reviews.

Recommend appropriate awareness training for all finance department staff.

Recommend rotating finance staff in this area.

Recommend that management address these concerns immediately.

To gain access to a wider variety of skills, competencies and best practices.

To complement existing expertise with a required skill and competency for a particular audit engagement.

To focus on and strengthen core audit competencies.

To provide the organization with appropriate contingency planning for the internal audit function.

Sufficiency.

Appropriateness.

Effective deployment.

Cost effectiveness.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

1 and 2

1 and 4

2 and 3

3 and 4

Observe corrective measures.

Seek a management assurance declaration.

Follow up during the next scheduled audit.

Conduct appropriate testing to verify management responses.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

All completed training costs, and the cost of actual production hours completed to date.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

All completed training costs, and 50% of the contracted production costs.

1 and 2

1 and 3

2 and 4

3 and 4

The CAE can release prior internal audit reports with the approval of the board and senior management.

The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

The CAE can release prior information provided it is as originally published and distributed within the organization.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

CSA allows management to have input into the audit plan.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

CSA can improve the control environment.

CSA increases control consciousness.

Report follow-up activities to senior management.

Implement follow-up procedures to evaluate residual risk.

Determine the costs of implementing the recommendations.

Evaluate the extent of improvements.

Attending annual professional conferences and seminars.

Participating in on-the-job training in various departments of the organization.

Pursuing as many professional certifications as possible.

Maintaining membership in The HA and similar professional organizations and subscribing to relevant email updates or news feeds.

An operations audit of the accounts payable department.

A consulting engagement related to a new accounts payable optimization initiative.

A review of the employees' sports club finances, which are overseen by the chief audit executive.

An assurance review for a sales program on which she previously provided consultation.

Internal auditors should take a leading role in investigating all fraud-related cases.

Internal auditors must have sufficient knowledge to evaluate the risk of fraud.

Internal auditors should report all fraud cases to law enforcement agents, in accordance with the Code of Ethics.

Internal auditors are responsible for ensuring that fraud does not occur.

Postpone the audit until the CAE hires internal audit staff with the required knowledge.

Ask the audit committee to decide the course of action.

Select the most experienced auditors in the department to perform the engagement.

Hire consultants who possess the required knowledge to perform the engagement.

4 only.

1 and 2 only.

3 and 4.

1,2, and 3.

The services must be aligned with those defined in the internal audit charter.

The services must not be performed by the same internal auditor who performed assurance services, in order to maintain objectivity.

The services may preclude assurance services from the consulting engagement.

The services impose no responsibility to communicate information other than to the engagement client.

It replaces primary controls that are either ineffective or cannot fully mitigate a risk.

It partially reduces the residual risk level when a key control does not operate effectively.

lt combines with other controls to help reduce significant risk exposures to an acceptable level.

It helps to ensure the completeness and accuracy of automated controls in a system environment.

Objective setting.

Control activities.

Information and communication.

Event identification.

An auditor conveys public information about an organization's financial condition.

An auditor reports a manager's illegal activity to senior management, rather than reporting the incident to the appropriate external authority.

An auditor receives allegations of fraud from a whistleblower and immediately reports the allegations to senior management.

An auditor reports material deficiencies, despite the fact that management is already aware of the defects.

If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.

Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is C. required to conduct privacy assessments.

The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.

The internal audit activity should have appropriate knowledge and competence to conduct an asses .......framework.

1 and 2 only

1, 2, and 3 only

1, 2, and 4 only

2, 3, and 4 only

Interviews with individuals affected by the entity.

Functional walk through test.

Analytical reviews.

Sampling scope.

1 and 3.

1 and 4.

2 and 3.

2 and 4.

1,2, and 3.

1.2, and 4.

1.3, and 4.

2, 3, and 4.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees.

Review the investigation and implement any improvements to the process.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

Determine why The fraud was not detected earlier and design controls to strengthen early detection.

Management will be able to reduce inherent risk because they will have a better understanding of risk.

Internal auditors will be able to reduce their sample sizes because controls will be more consistent.

Stakeholders will have more assurance that the risks are assessed consistently.

Decision makers will understand that the likelihood of missing or ineffective controls will be reduced.

Maintaining industry-specific knowledge appropriate to the organization.

Assessing how IT contributes to organization objectives, risks, and relevance to audit.

Maintaining technical aspects of accounting standards and reporting processes.

Understanding regulatory and legal framework and assessing its relevance.

Internal auditors shall continually improve their proficiency and effectiveness and quality of their services.

Internal auditors shall respect and contribute to legitimate and ethical objectives of the organization.

Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.

Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.

Adequate signs are in place to assist in locating safety equipment.

Servers are secured individually to their racks by locks.

Foam fire extinguishers are operable to protect against electrical fires.

Swipe card access is required to gain access to the server room.

1 and 4

2 and 3 only

1, 2, and 3

2, 3, and 4

An internal auditor should express an opinion only when consensus with top management has been achieved.

An internal auditor's opinion should be based on experience and free of all bias.

An internal auditor's opinion should be based on factual evidence.

An internal auditor's opinion should be limited to the effectiveness of internal controls.

The external auditor may make full use of the work, as the audit charter is very specific as to the work the internal audit activity may undertake.

The external auditor may use the work, as the board has approved the charter, thus taking responsibility for any deficiencies.

The external auditor must disregard the work, as the scope of the charter may introduce bias and result in a lack of due professional care.

The external auditor may use the work with caution, due to the internal audit activity's scope and responsibility restrictions.

Organizational independence.

Professional objectivity.

Due professional care.

Individual proficiency.

Preventive controls.

Detective controls.

Soft controls.

Directive controls.

Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).

Approve the annual budget and resource plan for the internal audit activity.

Assist the CAE with hiring objective and competent internal audit staff.

Encourage the CAE to communicate and coordinate with the external auditor.

Their understanding of auditing standards.

Previous experience working with the internal audit activity.

Their reporting line within the organization.

The nature of their regular duties and responsibilities.

The bottom of the pyramid responsibility.

Innovative responsibility.

Ethical responsibility.

Discretionary responsibility.

Condition section.

Criteria section.

Effect section.

Cause section.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

During facilitated workshops, people more openly say things to internal auditors than during private interviews.

Internal auditors do not need other sources of information, as the data gathered during facilitated workshops is sufficient.

Facilitated workshops create a synergy of discussion that can bring multiple perspectives to the same issue.

The testimonial evidence obtained during facilitated workshops is generally considered more reliable.

Avoidance.

Reduction.

Elimination.

Sharing.

Offer a standard product that is targeted in the recognized market.

Invest in commodity or commodity-like product businesses.

Enter into a slow-growing market.

Use an established distribution relationship.

Conduct periodic reviews of the privacy policy to ensure that the existing policy meets current legislation requirements in both regions.

Include a "right to audit" clause in the contract and impose detailed security obligations on the outsourced vendor

Implement mandatory privacy training for management to help with identifying privacy risks when outsourcing services

Develop an incident monitoring and response plan to track breaches from internal and external sources

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

1 and 3 only

1 and 4 only

2 and 3 only

2 and 4 only

Production information maintained in relational tables.

Tweets and posts of users on social media.

Photos and videos stored in hard drive catalogs.

Sales reports documented in word processing software.

1 and 3.

1 and 4.

2 and 3.

2 and 4.

System software that acts as an interface between a user and a computer.

A standardized set of guidelines that facilitates communication between computers on different networks.

System software that translates hypertext markup language to allow users to view a remote webpage.

A network of servers used to control a variety of mission-critical operations.

To assess whether an annual control review is necessary.

To determine conformance with requirements and agreements.

To evaluate executive management oversight.

To promote environmental awareness.

Penetration test.

Social engineering test.

Vulnerability test.

Physical control test.

Lack of awareness of the state of processing.

Increased cost and complexity of network traffic.

Interference of the mirrored data with the original source data.

Confusion about where customer data are stored.

Formulas and static data are locked or protected.

The spreadsheet is stored on a network server that is backed up daily.

The purpose and use of the spreadsheet are documented.

Check-in and check-out software is used to control versions.

Both copies are legal.

Only copy 1 is legal.

Only copy 2 is legal.

Neither copy is legal.

Decrease by about 17 percent.

Decrease by about 7 percent.

Increase by about 7 percent.

Increase by about 17 percent.

Implementation and transition phase.

Monitoring and reporting phase

Decision-making and business-case phase.

Tendering and contracting phase.

There is a greater need Kr organizations to rely on users to comply with policies and procedures.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

Incident response times are less critical in the BYOD environment. compared to a traditional environment

There is greater sharing of operational risk in a BYOD environment.

Businesses must pay a tax only if they make a profit.

The consumer ultimately bears the cost of the tax through higher prices.

Consumer savings are discouraged.

The amount of value added is the difference between an organization's sales and its cost of goods sold.

Resisting both internal and external distractions.

Waiting to review key concepts until the speaker has finished talking.

Tuning out messages that do not seem to fit the meeting purpose.

Factoring in biases in order to evaluate the information being given.

Fixed cost.

Variable cost.

Total maintenance cost.

Patient days.

Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network.

Workstation contains software that controls information flow between the organization's network and the Internet.

Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network.

Workstation contains software that manages user's access and processing of stored data on the organization's network.

Star network.

Bus network.

Token ring network.

Mesh network.

1 and 3 only

2 and 4 only

1, 2, and 4 only

1, 2, 3, and 4

Lower annual unit sales.

Higher fixed inventory ordering costs.

Higher annual carrying costs as a percentage of inventory value.

A higher purchase price per unit of inventory.

1 and 3 only

2 and 4 only

1, 2, and 3 only

1, 2, and 4 only

1 and 3 only

1 and 4 only

2 and 3 only

2 and 4 only

Internally encrypted passwords

System access privileges.

Logon passwords

Protocol controls.

Specific guidance must be followed when interacting with nongovernmental organizations.

Disclosure laws tend to be consistent from one jurisdiction to another.

There are several internationally recognized standards for dealing with financial donors.

Legal representation should be consulted before releasing internal audit information to other assurance providers.

Encourage compliance with policies and procedures.

Safeguard the resources of the organization.

Ensure the accuracy, reliability, and timeliness of information.

Provide reasonable assurance on the achievement of objectives.

Anti-malware software.

Authentication.

Spyware.

Rooting.

Access system security.

Policy development.

Change management.

Operations processes.