At the conclusion of a quality assurance review, the chief audit executive (CAE) was informed that several audits included incomplete workpapers, and some workpapers were not completed within the established timeframe. How should the CAE address the issue of incomplete workpapers?
Which of the following audit steps would an internal auditor most likely be questioned on?
According to IIA guidance, which of the following statements is true regarding engagement planning?
According to IIA guidance, which of the following statements about analytical procedures is true?
When auditing an organization ' s cash-handling activates which of the following is the most reliable form of testimonial evidence an internal auditor can obtain?
An internal auditor is performing an engagement to determine whether quality control checks of electronic gaming systems are performed consistently among a technology company’s factories. Which of the following tests would support the audit engagement objectives?
An internal auditor is analyzing sates records and is concerned whether a transaction is recorded in the coned period. The accounting manager explains that the external auditor approved the records and produces an email from the external audit team leader. How should tie internal auditor respond?
Which of the following is not a direct benefit of control self-assessment (CSA)?
The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?
• The annual audit plan should include audits that are consistent with the skills of the IAA.
• Audits of high-risk areas of the organization should be conducted by internal audit staff.
• External resources may be hired to provide subject-matter expertise but should be supervised.
• Auditors should develop their skills by being assigned to complex audits for learning opportunities.
Which of the following is critical to the success of an effective interview?
Which of the following is an inherent risk of issuing an opinion on the overall effectiveness of internal control?
Which of the following statements concerning workpapers is the most accurate?
According to IIA guidance, which of the following would be considered necessary for a one-person audit function?
According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?
When forming an opinion on the adequacy of management ' s systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?
• During an audit of the hiring process in a law firm, it was discovered that potential employees ' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.
• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.
• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.
• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.
In which of the following situations would it be most appropriate for an internal audit function to issue an interim report or memo?
Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?
The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review Which of the following would be the most appropriate approach?
If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?
An internal auditor accessed accounts payable records and extracted data related to fuel purchased tor the organization ' s vehicles As a first step, she sorted the data by vehicle and used spreadsheet functions to identify all instances of refueling on the same or sequential dates She then performed other tests Based on the auditor ' s actions which of the following is most likely the objective of this engagement1?
An internal audit activity has to confirm the validity of the activities reported by a grantee that received a chantable contribution from the organization Which of the following methods would best help meet this objective?
Which of the following describes (he primary reason why a preliminary risk assessment is conducted during engagement planning?
With regard to project management, which of the following statements about project crashing is true?
When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?
Following an audit, management developed an action plan to improve controls over the handling of scrap metal. Which of the following would be the most appropriate course of action for the auditor to follow up?
Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?
While conducting a review of the logistics department the internal audit team identified a crucial control weakness. The chief audit executive (CAE) decided to prepare an audit memorandum for management of the logistics department followed by an informal meeting What is the most likely reason the CAE decided to prepare the audit memorandum?
Applying ISO 31000; which of the following is part of the external context for risk management?
While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the information systems have undergone extensive changes. Which of the following actions is most appropriate for the auditor to take?
Which of the following is the primary reason a chief audit executive should network with an organization’s executives?
Which of the following is the primary engagement responsibility of an entry-level internal auditor?
Which of the following is an example of a compliance assurance engagement?
An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?
An internal auditor is using attributes sampling to test internal controls. Under which of the following circumstances would the auditor increase the original sample size to estimate error occurrence at a given precision and confidence level?
Which of the following methods is most closely associated to year over year trends?
Which of the following best demonstrates that the internal audit activity is using due professional care?
An internal auditor reviewed the tender documents for the procurement of manufacturing equipment and observed the following:
Tender technical specifications were compliant with internal policies.
The sole assessment criterion of the tender was economic feasibility.
All bids were submitted to a designated software and could not be opened before the submission deadline.
The winner was approved by senior management.
The winner was selected based on which bidder offered the newest technology.
Which of the following is the most appropriate conclusion?
Which of the following statements best explains why an internal auditor should pay attention to retained earnings of an organization?
According to IIA guidance, which of the following statements are true regarding the internal audit plan?
1. The audit plan is based on an assessment of risks to the organization.
2. The audit plan is designed to determine the effectiveness of the organization ' s risk management process.
3. The audit plan is developed by senior management of the organization.
4. The audit plan is aligned with the organization ' s goals.
According to ISO 31000, which of the following statements is correct?
An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for
testing. Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?
A senior internal auditor is hired within the internal audit activity for a period of two years before advancing to an operations manager role within the business operations team. When staffing arrangement is being used in this scenario?
Which phase of an audit engagement is typically the most effective time for an internal auditor to develop a risk and control matrix?
Due to emerging new technologies that greatly affect the organization, the chief audit executive (CAE) wants to conduct frequent IT audit and is particularly focused on improving the quality of these engagements. Which of the following is the most viable solution for the CAE to ensure that IT audit quality is immediately enhanced and maintained long-term?
During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?
Which of the following describes the primary objective of an internal audit engagement supervisor?
The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?
The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed. How should the internal audit team proceed?
An organization ' s internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?
1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.
2. The AIC should notify HR management before the planning stage begins.
3. The AIC should schedule formal status meetings with HR management at the start of the engagement.
4. The AIC should finalize the scope of the engagement before communicating with HR management.
Which of the following factors would be the most critical in determining which engagements should be included in the annual internal audit plan?
A code of business conduct should include which of the following to increase its deterrent effect?
1. Appropriate descriptions of penalties for misconduct.
2. A notification that code of conduct violations may lead to criminal prosecution.
3. A description of violations that injure the interests of the employer.
4. A list of employees covered by the code of conduct.
According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?
A team of internal auditors is assigned to audit the employee relations process in an organization, which includes employee conduct and disciplinary hearings. Which of the following audit approaches would provide the auditors with the best evidence to determine the degree to which disciplinary decisions are complying with documented policy?
An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?
1.There is a clear strategy and timeline to migrate risk management responsibility back to management.
2.The internal audit activity has the final approval on any risk management decisions.
3.The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.
4.The nature of services provided to the organization is documented in the internal audit charter.
According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?
1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.
2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.
3. Provide structured learning opportunities for engagement auditors when possible.
4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.
Which of the following items, included in the preliminary audit communication would be most useful for management to formulate action plans in response to audit recommendations?
An IT auditor is reviewing the access controls in an organization ' s accounting application. The auditor intends to deploy a tool that can help test the logical controls embedded in the system to ensure employee access is granted according to need. Which of the following would help achieve this objective?
In the following risk control map risks have been categorized based on the level of significance and the associated level of control. Which of the following statements is true regarding Risk C?
According to IIA guidance, which of the following is true regarding audit supervision?
1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.
2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.
3. Supervision should include review of engagement workpapers, with documented evidence of the review.
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization ' s risk management program?
Which of the following statements about internal audit ' s follow-up process is true?
An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?
There is a clear strategy and timeline to migrate risk management responsibility back to management.
The internal audit activity has the final approval on any risk management decisions.
The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.
The nature of services provided to the organization is documented in the internal audit charter.
According to IIA guidance which of the following statements is true regarding heat maps?
Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.
During the planning stage of an assurance engagement, an internal auditor has been assigned to prepare a risk matrix. Which of the following should the internal auditor consider when attempting to identify process-level risks?
An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement.
3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.
A technology organization is developing an artificial intelligence (AI) program for use on its social media platform. The AI program is meant to help content creators with images and posts that will acquire followers more efficiently. The internal audit function is planning an engagement of the AI program development. Which of the following should be considered a significant, immediate, and inherent risk?
What information would be most useful to an internal auditor who is attempting to identify specific processes to include in the scope of an assurance engagement?
In preparing the engagement work program, which of the following is generally true with respect to secondary controls?
The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9
An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?
The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program ' s activities. What is the appropriate next step?
An internal auditor is tasked with evaluating the adequacy of the organization ' s inventory fraud controls. What is the most relevant information that the auditor can obtain from the documentation of cyclic counting for this purpose?
According to IIA guidance, which of the following statements is true regarding reporting the results of the quality assurance and improvement program?
Which of the following actives is an internal auditor most likely to perform when establishing the objectives of an assurance engagement?
An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the
bank heading, logo, or address. Which of the following statements is true regarding this situation?
Acceding to MA guidance, when of the Mowing strategies would like provide the most assurance to the chief audit executive (CAE) that the internal audit activity ' s recommendations are being acted upon?
When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?
1. Add value.
2. Improve operations.
3. Provide assurance that the internal audit activity conforms with the Standards.
4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.
What is the primary purpose of issuing a preliminary communication to management of the area under review?
Upon the completion of an audit engagement an audit manager performs a review of a staff auditor ' s workpapers. Which of the following actions by the manager is the most appropriate this review ' '
Which of the following would be the most effective fraud prevention control?
An internal auditor discovered that equipment used to monitor air quality was not maintained according to the established maintenance schedule. If the issue is not addressed, the equipment may not provide accurate information on pollutant levels, which could result in regulatory sanctions and reputational damage. The auditor discussed the issue with both the manager in charge and the CEO, who explained that they understand the risk, but it has become too expensive to maintain the equipment as scheduled. In this situation, what should the chief audit executive do?
According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?
Besides a chief audit executive ' s professional experience what determines the frequency and approach to assessing residual risk?
An internal audit team was conducting an assurance engagement to review segregation of duties in the purchasing function. The internal auditors reviewed a sample of purchase orders from the past two year and discovered that 2 percent were signed by employees who were operating in a designated acting capacity due to employee absence. According to IIA guidance, which of the following attributes of information would most likely assist the auditor in deciding whether to report this finding?
Senior management decides to adopt a conservative working capital policy. What would be the expected result for the organization?
A corporate merger decision prompts the chief audit executive (CAE) to propose interm changes to the existing annual audit plan to account for emerging risks Which of the following Is the most appropriate action for the CAE to take regarding the changes made to the audit plan?
An organization invests excess short-term cash in trading securities Which of the following actions should an internal auditor take to test the valuation of those securities ' *
According to IIA guidance, which of the following is a limitation of a heat map?
An internal auditor is asked to review a recently completed renovation to a retail outlet. Which of the following would provide the most reliable evidence that the completed work conformed to the plan?
If an engagement supervisor discovers insufficient information to draw a conclusion in workpapers, which action should she take first?
Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?
Ensure encryption keys meet ISO standards.
Determine whether an independent review of the service provider ' s operation has been conducted.
Verify that the service provider’s contracts include necessary clauses.
Verify that only public-switched data networks are used by the service provider.
An organization has identified new strategic goals, and a current objective is to determine an optimal course of action to meet those goals. Which data analytics method is used to achieve this objective?
Below is a flowchart detailing an organization ' s bank reconciliation process. Which of the following conclusions can be drawn from the flowchart?
Which of the following risk assessment approaches involves gathering data from work team representing different levels of an organisation?
An internal auditor wants to determine if employees spend more than their approved daily stipend for meals. Which technique would be most appropriate to identify meal expenses that exceed the approved threshold?
Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?
Which of the following best describes why an internal audit activity would consider sending written preliminary observations to the audit client?
A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?
Senior management requested that the internal audit activity perform a consulting project to assist in making a decision on a new software system. Which of the following would be used to determine the engagement objectives?
In which of the following populations would the internal auditor most likely choose to use a stratified sampling approach?
A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline ' s pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?
An internal auditor observes a double payment transaction on a supplier invoice during an accounts payable engagement. Which of the following steps would be the most effective in helping the auditor determine whether fraud exists?
An internal auditor wanted to determine whether the organization ' s 200 employees are charging their work hours accurately to the correct project. The internal auditor selected a sample of 30 employee time reports for testing. Based on the testing, the internal auditor determined the following:
- 5 Time reports were incorrect.
- 21 Time reports were correct.
- 4 Time reports were not supported.
An organization ' s chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?
Which of the following processes does the board manage to ensure adequate governance?
A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?
1. The client manager and her superior.
2. Anyone who may object to the report’s validity.
3. Anyone required to take action.
4. The same individuals who receive the final report.
Which of the following methodologies consists of the internal auditor holding individual meetings with different people, asking them the same questions, and aggregating the results?
When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports
1.Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.
2.Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management reporting and the negative consequences of intentional misreporting
3.Setting up a hotline for employees to report fraudulent behavior anonymously.
4.Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of. sales.
A bicycle manufacturer incurs a combination of fixed and variable costs with the production of each bicycle. Which of the following statements is true regarding these costs?
Which of the following is a detective control for managing the risk of fraud?
Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?
The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?
An internal auditor is assigned to validate calculations on the organization ' s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?
A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?
According to IIA guidance, when of the Mowing statements is true regarding an engagement supervisor ' s use of review notes?
According to HA guidance, which of the following is the Key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?
Which is the most appropriate evaluation criterion regarding the quality of audit engagement workpapers?
An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person Which of the following risks most appropriately describes this situation?
Considering the five-attribute approach to documenting deficiencies in an area under review which of the following answers the question. " What should be in place?’’
Which of the following would be considered a violation of The IIA’s mandatory guidance on independence?
According to IIA guidance, when would an interim report typically be produced?
Which statement best describes the benefit of using workpapers from recent internal audit engagements of the area under review to plan new engagements?
In which of following scenarios is the internal auditor performing benchmarking?
Which of the following behaviors could represent a significant ethical risk if exhibited by an organization ' s board?
1. Intervening during an audit involving ethical wrongdoing.
2. Discussing periodic reports of ethical breaches.
3. Authorizing an investigation of an unsafe product.
4. Negotiating a settlement of an employee claim for personal damages.
An internal auditor developed a list of internal and external risk considerations across the organization ' s processes, developed a scale to assess each risk and allocated the relative importance of each risk. When of the following approaches did the auditor take?
A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks. When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?
An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.
Which of the following techniques will help the audit team achieve this sampling objective?
According to IIA guidance, which of the following statements best justifies a chief audit executive ' s request for external consultants to complement internal audit activity (IAA) resources?
A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization ' s attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate
option for the chief audit executive?
According to IIA guidance, which of the following is based on the results of a preliminary assessment of risks relevant to the area under review?
During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?
Which of the following factors should be considered when determining the staff requirements for an audit engagement?
The internal audit activity ' s time constraints.
The nature and complexity of the area to be audited.
The period of time since the area was last audited.
The auditors’ preference to audit the area.
The results of a preliminary risk assessment of the activity under review.
Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?
According to IIA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?
Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?
Which of the following is one of the advantages of organizing the risk universe by processes?
Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?
A chief audit executive (CAE) a developing a work program for an upcoming engagement that will review an organization’s small contracting services. When of the following would the CAT need to consider most when developing the work program?
After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the
organization. What is the most appropriate first step for the CAE to take?
Which of the following is required to classify, label, organize, and search big data stored and used in an organization?
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
During planning, the chief audit executive submits a risk-and-control questionnaire to management of the activity under review. Which of the following statements is true regarding the questionnaire?
New environmental regulations require the board to certify that the organization ' s reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization ' s compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?
According to Maslow ' s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement^
Which of the following situations is most likely to heighten an internal auditors professional skepticism regarding potential fraud?
During an internal audit engagement, which of the following is true regarding the decision to use statistical sampling or nonstatistical sampling?
An organization facing financial hardships is planning to reduce its internal audit function size without a reduction in workload. The organization plans to aid internal auditors by providing a generative artificial intelligence application that will process written responses from the activity under review to identify high-risk areas on which the remaining auditors will concentrate. Which of the following would be the most significant concern in this process?
A new internal auditor is overwhelmed by the number of tasks they need to complete at the engagement planning stage. Which of the following could support the auditor’s organization and delivery of planned work?
Which of the following statements is true regarding the use of internal control questionnaires (ICOs)?
The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA.
4. Arrange for reciprocal peer review with another CAE.
Which of the following statements is true regarding the audit objective for an assurance engagement?
The internal audit activity plans to assess the effectiveness of management ' s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?
Which of the following types of policies best helps promote objectivity in the internal audit activity’s work?
Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?
1.Ensure encryption keys meet ISO standards.
2.Determine whether an independent review of the service provider ' s operation has been conducted.
3.Verify that the service provider ' s contracts include necessary clauses.
4.Verify that only public-switched data networks are used by the service provider
Which of the following statements is true regarding managements use of judgement to design, implement, and conduct internal control?
According to IIA guidance which of the following represents sufficient information?
An internal auditor has discovered that duplicate payments were made to one vendor Management has recouped the duplicate payments as a corrective action Which of the following describes managements action in this case?
Which of the following is true regarding the monitoring of internal audit activities?
Which of the following is the primary purpose of financial statement audit engagements?
Which of the following best describes the engagement objective in a banking compliance audit?
Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?
Which of the following is applicable to both a job order cost system and a process cost system ' ?
Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?
An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?
According to HA guidance, which of the following statements regarding audit workpapers is true?
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
During the planning process for a human resources audit, an internal auditor obtains an organizational chart. The auditor observes a flat organizational structure. Which of the below risks should the auditor consider for this engagement?
According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?
Which of the following would most Holy reflect the best possible engagement objectives?
Which of the following is true about surveys?
According to IIA guidance, which of the following is least likely to be a key financial control in an organization ' s accounts payable process?
Which of the following best demonstrates internal auditors performing their work with proficiency?
Which of the following is an appropriate activity when supervising engagements?
Which of The following best describes a risk that is deemed " unacceptable " to the organization?
Senior management wants assurance that third-party contractors are following procedures as agreed with the organization. Which type of audit would be most appropriate
to achieve this objective?
A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan. Which of the following approaches would be most beneficial to help the CAE obtain details of the internal audit activity ' s collective knowledge, skills, and other competencies?
What is the primary purpose of creating a preliminary draft audit report?
Which of the following is the next step in understanding a business process once an internal auditor has identified the process?
An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income Which of the following terms would the investor most likely label this investment in her portfolio?
According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization ' s cash disbursements process?
Which of the following is most likely to be judged as a significant residual risk that would exceed the organization ' s acceptable risk level?
In order to obtain background information on an assigned audit of data center operations an internal auditor administers control questionnaires to select individuals who have primary responsibilities within the process. Which of the following is a drawback of this approach?
According to HA guidance, the chief audit executive is directly responsible for which of the following?
The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?
An internal auditor completed a test of 30 randomly selected accounts. For five of the accounts selected, the auditor was unable to find supporting documentation in the normal place of storage. Which of the following next steps would be most appropriate for the internal auditor to take?
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
An examination of the accounts payable function evidenced multiple findings with respect to segregation of duties. After management ' s response and action plan are received and documented in the final report, which of the following is most appropriate?
The audit plan of an internal audit function includes an assurance engagement of the organization’s cybersecurity protocols. However, the engagement supervisor assigned to execute the engagement identifies that the internal auditors with competencies in cybersecurity are scheduled for upcoming leave and are involved in other engagements. Those auditors would not be available to participate in the cybersecurity engagement. Which of the following would be the appropriate action for the engagement supervisor?
A chief audit executive (CAE) is trying to balance the internal audit activity ' s needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?
Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?
Flowcharts are useful during audit planning because they contain information that may help internal auditors with which of the following?
How should an internal auditor approach preparing a detailed risk assessment during engagement planning?
To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?
An organization obtains maintenance personnel from a third-party service provider. The third-party service provider submits monthly timetables of contracted maintenance personnel and bills the organization on an hourly basis. Which of the following will most likely help an internal auditor validate the number of hours billed by the third-party service provider?
Which procedure should an internal auditor perform to determine the audit objective?
An organization must maintain a current ratio of at least 1.2 to comply with debt covenants. Its current ratio is now 0.9. Which year-end transaction can increase the current ratio?
According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?
Which of the following best describes the manual audit procedure known as vouching?
Which of the following measures immediate short-term liquidity?
Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
Which of the following information is most appropriate for the chief audit executive to share when coordinating audit plans with other internal and external assurance providers?
In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?
' Internal policy prohibits employees from entering into contacts with financial obligations without proper approval.
A project manager signed a change to an important service agreement without obtaining the proper approval As a result the organization is receiving $5,000 per month less for its services.’’
Which of the following should be added to the observation?
The audit engagement objective is to identify vendors who might be involved in money laundering processes or tax evasion schemes. How would the internal auditor use data analytics to fulfill this objective?
What would be the effect if an organization paid one of its liabilities twice during the year, in error?
Which type of assurance engagement is conducted to determine whether a process or area is performing as intended, accomplishing its objectives, and doing so in an efficient and economical way?
According to IIA guidance, which of the following statements is true regarding due professional care?
An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?
During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as the are earning a significantly higher salary. The auditor noted the names and amounts of each; and he planned to prepare a request to the chief audit executive for a salary Increase based on this Information. Which of the following IIA Code of Ethics principles was violated in this scenario?
According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?
Which of the following best describes the guideline for preparing audit engagement workpapers?
Organizations that adopt just-in-time purchasing systems often experience which of the following?
Which of the following types of resources is the most important and challenging to identify and allocate in order to perform an audit engagement?
Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?
Which of the following analytical procedures should an internal auditor use to determine whether monthly expenses for the accounting department are reasonable?
According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization’s network and data ' ?
An internal auditor discovered that a new employee was granted inappropriate access to the payroll system Apparently the IT specialist had made a mistake and granted access to the wrong new employee. Which of the following management actions would be most effective to prevent a similar issue from occurring again?
According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?
When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?
An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable parts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production. The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor ' s theory?
Which of the following would most likely prompt special notification from the chief audit executive to same management?
An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization ' s board under which of the tollowing circumstances ' ?
1. In the opinion of the CAE the level of residual risk assumed by senior management is too high
2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales
3. The cost of modifying the sales system to include a preventive control is less than S100.000