Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium IIA IIA-CIA-Part2 Dumps Questions Answers

Internal Audit Engagement Questions and Answers

Question 1

At the conclusion of a quality assurance review, the chief audit executive (CAE) was informed that several audits included incomplete workpapers, and some workpapers were not completed within the established timeframe. How should the CAE address the issue of incomplete workpapers?

Options:

A.

Delete incomplete workpapers from the audit folder.

B.

Establish a task force to complete workpapers for audits that are contested.

C.

Develop guidelines and procedures for completing workpapers.

D.

Verify that the workpapers that support audit findings are complete; if so, no further action is required.

Buy Now
Question 2

Which of the following audit steps would an internal auditor most likely be questioned on?

Options:

A.

The auditor confirms the organization ' s ownership of physical equipment by verifying its presence on site visually.

B.

The auditor vouches for a sample of check copies to support voucher packages to test the checks ' validity.

C.

The auditor vouches a sales invoice to a shipping document to conclude that the invoice has been issued.

D.

The auditor recalculates the allowance for doubtful accounts based on management assertions.

Question 3

According to IIA guidance, which of the following statements is true regarding engagement planning?

Options:

A.

For both assurance and consulting engagements, planning typically occurs after the engagement objectives and scope have already been determined.

B.

The expectations and objectives of an assurance engagement are usually determined by, or in conjunction with, the engagement client.

C.

Internal auditors may not need to complete a preliminary risk assessment for a consulting engagement as they would when planning an assurance engagement.

D.

For both consulting and assurance engagements, internal auditors usually form the engagement objectives prior to completing the preliminary risk assessment.

Question 4

According to IIA guidance, which of the following statements about analytical procedures is true?

Options:

A.

Analytical procedures compare information against expectations

B.

Analytical procedures begin after the engagements planning phase.

C.

Analytical procedures provide internal auditors with explainable results.

D.

Analytical procedures are computer-assisted audit techniques

Question 5

When auditing an organization ' s cash-handling activates which of the following is the most reliable form of testimonial evidence an internal auditor can obtain?

Options:

A.

Testimony from the cashier who performs the processes being reviewed

B.

Testimony from me cashier ' s supervisor who knows how processes should be performed

C.

Testimony from a knowledgeable person who is independent of the cashiering duty

D.

Testimony from a manager who oversees all cashiering activities being reviewed

Question 6

An internal auditor is performing an engagement to determine whether quality control checks of electronic gaming systems are performed consistently among a technology company’s factories. Which of the following tests would support the audit engagement objectives?

Options:

A.

Obtain and review the organization’s policies and procedures to gain an understanding of the quality control checks performed on the gaming systems.

B.

Perform unannounced onsite observations at factories to help determine how employees perform quality control checks of the gaming systems in real time.

C.

Meet and discuss with the quality control supervisors at the facilities to obtain information about the processes related to the quality control of gaming systems.

D.

Use the organization’s manufacturing documentation to create a flowchart that shows how the gaming systems are built to meet the established quality control standards.

Question 7

An internal auditor is analyzing sates records and is concerned whether a transaction is recorded in the coned period. The accounting manager explains that the external auditor approved the records and produces an email from the external audit team leader. How should tie internal auditor respond?

Options:

A.

Ask the external auditor to review the same transaction again as an independent third party

B.

Consult account accounting principles, standards, and relevant guidelines in regard to timing of the entry

C.

Interview the chief financial officer and obtain her opinion on how the transactions should be recorded

D.

Compare the recording of this transaction to now similar ones were executed last year

Question 8

Which of the following is not a direct benefit of control self-assessment (CSA)?

Options:

A.

CSA allows management to have input into the audit plan.

B.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

C.

CSA can improve the control environment.

D.

CSA increases control consciousness.

Question 9

The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?

• The annual audit plan should include audits that are consistent with the skills of the IAA.

• Audits of high-risk areas of the organization should be conducted by internal audit staff.

• External resources may be hired to provide subject-matter expertise but should be supervised.

• Auditors should develop their skills by being assigned to complex audits for learning opportunities.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 10

Which of the following is critical to the success of an effective interview?

Options:

A.

Present audit evidence and information to support the internal auditor’s line of questioning.

B.

Establish credibility, trust, and rapport.

C.

Develop flowcharts and review them with the interviewee.

D.

Observe the process and discuss it with the interviewee.

Question 11

Which of the following is an inherent risk of issuing an opinion on the overall effectiveness of internal control?

Options:

A.

The results of individual engagements do not support a satisfactory opinion on the effectiveness of internal control.

B.

The results of the individual engagements do not support a positive assurance opinion on the effectiveness of internal control

C.

The audit risk and associated legal implications increase

D.

The reliance on other assurance providers increases

Question 12

Which of the following statements concerning workpapers is the most accurate?

Options:

A.

The organization and the format of workpapers is the same for all engagements

B.

The extent of what is included in workpapers is a matter of professional judgment

C.

Workpapers should be complete so that every conceivable question that can be raised should be answered

D.

Copies of operational managements records should not be included, but referenced so that they can be located

Question 13

According to IIA guidance, which of the following would be considered necessary for a one-person audit function?

Options:

A.

A formalized technical audit manual

B.

A written administrative audit manual

C.

A memorandum stating policies and procedures

D.

A comprehensive policy and procedure manual

Question 14

According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?

Options:

A.

It documents the audit steps and procedures to be performed.

B.

it documents preliminary information useful to the audit team.

C.

It documents events that could hinder the achievement of process objectives.

D.

It documents existing measures that manage risks in the area under review

Question 15

When forming an opinion on the adequacy of management ' s systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?

• During an audit of the hiring process in a law firm, it was discovered that potential employees ' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.

• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.

• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.

• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Question 16

In which of the following situations would it be most appropriate for an internal audit function to issue an interim report or memo?

Options:

A.

A scheduled audit observed that several agreed improvements from the previous audit were still being implemented.

B.

A planned inventory count at the production plant revealed a material variance.

C.

An employee shared concerns of suspected fraud but did not provide evidence.

D.

An auditor responsible for the fieldwork has carried out only half of the planned audit procedures and has no observations so far.

Question 17

Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?

Options:

A.

To evaluate controls regarding the computer security of an oil refinery.

B.

To examine the processes involved in exploring, developing, and operating a gold mine.

C.

To assess the likelihood and impact of events associated with operating a finished goods warehouse.

D.

To link a financial institution ' s business objectives to a work unit responsible for the associated risk.

Question 18

The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review Which of the following would be the most appropriate approach?

Options:

A.

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

B.

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

C.

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures

D.

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

Question 19

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

Options:

A.

Acts that may endanger the health or safety of individuals.

B.

Acts that favor one party to the detriment of another.

C.

Acts that damage or have an adverse effect on the environment.

D.

Acts that conceal inappropriate activities in the organization.

Question 20

An internal auditor accessed accounts payable records and extracted data related to fuel purchased tor the organization ' s vehicles As a first step, she sorted the data by vehicle and used spreadsheet functions to identify all instances of refueling on the same or sequential dates She then performed other tests Based on the auditor ' s actions which of the following is most likely the objective of this engagement1?

Options:

A.

To identify whether fuel was purchased for work-related purposes

B.

To estimate future fuel costs for the organization ' s fleet of vehicles

C.

To determine trends in average fuel consumption by vehicle

D.

To determine whether the organization is paying more than the industry average for fuel

Question 21

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a chantable contribution from the organization Which of the following methods would best help meet this objective?

Options:

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee ' s final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities

Question 22

Which of the following describes (he primary reason why a preliminary risk assessment is conducted during engagement planning?

Options:

A.

To identify the greatest risks organizationwide

B.

To ensure that the engagement work program covers all risk areas

C.

To ensure that risks identified during previous audits of the area have been adequately addressed

D.

To ensure that significant risks are included in the engagement scope

Question 23

With regard to project management, which of the following statements about project crashing is true?

Options:

A.

It leads to an increase in risk and often results in rework.

B.

It is an optimization technique where activities are performed in parallel rather than sequentially

C.

It involves a revaluation of project requirements and/or scope.

D.

It is a compression technique in which resources are added to the project

Question 24

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?

Options:

A.

The review notes may be cleared from the final documentation once the engagement supervisors concerns have been addressed

B.

Management of the area under review must address the engagement supervisors review notes before the audit report can be finalized.

C.

The chief audit executive must initial or sign the engagement supervisors review notes to provide evidence of appropriate engagement supervision.

D.

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program

Question 25

Following an audit, management developed an action plan to improve controls over the handling of scrap metal. Which of the following would be the most appropriate course of action for the auditor to follow up?

Options:

A.

Conduct another audit engagement to ensure all risks related to the sales of scrap metal have been mitigated.

B.

Ensure new procedures have been documented, approved, and distributed to the employees responsible.

C.

Perform retesting to confirm that new procedures address the previously identified deficient control activities.

D.

Analyze the new procedures, then report to senior management whether the associated risks have been managed.

Question 26

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Options:

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Question 27

While conducting a review of the logistics department the internal audit team identified a crucial control weakness. The chief audit executive (CAE) decided to prepare an audit memorandum for management of the logistics department followed by an informal meeting What is the most likely reason the CAE decided to prepare the audit memorandum?

Options:

A.

To report up-to-date audit progress to management

B.

To ensure that the internal audit team and the CAE are aligned with regard to the identified weakness

C.

To allow management to address the identified weakness timely

D.

To obtain management ' s agreement with regard to the identified weakness

Question 28

Applying ISO 31000; which of the following is part of the external context for risk management?

Options:

A.

Risk treatment method based on risk evaluation.

B.

Organizational culture, objectives, and processes.

C.

The regulatory and competitive environment.

D.

The method of determining the risk level

Question 29

While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the information systems have undergone extensive changes. Which of the following actions is most appropriate for the auditor to take?

Options:

A.

Inform management and request that the plan be tested immediately.

B.

Update the recovery plan for management, as part of the review.

C.

Evaluate the recovery plan and report weaknesses to management.

D.

Recommend that management and users update and test the recovery plan.

Question 30

Which of the following is the primary reason a chief audit executive should network with an organization’s executives?

Options:

A.

To better understand and influence executives ' planning.

B.

To make executives aware of the benefits that the internal audit activity can provide.

C.

To assist executives in setting the organization’s risk appetite.

D.

To have a better understanding of the training needed to strengthen the audit team.

Question 31

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

Options:

A.

Leadership

B.

Documentation.

C.

Analysis.

D.

Reporting

Question 32

Which of the following is an example of a compliance assurance engagement?

Options:

A.

Providing in-house training to senior management regarding applicable laws and regulations.

B.

Providing an assessment of the design adequacy of controls related to consumer privacy and confidentiality.

C.

Providing an assessment of customer satisfaction with customer service provided by the organization.

D.

Providing testing on the operating effectiveness of controls over the reliability of financial reporting.

Question 33

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

Options:

A.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

B.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

C.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

D.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Question 34

An internal auditor is using attributes sampling to test internal controls. Under which of the following circumstances would the auditor increase the original sample size to estimate error occurrence at a given precision and confidence level?

Options:

A.

The sample rate of occurrence plus the precision exceeds the acceptable error rate.

B.

The sample rate of occurrence is less than the acceptable error rate.

C.

The acceptable rate of occurrence less the precision exceeds the sample rate of occurrence.

D.

The sample rate of occurrence plus the precision equals the acceptable error rate.

Question 35

Which of the following methods is most closely associated to year over year trends?

Options:

A.

Horizontal analysts

B.

Vertical analysis.

C.

Common-size analysis.

D.

Ratio analysis.

Question 36

Which of the following best demonstrates that the internal audit activity is using due professional care?

Options:

A.

The internal audit activity reports directly to the board on the engagements it performs.

B.

Internal auditors undertake the necessary training to complete their audit work.

C.

The completion of engagements is based on the assumption that fraudulent activities may exist.

D.

Internal auditors consider the use of technology-based audit and other data analysis techniques

Question 37

An internal auditor reviewed the tender documents for the procurement of manufacturing equipment and observed the following:

    Tender technical specifications were compliant with internal policies.

    The sole assessment criterion of the tender was economic feasibility.

    All bids were submitted to a designated software and could not be opened before the submission deadline.

    The winner was approved by senior management.

    The winner was selected based on which bidder offered the newest technology.

Which of the following is the most appropriate conclusion?

Options:

A.

Key controls of the procurement process operate as intended based on the analysis of the specific tender documents.

B.

IT controls implemented to ensure confidentiality of submitted bids seem to have several deficiencies.

C.

Management ' s selection of the winner should be positively acknowledged for focusing on innovative technological solution.

D.

The principles of transparency and equal treatment of bidders seem to be impaired.

Question 38

Which of the following statements best explains why an internal auditor should pay attention to retained earnings of an organization?

Options:

A.

Retained earnings indicate the amount of potential dividends to be paid out to new investors.

B.

Retained earnings represent the amount of excess cash available in the organization.

C.

Retained earnings demonstrate that the organization was able to generate working capital from its own activities.

D.

Retained earnings constitute the main criterion used by ratings agencies to assess an organization.

Question 39

According to IIA guidance, which of the following statements are true regarding the internal audit plan?

1. The audit plan is based on an assessment of risks to the organization.

2. The audit plan is designed to determine the effectiveness of the organization ' s risk management process.

3. The audit plan is developed by senior management of the organization.

4. The audit plan is aligned with the organization ' s goals.

Options:

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4

D.

1, 3, and 4

Question 40

According to ISO 31000, which of the following statements is correct?

Options:

A.

The board is responsible for setting the organizational attitude through tone at the top.

B.

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities

C.

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.

The framework is designed to be effective for organizations no matter how small.

Question 41

An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for

testing. Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?

Options:

A.

Review logs of the vehicles assigned to employees for the delivery of goods during the engagement period.

B.

Visit the home address of the specific employee to see the selected vehicle.

C.

Compare the registered details of the vehicle in the fixed asset register to a date-stamped photograph of the vehicle.

D.

Seek independent confirmation of the vehicle ' s details from one of the delivery employees.

Question 42

A senior internal auditor is hired within the internal audit activity for a period of two years before advancing to an operations manager role within the business operations team. When staffing arrangement is being used in this scenario?

Options:

A.

Comer of competence

B.

Career model

C.

Rotational model

D.

Cosourcing agreement

Question 43

Which phase of an audit engagement is typically the most effective time for an internal auditor to develop a risk and control matrix?

Options:

A.

When preparing to recap audit test results.

B.

At sample selection, to determine sampling methodology.

C.

At the start of fieldwork, as part of developing the annual audit plan.

D.

At planning, to assist in developing the engagement work program.

Question 44

Due to emerging new technologies that greatly affect the organization, the chief audit executive (CAE) wants to conduct frequent IT audit and is particularly focused on improving the quality of these engagements. Which of the following is the most viable solution for the CAE to ensure that IT audit quality is immediately enhanced and maintained long-term?

Options:

A.

Each year send a different member of the internal audit staff to an IT audit conference to learn about emerging technologies

B.

Contract an external IT special to offer advice and consult on IT audits

C.

Employ an independent external IT specialist to perform IT audits for the first year

D.

Invite qualified staff from the IT department to serve as guest auditors and lead IT audits

Question 45

During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?

Options:

A.

The audit supervisor should include the new contracts in the finding for the final audit report.

B.

The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.

C.

The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.

D.

The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.

Question 46

Which of the following describes the primary objective of an internal audit engagement supervisor?

Options:

A.

Uphold the quality of the internal audit actively

B.

Provide engagement progress updates to management of the area under review

C.

Assure risks and controls are identified and assessed

D.

Ensure timely completion of the engagement

Question 47

The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?

Options:

A.

Refuse to accept the consulting engagement because it would be a violation of independence.

B.

Collaborate with the external auditor to ensure the most efficient use of resources.

C.

Accept the engagement but hire an external training specialist to provide the necessary expertise.

D.

Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.

Question 48

The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed. How should the internal audit team proceed?

Options:

A.

Communicate immediately to the relevant regulatory agency the information regarding the company ' s control breaches along with details of recommended corrective actions to address the issue.

B.

Complete the branch reviews, ensure that the issue and impact are adequately detailed in the audit report, hold an exit meeting to discuss the issue with branch management, and provide recommendations for corrective actions.

C.

Have a discussion with branch management on the matter and recommend in an interim audit report that management take appropriate corrective action in order to address the current identified issues.

D.

Expand the audit to include the branches that were not previously selected and determine whether there are similar control breaches at those branches prior to compiling a comprehensive audit report and reporting the issue to senior management and the board.

Question 49

An organization ' s internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?

1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.

2. The AIC should notify HR management before the planning stage begins.

3. The AIC should schedule formal status meetings with HR management at the start of the engagement.

4. The AIC should finalize the scope of the engagement before communicating with HR management.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Question 50

Which of the following factors would be the most critical in determining which engagements should be included in the annual internal audit plan?

Options:

A.

Whether an audit is explicitly required by the internal audit charter

B.

The extent to which the work to be performed is an assurance or consulting engagement

C.

The organization ' s annual risk management strategy

D.

Risks that are identified by operations staff or senior management

Question 51

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 52

According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?

Options:

A.

Enable training and development of staff, identify engagement objectives, and assign responsibilities to individual auditors.

B.

Identify engagement objectives, assign responsibilities to individual auditors, and approve the engagement program.

C.

Assign responsibilities to individual auditors, approve the engagement program, and enable training and development of staff.

D.

Approve the engagement program, enable training and development of staff, and identify engagement objectives

Question 53

A team of internal auditors is assigned to audit the employee relations process in an organization, which includes employee conduct and disciplinary hearings. Which of the following audit approaches would provide the auditors with the best evidence to determine the degree to which disciplinary decisions are complying with documented policy?

Options:

A.

Review a random sample of concluded disciplinary reports to assess how the policy was applied in each case.

B.

Interview a sample of impacted employees for their opinions on the clarity and fairness of the policy.

C.

Observe several disciplinary hearings to determine whether they are in compliance with the policy.

D.

Conduct an interview to assess the disciplinary hearing chairman’s understanding of the policy and its appropriate use.

Question 54

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?

1.There is a clear strategy and timeline to migrate risk management responsibility back to management.

2.The internal audit activity has the final approval on any risk management decisions.

3.The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.

4.The nature of services provided to the organization is documented in the internal audit charter.

Options:

A.

1 and 4 only.

B.

2 and 4 only.

C.

1 and 3 only.

D.

2 and 3 only.

Question 55

According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?

1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.

2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.

3. Provide structured learning opportunities for engagement auditors when possible.

4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 56

Which of the following items, included in the preliminary audit communication would be most useful for management to formulate action plans in response to audit recommendations?

Options:

A.

A condition

B.

An audit objectives

C.

An audit scope

D.

An observation rating

Question 57

An IT auditor is reviewing the access controls in an organization ' s accounting application. The auditor intends to deploy a tool that can help test the logical controls embedded in the system to ensure employee access is granted according to need. Which of the following would help achieve this objective?

Options:

A.

Utility software

B.

Generalized audit software

C.

Audit expert systems.

D.

integrated test facility

Question 58

In the following risk control map risks have been categorized based on the level of significance and the associated level of control. Which of the following statements is true regarding Risk C?

Options:

A.

The level of control is appropriate given the level of risk

B.

The level of control is excessive given the level of risk

C.

The level of control is inadequate given the level of risk

D.

There is not enough of information to determine whether the controls are appropriate or not

Question 59

According to IIA guidance, which of the following is true regarding audit supervision?

1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.

2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.

3. Supervision should include review of engagement workpapers, with documented evidence of the review.

Options:

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 3 only

D.

1, 2, and 3

Question 60

Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization ' s risk management program?

Options:

A.

Identifying and managing risks in line with the entity ' s risk appetite.

B.

Ensuring that a proper and effective risk management process exists.

C.

Attaining an adequate understanding of the entity ' s key mitigation strategies.

D.

Identifying and ensuring that appropriate controls exist to mitigate risks.

Question 61

Which of the following statements about internal audit ' s follow-up process is true?

Options:

A.

The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure quality performance.

B.

The actions of external auditors and other external assurance providers is not encompassed by internal audit ' s follow-up process.

C.

Internal auditors have responsibility for determining if management and the board have implemented the recommended action or otherwise accepted the risk.

D.

The follow-up process must be complete and documented in the working papers in order to conclude the engagement.

Question 62

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?

There is a clear strategy and timeline to migrate risk management responsibility back to management.

The internal audit activity has the final approval on any risk management decisions.

The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.

The nature of services provided to the organization is documented in the internal audit charter.

Options:

A.

1 and 4 only.

B.

2 and 4 only.

C.

1 and 3 only.

D.

2 and 3 only.

Question 63

According to IIA guidance which of the following statements is true regarding heat maps?

Options:

A.

A heat map sets likelihood to have higher priority than impact.

B.

A heat map sets impact to have higher priority than likelihood.

C.

A heat map recognizes that the priority of impact and likelihood can vary.

D.

A heat map recognizes impact and likelihood as equally important

Question 64

Which of the following should be included in a privacy audit engagement?

1. Assess the appropriateness of the information gathered.

2. Review the methods used to collect information.

3. Consider whether the information collected is in compliance with applicable laws.

4. Determine how the information is stored.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Question 65

During the planning stage of an assurance engagement, an internal auditor has been assigned to prepare a risk matrix. Which of the following should the internal auditor consider when attempting to identify process-level risks?

Options:

A.

Possible tests

B.

Possible scenarios

C.

Possible controls

D.

Possible samples

Question 66

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 67

A technology organization is developing an artificial intelligence (AI) program for use on its social media platform. The AI program is meant to help content creators with images and posts that will acquire followers more efficiently. The internal audit function is planning an engagement of the AI program development. Which of the following should be considered a significant, immediate, and inherent risk?

Options:

A.

The AI program becomes self-reliant and no longer requires human assistance to perform tasks for the organization.

B.

The AI program advancements allow for it to generate original images for use by content creators and other individuals.

C.

The AI program captures images found online that are created and owned by individuals and other organizations.

D.

The AI program will have to comply with the national regulation expected to come in force in two years ' time.

Question 68

What information would be most useful to an internal auditor who is attempting to identify specific processes to include in the scope of an assurance engagement?

Options:

A.

Recent organizationwide recognition awards given to employees within the area.

B.

The timing of the most recent audit of the area.

C.

Management ' s presentation to the board regarding recent area achievements.

D.

Recent area performance indicators against productivity metrics.

Question 69

In preparing the engagement work program, which of the following is generally true with respect to secondary controls?

Options:

A.

A separate engagement work program should be created for secondary controls

B.

Secondary controls do not necessarily need to be tested for effectiveness

C.

Any documented secondary controls are deemed essential to the adequacy of control design

D.

Secondary controls should be held to the same requirements as key controls

Question 70

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9

Options:

A.

Mitigating risks affecting achievement of organizational objectives.

B.

Enabling opportunities affecting achievement of organizational objectives.

C.

Analyzing and advising regarding costs versus benefits of control activities.

D.

Attesting to fairness of financial statements

Question 71

An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?

Options:

A.

The CAE would automatically sand a copy of the report to the service provider as many of the findings relate to Via area managed by the service provider

B.

The CAE may distribute the report to tie service provider at no cost, after consulting with legal counsel and tie chief compliance officer

C.

The CAE may provide a copy of the audit report to the service provider If an agreement & signed and the service provider agrees to reimburse the cost of the auditD, The CAE should benchmark with other organization in the industry by consorting with colleagues and distribute the report only I it is an acceptable practice m the industry

Question 72

The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program ' s activities. What is the appropriate next step?

Options:

A.

Conclude whether the ESG program ' s activities are meeting the established goals

B.

Communicate the results of the assessment to senior management

C.

Develop recommendations based on the results of the assessment

D.

Perform testing on the activities selected based on the assessment

Question 73

An internal auditor is tasked with evaluating the adequacy of the organization ' s inventory fraud controls. What is the most relevant information that the auditor can obtain from the documentation of cyclic counting for this purpose?

Options:

A.

Accounting adjustments of inventories are approved by the management in accordance with a signature policy

B.

Root causes of inventory differences are analyzed and corrective measures are followed

C.

High value items are inventoried more frequently throughout the year

D.

Value of accounting adjustments matches with the value of inventory differences and are made in a timely manner

Question 74

According to IIA guidance, which of the following statements is true regarding reporting the results of the quality assurance and improvement program?

Options:

A.

Results of internal assessments need to be reported to the board at least once every five years.

B.

The external assessor must present the findings from the external assessment to senior management and the board upon completion.

C.

Deficiencies within the internal audit activity must be reported to the board as soon as they are noted

D.

Results of ongoing monitoring of the internal audit activity’s performance must be reported to senior management and the board at least annually

Question 75

Which of the following actives is an internal auditor most likely to perform when establishing the objectives of an assurance engagement?

Options:

A.

Discuss the internal audit risk assessment including applicable risks and objectives with internal audit management

B.

Perform a walk-through of the process under review to determine whether control wore operating, effectively

C.

Identify when controls will be tested and the sampling method to be used based on control risk

D.

Meet with operational management to team about any areas of concern and to agree on the engagement objectives

Question 76

An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the

bank heading, logo, or address. Which of the following statements is true regarding this situation?

Options:

A.

The evidence may not be reliable.

B.

The evidence is not relevant.

C.

The evidence may not be sufficient.

D.

The information missing is not relevant to the audit.

Question 77

Acceding to MA guidance, when of the Mowing strategies would like provide the most assurance to the chief audit executive (CAE) that the internal audit activity ' s recommendations are being acted upon?

Options:

A.

The CAF obtains a formal response from senior management regarding the corrective actions they plan to take w address the recommendations.

B.

The CAE develops a tracking system to monitor the stains of engagement recommendations reported to management for action

C.

The CAE communicates with impacted department managers to determine whether corrective actions have addressed engagement recommendations

D.

The CAE works with the engagement supervisor to monitor the recommendations issued to management for corrective action

Question 78

When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?

1. Add value.

2. Improve operations.

3. Provide assurance that the internal audit activity conforms with the Standards.

4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.

Options:

A.

1 only

B.

1 and 2 only

C.

1 and 3 only

D.

1, 2, 3, and 4

Question 79

What is the primary purpose of issuing a preliminary communication to management of the area under review?

Options:

A.

To build good relations with management

B.

To help management develop more responsive and timely action plans

C.

To formally report medium- and high-risk observations in writing

D.

To improve the internal audit key performance indicators

Question 80

Upon the completion of an audit engagement an audit manager performs a review of a staff auditor ' s workpapers. Which of the following actions by the manager is the most appropriate this review ' '

Options:

A.

Communicate the workpaper review results to management of fie area under review to validate the final report

B.

Update the final report in the file with any necessary corrections based on the workpaper review.

C.

Discuss the workpaper review results with the staff auditor where appropriate as a leaning opportunity

D.

Add the manager ' s review notes to the final documentation following the review

Question 81

Which of the following would be the most effective fraud prevention control?

Options:

A.

Email alert sent to management for checks issued over S100.000.

B.

installation of a video surveillance system in a warehouse prone to inventory loss

C.

New hire training to explain fraud and employee misconduct.

D.

Daily report that Identifies unsuccessful system log-in attempts

Question 82

An internal auditor discovered that equipment used to monitor air quality was not maintained according to the established maintenance schedule. If the issue is not addressed, the equipment may not provide accurate information on pollutant levels, which could result in regulatory sanctions and reputational damage. The auditor discussed the issue with both the manager in charge and the CEO, who explained that they understand the risk, but it has become too expensive to maintain the equipment as scheduled. In this situation, what should the chief audit executive do?

Options:

A.

Add value to the organization by taking initiative and implementing corrective actions to mitigate the identified risks.

B.

Communicate to the board the current situation, including the risk exposure to the organization.

C.

Discuss the matter with external auditors and request that they persuade management to address the issue.

D.

Contact the regulatory agency and inform them of the risk exposure.

Question 83

According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?

Options:

A.

Sufficiency.

B.

Appropriateness.

C.

Effective deployment.

D.

Cost effectiveness.

Question 84

Besides a chief audit executive ' s professional experience what determines the frequency and approach to assessing residual risk?

Options:

A.

The frequency of executing the internal audit engagements

B.

The frequency of changes in the organization environment

C.

The expectations set by the board and senior management

D.

The expectations set by operating management and senior management

Question 85

An internal audit team was conducting an assurance engagement to review segregation of duties in the purchasing function. The internal auditors reviewed a sample of purchase orders from the past two year and discovered that 2 percent were signed by employees who were operating in a designated acting capacity due to employee absence. According to IIA guidance, which of the following attributes of information would most likely assist the auditor in deciding whether to report this finding?

Options:

A.

Sufficiency

B.

Reliability

C.

Relevance

D.

Usefulness

Question 86

Senior management decides to adopt a conservative working capital policy. What would be the expected result for the organization?

Options:

A.

Low levels of inventory

B.

Higher level of profitability

C.

High level of liquidity

D.

Higher level of risk

Question 87

A corporate merger decision prompts the chief audit executive (CAE) to propose interm changes to the existing annual audit plan to account for emerging risks Which of the following Is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

Options:

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval.

C.

Present the revised audit plan directly to the CEO for approval.

D.

Communicate with the CEO and present the revised audit plan to the board for approval

Question 88

An organization invests excess short-term cash in trading securities Which of the following actions should an internal auditor take to test the valuation of those securities ' *

Options:

A.

Use the equity method to recalculate the investment carrying value

B.

Confirm the securities held by the broker.

C.

Perform a calculation of premium or discount amortization.

D.

Compare the carrying value with current market quotations

Question 89

According to IIA guidance, which of the following is a limitation of a heat map?

Options:

A.

Impact cannot be represented on a heat map unless it is quantified in financial terms.

B.

Impact and likelihood at times cannot be differentiated as to which is more important.

C.

A heat map cannot be used unless a risk and control matrix has been developed.

D.

Qualitative factors cannot be incorporated into a heat map.

Question 90

An internal auditor is asked to review a recently completed renovation to a retail outlet. Which of the following would provide the most reliable evidence that the completed work conformed to the plan?

Options:

A.

An interview with the employee who performed the work

B.

An analysis of purchasing and receiving documentation

C.

Existence of a signed completion document accepting the work

D.

A physical inspection of the retail outlet.

Question 91

If an engagement supervisor discovers insufficient information to draw a conclusion in workpapers, which action should she take first?

Options:

A.

Assign another auditor to complete the audit step and produce a new error-free workpaper.

B.

Document the problem as a review comment and continue with the audit.

C.

Discuss the matter with the auditor who produced the workpapers and improve the training manual.

D.

Complete the audit step herself to ensure accuracy and take additional steps to improve the audit training plan.

Question 92

Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?

Ensure encryption keys meet ISO standards.

Determine whether an independent review of the service provider ' s operation has been conducted.

Verify that the service provider’s contracts include necessary clauses.

Verify that only public-switched data networks are used by the service provider.

Options:

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Question 93

An organization has identified new strategic goals, and a current objective is to determine an optimal course of action to meet those goals. Which data analytics method is used to achieve this objective?

Options:

A.

Diagnostic analysis

B.

Predictive analysis

C.

Network analysis

D.

Prescriptive analysis

Question 94

Below is a flowchart detailing an organization ' s bank reconciliation process. Which of the following conclusions can be drawn from the flowchart?

Options:

A.

There is a conflict in the segregation of duties between preparing bank reconciliations and posting payments to the accounting books.

B.

There is an appropriate segregation of duties in the treasury department during the bank reconciliation process.

C.

There is a large workload for the treasury accountant during the bank reconciliation process.

D.

Bank statements should be obtained at a higher level, such as through the treasury supervisor.

Question 95

Which of the following risk assessment approaches involves gathering data from work team representing different levels of an organisation?

Options:

A.

Surveys

B.

Management produced analysis 0

C.

Facilitated team workshops

D.

Weighted risk factors

Question 96

An internal auditor wants to determine if employees spend more than their approved daily stipend for meals. Which technique would be most appropriate to identify meal expenses that exceed the approved threshold?

Options:

A.

Using compliance verification data analytics

B.

Using regression analysis

C.

Using software with a gap testing function

D.

Drafting a flowchart of the meal expense reporting process

Question 97

Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?

Options:

A.

Comparing the current ratio of the subsidiary with the current ratio of another company for the same period

B.

Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods

C.

Comparing the sales of the subsidiary with the sales of another subsidiary for the last two periods.

D.

Comparing the sales of the subsidiary with the budgeted figures for the last two periods

Question 98

Which of the following best describes why an internal audit activity would consider sending written preliminary observations to the audit client?

Options:

A.

Written observations allow for more interpretation.

B.

Written observations help the internal auditors express the significance.

C.

Written and verbal observations are equally effective.

D.

Written observations limit premature agreement

Question 99

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

Options:

A.

Residual

B.

Net

C.

inherent.

D.

Accepted.

Question 100

Senior management requested that the internal audit activity perform a consulting project to assist in making a decision on a new software system. Which of the following would be used to determine the engagement objectives?

Options:

A.

An assessment of risks to the business objectives

B.

An understanding of the engagement client ' s expectations

C.

The probability of significant errors fraud or noncompliance

D.

Criteria previously established by the board

Question 101

In which of the following populations would the internal auditor most likely choose to use a stratified sampling approach?

Options:

A.

Inventory comprised of the same items stored in different warehouses

B.

Batches of materials that must be confirmed as meeting quality standards

C.

Revenue that is earned by an organization through cash receipts or as receivable.

D.

Tax reports submitted to meet the requirements of the local taxation authority

Question 102

A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline ' s pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?

Options:

A.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

B.

All completed training costs, and the cost of actual production hours completed to date.

C.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

D.

All completed training costs, and 50% of the contracted production costs.

Question 103

An internal auditor observes a double payment transaction on a supplier invoice during an accounts payable engagement. Which of the following steps would be the most effective in helping the auditor determine whether fraud exists?

Options:

A.

Switch the existing assurance engagement into a fraud investigation engagement

B.

Extend the audit scope and perform additional testing of controls on other related areas

C.

Review the poor year ' s transaction volume and amounts paid compared to the poor year ' s budget

D.

Perform data analytics on the supplier ' s information, invoiced amounts, and payments performed

Question 104

An internal auditor wanted to determine whether the organization ' s 200 employees are charging their work hours accurately to the correct project. The internal auditor selected a sample of 30 employee time reports for testing. Based on the testing, the internal auditor determined the following:

- 5 Time reports were incorrect.

- 21 Time reports were correct.

- 4 Time reports were not supported.

Options:

A.

The organization has significant flaws in its reporting of employee time, which could lead to the overstatement of project labor costs. The organization ' s failure to report accurate and complete employee time could lead to potential fraud and abuse.

B.

The organization needs to ensure that all reporting of employee time is accurate and complete for each of its projects By dang so the organization can minimize potential issues related to overstating employee tames and labor project costs.

C.

The organization overstated project costs due to inaccurate and incomplete reporting of employee time charged to the affected accounts As a result the organization cannot ensure at protects costs are accurately reported to stakeholders

D.

The organization generally ensured that employee hours charged to each project were accurate and complete. However, there were instances of employee time reports that were incorrect or not supported to justify the multiple project labor coats

Question 105

An organization ' s chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?

Options:

A.

It allows the internal audit function to provide more subjective conclusions that would help the organization meet its goals and objectives.

B.

It allows the internal audit function to perform the appropriate engagements that minimize audit fatigue within the organization.

C.

It allows the internal audit function to focus more attention on ensuring that solutions and risks adhere to defined regulations.

D.

It allows the internal audit function to obtain more resources to perform more engagements of departments within the organization.

Question 106

Which of the following processes does the board manage to ensure adequate governance?

Options:

A.

Establish and measure performance objectives for the internal audit activity

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization

D.

Develop strategies to mitigate the risks to achieving the organization ' s objectives

Question 107

A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?

1. The client manager and her superior.

2. Anyone who may object to the report’s validity.

3. Anyone required to take action.

4. The same individuals who receive the final report.

Options:

A.

1 only

B.

1 and 2 only

C.

1, 2, and 3

D.

1, 2, and 4

Question 108

Which of the following methodologies consists of the internal auditor holding individual meetings with different people, asking them the same questions, and aggregating the results?

Options:

A.

Facilitated workshops.

B.

Surveys.

C.

Structured interviews.

D.

Elicitation.

Question 109

When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports

1.Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.

2.Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management reporting and the negative consequences of intentional misreporting

3.Setting up a hotline for employees to report fraudulent behavior anonymously.

4.Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of. sales.

Options:

A.

1 and 2 only.

B.

2 and 3 only.

C.

2 and 4 only.

D.

3 and 4 only.

Question 110

A bicycle manufacturer incurs a combination of fixed and variable costs with the production of each bicycle. Which of the following statements is true regarding these costs?

Options:

A.

if the number of bicycles produced is increased by 15 percent, the variable cost per unit will increase proportionally

B.

The fixed cost per unit will vary directly based on the number of bicycles produced during the production cycle.

C.

The total variable cost will vary proportionally and inversely with the number of bicycles produced during a production run.

D.

if the number of bicycles produced is increased by 30 percent, the fixed cost per unit will decline.

Question 111

Which of the following is a detective control for managing the risk of fraud?

Options:

A.

Awareness of prior incidents of fraud.

B.

Contractor non-disclosure agreements.

C.

Verification of currency exchange rates.

D.

Receipts for employee expenses.

Question 112

Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?

Options:

A.

Create an assurance map to illustrate each provider ' s level of assurance and planned activities for each area of the organization

B.

LIMIT© ricks inventory to identify the risks and controls in place and the relevant control owners.

C.

Rely on the risk and control and management testing information maintained for compliance with the regulatory framework

D.

Prepare a risk likelihood and impact heal map to prioritize assurance coverage coordination.

Question 113

The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?

Options:

A.

Request the internal audit activity to perform an ethics-related assurance engagement.

B.

Offer in-house ethics-related training seminars for employees to attend

C.

Reaffirm the importance of the organization ' s code of ethics to all employees

D.

Conduct an organization wide employee survey on ethical practices.

Question 114

An internal auditor is assigned to validate calculations on the organization ' s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?

Options:

A.

Generalized audit software.

B.

Utility software

C.

integrated test facilities

D.

Audit expert systems

Question 115

A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

Options:

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals.

C.

Suboptimal decision-making.

D.

Duplication of business activities.

Question 116

According to IIA guidance, when of the Mowing statements is true regarding an engagement supervisor ' s use of review notes?

Options:

A.

The engagement supervisor ' s review notes should be retained m the final documental or even after they are addressed.

B.

The engagement supervisor ' s review notes cannot be used as evidence of engagement supervision

C.

The engagement supervisor ' s review notes could be cleared from all final documentation after they are addressed

D.

The engagement supervisor ' s review notes must be maintained in a checklist separate from tie final documentation

Question 117

According to HA guidance, which of the following is the Key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?

Options:

A.

Review the organizational structure, management roles and responsibilities and operating procedures

B.

Evaluate management ' s risk assessment and the internal audit activity ' s risk assessment

C.

Assess process How and control documents used to meet regulatory requirements

D.

Review meeting notes from discussions involving management of the area to be reviewed.

Question 118

Which is the most appropriate evaluation criterion regarding the quality of audit engagement workpapers?

Options:

A.

Every workpaper should provide reasonable evidence of work conducted.

B.

Every workpaper should result in appropriately worded audit findings.

C.

Every workpaper should include a conclusion regarding the likelihood of fraud.

D.

Every workpaper should be approved by the engagement client.

Question 119

An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person Which of the following risks most appropriately describes this situation?

Options:

A.

Nonsampling risk

B.

Sampling risk

C.

Inherent risk

D.

Due diligence risk

Question 120

Considering the five-attribute approach to documenting deficiencies in an area under review which of the following answers the question. " What should be in place?’’

Options:

A.

Action plan

B.

Recommendation

C.

Condition

D.

Criteria

Question 121

Which of the following would be considered a violation of The IIA’s mandatory guidance on independence?

Options:

A.

The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer

B.

The board seeks senior managements recommendation before approving the annual salary adjustment of the CAE.

C.

The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit act/vity.

D.

The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline

Question 122

According to IIA guidance, when would an interim report typically be produced?

Options:

A.

During a standard audit engagement when management wants to address an issue before the final report is drafted.

B.

Following each workshop conducted during a consulting engagement.

C.

During lengthy audit engagements involving several organizational units.

D.

Following management ' s update tor actions taken on outstanding recommendations.

Question 123

Which statement best describes the benefit of using workpapers from recent internal audit engagements of the area under review to plan new engagements?

Options:

A.

Recent workpapers can help during the planning of a new engagement to understand any corrective actions taken by management to address previous engagement observations.

B.

Tests described in recent workpapers can be copied into the new workpapers to save time from reperforming a risk assessment.

C.

Recent workpapers serve as the best source for identification of the risks to be examined in the new engagement.

D.

The new engagement scope can be derived from recent workpapers to ensure the reperformance of engagement procedures.

Question 124

In which of following scenarios is the internal auditor performing benchmarking?

Options:

A.

The auditor compares information from one period with the same information from the poor period

B.

The auditor compares new information to his general knowledge of the organization

C.

The auditor compares information he collected with simmer information from another source

D.

The auditor compares expected outcomes with actual results

Question 125

Which of the following behaviors could represent a significant ethical risk if exhibited by an organization ' s board?

1. Intervening during an audit involving ethical wrongdoing.

2. Discussing periodic reports of ethical breaches.

3. Authorizing an investigation of an unsafe product.

4. Negotiating a settlement of an employee claim for personal damages.

Options:

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Question 126

An internal auditor developed a list of internal and external risk considerations across the organization ' s processes, developed a scale to assess each risk and allocated the relative importance of each risk. When of the following approaches did the auditor take?

Options:

A.

Top-down approach

B.

Process-Metrix approach

C.

Risk-factor approach

D.

Bottom up approach

Question 127

A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks. When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

Options:

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CCO and present the revised audit plan to the board for approval

Question 128

An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.

Which of the following techniques will help the audit team achieve this sampling objective?

Options:

A.

Systematic sampling.

B.

Stratified sampling.

C.

Stop-or-go sampling

D.

Discovery sampling.

Question 129

According to IIA guidance, which of the following statements best justifies a chief audit executive ' s request for external consultants to complement internal audit activity (IAA) resources?

Options:

A.

The organization ' s audit universe is extensive and diverse.

B.

There has been an increase in unanticipated requests for advisory work.

C.

Previous work provided by the external service provider has been of great quality and value.

D.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

Question 130

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization ' s attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

Options:

A.

The corporate risk register.

B.

The strategic plan.

C.

Internal and external audit reports.

D.

The board ' s meeting records.

Question 131

Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate

option for the chief audit executive?

Options:

A.

Appoint an independent fraud investigation specialist to work with the selected internal auditors.

B.

Organize in-house fraud investigation training sessions for selected internal auditors.

C.

Assign an experienced auditor to the engagement for a development opportunity.

D.

Hire a new internal auditor who possesses fraud investigation experience.

Question 132

According to IIA guidance, which of the following is based on the results of a preliminary assessment of risks relevant to the area under review?

Options:

A.

Audit findings

B.

Audit resources

C.

Audit objectives

D.

Audit plan

Question 133

During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?

Options:

A.

Scheme.

B.

Opportunity.

C.

Rationalization.

D.

Pressure.

Question 134

Which of the following factors should be considered when determining the staff requirements for an audit engagement?

    The internal audit activity ' s time constraints.

    The nature and complexity of the area to be audited.

    The period of time since the area was last audited.

    The auditors’ preference to audit the area.

    The results of a preliminary risk assessment of the activity under review.

Options:

A.

1 and 4 only.

B.

1, 2, and 5 only.

C.

2, 3, and 5 only.

D.

1, 2, 3, 4, and 5.

Question 135

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

Options:

A.

An independent third party has assessed the organization ' s system of internal controls to be adequate and effective.

B.

The chief audit executive reports both functionally and administratively to the CEO

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives

Question 136

According to IIA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

Options:

A.

To enable Triple Bottom Line reporting capability.

B.

To facilitate the conduct of risk assessment

C.

To achieve and maintain sustainable development.

D.

To fulfill regulatory and compliance requirements.

Question 137

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

Options:

A.

Senior management is charged with overseeing the establishment risk management and control processes.

B.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.

Operating managers are responsible for assessing risks and controls in their departments.

D.

Internal auditors provide assurance about risk management and control process effectiveness.

Question 138

Which of the following is one of the advantages of organizing the risk universe by processes?

Options:

A.

Interfaces between organizational units are captured during audits by processes

B.

Audits by processes are less time-consuming

C.

During audits by processes, managers are more open at interviews

D.

The advantage of audits by processes is true completeness

Question 139

Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?

Options:

A.

End the consulting engagement and report the results to management as planned

B.

Report the significant control issues to senior management and the board and recommend corrective action

C.

Mutually agree with the engagement client on corrective actions

D.

Focus on the consulting engagement and schedule an assurance engagement next to address the control issues

Question 140

A chief audit executive (CAE) a developing a work program for an upcoming engagement that will review an organization’s small contracting services. When of the following would the CAT need to consider most when developing the work program?

Options:

A.

The contracting department ' s staffing changes within the last year

B.

The certifications held by the internal auditors assigned to the engagement

C.

The internal audit activity ' s increase n budget and staffing for the year

D.

The organization ' s recent changes to how it processes payments

Question 141

After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the

organization. What is the most appropriate first step for the CAE to take?

Options:

A.

Discuss the issue with senior management.

B.

Discuss the issue only with the CEO.

C.

Inform the board.

D.

Discuss the issue with the members of management responsible for the risk area.

Question 142

Which of the following is required to classify, label, organize, and search big data stored and used in an organization?

Options:

A.

Metadata

B.

Data security

C.

A business application

D.

Data owner

Question 143

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

Options:

A.

To prepare for testing the effectiveness of controls

B.

To plan for evaluating potential losses

C.

To prepare a sampling plan for the engagement

D.

To evaluate the design of controls

Question 144

During planning, the chief audit executive submits a risk-and-control questionnaire to management of the activity under review. Which of the following statements is true regarding the questionnaire?

Options:

A.

It would be an inefficient way for internal auditors to address multiple controls in the activity under review.

B.

It would limit certain members of the internal audit team from being fully involved in the engagement.

C.

It would be the most effective way for the internal audit team to obtain a detailed understanding of the processes and controls in the activity to be audited.

D.

It would be an efficient way for the internal audit team to determine whether specified control activities are in place.

Question 145

New environmental regulations require the board to certify that the organization ' s reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization ' s compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?

Options:

A.

The audit committee of the board.

B.

The environmental, health, and safety manager.

C.

The organization ' s external environmental lawyers.

D.

The organization ' s insurance department.

Question 146

According to Maslow ' s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement^

Options:

A.

Esteem by colleagues.

B.

Self-fulfillment.

C.

Sense of belonging in the organization

D.

Job security.

Question 147

Which of the following situations is most likely to heighten an internal auditors professional skepticism regarding potential fraud?

Options:

A.

A procurement manager does not have the expected academic credentials for his position

B.

A salesperson frequently complains about the organization ' s policy on sales commissions.

C.

The accounts payable supervisor has requested advances against her monthly salary on several occasions

D.

A financial accountant is absent from work frequently due to regular medical procedures

Question 148

During an internal audit engagement, which of the following is true regarding the decision to use statistical sampling or nonstatistical sampling?

Options:

A.

The decision affects the test procedures performed.

B.

The auditor ' s response to errors detected will be influenced.

C.

The competence of the evidence obtained is greater with statistical sampling.

D.

Nonstatistical sampling may be more cost effective.

Question 149

An organization facing financial hardships is planning to reduce its internal audit function size without a reduction in workload. The organization plans to aid internal auditors by providing a generative artificial intelligence application that will process written responses from the activity under review to identify high-risk areas on which the remaining auditors will concentrate. Which of the following would be the most significant concern in this process?

Options:

A.

Slight variations in answers can result in very different risk assessments

B.

Generative artificial intelligence cannot make inferences out of free text responses

C.

Replacing auditor judgment with machine judgment is contrary to the Global Internal Audit Standards

D.

Poor acceptance of the new system by the activity under review will impact engagement outcomes

Question 150

A new internal auditor is overwhelmed by the number of tasks they need to complete at the engagement planning stage. Which of the following could support the auditor’s organization and delivery of planned work?

Options:

A.

Review the auditor ' s job description

B.

Create a checklist

C.

Develop a control questionnaire

D.

Prepare a fishbone diagram

Question 151

Which of the following statements is true regarding the use of internal control questionnaires (ICOs)?

Options:

A.

ICQs are efficient because they minimize the need for follow-up with survey respondents

B.

Controls with positive survey responses can be eliminated from further testing

C.

Answers to survey questions can be easily misinterpreted

D.

ICQs offer limited value for organizations with uniform procedures

Question 152

The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?

1. Use an external service provider.

2. Conduct a self-assessment with independent validation.

3. Arrange for a review by qualified employees outside of the IAA.

4. Arrange for reciprocal peer review with another CAE.

Options:

A.

1 and 2

B.

2 and 4

C.

1, 2, and 3

D.

2, 3, and 4

Question 153

Which of the following statements is true regarding the audit objective for an assurance engagement?

Options:

A.

Operational management must determine the audit objective in cooperation with the internal auditor

B.

The audit objective may be adjusted after the start of an engagement and it does not need to align with the assessed risks

C.

The audit objective must consider the possibility of fraud and noncompliance

D.

The audit objective may or may not consider the possibility of fraud depending on the assessed likelihood and impact

Question 154

The internal audit activity plans to assess the effectiveness of management ' s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

Options:

A.

Review corporate policies and board minutes for examples of risk discussions.

B.

Conduct interviews with line and senior management on current practices.

C.

Research and review relevant industry information concerning key risks.

D.

Observe and test control and monitoring procedures and related reporting.

Question 155

Which of the following types of policies best helps promote objectivity in the internal audit activity’s work?

Options:

A.

Policies that are distributed to all members of the internal audit activity and require a signed acknowledgment.

B.

Policies that match internal auditors ' performance with feedback from management of the area under review

C.

Policies that keep internal auditors in areas where they have vast audit expertise.

D.

Policies that provide examples of Inappropriate business relationships

Question 156

Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?

1.Ensure encryption keys meet ISO standards.

2.Determine whether an independent review of the service provider ' s operation has been conducted.

3.Verify that the service provider ' s contracts include necessary clauses.

4.Verify that only public-switched data networks are used by the service provider

Options:

A.

1 and 3.

B.

1 and 4

C.

2 and 3.

D.

2 and 4.

Question 157

Which of the following statements is true regarding managements use of judgement to design, implement, and conduct internal control?

Options:

A.

The use of judgment enhances managements ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.

introducing judgment generally diminishes managements ability to make good decisions about internal control

C.

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

Question 158

According to IIA guidance which of the following represents sufficient information?

Options:

A.

Information that is factual adequate and convincing

B.

Information that is best attainable through the use of appropriate engagement techniques

C.

Information that supports engagement objectives and recommendations

D.

Information that helps the organization meet its goals

Question 159

An internal auditor has discovered that duplicate payments were made to one vendor Management has recouped the duplicate payments as a corrective action Which of the following describes managements action in this case?

Options:

A.

A condition-based action plan

B.

A cause-based action plan.

C.

A root cause-based action plan.

D.

An effect-based action plan.

Question 160

Which of the following is true regarding the monitoring of internal audit activities?

Options:

A.

The form and content of monitoring policies could vary by industry

B.

The board of directors is responsible for the establishment of monitoring polities

C.

Both large and small audit departments must have written policies on monitoring.

D.

The chief audit executive must develop all monitoring policies related to the activity

Question 161

Which of the following is the primary purpose of financial statement audit engagements?

Options:

A.

To assess the efficiency and effectiveness of the accounting department.

B.

To evaluate organizational and departmental structures, including assessments of process flows related to financial matters.

C.

To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.

D.

To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.

Question 162

Which of the following best describes the engagement objective in a banking compliance audit?

Options:

A.

Assessing the cost-efficiency of business continuity plans

B.

Assessing whether the business continuity plans implement regulatory requirements

C.

Assessing whether the business continuity plans implement best practice recommendations

D.

Assessing the operating effectiveness of the business continuity plans

Question 163

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

Options:

A.

ISO 26000

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework.

Question 164

Which of the following is applicable to both a job order cost system and a process cost system ' ?

Options:

A.

Total manufacturing costs are determined at the end of each period.

B.

Costs are summarized in a production cost report for each department

C.

Three manufacturing cost elements are tracked: direct materials, direct labor, and manufacturing overhead.

D.

The unit cost can be calculated by dividing the total manufacturing costs for the period by the units produced during the period.

Question 165

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

Options:

A.

The financial interest the service provider may have in the organization.

B.

The relationship the service provider may have had with the organization or the activities being reviewed.

C.

Compensation or other incentives that may be applicable to the service provider.

D.

The service provider ' s experience in the type of work being considered.

Question 166

An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?

Options:

A.

The policies and procedures of the internal audit activity.

B.

The provisions of the internal audit charter.

C.

The authority of the CEO.

D.

The IIA ' s Code of Ethics.

Question 167

According to HA guidance, which of the following statements regarding audit workpapers is true?

Options:

A.

Audit reports should include the workpapers as a reference for the audit conclusions.

B.

The internal auditor ' s workpapers are the primary reference for reported control deficiencies.

C.

Ad-hoc communications with management of the area under review should be excluded from the workpapers.

D.

Both draft and final versions of workpapers should be saved at the end of the engagement

Question 168

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

Options:

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Question 169

During the planning process for a human resources audit, an internal auditor obtains an organizational chart. The auditor observes a flat organizational structure. Which of the below risks should the auditor consider for this engagement?

Options:

A.

Transactions and decision-making require multiple approvals, resulting in processing delays.

B.

Career and promotion paths are not easily visible and defined.

C.

Communication is likely to be top-down, with little feedback from lower-level employees.

D.

Employees have little autonomy, which may result in employee turnover or low morale.

Question 170

According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?

Options:

A.

The establishment of an audit approach and documentation system

B.

The standardization of workpaper terminology and notations

C.

The ability to reach consistent audit conclusions regardless of who performs the audit

D.

The application of documentation standards m an appropriate and consistent manner

Question 171

Which of the following would most Holy reflect the best possible engagement objectives?

Options:

A.

Engagement objectives derived from risk assessment results from a company ' s risk function experts.

B.

Engagement objectives derived from senior management ' s risk assessment results

C.

Engagement objectives derived from the mental audit activity ' s own risk assessment results

D.

Engagement objectives derived from risk assessment results from both senior management and the company ' s risk function experts

Question 172

Which of the following is true about surveys?

Options:

A.

A survey with open-ended questions is weaker than a structured interview

B.

A survey with closed-ended questions can produce quantifiable evidence

C.

A survey ' s participants are likely to volunteer information that was not specifically requested

D.

A survey, like inspections and confirmations are best used to test the operating effectiveness of controls

Question 173

According to IIA guidance, which of the following is least likely to be a key financial control in an organization ' s accounts payable process?

Options:

A.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Question 174

Which of the following best demonstrates internal auditors performing their work with proficiency?

Options:

A.

internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA ' s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Question 175

Which of the following is an appropriate activity when supervising engagements?

Options:

A.

During engagement planning, the audit work program should be discussed between auditors and the engagement supervisor with the supervisor approving the work program.

B.

During fieldwork, scope changes made to the work program are at the auditor ' s discretion and should be supported adequately in the workpapers.

C.

Engagement supervision is most critical to the fieldwork and reporting phases of the audit, as this is where the majority of the work takes place.

D.

A degree of high supervision to no supervision may be provided to an auditor depending on his level of competence and the complexity of the engagement.

Question 176

Which of The following best describes a risk that is deemed " unacceptable " to the organization?

Options:

A.

A risk where likelihood and impact are high

B.

A risk where inherent risk exceeds its residual risk

C.

A risk where inherent risk exceeds the tolerance level

D.

A risk where residual risk exceeds the tolerance level

Question 177

Senior management wants assurance that third-party contractors are following procedures as agreed with the organization. Which type of audit would be most appropriate

to achieve this objective?

Options:

A.

A compliance audit.

B.

A due diligence audit.

C.

A financial audit.

D.

An external audit.

Question 178

A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan. Which of the following approaches would be most beneficial to help the CAE obtain details of the internal audit activity ' s collective knowledge, skills, and other competencies?

Options:

A.

Review or establish a documented skills assessment of the internal audit staff and gather information from post-audit surveys.

B.

Obtain from the human resources department the job descriptions and position requirements for all internal audit staff.

C.

Conduct an objective written test of the internal audit staff to assess their knowledge and skills related to core internal audit competencies.

D.

Request the internal audit staff to submit a document that summarizes their most recent performance appraisals and post audit reviews.

Question 179

What is the primary purpose of creating a preliminary draft audit report?

Options:

A.

To save time during final report writing

B.

To meet the Standards requirement for developing a draft report prior to issuing a final report

C.

To use as a tool for communicating with management of the area under review.

D.

To require that management implements solutions to issues identified during the engagement

Question 180

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

Options:

A.

Determine process outputs.

B.

Determine process inputs.

C.

Determine process activities.

D.

Determine process goals.

Question 181

An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income Which of the following terms would the investor most likely label this investment in her portfolio?

Options:

A.

A star.

B.

A cash cow.

C.

A question mark.

D.

A dog

Question 182

According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization ' s cash disbursements process?

Options:

A.

The accounts payable supervisor, accounts payable manager, and controller.

B.

The accounts payable manager, purchasing manager, and receiving manager.

C.

The accounts payable supervisor, controller, and treasurer.

D.

The accounts payable manager, chief financial officer, and audit committee.

Question 183

Which of the following is most likely to be judged as a significant residual risk that would exceed the organization ' s acceptable risk level?

Options:

A.

Any risk involving organizational expansion into a new geographical area with an unstable political environment.

B.

Any risk involving investments into bitcoin and suspicious derivatives

C.

Any risk that can cause material or financial loss

D.

Any risk that could cause injuries or pollute the environment

Question 184

In order to obtain background information on an assigned audit of data center operations an internal auditor administers control questionnaires to select individuals who have primary responsibilities within the process. Which of the following is a drawback of this approach?

Options:

A.

It will be difficult to quantify the information obtained through this approach

B.

This approach does not help the auditor learn about the existence of controls

C.

It takes the auditor a long time to assess the relevant controls using this approach

D.

Information on control functionality is limited

Question 185

According to HA guidance, the chief audit executive is directly responsible for which of the following?

Options:

A.

Maintaining a quality assurance program even in the absence of management support

B.

Periodically reviewing and approving the internal audit charier

C.

Providing opportunities for all staff auditors to satisfy their professional development requirements

D.

Establishing the objectives scope and plan for each engagement

Question 186

The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?

Options:

A.

Judgmental sampling

B.

Random sampling

C.

Discovery sampling

D.

Statistical sampling

Question 187

An internal auditor completed a test of 30 randomly selected accounts. For five of the accounts selected, the auditor was unable to find supporting documentation in the normal place of storage. Which of the following next steps would be most appropriate for the internal auditor to take?

Options:

A.

Conclude that the test failed because at least 17 percent of the sample items were not supported.

B.

Select five new accounts to replace the ones that were missing supporting documentation.

C.

Expand the sample size to 60 to determine whether the error rate remains the same.

D.

Contact management to determine whether the supporting documentation can be located elsewhere.

Question 188

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

Options:

A.

To prepare for testing the effectiveness of controls.

B.

To plan for evaluating potential losses.

C.

To prepare a sampling plan for the engagement.

D.

To evaluate the design of controls.

Question 189

An examination of the accounts payable function evidenced multiple findings with respect to segregation of duties. After management ' s response and action plan are received and documented in the final report, which of the following is most appropriate?

Options:

A.

Follow up after the applicable changes have been incorporated to validate management’s response.

B.

Include the items in the scope of the next scheduled audit of the accounts payable function.

C.

Because management agreed with the findings, no further action is deemed necessary.

D.

Have an internal audit staff member placed into the accounting department until corrections are made.

Question 190

The audit plan of an internal audit function includes an assurance engagement of the organization’s cybersecurity protocols. However, the engagement supervisor assigned to execute the engagement identifies that the internal auditors with competencies in cybersecurity are scheduled for upcoming leave and are involved in other engagements. Those auditors would not be available to participate in the cybersecurity engagement. Which of the following would be the appropriate action for the engagement supervisor?

Options:

A.

Reassign the competent auditors immediately.

B.

Notify the board that the cybersecurity engagement cannot be performed due to a lack of competent resources.

C.

Suspend the cybersecurity engagement due to the lack of internal auditors with relevant competencies.

D.

Seek advice from the chief audit executive on appropriate actions related to the cybersecurity engagement.

Question 191

A chief audit executive (CAE) is trying to balance the internal audit activity ' s needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?

Options:

A.

Strategic sourcing

B.

Loan staff arrangement

C.

Flat organizational structure

D.

Hierarchical organizational structure

Question 192

Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?

Options:

A.

The person responsible for performing the task

B.

Two or more people that work in the area

C.

The supervisor in charge of the process

D.

The manager that wrote the steps to be followed

Question 193

Flowcharts are useful during audit planning because they contain information that may help internal auditors with which of the following?

Options:

A.

Understanding management ' s risk tolerance.

B.

Understanding business processes.

C.

Determining the size of the audit team needed to perform the review.

D.

Understanding organizational objectives.

Question 194

How should an internal auditor approach preparing a detailed risk assessment during engagement planning?

Options:

A.

Complete the risk assessment independently to prevent conflicts of interest with the function being reviewed.

B.

Work with external auditors to ensure that the risk assessment includes items reflected on the independent auditor ' s report.

C.

Work with management of the function being reviewed, as management would be most familiar with the business objectives and related risks.

D.

Consult with the compliance department, which typically has a more comprehensive view of the organization.

Question 195

To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?

Options:

A.

Assess controls for potential compliance issues that may affect me consolidation

B.

Brief vendors on the potential risks that will occur without continued business

C.

Advise division managers on how to streamline operations for better efficiency

D.

Determine whether the organization’s controls are effective in meeting business objectives

Question 196

An organization obtains maintenance personnel from a third-party service provider. The third-party service provider submits monthly timetables of contracted maintenance personnel and bills the organization on an hourly basis. Which of the following will most likely help an internal auditor validate the number of hours billed by the third-party service provider?

Options:

A.

Conduct a due diligence review of the third-party service provider

B.

Ask the third-party service provider to provide internal time-keeping records

C.

Obtain access logs from entrances to the organization ' s facilities

D.

Interview the manager responsible for contracting external personnel

Question 197

Which procedure should an internal auditor perform to determine the audit objective?

Options:

A.

Meet with the board to discuss emerging issues and concerns

B.

Conduct a risk assessment of the area under review

C.

Establish the boundaries of the engagement

D.

Outline what will be included in the review

Question 198

An organization must maintain a current ratio of at least 1.2 to comply with debt covenants. Its current ratio is now 0.9. Which year-end transaction can increase the current ratio?

Options:

A.

Paying off an overdraft debt using funds from another bank current account.

B.

Purchasing inventory using funds from long-term bank loans.

C.

Acquiring a new car through leasing.

D.

Factoring short-term accounts receivable in exchange for cash.

Question 199

According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?

Options:

A.

Enable training and development of staff, identify engagement objectives, and assign responsibilities to individual auditors.

B.

Identify engagement objectives, assign responsibilities to individual auditors, and approve the engagement program.

C.

Assign responsibilities to individual auditors, approve the engagement program, and enable training and development of staff.

D.

Approve the engagement program, enable training and development of staff, and identify engagement objectives.

Question 200

Which of the following best describes the manual audit procedure known as vouching?

Options:

A.

Testing the validity of information by following it backward to a previously prepared record

B.

Testing the accuracy of the control by reperforming the task or process required

C.

Soliciting and obtaining written verification of the accuracy from an independent third party

D.

Testing the completeness of information forward from a record to a subsequently prepared document

Question 201

Which of the following measures immediate short-term liquidity?

Options:

A.

Current ratio

B.

Profit margin

C.

Quick ratio

D.

Times interest earned

Question 202

Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?

1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.

2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.

3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.

4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 203

Which of the following information is most appropriate for the chief audit executive to share when coordinating audit plans with other internal and external assurance providers?

Options:

A.

Objectives scope and timing at a high level to support coordination while adhering to confidentiality requirements

B.

The area and timing of the audit engagement to ensure confidentially and avoid conflict of interest.

C.

All plan information, including risk assessments, planned tests and past results to maximize the opportunity for coordination with internal and external providers.

D.

No information should be shared with internal and external provider as it could introduce bias into the engagement results.

Question 204

In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?

Options:

A.

The auditor wants to receive mid-level management insight on how to improve hiring practices

B.

The auditor wants to obtain information on whether adherence to approval matrices is actually taking place in different maintenance units.

C.

The auditor wants to gain assurance that inventory counts are conducted in accordance with established procedures.

D.

The auditor wants to assess whether different subsidiaries apply centrally established procurement rules in the same manner

Question 205

' Internal policy prohibits employees from entering into contacts with financial obligations without proper approval.

A project manager signed a change to an important service agreement without obtaining the proper approval As a result the organization is receiving $5,000 per month less for its services.’’

Which of the following should be added to the observation?

Options:

A.

The reason for not following the internal policy

B.

A description of what constitutes proper approval

C.

The annual impact of the changed agreement on cash flows

D.

Details regarding when the change to the agreement was signed

Question 206

The audit engagement objective is to identify vendors who might be involved in money laundering processes or tax evasion schemes. How would the internal auditor use data analytics to fulfill this objective?

Options:

A.

Run reports listing all payments made in countries other than vendor locations

B.

Run reports listing all credit limit overrides

C.

Run reports listing all instances of delayed revenue recognition

D.

Run three-way match reports, matching invoices, purchase orders, and receiving reports

Question 207

What would be the effect if an organization paid one of its liabilities twice during the year, in error?

Options:

A.

Assets, liabilities, and owners ' equity would be understated.

B.

Assets, net income, and owners’ equity would be unaffected

C.

Assets and liabilities would be understated.

D.

Assets, net income, and owners’ equity would be understated, but liabilities would be overstated

Question 208

Which type of assurance engagement is conducted to determine whether a process or area is performing as intended, accomplishing its objectives, and doing so in an efficient and economical way?

Options:

A.

Compliance audit.

B.

Operational audit.

C.

Financial audit.

D.

Provider audit.

Question 209

According to IIA guidance, which of the following statements is true regarding due professional care?

Options:

A.

Internal auditors must exercise due professional care to ensure that all significant risks will be identified.

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist.

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost

Question 210

An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?

Options:

A.

Utility software

B.

Integrated test facility

C.

Parallel simulation

D.

Generalized audit software

Question 211

During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as the are earning a significantly higher salary. The auditor noted the names and amounts of each; and he planned to prepare a request to the chief audit executive for a salary Increase based on this Information. Which of the following IIA Code of Ethics principles was violated in this scenario?

Options:

A.

Competency.

B.

Objectivity.

C.

integrity

D.

Confidentiality

Question 212

According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?

Options:

A.

Degree of effort and cost needed to correct the reported condition.

B.

Complexity of the corrective action.

C.

Impact that may result should the corrective action fail.

D.

Amount of resources required to conduct the follow-up activities.

Question 213

Which of the following best describes the guideline for preparing audit engagement workpapers?

Options:

A.

Workpapers should be understandable to the auditor in charge and the chief audit executive.

B.

Workpapers should be understandable to the audit client and the board.

C.

Workpapers should be understandable to another internal auditor who was not involved in the engagement.

D.

Workpapers should be understandable to external auditors and regulatory agencies.

Question 214

Organizations that adopt just-in-time purchasing systems often experience which of the following?

Options:

A.

A slight increase in carrying costs.

B.

A greater need for inspection of goods as the goods arrive

C.

A greater need for linkage with a vendors computerized order entry system.

D.

An Increase in the number of suitable suppliers

Question 215

Which of the following types of resources is the most important and challenging to identify and allocate in order to perform an audit engagement?

Options:

A.

External resources.

B.

IT resources.

C.

Human resources.

D.

Monetary budget.

Question 216

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

Options:

A.

A description of their job responsibilities.

B.

A non-disclosure agreement

C.

An annual declaration of commitment to The HAs Code of Ethics.

D.

The internal audit charter

Question 217

Which of the following analytical procedures should an internal auditor use to determine whether monthly expenses for the accounting department are reasonable?

Options:

A.

Review year-over-year trending of total dollars spent in each period.

B.

Review changes to the vendor master file for suspicious activity.

C.

Review the percentage of on-time payments against prior periods.

D.

Review total expenses for accounting against other department expenses in the organization.

Question 218

According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization’s network and data ' ?

Options:

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.

Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause

C.

Applying administrative privileges to ensure right-to-access controls are appropriate

D.

Creating a standing cybersecurity committee to identify and manage risks related to data security.

Question 219

An internal auditor discovered that a new employee was granted inappropriate access to the payroll system Apparently the IT specialist had made a mistake and granted access to the wrong new employee. Which of the following management actions would be most effective to prevent a similar issue from occurring again?

Options:

A.

Remove the new employee ' s excessive access rights and request that he report any future access error.

B.

Perform a complete review of all users who have access to the payroll system lo determine whether there are additional employees who were granted inappropriate access

C.

Review the system activity log of the employee to determine whether he used the inappropriate access to conduct any unauthorized activities in the payroll system

D.

Provide coaching to the IT specialist and introduce a secondary control to ensure system access is granted in accordance with the approved access request.

Question 220

According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

Options:

A.

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B.

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

C.

The exit conference provides only anticipated results for inclusion in the final audit communication.

D.

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

Question 221

When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?

Options:

A.

The overall adequacy of the internal audit activity ' s resources

B.

The availability of guest auditors for the engagement

C.

The number of internal auditors used for the previous review of the same area.

D.

The available resources with the specific skill set required

Question 222

An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable parts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production. The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor ' s theory?

Options:

A.

Compare purchase orders generated from test data Input into the LAN with purchase orders generated from production data for the most recent period.

B.

Develop a report of excess inventory and compare the inventory with current production volume.

C.

Compare the parts needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

D.

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Question 223

Which of the following would most likely prompt special notification from the chief audit executive to same management?

Options:

A.

Operational management has decried to weigh an audit issue against the organization ' s risk tolerance

B.

A controls inaccurate operation has materially impacted the accuracy of the poor year ' s financial statements

C.

Occurrences of asset misappropriation have been identified as a result of an ineffective operational control design

D.

The controls that management performed to confirm compliance with health and safety standards were not systematically documented

Question 224

An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization ' s board under which of the tollowing circumstances ' ?

1. In the opinion of the CAE the level of residual risk assumed by senior management is too high

2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales

3. The cost of modifying the sales system to include a preventive control is less than S100.000

Options:

A.

1 only

B.

3 only

C.

1 and 3 only

D.

1, 2, and3

Exam Detail
Vendor: IIA
Certification: CIA
Exam Code: IIA-CIA-Part2
Last Update: Jul 13, 2026
IIA-CIA-Part2 Question Answers