Senior management asks the chief audit executive to review the organization’s compliance with recently introduced legislation on international transfer pricing. The review requires an internal auditor who thoroughly understands the legislation and pricing methods. The internal audit activity does not have an auditor with those skills.
Which of the following is the most appropriate course of action?
- A . Outsource the engagement to an external audit firm that has appropriate skills.
- B . Recruit a lawyer with knowledge of the legislation to the audit team and ask the new auditor to perform the engagement.
- C . Decline to perform the engagement, as the internal audit activity does not have the appropriate skill set.
- D . Carry out the engagement using existing internal audit staff to help them gain the appropriate experience.
Which of the following is an example of risk monitoring to ensure a system is performing as intended?
- A . Checking the progress of risk treatment plans
- B . Considering the consequence and likelihood of risks
- C . Documenting the risks and their areas of impact
- D . Communicating to management about risks
Senior management and the board have expressed concerns about the length of engagements and whether their outcome aligns with the organization’s strategies and objectives.
Which of the following actions, if taken by the chief audit executive, could address these concerns?
- A . Communicating to internal audit staff instructions for completing engagements within shorter time periods.
- B . Requesting additional funding from the board to train internal audit staff on time and resource management.
- C . Implementing the use of agile auditing during engagements to meet expectations.
- D . Encouraging internal audit staff to participate in workshops to further develop their understanding of the organization’s strategies.
Which of the following statements best represents the duo professional care that is required of internal auditor’s?
- A . Internal auditors should perform assurance procedures to ensure that all significant risks are identified.
- B . Internal auditor should not perform consulting engagements for operations for which they had previous responsibilities.
- C . Internal auditors should consider the cost of assurance in relation to the potential benefits.
- D . Internal auditors should device internal audit programs to confirm that the results are accurate.
Due to unfavorable economic conditions management decided to postpone new investments for the next year.
Which of the following best describes the risk management strategy used to address this situation?
- A . Risk mitigation
- B . Risk avoidance
- C . Risk reduction
- D . Risk transfer
Which of the following is true about corporate social responsibility (CSR)?
- A . Social and environmental considerations are required parts of an organization’s decision making
- B . The Global Reporting Initiative provides standards on required disclosures of CSR.
- C . CSR activities are overseen and managed by operational management.
- D . Internal auditors can provide assurance on reported sustainability results.
The same internal auditor has audited the regional purchasing department annually for the last three years. The audits have shown several significant control deficiencies that have not been corrected by management. New management is in charge of this regional purchasing department, and it is time to audit the department again.
What concerns should be considered prior to assigning the audit to the same auditor?
- A . Intimidation threats may compromise the auditor’s objectivity due to multiple negative audit reports completed by the auditor.
- B . The auditor has reviewed the department annually for the last three years, leading to familiarity, which can impact the internal audit activity’s independence.
- C . A negative cognitive bias may be in place that affects the employee’s objectivity due to the recent audits with uncorrected control deficiencies.
- D . The auditor may have formed a cultural bias, as the department under review is in the auditor’s geographic area.
Which of the following scenarios violates The IIA’s standard regarding internal audit independence?
- A . The chief audit executive (CAE) reports on the internal audit activity’s day-to-day tasks and responsibilities to the CEO.
- B . An assessment of the risk management function is reviewed by an outside consulting firm because the CAE is temporarily fulfilling the role of risk manager.
- C . The CAE regularly meets with the organization’s chief risk officer, who validates all reported audit findings and dictates which will be Included In the package to the audit committee.
- D . The internal audit activity will experience staffing shortages for the next six months due to planned and unplanned leaves of absence; therefore the CAE proposed including fewer
audits in the annual audit plan compared to the previous financial year.
Which of the following concepts is emphasized in the Mission of Internal Audit?
- A . Support of good governance and controls.
- B . Enhancement of organizational value.
- C . Protection of tangible and intangible assets.
- D . Provision of professional advisory and assurance services.
Which of the following situations is most likely to prompt the internal audit activity to disclose its nonconformance with the Standards?
- A . One of the organization’s senior internal auditors owns a side business, though to date, no sales have been made to this business.
- B . The annual internal audit plan includes performance audits of main business processes, but reviews of high-risk development projects were not considered.
- C . The internal audit activity committed to carrying out an audit of documentation on investment hedging, and a hedging expert was contracted to assist with the engagement.
- D . A periodic quality self-assessment of the internal audit activity identified a number of improvement areas with regard to key performance indicators.
A subsidiary of the organization was preparing for an initial public offering (IPO). Af the request of the audit committee, the chief audit executive (CAE) and all senior audit staff were actively involved in the process by helping collect and validate financial data, conducting assessments, and participating in meetings with IPO advisors. Six months later, it became obvious that the IPO had to be canceled. Newly appointed audit committee members requested an assurance engagement that v/ould assess the IPO preparation process.
Which of the following would be the best course of action for the chief audit executive (CAE) to take?
- A . The decision to involve auditors in the IPO was made by former audit committee members; therefore, the CAE is not responsible and can proceed with the new assignment.
- B . The CAE should reject the assignment, as such engagements are beyond the scope of auditors who are usually not familiar with root cause analysis methodology.
- C . The engagement should be undertaken by audit assistants and other junior staff members who were not involved in the IPO process.
- D . The CAE should disclose objectivity limitations to the audit committee and suggest alternatives, such as outsourcing the engagement.
Which of the following would be the most suitable internal control framework for an organization to adopt?
- A . A framework that specifies common best practices for an organization to evaluate and benchmark.
- B . A framework that specifies correct and incorrect business methodologies.
- C . A framework with precise specifications for how controls and processes should be employed.
- D . A framework that offers step-by-step guidance for remedial action for all organization types.
Which of the following specifications in an internal audit charter is the most important factor in the internal audit activity’s independence?
- A . Description of internal audit activity’s responsibilities
- B . Definition of internal auditing
- C . Statement of internal audit activity’s authority
- D . Description of internal audit activity’s reporting structure
Which of the following offers the feast evidence that the internal audit activity has achieved organizational independence?
- A . An independent third party has assessed the organization’s system of internal controls to be adequate and effective.
- B . The chief audit executive reports both functionally and administratively to the CEO.
- C . The internal audit charter is drafted properly and approved by the appropriate parties.
- D . The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.
According to HA guidance, which of the following would best support the internal auditor’s conclusion that the organization’s risk management processes are effective?
- A . The organization has identified all applicable operational and financial risks.
- B . The organization has documented its strategic and business objectives.
- C . The organization has selected risk responses aligned with its risk appetite.
- D . The organization has documented risk information pertinent to its business.
The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program.
Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?
- A . The internal audit charter does not identify which audit services are outsourced
- B . The internal audit charter has not been reviewed by the legal department
- C . The internal audit charter has not been approved by the board within the past year
- D . The internal audit charter does not describe the authority of the internal audit activity
While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company’s engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department.
What is the most appropriate course of action for the CAE to take?
- A . Include the engineering department on the audit plan, use the available internal audit resources to conduct the review, and exclude procedures that cannot be adequately assessed.
- B . Advise management to accept the assessed risk until the internal auditors are able to review the area adequately.
- C . Recruit internal auditors with the required competencies and wait until they are employed before including this audit on the internal audit plan.
- D . Proceed with a review of the engineering department but supplement the internal audit team with nonauditors from an external engineering company who have the required skills to assist
Which of the following statements is the most appropriate example of the internal audit activity exercising due professional care during an audit of the payroll department?
- A . Internal auditors ensure that the work program is appropriately designed in order to identify all of the risks surrounding the payroll process.
- B . Internal auditors determine whether the policies, procedures, and practices of the payroll department are operating in accordance with relevant laws.
- C . Internal auditors verify whether the board of directors has implemented effective internal controls over the processes used by the payroll department.
- D . Internal auditors ask the organization’s risk manager to determine whether the degree of work planned is sufficient to determine whether payroll payments were complete and accurate.
Which of the following principles of The IIA’s Code of Ethics implies that internal auditors should refrain from performing assurance services when there is an impairment to audit independence that has not been declared?
- A . Confidentiality.
- B . Objectivity.
- C . Integrity.
- D . Competency.
Which of the following practices is generally most effective to protect internal audit objectivity?
- A . Ensuring regular documentation of auditor skills and experience in the workpapers.
- B . Basing performance evaluations heavily on customer satisfaction surveys.
- C . Prohibiting auditors from accepting gifts from audit clients or potential clients.
- D . Ensuring that auditors have a balance of both operational and internal audit responsibilities.
Which of the following actions would be most effective to help an internal auditor determine how successful the organization has been in communicating the existence of its ethics hotline?
- A . Reviewing the number of anonymous hotline allegations against employee complaints.
- B . Surveying employees to determine whether they are aware of the hotline.
- C . Benchmarking the average time to investigate hotline complaints.
- D . Tracking the number of hotline allegations per total number of employees.
Which of the following practices, applied by the chief audit executive {CAE), most likely indicates an effective continuing professional educational program for the internal audit activity?
- A . The CAE tasks internal auditors with coordinating assurance activities with other providers across the organization.
- B . The CAE encourages auditors to volunteer to support research work of the local professional institute.
- C . The CAE requires auditors to periodically attest to the profession’s Code of Ethics.
- D . The CAE reminds auditors to ensure workpapers are completed for audit engagements.
Which of the following organizational practices is likely to be a part of a corporate social responsibility program?
- A . A mining company practices backfilling and planting trees after mining within an area.
- B . A construction company ensures that its workers are paid at the regulated minimum wage.
- C . A foods manufacturer sources cheap raw materials to generate higher profits for distribution to its employees.
- D . A bank listed on the national stock exchange consistently pays dividends to its shareholders.
Which of the following can be used to minimize employees’ resentment of controls?
- A . Making sure employees are exempt from participating in control creation
- B . Implementing controls without lengthy explanations of their purpose
- C . Developing general constricting controls rather than detailed ones
- D . Not using controls to achieve goals
When the chief audit executive Is responsible for risk management in an organization, which of the following parties is responsible for overseeing the internal audit activity’s assurance over risk management?
- A . The chief audit executive.
- B . A member of the compliance function.
- C . A party outside of the internal audit activity.
- D . A member of the risk management function.
According to IIA guidance, which of the following statements is true regarding consulting engagements performed by the internal audit activity?
- A . Consulting engagements typically involve four or five parties: the internal audit activity, engagement client, senior management, board, and sometimes the external auditor.
- B . The scope of a consulting engagement is determined by either the engagement supervisor or chief audit executive, and it is finalized prior to beginning fieldwork.
- C . According to the Standards, internal auditors are permitted to carry out certain management functions during a consulting engagement.
- D . A preliminary risk assessment may not be needed for consulting engagements, because the expectations and objectives of the engagement are determined by the engagement client.
The internal auditor of a small manufacturer noted that the accounting department has insufficient staff to achieve proper segregation of duties.
What type of controls would the auditor likely recommend to management to specifically address this problem?
- A . Entity-level.
- B . Preventive.
- C . Directive.
- D . Compensating.
Which of the following describes the primary objective when implementing a risk management framework?
- A . To achieve planned profitability for business expansion.
- B . To enhance an organization’s confidence in achieving strategy.
- C . To strengthen corporate governance standards.
- D . To eliminate business risks and uncertainties.
During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids.
Which of the following would be the most effective preventative control to reduce these losses?
- A . Ensure that returned merchandise is restocked to shelves or sent to the manufacturer by an independent employee.
- B . Call a sample of customers who returned merchandise to test the legitimacy of the returns and check refund amounts.
- C . Require that a manager use a reserved register code to approve voids or refunds.
- D . Analyze voids and refunds by employee, credit card number, and amount for unusual numbers, amounts, or patterns.
Which of the following controls would be most useful to prevent an employee from using the organization’s funds for inappropriate expenditures and falsifying financial records to conceal the fraud?
- A . Segregating duties in the payroll processes.
- B . Confirming receipt of goods or services.
- C . Performing background checks on newly hired employees.
- D . Requiring management approval for expenses.
Which of the following controls would be most useful to prevent an employee from using the organization’s funds for inappropriate expenditures and falsifying financial records to conceal the fraud?
- A . Segregating duties in the payroll processes.
- B . Confirming receipt of goods or services.
- C . Performing background checks on newly hired employees.
- D . Requiring management approval for expenses.
Which of the following controls would be most useful to prevent an employee from using the organization’s funds for inappropriate expenditures and falsifying financial records to conceal the fraud?
- A . Segregating duties in the payroll processes.
- B . Confirming receipt of goods or services.
- C . Performing background checks on newly hired employees.
- D . Requiring management approval for expenses.
Which of the following controls would be most useful to prevent an employee from using the organization’s funds for inappropriate expenditures and falsifying financial records to conceal the fraud?
- A . Segregating duties in the payroll processes.
- B . Confirming receipt of goods or services.
- C . Performing background checks on newly hired employees.
- D . Requiring management approval for expenses.
Which of the following controls would be most useful to prevent an employee from using the organization’s funds for inappropriate expenditures and falsifying financial records to conceal the fraud?
- A . Segregating duties in the payroll processes.
- B . Confirming receipt of goods or services.
- C . Performing background checks on newly hired employees.
- D . Requiring management approval for expenses.
It describes the expectations for communicating the results of a quality assurance and Improvement program.
- A . 1 and 4 only.
- B . 3 and 4 only.
- C . 1.2. and 4.
- D . 2. 3. and 4.
The chief audit executive (CAE) has hired a new internal auditor who was immediately assigned to a procurement function audit. Because the new auditor’s name is similar to that of the procurement manager, some staff members think the two are related, although they are not.
Which of the following actions is most appropriate for the CAE to take?
- A . Take no action, as there is no impairment to independence.
- B . Remove the new internal auditor from the engagement team.
- C . Discuss the matter with the appropriate personnel to alleviate concerns.
- D . Closely supervise the new auditor and carefully review his work.
There is a growing perception that employees generally evade their responsibilities.
What impact will an internal auditor most likely see during an engagement?
- A . Supervisors are likely to reduce their level of supervision and increase span of control.
- B . Employees are likely to be supervised closely and given little freedom.
- C . Peer employees are likely to trust one another, but distrust management.
- D . Employees are likely to join forces to accomplish their duties as teams.
Which of the following statements is the most appropriate for a chief audit executive to include in the internal audit policy manual in order to promote objectivity?
- A . Internal auditors may conduct a financial effectiveness engagement in a business unit at any point after being transferred from that area.
- B . Internal auditors may conclude that a business unit’s current control environment is adequate and effective if the review of the prior year’s workpapers and audit report supports that conclusion.
- C . Internal auditors may conduct an engagement in a business unit at any point after providing a training workshop in that area.
- D . Internal auditors should limit the scope of an engagement if they become aware of a potential impairment of their objectivity in order to reduce the potential impact of the impairment on the engagement results.
Which of the following written documents typically offers the best evidence that internal auditors exercise due professional care in conformance with the Standards?
- A . Internal audit charter.
- B . Workpaper.
- C . Audit report.
- D . Code of ethics.
An organization is considering purchasing a new banking software system and has asked the internal audit activity to evaluate the system. An internal auditor assigned to perform the engagement worked at the software company two years ago and is familiar with the system’s design strengths and weaknesses.
Which of the following is true regarding impairment to the auditor’s objectivity?
- A . This situation does not necessitate any action related to the auditor’s objectivity.
- B . The auditor should decline to perform the audit because personal conflicts of interest are likely.
- C . The auditor must disclose to the chief audit executive that this situation may impair her objectivity.
- D . The auditor can provide only consulting services, not assurance.
A new internal audit activity is considering the adoption of a risk and control framework.
Which of the following is the most appropriate consideration during this process?
- A . The framework should not be developed by the internal audit activity
- B . The framework should apply to individual projects rather than the organization as a whole
- C . The framework should always be tailored to the organization
- D . The framework should require fewer resources to implement
If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable resolution?
- A . Politely decline the engagement due to a lack of qualified staff available at the time.
- B . Complete the engagement as requested, with the best of the current staffs abilities.
- C . Consider using employees from other departments in the organization on the audit team.
- D . Change the scope of the testing to ensure that only available staff proficiencies are used
What is the primary purpose of The IIA’s Code of Ethics?
- A . Communicate specific activities appropriate to the performance of internal auditing
- B . Promote ethical culture within corporations and other business organizations
- C . Establish mandatory standards of competence for the practice of internal auditing
- D . Establish principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing
A chief audit executive (CAE) has been asked by the board to evaluate the effectiveness of ethical programs created by management.
Which of the following would be the most appropriate action for the CAE to take?
- A . Compare the design of the organization’s ethical programs with best practices.
- B . Verify that a code of conduct and related policies exist and are communicated.
- C . Use employee surveys to assess whether ethical programs are achieving desired outcomes.
- D . Compare the cost of the ethical programs with the achieved outcomes.
An internal audit of warehouse inventory revealed no material deficiencies. However, management later discovered fraud, which occurred during the period that was audited, and determined that a major control deficiency allowed the fraud to occur.
Given management’s discovery, which of the following statements is valid?
- A . The internal auditors violated the standard for due professional care because they did not detect the fraud, even though it occurred during the period that was reviewed.
- B . The internal auditors should have had sufficient knowledge of fraud to identify red flags indicating possible fraud.
- C . The internal auditors could not have detected the fraud due to collusion among employees in the inventory unit.
- D . The internal auditors are not responsible for considering fraud risk, which is a management responsibility.
An external assessment was performed as part of the organization’s quality assurance and improvement program.
Which of the following conclusions confirms that the internal audit activity is in conformance with the Standards’?
- A . The chief audit executive is well qualified and has responsibilities over operational areas that the internal audit activity assesses.
- B . Periodic self-assessments are assigned to entry-level internal audit staff to support their continuing professional development.
- C . All audit workpapers are reviewed and signed by the engagement supervisor before the audit report is issued.
- D . Employees who rotate into the internal audit activity from other areas of the organization are assigned to audit areas where they previously worked, to take advantage of their operational expertise and experience.
Management decided to post the organization’s newly established code of conduct on its website.
This decision is primarily intended to mitigate which of the following risks?
- A . Accountability risk.
- B . Communication risk.
- C . Knowledge risk.
- D . Cultural risk.
Which of the following would best describe a control implemented to detect cash register disbursement fraud in a large retail store?
- A . Separate the duties of processing and authorizing refunds on merchandise
- B . Post signs in the register area prompting customers to ask for and examine their sales receipts
- C . Periodically count the cash in the register and compare it to the expected amount
- D . Use cash registers with internal tapes that are tamper proof and that require a manager to process voids or refunds
A chief audit executive (CAE) recruited a few new internal auditors to reduce the resource gaps identified in this year’s internal audit plan. One of the new recruits has several years of experience with the organization. Ten months ago. she served as a senior supervisor in the finance department. However, for the past 10 months, she has been helping the organization with implementing a new IT system.
What approach should the CAE take for the upcoming financial statement controls audit?
- A . Assign the new auditor to assist with conducting the fieldwork. but ensure that her work is reviewed by the CAE.
- B . Assign the new auditor to assist with developing the audit program, but ensure that the audit program is executed by other audit staff.
- C . Ensure that the new auditor’s previous manager, and other close former coworkers, are excused during the audit.
- D . Ensure that the new auditor is responsible only for the supervisory review, but not the execution of the audit field work.
The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigator.
Which of the following would most likely be the next step?
- A . Ask internal auditors to gather all relevant information and evidence.
- B . Identify and interview witnesses first and potential suspects later.
- C . Conduct a fraud risk assessment to identify the most vulnerable areas.
- D . Determine the competencies needed and assess whether team members have a conflict of Interest.
Which of the following relates to the concept of due professional care?
- A . An auditor attempts to obtain information needed to complete an assurance engagement but is denied access.
- B . The appointment of the chief audit executive is ratified by the board.
- C . An auditor demonstrates a good understanding of the steps involved in carrying out a consulting engagement.
- D . The internal audit resource plan is only approved by the chief financial officer.
Internal controls belong to which risk response category?
- A . Reduction.
- B . Avoidance.
- C . Sharing.
- D . Acceptance.
An internal auditor assessed the controls within his organization’s payroll process and suspects that erroneous payments may have been made to a fraudulent bank account.
What is the best course of action for the auditor to take?
- A . Speak to the payroll manager so he may investigate the auditor’s observations.
- B . Continue to investigate the payments to confirm the accuracy of the observations, and determine whether further fraudulent payments have been made.
- C . Stop the audit and report the findings to senior management immediately.
- D . Escalate the concern to the engagement supervisor.
Prior to commencing a financial compliance engagement, the engagement supervisor reads the business plan for the finance department and meets informally with the director to learn more about any key issues.
Which of the following competencies is the engagement supervisor demonstrating?
- A . The ability to inspire trust
- B . The ability to communicate effectively
- C . The ability to display courage
- D . The ability to understand the needs of stakeholders
Which of the following would a chief audit executive most likely use to identify a need for improvement in a staff internal auditor’s business acumen?
- A . A quality assessment review.
- B . An internal audit client survey.
- C . A control self-assessment.
- D . A peer review of the internal audit activity.
According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization’s social responsibility program is effective?
- A . Senior management
- B . Internal audit activity.
- C . All employees.
- D . Board of directors.
Which of the following statements best describes a functional difference between external auditors and internal auditors?
- A . Internal auditors evaluate past achievements to understand whether controls are operating effectively, and external auditors focus on the accuracy of financial reporting.
- B . Internal auditors provide assurance about the sufficiency of controls to manage risks. Including risks of failure to achieve future goals, and external auditors evaluate the accuracy and understandability of financial reporting.
- C . internal auditors are always employed by the organization, rather than outsourced, and external auditors are never employed by the organization but contracted independently.
- D . Internal auditors are most directly concerned with the detection of fraud, while external auditors are most directly concerned with the prevention of fraud.
Which of the following risk management techniques best describes the strategy of obtaining insurance to protect against losses due to bad weather conditions?
- A . Risk avoidance
- B . Risk reduction
- C . Risk acceptance
- D . Risk sharing
An internal auditor is reviewing employee travel expenses from the previous six months for fraud.
Which of the following tests would best detect instances where personal travel has been claimed?
- A . Verifying whether claims have been properly authorized for payment
- B . Verifying whether claims are properly supported by invoices or other documents.
- C . Confirming that all claims are within the limits of the organization’s travel policy.
- D . Reconciling claims against business the requests that were approved by supervisors
IT management requires all employees in the IT department to attend annual training on the department’s mission values and key performance measures
This activity is designed to prevent which of the following conditions?
- A . Knowledge’s kills gap
- B . Monitoring gap
- C . Accountability/reward failure
- D . Communication failure
An internal auditor notes that inventory counts are conducted on Mondays only and that all documentation is on paper as there are no computers in the underground warehouses. Also she notices that the person responsible for receiving the goods is the same one who distributes materials and spare parts Finally, she sees that spare parts are written off and taken by the heads of mining units to different underground locations to wait for their turn to be installed.
Which of the described findings requires more consideration from a fraud risk perspective?
- A . The job responsibilities of the warehouse employee compromise segregation of duties
- B . Spare parts are written off before their actual usage and installation
- C . Warehouse management is conducted on paper and requires further investigation
- D . The inventory counts take place on specific days of the week for no apparent reason
Regarding the chief audit executive (CAE). which of the following is considered an impairment to the independence of the internal audit activity?
- A . The CAE reports administratively to the CEO.
- B . The CAE is asked to submit the liquidation of her travel allowances to human resources for approval.
- C . The CAE’s supervisor is responsible for the risk management function.
- D . The CAE is asked to review new procedures before implementation.
In which of the following ways can a whistleblower hotline serve as a prevent Aative control?
- A . Third parties who operate the hotline ensure anonymity for whistle blowers.
- B . Whistleblower tips help discover wrongdoings and violations of the code of conduct. Potential perpetrators of fraud know that their actions can be reported easily.
- C . Better investigation protocols are triggered by the whistleblower hotline.
Which of the following items related to the quality assurance and improvement program should the chief audit executive report to the board?
- A . Ongoing monitoring results
- B . Periodic management assessment results
- C . Annual risk assessment results
- D . Internal auditors’ training evaluation results
What would be the proper sequence of steps for an internal auditor to take in order to draw a conclusion on internal control effectiveness and adequacy after ascertaining the key controls?
- A . Evaluate the adequacy of the controls and then test the controls for effectiveness.
- B . Test the controls for effectiveness and then evaluate the adequacy of the controls.
- C . Identify risks and then evaluate the controls for effectiveness.
- D . Evaluate the controls for effectiveness and then assess the risks in the area.
Which statement is accurate regarding reporting on the quality assurance and improvement program (OAIP) to conform with the International Standards for the Professional Practice of Internal Auditing?
- A . The chief audit executive (CAE) should report all stages of the OAlP’s development and key milestones.
- B . The CAE should report only corrective action plans that meet external assessor or stakeholder requirements.
- C . The CAE should establish the form and content of program communication so that it is in alignment with the internal audit activity charter.
- D . The CAE should disclose program details only after both internal and external assessments have been completed.
Which of the following best demonstrates internal auditors performing their work with proficiency?
- A . Internal auditors meet with operational management at each phase of the audit process.
- B . Internal auditors adhere to The IIA’s Code of Ethics.
- C . Internal auditors work collaboratively with their engagement team.
- D . Internal auditors complete a program of continuing professional development.
A global manufacturing company has three regional offices. The chief audit executive (CAE) is concerned about the cost of an upcoming external quality assessment of the internal audit activity. The last external assessment was performed six years ago. Recently, the internal audit staff at one of the regional offices performed an internal assessment.
To ensure conformance with the Standards, what is the most appropriate action for the CAE to take?
- A . Request from the audit committee an additional budget and an extension so that the external assessment could be performed next year.
- B . Review the results of the internal assessment, identify weaknesses, and implement improvements at the remaining offices.
- C . Request the regional office that performed the internal assessment to perform an assessment of the remaining offices.
- D . Request that an external assessor validate the results of the internal assessment and review the remaining offices.
Which of the following describes the most appropriate match between a potential temporary guest auditor candidate and an upcoming audit assignment?
- A . A purchasing manager with two years of prior audit experience in public practice to lead a contracts management audit
- B . A communications officer who worked in the marketing department during the last six months to conduct a customer loyalty program audit
- C . A manager of social responsibility who has a nursing background to participate m a health and safety audit for the corporate office and plant facilities
- D . An accounting manager who discovered and reported fraud committed by a payables clerk to conduct a performance audit of accounts payable
With regard to the internal audit activity’s quality assurance and improvement program, which of the following must be reported to the board?
- A . A statement of independence of the organization’s internal auditors.
- B . Meeting minutes with the assessment team, if key risks were identified and discussed.
- C . Frequency of the quality assessments being performed.
- D . Summary of previous internal assessments undertaken.
What is the best course of action when the internal audit activity does not have the knowledge necessary to perform a planned audit of the organization’s new IT data backup process?
- A . Postpone the audit engagement to a later date.
- B . Recruit and hire a full-time staff auditor who is proficient in data backup processes.
- C . Change the plan from an assurance engagement to a consulting engagement.
- D . Provide data backup training to the engagement supervisor.
With regard to governance, which of the following is a board-level responsibility rather than a management responsibility?
- A . Obtaining assurance on external financial, regulatory, and internal audits.
- B . Complying with laws, regulations, and codes.
- C . Assigning authority and responsibilities organization wide.
- D . Monitoring and measuring performance.
An internal auditor found that his organization did not make a disclosure that is required by law. However, the auditor decided not to raise an audit finding.
Which of the following Code of Ethics principles was violated?
- A . Objectivity.
- B . Integrity.
- C . Proficiency.
- D . Confidentiality.
Who has the ultimate responsibility of implementing the organization’s governance system?
- A . Stakeholders
- B . The board
- C . The chief executive officer
- D . Internal auditors
A senior executive at a government-owned organization received an invitation to attend a public exhibition where he can learn about new trucks relevant to the organization’s business. As a special perk, the executive is offered an opportunity to drive a luxury vehicle manufactured by one of the exhibiting companies. Prior to the event, the executive asked for the chief audit executive s (CAE’s) advice.
What should the CAE recommend as the most appropriate course of action for the executive?
- A . Attend the event, but decline the offer to use the luxury vehicle
- B . Decline the invitation to the exhibition.
- C . Ask the board to decide on the issue.
- D . Select a lower-level employee to enjoy the luxury vehicle instead
Which of the following best describes a consulting engagement rather an assurance engagement?
- A . Bank internal auditors review an activity checklist to determine that the loan officer followed proper procedures.
- B . The chief financial officer asks for the internal auditor’s opinion regarding whether the new accounting pronouncements were properly and comprehensively adopted
- C . An internal auditor is assigned to assess whether a proposed new initiative to convert a customer service system would be cost effective.
- D . Senior management asks the internal audit activity to review compliance with customer data security regulations
An internal auditor at a multinational organization is reviewing the effectiveness of the organization’s risk management framework.
In this scenario, which of the following statements is true?
- A . The auditor should consider local cultures and customs in various regions when assessing control effectiveness.
- B . Regardless of their location, employees at all levels share responsibility for designing effective controls to mitigate risks.
- C . To achieve an effective internal control environment, the organization’s risk management plan must be documented and communicated to all levels throughout each region.
- D . Setting clear objectives is a precondition to effectively identifying, assessing, and responding to the organization’s risks.
According to IIA guidance, the internal audit activity must be free from interference in which of the following areas in order to maintain organizational independence?
- A . Monitoring resources.
- B . Compensating the chief audit executive.
- C . Determining scope.
- D . Allocating internal costs.
Which of the following describes a primary responsibility for the internal audit activity in helping management maintain effective controls?
- A . Promoting continuous evaluation
- B . Promoting continuous monitoring
- C . Promoting continuous improvement
- D . Promoting continuous reporting
Which of the following practices is generally most effective to protect internal audit objectivity?
- A . Ensuring regular documentation of auditor skills and experience in the workpapers.
- B . Basing performance evaluations heavily on customer satisfaction surveys.
- C . Prohibiting auditors from accepting gifts from audit clients or potential clients.
- D . Ensuring that auditors have a balance of both operational and internal audit responsibilities.
Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?
- A . Fewer internal audits
- B . More effective interviews
- C . Automated risk management strategy tools
- D . Reduced assurance costs
According to HA guidance, which of the following is true regarding independence and objectivity for small internal audit activities?
- A . The chief audit executive (CAE) may consider including a disclaimer on independence in audit reports.
- B . The CAE may consider greater involvement of those with suitable knowledge of audit practice.
- C . Conformance with this Standard is not dependent upon the size of the internal audit activity.
- D . Due to the small size of the internal audit activity, having an external assessment once every seven years is acceptable.
According to the Standards, in today’s technology and business environments, how much computer and information systems-related knowledge and skills must an internal auditor have to be effective in fulfilling his job responsibilities?
- A . Auditors must have an IT specialty in at least one of their organization’s key information technology systems.
- B . Auditors must be proficient in data analysis and computer assisted audit techniques for their organization.
- C . Auditors must understand their organization’s integrated test facilities and generalized audit software.
- D . Auditors must understand their organization’s IT governance, risk, and control processes.
Which of the following actions best demonstrates an internal auditor exercising due professional care?
- A . Testing an entire population, even when a sample would suffice
- B . Using technology and data analysis techniques for efficiency
- C . Enhancing knowledge, skills, and other competencies through professional development
- D . Establishing audit objectives, performing audit tests, and implementing missing controls
According to The IIA’s Competency Framework, which competency is considered the mandatory minimum for internal auditors to possess when performing internal audit engagements?
- A . To recognize red flags that indicate fraud.
- B . To recommend controls to prevent fraud.
- C . To apply forensic auditing techniques to detect fraud.
- D . To evaluate the potential for fraud.
An internal audit activity is taking steps to promote professional development among the staff, and is in the process of implementing a mentorship program.
According to HA guidance, which of the following is important for a successful mentorship program?
- A . It is best if the mentor is the chief audit executive.
- B . Mentor meeting documentation should be retained in personnel files.
- C . It should target both new hires and highly experienced staff.
- D . Meetings with mentors should be formal and scheduled.
What is an appropriate first step in an internal auditor’s fraud risk assessment to evaluate how the organization manages such risk?
- A . Develop preventive and detective controls
- B . Identify potential fraud scenarios
- C . Assess the impact and likelihood of fraud risks
- D . Determine fraud risk responses
An organization allows the same individuals to physical access inventory and purchase new assets when supplies are depleted.
Which of the following would best help the organization manage the risk of fraud?
- A . Accounting personnel should regularly perform reconciliation between invoices and purchase orders
- B . Accounting personnel should conduct a periodic inventory count and reconcile inventory movements
- C . internal auditors should review Vie frequency and volume of purchased assets to detect trends in the inventory levels
- D . Management should established a policy requiring new inventory asset purchases to be
made on serialized order forms with copies retained
An organization allows the same individuals to physical access inventory and purchase new assets when supplies are depleted.
Which of the following would best help the organization manage the risk of fraud?
- A . Accounting personnel should regularly perform reconciliation between invoices and purchase orders
- B . Accounting personnel should conduct a periodic inventory count and reconcile inventory movements
- C . internal auditors should review Vie frequency and volume of purchased assets to detect trends in the inventory levels
- D . Management should established a policy requiring new inventory asset purchases to be
made on serialized order forms with copies retained
An organization allows the same individuals to physical access inventory and purchase new assets when supplies are depleted.
Which of the following would best help the organization manage the risk of fraud?
- A . Accounting personnel should regularly perform reconciliation between invoices and purchase orders
- B . Accounting personnel should conduct a periodic inventory count and reconcile inventory movements
- C . internal auditors should review Vie frequency and volume of purchased assets to detect trends in the inventory levels
- D . Management should established a policy requiring new inventory asset purchases to be
made on serialized order forms with copies retained
An organization allows the same individuals to physical access inventory and purchase new assets when supplies are depleted.
Which of the following would best help the organization manage the risk of fraud?
- A . Accounting personnel should regularly perform reconciliation between invoices and purchase orders
- B . Accounting personnel should conduct a periodic inventory count and reconcile inventory movements
- C . internal auditors should review Vie frequency and volume of purchased assets to detect trends in the inventory levels
- D . Management should established a policy requiring new inventory asset purchases to be
made on serialized order forms with copies retained
An organization allows the same individuals to physical access inventory and purchase new assets when supplies are depleted.
Which of the following would best help the organization manage the risk of fraud?
- A . Accounting personnel should regularly perform reconciliation between invoices and purchase orders
- B . Accounting personnel should conduct a periodic inventory count and reconcile inventory movements
- C . internal auditors should review Vie frequency and volume of purchased assets to detect trends in the inventory levels
- D . Management should established a policy requiring new inventory asset purchases to be
made on serialized order forms with copies retained
Review the professional development plans of internal audit staff to ensure all are competent to assess the organization’s risk assessment activity.
- A . 1 and 2 only.
- B . 1.2, and 3 only.
- C . 1.3. and 4 only.
- D . 3 and 4 only.