An internal auditor accessed accounts payable records and extracted data related to fuel purchased tor the organization’s vehicles As a first step, she sorted the data by vehicle and used spreadsheet functions to identify all instances of refueling on the same or sequential dates She then performed other tests.
Based on the auditor’s actions which of the following is most likely the objective of this engagement1?
- A . To identify whether fuel was purchased for work-related purposes
- B . To estimate future fuel costs for the organization’s fleet of vehicles
- C . To determine trends in average fuel consumption by vehicle
- D . To determine whether the organization is paying more than the industry average for fuel
An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person.
Which of the following risks most appropriately describes this situation?
- A . Nonsampling risk
- B . Sampling risk
- C . Inherent risk
- D . Due diligence risk
An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments.
To follow up, which of the following is the most appropriate action for the internal auditor to take?
- A . Observe corrective measures.
- B . Seek a management assurance declaration.
- C . Follow up during the next scheduled audit.
- D . Conduct appropriate testing to verify management responses.
A chief audit executive (CAE) reviews the supervision of an internal audit engagement.
Which of the following would most likely assure the CAE that the engagement had adequate supervision?
- A . The engagement supervisor has an open door pokey for audit team members to discuss concerns
- B . The supervisor reviews weekly progress reports from the audit team members
- C . The supervisor reviews and initials internal audit workpapers for the engagement
- D . The supervisor meets periodically with management in the reviewed area to get feedback during the engagement.
A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks.
When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?
- A . Present the revised audit plan directly to the board for approval
- B . Communicate with the chief financial officer and present the revised audit plan to the CEO for approval
- C . Present the revised audit plan directly to the CEO for approval
- D . Communicate with the CCO and present the revised audit plan to the board for approval
Which of the following statements regarding the risk management process’ support of the internal audit activity is true?
- A . The risk management process can provide more extensive internal audit services to the organization if it does not have an internal audit department
- B . The risk management process supports internal audit by evaluating whether critical controls are adequate and effective.
- C . The risk management process can determine whether all significant risks have been identified and are being treated.
- D . The risk management process establishes an organization-specific documented risk management framework.
Which of the following internal control attributes should internal auditors consider testing during a review of the board of directors?
- A . The presence of an independent critical mass
- B . The established philosophy and operating style of senior management
- C . The articulated internal control objectives of the organization
- D . The organization’s employee recruiting and retention policies
When forming an opinion on the adequacy of management’s systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?
• During an audit of the hiring process in a law firm, it was discovered that potential employees’ credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.
• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.
• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.
• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.
- A . 1 and 3 only
- B . 1 and 4 only
- C . 2 and 3 only
- D . 2 and 4 only
Which of the following statement is consistent with IIA guidance the use of mentoring for internal auditors?
- A . The member and the internal auditor should opt for informal meetings even if it means that no formal documentation will be created.
- B . The mentor relationship is usually not suitable for internal audit staff, as it does not leas to professional development.
- C . The value of mentoring is derived primarily from the personal relationship between the two parties involved, and the mentor’s level of relevant experience should not be a key factor.
- D . The mentor should be the internal auditor’s supervisor to ensure that the auditor performance is assessed in a relevant and meaningful context.
According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system.
Which of the following component should be added to this observation?
- A . Criteria
- B . Cause
- C . Effect
- D . Condition
According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system.
Which of the following component should be added to this observation?
- A . Criteria
- B . Cause
- C . Effect
- D . Condition
According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system.
Which of the following component should be added to this observation?
- A . Criteria
- B . Cause
- C . Effect
- D . Condition
According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system.
Which of the following component should be added to this observation?
- A . Criteria
- B . Cause
- C . Effect
- D . Condition
According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system.
Which of the following component should be added to this observation?
- A . Criteria
- B . Cause
- C . Effect
- D . Condition
Communicate to senior management a summary report on the status and adequacy of audit resources.
- A . 1 and 3 only
- B . 2 and 4 only
- C . 1, 2, and 4
- D . 2, 3, and 4
An organization buys crude oil on the open market and refines it into a high-quality gasoline. The price of crude oil is extremely volatile.
Which of the following is the most appropriate risk management technique to protect the organization against these price fluctuations?
- A . Enter into long-term gasoline purchase agreements with end customers.
- B . Trade crude oil derivatives at financial markets in order to benefit from price fluctuations
- C . Purchase crude oil-related derivatives such as futures or options
- D . Stock as much raw materials as possible and consider Investing into additional facilities
Which of the following is the primary reason the chief audit executive should consider the organization’s strategic plans when developing the annual audit plan?
- A . Strategic plans reflect the organization’s business objectives and overall attitude toward risk.
- B . Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.
- C . Strategic plans are likely to show areas of weak financial controls.
- D . The strategic plan is a relatively stable document on which to base audit planning.
An internal auditor wants to compare performance information from one quarter to another.
Which analytics procedure would the auditor use?
- A . Ratio analysis
- B . Trend analysis
- C . Vertical analysis
- D . Benchmarking analysis
An internal auditor wants to identity potential ghost employees in the organization’s payroll system.
The auditor extracts the following data
– Human resources data with employees’ names addresses employment conditions and identification codes
– Payroll data
– Logs from entrance systems
With this data, which of the following types of ghost employees will the auditor be able to identify?
- A . Employees who are being paid more than then approved wages
- B . Employees who get paid although their employment has expired
- C . Employees who are related to one of the subcontractors
- D . Employees who are physically present at the workplace but who do not perform the specified job duties
Which of the following items, included in the preliminary audit communication would be most useful for management to formulate action plans in response to audit recommendations?
- A . A condition
- B . An audit objectives
- C . An audit scope
- D . An observation rating
Which of the following statements about assurance maps is correct?
- A . An assurance map is used by the chief audit executive to coordinate assurance activities with other internal and external assurance providers
- B . An assurance map is a picture of all assurance engagements performed by the internal audit activity across the organization
- C . An assurance map is used by the engagement supervisor to coordinate the roles of various internal audit team members assigned to assurance engagements
- D . An assurance map lists the procedures and testing activities performed by an internal audit team during an assurance engagement
When me internal audit activity does not have sufficient time to complete its usual root cause analysis which c4 the following is most appropriate?
- A . The chief audit executive may recommend that management conduct further work to identify the root cause and address the issue
- B . Internal auditors should finish the engagement without conducting the root cause analysis and draft the audit report, though the report would not be considered complete until the analysis is concluded
- C . internal auditors must adjust their future engagement schedule to ensure that the root cause analysis is always performed before the engagement is concluded
- D . Internal auditors should Instead perform a Pareto rule analysis
Which of the following manual audit approaches describes testing the validity of a document by following it backward to a previously prepared record?
- A . Tracing
- B . Reperformance
- C . Vouching
- D . Walkthrough
Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?
- A . To evaluate controls regarding the computer security of an oil refinery.
- B . To examine the processes involved in exploring, developing, and operating a gold mine.
- C . To assess the likelihood and impact of events associated with operating a finished goods warehouse.
- D . To link a financial institution’s business objectives to a work unit responsible for the associated risk.
If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?
- A . Acts that may endanger the health or safety of individuals.
- B . Acts that favor one party to the detriment of another.
- C . Acts that damage or have an adverse effect on the environment.
- D . Acts that conceal inappropriate activities in the organization.
Which of the following should management action plans include at a minimum?
- A . An implementer for the action plan
- B . An owner of the action plan
- C . The internal auditor’s next review date of the action plan
- D . Detailed procedures for the action plan
During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization.
Which of the following best describes this condition?
- A . Scheme.
- B . Opportunity.
- C . Rationalization.
- D . Pressure.
What is the primary objective of an engagement supervisor’s review of key activities performed during the engagement?
- A . To ensure that the engagement is completed on time and within budget
- B . To ensure that all work performed meets acceptable quality standards
- C . To ensure that management has provided suitable responses to all observations
- D . To ensure that management is satisfied with the progress of the engagement
Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?
- A . Improper segregation of duties.
- B . Incentives and bonus programs.
- C . An employee’s reported concerns.
- D . Lack of an ethics policy.
What is the best course of action for a chief audit executive if an internal auditor identifies in the early stage of an audit that some employees have inappropriate access to a key system?
- A . Contact the audit committee chair to discuss the finding
- B . Obtain verbal assurance from management that the inappropriate access will be removed
- C . Issue an interim audit report so that management can implement action plans
- D . Ask the auditor to create a ticket with the IT help desk requesting to revoke the inappropriate access
Which of the following statements generally true regarding audit engagement planning?
- A . The best source tor detailed process information is senior management
- B . Audit objectives should be general and do not change.
- C . Computer-assisted audit techniques are typically not useful during engagement planning
- D . Internal auditors should prepare a dented audit program for testing controls
An internal auditor is analyzing sates records and is concerned whether a transaction is recorded in the coned period. The accounting manager explains that the external auditor approved the records and produces an email from the external audit team leader.
How should tie internal auditor respond?
- A . Ask the external auditor to review the same transaction again as an independent third party
- B . Consult account accounting principles, standards, and relevant guidelines in regard to timing of the entry
- C . Interview the chief financial officer and obtain her opinion on how the transactions should be recorded
- D . Compare the recording of this transaction to now similar ones were executed last year
A chief audit executive (CAE) is trying to balance the internal audit activity’s needs for technical audit skills budget efficiency and staff development opportunities.
Which of the following would best assist the CAE in achieving this balance1?
- A . Strategic sourcing
- B . Loan staff arrangement
- C . Flat organizational structure
- D . Hierarchical organizational structure
According to IIA guidance which of the following statements is true regarding the annual audit plan?
- A . The annual audit plan should only be adjusted in response to problems with resourcing, scope, and data availability.
- B . The chief audit executive (CAE) may incorporate risk information, including risk appetite levels from management for the audit plan at her discretion.
- C . In an immature risk management environment it is preferable for the CAE to rely solely on her judgment regarding risk identification and assessment to develop the audit plan.
- D . The CAE may make adjustments to the annual audit plan as needed without senior management or board approval.
Which of the following is an appropriate documentation of proper engagement supervision?
- A . A completed engagement workpaper review checklist.
- B . The supervisor’s review notes on engagement workpapers.
- C . The email exchanges between the audit team and the supervisor.
- D . A supervisor’s approval of resources allocated to the engagement
Which of the following is an appropriate documentation of proper engagement supervision?
- A . A completed engagement workpaper review checklist.
- B . The supervisor’s review notes on engagement workpapers.
- C . The email exchanges between the audit team and the supervisor.
- D . A supervisor’s approval of resources allocated to the engagement
Which of the following is an appropriate documentation of proper engagement supervision?
- A . A completed engagement workpaper review checklist.
- B . The supervisor’s review notes on engagement workpapers.
- C . The email exchanges between the audit team and the supervisor.
- D . A supervisor’s approval of resources allocated to the engagement
Which of the following is an appropriate documentation of proper engagement supervision?
- A . A completed engagement workpaper review checklist.
- B . The supervisor’s review notes on engagement workpapers.
- C . The email exchanges between the audit team and the supervisor.
- D . A supervisor’s approval of resources allocated to the engagement
Which of the following is an appropriate documentation of proper engagement supervision?
- A . A completed engagement workpaper review checklist.
- B . The supervisor’s review notes on engagement workpapers.
- C . The email exchanges between the audit team and the supervisor.
- D . A supervisor’s approval of resources allocated to the engagement
Submit management’s plan of action to the external auditors for additional review.
- A . 1 and 2
- B . 1 and 4
- C . 2 and 3
- D . 3 and 4
At a construction company, an internal auditor is planning an audit of the company’s process for designing and building grid connections.
The process involves customers making payments m three parts
• The first payment of 10% after approval of the customer s application
• The second payment of 70% prior to construction
• The third payment of 20% after construction is complete
Which of the following key controls should the auditor test to ensure that the company is not taking any unwanted credit risks?
- A . Controls that ensure that grid connection design is finalized before construction is approved to begin
- B . Controls that ensure construction orders are initiated after the second invoice is paid
- C . Controls that ensure all three invoices are calculated correctly according to the total project cost
- D . Controls that ensure that applications are verified for approval prior to initiating design and construction
‘Internal policy prohibits employees from entering into contacts with financial obligations without proper approval.
A project manager signed a change to an important service agreement without obtaining the proper approval As a result the organization is receiving $5,000 per month less for its services.’’
Which of the following should be added to the observation?
- A . The reason for not following the internal policy
- B . A description of what constitutes proper approval
- C . The annual impact of the changed agreement on cash flows
- D . Details regarding when the change to the agreement was signed
Management has taken immediate action to address an observation received during an audit of the organization’s manufacturing process.
Which of the following is true regarding the validity of the observation closure?
- A . Valid closure requires evidence that ensures the corrected process will function as expected in the future
- B . Valid closure requires the client lo address not only the condition, but also the cause of the condition
- C . Valid closure of an observation ensures it will be included in the final engagement report
- D . Valid closure requires assurance from management that the original problem will not recur in the future
An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO.
Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization’s health and safety program?
- A . The CAE has no role to play, because the chief health and safety officer reports to a senior executive.
- B . The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.
- C . The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.
- D . The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.
The internal audit manager has been delegated the task of preparing the annual internal audit plan for the forthcoming fiscal year All engagements should be appropriately categorized and presented to the chief audit executive for review.
Which of the following would most likely be classified as a consulting engagement?
- A . Evaluating procurement department process effectiveness
- B . Helping in the design of the risk management program
- C . Assessing financial reporting control adequacy
- D . Reviewing environmental, social, and governance reporting compliance
According to the IIA guidance, which of the following foes the engagement work test in a review in a review of an organization al process?
- A . Process objectives
- B . Process risks
- C . Process controls
- D . Process scope
Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management.
There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?
- A . Criteria
- B . Condition
- C . Cause
- D . Effect
Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?
- A . Create an assurance map to illustrate each provider’s level of assurance and planned activities for each area of the organization
- B . LIMIT© ricks inventory to identify the risks and controls in place and the relevant control owners.
- C . Rely on the risk and control and management testing information maintained for compliance with the regulatory framework
- D . Prepare a risk likelihood and impact heal map to prioritize assurance coverage coordination.
As a result of server managements assumption of risk there is residual risk that exceeds me organisation’s risk appetite.
Which of the following actions would be most appropriate for the chief audit executive to take?
- A . ignore the responsibility of addressing the residual risk
- B . Assume the responsibility of addressing the residual risk
- C . Ensure senior management acknowledges residual risk
- D . Communicate with the board the issue of residual risk
An organization’s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process.
According to IIA guidance, which of the following roles should the CAE not undertake?
- A . Manage and coordinate risk management processes.
- B . Audit risk management processes.
- C . Become involved in risk oversight committees, monitoring activities, and status reporting.
- D . Accept management’s responsibility for risk management without board approval.
An organization’s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process.
According to IIA guidance, which of the following roles should the CAE not undertake?
- A . Manage and coordinate risk management processes.
- B . Audit risk management processes.
- C . Become involved in risk oversight committees, monitoring activities, and status reporting.
- D . Accept management’s responsibility for risk management without board approval.
An organization’s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process.
According to IIA guidance, which of the following roles should the CAE not undertake?
- A . Manage and coordinate risk management processes.
- B . Audit risk management processes.
- C . Become involved in risk oversight committees, monitoring activities, and status reporting.
- D . Accept management’s responsibility for risk management without board approval.
An organization’s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process.
According to IIA guidance, which of the following roles should the CAE not undertake?
- A . Manage and coordinate risk management processes.
- B . Audit risk management processes.
- C . Become involved in risk oversight committees, monitoring activities, and status reporting.
- D . Accept management’s responsibility for risk management without board approval.
An organization’s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process.
According to IIA guidance, which of the following roles should the CAE not undertake?
- A . Manage and coordinate risk management processes.
- B . Audit risk management processes.
- C . Become involved in risk oversight committees, monitoring activities, and status reporting.
- D . Accept management’s responsibility for risk management without board approval.
The amount of fuel purchased.
- A . 1 and 2
- B . 1 and 4
- C . 2 and 3
- D . 3 and 4
Which of the following should be the focus of the effect section of the preliminary observations document?
- A . Residual risk
- B . Inherent risk
- C . Compensating controls
- D . Control activities
An internal auditor completed a review of expenses related to the launch of a new project. The auditor sampled 45 transactions approved by a senior project manager and identified 30 with questionable vendor documentation.
Which of the following is the most appropriate conclusion for the auditor to include in the audit report?
- A . The organization incurred excessive cost overruns that resulted in significant financial and legal risk to the project.
- B . The organization experienced a potential conflict of interest
- C . The organization had weaknesses in its review process which allowed questionable transactions with some vendors
- D . The organization allowed the project to launch without assurance that all transactions were regularly approved
During a consulting engagement an internal auditor wants to determine whether all principal stakeholders are involved in a project.
Which tool should the auditor use?
- A . RACI (responsible, accountable, consult and inform) chart
- B . Flowchart
- C . SWOT {strengths. weaknesses opportunities, and threats) analysis
- D . Workflow analysis
Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?
- A . Report follow-up activities to senior management.
- B . Implement follow-up procedures to evaluate residual risk.
- C . Determine the costs of implementing the recommendations.
- D . Evaluate the extent of improvements.
According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?
- A . The establishment of an audit approach and documentation system
- B . The standardization of workpaper terminology and notations
- C . The ability to reach consistent audit conclusions regardless of who performs the audit
- D . The application of documentation standards m an appropriate and consistent manner
According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?
- A . The establishment of an audit approach and documentation system
- B . The standardization of workpaper terminology and notations
- C . The ability to reach consistent audit conclusions regardless of who performs the audit
- D . The application of documentation standards m an appropriate and consistent manner
According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?
- A . The establishment of an audit approach and documentation system
- B . The standardization of workpaper terminology and notations
- C . The ability to reach consistent audit conclusions regardless of who performs the audit
- D . The application of documentation standards m an appropriate and consistent manner
According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?
- A . The establishment of an audit approach and documentation system
- B . The standardization of workpaper terminology and notations
- C . The ability to reach consistent audit conclusions regardless of who performs the audit
- D . The application of documentation standards m an appropriate and consistent manner
According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?
- A . The establishment of an audit approach and documentation system
- B . The standardization of workpaper terminology and notations
- C . The ability to reach consistent audit conclusions regardless of who performs the audit
- D . The application of documentation standards m an appropriate and consistent manner
Is the documentation easily accessible to an persons who need in to perform their job?
Which of the following is a drawback of testing methods like this?
- A . They ore kitted as they do not allow the auditor to test many controls.
- B . They do not highlight control gaps
- C . They are not useful for identifying areas on which the auditor should locus.
- D . They are limited as there is a risk that management may not answer fairly.
A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components’ compliance with mandatory quality standards.
Which type of engagement would be most appropriate to assess the root causes of the quality issues?
- A . A risk assessment
- B . An operational audit
- C . A third-party audit
- D . A fraud investigation
An internal auditor collected several employee testimonials.
Which of the following is the best action for the internal auditor to take before drawing a conclusion?
- A . Ensure the testimonials are well documented
- B . Substantiate the testimonials with physical or documentary evidence
- C . Corroborate testimonials with the results from other soft control techniques
- D . Review the testimonials with the interviewed employees
An organization recently acquired a subsidiary in a new industry, and management asked the chief audit executive (CAE) to perform a comprehensive audit of the subsidiary prior to recommencing operations. The CAE is unsure her team has the necessary skills and knowledge to accept the engagement According to IIAguidance, which of the following responses by the CAE would be most appropriate?
- A . The CAE should accept the engagement and ensure that an explanation of the expertise limitations is included in the final audit report.
- B . The CAE should ask management to hire an external expert who is familiar with the industry to perform an independent audit for management
- C . The CAE should accept the engagement and hire an external expert to assist the audit team with the audit of the subsidiary
- D . The CAE should recommend postponing the engagement until the internal audit team is able to develop sufficient knowledge of the new industry
An internal auditor conducted interviews with several employees, documented the interviews analyzed the summaries, and drew a number of conclusions.
What sort of audit evidence has the internal auditor primarily obtained?
- A . Documentary evidence
- B . Testimonial evidence
- C . Analytical evidence
- D . Physical evidence
An audit observation states the following:
"Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history"
Which of the following components are missing in the observation?
- A . Cause and effect.
- B . Effect and criteria
- C . Condition and cause
- D . Criteria and condition.
An audit observation states the following:
"Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history"
Which of the following components are missing in the observation?
- A . Cause and effect.
- B . Effect and criteria
- C . Condition and cause
- D . Criteria and condition.
An audit observation states the following:
"Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history"
Which of the following components are missing in the observation?
- A . Cause and effect.
- B . Effect and criteria
- C . Condition and cause
- D . Criteria and condition.
An audit observation states the following:
"Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history"
Which of the following components are missing in the observation?
- A . Cause and effect.
- B . Effect and criteria
- C . Condition and cause
- D . Criteria and condition.
An audit observation states the following:
"Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history"
Which of the following components are missing in the observation?
- A . Cause and effect.
- B . Effect and criteria
- C . Condition and cause
- D . Criteria and condition.
A preliminary observation document contains more detail than tie observation description in the engagement workpapers
- A . 1 and 2
- B . 1 and 4
- C . 2 and3
- D . 3 and 4
Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?
- A . A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.
- B . A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.
- C . A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.
- D . A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.
Which of the following statements concerning workpapers is the most accurate?
- A . The organization and the format of workpapers is the same for all engagements
- B . The extent of what is included in workpapers is a matter of professional judgment
- C . Workpapers should be complete so that every conceivable question that can be raised should be answered
- D . Copies of operational managements records should not be included, but referenced so that they can be located
In which of the following populations would the internal auditor most likely choose to use a stratified sampling approach?
- A . Inventory comprised of the same items stored in different warehouses
- B . Batches of materials that must be confirmed as meeting quality standards
- C . Revenue that is earned by an organization through cash receipts or as receivable.
- D . Tax reports submitted to meet the requirements of the local taxation authority
An internal auditor is asked to review a recently completed renovation to a retail outlet.
Which of the following would provide the most reliable evidence that the completed work conformed to the plan?
- A . An interview with the employee who performed the work
- B . An analysis of purchasing and receiving documentation
- C . Existence of a signed completion document accepting the work
- D . A physical inspection of the retail outlet.
A chief audit executive’s report to the board showed a significant trend of recent aud4s going over planned budgeted hours.
Which of the following factors could cause this trend?
- A . Poor engagement supervision
- B . ineffective board reporting
- C . Untimely observation follows up and closure
- D . Limited staff resources
According to IIA guidance, which of the following statements best justifies a chief audit executive’s request for external consultants to complement internal audit activity (IAA) resources?
- A . The organization’s audit universe is extensive and diverse.
- B . There has been an increase in unanticipated requests for advisory work.
- C . Previous work provided by the external service provider has been of great quality and value.
- D . A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.
An internal auditor suspects that employee turnover is unusually high at the organization’s primary manufacturing plant.
To investigate this potential issue which of the following analytical approaches is the auditor likely to use?
- A . Ratio analysis
- B . Vertical analysis
- C . Benchmarking
- D . Cost-benefit analysis.
Which of the following should be described in the recognition element of a typical internal audit repot?
- A . Positive aspects of the process or area under review
- B . A brief synopsis of the process of area under review
- C . Outcomes and ratings of the process or area under review
- D . Report issuance and the communication process of the engagement.
According to IIA guidance which of the following statements is true regarding heat maps?
- A . A heat map sets likelihood to have higher priority than impact.
- B . A heat map sets impact to have higher priority than likelihood.
- C . A heat map recognizes that the priority of impact and likelihood can vary.
- D . A heat map recognizes impact and likelihood as equally important
An internal auditor is examining the organization’s internal control processes.
Which of the following would the auditor do to test the reliability of a customer database1?
- A . Perform a site visit to see whether the organization’s servers are operational
- B . Interview end users to determine whether they understand how to use the database information
- C . Determine whether policies are in place on how to use the database information
- D . Review for indications of potential issues with the database information
An internal audit team leader is having difficulties completing the planning phase of an assurance engagement because the business unit lacks a system of internal controls.
Which of the following is the most appropriate course of action for the internal audit team leader?
- A . Defer the engagement until a system of internal control has been established
- B . Change the scheduled engagement from assurance to consulting to help correct the shortcomings
- C . Add a consulting component to the already scheduled assurance engagement
- D . Seek the involvement of the external auditor to assist with improving the internal controls
The audit manager asked the internal auditor to perform additional testing because several irregularities were found in the financial information.
Which of the following would be the most appropriate analytical review for the auditor to perform?
- A . Compare the firm’s financial performance with organizations in the same industry
- B . Interview all managers involved in preparing the financial statements
- C . Perform a bank reconciliation to confirm the cash balance in the financial statements.
- D . Trace each financial transaction to the original supporting document
An organization’s finance manager plans to implement a state-of-the-art management system to better manage the organization’s receivables. The finance manager consulted the chief audit executive (CAE) and asked for her assistance in determining whether the organization is able to accommodate this system.
How would the CAE proceed to determine the objectives of this engagement?
- A . Ask the CEO to determine the scope and objectives of the engagement
- B . Request that the board disclose its concerns over governance for inclusion in the engagement
- C . Discuss the concerns with the finance manager and work together to agree on the engagement objectives
- D . Review previous audit reports from the area and develop engagement objectives to address the area’s key risks and controls
The final internal audit report should be distributed to which of the following individuals?
- A . Audit client management only
- B . Executive management only
- C . Audit client management, executive management, and others approved by the chief audit executive.
- D . Audit client management, executive management, and any those who request a copy.
Which of the following statements is false regarding audit criteria?
- A . Audit criteria should be consistent across audit assignments.
- B . Audit criteria should represent reasonable standards against which to assess existing conditions.
- C . Audit criteria should provide flexibility but allow identification of nonadherence.
- D . Audit criteria should equate to good or acceptable management practices.
An internal auditor is preparing for an auditor of newly implemented software that is used by 3,000 employees in South America and Europe.
What would be the best way for the auditor to gather relevant feedback?
- A . interview IT management in both regions
- B . Inspect regional user software training records
- C . Interview propel management and the vendor responsible for implementation
- D . Distribute surveys to software users in both regions
During the filework phase of an assurance engagement the internal auditor decides that she wants to adjust the audit work program.
Which of the following is the most appropriate next step for the auditor to take9
- A . Request additional information needed from management of the area under review.
- B . Obtain approval from the engagement supervisor
- C . Obtain the required resources, including IT. to complete the work
- D . Discuss the change in scope with management of the area under review.
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
- A . The amount of experience the auditors have conducting audits in the specific area of the organization.
- B . The availability of the auditors in relation to the availability of key client staff.
- C . Whether the budgeted hours are sufficient to complete the audit within the current scope.
- D . Whether outside resources will be needed, and their availability.
Which of the following is the most important concept to be included in a consulting engagement agreement?
- A . Define the duties and responsibilities needed from management to perform the engagement.
- B . Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of the review.
- C . Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee.
- D . Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.
The board of directors expressed concerns about potential external risks that could impact the organization s ability to meet its annual objectives and goals The board requested consulting services from the internal audit activity to gain insight regarding the external risks.
Which of the following engagement objectives would be appropriate to fulfill this request?
- A . Assess the organization’s ability to minimize potential external risks
- B . Assess the organization’s process of vetting vendors that provide necessary services to the organization
- C . Assess the organization’s risk impacts from the markets in which it operates
- D . Assess the organization’s controls implemented that would help minimize risks
The board of directors expressed concerns about potential external risks that could impact the organization s ability to meet its annual objectives and goals The board requested consulting services from the internal audit activity to gain insight regarding the external risks.
Which of the following engagement objectives would be appropriate to fulfill this request?
- A . Assess the organization’s ability to minimize potential external risks
- B . Assess the organization’s process of vetting vendors that provide necessary services to the organization
- C . Assess the organization’s risk impacts from the markets in which it operates
- D . Assess the organization’s controls implemented that would help minimize risks
The board of directors expressed concerns about potential external risks that could impact the organization s ability to meet its annual objectives and goals The board requested consulting services from the internal audit activity to gain insight regarding the external risks.
Which of the following engagement objectives would be appropriate to fulfill this request?
- A . Assess the organization’s ability to minimize potential external risks
- B . Assess the organization’s process of vetting vendors that provide necessary services to the organization
- C . Assess the organization’s risk impacts from the markets in which it operates
- D . Assess the organization’s controls implemented that would help minimize risks
The board of directors expressed concerns about potential external risks that could impact the organization s ability to meet its annual objectives and goals The board requested consulting services from the internal audit activity to gain insight regarding the external risks.
Which of the following engagement objectives would be appropriate to fulfill this request?
- A . Assess the organization’s ability to minimize potential external risks
- B . Assess the organization’s process of vetting vendors that provide necessary services to the organization
- C . Assess the organization’s risk impacts from the markets in which it operates
- D . Assess the organization’s controls implemented that would help minimize risks
The board of directors expressed concerns about potential external risks that could impact the organization s ability to meet its annual objectives and goals The board requested consulting services from the internal audit activity to gain insight regarding the external risks.
Which of the following engagement objectives would be appropriate to fulfill this request?
- A . Assess the organization’s ability to minimize potential external risks
- B . Assess the organization’s process of vetting vendors that provide necessary services to the organization
- C . Assess the organization’s risk impacts from the markets in which it operates
- D . Assess the organization’s controls implemented that would help minimize risks
The IAA frequently is involved in various project teams and task forces in an advisory capacity.
- A . 1 and 2
- B . 1 and 3
- C . 2 and 4
- D . 3 and 4
Which of the following information is most appropriate for the chief audit executive to share when coordinating audit plans with other internal and external assurance providers?
- A . Objectives scope and timing at a high level to support coordination while adhering to confidentiality requirements
- B . The area and timing of the audit engagement to ensure confidentially and avoid conflict of interest.
- C . All plan information, including risk assessments, planned tests and past results to maximize the opportunity for coordination with internal and external providers.
- D . No information should be shared with internal and external provider as it could introduce bias into the engagement results.
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization’s risk management program?
- A . Identifying and managing risks in line with the entity’s risk appetite.
- B . Ensuring that a proper and effective risk management process exists.
- C . Attaining an adequate understanding of the entity’s key mitigation strategies.
- D . Identifying and ensuring that appropriate controls exist to mitigate risks.
Which of the following has the greatest effect on the efficiency of an audit?
- A . The complexity of deficiency findings.
- B . The adequacy of preliminary survey information.
- C . The organization and content of workpapers.
- D . The method and amount of supporting detail used for the audit report.
Which of The following best describes a risk that is deemed "unacceptable" to the organization?
- A . A risk where likelihood and impact are high
- B . A risk where inherent risk exceeds its residual risk
- C . A risk where inherent risk exceeds the tolerance level
- D . A risk where residual risk exceeds the tolerance level
Which of the following statements describes an engagement planning best practice?
- A . It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.
- B . If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.
- C . The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.
- D . Engagement planning activities include setting engagement objectives that align with audit client’s business objectives.
According to HA guidance, the chief audit executive is directly responsible for which of the following?
- A . Maintaining a quality assurance program even in the absence of management support
- B . Periodically reviewing and approving the internal audit charier
- C . Providing opportunities for all staff auditors to satisfy their professional development requirements
- D . Establishing the objectives scope and plan for each engagement
According to HA guidance, the chief audit executive is directly responsible for which of the following?
- A . Maintaining a quality assurance program even in the absence of management support
- B . Periodically reviewing and approving the internal audit charier
- C . Providing opportunities for all staff auditors to satisfy their professional development requirements
- D . Establishing the objectives scope and plan for each engagement
According to HA guidance, the chief audit executive is directly responsible for which of the following?
- A . Maintaining a quality assurance program even in the absence of management support
- B . Periodically reviewing and approving the internal audit charier
- C . Providing opportunities for all staff auditors to satisfy their professional development requirements
- D . Establishing the objectives scope and plan for each engagement
According to HA guidance, the chief audit executive is directly responsible for which of the following?
- A . Maintaining a quality assurance program even in the absence of management support
- B . Periodically reviewing and approving the internal audit charier
- C . Providing opportunities for all staff auditors to satisfy their professional development requirements
- D . Establishing the objectives scope and plan for each engagement
According to HA guidance, the chief audit executive is directly responsible for which of the following?
- A . Maintaining a quality assurance program even in the absence of management support
- B . Periodically reviewing and approving the internal audit charier
- C . Providing opportunities for all staff auditors to satisfy their professional development requirements
- D . Establishing the objectives scope and plan for each engagement
The audit plan is aligned with the organization’s goals.
- A . 1 and 2 only
- B . 3 and 4 only
- C . 1, 2, and 4
- D . 1, 3, and 4
As part of internal audit’s assistance with an annual external audit, the internal auditors are required to do a preliminary analytical review of an bank account balances. This involves verifying the current year end balances as web as comparing the current year end balances with previous year end balances to highlight significant changes.
Which of the following is the most reliable source for verification of the current year end bank balances?
- A . Bank confirmations
- B . Internal bonk statements
- C . Bank reconciliations as of the end of the year
- D . Bank account general ledger balancer as of the end of the year
Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?
- A . Proposing fine item recommendation lot the annual financial budget of the accounting department
- B . Making recommendations regarding financial approval authority limits for the operations department
- C . Validating whether employees are following established policies and procedures in the procurement department
- D . Generating expense report metrics for employees in the finance department
Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?
- A . Proposing fine item recommendation lot the annual financial budget of the accounting department
- B . Making recommendations regarding financial approval authority limits for the operations department
- C . Validating whether employees are following established policies and procedures in the procurement department
- D . Generating expense report metrics for employees in the finance department
Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?
- A . Proposing fine item recommendation lot the annual financial budget of the accounting department
- B . Making recommendations regarding financial approval authority limits for the operations department
- C . Validating whether employees are following established policies and procedures in the procurement department
- D . Generating expense report metrics for employees in the finance department
Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?
- A . Proposing fine item recommendation lot the annual financial budget of the accounting department
- B . Making recommendations regarding financial approval authority limits for the operations department
- C . Validating whether employees are following established policies and procedures in the procurement department
- D . Generating expense report metrics for employees in the finance department
Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?
- A . Proposing fine item recommendation lot the annual financial budget of the accounting department
- B . Making recommendations regarding financial approval authority limits for the operations department
- C . Validating whether employees are following established policies and procedures in the procurement department
- D . Generating expense report metrics for employees in the finance department
The same individuals who receive the final report.
- A . 1 only
- B . 1 and 2 only
- C . 1, 2, and 3
- D . 1, 2, and 4
An internal auditor uses a data query tool in the purchasing process to review the vendor master file for authorizations.
Which of the following describes the control objective likely being tested?
- A . Effectiveness
- B . Response
- C . Efficiency
- D . Mitigation.
An internal auditor was reviewing the procurement department’s tender documentation for completeness He documented all discrepancies but the procurement manager disagreed with his findings Upon further review, the internal auditor noted that all discrepancies had been corrected in the tender database.
Which of the following courses of action would have prevented this situation?
- A . The auditor should have ensured the preservation of audit evidence by taking screenshots or extracting tender documents
- B . The auditor should have extracted a list of logs and identified any actions that were executed in the database during the audit
- C . The auditor should have instructed procurement workers that changes to the database during the course of the audit were strictly forbidden
- D . The internal auditor should have created a more thorough work program, which would address audit criteria and potential causes in more detail
An internal auditor was reviewing the procurement department’s tender documentation for completeness He documented all discrepancies but the procurement manager disagreed with his findings Upon further review, the internal auditor noted that all discrepancies had been corrected in the tender database.
Which of the following courses of action would have prevented this situation?
- A . The auditor should have ensured the preservation of audit evidence by taking screenshots or extracting tender documents
- B . The auditor should have extracted a list of logs and identified any actions that were executed in the database during the audit
- C . The auditor should have instructed procurement workers that changes to the database during the course of the audit were strictly forbidden
- D . The internal auditor should have created a more thorough work program, which would address audit criteria and potential causes in more detail
An internal auditor was reviewing the procurement department’s tender documentation for completeness He documented all discrepancies but the procurement manager disagreed with his findings Upon further review, the internal auditor noted that all discrepancies had been corrected in the tender database.
Which of the following courses of action would have prevented this situation?
- A . The auditor should have ensured the preservation of audit evidence by taking screenshots or extracting tender documents
- B . The auditor should have extracted a list of logs and identified any actions that were executed in the database during the audit
- C . The auditor should have instructed procurement workers that changes to the database during the course of the audit were strictly forbidden
- D . The internal auditor should have created a more thorough work program, which would address audit criteria and potential causes in more detail
An internal auditor was reviewing the procurement department’s tender documentation for completeness He documented all discrepancies but the procurement manager disagreed with his findings Upon further review, the internal auditor noted that all discrepancies had been corrected in the tender database.
Which of the following courses of action would have prevented this situation?
- A . The auditor should have ensured the preservation of audit evidence by taking screenshots or extracting tender documents
- B . The auditor should have extracted a list of logs and identified any actions that were executed in the database during the audit
- C . The auditor should have instructed procurement workers that changes to the database during the course of the audit were strictly forbidden
- D . The internal auditor should have created a more thorough work program, which would address audit criteria and potential causes in more detail
An internal auditor was reviewing the procurement department’s tender documentation for completeness He documented all discrepancies but the procurement manager disagreed with his findings Upon further review, the internal auditor noted that all discrepancies had been corrected in the tender database.
Which of the following courses of action would have prevented this situation?
- A . The auditor should have ensured the preservation of audit evidence by taking screenshots or extracting tender documents
- B . The auditor should have extracted a list of logs and identified any actions that were executed in the database during the audit
- C . The auditor should have instructed procurement workers that changes to the database during the course of the audit were strictly forbidden
- D . The internal auditor should have created a more thorough work program, which would address audit criteria and potential causes in more detail
The geographical dispersion of audit staff across the organization.
- A . 1 and 3
- B . 1 and 4
- C . 2 and 3
- D . 2 and 4
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis.
Which of the following is most likely to be a disadvantage of this outsourcing decision?
- A . Cost.
- B . Independence.
- C . Familiarity.
- D . Flexibility.
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis.
Which of the following is most likely to be a disadvantage of this outsourcing decision?
- A . Cost.
- B . Independence.
- C . Familiarity.
- D . Flexibility.
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis.
Which of the following is most likely to be a disadvantage of this outsourcing decision?
- A . Cost.
- B . Independence.
- C . Familiarity.
- D . Flexibility.
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis.
Which of the following is most likely to be a disadvantage of this outsourcing decision?
- A . Cost.
- B . Independence.
- C . Familiarity.
- D . Flexibility.
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis.
Which of the following is most likely to be a disadvantage of this outsourcing decision?
- A . Cost.
- B . Independence.
- C . Familiarity.
- D . Flexibility.
Third-party opinion.
- A . 1 and 3
- B . 1 and 4
- C . 2 and 3
- D . 2 and 4
Third-party opinion.
- A . 1 and 3
- B . 1 and 4
- C . 2 and 3
- D . 2 and 4
Third-party opinion.
- A . 1 and 3
- B . 1 and 4
- C . 2 and 3
- D . 2 and 4
Third-party opinion.
- A . 1 and 3
- B . 1 and 4
- C . 2 and 3
- D . 2 and 4
Third-party opinion.
- A . 1 and 3
- B . 1 and 4
- C . 2 and 3
- D . 2 and 4
Determine how the information is stored.
- A . 1 and 3 only
- B . 2 and 4 only
- C . 1, 3, and 4 only
- D . 1, 2, 3, and 4
Internal control questionnaires are used to achieve which of the following objectives?
- A . To ascertain the operating effectiveness of a procedure
- B . To verify the accuracy of Information in a report
- C . To assess the controls mitigating major risks
- D . To determine whether specified contra procedures are in place
According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?
- A . Having no active role or involvement in the risk management process.
- B . Auditing the risk management process for reasonableness.
- C . Coordinating and managing the risk management process.
- D . Participating with management in identifying and evaluating risks.
An internal auditor is assigned to validate calculations on the organization’s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing.
Which of the following would most appropriately be used for this purpose?
- A . Generalized audit software.
- B . Utility software
- C . integrated test facilities
- D . Audit expert systems
An internal auditor is assigned to validate calculations on the organization’s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing.
Which of the following would most appropriately be used for this purpose?
- A . Generalized audit software.
- B . Utility software
- C . integrated test facilities
- D . Audit expert systems
An internal auditor is assigned to validate calculations on the organization’s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing.
Which of the following would most appropriately be used for this purpose?
- A . Generalized audit software.
- B . Utility software
- C . integrated test facilities
- D . Audit expert systems
An internal auditor is assigned to validate calculations on the organization’s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing.
Which of the following would most appropriately be used for this purpose?
- A . Generalized audit software.
- B . Utility software
- C . integrated test facilities
- D . Audit expert systems
The cost of modifying the sales system to include a preventive control is less than
S100.000
- A . 1 only
- B . 3 only
- C . 1 and 3 only
- D . 1, 2, and3
An organization s inventory is stored m multiple warehouses. During an inventory audit which of the following activities would most benefit from the use of computerized audit tools?
- A . Verifying the existence of inventory items in each warehouse
- B . Assigning the tolerable deviation rate to determine the sample size
- C . Valuating the obsolete Inventory from all the warehouse locations
- D . Confirming that the purchased items are recorded In the correct period
Which of the following situations would justify the removal of a finding from the final audit report?
- A . Management disagrees with the report findings and conclusions in their responses.
- B . Management has already satisfactorily completed the recommended corrective action.
- C . Management has provided additional information that contradicts the findings.
- D . Management believes that the finding is insignificant and unfairly included in the report.
An internal auditor is conducting a financial audit.
Which of the following audit procedures is most appropriate when existing internal controls are weak?
- A . Analytical procedures.
- B . Detail testing.
- C . Test of design.
- D . Test of control.
During a review of the treasury function an internal auditor identified a risk that all bank accounts may net to include in the daily reconciliation process.
Which of the following responses would be most effective to mitigate this risk?
- A . The treasury supervisor establishes a threshold for amounts on bank statements to be reconciled against data in the system
- B . The treasury analyst performs a daily reconciliation of al bank statements obtained via email against data in the system
- C . The treasury analyst reviews a daily report automatically generated by the treasury system, which shows bank statements that have not been uploaded into the accounting system.
- D . The treasury supervisor seeks an annual confirmation from the bank regarding the bank statements processed within a year