IIA-CIA-Part1 Online Training Archives

You can comfortably pass your IIA IIA-CIA-Part1 exam with the help of Exam4Training. Exam4Training is the leader in IT Certifications that will guarantee you will pass your IIA-CIA-Part1 CIA Exam Part One: Essentials of Internal Auditing exam on your first attempt. If you are unable to pass the Certified Internal IIA-CIA-Part1 exam on your first attempt, then we will give you a full compensation of your purchasing fee.They have the guarantee that the IIA IIA-CIA-Part1 CIA Exam Part One: Essentials of Internal Auditing Online Training that they have will be the ones that will make you pass your IIA-CIA-Part1 exam in the very first go.

Page 1 of 10

1. Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department.

Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Workshops.

Surveys.

Interviews.

Observation.

2. Which of the following statements is true regarding electronic funds transfer (EFT)?

EFT is a popular mechanism for improving efficiency, but results in less internal control.

EFT significantly reduces the risk of fraud by eliminating the need for authorizations.

EFT eliminates payment delays due mostly to the introduction of automated cash controls,

EFT makes use of numerous automated controls, but is still vulnerable to fraudulent accounting entries.

3. A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy.

Which of the following is the most appropriate idea to include?

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CS

The board is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported.

Management is responsible for ensuring that the organization’s CSR principles are communicated, understood, and integrated into decision-making processes.

Generally, CSR activities are limited to the management of the organization; thus, employees do not have a responsibility for ensuring the success of CSR objectives.

4. Which of the following factors is most important for internal auditors to consider when prioritizing fraud risks?

The organization’s code of conduct.

The organization’s competition.

The organization’s code of ethics.

The organization’s culture

5. Which of the following is the primary engagement responsibility of an entry-level internal auditor?

Leadership.

Documentation.

Analysis.

Reporting.

6. Which of the following best describes the risk contained in an initial public offering for a new stock?

Residual risk.

Net risk.

Inherent risk.

Underlying risk.

7. According to NA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?

CAE reviews and approves the annual audit plan,

CAE meets privately with the CEO at least annually.

CAE meets privately with the board at least annually,

CAE reports to the board regarding audit staff performance evaluation and compensation.

8. A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter.

Which of the following best describes this type of risk?

Residual.

Net.

Inherent.

Accepted.

9. Which of the following is most likely to be considered a control weakness?

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

Purchase orders are typed by the purchasing department using prenumbered forms.

Buyers promptly update the official vendor listing as new supplier sources become known.

Department managers initiate purchase requests that must be approved by the plant superintendent.

10. A newly appointed chief audit executive (CAE) started analyzing the organization's policies in an attempt to customize them to address internal audit specifics.

Which of the following organization wide practices is most likely to be acceptable to the CAE?

Internal auditors1performance evaluation is primarily based on both client satisfaction surveys and cost savings identified from the audits.

Standard training for each employee, including internal auditors, is 10 hours per year.

To enhance efficiency, internal auditors should not be rotated regularly among engagements.

Hiring practices include requiring potential auditors to disclose any significant stock ownership in the organization.

Page 2 of 10

11. An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services.

Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?

The policies and procedures of the internal audit activity.

The provisions of the internal audit charter.

The authority of the CE

The IIA's Code of Ethics.

12. The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review.

Which of the following would be the most appropriate approach?

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures.

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

13. Which of the following types of policies best helps promote objectivity in the interna! audit activity's work?

Policies that are distributed to all members of the internal audit activity and require a signed acknowledgment,

Policies that match internal auditors' performance with feedback from management of the area under review.

Policies that keep internal auditors in areas where they have vast audit expertise.

Policies that provide examples of inappropriate business relationships.

14. In which of the following ways could stakeholders be engaged in corporate social responsibility efforts?

Investigation of health and safety incidents.

Auditing of controls and management systems.

Communication of disclosures and external reporting,

Involvement in focus groups and complaint management

15. Which of the following best demonstrates that the internal audit activity is using due professional care?

The internal audit activity reports directly to the board on the engagements it performs.

Internal auditors undertake the necessary training to complete their audit work.

The completion of engagements is based on the assumption that fraudulent activities may exist.

Internal auditors consider the use of technology-based audit and other data analysts techniques

16. Identify and mitigate risks to help meet the CSR program objectives.

1,2, and 3,

1 2, and 4.

1, 3, and 4.

2, 3, and 4.

17. According to NA guidance, which of the following conditions would enhance the independence of the internal audit activity?

The organizational culture rewards critical and objective thinking.

The quality of work performed by the internal audit activity is periodically reviewed,

The organization establishes effective governing body oversight,

Audit assignments are rotated among internal audit staff

18. Who is responsible for ensuring internal auditors’ continuing professional development?

Individual internal auditors.

Chief audit executive.

The board.

Engagement supervisors.

19. In which of the following situations may the internal audit activity report conformance with the Standards?

An internal audit activity has been in existence at least five years and has not completed an external assessment,

An internal auditor was assigned to an audit engagement but did not meet individual objectivity requirements.

The internal audit activity prepared an internal audit plan that was not risk-based.

The internal audit activity has been in existence fewer than five years, but periodic self-assessments were conducted.

20. Which of the following must be in existence as a precondition to developing an effective system of internal controls?

A monitoring process,

A risk assessment process.

A strategic objective-setting process.

An information and communication process.

Page 3 of 10

21. Which of the following is an example of a detective control?

Automatic shut-off valve.

Auto-correct software functionality.

Confirmation with suppliers and vendors.

Safety instructions.

22. Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?

Evaluate how the organization manages fraud risk.

Establish procedures for improving risk management processes.

Ensure risk responses are aligned with industry standards.

Verify that organizational objectives are aligned with each department’s objectives.

23. A multinational organization has asked the internal audit activity to assist in setting up the organization’s risk management system. The chief audit executive (CAE) agrees to take on the engagement as a consultant.

Which of the following tasks is appropriate for the CAE to undertake?

Coordinate and facilitate risk workshops for management to attend.

Establish the degree of risk appetite for management to accept.

Set risk indicators and mitigation plans for management to implement

Determine the number of significant risks for management to report to the board.

24. Which of the following statements is most accurate with respect to the required elements of the quality assurance and improvement program?

Internal assessments provide sufficient objectivity to provide evidence to the board that the internal audit activity understands the organization’s control processes.

Quality assessments focus on the internal audit activity's structure, relationships with stakeholders, compliance with the Standards, and internal audit staff proficiency.

In order to comply with the Standards, the internal audit activity must obtain an objective assessment of its processes and function at least once a year.

Internal auditors completing internal assessments must demonstrate certification to perform quality assessments.

25. While conducting an engagement in the procurement department, the internal auditor noticed that the department head’s travel reports showed minor travel expenses, and there were no charges for hotels, meals, or transportation. However, the auditor knew that the department head frequently traveled worldwide to meet with suppliers and visit their production sites.

Which of the following would be the most appropriate next step for the auditor?

The auditor should make a note of the issue for follow-up when employee travel expenses are audited.

The auditor should analyze trends and changes among the organization’s suppliers over the past few years.

The auditor should investigate whether there are any special arrangements regarding senior management travel.

The auditor should analyze the list of destinations the department head visited to estimate typical costs.

26. Which of the following best describes the Standards requirement for collective proficiency of the internal audit activity?

The internal audit activity must have auditors on staff who collectively possess all of the competencies required to fulfill the internal audit plan,

All internal auditors on staff should possess the knowledge, skills, and competencies needed to perform any assurance engagement on the audit plan.

The internal audit activity must possess or obtain the competencies needed to carry out their professional responsibilities, including providing relevant advice and recommendations.

Internal auditors collectively are responsible for ensuring that the internal audit activity has the competencies required to fulfill the internal audit plan.

27. Which of the following situations best describes an internal auditor who may have violated the IIA Code of Ethics principle of confidentiality?

The auditor intentionally omitted from his resume that he was fired from his previous job for fraud allegations,

The auditor decided not to notify her supervisor that her brother-in-law was responsible for the project the auditor was expected to evaluate.

The auditor asked the audit client to copy requested files to her personal unencrypted memory stick because it was faster and more convenient.

The auditor was assigned to analyze the organization's incentive program and spent long hours reviewing other employees’ bonuses,

28. Which of the following best demonstrates internal auditors performing their work with proficiency?

Internal auditors meet with operational management at each phase of the audit process.

Internal auditors adhere to The IIA’s Code of Ethics.

Internal auditors work collaboratively with their engagement team.

Internal auditors complete a program of continuing professional development.

29. Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

A description of their job responsibilities,

A non-disclosure agreement.

An annual declaration of commitment to

The IIA s Code of Ethics.

The internal audit charter.

30. Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

ISO 26000.

Global Reporting Initiative.

Open Compliance and Ethics Group.

COSO’s enterprise risk management framework

Page 4 of 10

31. Which of the following is the most effective way for internal auditors to determine whether ethical values are followed throughout the organization?

Review the organization's ethical value structure and reporting procedures.

Review what the organization considers to be ethical behavior, such as the employee code of conduct.

Review employee survey responses and follow up on those that suggest weaknesses in the ethical climate.

Review the organization's records to ensure all employees have signed statements that they will follow ethical practices.

32. According to NA guidance, which of the following provides the best evidence of conformance with the Standards with respect to the proficiency required of the internal audit activity?

Discussions with the chief audit executive.

A listing of employee profiles and certifications.

Inquiry of external auditors.

Validation by human resources.

33. Which of the following statements is true with regard to services provided by the internal audit activity?

For consulting engagements, internal auditors do not need to be alert to control issues.

Assurance and consulting services have similar objectives.

Internal auditors may not perform assurance and consulting roles at the same time.

Both assurance and consulting engagements require a final engagement report

34. After being assigned to an audit of the accounts payable process, an internal auditor privately notifies the chief audit executive that she is a finalist for an open manager position within the accounts payable department.

Which of the following is the IIA Code of Ethics principle that the auditor upheld?

Independence.

Confidentiality.

Objectivity.

Competency

35. During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as he are earning a significantly higher salary. The auditor noted the names and amounts of each, and he planned to prepare a request to the chief audit executive for a salary increase based on this information.

Which of the following IIA Code of Ethics principles was violated in this scenario?

Competency.

Objectivity,

Integrity.

Confidentiality

36. A series of incidents over the past year reveals several members of senior management possess a limited understanding of the concept and impact of fraud.

Which of the following would be the most effective way to approach this issue?

The board should ask the internal audit activity to perform additional assurance engagements.

A comprehensive fraud risk assessment and management program should be carried out.

The organization should conduct training sessions on fraud, which should be attended by senior management and staff.

Anti-fraud and whistleblowing policies should be implemented and their importance should be clearly stated.

37. Management assessed the organization’s risk of expanding operations into a new, but volatile, region and began looking for a compatible local partner to manage sales and distribution.

Which of the following best describes this risk management technique?

Avoidance.

Acceptance.

Reduction.

Sharing

38. Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook.

Which of the following handbook policies has the greatest risk of compromising audit objectivity?

Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related.

Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization's operations.

Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board.

Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer.

39. A chief audit executive (CAE) identifies that the internal audit activity lacks a necessary skill to perform a management request for a consulting engagement.

According to IIA guidance, which of the following is the most appropriate action the CAE should take regarding the request?

Assign the engagement to a more senior internal auditor.

Decline the engagement request.

Allow the internal auditors to acquire the needed skills while performing the engagement.

Supervise the assigned internal auditors throughout the engagement.

40. Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large organization?

The internal assessment results should be discussed once every five years,

The rating conclusions and the impact from results of the external assessment should be explained,

The results of the external assessment should be discussed every seven years,

The qualifications and independence of the internal assessment team should be discussed

Page 5 of 10

41. A chief audit executive (CAE) has no direct access to the board. According to IIA guidance, which of the following is the most appropriate way for the CAE to react?

Ensure all subsequent audit reports include a disclaimer as to the lack of access to the board,

Focus on operational audit work and disregard lack of direct access to the members of the board.

Initiate changes to the internal audit charter to report to senior management for the time being,

Engage in written communications with the board and present relevant issues in writing

42. If an internal auditor suspects fraud during an engagement which of the following is expected of the auditor?

Evaluate the suspected activities to determine whether a forma! investigation is warranted,

Immediately inform senior management and the board of the suspected fraud.

Ascertain the level of resources needed to formally investigate the fraud, and proceed with the investigation if resources permit,

Include in the engagement documentation all possible effects and the potential impact of the fraud to the organization

43. Which of the following is an example of a directive control?

Segregation of duties.

Exception reports.

Training programs.

Supervisory review.

44. Which of the following documents would promote objectivity within an organization's internal audit activity?

Internal audit charter.

Internal audit manual.

Audit committee charter

Human resources employee handbook.

45. Senior management has decided to adopt the key principles approach of the ISO 31000 risk management framework.

According to IIA guidance, which of the following principles is most appropriate when implementing the risk management process in a dynamic agency?

Everyone in the agency has a primary responsibility for identifying and managing risks as part of the risk management process.

The risk management process, while evaluating risk, should develop a mechanism to rank the relative importance of each risk.

The risk management process should be regularly reviewed and respond to changes in the environment, to remain relevant.

The risk management process should use a formal technique to consider the consequence and likelihood of each risk.

46. At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).

However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization.

According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards,

The auditor breached the conflict of interest standard by accepting payment for travel costs

47. In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?

The effectiveness of process-level and transaction-level controls.

Conflicts of interest within the organizational structure of the senior management.

The alignment of management decisions with the level of risk the organization is willing to accept.

The actions of upper management in response to the internal audit activity's reporting

48. According to IIA guidance, which of the following statements is true regarding reporting the results of the quality assurance and improvement program?

Results of internal assessments need to be reported to the board at least once every five years.

The external assessor must present the findings from the external assessment to senior management and the board upon completion.

Deficiencies within the internal audit activity must be reported to the board as soon as they are noted.

Results of ongoing monitoring of the internal audit activity's performance must be reported to senior management and the board at least annually

49. Which of the following procedures will best help an internal auditor assess operating effectiveness of fraud prevention and detection controls?

Benchmarking best practices

Testing,

Mapping,

Interviewing

50. According to NA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

To enable Triple Bottom Line reporting capability.

To facilitate the conduct of risk assessment.

To achieve and maintain sustainable development.

To fulfill regulatory and compliance requirements.

Page 6 of 10

51. Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

Planning an engagement of the area in which fraud is suspected.

Employing audit tests to detect fraud.

Interrogating a suspected fraudster

Completing a process review to improve controls to prevent fraud

52. According to IIA guidance, which of the following statements regarding the internal audit charter is true?

The nature of consulting services typically is not included in the charter.

The chief audit executive must formally review the charter at least once a year

The nature of assurances provided to parties outside of the organization typically is not included in the charter.

The charter typically defines the internal audit activity's position within the organization.

53. Applying ISO 31000, which of the following is part of the external context for risk management?

Risk treatment method based on risk evaluation.

Organizational culture, objectives, and processes.

The regulatory and competitive environment

The method of determining the risk level.

54. Which of the following best describes the internal audit activity’s responsibility within a risk and control framework?

The internal audit activity constitutes the first line of defense in effective risk management.

The internal audit activity provides direction regarding internal controls implementation.

The internal audit activity verifies that management has met its responsibility for implementing effective controls.

The internal audit activity implements the internal control framework and advises management regarding best practices.

55. An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing ( Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations.

According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?

Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity has addressed all areas of nonconformance and the audit committee has been notified.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.

Indicate that the internal audit activity operates in partial conformance with the Standards t as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.

Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to ail parties who received the original reports.

56. Which of the following best demonstrates conformance with the Standards relating to continuing professional development of internal auditors?

Regulatory approval from an accrediting agency.

Self-assessments against a competency framework.

Approval and signoff from the board of directors.

A review by external auditors on an annual basis

57. An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments. The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International! Standards for the Professional Practice of Internal Auditing (Standards).

Which of the following justifies inclusion of this clause in the reports?

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

The self-assessment results were validated by a qualified external review team three years prior.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

58. Which of the following situations is most likely to heighten an internal auditor's professional skepticism regarding potential fraud?

A procurement manager does not have the expected academic credentials for his position.

A salesperson frequently complains about the organization's policy on sales commissions.

The accounts payable supervisor has requested advances against her monthly salary on several occasions.

A financial accountant is absent from work frequently due to regular medical procedures.

59. According to the 11A Code of Ethics, which of the following is required with regard to communicating results?

The internal auditor should present material information to appropriate personnel within the organization without revealing confidential matters that could be detrimental to the organization.

The internal auditor should disclose all material information obtained by the date of the final engagement communication.

The internal auditor should obtain all material information within the established time and budget parameters.

The internal auditor should reveal material facts that could potentially distort the reporting of activities under review.

60. Which of the following statements best illustrates why internal auditors assess soft controls?

Assessing soft controls are an effective method of assessing risk related to personnel.

Assessing soft controls, as opposed to hard controls, makes it easier to evaluate operating effectiveness.

Assessing soft controls can help internal auditors in undertaking root-cause analysis.

Assessing soft controls provides more objective information than assessing hard controls.

Page 7 of 10

61. Which of the following would be considered a monitoring activity in organization wide risk management?

Validate the results of management's self-assessment.

Perform reviews of personnel.

Maintain rigorous and comprehensive documentation.

Obtain authorizations and signatures.

62. Which of the following would be the most effective fraud prevention control?

Email alert sent to management for checks issued over $100,000.

Installation of a video surveillance system in a warehouse prone to inventory loss.

New hire training to explain fraud and employee misconduct.

Daily report that identifies unsuccessful system log-in attempts

63. During a review of employee benefits, a staff internal auditor observed an ambiguity in the incentive compensation policy. If reported, it could negatively impact the internal auditor's compensation.

Which of the following would encourage the internal auditor to be objective in his work?

Periodic reinforcement of the internal audit activity's code of ethics disclosure practices.

External assessments of the internal audit activity every five years.

Audit committee review of every engagement report at the conclusion of the audit.

Internal audit charter approved by the board.

64. According to IIA guidance, which of the following statements is true regarding due professional care?

Internal auditors must exercise due professional care to Insure that all significant risks will be identified,

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist,

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost.

65. Which of the following processes does the board manage to ensure adequate governance?

Establish and measure performance objectives for the internal audit activity.

Select board members with necessary knowledge and skills.

Develop, approve, and execute the strategic plan of the organization.

Develop strategies to mitigate the risks to achieving the organization’s objectives

66. Which of the following actions is a chief audit executive most likely to take in order to identify gaps in the internal audit activity’s knowledge, skills, and competencies?

Complete a skills assessment of the internal audit activity based on. The IIA Global Internal Audit Competency Framework.

Develop a competency assessment tool for the internal audit activity based on The IIA Global Internal Audit Competency Framework.

Incorporate the basic criteria for competency of the internal audit activity into the job descriptions of potential internal auditors,

Develop an internal audit activity plan for training internal auditors to perform required assurance and consulting activities.

67. Skimming involves stealing cash or assets from the organization and is normally concealed by adjusting the organization’s records.

4, Disbursement fraud occurs when a person causes the organization to issue a payment for fictitious goods or services.

1 and 3.

1 and 4.

2 and 3.

2 and 4.

68. Which of the following would be considered a violation of The HAfs mandatory guidance on independence?

The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer.

The board seeks senior management's recommendation before approving the annual salary adjustment of the CA

The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity,

The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline

69. Which of the following is a true statement regarding whistleblowing?

Whistleblowing is one of several possible ethical structures an organization can undertake to encourage ethical behavior.

Whistleblowing programs help employees deal with ethical questions and instill ethical values into everyday behavior

Whistleblowers are current or former employees who are disgruntled and looking to retaliate.

Whistleblowers should inform the organization about actual criminal circumstances, not assumed allegations

70. Operational management in the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings.

This activity is designed to prevent which of the following conditions?

Knowledge/skills gap,

Monitoring gap.

Accountability/reward failure,

Communication failure.

Page 8 of 10

71. While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditor's relative.

Which course of action should the auditor take?

Proceed with the audit engagement, but do not include the relative's information.

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

Disclose in the engagement final communication that the relative is a customer.

Immediately withdraw from the audit engagement.

72. An internal auditor observed that sales staff are able to modify or cancel an order in the system prior to shipping* She wonders whether they can also modify orders after shipping.

Which of the following types of controls should she examine?

Batch controls.

Application controls.

General IT controls.

Logical access controls

73. An internal auditor believes that the internal audit activity's independence is impaired.

Which of the following actions should the internal auditor take first?

Report the impairment to senior management

Discuss the impairment with the audit manager

Ascertain the best approach to disclose the impairment.

Decide on the extent of impact of the impairment

74. Which of the following could increase risks to the organization’s control environment?

Strong board of directors oversight.

Incentive-based compensation structures.

Lower than average employee turnover.

Implementation of a fraud hotline.

75. Which of the following scenarios would most significantly restrict the areas where interna! audit could perform assurance services?

Regulators mandate specific audit engagements to be included in the audit plan.

The internal audit activity reports functionally to the chief financial officer

The internal audit activity reports administratively to the CEO and functionally to the audit committee.

The internal audit activity reports administratively to the chief financial officer.

76. For a new board chair who has not previously served on the organization's board, which of the following steps should first be undertaken to ensure effective leadership to the board?

Chair should learn the current organizational culture of the company.

Chair should learn the current risk management system of the company.

Chair should determine the appropriateness of the current strategic risks.

Chair should gain an understanding of the needs of key stakeholders.

77. Which of the following skills is most important for an internal auditor who facilitates control self-assessment workshops to possess?

Groupthink.

Collaboration skills.

Process analysis skills.

Project management skills.

78. If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable resolution?

Politely decline the engagement due to a lack of qualified staff available at the time.

Complete the engagement as requested, with the best of the current staffs abilities.

Consider using employees from other departments in the organization on the audit team.

Change the scope of the testing to ensure that only available staff proficiencies are used

79. Which of the following best describes the internal audit activity's contribution to the implementation of the risk management framework?

Internal audit identifies key risk areas during assurance reviews and provides audit findings.

Internal audit assists with the prioritization of identified risks.

Internal audit participates in setting the risk appetite.

Internal audit takes part in the design of risk mitigation measures.

80. Which of the following statements best demonstrates application of due professional care during an assurance engagement?

The engagement detected irregularities and noncompliance instances.

The engagement supervisor had no significant comments in the supervisory review.

The audit procedures were systematically planned, executed, and documented.

The engagement objectives were designed to assist the engagement client.

Page 9 of 10

81. During an assurance engagement, an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies.

Which of the following skills did the auditor demonstrate?

Internal audit management.

Conflict negotiation.

Critical thinking.

Persuasion and collaboration.

82. An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment.

According to the Standards, which of the following would the auditor include in the risk register?

Management’s acceptance of inadequate controls for cybersecurity risk.

Discussions with senior management relating to a new revenue stream.

Mitigating controls implemented by the engagement supervisor

Project manager planned hours versus time spent for all prior year projects

83. Which of the following controls would best mitigate the risk of fraud in the bidding process?

Have a bidding committee open the tender bids.

Restrict the time to submit tender bids.

Keep minutes of pre-bid meetings.

Allow the higher tenders to rebid.

84. Which of the following needs to be established prior to undertaking an assessment of the quality assurance and improvement program?

Department performance standards.

Remediation timeframes.

Nonconformance disclosures.

External assessment resources

85. Which of the following best illustrates the application of due professional care during an audit of the procurement department?

The internal auditor began checking purchase requisitions for proper authorizations. He stopped when he discovered an instance of noncompfiance. and he concluded the controls were ineffective.

The internal auditor discovered an instance where management did not follow the standard bidding processes. The auditor assessed the validity of management’s reasons for deviating from standard practice and the supporting documentation, and determined that the deviation was acceptable.

The internal auditor selected a sample of purchase orders with amounts greater than S5.000, the threshold at which the organization requires a bidding process. The auditor obtained documentation of the bidding process for each purchase order in the sample.

The internal auditor analyzed bidding documents provided by management. Management indicated that the documents were purchase orders issued to a sole-source vendor Based on the analysis and management's declaration, the internal auditor determined that the procurement process was effective.

86. Which of the following should a general internal auditor be able to characterize as an IT-related risk?

Computer servers are in a room that is accessible to all employees,

An IT architect avoids taking vacations and sharing his workload with coworkers,

Hours billed by IT developers exceed 24 hours daily.

Audit logs are lacking in a system that processes personal data.

87. In which of the following ways can a chief audit executive demonstrate to the board that the internal audit activity collectively possesses all of the skills needed to complete its annual goals?

Involve board members in hiring activities and request advice.

Require all internal audit staff to complete the same training course on a general audit subject,

Require senior auditors to obtain a professional certification.

Provide a competency assessment of the internal audit staff.

88. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.

1 and 2 only.

2 and 3 only.

2 and 4 only.

3 and 4 only

89. The chief audit executive (CAE) of a new internal audit activity is creating an internal audit charter According to IIA guidance, which of the following terms is most likely to be included in the charter?

Senior management will be present whenever the CAE interacts with the board, to ensure effective communication among all three parties.

Internal auditors will advise on the design of control policies and procedures in any area where the organization does not possess the requisite expertise,

Internal auditors will demonstrate competence, concern, and the dedication expected of a professional,

Internal auditors will receive performance-based compensation, including bonuses for reporting more than a stipulated number of observations.

90. Which of the following situations undermines the independence of the internal audit activity?

The internal audit activity is responsible for the company's risk management function, and its head manager reports to the chief audit executive.

A senior member of the internal audit activity once worked in the corporate finance department.

The organization’s CEO reviews the internal audit activity’s annual budget per the organization’s policies and procedures.

The internal audit activity often uses management's risk profile to build its own risk profile for annual planning.

Page 10 of 10

91. An internal auditor is performing testing to gather evidence regarding an organization’s inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is.

The auditor's concern best describes which of the following risks?

incorrect rejection risk

Incorrect acceptance risk.

Tolerable misstatement risk.

Anticipated misstatement risk

92. An internal auditor discovered fraud while performing an audit of an organization’s procurement process.

Which of the following describes the greatest benefit of using forensic auditing techniques in this scenario?

Enhanced capability to prevent frauds from occurring.

Greater assurance that procurement frauds will be detected in a timely manner

Improved capability of evaluating fraud risks within the organization.

Greater understanding of fraud through better evidence collection

93. Which of the following best describes the type of risk that an adequately designed and effectively operating system of internal controls should mitigate?

Net.

Controllable.

inherent,

Residual.

94. Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence.

Which of the following is the internal auditor's most appropriate next step?

Immediately notify management of the area under review and the other internal auditors involved in the engagement.

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.

Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.

95. Which of the following most accurately describes the role of the board when it comes to organizational governance?

Responsibility for outcome of the process.

Responsibility to be involved in management of the organization.

Responsibility to determine who is accountable for outcomes.

Responsibility to identify risks in the organization’s business environment

96. Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?

Appoint the chief audit executive as a member of the board.

Adopt written policies and procedures for the internal audit activity, approved by the board.

Ensure the chief audit executive reports administratively to the audit committee.

Establish the internal audit activity’s position within the organization in an audit charter.

97. Which of the following statements best describes the difference between risk appetite and risk tolerance?

Risk appetite applies to specific objectives, while risk tolerance refers to an organization's general attitude toward risk,

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management.

Risk appetite refers to an organization's general level of acceptance, while risk tolerance is a more specific and subordinate concept.

There is no significant difference between the two terms.

98. In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?

The CAE previously undertook a consulting assignment in that area to improve processes,

A couple of years ago, the CAE performed accounting functions for the payroll department.

Prior to becoming the CAE, the CAE was the payroll manager.

The assurance review was initiated following issues identified during a consulting assignment requested by management.

99. The board of a newly established organization was discussing the contents of the draft internal audit charter One board member suggested adding to the charter an obligation for the internal audit activity to develop controls in business procedures. The board member explained that the new organization needs professional-level developers, internal auditors have the necessary skills and competencies, and the internal audit activity is well positioned to assume this responsibility.

Which of the following would be a potential concern if the board member’s suggestion is adopted?

Due professional care.

Internal audit objectivity.

Risk management assurance.

Professional development.

100. The internal audit activity completed its analysis of sample transactions to determine occurrences of double billings According to If A guidance, which of the following best demonstrates that internal auditors exercised due professional care during the review?

Internal auditors found no instances of double billing and concluded there were no significant risks in this area.

Internal auditors documented the scope and methodology of the data testing.

Internal auditors discussed with management how data is safeguarded.

Internal auditors received formal performance feedback from the engagement supervisor.