QUESTION 120
The chief commodity trader for a large energy company learns from a friend that a competitor will likely fail its upcoming regulatory audit and will be forced to temporarily decrease production. If the information is true, the trader has short-term opportunities to make trades that will financially benefit the trader's company and will lead to a substantial increase in the trader's performance bonus. However, if the information is not true, making the trades will significantly increase the company's risk of being caught in a long position. From an ethical perspective, which of the following would be the most appropriate course of action for the trader to take?
A. Makethetradebecausethecompanyandthetraderwillbothbenefit.
B. Haveanothertraderonstaffmakethetradeinordertoavoidaconflictofinterest.
C. Disclose the information to the risk oversight committee but proceed with the trade to capitalize on the opportunity. D. Defer the decision to management and risk the loss of the trading opportunity.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference: QUESTION 121
The best reason for separating the cash-receiving function from the related record-keeping function is to:
A. Segregatecashpaymentsfromcashreceipts.
B. Provideaccountabilityforcashreceived.
C. Minimize misappropriations in cash receipts.
D. Improve physical security over the cash-receiving function.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference: QUESTION 122
The main reason to establish internal controls in an organization is to:
A. Encouragecompliancewithpoliciesandprocedures. B. Safeguardtheresourcesoftheorganization.
C. Ensure the accuracy, reliability, and timeliness of information.
D. Provide reasonable assurance on the achievement of objectives.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference: QUESTION 123
Which of the following is the primary concern of an internal auditor in a comprehensive audit of an organization?
A. Accuracyofreportsonthesourceanduseoffunds.
B. Extentofachievementoftheorganization'smission.
C. Confirmation of compliance with policies and procedures.
D. Appropriateness of procedures related to the budgeting process.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 124
According to the Standards, which of the following must an internal auditor take into consideration when performing an assurance engagement of treasury operations?
I. The audit committee has requested assurance of the treasury department's compliance with a new policy on the use of financial instruments.
II. Treasury management has not instituted any risk management policies.
III. Due to the recent sale of a division, the amount of cash and marketable securities managed by the treasury department has increased by 350 percent. IV. The external auditors have indicated some difficulties in obtaining account confirmations.
A. IandIIonly
B. IandIVonly
C. I, II, and III only D. II, III, and IV only
Correct Answer: C Section: Volume B Explanation
Explanation/Reference: QUESTION 125
If management has not established a risk management process, the internal audit activity could.
A. Takeaproactiverolethatsupplementstraditionalassuranceactivities.
B. Identifyandmitigateriskstotheorganization.
C. Assumeresponsibilityforthemanagementofidentifiedrisks.
D. Assumeprimaryresponsibilityfordeterminingifadequateandeffectiveprocessesareinplace.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference: QUESTION 126
A major corporation is considering significant organizational changes. Which of the following groups would not be responsible for implementing these changes?
A. Employees.
B. Seniormanagement. C. Common stockholders. D. Outside consultants.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference: QUESTION 127
According to the International Professional Practices Framework, a review team must express an opinion on which of the following when performing an external
assessment of an internal audit activity?
I. Conformance with the Standards and IIA Code of Ethics.
II. Effectiveness of continuous improvement activities.
III. Feedback from internal audit customers and other stakeholder groups.
IV. Efficiency and effectiveness of the internal audit activity's administration processes.
A. Ionly
B. IIIonly
C. IandIIonly D. II and IV only
Correct Answer: A Section: Volume C Explanation
Explanation/Reference: QUESTION 128
When planning an audit engagement, what should an internal auditor first consider when assessing the risk of fraud in the area to be audited?
A. Impactofandexposuretofraud. B. Existenceofevidenceoffraud. C. Organizational structure.
D. Management's risk appetite.
Correct Answer: A Section: Volume C Explanation
Explanation/Reference: QUESTION 129
Which of the following risk factors is most subjective?
A. Changesinstaff,systems,ortheenvironment. B. Priorauditfindings.
C. Size of the unit being audited.
D. Competency of operating management.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference: QUESTION 130
Which aspect of the audit function would be most impacted by a lack of coordination between an organization's internal and external auditors?
A. Responsiveness. B. Timeliness.
C. Effectiveness.
D. Efficiency.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference: QUESTION 131
An organization's chief audit executive (CAE) has been asked to monitor and report on any violations of the organization's code of conduct. The CAE should:
A. Reviewandadjudicateallcomplaints.
B. Leadthecommitteeresponsiblefortheoversightofthecode.
C. Develop specific procedures to ensure that the code is clearly communicated to all employees. D. Participate in an advisory capacity on the committee that adjudicates any violations.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference:
QUESTION 132
Which of the following is least likely to enhance the independence of an internal audit activity?
A. Theexistenceofaformalwrittencharterfortheinternalauditactivity.
B. Submissionofanannualinternalauditworkplantotheauditcommittee. C. A direct reporting relationship to the audit committee.
D. Adherence to the organization's position classification structure.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference: QUESTION 133
Which of the following reporting relationships results in the greatest impairment to the independence of the chief audit executive (CAE)?
A. TheCAEreportsadministrativelyandfunctionallytothepresident.
B. TheCAEreportsadministrativelytothepresidentandfunctionallytotheboard.
C. The CAE reports administratively to the chief financial officer and functionally to the president.
D. The CAE reports administratively to the audit committee and functionally to the chief operating officer.
Correct Answer: A Section: Volume C Explanation
Explanation/Reference: QUESTION 134
An employee who recently transferred into the internal audit activity has been assigned to audit the accounts payable system. Which function, if previously performed by this employee, would represent a conflict of interest?
A. Monitoringtheallowancefordoubtfulaccounts.
B. Writingproceduresforthehandlingofduplicatepayments. C. Signing timekeeping cards for subordinates.
D. Reviewing shipping documents for accuracy.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference:
QUESTION 135
A company's chief audit executive determines that the internal audit staff does not have the requisite skills to conduct an audit of the financial derivatives area. Which of the following actions would be the least acceptable?
A. Notifytheauditcommitteeoftheproblemandconsultwiththemregardingoutsourcingtheauditengagementtoaqualifiedexternalauditingfirm.
B. Determinetherequisiteknowledgeneededandobtainthepropertrainingforauditorsifsuchtrainingisavailablewithintheappropriatetimeframeworkoutlined by the audit committee.
C. Notify the audit committee of the problem and assign the most competent auditors to perform the audit engagement.
D. Employ the skills of a financial derivatives expert to consult on the project, and supplement the consulting with a local seminar on financial derivatives.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference:
QUESTION 136
During an audit engagement in an insurance company, an internal auditor discovered that senior management had purposely misclassified $200, 000 in assets on financial statements submitted to regulatory authorities in order to avoid significant statutory penalties. To remain in compliance with the IIA Code of Ethics, what would be the most appropriate action for the auditor to take?
A. Notethesituationintheworkpapersandinformthechiefexecutiveofficer. B. Sendaninformativememototheexternalauditors.
C. Discuss the matter with audit management and ensure that the audit committee is informed. D. Report the matter to regulatory authorities since senior management is implicated.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference: QUESTION 137
During an audit of financial contracts, an internal auditor learns that a relative has a substantial loan with the organization. The auditor should:
A. Excludetherelative'sinformationfromtheauditedworkandproceedwiththeauditengagement.
B. Proceedwiththeauditengagementbutdiscloseintheengagementfinalcommunicationthattherelativeisacustomer.
C. Immediately withdraw from the audit engagement.
D. Notify management and the chief audit executive (CAE) and have the CAE determine whether the auditor should continue with the audit engagement.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference: QUESTION 138
How should management obtain assurance that employees are complying with the organization's security policy?
A. Regularlyconductindependentreviewsofemployees'securitypractices.
B. Routinelysurveystaffsothatinformationrelatedtosecuritypracticescanbesubmittedanonymously.
C. Rely on exception reports to identify errors.
D. Enforce a policy that requires all employees to sign a statement that they will adhere to the organization's security policies.
Correct Answer: A Section: Volume C Explanation
Explanation/Reference:
QUESTION 139
What is the primary purpose of a risk management program?
A. Reducerisktoatolerablelevel.
B. Reduceallrisksregardlessofcosts.
C. Transfer all risks to external third parties. D. Identify every significant risk to avoid it.
Correct Answer: A Section: Volume C Explanation
Explanation/Reference: QUESTION 140
Within the internal audit process, which of the following is not a significant advantage of employing a control model?
A. Itprovidesguidanceonidentifyingcontroldeficienciesforeachinternalauditengagement. B. Itrecognizestheneedtoevaluatebothhardandsoftcontrols.
C. It assists internal auditors in assessing the achievement of management's objectives.
D. It validates the findings and recommendations of the internal audit.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference:
QUESTION 141
An organization's chief audit executive (CAE) has been asked to conduct an assurance engagement for an information technology system that was subject to a consulting engagement in the prior year. How should the CAE respond?
A. Declinetheengagementbecauseindependenceandobjectivitywouldbeimpaired.
B. Delaytheassuranceengagementtoensurethatthereisatwo-yearperiodbetweentheengagements. C. Accept the engagement and assign different auditors to conduct the assurance services.
D. Facilitate a control self-assessment workshop instead of performing an assurance engagement.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference:
QUESTION 142
According to the Standards, a review team must express an opinion on which of the following when performing an external assessment of an internal audit activity? 1. Conformance with the Standards and IIA Code of Ethics.
2. Effectiveness of continuous improvement activities.
3. Feedback from internal audit customers and other stakeholder groups.
4. Efficiency and effectiveness of the internal audit activity's administration processes.
A. 1only
B. 3only
C. 1and2only D. 2and4only
Correct Answer: A Section: Volume C Explanation
Explanation/Reference:
QUESTION 143
To develop greater internal auditing expertise, the chief audit executive (CAE) has been assigning the same relatively inexperienced team of internal auditors to a series of engagements spanning several months. Is this practice consistent with the Standards?
A. Yes.TheCAEispromotingtheprofessionaldevelopmentofthestaff.
B. Yes.Theexperiencewillquicklybuildspecializedskillsandcompetencies.
C. No. The team should collectively possess the competencies appropriate for the engagements. D. No. Teams should be comprised of both experienced and inexperienced auditors.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference: QUESTION 144
Which of the following would be the least significant consideration when performing a risk analysis?
A. Financialexposureandpotentialloss. B. Skillsavailablewithintheauditstaff. C. Results of prior audits.
D. Major operating changes.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference: QUESTION 145
Which of the following is correct regarding the implementation of a quality assurance and improvement program for the internal audit function?
A. Theboardhastheprimaryresponsibilityforimplementationofarobustqualityassuranceandimprovementprogramforinternalaudit.
B. AninternalauditfunctionthatisfullycomplyingwithinternalassessmentofqualitycanconfidentlyclaimitisperforminginconformitywiththeInternational Professional Practices Framework.
C. The chief audit executive can establish a formal quality assurance and improvement program that is led by an audit manager. D. A quality assurance and improvement program is applicable depending on the size and complexity of the audit function.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference:
QUESTION 146
Which of the following are appropriate ways to obtain continuous professional education? 1. Instructing at a local IIA training event.
2. Attending internal audit conferences and seminars.
3. Practicing specialized audit and consulting work.
4. Participating in research projects in internal auditing.
A. 1and3only
B. 1and2only
C. 3and4only
D. 1,2,and4only
Correct Answer: D Section: Volume C Explanation
Explanation/Reference:
QUESTION 147
Which of the following processes or tools can be used as ongoing internal assessments of the performance of the internal audit activity? 1. Analyses of audit plan completion and cost recoveries.
2. Selective peer reviews of work papers by staff involved in the respective audits.
3. Self-assessment of the internal audit activity with on-site validation by a qualified independent reviewer.
4. Feedback from audit customers and stakeholders.
A. 1only
B. 1and2only
C. 3and4only
D. 1,2,and4only
Correct Answer: D Section: Volume C Explanation
Explanation/Reference:
QUESTION 148
Which of the following are appropriate responsibilities of the audit committee in relation to the chief audit executive (CAE)? 1. Approving the internal audit charter.
2. Approving decisions regarding the appointment and removal of the CAE.
3. Approving the risk management strategy for the organization.
4. Making appropriate inquiries of management and the CAE to determine whether there are inappropriate scope and resource limitations.
A. 1and2only
B. 1,2,and3only C. 1,2,and4only D. 2,3,and4only
Correct Answer: C Section: Volume C Explanation
Explanation/Reference: QUESTION 149
Which of the following internal auditor attributes are affected by a conflict of interest?
A. Independenceandauthority.
B. Authorityandproficiency.
C. Independence and objectivity.
D. Objectivity and due professional care.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference: QUESTION 150
Which of the following is the most appropriate outcome measure for assessing safety operations?
A. Numberofinspectionsconducted.
B. T ests made of equipment.
C. Reduction in machine down time due to accidents.
D. Number of operations observed.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference:
QUESTION 151
Which of the following would be a violation of the objectivity of a certified internal auditor?
1. Accepting a motivational book from a major vendor.
2. Attending a professional sporting event as the guest of a corporate supplier.
3. Performing an internal audit engagement for a division 18 months after having controllership responsibility for that division. 4. Designing and implementing a corporate-wide utilities cost containment program.
A. 1and3only
B. 2and3only
C. 2and4only
D. 1,3,and4only
Correct Answer: C Section: Volume C Explanation
Explanation/Reference:
QUESTION 152
An organization that outsources much of its internal audit work to an external service provider is planning for an external quality assessment. Which of the following options would accomplish this task and be in conformance with the Standards?
A. Engaginganexternalindustryassociatethatperformedasimilarreviewforasupplieroftheorganization.
B. Selectingateamfromanindependententitythatpreviouslyemployedthechiefauditexecutiveoftheorganization.
C. Using a team under the direction of the organization's chief audit executive, and obtaining validation from a former manager of the internal audit activity. D. Using the same external service provider because of its competency and experience with the organization.
Correct Answer: A Section: Volume C Explanation
Explanation/Reference: QUESTION 153
In order to use “Conducted in accordance with the International Standards for the Professional Practice of Internal Auditing, " an internal audit activity must:
A. SatisfyallrequirementsoftheInternationalProfessionalPracticesFrameworkduringeachinternalauditengagement. B. CompleteanexternalassessmentofqualityassurancetodemonstratecompliancewiththeStandards.
C. Establish a continuous quality assurance and improvement program.
D. Have its charter reviewed and approved by management and the board.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference: QUESTION 154
Which of the following is the best example of a strategic objective?
A. Openinganewproductline.
B. Adheringtolawsandregulations. C. Attaining a specified sales target. D. Safeguarding assets.
Correct Answer: A Section: Volume C Explanation
Explanation/Reference: QUESTION 155
A daily log of treasury dealers who exceeded their authorized limits serves as a:
A. Preventivecontrol.
B. Detectivecontrol.
C. Feed-forward control. D. Directive control.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference:
QUESTION 156
Which of the following are acceptable resources for a chief audit executive to use when developing a staffing plan? 1. Co-sourcing arrangements.
2. Employees from other areas of the organization.
3. The organization's external auditors.
4. The organization's audit committee members.
A. 1only
B. 1and2only
C. 2and3only
D. 1,2,and4only
Correct Answer: B Section: Volume C Explanation
Explanation/Reference: QUESTION 157
Which of the following would most likely function as a detective control?
A. Securitydogs.
B. Alertemployees. C. Insurance claims. D. Cycle counts.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference: QUESTION 158
One of an organization's quality objectives is to reduce the amount of rework needed in the production cycle. Which of the following controls would be the least effective in achieving this objective?
A. Machineryisroutinelymaintainedtoavoidproductionmalfunctions.
B. Employeesarerewardedforsuggestionsthatleadtoqualityimprovements.
C. Quality inspectors are assigned to identify any defects in the finished product.
D. Daily reconciliations are performed between finished goods and the number of rejects.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference:
QUESTION 159
Some of an organization's payroll transactions were batch posted to the payroll file but were not uploaded correctly to the general ledger file on the mainframe. The best control to detect this type of error would be:
A. Editcontrolsonthepayrollfile.
B. Appropriatesegregationofdutiesforbatchapproval. C. Validation of hash totals.
D. Reconciliation of paychecks to the bank account.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference:
QUESTION 160
Which of the following is the primary advantage of using a computer assisted audit technique (CAAT) to provide a higher level of assurance?
A. CAATscanselectanappropriatesamplesizefortestingandthusprovidehigherlevelofassurance.
B. CAATsaremoreobjectivethanthetraditionalmethodsininterpretingtheresults.
C. CAATs can examine the whole of population of transactions, rather than a sample, in order to identify exceptions and trends. D. CAATs can process the results faster and thus give a higher level of assurance.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference:
QUESTION 161
After completing a net present value (NPV) calculation on a proposed project, an analyst explores the change in NPV with changes in the interest rate. This additional analysis is referred to as:
A. Decisionanalysis. B. Simula-tion.
C. Sensitivityanalysis. D. Variance analysis.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference: QUESTION 162
Once the cause of a problem has been identified, the next step is to:
A. Selectasolution.
B. Generatealternativesolutions.
C. Identifytheproblem.
D. Consider the reaction of competitors to various courses of action.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference:
QUESTION 163
A chief audit executive (CAE) of a major retailer has engaged an independent firm of information security specialists to perform specialized internal audit activities. The CAE can rely on the specialists' work only if it is:
A. Performedinaccordancewiththetermsofthecontract.
B. CarriedoutinaccordancewiththeStandards.
C. Performed under the supervision of the information technology department. D. Carried out using standard review procedures for retailers.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference:
QUESTION 164
During an audit of a major contract, an internal auditor finds that actual hours and dollars billed are consistently at or near budgeted amounts. This condition is a red flag for which of the following procurement fraud schemes?
A. Defectivepricing. B. Costmischarging. C. Fictitious vendor. D. Bid rotation.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference:
QUESTION 165
Which of the following is characteristic of embezzlement?
A. Favorsfromasupplierthatisattemptingtogainadvantagewhensellingitsproducts.
B. Unlawfulconversionofassetsthatareinthepossessionofanemployee.
C. Misrepresentation of material facts in order to mislead others to part with something of value. D. Stealing of material of value by unknown persons from outside the organization.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference: QUESTION 166
In which of the following situations would fishbone diagrams be most useful?
A. Theproblemiscomplicatedandtherootcauseisunknown.
B. Teammemberscannoteffectivelycommunicatewitheachother.
C. The team is too small for brainstorming to be effective.
D. The team consists of experts who can resolve problems without much difficulty.
Correct Answer: A Section: Volume C Explanation
Explanation/Reference:
QUESTION 167
The results of an internal control questionnaire revealed that all investment activity exceeding $10, 000 must be approved by the assistant treasurer. A sample of these transactions with a five-percent acceptable error rate found that 98 of the 100 items tested included the assistant treasurer's approval. Based on this data, the auditor should:
A. Confirmallinvestmentactivitywiththefirm'sbrokersinceerrorsinapprovalhadoccurred. B. Decidenottoperformfurthertestingofinvestmentauthorizations.
C. Contact the corporate finance department to verify all of the investments held.
D. Perform an analytical review of investment transactions in comparison with prior years to identify significant fluctuations.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference:
QUESTION 168
Which of the following would provide the best evidence of compliance with an airline's standard of having aircraft refueled and cleaned within a specified time of arrival at an airport?
A. Vendorfuelinvoicesthathavebeenreconciledtoinventoryrecords.
B. Timecardscompletedbyaircraftcleaningandfuelingcrews.
C. Observation of selected aircraft while they are being refueled and cleaned.
D. Comparison of the standard hourly labor costs for cleaning and fueling personnel with actual labor charges.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference:
QUESTION 169
Company A has a formal comprehensive corporate code of ethics while company B does not. Which of the following statements regarding the existence of the code of ethics in company A can be logically inferred?
1. Company A exhibits a higher standard of ethical behavior than does company B.
2. Company A has established objective criteria by which an employee's actions can be evaluated.
3. The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company.
A. 2only
B. 3only
C. 1and2only D. 2and3only
Correct Answer: A Section: Volume C
Explanation Explanation/Reference:
QUESTION 170
During a routine audit of a customer service hotline, an internal auditor noticed that an unusually high number of customer complaints pertained to payments not being applied to the customers' accounts. Which of the following would most likely be the reason for the high volume of complaints?
A. Anineffectivecustomerservicedepartment.
B. Poorcontrolsintheinvoiceapprovalprocesses. C. Check tampering by an employee.
D. Submission of fraudulent expense reports.
Correct Answer: C Section: Volume C Explanation
Explanation/Reference: QUESTION 171
Which of the following data collection strategies systematically tests the effects of various factors on an outcome?
A. Contentanalysis.
B. Sampling.
C. Evaluation synthesis. D. Modeling.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference:
QUESTION 172
Which of the following statements is true about visual observation during an audit engagement?
1. Visual observations should not be documented as the facts have not been substantiated.
2. Complex conditions observed should be verified prior to communicating observations to management.
3. Visual observations can be used to detect ineffective controls, idle resources, and safety hazards.
4. Visual observation can be used during both preliminary survey and fieldwork stages of the audit engagement.
A. 1and2only
B. 3and4only
C. 1,2,and4only D. 2,3,and4only
Correct Answer: D Section: Volume C Explanation
Explanation/Reference:
QUESTION 173
An engagement manager is reviewing the results of sampling work performed by staff internal auditors. Which interim report statement should immediately give the engagement manager cause for concern about the nature and quality of the sampling procedure?
A. Theacceptableriskofassessingcontrolrisktoolowis10%,thetolerabledeviationrateis5%,theexpectedpopulationdeviationrateis1%,samplesizeis80 out of a large population.
B. Theacceptableriskofassessingcontrolrisktoolowis5%,thetolerabledeviationrateis5%,theexpectedpopulationdeviationrateis5%,thesamplesizeis 1580.
C. The acceptable risk of assessing control risk too low is 5%, the tolerable deviation rate is 5%, the expected population deviation rate is 1%, the confidence expressed is 95%.
D. The acceptable risk of assessing control risk too low is 10%, the tolerable deviation rate is 5%, the true, but unknown population rate is less than 5%, the achieved upper deviation limit is 4.8%.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference: QUESTION 174
Which of the following is considered a common red flag indicator in helping to uncover fraud?
A. Impropersegregationofduties.
B. Repeatedpoorperformance.
C. Termination from previous employer. D. Experiencing financial difficulty.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference: QUESTION 175
A. Thechiefauditexecutivejobdescription.
B. Theinternalauditpolicystatement.
C. The organization's charter to conduct operations. D. The IAA vision statement.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference: QUESTION 176
According to the IIA Code of Ethics, the deliberate omission of relevant information from an audit report would violate which principle? A. Honesty.
Which of the following, other than the internal audit charter, is most likely to define the purpose, authority, and responsibility of the internal audit activity (IAA)?
B. Competency. C. Responsibility. D. Integrity.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference:
QUESTION 177
A chief audit executive (CAE) submits internal audit activity (IAA) plans and information about significant interim changes to senior management and the board for review. Which other piece of information should the CAE provide to senior management and the board?
A. IdentificationofproposedconsultantsandsupportstafffortheIAA.
B. Themostrecentengagementofeachmemberoftheauditstaffanditsduration.
C. The CAE's preferred statistical analysis methods and relevant software to be utilized. D. Resource requirements and resource limitations.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference:
QUESTION 178
The chief audit executive is revising policies relating to independence and objectivity of the internal audit activity. Which of the following would be a part of the revised policies document?
A. Anyauditorthatreceivedhigh-valuegiftsfromanauditclientmustreportittotheirsupervisor.
B. Anyauditorthatreceivedgiftsoflow-valuepromotionalitemsfromanauditclientmustreportittotheirsupervisor.
C. An auditor does not need to complete an annual conflict of interest form unless the auditor's independence status has changed. D. Anauditormayprovideconsultingservicesrelatingtooperationsforwhichtheyhadpreviousresponsibilities.
Correct Answer: D Section: Volume C Explanation
Explanation/Reference:
QUESTION 179
The chief audit executive (CAE) wants to ensure that there are sufficient resources available to fulfill the responsibilities of the internal audit activity in the coming year. Which statement describes the most logical sequence of events for the CAE to undertake in order to achieve this objective?
A. Confirmauditplan;confirmbudget;reviewexistingresources;identifyoutstandingresourcerequirements.
B. Reviewprioryearauditplan;reviewexistingresources;confirmnewauditplan;confirmbudget.
C. Confirm budget; review existing resources; obtain any new resources required; confirm new audit plan.
D. Review results of prior year audit plan; adjust current plan accordingly; hire required resources; confirm budget.
Correct Answer: A Section: Volume C Explanation
Explanation/Reference:
QUESTION 180
In which of the following circumstances is it apparent that the internal auditor exercised due professional care in carrying out his duties?
1. The internal auditor weighed the cost of the engagement against its potential benefits.
2. The internal auditor used anonymous information from a whistleblower to report the existence of fraudulent activity.
3. The internal auditor found minor and major instances of fraud and highlighted only the major instances in its report, in consideration of the board's limited time. 4. The internal auditor decided to use new auditing software to assist with the statistical analysis required during the engagement.
A. 1and2only B. 2and3only C. 3and4only D. 1and4only
Correct Answer: D Section: Volume C Explanation
Explanation/Reference: QUESTION 181
Which of the following is not a typical objective of any training plan developed for internal audit activity staff?
A. Consistency. B. Economy. C. Quality.
D. Relevance.
Correct Answer: B Section: Volume C Explanation
Explanation/Reference:
QUESTION 182
According to IIA guidance, which of the following best describes acceptable methods for internal auditors to obtain qualified continuing professional education hours?
A. Volunteeringinrelevantprofessionalorganizations,formaleducation,andonlinetrainingcourses.
B. Volunteeringinrelevantprofessionalorganizations,formaleducation,andtutoringcollegestudents.
C. Volunteering in relevant professional organizations, on-line training courses, and tutoring college students. D. Formal education, on-line training courses, and tutoring college students.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference:
QUESTION 183
According to IIA guidance, which of the following statements is true regarding the reporting of results from a quality assurance and improvement program review of the internal audit activity?
A. Areportontheresultsoftheassessmentisissueduponcompletion,andprogressonimplementingrecommendedimprovementsmustbereportedmonthly.
B. Theresultsarereporteduponcompletioninconfidencedirectlytotheboard,andmanagementisadvisedonlyoftherecommendationsandimprovementaction plans.
C. The results are shared with the board and management upon completion, and monitoring of recommended improvements must be reported at least annually. D. The results are communicated upon completion to the board and management, but action plans for recommended improvements do not have to be reported.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 184
Feedback on engagements from audit clients, annual benchmarking of the internal audit activity's (IAA's) performance against best practice, and analyses of project budgets and audit plan completion are all tools that can best be used by the IAA for which purpose?
A. Completinginternalassessments.
B. Determiningthelevelofresidualrisk. C. Identifying conflicts of interest.
D. Developing control processes.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference:
QUESTION 185
Which type of control is designed to directly mitigate internal and external risks at the organization wide level, furthering the achievement of many overall organizational objectives?
A. Process-levelcontrol.
B. Entity-levelcontrol.
C. Transaction-level control. D. Complementarycontrol.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference:
QUESTION 186
A small not-for-profit organization with limited resources is unable to adequately maintain appropriate segregation of duties. Considering the organization's resource constraints, which type of controls would best mitigate segregation of duty risks?
A. Applicationcontrols.
B. Detectivecontrols.
C. Preventive controls.
D. Compensating controls.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference:
QUESTION 187
According to the COSO Enterprise Risk Management - Integrated Framework, which of the following statements is true regarding the role of risk appetite in an organization?
A. Riskappetitereflectstheorganization'sriskphilosophyandinfluencesitsoperatingstyle. B. Ahighriskappetitemaylimitcapitalinvestmentinhighriskareas.
C. Risk appetite is determined in part by how an entity allocates its resources.
D. Risk appetite is often best measured in the same units as its related objective.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference:
QUESTION 188
Which domain of the COBIT framework addresses the maintenance and change management of existing systems to ensure alignment with business needs and objectives?
A. Planandorganize. B. Deliverandsupport.
C. Monitor and evaluate. D. Acquire and implement.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference: QUESTION 189
According to IIA guidance, which of the following risk management process evaluation findings would the internal audit activity consider most effective?
A. Relevantriskinformationiscapturedandcommunicatedinaperiodicmannertomanagement. B. Riskmanagementprocessesaremonitoredthroughanannualassessment.
C. Risk responses align with the organization's risk appetite.
D. Strategic risks with low residual values are continuously monitored.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 190
An employee is more likely to commit fraud if which of the following red flags are present?
1. The employee believes that he is being underpaid and deserves a higher salary.
2. The employee is close to retirement and has expressed a desire to take an expensive trip around the world.
3. The employee has personal financial problems and seems very unhappy.
4. The employee is spending much more time at the office than usual and has been asking about opportunities for professional advancement.
A. 1and2only B. 1and3only C. 3and4only D. 2and4only
Correct Answer: B Section: Volume D
Explanation Explanation/Reference:
QUESTION 191
A senior manager asks the chief audit executive (CAE) to explain why statistical sampling is the best method to use in conducting an internal audit. Which advantages should the CAE point to in order to justify the internal audit activity's (IAA) use of statistical sampling?
A. StatisticalsamplingsetslimitsonresourcesusedfortheIAA,allowsforasubjectiveinterpretationoftheIAA'ssamplingresults,andsupportsTheInstituteof Internal Auditors' requirements for using questionnaires as a sampling tool.
B. Statisticalsamplingallowsforevaluationofallorganizationaldataatonce,increasesthelikelihoodthatrisksareimmediatelyidentified,anddoesnotrequirea level of tolerable misstatement or margin of error.
C. Statistical sampling allows for the selection of a minimum sample size, provides a quantitative expression of the IAA's sampling results, and supports extrapolation.
D. Statistical sampling itself identifies root causes of issues, utilizes a qualitative method for analyzing results, and supports engagement objectives through the use of external benchmarking.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 192
An internal auditor obtains spreadsheets created by the finance department of an organization. The internal auditor contacts a third party about the source data that was utilized to create the spreadsheets before going on to perform a ratio analysis and a comparison of budget versus actual data. What is the most likely reason that the internal auditor involved a third party before performing further analysis?
A. Todetermineifalaterre-performancefortestingmechanicalaccuracywouldbepossible. B. Toconfirmthatthespreadsheetscouldbeusedasasourceofanalyticdata.
C. To determine what future usage limitations the spreadsheets might have.
D. To obtain a reliable verification about the accuracy of the source data.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference:
QUESTION 193
An internal auditor is preparing a draft observation based on her assessment of an accounts payable process. Which of the following is a process recommendation?
A. Authorizationpolicyforaccountspayablewasnotfollowedforpaymentsabove$10,000.
B. Authorizationpolicyrequirestwolevelsofapprovalforallpaymentsabove$10,000.
C. Because of non-compliance with authorization policy, inappropriate payments may be made for payments above $10, 000. D. The accounts payable authorization actions for all payments should be automated.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference:
QUESTION 194
During the planning phase of an audit, an internal auditor preliminarily concluded that the controls for a process were adequately designed to manage the associated risk. Under what conditions might this preliminary assessment subsequently prove to be unreliable?
A. Compensatingcontrolsfromotherprocesseswerenotpresent.
B. Redundantcontrolsarenotinplacetoenhancewelldesignedcontrols.
C. Entity level controls are informal and not consistently enforced.
D. Process controls were not developed from an existing key control checklist.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 195
Which of the following is not part of the five-attribute approach to developing documentation for an audit observation?
A. Condition. B. Effect.
C. Management response. D. Recommendation.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 196
Which of the following types of information would an internal auditor expect to find in the supporting documentation for a high-level accounts payable process flowchart?
A. Acopyofthenewcustomerrequestform.
B. Anoverviewofthestepsforvalidatinginvoices.
C. The number of payments paid before the due date of the invoice. D. The payment terms and credit limit of the vendor to be paid.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 197
Which type of documentary evidence gathered by an organization's internal auditors has the highest level of reliability?
A. Inventorytestcounts. B. Bank statements.
C. Remittance advices.
D. Writtenpolicystatements.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference:
QUESTION 198
An internal auditor is testing, on a sample basis, whether invoices paid between January 1 and December 31 are supported by appropriately approved purchase orders. Over 25, 000 invoices were paid during the fiscal year, which runs from the first of April to the end of March. The auditor sets the acceptable risk of assessing control risk too low at 5% and the tolerable deviation rate at 5%. The internal auditor consults the previous audit and sets the expected population deviation rate at 1%. Sample size (77) is selected from a table and rounded up to 80. No sample deviations were found. The upper deviation limit was 3.7%.
Which of the following statements represents a valid conclusion regarding this information?
A. Iam95%confidentthatthetrue,butunknown,populationdeviationrateislessthanorequalto3.7%.Resultsindicatedthatthesamplesizewastoosmall,as no sample deviations were found.
B. Iam95%confidentthattheactualpopulationdeviationrateis3.7%.Sincethisislessthanthetolerabledeviationrate,quantitativeattributetestingresults indicate that the control is effective.
C. I am 95% confident that the true, but unknown, population deviation rate is less than or equal to 3.7%. The quantitative attribute testing results indicate that the control is effective.
D. I am 95% confident that the true, but unknown, population deviation rate is less than or equal to 3.7%. The quantitative attribute testing results indicate that the control is not effective.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 199
Which of the following is not considered one of the most common red flags for perpetrators of fraud?
A. Excessivecontrolissues.
B. Repeatperformanceissues.
C. Unusually close association with customers.
D. Experiencing financial difficulty.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 200
Which of the following is a component of the internal audit value proposition endorsed by IIA guidance?
A. Insight.
B. Independence. C. Integrity.
D. Competency.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference: QUESTION 201
The chief audit executive needs to revise the internal audit activity's (IAA) charter. The revision must address the element of authority.
Which of the following statements meets this requirement?
A. TheIAAshallidentifyandassessallpotentialriskstotheoperationsoftheorganization.
B. TheIAAshallbegrantedaccesstoallrecordsrelevanttotheperformanceofitsduties.
C. Following its assessment, the IAA shall recommend risk control processes and resource management strategies.
D. The IAA shall deliver an initial report of its findings to the organization's board within 120 days of the beginning of the engagement.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference:
QUESTION 202
According to the Standards, which of the following statements best describes the required content of the chief audit executive's (CAE) report to senior management and the board on the internal audit activity (IAA)?
A. TheCAEmustreportonsignificantriskexposures,controlissues,andgovernanceissues.
B. TheCAEmustreportonpolicies,procedures,andbestpracticesoftheIAA.
C. The CAE must report on quality assurance techniques, statistical analysis methods, and other analytical processes used. D. The CAE must report on auditors' continuing education activities, staffing changes, and any outsourcing to external parties.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference: QUESTION 203
An internal auditor has been engaged to assess fraud risks associated with a new financial software system. Which competency would best help the auditor complete the task?
A. Expertiseinidentifyinginformationtechnologyrisks.
B. Athoroughunderstandingoforganizationalgovernanceprinciples. C. Proficiency in creating and utilizing process maps.
D. Knowledge of key management and business principles.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference:
QUESTION 204
According to IIA guidance, which of the following statements is correct concerning the knowledge, skills, and competencies required to fulfill the responsibilities of the internal audit activity (IAA)?
A. TheIAAmustcollectivelypossesstheknowledge,skills,andcompetenciesneededtoperformallengagements.
B. EachinternalauditorintheIAAmustpossessthecompetenciesrequiredtodetectandinvestigatefraudulenttransactions.
C. The IAA must not decline any engagement based solely on a lack the necessary knowledge, skills, and competencies to perform it.
D. The competencies of external service providers must be assessed by the chief audit executive before the IAA can use external service providers' work.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference:
QUESTION 205
Which of the following best describes the trait that an internal auditor exercises when considering the extent of work needed to achieve the engagement's objectives?
A. Independence.
B. Dueprofessionalcare. C. Objectivity.
D. Proficiency.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference:
QUESTION 206
A fast-food company is developing a computer simu-lation involving arrival time at a drive-through restaurant. The distribution for arrival times is: Time
Single-Digit Random
Between Arrivals Probability Number Assigned
2 minutes 0.1
0
3 minutes 0.2
1, 2
4 minutes 0.3
3, 4, 5
5 minutes 0.4
6, 7, 8, 9
Six random numbers are selected to represent the arrival of six cars: 1, 6, 9, 0, 5, 6. What is the mean time between arrivals in this run of the simu-lation model?
A. 2minutes. B. 3minutes. C. 4 minutes. D. 5 minutes.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 207
An organization has developed a model to determine the most profitable rate of production. The organization varies the cost of labor in the model to determine how much the changes affect the optimal production level. Which type of analysis does this scenario demonstrate?
A. Forecast.
B. Sensitivity. C. Critical path. D. Decision.
Correct Answer: B Section: Volume D
Explanation Explanation/Reference:
QUESTION 208
Which of the following is an example of a preventive control activity for risk related to pollution caused by waste disposal?
A. Offeringaneducationprogramdeliveredbyenvironmentalexperts.
B. Maintainingstrictsecurityaroundenvironmentaldepartmentfiles.
C. Seeking legal consultation from a firm with experience in environmental law. D. Taking periodic samples of the area at risk and logging the results.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference: QUESTION 209
Which of the following statements describes a control weakness?
A. Purchasingproceduresarewelldesignedandarefollowedevenwhenthepurchasingsupervisorwishestodirectotherwise.
B. Pre-numberedblankpurchaseordersaresecuredwithinthepurchasingdepartment.
C. Normal operational purchases fall in the range from $500 to $1, 000, with a single signature required for purchases over $1, 000.
D. The purchasing agent in a personal capacity invests in a publicly-traded mutual fund that lists the stock of one of the company's suppliers in its portfolio.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 210
What is audit risk?
A. Internalandexternalriskfactorsthatexistwhentherearenocontrolsimplemented.
B. Theamountofriskthatisreducedthroughriskmanagementoperations.
C. An incorrect conclusion based on evidence uncovered during an audit.
D. The risk that remains after management has executed risk management activities.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 211
Which of the following activities would be most likely to impair the objectivity of an internal auditor?
A. Performingreviewsofproceduresforanewinformationsystemsapplicationbeforeitisinstalled. B. Benchmarkingcontrolsduringthedevelopmentofanewinformationsystemsapplication.
C. Assisting with the development and installation of a new information systems application.
D. Developing recommended controls for the use of a new information systems application.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 212
Line management of a manufacturing operation requests an operational audit. They are seeking recommendations for policies and procedures to enhance control over the operation. What should the internal audit activity do?
A. Reviewtheeffectivenessofcurrentpoliciesandproceduresbutavoidmakingcontrolrecommendationsduetoimpairedobjectivity. B. Performtheengagementandmakeappropriaterecommendationsforpoliciesandprocedures.
C. Turn down the engagement because recommending controls would impair future objectivity regarding this client.
D. Turn down the engagement because an operational audit should not review policies and procedures.
Correct Answer: B Section: Volume D Explanation
Certified Internal Auditor Questions + Answers Part 6
-
answerhappygod
- Site Admin
- Posts: 899603
- Joined: Mon Aug 02, 2021 8:13 am