QUESTION 349
An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?
A. Informtheauditsupervisor.
B. Investigatethepotentialconflictofinterest.
C. Inform the external auditors of the potential conflict of interest.
D. Disregard the potential conflict, because it is outside the scope of the audit assignment.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 350
A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet- based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.
A. 1and2 B. 1and3 C. 2and4 D. 3and4
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 351
During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?
A. Theauditormustnotperformthetraining,becauseanytasktoimprovethebusinessprocesscould impact audit independence.
B. Theauditormustcreateanew,separateconsultingengagementwiththebusinessprocessownerprior to performing the improvement task.
C. The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.
D. The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 352
According to IIA guidance, which of the following strategies would add the least value to the achievement of
the internal audit activity's (IAA's) objectives?
A. AlignorganizationalactivitiestointernalauditactivitiesandmeasureaccordingtotheapprovedIAA performance measures.
B. EstablishaperiodicreviewofmonitoringandreportingprocessestohelpensurerelevantIAAreporting.
C. Use the results of IAA engagement and advisory reporting to guide current and future internal audit activities.
D. Establish a format and frequency for IAA reporting that is appropriate and aligns with the organization's governance structure.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 353
According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?
A. Theorganization'saudituniverseisextensiveanddiverse.
B. Therehasbeenanincreaseinunanticipatedrequestsforadvisorywork.
C. Previous work provided by the external service provider has been of great quality and value.
D. A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 354
The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA. 4. Arrange for reciprocal peer review with another CAE.
A. 1and2
B. 2and4
C. 1,2,and3 D. 2,3,and4
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 355
A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?
A. Operationalmanagement,becausetheyareresponsiblefortheday-to-daymanagementofthe
operational risks.
B. TheCRO,becauseheisresponsibleforcoordinatingandprojectmanagingriskactivitiesbasedonhis specialized skills and knowledge.
C. The chief audit executive, although he is not accountable for risk management in the organization.
D. The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed tolerance limits set by the board.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 356
Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?
1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.
2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.
3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.
4. Communicate to senior management a summary report on the status and adequacy of audit resources.
A. 1and3only B. 2and4only C. 1,2,and4 D. 2,3,and4
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 357
The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?
A. Itminimizestheamountoftimespentandcostincurredtogatherthenecessaryinformation.
B. Responsescanbeconfidential,thusencouragingparticipantstobecandidexpressingtheirconcerns. C. Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.
D. Workshop participants have an opportunity to learn while contributing ideas toward the objectives.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 358
Which of the following is the primary purpose of financial statement audit engagements?
A. Toassesstheefficiencyandeffectivenessoftheaccountingdepartment.
B. Toevaluateorganizationalanddepartmentalstructures,includingassessmentsofprocessflowsrelated to financial matters.
C. To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.
D. To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 359
An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?
A. Recommendadditionalsegregation-of-dutyreviews.
B. Recommendappropriateawarenesstrainingforallfinancedepartmentstaff. C. Recommend rotating finance staff in this area.
D. Recommend that management address these concerns immediately.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 360
Which of the following has the greatest effect on the efficiency of an audit?
A. Thecomplexityofdeficiencyfindings.
B. Theadequacyofpreliminarysurveyinformation.
C. The organization and content of workpapers.
D. The method and amount of supporting detail used for the audit report.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 361
Which of the following is least likely to help ensure that risk is considered in a work program?
A. Risksarediscussedwithauditclient.
B. Allavailableinformationfromtherisk-basedplanisused. C. Client efforts to affect risk management are considered. D. Prior risk assessments are considered.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 362
An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement. 3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.
A. 1,2,and3 B. 1,2,and4 C. 1,3,and4 D. 2,3,and4
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 363
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
A. Theamountofexperiencetheauditorshaveconductingauditsinthespecificareaoftheorganization. B. Theavailabilityoftheauditorsinrelationtotheavailabilityofkeyclientstaff.
C. Whether the budgeted hours are sufficient to complete the audit within the current scope.
D. Whether outside resources will be needed, and their availability.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 364
An organization's internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?
1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy. 2. The AIC should notify HR management before the planning stage begins.
3. The AIC should schedule formal status meetings with HR management at the start of the engagement. 4. The AIC should finalize the scope of the engagement before communicating with HR management.
A. 1and3 B. 1and4 C. 2and3 D. 2and4
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 365
The final internal audit report should be distributed to which of the following individuals?
A. Auditclientmanagementonly
B. Executivemanagementonly
C. Audit client management, executive management, and others approved by the chief audit executive. D. Auditclientmanagement,executivemanagement,andanythosewhorequestacopy.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 366
According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization's cash disbursements process?
A. Theaccountspayablesupervisor,accountspayablemanager,andcontroller. B. Theaccountspayablemanager,purchasingmanager,andreceivingmanager. C. The accounts payable supervisor, controller, and treasurer.
D. The accounts payable manager, chief financial officer, and audit committee.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 367
If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?
A. Actsthatmayendangerthehealthorsafetyofindividuals.
B. Actsthatfavoronepartytothedetrimentofanother.
C. Acts that damage or have an adverse effect on the environment. D. Acts that conceal inappropriate activities in the organization.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 368
An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?
A. Observecorrectivemeasures.
B. Seekamanagementassurancedeclaration.
C. Follow up during the next scheduled audit.
D. Conduct appropriate testing to verify management responses.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 369
Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?
A. Impropersegregationofduties.
B. Incentivesandbonusprograms. C. An employee's reported concerns. D. Lack of an ethics policy.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 370
Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?
A. Areviewofpasswordpolicycompliancefoundthatemployeesfrequentlyusethesamepasswordmore than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.
B. Areviewofinternalservice-levelagreementcomplianceinfinancialservicesfoundthatrequestsfor information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.
C. Avacationpolicycompliancereviewfoundthatemployeesfrequentlyleaveonvacationbeforetheir leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.
D. A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 371
An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?
A. Manageandcoordinateriskmanagementprocesses.
B. Auditriskmanagementprocesses.
C. Become involved in risk oversight committees, monitoring activities, and status reporting. D. Accept management's responsibility for risk management without board approval.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 372
When creating the internal audit plan, the chief audit executive should prioritize engagements based
primarily on which of the following?
A. Thelastavailableriskassessment.
B. Requestsfromseniormanagementandtheboard.
C. The longest interval since the last examination of each audit universe item. D. The auditable areas required by regulatory agencies.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 373
Which of the following conditions are necessary for successful change management? 1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.
A. 1and2 B. 1and3 C. 2and3 D. 2and4
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 374
A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?
A. Thecorporateriskregister.
B. Thestrategicplan.
C. Internal and external audit reports. D. The board's meeting records.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 375
When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?
1. Add value.
2. Improve operations.
3. Provide assurance that the internal audit activity conforms with the Standards.
4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.
A. 1only
B. 1and2only
C. 1and3only D. 1,2,3,and4
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 376
Which of the following best illustrates the primary focus of a risk-based approach to control self- assessment?
A. Toevaluatecontrolsregardingthecomputersecurityofanoilrefinery.
B. Toexaminetheprocessesinvolvedinexploring,developing,andoperatingagoldmine.
C. To assess the likelihood and impact of events associated with operating a finished goods warehouse. D. To link a financial institution's business objectives to a work unit responsible for the associated risk.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 377
Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?
A. Verifythatamountsarecorrect.
B. Verifythatpaymentsareontime.
C. Verify that recipients are valid employees. D. Verify that benefits deductions are accurate.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 378
Which of the following statements is false regarding audit criteria?
A. Auditcriteriashouldbeconsistentacrossauditassignments.
B. Auditcriteriashouldrepresentreasonablestandardsagainstwhichtoassessexistingconditions. C. Auditcriteriashouldprovideflexibilitybutallowidentificationofnonadherence.
D. Audit criteria should equate to good or acceptable management practices.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 379
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following
actions should the internal audit activity take in response?
A. Escalatetheunresolvedissuestotheboard,becausetheycouldposesignificantriskexposurestothe organization.
B. Confirmthedecisionwithmanagementanddocumentthisdecisionintheauditfile.
C. Document the issue in the audit file and follow up until the issues are resolved.
D. Initiate an assurance engagement on the unresolved issues.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 380
Which of the following is the most important concept to be included in a consulting engagement agreement?
A. Definethedutiesandresponsibilitiesneededfrommanagementtoperformtheengagement.
B. Disclosethefactthatauditorswhoperformtheworkmaynotbesubjectmatterexpertsinthetopicof the review.
C. Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee.
D. Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 381
An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?
A. Verifythatapprovalsofpurchasingdocumentscomplywiththeauthoritymatrix.
B. Observewhetherthepurchaseordersaresequentiallynumbered.
C. Examine whether the sales department supervisor approves invoices for payment.
D. Determine whether the accounts payable department reconciles all purchasing documents prior to payment.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 382
According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?
1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.
2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.
3. Provide structured learning opportunities for engagement auditors when possible.
4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.
A. 1,2,and3 B. 1,2,and4 C. 1,3,and4 D. 2,3,and4
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 383
When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?
1. The competency and qualifications of the audit staff for specific assignments.
2. The effectiveness of IAA staff performance measures.
3. The number of training hours received by staff auditors compared to the budget. 4. The geographical dispersion of audit staff across the organization.
A. 1and3 B. 1and4 C. 2and3 D. 2and4
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 384
When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?
A. Theneedandavailabilityofautomatedsupport. B. Thepotentialimpactofkeyrisks.
C. The expected outcomes and deliverables.
D. The operational and geographic boundaries.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 385
Which of the following situations would justify the removal of a finding from the final audit report?
A. Managementdisagreeswiththereportfindingsandconclusionsintheirresponses.
B. Managementhasalreadysatisfactorilycompletedtherecommendedcorrectiveaction. C. Management has provided additional information that contradicts the findings.
D. Management believes that the finding is insignificant and unfairly included in the report.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 386
According to IIA guidance, which of the following activities is most likely to enhance stakeholders' perception of the value the internal audit activity (IAA) adds to the organization?
1. The IAA uses computer-assisted audit techniques and IT applications.
2. The IAA uses a consistent risk-based approach in both its planning and engagement execution. 3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients. 4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.
A. 1and2 B. 1and3 C. 2and4 D. 3and4
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 387
A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?
A. Integrity. B. Flexibility. C. Initiative. D. Curiosity.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 388
According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?
A. Theemployee'snamelistedonorganization'spayrolliscomparedtothepersonnelrecords. B. Payrolltimesheetsarereviewedandapprovedbythetimekeeperbeforeprocessing.
C. Employee access to the payroll database is deactivated immediately upon termination.
D. Changes to payroll are validated by the personnel department before being processed.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 389
During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?
A. Theauditsupervisorshouldincludethenewcontractsinthefindingforthefinalauditreport.
B. Theauditsupervisorshouldcommunicatethefindingtothesupervisorofthesalesmanagerthroughan interim report.
C. The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.
D. The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 390
An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?
A. Thematterdoesnotneedtobereported,becausethenoncompliantfindingsfallwithintheacceptable tolerance limit.
B. Thedeviationsarewithintheacceptabletolerancelimit,sothematteronlyneedstobereportedtothe information security manager.
C. The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.
D. The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 391
Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?
A. Strategicplansreflecttheorganization'sbusinessobjectivesandoverallattitudetowardrisk.
B. Strategicplansarehelpfultoidentifymajorareasofactivity,whichmaydirecttheallocationofinternal audit activity resources.
C. Strategic plans are likely to show areas of weak financial controls.
D. The strategic plan is a relatively stable document on which to base audit planning.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 392
An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization's health and safety program?
A. TheCAEhasnoroletoplay,becausethechiefhealthandsafetyofficerreportstoaseniorexecutive.
B. TheCAEshouldcoordinatewith,andreviewtheworkof,thechiefhealthandsafetyofficertogainan understanding of whether risks related to health and safety are managed properly.
C. The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.
D. The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 393
Which of the following factors should a chief audit executive consider when determining the audit universe? 1. Components of the organization's strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.
A. 1and2only B. 2and4only C. 1,2,and4 D. 2,3,and4
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 394
Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?
A. Thefinancialinteresttheserviceprovidermayhaveintheorganization.
B. Therelationshiptheserviceprovidermayhavehadwiththeorganizationortheactivitiesbeing reviewed.
C. Compensation or other incentives that may be applicable to the service provider.
D. The service provider's experience in the type of work being considered.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 395
Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's board?
1. Intervening during an audit involving ethical wrongdoing.
2. Discussing periodic reports of ethical breaches.
3. Authorizing an investigation of an unsafe product.
4. Negotiating a settlement of an employee claim for personal damages.
A. 1and2 B. 1and4 C. 2and3 D. 3and4
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 396
According to IIA guidance, which of the following is true regarding audit supervision?
1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.
2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.
3. Supervision should include review of engagement workpapers, with documented evidence of the review.
A. 1and2only B. 1and3only C. 2and3only D. 1,2,and3
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 397
Which of the following best describes the four components of a balanced scorecard?
A. Customers,innovation,growth,andinternalprocesses.
B. Businessobjectives,criticalsuccessfactors,innovation,andgrowth.
C. Customers, support, critical success factors, and learning.
D. Financial measures, learning and growth, customers, and internal processes.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 398
Which of the following is not a direct benefit of control self-assessment (CSA)?
A. CSAallowsmanagementtohaveinputintotheauditplan.
B. CSAallowsprocessownerstoidentify,evaluate,andrecommendimprovingcontroldeficiencies. C. CSA can improve the control environment.
D. CSA increases control consciousness.
Correct Answer: A
Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 399
An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?
A. Analyticalprocedures. B. Detailtesting.
C. Test of design.
D. Test of control.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 400
A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?
1. The client manager and her superior.
2. Anyone who may object to the report's validity.
3. Anyone required to take action.
4. The same individuals who receive the final report.
A. 1only
B. 1and2only C. 1,2,and3 D. 1,2,and4
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 401
Which of the following statements is true pertaining to interviewing a fraud suspect? 1. Information gathered can be subjective as well as objective to be useful.
2. The primary objective is to obtain a voluntary written confession.
3. The interviewer is likely to begin the interview with open-ended questions.
4. Video recordings always should be used to provide the highest quality evidence.
A. 1only B. 4only C. 1and3 D. 2and4
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 402
According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?
A. Thereviewshouldfocusontheefficiencyofthecontrolsinplacetopreventfraud.
B. Thescopeofthereviewdoesnotneedtoincludealloperatingareasoftheorganization. C. The cost of the control should be compared to the benefit of mitigating the related risk. D. The review should assess whether the internal controls can be circumvented.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 403
According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?
1. Coordinate post-engagement conferences to discuss the final audit report with management.
2. Include management's responses in the final audit report.
3. Review and approve the final audit report.
4. Determine who will receive the final audit report.
A. 1and2 B. 1and4 C. 2and3 D. 3and4
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 404
According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?
A. Thenumber,experience,andavailabilityofauditstaffaswellasthenature,complexity,andtime constraints of the engagement.
B. Theappropriatenessandsufficiencyofresourcesandtheabilitytocoordinatewithexternalauditors.
C. The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.
D. The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 405
According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?
A. Requiretheapprovalofadditionsandchangestothevendormasterlisting,wheretheinherentriskof false vendors is high.
B. Monitoramountspaideachperiodandcomparethemtothebudgettoidentifypotentialissues.
C. Compare employee addresses to vendor addresses to identify potential employee fraud.
D. Monitor customer quality complaints compared to the prior period to identify vendor issues.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 406
Which of the following is an appropriate role for the internal audit activity with regard to the organization's risk management program?
A. Identifyandmanagerisksinlinewiththeorganization'sriskappetite.
B. Ensurethataproperandeffectiveriskmanagementprocessexists.
C. Attain an adequate understanding of the organization's key risk mitigation strategies. D. Identify and ensure that appropriate controls exist to mitigate risks.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 407
Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?
A. Reportfollow-upactivitiestoseniormanagement.
B. Implementfollow-upprocedurestoevaluateresidualrisk. C. Determine the costs of implementing the recommendations. D. Evaluate the extent of improvements.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 408
During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?
A. Theobservationwasmadeduringthesameaudit,andtheactionplanhasacommonowner.
B. Theobservationrelatestothesamecontrolactivitywithinacommonprocess.
C. The observation has a common control, and it was noted in a prior audit.
D. The observation has a common process, and the action plan for the observation has a common owner.
Correct Answer: D Section: (none)
Explanation Explanation/Reference:
Explanation:
QUESTION 409
A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?
A. Assertwhetherthedescribedandreportedcontrolprocessesandsystemsexist.
B. Assesswhetherseniormanagementadequatelysupportsandpromotestheinternalcontrolculture described in the report.
C. Evaluate the completeness of the report and management's responses to identified deficiencies.
D. Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 410
Which of the followings statements describes a best practice regarding assurance engagement communication activities?
A. Allassuranceengagementobservationsshouldbecommunicatedtotheauditcommittee.
B. Allassuranceengagementobservationsshouldbeincludedinthemainsectionoftheengagement communication.
C. During the "communicate" phase of an assurance engagement, it is best to define the methods and timing of engagement communications.
D. A detailed escalation process should be developed during the planning stage of an assurance engagement.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 411
Which of the following would be a red flag that indicates the possibility of inventory fraud?
A. Thecontrollerhasassumedresponsibilityforapprovingallpaymentstocertainvendors.
II. The controller has continuously delayed installation of a new accounts payable system, despite a corporate directive to implement it.
III. Sales commissions are not consistent with the organization's increased levels of sales.
IV. Payments to certain vendors are supported by copies of receiving memos, rather than originals.
B. IandIIonly
C. II and III only
D. I, II, and IV only
E. I,III,andIVonly
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 412
During an operational audit of a chain of pizza delivery stores, an auditor determined that cold pizzas were causing customer dissatisfaction. A review of oven calibration records for the last six months revealed that adjustments were made on over 40 percent of the ovens. Based on this, the auditor:
A. Hasenoughevidencetoconcludethatimproperlyfunctioningovensarethecause.
B. Needstoconductfurtherinquiriesandreviewstodeterminetheimpactoftheovenvariationsonthe pizza temperature.
C. Has enough evidence to recommend the replacement of some of the ovens.
D. Must search for another cause since approximately 60 percent of the ovens did not require adjustment.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 413
When assessing the risk associated with an activity, an internal auditor should:
A. Determinehowtheriskshouldbestbemanaged.
B. Provideassuranceonthemanagementoftherisk.
C. Modify the risk management process based on risk exposures. D. Design controls to mitigate the identified risks.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 414
Which of the following procedures would provide the best evidence of the effectiveness of a credit- granting function?
A. Observetheprocess.
B. Reviewthetrendinreceivableswrite-offs.
C. Ask the credit manager about the effectiveness of the function.
D. Check for evidence of credit approval on a sample of customer orders.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 415
What would be used to determine the collectability of accounts receivable balances?
A. Thefileofrelatedshippingdocuments.
B. Negativeaccountsreceivableconfirmations. C. Positive accounts receivable confirmations. D. An aged accounts receivable listing.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 416
Which of the following would provide the best evidence of compliance with an airline's standard of having aircraft refueled and cleaned within a specified time of arrival at an airport?
A. Vendorfuelinvoicesthathavebeenreconciledtoinventoryrecords.
B. Timecardscompletedbyaircraftcleaningandfuelingcrews.
C. Observation of selected aircraft while they are being refueled and cleaned.
D. Comparison of the standard hourly labor costs for cleaning and fueling personnel with actual labor charges.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 417
A company's policy requires that all customers be treated in a fair and consistent manner. Which of the following audit procedures would provide the most persuasive evidence that the policy was followed?
A. Comparetheagingofoutstandingreceivablesduefromeachcustomer.
B. Comparecreditreportswithannualsalesforasampleofcustomers.
C. Compare the ratio of outstanding receivables to the authorized credit limit for each customer. D. Compare the sales discounts offered to each customer.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 418
An auditor plans to analyze customer satisfaction, including. (1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct?
A. Althoughuseful,suchananalysisdoesnotaddressanyriskfactors.
B. Thesurveywouldnotconsidercustomerswhodidnotmakepurchasesinthelastthreemonths.
C. Steps 1 and 2 of the analysis are not necessary or cost-effective if the customer survey is comprehensive.
D. Analysis of three months' activity would not evaluate customer satisfaction.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 419
Company A has a formal comprehensive corporate code of ethics while company B does not.
Which of the following statements regarding the existence of the code of ethics in company A can be logically inferred?
A. CompanyAexhibitsahigherstandardofethicalbehaviorthandoescompanyB.
II. Company A has established objective criteria by which an employee's actions can be evaluated.
III. The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company.
B. IIonly
C. III only
D. IandIIonly
E. IIandIIIonly
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 420
Which of the following files, when compared with billing records, would provide the best source of information for determining if all goods shipped are billed to customers?
A. Pre-numberedcustomerinvoices. B. Accountsreceivabletransactions. C. Pre-numbered shipping documents. D. Customer purchase orders.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 421
Which of the following is the best problem-solving technique to use when analyzing performance and cost?
A. Valueanalysis.
B. Attributelisting.
C. Brainstorming.
D. Component analysis.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 422
The following is an excerpt from an audit engagement workpaper:
Objective. To determine if the computer system is correctly recording all accounts receivable transactions.
Procedures: Judgmental selection of a sample of all accounts receivable balances greater than $50,000 for positive confirmation of balances.
Conclusion: Based on the results of testing wherein all but three confirmations were returned, the accounts receivable balance is fairly presented in all material respects.
Which of the following is true regarding the workpaper?
A. Itisnotappropriatetojudgmentallyselectasamplewhentestingaccountsreceivable.
B. Aconclusionshouldbereachedonlyfortheresultsofoveralltesting,notforindividualprocedures. C. The audit procedures used are not consistent with the audit objective.
D. The format of the workpaper does not conform to the standard format for workpapers.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 423
Which of the following trends found on financial reports would most likely indicate a possible problem?
A. Amaterialdecreaseinthereceivablesturnover.
B. Amaterialincreaseininventoryturnover.
C. A material increase in daily sales compared to total outstanding receivables. D. A material increase in the acid-test ratio.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 424
Which of the following situations would best support the decision of a chief audit executive (CAE) to defer follow-up activity at a branch office until the next audit engagement?
A. Anauditofthebranchofficeisroutinelyscheduledeverythreeyears.
B. On-sitefollow-upofaremotebranchmaynotbefeasibleduetotravelcosts.
C. Branch office management states that correction of the audit issue may take longer than expected. D. The CAE and management agree that the corrective action taken to date is sufficient.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 425
When conducting research, which of the following is most important?
A. UsingcomputerdatabasesortheInternettofindallrelevantsources. B. Providingdocumentationofthereferencesources.
C. Presenting only those facts that support the conclusion.
D. Presenting all contrary views to balance the opinion.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 426
Productivity statistics are provided quarterly to a company's board of directors. An auditor checked the ratios and other statistics in the four most recent reports. The auditor used scratch paper and copies of the board reports to verify the accuracy of computations and compared the data used in the computations with supporting documents. The auditor wrote a note describing this work for the workpapers and then discarded the scratch paper and report copies. The auditor's note stated.
"The ratios and other statistics in the quarterly board reports were checked for the last four quarters, and appropriate supporting documents were examined. All amounts appear to be appropriate."
In this situation:
A. Fourquartersisnotalargeenoughsampleonwhichtobaseaconclusion.
B. Theauditor'sworkpapersarenotsufficienttofacilitateanefficientreviewoftheauditor'swork.
C. The auditor should have included the scratch paper in the workpapers.
D. The auditor should have considered whether the information in the board report was compiled efficiently.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 427
What does the following scatter gram suggest?
A. Salesrevenueisrelatedtotrainingcosts.
B. Thetrainingprogramisnoteffective.
C. Increases in training costs consistently increase sales revenue. D. One data point is incorrectly plotted.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 428
New credit policies have been implemented in an automated order-entry system to improve the collection of receivables. Sales management has compiled several examples that show decreased sales and delayed order entry, and contends that these examples are a direct result of the new credit-policy constraints. Sales management's data and information provide.
A. Feedbackcontroldata.
B. Irrelevantandargumentativeinformation.
C. Evidence that the new credit policies do not meet the stated corporate objective to improve collections. D. A statistically valid conclusion about the impact of the new credit policies on customer goodwill.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 429
If an organization's chief audit executive wants to implement continuous auditing, what is the appropriate order in which key steps should be undertaken?
A. Identifybusinessapplicationsthatrequireaccess.
II. Implement steps to continuously assess risks and controls. III. Define objectives of continuous auditing.
IV. Manage and report results.
B. III,I,IV,II.
C. II, I, III, IV.
D. III, I, II, IV.
E. II,III,I,IV.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 430
Which of the following is an example of the verification of internal documentary evidence?
A. Reviewingacarrier'sbilloflading.
B. Reconcilingavendor'smonth-endstatement.
C. Vouching a copy of a sales invoice to receivables. D. Recalculating a customer's purchase order.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 431
In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should:
A. Telltheemployeeapieceofinformationobtainedfromacoworkerinapreviousinterview.
B. Putsensitivequestionsatthebeginningofaquestionnairetoensurethattheyareanswered.
C. Explain that the auditor's reputation for integrity, which is vital to the auditor's business success, would be seriously damaged if confidentiality were breached.
D. Point out that management has given the auditor full authority to conduct this interview.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 432
During a routine audit of a customer service hotline, an internal auditor noticed that an unusually high number of customer complaints pertained to payments not being applied to the customers' accounts.
Which of the following would most likely be the reason for the high volume of complaints?
A. Anineffectivecustomerservicedepartment.
B. Poorcontrolsintheinvoiceapprovalprocesses. C. Check tampering by an employee.
D. Submission of fraudulent expense reports.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 433
An audit of management's quality program includes testing the accuracy of the cost-of-quality reports provided to management. Which of the following internal control objectives is the focus of this testing?
A. Toensurecompliancewithpolicies,plans,procedures,laws,andregulations.
B. Toensuretheaccomplishmentofestablishedobjectivesandgoalsforoperationsorprograms. C. To ensure the reliability and integrity of information.
D. To ensure the economical and efficient use of resources.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 434
When internal auditors provide consulting services, the scope of the engagement is primarily determined by:
A. Internalauditingstandards.
B. Theauditengagementteam.
C. The engagement client.
D. The internal audit activity's charter.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 435
A manufacturing process could create hazardous waste at several production stages, from raw materials handling to finished goods storage. If the objective of a pollution prevention audit engagement is to identify opportunities for minimizing waste, in what order should the following opportunities be considered?
A. Recyclingandreuse.
II. Elimination at the source. III. Energy conservation.
IV. Recovery as a usable product Treatment.
B. V,II,IV,I,III.
C. IV, II, I, III, V.
D. I, III, IV, II, V.
E. III,IV,II,V,I.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 436
Direct staff as a percentage of total staff is an example of which of the following types of efficiency measures?
A. Productivityratio.
B. Productivityindex.
C. Operating ratio.
D. Resource utilization rate.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Certified Internal Auditor Questions + Answers Part 14
-
answerhappygod
- Site Admin
- Posts: 899603
- Joined: Mon Aug 02, 2021 8:13 am