QUESTION 90
Which of the following represents the most effective governance structure?
I.
Operating
Executive
Internal Management Management Auditing Responsibility for risk Oversight role Advisory role
II.
Oversight role Responsibility for risk Advisory role
III.
Responsibility for risk Advisory role Oversight role
IV.
Oversight role Advisory role Responsibility for risk
A. IOnly B. II
C. III
D. IV
Correct Answer: A Section: Volume A Explanation
Explanation/Reference:
QUESTION 91
Which of the following represents the correct order of the risk management process?
A. Resourceallocation,riskmanagementmetrics,riskassessment,post-mortemanalysis,effectivecommunication. B. Riskmanagementmetrics,resourceallocation,riskassessment,effectivecommunication,post-mortemanalysis. C. Risk assessment, resource allocation, risk governance and reporting, post-mortem analysis, feedback.
D. Resource allocation, risk monitoring, risk assessment, feedback, post-mortem analysis.
Correct Answer: C Section: Volume A Explanation
Explanation/Reference:
QUESTION 92
Which of the following is a role of the board of directors in the governance process?
A. Conductperiodicassessmentsoftheorganization'sgovernancesystems.
B. Obtainassuranceconcerningtheeffectivenessoftheorganization'sgovernancesystems.
C. Implement an effective system of internal controls to support the organization's governance systems. D. Review and approve operational goals and objectives.
Correct Answer: B Section: Volume A Explanation
Explanation/Reference:
QUESTION 93
Which is the least effective form of risk management?
A. Systems-basedpreventivecontrol. B. People-basedpreventivecontrol. C. Systems-based detective control. D. People-based detective control.
Correct Answer: D Section: Volume A Explanation
Explanation/Reference:
QUESTION 94
Which of the following should be incorporated in a risk management policy?
I. Boundaries and limit structures. II. Requirements for reporting risk. III. Risk authorities.
A. IandIIonly B. IandIIIonly C. II and III only D. I, II, and III.
Correct Answer: D
Section: Volume A Explanation
Explanation/Reference:
QUESTION 95
In an assurance engagement of treasury operations, an internal auditor is required to consider all of the following issues except:
A. Theauditcommitteehasrequestedassuranceonthetreasurydepartment'scompliancewithanewpolicyontheuseoffinancialinstruments.
B. Treasurymanagementhasnotinstitutedanyriskmanagementpolicies.
C. Due to the recent sale of a division, the amount of cash and marketable securities managed by the treasury department has increased by 350 percent. D. The external auditors have indicated some difficulties in obtaining account confirmations.
Correct Answer: D Section: Volume A Explanation
Explanation/Reference:
QUESTION 96
Regarding an organization's decision to retain an external audit firm, the chief audit executive (CAE) should:
A. Workwiththeorganization'schieffinancialofficertoevaluatetheexternalauditor'sperformanceandtogethermakethedecision. B. NotbeinvolvedinthisdecisionprocessasitwouldcompromisetheCAE'sobjectivity.
C. Evaluate the external auditor's performance and retain the external auditor if quality and cost criteria are met.
D. Assisttheauditcommitteebyfacilitatingthedevelopmentofanappropriateevaluationprocess.
Correct Answer: D Section: Volume A Explanation
Explanation/Reference:
QUESTION 97
Which of the following would provide the most reliable information on the risk associated with an auditable activity?
A. Eventscenarioswithregressionanalysis.
B. Pastauditfindingsandinstancesofmanagementfailures.
C. Consequences and economic predictability of loss.
D. Management assessment and corroboration by the internal audit activity.
Correct Answer: D Section: Volume A Explanation
Explanation/Reference:
QUESTION 98
At the beginning of fieldwork in an audit of investments, an internal auditor noted that the interest rate had declined significantly since the engagement work program was created. The auditor should:
A. Proceedwiththeexistingprogramsincethiswastheoriginalscopeofworkthatwasapproved. B. Modifytheauditprogramandproceedwiththeengagement.
C. Consult with management to verify the interest rate change and proceed with the engagement. D. Determine the effect of the interest rate change and whether the program should be modified.
Correct Answer: D Section: Volume A Explanation
Explanation/Reference:
QUESTION 99
In publicly held companies, management often requires the internal audit activity's involvement with quarterly financial statements that are made public and used internally. Which of the following is generally not a reason for such involvement?
A. Managementmaybeconcernedaboutitsreputationinthefinancialmarkets.
B. Managementmaybeconcernedaboutpotentialpenaltiesthatcouldoccurifquarterlyfinancialstatementsaremisstated.
C. The Standards state that internal auditors should be involved with reviewing quarterly financial statements.
D. Management may perceive that having quarterly financial information examined by the internal auditors enhances its value for internal decision making.
Correct Answer: C Section: Volume A
Explanation Explanation/Reference:
QUESTION 100
Overall audit efficiency is enhanced between the internal and external audit functions when:
A. Internalauditcoverageisreducedtoavoidpotentialconflictsofinterest.
B. Auditsofthesamedepartmentareconductedatdifferenttimes.
C. The internal audit department reviews functions or departments prior to the external audit. D. External audit scope is reduced based on the internal audit department's activities.
Correct Answer: D Section: Volume A Explanation
Explanation/Reference:
QUESTION 101
When reviewing management reports to the board of directors, the internal audit activity should:
A. Evaluatetheprocessusedtopreparethemanagementreports. B. Maintainsupportingdocumentationforthemanagementreports. C. Tie all financial numbers in the reports to the general ledger.
D. Compare to prior-period reports for consistency.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 102
The internal audit activity's role in the risk assessment and management processes of an organization is determined by the: A. Boardofdirectors.
B. Chiefauditexecutive.
C. Risk management department. D. External auditors.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 103
Which of the following best contributes to the effectiveness of the internal audit activity in an organization?
A. Appropriatetermsofinternalauditscopeandresponsibilityinthecharter. B. Appropriatecompliancecoverageintheannualauditplan.
C. Regular review of the audit charter by management.
D. Assuranceofinternalauditobjectivitybytheboard.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 104
During a review of data center physical security and environmental controls, an auditor should ensure that:
I. Visitors are accompanied by authorized personnel at all times. II. Only developers and operators have access to the data center. III. Fire suppression equipment is tested periodically.
IV. Fire and water detectors have been installed.
A. IandIIIonly
B. IIandIVonly
C. I, III, and IV only D. II, III, and IV only
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 105
To enhance the independence of both the internal and external audit functions, audit committees should be composed of:
A. Arotatingsubcommitteeoftheboardofdirectorsoritsequivalent.
B. Acombinationofexternalmembersoftheboardofdirectorsandcompanyofficers.
C. Members from all important constituencies, specifically including representatives from banking, labor, regulatory agencies, shareholders, and officers. D. Only external members of the board of directors or other similar oversight committees.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 106
Which of the following is not true with regard to the internal audit charter?
A. Itdefinestheauthoritiesandresponsibilitiesoftheinternalauditactivity. B. Itspecifiestheminimumresourcesneededfortheinternalauditactivity. C. It provides a basis for evaluating the internal audit activity.
D. It should be approved by senior management and the board.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 107
The primary objective of risk-based auditing is to assess the:
A. Economyofcontrols.
B. Compliancewithcontrols. C. Adequacyofcontrols.
D. Efficiency of controls.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 108
Which of the following would be most relevant regarding the internal control environment?
A. Assessingcontrolsovercomputerizedapplications.
B. Documentingtheorganizationalstructure.
C. Comparing and validating internal performance with external benchmarking. D. Maintaining and reviewing detailed financial records.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 109
Due to urgent requests from management, a busy internal audit activity finds that it can no longer meet all of its commitments contained in the annual audit plan. The best course of action for the chief audit executive to take would be to:
A. Continuewiththeplanandseekopportunitiestoadjustprioritiesandreallocateresources.
B. Adviseseniormanagementandrequestthattheyreconsidertheseadditionalrequestsusingmorerigorousriskassessmentandprioritizationfactors. C. Advise the board and senior management and request a reassessment of the plan.
D. Advise the board immediately and seek their support for additional resources to meet the needs of the plan.
Correct Answer: C
Section: Volume B Explanation
Explanation/Reference:
QUESTION 110
The chairperson of an organization's audit committee has obtained a risk management report that identifies significant industry concerns that impact the organization. The chairperson has asked the chief audit executive (CAE) to review these concerns and advise if they are relevant to the organization. How should the CAE respond?
A. Accepttheengagementbutcommunicateonlywiththeauditcommitteetoprotecttheconfidentialityoftherequest. B. Declinetheengagementbecauseitisoutsideofthescopeoftheinternalauditcharter.
C. Decline the engagement because it impairs the internal audit activity's independence.
D. Accept the engagement but inform senior management of the request.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 111
During an audit engagement, an internal auditor finds that management is not complying with previous commitments made to the external auditors. However, the auditor determines management's actions to be justified due to significant changes in the business. The best course of action for the auditor to take would be to:
A. Proceedwiththeauditengagementandassessthechangesactuallyimplementedbymanagement.
B. Informtheexternalauditorsandseektheirguidance.
C. Inform the external auditors and remove the associated work from the internal audit scope.
D. Compare the recommended changes against the changes made by management and advise management which action to take.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 112
Which of the following statements is correct regarding risk analysis?
A. Theextenttowhichmanagementjudgmentsarerequiredinanareacouldserveasariskfactorinassistingtheauditorinmakingacomparativeriskanalysis. B. Thehighestriskassessmentshouldalwaysbeassignedtotheareawiththelargestpotentialloss.
C. The highest risk assessment should always be assigned to the area with the highest probability of occurrence.
D. Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 113
During an audit of financial contracts, an auditor learns that a relative has a substantial loan with the organization. The auditor should:
A. Excludetherelative'sinformationfromtheauditedworkandproceedwiththeauditengagement.
B. Proceedwiththeauditengagementbutdiscloseintheengagementfinalcommunicationthattherelativeisacustomer.
C. Immediately withdraw from the audit engagement.
D. Notify management and the chief audit executive (CAE) and have the CAE determine whether the auditor should continue with the audit engagement.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 114
The audit process used by the internal audit activity of a large wholesale clothing company does not include an engagement letter or project approval document. The most serious consequence of this deficiency in the process is that the:
A. Auditschedulemaynotbeoptimalfromtheengagementclient'sperspective.
B. Auditobjectivesmaynotbeunderstoodbymanagementoftheareabeingaudited. C. Auditresourcesmaynotbesufficient.
D. Auditplanprioritymayhavechanged.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 115
Which of the following situations allows for the most objectivity on the part of an internal auditor?
A. Assessingtestingproceduresinanewcomputersystem.
B. Performingariskassessmentofanewfinancialinstrument. C. Drawing conclusions from a sample of financial transactions. D. Comparing current environmental activities against legislation.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 116
A chief audit executive (CAE) for a specialty retailer is asked by management to review the controls in place to manage their electronic funds transfer process. The internal audit activity has no experience with similar engagements. What is the most appropriate course of action for the CAE to take?
A. Plantheengagementandbeginfieldworkusingexistingstaff. B. Attempttodiscouragemanagementfromtherequest.
C. Hire an outside consulting firm to assist with the engagement. D. Defer the audit until current staff can be appropriately trained.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 117
Using the internal audit department to coordinate regulatory examiners' efforts is beneficial to the organization because internal auditors can:
A. Influenceregulatoryinterpretationoflawtobettermatchcorporatepractice.
B. Recommendchangestothescopeoftheregulatoryexaminers'review.
C. Perform fieldwork for the regulatory examiners and thus shorten the regulatory examiners' review. D. Supply evidence of adequate compliance testing through internal audit workpapers and reports.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 118
Internal auditors can benefit from a strong relationship with the external auditors because external auditors can:
A. Provideinternalauditorswithanindependentandknowledgeableviewpoint.
B. Concurwiththeinternalauditors'reportsandthusimprovethequalityofassuranceprovidedtomanagement. C. Increase the effectiveness of internal control sampling techniques.
D. Assist the internal auditor by providing information obtained from similar audits with other clients.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 119
Risk assessments can vary in format, but generally include.
I. A description of identified risks. II. Tests of audit controls.
III. A system of rating risks.
IV. Sample size identification.
A. IandIIonly B. IandIIIonly
C. I, III, and IV only D. II, III, and IV only
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 120
Risk assessments are valuable to the internal audit activity's planning process because they assist in:
A. Eliminatingallareaswithlowriskfromtheauditplan.
B. Educatingmanagementontheimportanceofkeepingtheinternalauditactivityinformedoforganizationalchanges. C. Identifying the audit universe or auditable activities that need to be reviewed.
D. Identifying risks that management and the internal auditors have overlooked.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 121
A quantitative risk assessment model has all of the following advantages except:
A. Accommodatingalargenumberofriskfactorsintheassessment.
B. Providingdocumentationforthechiefauditexecutive,whomustdefendthelong-rangeauditplan. C. Providing a systematic method of applying weightings to risks and priorities.
D. Removing the need for judgment on the part of the chief audit executive.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 122
Continuing Professional Education (CPE) hours for Certified Internal Auditors may be achieved by:
A. Attendingauditstaffmeetings.
B. Verifyingthatallcompletedaudittestsarefullydocumented.
C. Publishing an article on the company's internal audit department. D. Obtaining experience on the job.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 123
In a manufacturing company, which department would be the internal audit activity's most reliable source of information on the controls over minimizing defective goods?
A. Manufacturing.
B. Qualitycontrol.
C. Research and development. D. Inventorymanagement.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 124
Internal auditors who are concerned with potential risks due to the mishandling of records or transactions should take into consideration:
A. Thetypeandnatureoftheactivitiestobeexamined.
B. Whetheremployeesinkeypositionsoftrustarebonded. C. The history of losses suffered by the company.
D. The results of prior risk assessments.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 125
Which of the following is true with respect to the risk assessment process?
A. Theethicalclimateshouldnotbeincludedsincethisfactorcannotbemeasuredquantitatively.
B. Morethanoneriskfactormayhavetobeusedtoensurethattheriskassessmentiscomprehensive. C. Each risk factor should be given equal weighting in order to reduce the opportunity for bias.
D. The risk assessment process should be conducted at least every three years.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 126
Which of the following lists these audit steps in the correct chronological order?
I. Create the engagement work program. II. Conduct the exit conference.
III. Perform fieldwork.
IV. Schedule the audit engagement.
Issue a summary report of audit findings.
A. I,IV,III,II,V. B. I,IV,II,III,V. C. IV, I, III, II, V. D. IV, III, I, V, II.
Correct Answer: C Section: Volume B
Explanation Explanation/Reference:
QUESTION 127
Which of the following would have the least impact (either positive or negative) on an assessment of a department's control environment?
A. Thedepartmentmanagedlong-terminvestments,includinginvestmentinderivativesandotherfinancialinstruments,tomaximizereturn.
B. Thedepartmentmanagersetsatoneofhonestyandintegrityinallbusinessdealingsandthistoneisemulatedbydepartmentpersonnel.
C. Many department functions were duplicated or verified by other department employees as part of the department's normal procedures.
D. Audittestsdesignedtoverifycompliancewithcontrolproceduresdetectedageneralfailuretofollowstandardproceduresfortransactionauthorization.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 128
To ensure that due professional care has been taken during an audit engagement, an internal auditor should always:
A. Ensurethatallfinancialinformationrelatedtotheengagementisincludedintheauditplanandexaminedforirregularities. B. Documentallaudittestscompletely.
C. Consider the possibility of noncompliance or irregularities at all times during an engagement.
D. Notify the audit committee of any noncompliance or irregularity discovered during an engagement.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 129
When using a risk assessment model to develop audit plans, it is essential that the chief audit executive take into account the: A. Resultsofthelastaudit.
B. Plannedvisitsbytheexternalauditorsduringtheupcomingyear.
C. Recent or expected changes in management direction and objectives. D. Dates of future board meetings.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 130
A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:
Department Risk Factor A
B
C
Control structure 9
5
7
Nature of assets in department 2
7
9
Dollar value of assets 6
6
8
Complexity of transactions 3
4
8
Which of the following statements regarding risk in the departments is true?
A. AscomparedtodepartmentsAandC,departmentBhasastrongercontrolsystemtocompensateforthegreatercomplexityofthedepartment'stransactions and dollar value of its assets.
B. TheinternalauditactivityshouldscheduleauditsofdepartmentBmoreoftenthanauditsofdepartmentCbecauseoftherelativecontrolstrengthofdepartment C as compared to department B.
C. The nature of department A's control structure may be justified by the nature of the department's assets and the complexity of its transactions. D. The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 131
An internal quality assessment of the internal audit activity should provide the chief audit executive with.
A. Recommendationsforimprovement.
B. Objectivesforinternalauditengagements.
C. Confirmation of action on past audit recommendations. D. Appraisals of internal audit staff performance.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 132
In the annual audit of the financial statements of a company with high inherent risk and a very strong control system, the external auditor may be able to allow detection risk to rise because.
A. Auditriskhasbeenreduced.
B. Controlriskhasbeenassessedatalowerlevel.
C. The company's operations are very susceptible to misstatements. D. Whenever inherent risk is high, control risk is disregarded.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 133
An organization receives the most value from an internal audit activity's enterprise-wide risk assessment when the auditor:
A. Focusesprimarilyonenterprise-levelrisks.
B. Considersactivitiesatalllevelsoftheorganization. C. Reviews special projects and new initiatives.
D. Validates supporting financial and operational data.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 134
An organization's external auditor has prepared a list of risks and issues and has recommended to senior management that the internal audit activity focus on these items. Senior management has forwarded the list to the chief audit executive (CAE). The CAE should:
A. Incorporatetheexternalauditor'srequirementsintotheinternalauditplan.
B. Ignoretheexternalauditor'srequirementsbecausetheyareoutsideoftheinternalauditactivity'splannedscopeofwork. C. Consider the issues raised by the external auditor for possible inclusion in the planned scope of work.
D. Report the risks and issues to the audit committee for possible future attention.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 135
The audit committee has asked the chief audit executive (CAE) to assist in the selection of a new external audit firm. Which of the following is an appropriate action by the CAE?
A. TheCAEandtwomanagersfromtheauditstaffreviewthebidsandselectonefirmtomeetwiththeauditcommitteeforthecommittee'sapproval.
B. TheCAEdevelopsaformalsetofcriteriafortheauditcommitteetouseinselectingtheexternalauditor.
C. The CAE, chief financial officer, and controller review the bids, interview two firms, and recommend one of the two firms to the audit committee for its approval. D. The CAE declines to participate in the process because providing this assistance would result in compromising the internal audit activity's objectivity.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 136
An internal audit activity's work schedule should always provide sufficient information to the audit committee to enable it to determine whether the proposed engagements:
A. Supporttheorganization'sobjectives.
B. Includesufficientfraudawareness.
C. Will likely result in the detection of any major risk exposures. D. Arelikelytodetectcontroldeficiencies.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 137
The chief audit executive for an organization has just completed a risk assessment process, identified the areas with the highest risk, and assigned an audit priority to each. Which of the following statements is true and consistent with the International Professional Practices Framework?
I. Items should be ranked in the order of quantifiable dollar exposure to the organization.
II. The audit priorities should be in order of major control deficiencies.
III. The risk assessment, though quantified, is the result of professional judgments about both exposures and probability of occurrences.
A. Ionly
B. IIIonly
C. II and III only D. I, II, and III.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 138
What role, if any, should the internal audit activity have in the process of following up on observations and recommendations made by the external auditors?
A. Theinternalauditactivityshouldhavenoroleinthisprocessinordertoensureindependence.
B. Theinternalauditactivityshouldbecomeinvolvedonlyifthechiefauditexecutivehassufficientevidencethatthefollow-upisnotoccurring. C. The internal audit activity should review the adequacy and effectiveness of management's follow-up actions.
D. The internal audit activity should become involved only if specifically requested by management or the board of directors.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 139
A company has entered into a $20, 000, 000 fixed-price contract with a general contractor for the construction of a new retail outlet. For this contract, which of the following would represent the greatest risk?
A. Excessivelaborchargedtotheproject.
B. Poorphysicalprotectionofmaterialsandequipment. C. Failure to complete the project within budget.
D. Substitution of inferior materials.
Correct Answer: D Section: Volume B
Explanation Explanation/Reference:
QUESTION 140
In selecting an instructional strategy for developing internal audit staff, a chief audit executive should first review the:
A. Department'sbudgetconstraints.
B. Internalauditors'personaldevelopmentneeds. C. Content of potential training courses.
D. Organization's objectives.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 141
Which of the following is not an appropriate role of the internal audit activity in governance activities?
A. Supporttheboardinenterprise-wideriskassessment.
B. Ensurethetimelyimplementationofauditrecommendations. C. Monitor compliance with the organization's ethics policies.
D. Discuss areas of significant risk.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 142
When developing the annual audit plan and reviewing risk assessment priorities, a chief audit executive should always identify the: A. Potentialrecommendationsforeachauditableactivity.
B. Personstowhomengagementreportswillbecommunicated. C. Engagement procedures to be used during the engagements. D. Internal audit resources required to achieve the audit plan.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 143
Which of the following actions by a chief audit executive would be most effective in preventing fraud?
A. Ensurethattheboardisawareofallfraudthathasbeenidentifiedorreported. B. Traintheinternalauditstaffinidentifyingfraudindicators.
C. Review the adequacy of all policies that describe prohibited activities.
D. Submit an annual report to the board on all fraud that has been detected.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 144
A chief audit executive would most likely use risk assessment for audit planning because it provides:
A. Asystematicprocessforassessingandintegratingprofessionaljudgmentaboutprobableadverseconditions. B. Alistingofpotentiallyadverseeffectsontheorganization.
C. A list of auditable activities in the organization.
D. The probability that an event or action may adversely affect the organization.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 145
Which of the following statements regarding organizational governance is not correct?
A. Aneffectiveinternalauditfunctionisoneofthefourcornerstonesofgoodgovernance.
B. Thoseperforminggovernanceactivitiesareaccountabletothecustomer.
C. Accountabilityisoneofthekeyelementsoforganizationalgovernance.
D. Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 146
Noncompliance with which of the following would cause a control deficiency related to privacy protection practices?
I. An organization's internal privacy policies. II. Financial accounting standards.
III. Privacy laws and regulations.
IV. The Standards.
A. IandIIIonly
B. IIandIVonly
C. II, III, and IV only D. I, II, III, and IV.
Correct Answer: A Section: Volume B
Explanation Explanation/Reference:
QUESTION 147
A tax consultancy agency retains sensitive personal information regarding its clients. Which of the following is a violation of acceptable privacy practices?
A. Copiesofprintedclientinformationnotusedbytheagencyareshredded.
B. Employeesshareclientinformationwithcoworkerswiththepermissionoftheclient.
C. The agency only releases client information with management's approval.
D. The agency advises clients of their privacy rights before they commence business with the agency.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 148
When an external auditor unknowingly fails to modify an opinion on financial statements that are materially misstated, this is an example of:
A. Aninherentrisk. B. Acontrolrisk. C. An audit risk.
D. A residual risk.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 149
When a risk assessment process has been used to construct an audit engagement schedule, which of the following should receive attention first? A. Theexternalauditorshaverequestedassistancefortheirupcomingannualaudit.
B. Anewaccountspayablesystemiscurrentlyundergoingtestingbytheinformationtechnologydepartment. C. Management has requested an investigation of possible lapping in receivables.
D. The existing accounts payable system has not been audited over the past year.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 150
All of the following would normally be involved in preparing for and carrying out the internal audit activity's annual plan except:
A. Establishingpoliciesandproceduresforworkpapersandreferencing.
B. Providingperiodicactivityreportstotheauditcommitteeonauditengagementsinprogress.
C. Assessing the amount of risk in major departments.
D. Training audit staff on appropriate audit methodologies for addressing any newly identified risks.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 151
When reviewing operational risk for a department whose manager adopts a laissez-faire style of leadership, it is most important for the internal auditor to verify that:
A. Employeedecisionsfollowdepartmentandcompanyguidelines.
B. Themanagerconsidersemployees'inputwhendesigningnewprocedures. C. Employees are empowered to deal with unusual or emergency situations.
D. Management has adopted an open-door policy to assist with communication.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 152
Which of the following factors related to an organization's performance management system would not contribute to the organization's success?
A. Performancemanagementislinkedtocompetenceandknowledgemanagement.
B. Subordinatesandsuperiorshavesharedresponsibilityfortheperformancemanagementprocess.
C. Staff members own the performance management process, thereby ensuring implementation and accountability. D. Performance management is integrated into other organizational processes and human resource processes.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 153
A chief audit executive used risk assessment to prepare the audit work schedule. Which of the following would be the least appropriate reason to modify the schedule?
A. Needforcoordinationofauditactivitieswiththeexternalauditors.
B. Requestforpostponementsincetheauditwouldbetoocomplicated. C. Change in the relative risk of auditable activities during the year.
D. Budget constraints or expansions.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 154
Which of the following would be the most effective action for an internal audit activity to take in order to assist in improving an organization's ethical climate?
I. Review formal and informal processes within the organization that could promote unethical behavior. II. Conduct surveys of employees, suppliers, and customers regarding ethics.
III. Assess the employees' knowledge of and compliance with the organization's code of conduct.
A. Ionly
B. IandIIonly C. II and III only D. I, II, and III.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 155
Which of the following would provide the best assessment of an organization's ethical climate?
A. Numberofyearsthatdirectorshavebeenappointedtotheboard.
B. Evidenceoftrainingprovidedtotheboardofdirectorsonethicalissues.
C. Clarity and consistency of consequences imposed by the board of directors for ethical violations. D. Frequency of fraud reported and results of subsequent investigations.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 156
When performing benchmarking during the planning phase of a performance audit, an internal auditor should:
A. Determinethecurrentperformancegap. B. Projectfutureperformancelevels.
C. Develop functional action plans.
D. Identifycomparativeorganizations.
Correct Answer: D Section: Volume B
Explanation Explanation/Reference:
QUESTION 157
A major difference between enterprise risk management and traditional risk management lies in the narrow focus of traditional risk management on: I. Property and liability risks.
II. Risks with insurance solutions.
III. Risks impacting organizational objectives.
A. IandIIonly B. IandIIIonly C. II and III only D. I, II, and III.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 158
An internal audit activity encounters a scope limitation from senior management that will affect its ability to meet its goals and objectives for a potential engagement client. The nature of the scope limitation should be.
A. Notedintheauditworkpapers,buttheengagementshouldbecarriedoutasscheduled,withanynecessaryadjustmentsmadebasedonthescopelimitation. B. Communicatedtotheexternalauditorssothattheycaninvestigatetheareainmoredetail.
C. Communicated, preferably in writing, to the board.
D. Communicated to management, stating that the limitation will not be accepted because it would impair the audit activity's independence.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 159
Which statement most accurately describes how criteria are established for use by internal auditors in determining whether goals and objectives have been accomplished?
A. Managementisresponsibleforestablishingthecriteria.
B. Internalauditorsshoulduseprofessionalstandardsorgovernmentregulationstoestablishthecriteria.
C. The industry in which a company operates establishes criteria for each member company through benchmarks and best practices for that industry. D. Appropriate accounting or auditing standards, including international standards, should be used as the criteria.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 160
A company has established its environmental audit activity as part of its legal department rather than part of its internal audit activity, which reports to the audit committee. The board has requested that the chief audit executive (CAE) provide an annual opinion on whether environmental risks are being properly addressed. In these circumstances, the CAE should recommend to the audit committee that the internal audit activity:
A. Reviewtherecommendationsinallenvironmentalauditreports.
B. Discusswiththeenvironmentalauditorstheresultsoftheirreviews.
C. Periodically carry out a quality assessment of the environmental audit activity. D. Include a review of environmental issues in some internal audit engagements.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 161
In addition to data protection, which of the following is a control that is typically used by companies to safeguard the privacy rights of their customers?
I. End-user computing. II. Encryption of data. III. Spyware.
IV. Intrusion detection.
A. IIonly
B. IandIIIonly
C. II and IV only D. I, II, and IV only
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 162
According to the International Professional Practices Framework, a primary purpose of evaluating the adequacy of an organization's risk management, control, and governance processes is to determine if it:
A. Wasdesignedtoensurecompliancewithpolicies,plans,procedures,laws,andregulations. B. Providesreasonableassurancethattheorganization'sobjectiveswillbemet.
C. Mitigates inherent risk.
D. Assuresthereliabilityandintegrityofinformationusedbymanagement.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 163
Which of the following statements, if true, could justify an auditor's decision not to report governance-related control deficiencies to the audit committee?
A. Managementplanstoinitiatecorrectiveaction.
B. Theboardofdirectorshasaseparatecorporategovernancecommittee.
C. The amounts and the potential risks associated with the deficiencies are not material to the overall organization.
D. Governance issues are complex and the auditor should rely on management's analysis of the extent of the problem.
Correct Answer: C Section: Volume B
Explanation Explanation/Reference:
QUESTION 164
The primary role of the internal audit activity in regard to an organization's ethical climate is to:
A. Participateaschiefethicsofficer.
B. Periodicallyassesstheethicalclimate.
C. Utilize surveys to evaluate employee ethics. D. Demonstrate ethical behavior.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 165
A chief audit executive (CAE) is obtaining information required by a regulatory oversight body and discovers a situation that requires management to take immediate corrective action. What is the best course of action for the CAE to take?
A. Waituntilalloftheinformationhasbeengatheredandreportedtotheoversightbodybeforereportingthesituationtomanagement.
B. Checkwithlegalcounseltodeterminewhetherthesituationcanbereportedtomanagementbeforeallinformationhasbeensubmittedtotheoversightbody. C. Report the situation to management immediately.
D. Schedule an engagement to explore the situation in depth, before reporting to either management or the oversight body.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 166
Which of the following is the most important limitation on the effectiveness of audit committees?
A. Auditcommitteesmaybecomposedofindependentdirectors;however,thosedirectorsmayhaveclosepersonalandprofessionalfriendshipswith management.
B. Auditcommitteemembersarecompensatedbytheorganizationandthusfavorastockholderview.
C. Audit committees devote most of their efforts to external audit concerns and do not pay much attention to internal auditing and the overall control environment.
D. Auditcommitteemembersdonotnormallyhavedegreesintheaccountingorauditingfields.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 167
Which of the following is a key performance indicator for an internal audit function?
A. Auditexpenditurescomparedtofinancialbudgets.
B. Percentofrequiredcontinuingeducationhourscompleted. C. Implementation of new audit computer software.
D. Frequency of meetings with the board members.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 168
In order to effectively handle conflict between audit team members, an audit team leader should:
A. Avoidaddressingtheconflictuntiltheleaderissurethatthereisaproblem. B. Beassertiveandkeeptheteammembersfocusedonaresolution.
C. Ask one of the team members to resolve the issue by being more conciliatory. D. Transfer one of the team members to another assignment.
Correct Answer: B Section: Volume B
Explanation Explanation/Reference:
QUESTION 169
In a well-developed management environment, the internal audit activity would.
A. Reporttheresultsofauditengagementstolinemanagementaswellastoseniormanagement.
B. Conductregularlyscheduledauditsofexistingsystemsandinitialauditsofnewcomputersystemsaftertheyhavebegunoperating.
C. Interface primarily with senior management, minimizing interactions with line managers who are the subjects of internal audit work.
D. Focus on the maintenance of accounting controls (such as segregation of the duties of authorization, recording, and custody) and report results to the audit committee.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 170
Which of the following processes should be included in a benchmarking activity?
I. Identify key measures.
II. Collect data on performances and practices. III. Identify opportunities for improvement.
A. IIonly
B. IandIIIonly C. II and III only D. I, II, and III.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 171
The chief audit executive (CAE) routinely provides activity reports to the board during quarterly board meetings. Senior management has asked to review the CAE's board presentation before each board meeting so that any issues or questions can be discussed beforehand. The CAE should:
A. Providetheactivityreportstoseniormanagementasrequestedanddiscussanyissuesthatmayrequireactiontobetaken.
B. Notprovideactivityreportstoseniormanagementbecausesuchmattersarethesoleprovinceoftheboard.
C. Disclose only those matters in the activity reports that pertain to expenditures and financial budgets of the internal audit activity.
D. Provide information to senior management that pertains only to completed audit engagements and observations available in published engagement final communications.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 172
Management should be included in the development of the audit plan in order to:
A. Provideassurancethatpastauditrecommendationshavebeenproperlyimplemented. B. Selecttheauditteststhatwillbeusedforeachengagement.
C. Verify that the highest risks are included in the risk-based audit plan.
D. Guarantee access to the organization's sites and records for audit work.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 173
The primary reason that a chief audit executive (CAE) reviews external audit management letters and management response is to:
A. Selectareastoemphasizeinfutureinternalauditengagements. B. Checktheeffectivenessofexternalauditresourcesused.
C. Ensure that comments in the letter are supported by evidence. D. Verify that there has been no duplication of internal audit work.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 174
Which of the following statements is correct regarding corporate compensation systems and related bonuses?
I. A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control. II. Compensation systems are not part of an organization's control system and should not be reported as such.
III. An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses.
A. Ionly
B. IIonly
C. III only
D. II and III only
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 175
Which of the following elements should an auditor recommend for inclusion in an organization's code of ethics?
I. Ethics should vary with local customs in the organization's foreign operations.
II. Whistle-blowing should be discouraged because it can cause distrust among employees and false accusations which waste organizational resources on investigations.
III. Ethical behavior should not be incorporated into performance evaluations because it is too subjective and controversial.
A. Ionly
B. IIonly
C. I, II, and III.
D. None of the above.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 176
The chief commodity trader for a large energy company learns from a friend that a competitor will likely fail its upcoming regulatory audit and will be forced to temporarily decrease production. If the information is true, the trader has short-term opportunities to make trades that will financially benefit the trader's company and will lead to a substantial increase in the trader's performance bonus. However, if the information is not true, making the trades will significantly increase the company's risk of being caught in a long position. From an ethical perspective, which of the following would be the most appropriate course of action for the trader to take?
A. Makethetradebecausethecompanyandthetraderwillbothbenefit.
B. Haveanothertraderonstaffmakethetradeinordertoavoidaconflictofinterest.
C. Disclose the information to the risk oversight committee but proceed with the trade to capitalize on the opportunity. D. Defer the decision to management and risk the loss of the trading opportunity.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 177
The best reason for separating the cash-receiving function from the related record-keeping function is to:
A. Segregatecashpaymentsfromcashreceipts.
B. Provideaccountabilityforcashreceived.
C. Minimize misappropriations in cash receipts.
D. Improve physical security over the cash-receiving function.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 178
The main reason to establish internal controls in an organization is to:
A. Encouragecompliancewithpoliciesandprocedures.
B. Safeguardtheresourcesoftheorganization.
C. Ensure the accuracy, reliability, and timeliness of information.
D. Provide reasonable assurance on the achievement of objectives.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 179
Which of the following is the primary concern of an internal auditor in a comprehensive audit of an organization?
A. Accuracyofreportsonthesourceanduseoffunds.
B. Extentofachievementoftheorganization'smission.
C. Confirmation of compliance with policies and procedures.
D. Appropriateness of procedures related to the budgeting process.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 180
According to the Standards, which of the following must an internal auditor take into consideration when performing an assurance engagement of treasury operations?
I. The audit committee has requested assurance of the treasury department's compliance with a new policy on the use of financial instruments.
II. Treasury management has not instituted any risk management policies.
III. Due to the recent sale of a division, the amount of cash and marketable securities managed by the treasury department has increased by 350 percent. IV. The external auditors have indicated some difficulties in obtaining account confirmations.
A. IandIIonly
B. IandIVonly
C. I, II, and III only D. II, III, and IV only
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 181
If management has not established a risk management process, the internal audit activity could.
A. Takeaproactiverolethatsupplementstraditionalassuranceactivities.
B. Identifyandmitigateriskstotheorganization.
C. Assumeresponsibilityforthemanagementofidentifiedrisks.
D. Assumeprimaryresponsibilityfordeterminingifadequateandeffectiveprocessesareinplace.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
Certified Internal Auditor Questions + Answers Part 2
-
answerhappygod
- Site Admin
- Posts: 899603
- Joined: Mon Aug 02, 2021 8:13 am