Certified Internal Auditor Questions + Answers Part 7
Posted: Tue Mar 01, 2022 4:58 am
Explanation/Reference: QUESTION 213
Which of the following roles, if undertaken by an internal auditor, would have the greatest potential for conflict with the Standards regarding objectivity?
A. IT system designer.
B. Productdevelopmentteamconsultant. C. Ethics advocate.
D. External audit liaison.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference:
QUESTION 214
The internal audit staff lacks the expertise to perform a specific activity when auditing an organization. Which of the following individuals is not an appropriate choice to perform this task?
A. Aconsultantfromanoutsidefirm.
B. Anexpertwithinthedepartmentbeingaudited.
C. A researcher affiliated with a college or university. D. A specialist from the staff of a government agency.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 215
For a bank handling large amounts of cash, which of the following types of control would be the most effective to use?
A. Detectivecontrols. B. Correctivecontrols.
C. Preventive controls. D. Directive controls.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 216
An internal audit activity has made a preliminary determination that a division of the organization has employed improper accounting practices.
Upon being informed, the head of the organization instructs the chief audit executive (CAE) to cease the investigation and to withhold the information from external auditors.
Which course of action should the CAE follow?
A. Reportthecommunicationtotheorganization'sgeneralcounsel.
B. Reporttheinstructiontothechairpersonoftheauditcommittee.
C. Inform the head of the organization that the investigation will continue as planned. D. Inform the external auditors of the findings and the mandate to stop investigating.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 217
Which of the following would be outside the scope of acquiring and developing human resources for an internal audit department?
A. Requiringauditstafftoparticipateincontinuingeducationactivities.
B. Writingjobdescriptionsforauditstaff,auditmanagers,andotherauditingpositions.
C. Conducting individual counseling sessions regarding professional development and performance. D. Evaluating auditors' compliance with standards and level of audit effectiveness.
Correct Answer: D
Section: Volume D Explanation
Explanation/Reference: QUESTION 218
Which of the following statements about risk assessment is true?
A. Riskassessmentfocusesonthequantitativeevaluationofexposures.
B. Riskassessmentevaluatesriskbothonaninherentandresidualbasis.
C. Risk assessment determines the organization's tolerance for exposure.
D. Risk assessment is the amount of inherent risk in a separately identifiable business entity.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 219
Which of the following statements regarding an internal auditor's responsibility for detecting fraud is not correct?
A. Theauditorshouldhavesufficientknowledgetodetectredflags.
B. Theauditormayobtainassistancefromoutsideexpertsinareaswheretheauditorisnotsufficientlyproficient. C. The auditor should identify control weaknesses which could allow fraud to occur.
D. The auditor should detect fraud before recommending a fraud investigation should take place.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference: QUESTION 220
Which of the following methods is not valid for completing continuing professional education hours?
A. Attendingtechnicalsessionmeetingsheldbystateauditingorganizations. B. CompletingallauditengagementsinaccordancewiththeStandards.
C. Publishing an article on the organization's internal audit department.
D. Participating in a formal in-house training program.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 221
What information should the internal quality assessment of the internal audit activity communicate to the chief audit executive?
A. Detailedobjectivesforinternalauditengagements.
B. Confirmationthatpastauditrecommendationshavebeenimplemented. C. Evaluation of the adequacy of internal audit policies and procedures.
D. Performance appraisals of the internal audit staff.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 222
Which of the following actions would compromise an internal auditor's objectivity?
A. Preparingbankreconciliations.
B. Reviewingproceduresbeforetheyareimplemented.
C. Auditinganactivityforwhichtheauditorhadresponsibilitytwoyearsago. D. Receiving a promotional pen from a supply available to all employees.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference: QUESTION 223
Which of the following actions would be a violation of the IIA Code of Ethics?
A. Excludinganissueinthefinalauditreportaftermanagementhasresolvedtheissue.
B. Reportinginformationthatcouldbedamagingtotheorganization,attherequestofacourtoflaw.
C. Failing to return a free promotional pen to a vendor related to the audit activity.
D. Declining an audit engagement for which the auditor does not have the necessary experience or training.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference: QUESTION 224
Which of the following statements correctly describes how workpaper standards can improve the efficiency of internal audit operations?
A. Theyrequiresupervisorstoprovidewrittenconfirmationoftheworkpaperstheyreview. B. Theygrantexternalpartiesapprovedbymanagementaccesstoworkpapers.
C. They mandate the workpaper retention period.
D. They allow the design and content to vary depending on the nature of the engagement.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference:
QUESTION 225
Which of the following tools would provide the most useful depiction of a process flow that spans multiple departments in an organization?
A. Averticalflowchartofeachdepartment,showinginputsatthetopandoutputsatthebottom.
B. Anarrative,withasectiondedicatedtotheprocessofeachdepartment.
C. A combination of a flowchart, which shows the process, and a narrative, which indicates the related department. D. A horizontal flowchart, with each department identified across the top and the process flow below.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference: QUESTION 226
According to the Standards, which of the following is not a responsibility of the audit committee?
A. Appointmentandperformanceofthechiefauditexecutive.
B. Reviewinginternalauditstaffingpromotionsandsalaryincreases.
C. Review, assessment and approval of the annual audit plan.
D. Resolving any disagreements between management and internal audit.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference:
QUESTION 227
Which of the following is true regarding the purpose of the COSO enterprise risk management framework? 1. It is a process that is ongoing and flows throughout the organization.
2. It contributes to the formulation of the organization's mission and vision.
3. It enables internal audit to provide reasonable assurance to an organization's management and the board. 4. It enables the management of risks within an organization's risk appetite.
A. 1,2,and3only
B. 1,2,and4only C. 1,3,and4only D. 2,3,and4only
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 228
Which of the following controls within a spreadsheet would address the risk of logic errors? 1. The spreadsheet contains formulas that foot and cross-foot data.
2. The spreadsheet is locked to protect cell formulas from being inadvertently changed.
3. Spreadsheets are included in nightly backup processes.
4. Check-in and check-out software is used to manage version control.
A. 1and2only B. 1and3only C. 2and4only D. 3and4only
Correct Answer: A Section: Volume D Explanation
Explanation/Reference: QUESTION 229
According to the Standards, which of the following statements about effective governance is not true?
A. Itreliesoninternalcontrolstobeeffective.
B. Itconsidersriskwhensettingstrategy.
C. Its structures are distinct from risk management structures. D. It is implemented by the board or an equivalent body.
Correct Answer: C
Section: Volume D Explanation
Explanation/Reference:
QUESTION 230
A member of the IT department transfers to the internal audit department. A few months after transferring, the new auditor volunteers to assist in an assurance engagement for the IT department. According to the Standards, how should the chief audit executive respond?
A. Declinetheofferbecausetheinternalauditorsubordinatedprofessionaljudgment,andobjectivityisthereforeimpaired. B. DeclinetheofferbecausetheinternalauditorrecentlytransferredfromtheITdepartment.
C. Accept the offer because the internal auditor maintains an independent mental attitude and is therefore objective.
D. Accepttheofferbecausetheinternalauditchartergrantstheinternalauditorauthoritytomaintainobjectivity.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference:
QUESTION 231
In selecting a team to perform an internal audit of a purchasing operation, which of the following characteristics would not preclude an auditor from being selected? 1. The auditor's spouse is employed by the clerical section of the purchasing records unit.
2. The auditor had been a purchasing agent five years earlier.
3. The auditor's family owns a business that regularly sells goods to the organization.
4. The auditor has received a desk calendar as a promotional gift from a vendor.
A. 1and3only B. 1and4only C. 2and3only D. 2and4only
Correct Answer: D Section: Volume D Explanation
Explanation/Reference:
QUESTION 232
A manufacturer uses improved linkage between order entry, production, and shipping to reduce raw materials and work-in-process inventory. Which type of fraud will these changes likely reduce?
A. Paymentoffraudulentinvoices. B. Purchasesfromarelatedparty. C. Theft of resources from inventory. D. False reporting of hours worked.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 233
An internal auditor is researching the laws and regulations related to a city's grant program. Which of the following procedures is least relevant to this task?
A. Makinginquiriesoftheauditcommitteeaboutthenatureofthegrants.
B. Reviewingprior-yearworkpapersandaskingofficialsiftherehavebeenanychanges.
C. Reviewing applicable grant agreements.
D. Discussing the matter with the city's chief financial officer, legal counsel, or grant administrators.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference:
QUESTION 234
An internal auditor must determine which components of an organization's telecommunications may introduce the greatest risk. Which of the following tasks should the internal auditor complete first?
A. Reviewtheopensystemsinterconnectnetworkmodel.
B. Identifythenetworkoperatingcosts.
C. Map the network software and hardware products into their respective layers.
D. Ascertain the business purpose of the network.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference: QUESTION 235
Which of the following actions would have the greatest impact on the effectiveness of the internal audit activity?
A. Appropriatecompliancecoverageintheannualauditplan.
B. Annualreviewoftheauditcharterbymanagement.
C. Appropriatedefinitionofinternalauditscopeandresponsibilityinthecharter.
D. Assuranceofinternalauditobjectivityandorganizationalindependencebytheboard.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 236
An organization references a customer order with an approved customer file and credit limit before accepting an order. Which type of control does this process exemplify?
A. Qualitycontrolmonitoring.
B. Directfunctionalmanagement. C. Information processing.
D. Performance indicators.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 237
When conducting a preliminary survey, which of the following audit activities should an internal auditor complete first?
A. Identifyrisksandcontrolsintendedtopreventassociatedlosses.
B. W rite detailed audit procedures.
C. Identify client objectives, goals, and standards.
D. Determine relevant engagement objectives.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 238
An internal auditor is planning an audit of an organization where temporary employees are suspected of receiving pay for hours they have not worked. Which of the following tasks should not be performed at this stage in the audit?
A. Interviewingthemanagerwhorequestedtheauditengagement.
B. Obtainingacopyofthecontractbetweentheorganizationsandthetemporaryemploymentagency. C. Interviewing shift supervisors about their employees' attendance.
D. Preparing an engagement program.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 239
Which of the following policies exemplifies a control weakness in the approval and oversight of credit sales?
A. Thecreditdepartmentisresponsibleforapprovingshipmentstoallcustomers.
B. Theheadofthesalesdepartmentcanauthorizecreditlinesforlargecustomers.
C. The finance committee of the board of directors periodically reviews credit standards.
D. Customers who fail to meet credit requirements must pay cash for shipments upon delivery.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference:
QUESTION 240
While performing an internal audit engagement, an auditor reviews a flowchart of the organization's purchasing function. Which of the following internal control weaknesses would the auditor be able to identify in the chart?
A. Thatpurchasingpolicieshavenotbeenupdated.
B. Thatsupplierinvoicesareprocessedandpaidbeforethegoodsarereceived.
C. That the organization is not taking advantage of quantity discounts available from its suppliers. D. That authorization for payment of goods received has not been granted at the appropriate level.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 241
In order to be organizationally independent, the chief audit executive should report administratively to the
Which of the following roles, if undertaken by an internal auditor, would have the greatest potential for conflict with the Standards regarding objectivity?
A. IT system designer.
B. Productdevelopmentteamconsultant. C. Ethics advocate.
D. External audit liaison.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference:
QUESTION 214
The internal audit staff lacks the expertise to perform a specific activity when auditing an organization. Which of the following individuals is not an appropriate choice to perform this task?
A. Aconsultantfromanoutsidefirm.
B. Anexpertwithinthedepartmentbeingaudited.
C. A researcher affiliated with a college or university. D. A specialist from the staff of a government agency.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 215
For a bank handling large amounts of cash, which of the following types of control would be the most effective to use?
A. Detectivecontrols. B. Correctivecontrols.
C. Preventive controls. D. Directive controls.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 216
An internal audit activity has made a preliminary determination that a division of the organization has employed improper accounting practices.
Upon being informed, the head of the organization instructs the chief audit executive (CAE) to cease the investigation and to withhold the information from external auditors.
Which course of action should the CAE follow?
A. Reportthecommunicationtotheorganization'sgeneralcounsel.
B. Reporttheinstructiontothechairpersonoftheauditcommittee.
C. Inform the head of the organization that the investigation will continue as planned. D. Inform the external auditors of the findings and the mandate to stop investigating.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 217
Which of the following would be outside the scope of acquiring and developing human resources for an internal audit department?
A. Requiringauditstafftoparticipateincontinuingeducationactivities.
B. Writingjobdescriptionsforauditstaff,auditmanagers,andotherauditingpositions.
C. Conducting individual counseling sessions regarding professional development and performance. D. Evaluating auditors' compliance with standards and level of audit effectiveness.
Correct Answer: D
Section: Volume D Explanation
Explanation/Reference: QUESTION 218
Which of the following statements about risk assessment is true?
A. Riskassessmentfocusesonthequantitativeevaluationofexposures.
B. Riskassessmentevaluatesriskbothonaninherentandresidualbasis.
C. Risk assessment determines the organization's tolerance for exposure.
D. Risk assessment is the amount of inherent risk in a separately identifiable business entity.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 219
Which of the following statements regarding an internal auditor's responsibility for detecting fraud is not correct?
A. Theauditorshouldhavesufficientknowledgetodetectredflags.
B. Theauditormayobtainassistancefromoutsideexpertsinareaswheretheauditorisnotsufficientlyproficient. C. The auditor should identify control weaknesses which could allow fraud to occur.
D. The auditor should detect fraud before recommending a fraud investigation should take place.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference: QUESTION 220
Which of the following methods is not valid for completing continuing professional education hours?
A. Attendingtechnicalsessionmeetingsheldbystateauditingorganizations. B. CompletingallauditengagementsinaccordancewiththeStandards.
C. Publishing an article on the organization's internal audit department.
D. Participating in a formal in-house training program.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 221
What information should the internal quality assessment of the internal audit activity communicate to the chief audit executive?
A. Detailedobjectivesforinternalauditengagements.
B. Confirmationthatpastauditrecommendationshavebeenimplemented. C. Evaluation of the adequacy of internal audit policies and procedures.
D. Performance appraisals of the internal audit staff.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 222
Which of the following actions would compromise an internal auditor's objectivity?
A. Preparingbankreconciliations.
B. Reviewingproceduresbeforetheyareimplemented.
C. Auditinganactivityforwhichtheauditorhadresponsibilitytwoyearsago. D. Receiving a promotional pen from a supply available to all employees.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference: QUESTION 223
Which of the following actions would be a violation of the IIA Code of Ethics?
A. Excludinganissueinthefinalauditreportaftermanagementhasresolvedtheissue.
B. Reportinginformationthatcouldbedamagingtotheorganization,attherequestofacourtoflaw.
C. Failing to return a free promotional pen to a vendor related to the audit activity.
D. Declining an audit engagement for which the auditor does not have the necessary experience or training.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference: QUESTION 224
Which of the following statements correctly describes how workpaper standards can improve the efficiency of internal audit operations?
A. Theyrequiresupervisorstoprovidewrittenconfirmationoftheworkpaperstheyreview. B. Theygrantexternalpartiesapprovedbymanagementaccesstoworkpapers.
C. They mandate the workpaper retention period.
D. They allow the design and content to vary depending on the nature of the engagement.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference:
QUESTION 225
Which of the following tools would provide the most useful depiction of a process flow that spans multiple departments in an organization?
A. Averticalflowchartofeachdepartment,showinginputsatthetopandoutputsatthebottom.
B. Anarrative,withasectiondedicatedtotheprocessofeachdepartment.
C. A combination of a flowchart, which shows the process, and a narrative, which indicates the related department. D. A horizontal flowchart, with each department identified across the top and the process flow below.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference: QUESTION 226
According to the Standards, which of the following is not a responsibility of the audit committee?
A. Appointmentandperformanceofthechiefauditexecutive.
B. Reviewinginternalauditstaffingpromotionsandsalaryincreases.
C. Review, assessment and approval of the annual audit plan.
D. Resolving any disagreements between management and internal audit.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference:
QUESTION 227
Which of the following is true regarding the purpose of the COSO enterprise risk management framework? 1. It is a process that is ongoing and flows throughout the organization.
2. It contributes to the formulation of the organization's mission and vision.
3. It enables internal audit to provide reasonable assurance to an organization's management and the board. 4. It enables the management of risks within an organization's risk appetite.
A. 1,2,and3only
B. 1,2,and4only C. 1,3,and4only D. 2,3,and4only
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 228
Which of the following controls within a spreadsheet would address the risk of logic errors? 1. The spreadsheet contains formulas that foot and cross-foot data.
2. The spreadsheet is locked to protect cell formulas from being inadvertently changed.
3. Spreadsheets are included in nightly backup processes.
4. Check-in and check-out software is used to manage version control.
A. 1and2only B. 1and3only C. 2and4only D. 3and4only
Correct Answer: A Section: Volume D Explanation
Explanation/Reference: QUESTION 229
According to the Standards, which of the following statements about effective governance is not true?
A. Itreliesoninternalcontrolstobeeffective.
B. Itconsidersriskwhensettingstrategy.
C. Its structures are distinct from risk management structures. D. It is implemented by the board or an equivalent body.
Correct Answer: C
Section: Volume D Explanation
Explanation/Reference:
QUESTION 230
A member of the IT department transfers to the internal audit department. A few months after transferring, the new auditor volunteers to assist in an assurance engagement for the IT department. According to the Standards, how should the chief audit executive respond?
A. Declinetheofferbecausetheinternalauditorsubordinatedprofessionaljudgment,andobjectivityisthereforeimpaired. B. DeclinetheofferbecausetheinternalauditorrecentlytransferredfromtheITdepartment.
C. Accept the offer because the internal auditor maintains an independent mental attitude and is therefore objective.
D. Accepttheofferbecausetheinternalauditchartergrantstheinternalauditorauthoritytomaintainobjectivity.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference:
QUESTION 231
In selecting a team to perform an internal audit of a purchasing operation, which of the following characteristics would not preclude an auditor from being selected? 1. The auditor's spouse is employed by the clerical section of the purchasing records unit.
2. The auditor had been a purchasing agent five years earlier.
3. The auditor's family owns a business that regularly sells goods to the organization.
4. The auditor has received a desk calendar as a promotional gift from a vendor.
A. 1and3only B. 1and4only C. 2and3only D. 2and4only
Correct Answer: D Section: Volume D Explanation
Explanation/Reference:
QUESTION 232
A manufacturer uses improved linkage between order entry, production, and shipping to reduce raw materials and work-in-process inventory. Which type of fraud will these changes likely reduce?
A. Paymentoffraudulentinvoices. B. Purchasesfromarelatedparty. C. Theft of resources from inventory. D. False reporting of hours worked.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 233
An internal auditor is researching the laws and regulations related to a city's grant program. Which of the following procedures is least relevant to this task?
A. Makinginquiriesoftheauditcommitteeaboutthenatureofthegrants.
B. Reviewingprior-yearworkpapersandaskingofficialsiftherehavebeenanychanges.
C. Reviewing applicable grant agreements.
D. Discussing the matter with the city's chief financial officer, legal counsel, or grant administrators.
Correct Answer: A Section: Volume D Explanation
Explanation/Reference:
QUESTION 234
An internal auditor must determine which components of an organization's telecommunications may introduce the greatest risk. Which of the following tasks should the internal auditor complete first?
A. Reviewtheopensystemsinterconnectnetworkmodel.
B. Identifythenetworkoperatingcosts.
C. Map the network software and hardware products into their respective layers.
D. Ascertain the business purpose of the network.
Correct Answer: D Section: Volume D Explanation
Explanation/Reference: QUESTION 235
Which of the following actions would have the greatest impact on the effectiveness of the internal audit activity?
A. Appropriatecompliancecoverageintheannualauditplan.
B. Annualreviewoftheauditcharterbymanagement.
C. Appropriatedefinitionofinternalauditscopeandresponsibilityinthecharter.
D. Assuranceofinternalauditobjectivityandorganizationalindependencebytheboard.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 236
An organization references a customer order with an approved customer file and credit limit before accepting an order. Which type of control does this process exemplify?
A. Qualitycontrolmonitoring.
B. Directfunctionalmanagement. C. Information processing.
D. Performance indicators.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 237
When conducting a preliminary survey, which of the following audit activities should an internal auditor complete first?
A. Identifyrisksandcontrolsintendedtopreventassociatedlosses.
B. W rite detailed audit procedures.
C. Identify client objectives, goals, and standards.
D. Determine relevant engagement objectives.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference:
QUESTION 238
An internal auditor is planning an audit of an organization where temporary employees are suspected of receiving pay for hours they have not worked. Which of the following tasks should not be performed at this stage in the audit?
A. Interviewingthemanagerwhorequestedtheauditengagement.
B. Obtainingacopyofthecontractbetweentheorganizationsandthetemporaryemploymentagency. C. Interviewing shift supervisors about their employees' attendance.
D. Preparing an engagement program.
Correct Answer: C Section: Volume D Explanation
Explanation/Reference: QUESTION 239
Which of the following policies exemplifies a control weakness in the approval and oversight of credit sales?
A. Thecreditdepartmentisresponsibleforapprovingshipmentstoallcustomers.
B. Theheadofthesalesdepartmentcanauthorizecreditlinesforlargecustomers.
C. The finance committee of the board of directors periodically reviews credit standards.
D. Customers who fail to meet credit requirements must pay cash for shipments upon delivery.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference:
QUESTION 240
While performing an internal audit engagement, an auditor reviews a flowchart of the organization's purchasing function. Which of the following internal control weaknesses would the auditor be able to identify in the chart?
A. Thatpurchasingpolicieshavenotbeenupdated.
B. Thatsupplierinvoicesareprocessedandpaidbeforethegoodsarereceived.
C. That the organization is not taking advantage of quantity discounts available from its suppliers. D. That authorization for payment of goods received has not been granted at the appropriate level.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 241
In order to be organizationally independent, the chief audit executive should report administratively to the
- and functionally to the
- .
- A. Auditcommittee Board of directors
B. Chiefexecutiveofficer Board of directors
C. Chief executive officer Chief financial officer
D. Audit committee Chief financial officer
Correct Answer: B
Section: Volume D Explanation
Explanation/Reference:
QUESTION 242
In an audit engagement, a group of internal auditors used an integrated test facility to test payroll processing. The auditors identified the key controls and processing steps in the computer software, and then developed test data. Over the course of 24 months, they submitted test transactions on a regular basis but did not find any differences between payroll processing and integrated test facility results. Based on the data, what can the auditors conclude?
A. Paymentstoemployeesduringthe24-monthperiodwereallcorrect.
B. Thecomputerapplicationanditscontrolprocedurescorrectlyprocessedpayrolloverthe24-monthperiod. C. Employees are properly submitting their hours to payroll.
D. The computer software is flawed.
Correct Answer: B Section: Volume D Explanation
Explanation/Reference: QUESTION 243
Which of the following factors would cause an internal auditor to judge an account balance error to be material?
A. Theerrorinvolvesanunusualtransactionfortheorganization. B. Theerrorpertainstoanunverifiedtransactionthatisroutine. C. The error concerns a data input function.
D. The error involves a large percentage of net income.
Correct Answer: D
Section: Volume D Explanation
Explanation/Reference:
QUESTION 244
A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive, but performs no further follow-up.
Which of the following statements is true about the auditor's actions?
A. TheyareinviolationoftheIIACodeofEthicsbecausetheauditorwithheldmeaningfulinformation.
B. TheyareinviolationoftheStandardsbecausetheauditordidnotproperlyfollowuponaredflagthatmightindicatetheexistenceoffraud. C. They are in violation of neither the IIA Code of Ethics nor the Standards.
D. They are not in violation of the Standards but are in violation of the IIA Code of Ethics.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference: QUESTION 245
Which of the following scenarios would represent the greatest threat to the authority of the internal audit activity (IAA)?
A. AchangewasimplementedrequiringtheIAAtoreportadministrativelytotheorganization'schieflegalcounselratherthantheboard.
B. ResponsibilityforriskmanagementprocesseswereremovedfromtheIAAandplacedunderanewlycreatedchiefriskofficer.
C. The IAA was denied access to expenditure and budget requirement reports because the reports were considered to be financial administrative matters.
D. An internal auditor was informed by the chief financial officer that client survey results would be unfavorable unless the auditor changed a finding in the report.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference:
QUESTION 246
Which of the following activities best reflects the scope and status of the internal audit activity as defined in the internal audit policy statement?
A. Theinternalauditorreviewsthephysicalaccesstomerchandiseduringaninventorycount.
B. Theauditmanagerconductsaninternalqualityassessmentoftheinternalauditactivity’sadherencetotheStandards. C. The audit manager refrains from assigning an auditor who was a former payroll clerk to conduct a payroll audit.
D. The board approves the annual performance evaluation of the chief audit executive.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference: QUESTION 247
While attending a conference, an internal auditor won an all-expense paid trip sponsored by a vendor of the internal auditor's organization. Which of the following actions are most appropriate for the auditor to take?
A. Consultwithanimmediatesupervisorandnotifytheorganization'sauditcommittee.
B. Consultwithanimmediatesupervisorandreviewtheorganization'sethicspolicy.
C. Give the prize to a friend or family member and notitfy the organization's audit committee. D. Give the prize to a friend or family member and review the organization's ethics policy.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference:
QUESTION 248
A chief audit executive (CAE) of an international charity reports functionally to the audit committee of the board of directors and administratively to the charity's chief financial officer (CFO).
Which of the following would impair the internal audit function's independence?
A. TheCFOdeterminesthescopeofinternalauditworkintheaccountingdepartment.
B. TheCFOmanagestheaccountingofthebudgetfortheinternalauditfunction. C. The CFO administers the annual evaluation process for the internal auditors. D. The CFO provides feedback on the CAE's audit reports.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference: QUESTION 249
An internal audit activity (IAA) provided assurance services for an activity it was responsible for during the preceding year. As a result, which IIA Code of Ethics principle is presumed to be impaired?
A. Competence. B. Flexibility.
C. Objectivity.
D. Independence.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference:
QUESTION 250
According to the Standards, for how long should internal auditors who have previously performed or had management responsibility for an operation wait to become involved in future internal audit activity with that same operation?
A. Threemonths. B. Sixmonths. C. One year.
D. Two years.
Correct Answer: C Section: Volume E
Explanation Explanation/Reference:
QUESTION 251
The chief audit executive (CAE) has been asked to manage the regulatory compliance function for the organization's retail store operations. Store operations are included in the annual audit plan.
Which of the following strategies best fulfills the requirements of the Standards regarding these audits?
A. Thescopeofstoreoperationsauditsshouldexcludecompliance.
B. Storeoperationsauditscanbefullyexecutedwithappropriatedisclosuretotheboard.
C. Store operations audits should be performed by an external service provider.
D. A store operations compliance audit should be performed by a staff internal auditor under the direction of the CAE.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference:
QUESTION 252
Suspecting fraud, the chief financial officer (CFO) asked the internal audit activity to investigate a significant increase in travel related expenditures. Work was performed by a qualified internal auditor. Following the completion of the engagement, the chief audit executive (CAE) reported to the CFO that no violations were found and no fraud had occurred.
According to the Standards, which of the following principles did the CAE violate?
A. Dueprofessionalcare.
B. Individualobjectivity.
C. Proficiency.
D. Organizational independence.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference:
QUESTION 253
A new chief audit executive (CAE) of a large internal audit activity (IAA) is dissatisfied with the current amount and quality of training being provided to the staff and wishes to implement improvements. According to IIA guidance, which of the following actions would best help the CAE reach this objective?
A. Requirethatallstaffobtainaminimumoftworelevantauditcertifications.
B. PerformagapanalysisoftheIAA'sexistingknowledge,skillsandcompetencies.
C. Engage a consultant to benchmark the IAA's training program against its peers.
D. Assign one experienced manager to better coordinate staff training and development activities.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference:
QUESTION 254
According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?
A. AformeremployeeknowledgeableoftheIAAwhoresignedthreeyearsearlierfromtheorganization.
B. Acompetentemployeeofanindependentexternalorganizationthatprovidesco-sourcingservicestotheIAA. C. AnemployeeinanaffiliatedorganizationwhohasneverworkeddirectlywiththeIAA.
D. AnemployeeintheparentorganizationwhohasnothadanypreviouscontactwiththeIAA.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference:
QUESTION 255
The results of an internal audit activity's (IAA) quality assurance and improvement program are favorable and an external assessment was completed within the last five years. Which of the following statements may the IAA use to describe its work?
A. "CompletedwiththeadvancecertificationoftheExternalAssessorsAssociationforAuditingReview."
B. "ConformswiththeInternationalStandardsfortheProfessionalPracticeofInternalAuditing."
C. "Certified 100% accuracy, per the International Standards of External Assessment."
D. "Compliant with all domestic and international legal statutes, and certified quality assured for ten years."
Correct Answer: B Section: Volume E Explanation
Explanation/Reference: QUESTION 256
Why are preventative controls generally preferred to detective controls?
A. Becausepreventivecontrolspromotedoingtherightthinginthefirstplace,andlessentheneedforcorrectiveaction.
B. Becausepreventivecontrolsaremoresensitiveandidentifymoreexceptionsthandetectivecontrols.
C. Because preventive controls include output procedures, which cover the full range of possible reviews, reconciliations and analysis.
D. Because preventive controls identify exceptions after-the-fact, allowing them to be used after the entire review is complete and therefore finding exceptions that detective controls may have missed.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference: QUESTION 257
Which of the following would be considered a preventive control?
A. Alibrarycontrollog.
B. Areviewofexceptionreports.
C. A password lock on a server.
D. A software scan of financial records for irregularities.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference:
QUESTION 258
Which of the following are components of the COSO enterprise risk management framework? 1. Objective setting.
2. External environment.
3. Data collection.
4. Control activities.
A. 1and3only B. 1and4only C. 2and3only D. 2and4only
Correct Answer: B Section: Volume E Explanation
Explanation/Reference: QUESTION 259
According to IIA guidance, which of the following is the best example of a system application control?
A. Aphysicalsecuritycontroloveradatacenter. B. Asystemdevelopmentlifecyclecontrol.
C. A program change management control.
D. An input control over data integrity.
Correct Answer: D Section: Volume E Explanation
Explanation/Reference: QUESTION 260
Which type of objectives can best be described as broad goals that promote the effective and efficient use of resources?
A. Strategicobjectives.
B. Operationalobjectives. C. Reporting objectives. D. Compliance objectives.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference:
QUESTION 261
An internal audit manager of a furniture manufacturing organization is planning an audit of the procurement process for kiln-dried wood. The procurement department maintains six procurement officers to manage 24 different suppliers used by the organization.
Which of the following controls would best mitigate the risk of employees receiving kickbacks from suppliers?
A. Theperiodicrotationofprocurementofficers'assignmentstosupplieraccounts.
B. Apre-awardfinancialcapacityanalysisofsuppliers.
C. Anautomatedcomputerreport,organizedbysupplier,ofanyinvoicesforthesameamount. D. Periodic inventories of kiln-dried wood at the organization's warehouse.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference:
QUESTION 262
During an internal audit, an organization's processing department is found to have incidences of both duplicate invoices and notices from customers that purchased goods were not received. The department under review insists that some of these reports are false and that others were isolated oversights due to understaffing.
Which of the following tests would best help the internal auditor detect fraudulent activity?
A. Checkinventorylevels.
B. Searchforgapsinchecknumbers. C. Compare vendor summaries.
D. Review raw material purchase quantities.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference: QUESTION 263
Which of the following statements is true regarding the use of non-statistical sampling in auditing control tests?
A. Itconsiderstolerabledeviationratemoreeffectivelythandoesstatisticalsampling. B. Samplingriskwillbeaccuratelyquantifiedthroughnon-statisticalsampling.
C. Non-statistical sample results must be projected to the population.
D. Lesser evidence is required to support a conclusion than for statistical sampling.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference:
QUESTION 264
During an internal audit, the internal auditor compares the employee turnover rate in the area being audited with the employee turnover rate in the organization as a whole.
This is an example of which of the following analytical auditing procedures?
A. Reasonablenesstest. B. Regressionanalysis. C. Benchmarking.
D. Trend analysis.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference:
QUESTION 265
When internal auditors are preparing workpapers for the testing stage of an engagement, which of the following guidelines should be observed? 1. Include copies of all client files that were reviewed for the audit.
2. Avoid the use of professional, industry-appropriate jargon and technical terms.
3. Indicate the original sources of all data and information used in the workpapers.
4. Leave blank space for cross-references to be completed during the post-audit process.
A. 1and2only B. 1and4only C. 2and3only D. 3and4only
Correct Answer: C Section: Volume E Explanation
Explanation/Reference: QUESTION 266
During an account receivables audit, an internal auditor found a significant number of input errors resulting in a $500, 000 balance understatement.
Which of the following is the most important question the internal auditor should ask to develop an appropriate recommendation for this finding?
A. Who? B. How? C. Why? D. When?
Correct Answer: C Section: Volume E Explanation
Explanation/Reference: QUESTION 267
Which of the following is not a standard technique that the chief audit executive (CAE) would use to provide evidence of supervisory review of working papers?
A. TheCAEinitialsanddateseveryworkingpaperafterithasbeenreviewed.
B. TheCAEcompletesanengagementworkingpaperchecklist.
C. The CAE prepares a memorandum discussing the results of the working paper review.
D. The CAE utilizes an external third party to make an objective recommendation after each working paper review.
Correct Answer: D Section: Volume E Explanation
Explanation/Reference: QUESTION 268
Allegations have been made that an organization's share price has been manipulated.
Which of the following would provide an internal auditor with the most objective evidence in this case?
A. Majorshareholdersoftheorganization. B. Largecustomersoftheorganization. C. Former members of management.
D. Former financial consultants.
Correct Answer: D Section: Volume E Explanation
Explanation/Reference: QUESTION 269
According to the IIA guidance, who is responsible for periodically assessing the internal audit activity?
A. Theboard.
B. Thechiefauditexecutive. C. Senior management.
D. The external auditors.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference:
QUESTION 270
An internal auditor finds during an engagement that payment for the organization's general insurance policy is two months overdue. The issue is informally mentioned to the finance department which immediately submits the invoice for payment. The auditor decides to exclude this finding from the final audit report as the oversight was immediately corrected and there were no consequences because of this late payment.
Which of the following rules of conduct as described in the IIA Code of Ethics, did the auditor fail to uphold?
A. Confidentiality. B. Objectivity.
C. Integrity.
D. Competency.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference:
QUESTION 271
What type of risk management strategy is being employed when an organization installs two firewalls to provide protection from unauthorized access to the network?
A. Diversifyingtheriskthatnetworkaccesswillnotbeavailabletolegitimate,authorizedusers. B. Acceptingtheriskthattheremaybeattemptsatunauthorizedaccesstothenetwork.
C. Avoiding the risk of having a direct network connection to un-trusted networks.
D. Sharing the risk that either firewall could be compromised by hackers.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference:
QUESTION 272
If an engagement client disputes that a specific action or process is within the scope of the internal audit activity, what would be the most appropriate way for the internal audit activity (IAA) to respond?
A. Terminatetheauditengagementinfullbecauseanoperationalauditwillnotbeproductivewithouttheclient'scooperation.
B. TerminateonlythespecificactionorprocesswithwhichtheclientdisagreesandworktodetermineasubstitutefunctionthatwillnotimpedefurtherIAAorthe client-audit relationship.
C. Refer the client to the IAA's charter and the approved yearly audit plan, which includes the areas designated for audit in the current time period.
D. Seek the approval of senior management or the board in mediation, allowing an overseer to clarify the scope of the audit engagement for the client.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference:
QUESTION 273
This chief audit executive (CAE) engaged an internal auditor to consult on an organization's complex information technology system. Shortly after beginning the engagement, the auditor unexpectedly resigned. Unfortunately, this auditor was the only available auditor with the necessary expertise. The CAE will not be able to hire someone with similar expertise in time to meet a regulatory deadline.
Which of the following would be the best course of action for the CAE to take?
A. Continuewiththeengagementinordertomeettheregulatorydeadline,buthighlightareasinthefinalreportthatmightneedtoberevisedinthefuture.
B. Askthataseniormemberoftheorganization'sITdepartmentwiththerequiredsystemsexpertisejointheauditteamtoassistincompletingtheengagement.
C. Delay the engagement and inform the board of the situation, asking them to provide acceptable alternatives for completing the engagement.
D. Remove the planned engagement from the audit plan and explain to senior management the problems with moving forward without an auditor with the necessary expertise.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference:
QUESTION 274
A candidate has applied for an entry level internal audit position. The candidate holds a CISA (Certified Information Systems Auditor) designation, and has six months of audit experience, but limited knowledge of accounting principles and techniques. According to the IIA guidance, which of the following is the most relevant reason for the chief audit executive to consider this candidate?
A. Otherinternalauditorspossesssufficientknowledgeofaccountingprinciplesandtechniques. B. Thecandidate'sinformationsystemsknowledgeandreal-worldexperienceininternalauditing. C. Accounting skills can be learned over time with appropriate training.
D. Anentrylevelpositiondoesnotrequireexpertiseinanyparticulararea.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference: QUESTION 275
Which of the following decisions made during the testing phase of a compliance audit requires the most judgment by an internal auditor?
A. Whichsamplingmethodologytoselectfortesting. B. Whichfieldstoexamineoneachinvoice.
C. Whether an individual expenditure is allowable. D. What level of noncompliance is acceptable.
Correct Answer: D Section: Volume E Explanation
Explanation/Reference: QUESTION 276
According to the Standards, which of the following is not a consideration when exercising due professional care for an assurance engagement?
A. Therelativecomplexity,materiality,orsignificanceofmatterstowhichassuranceproceduresareapplied. B. Theextentofassuranceservicesnecessarytoensurethatallrisksareidentified.
C. The cost of providing the assurance services in relation to potential benefits.
D. The probability of significant errors, irregularities or instances of noncompliance.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference: QUESTION 277
According to IIA guidance, which of the following statements is false regarding continuing professional education for the internal audit activity (IAA)?
A. ContinuingprofessionaleducationcanbeobtainedthroughIAAinvolvementinresearchprojects.
B. EmployersareresponsibleforensuringthatthecontinuingprofessionaleducationneedsoftheIAAaremet. C. Completion of self-study courses fulfills IAA continuing professional education requirements.
D. Specialized education that meets unique organizational needs cannot qualify as IAA professional development.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference: QUESTION 278
According to IIA guidance, which of the following best describes processes and tools typically used in ongoing internal assessments?
A. Benchmarkingoftheinternalauditactivity'spracticesandperformance. B. Reportofinternalassessmentresults,responseplans,andoutcomes. C. Analysis of performance metrics such as cycle times.
D. Self-assessments and surveys of stakeholder groups.
Correct Answer: C
Section: Volume E Explanation
Explanation/Reference: QUESTION 279
Which of the following is an example of a transaction-level control?
A. Humanresourcepolicies.
B. T one at the top.
C. Reconciliations of primary accounts.
D. Inventorycounts.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference: QUESTION 280
Which of the following is a preventive control?
A. Creatinganaudittrail.
B. Placingcontrolsonphysicalaccesstoinventory. C. Reconciling purchase orders with approvals.
D. Reviewing expense accounts for irregularities.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference:
QUESTION 281
Which of the following statements describes a control failure that is not directly attributable to a customer billing application? 1. End users have raised a number of concerns regarding data integrity.
2. An untested program change is transferred from the test environment to production.
3. Purchase history does not reconcile with accounts receivable for some customers.
4. End user security is inadvertently granted to an unauthorized individual by management.
A. 1and3. B. 1and4. C. 2and3. D. 2and4.
Correct Answer: D Section: Volume E Explanation
Explanation/Reference:
QUESTION 282
While reviewing first quarter sales transactions, an internal auditor discovered that 10 invoices for a new customer had not been posted into the accounts receivable subsidiary ledger. Those 10 invoices were listed in an error report automatically generated by the sales processing system. The system had rejected the invoices because the customer's account number was not found in the customer master file. In this scenario, which of the following controls was lacking?
A. Correctivecontrol. B. Preventivecontrol. C. Detective control. D. Directive control.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference: QUESTION 283
Which of the following is the most effective strategy to manage the risk of foreign exchange losses due to sales to foreign customers?
A. Hireariskconsultant.
B. Implementahedgingstrategy.
C. Maintain a large foreign currency balance.
D. Insist that customers only pay in a stable currency.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference: QUESTION 284
Which of the following is not a role of the internal audit activity in facilitating risk identification and evaluation?
A. Evaluatingriskmanagementprocesses.
B. Recommendingaccountabilityforriskmanagement. C. Providing assurance that risks are evaluated correctly. D. Supporting managers to identify ways to mitigate risks.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference: QUESTION 285
Which of the following is a second line of defense in effective risk management and control?
A. Purchasingdepartment. B. Compliancedepartment. C. Credit department.
D. Internal audit department.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference:
QUESTION 286
An accounts receivable clerk receives cash payments, posts the payments to customer accounts, and prepares the daily cash deposit. The clerk has been stealing some cash and manipulating the customer payments to hide the theft.
This fraud could be detected with which of the following controls?
A. Monthlybankreconciliationsareperformedbytheclerkonatimelybasis.
B. Totalcashdepositsforthemontharereconciledtothecashreceiptsjournal.
C. Names, amounts, and dates on remittance advices are reconciled with the names, amounts, and dates recorded in the cash receipts journal. D. Total cash deposits are compared with the bank reconciliation.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference: QUESTION 287
Which of the following conditions is the most likely indicator of fraud?
A. Commissionsarepaidbasedonverifiedincreasestosales.
B. Departmentalreportsareconsistentlyissuedinanuntimelymanner. C. A manager regularly assumes subordinates' duties.
D. Lower earnings occur during the industry's down cycle.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference: QUESTION 288
Which of the following would not be a red flag for fraud?
A. Severalrecent,largeexpenditurestoanewvendorhavenotbeendocumented.
B. Amanagerhasbraggedaboutmultipleextravagantvacationstakenwithinthelastyear,whichareexcessiverelativetothemanager'ssalary.
C. A weak control environment has been accepted by management to encourage creativity.
D. New employees occasionally fail to meet established project deadlines due to staffing shortages.
Correct Answer: D Section: Volume E Explanation
Explanation/Reference: QUESTION 289
Which of the following is the most significant disadvantage of using checklists to evaluate internal controls?
A. Theyserveasareminderofwhatcontrolsshouldexistinaprocess.
B. Theyrequireyes/noresponsestospecificquestions,notopen-endedresponses. C. They do not capture all controls that may exist.
D. They are useful in assessing risk.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference: QUESTION 290
According to IIA guidance, which of the following objectives of an assurance engagement for the organization's risk management process is valid?
A. Allriskshavebeenidentifiedandmitigated.
B. Riskshavebeenaccuratelyanalyzedandevaluated. C. All controls are both adequate and efficient.
D. The board is appropriately addressing intolerable risks.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference:
QUESTION 291
Which of the following would provide the best evidence of errors in the quantities of items received from suppliers?
A. Suppliers'reportsofovershipments.
B. W arehouse receiving logs.
C. Purchase requisitions and purchase orders.
D. Observation and inspection of inventory.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference:
QUESTION 292
Which of the following audit procedures would provide the most relevant information to identify discrepancies between budgeted versus actual raw material consumption in a production facility?
A. Analyticalreview.
B. Inquiry.
C. Document verification. D. Observation.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference:
QUESTION 293
An internal auditor makes a series of observations when performing an analytical review of division operations. The auditor notes the following things: the current ratio is increasing and the quick ratio is decreasing, sales and current liabilities have remained constant, and the number of day sales in inventory is increasing. Which conclusion should the auditor draw from this data?
A. Cashoraccountsreceivablehasdecreased.
B. Thegrossmarginhasdecreased.
C. The division produced fewer items this year than in prior years. D. The gross margin has increased.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference:
QUESTION 294
An internal auditor is conducting an engagement in the accounts payable department, which includes expressing an opinion at the micro level. According to IIA guidance, which of the following statements is true regarding micro-level opinions?
1. They are most effective when using a combination of current and prior engagement findings to draw conclusions.
2. They typically are based on defined procedures such as those found in an accounts payable reconciliation process.
3. They are discrete and not normally shared with senior management or the board.
4. They can rely on evidence taken from the work of other assurance activities across the organization.
A. 1and2. B. 1and3. C. 2and3. D. 3and4.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference:
QUESTION 295
Which of the following statements best explains why internal auditors map processes? 1. To obtain audit evidence to support auditor's observations.
2. To determine scope and objectives of the audit.
3. To facilitate the identification of ownership and responsibility for key risks.
4. To identify potential efficiency improvements.
A. 1and2. B. 1and3. C. 2and4. D. 3and4.
Correct Answer: D Section: Volume E Explanation
Explanation/Reference: QUESTION 296
Why is a code of ethics for the internal audit profession necessary?
A. Itensuresthatallmembersoftheprofessionpossessthesamelevelofcompetence. B. Itprovidesauditorswithprotectionfromlawsuits.
C. It guides internal auditors in their service to others.
D. It requires auditors to exhibit loyalty to their organizations.
Correct Answer: C Section: Volume E Explanation
Explanation/Reference: QUESTION 297
Which of the following best ensures an internal audit activity has the ability to render impartial and unbiased assessments? A. Organizationalstatusandobjectivity.
B. Supervisionofthechiefauditexecutive(CAE)byseniormanagement. C. Organizational knowledge and skills.
D. CAE certification.
Correct Answer: A Section: Volume E Explanation
Explanation/Reference:
QUESTION 298
An internal audit charter describes the mission and scope of the internal audit activity (IAA), responsibilities of the IAA, accountability of the chief audit executive, independence of the IAA, and standards followed by the IAA. Which of the following also should be included in the charter?
A. ThepurposeoftheIAA.
B. TheIAA'srighttohaveunrestrictedaccesstofunctions,records,personnel,andphysicalproperty. C. A detailed audit plan or program for the year.
D. The job specifications and descriptions of the internal audit staff.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference: QUESTION 299
Which of the following is not one of the 10 core competencies identified in the IIA Competency Framework?
A. Governance,risk,andcontrol. B. Performancemanagement. C. Business acumen.
D. Internal audit delivery.
Correct Answer: B Section: Volume E Explanation
Explanation/Reference:
QUESTION 300
An internal auditor is reviewing the accounts receivable when she discovers account balances more than three years old. The auditor was previously supervising the area during this time, and she subsequently advises the chief audit executive (CAE) of a potential conflict.
Which of the following is the most appropriate course of action for the CAE to take?
A. Replacetheauditorwithanotherauditstaffmember.
B. Continuewiththepresentauditor,asmorethanoneyearhaspassed. C. Withdraw the audit team and outsource the financial audit of the division. D. Work with the division's management to resolve the situation.
Correct Answer: A Section: Volume F Explanation
Explanation/Reference:
QUESTION 301
Which of the following best ensures the independence of the internal audit activity?
1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis. 2. The audit committee reviews the performance of the chief audit executive (CAE) periodically.
3. The internal audit charter requires the CAE to report functionally to the audit committee.
A. 3only
B. 1and2only C. 2and3only D. 1,2,and3
Correct Answer: C Section: Volume F Explanation
Explanation/Reference: QUESTION 302
Which of the following enhances the independence of the internal audit activity?
A. Thechiefauditexecutive(CAE)approvestheannualinternalauditplan. B. TheCAEadministrativelyreportstotheboard.
C. The audit committee approves the CAE's annual salary increase.
D. The chief executive officer approves the internal audit charter.
Correct Answer: C Section: Volume F Explanation
Explanation/Reference: QUESTION 303
Which of the following statements describes impairment to the internal auditor's objectivity?
A. Aninternalauditorreviewsapurchasingagent'scontractdraftspriortotheirexecution.
B. Aninternalauditorreducesthescopeofanauditengagementduetobudgetrestrictions.
C. An internal auditor receives a promotional gift that is available to the organization's employees.
D. An internal auditor performs an assessment of the operations for which he was recently responsible.
Correct Answer: D Section: Volume F Explanation
Explanation/Reference:
QUESTION 304
A chief audit executive (CAE) is selecting an internal audit team to perform an audit engagement that requires a high level of knowledge in the areas of finance, investment portfolio management, and taxation. If neither the CAE nor the existing internal audit staff possess the required knowledge, which of the following actions should the CAE take?
A. PostponetheaudituntiltheCAEhiresinternalauditstaffwiththerequiredknowledge. B. Asktheauditcommitteetodecidethecourseofaction.
C. Select the most experienced auditors in the department to perform the engagement. D. Hire consultants who possess the required knowledge to perform the engagement.
Correct Answer: D Section: Volume F Explanation
Explanation/Reference: QUESTION 305
According to IIA guidance, which of the following is an area in which the internal auditor should be proficient?
A. Managementprinciples.
B. Computerizedinformationsystems.
C. Internal audit standards, procedures, and techniques. D. Fundamentals of accounting, economics, and finance.
Correct Answer: C Section: Volume F Explanation
Explanation/Reference:
QUESTION 306
According to IIA guidance, which of the following must internal auditors consider to conform with the requirements for due professional care during a consulting engagement?
1. The cost of the engagement, as it pertains to audit time and expenses in relation to the potential benefits.
2. The needs and expectation of clients, including the nature, timing, and communication of engagement results.
3. The application of technology-based audit and other data analysis techniques, where appropriate. 4. The relative complexity and extent of work needed to achieve the engagement's objectives.
A. 1,2,and3 B. 1,2,and4 C. 1,3,and4 D. 2,3,and4
Correct Answer: B Section: Volume F Explanation
Explanation/Reference: QUESTION 307
According to IIA guidance, the results of a formal quality assessment should be reported to which of the following groups?
A. Theauditcommitteeandseniormanagement.
B. Theauditcommitteeandtheexternalauditors.
C. Senior management and management of the audited area. D. Senior management and the external auditors.
Correct Answer: A Section: Volume F Explanation
Explanation/Reference:
QUESTION 308
A medical insurance provider uses an electronic claims-submission process and suspects that a number of physicians have submitted claims for treatments that were not performed. Which of the following control procedures would be most effective to detect this type of fraud?
A. Requirethephysiciantosubmitasignedstatementattestingthatthetreatmentshadbeenperformed.
B. Sendconfirmationstothephysicians,requestingthemtoverifytheexactnatureoftheclaimssubmittedtotheinsuranceprovider. C. Develop an integrated test facility and submit false claims to verify that the system is detecting such claims on a consistent basis. D. Use computer software to identify abnormal claims based on the insured's age and medical history.
Correct Answer: D Section: Volume F Explanation
Explanation/Reference: QUESTION 309
Which of the following is not an objective of internal control?
A. Compliance. B. Accuracy.
C. Efficiency. D. Validation.
Correct Answer: D Section: Volume F Explanation
Explanation/Reference: QUESTION 310
According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?
A. Assessingtheriskfactors.
B. Aligningriskappetiteandstrategy.
C. Enhancing risk response decisions.
D. Reducing operational surprises and losses.
Correct Answer: A Section: Volume F Explanation
Explanation/Reference:
- A. Auditcommittee Board of directors
- .