Certified Internal Auditor Questions + Answers Part 10
Posted: Tue Mar 01, 2022 5:01 am
QUESTION 87
Which of the following tests must an internal auditor perform in order to ensure that inbound electronic data interchange (EDI) transactions are received and translated accurately?
A. Computerizedteststoassesstransactionreasonablenessandvalidity.
II. Review of log books to ensure that transactions are logged upon receipt.
III. Edit checks to identify unusual transactions.
IV. Verification of limitations on the authority of users to initiate specific EDI transactions.
B. IandIVonly
C. II and III only
D. I, II, and III only
E. I,II,III,andIV.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 88
A chief audit executive has noticed that staff auditors are presenting more oral reports to supplement written reports. The best reason for the increased use of oral reports is that they:
A. Reducetheamountoftestingrequiredtosupportauditfindings.
B. Canbedeliveredinaninformalmannerwithoutpreparation.
C. Can be prepared using a flexible format and reduce the information included in the written report.
D. Permit auditors to counter arguments and provide additional information that the audience may require.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 89
Which of the following is a responsibility of the internal auditor once a fraud investigation has been concluded?
A. Ascertaintheextenttowhichfraudhasbeenperpetrated.
B. Notifytheappropriateregulatoryauthoritiesregardingtheoutcomeoftheinvestigation.
C. Determine if controls need to be implemented or strengthened to reduce future vulnerability. D. Implement controls to prevent future occurrences.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 90
A bank is developing an integrated customer information system. The type of audit involvement that would most likely help avoid implementation of a system that does not cover all types of accounts would be:
A. Adesignreview.
B. Anapplicationcontrolreview. C. A source code review.
D. An access control review.
Correct Answer: A
Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 91
The internal audit activity can be involved with systems development continuously, immediately prior to implementation, after implementation, or not at all. An advantage of continuous internal audit involvement compared to the other types of involvement is that:
A. Thecostofauditinvolvementcanbeminimized.
B. Thereareclearlydefinedpointsatwhichtoissueauditcomments. C. Redesign costs can be minimized.
D. The threat of lack of audit independence can be minimized.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 92
In a review of an electronic data interchange application using a third-party service provider, the auditor should:
A. EnsureencryptionkeysmeetInternationalOrganizationforStandardization(ISO)standards.
II. Determine whether an independent review of the service provider's operation has been conducted. III. Verify that only public-switched data networks are used by the service provider.
IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit.
B. IandIIonly
C. IandIVonly
D. II and III only
E. IIandIVonly
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 93
Once an audit report is drafted, the auditor's supervisor should review it primarily to ensure that all:
A. Statementsaresupportedandcanbeauthenticated. B. Recommendationsforcorrectiveactionareclear.
C. Processes within the audited area were reviewed.
D. Sample sizes appear appropriate for any issues found.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 94
In preparing to facilitate a control self-assessment session, an auditor would be least likely to ensure that:
A. Keystakeholdersarerepresentedinthegroup.
B. Anindependentcontentexpertisavailabletohelpsettledisagreements.
C. Background research is completed to familiarize the auditor with relevant issues. D. Management is consulted on the issues and priorities.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 95
What decision-making approach should a facilitator initiate if a group addresses an unfamiliar situation during a control self-assessment session?
A. Spontaneousagreement. B. Consensusbuilding.
C. Majorityvoting.
D. Compromise.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 96
If participants in a control self-assessment workshop begin breaking their agreed-upon ground rules, the facilitator should:
A. Ignorethebehaviorandcontinuetheworkshop.
B. Allowthemtocontinuebrieflyandthenremindthemofthegroundrules. C. Have the participants modify the ground rules.
D. Strictly enforce the ground rules.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 97
Which of the following is the first step in the process where auditors and clients work together to evaluate the clients' system of internal control?
A. Assessrisks.
B. Developquestionnaires.
C. Identify and assess controls. D. Identifyobjectives.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 98
An internal auditor has a recommendation to change operations which could potentially increase profits by $50,000. The best way to sell this recommendation to management is to:
A. Carefullyworkoutthedetailsofimplementationbeforepresentingittodepartmentmanagement.
B. Discussitwithoperatingsupervisorswhoaredirectlyaffectedbythechange,andthenwithdepartment management.
C. Bring it to the audit manager, who should bring it immediately to senior management's attention.
D. Wait until the exit conference to discuss it in order to ensure all affected parties are present.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 99
A chief audit executive agrees to conduct an engagement that will focus on customers' perceptions of the quality of the organization's products and services. Which of the following issues should be addressed first?
A. Cost-effectiveness. B. Qualitycontrol.
C. Customer complaints. D. Supplier deliveries.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 100
During an information security audit, an auditor discovers that the current disaster recovery plan was developed three years ago but never tested. There have been significant changes to information systems since the plan was developed. The auditor should:
A. Askmanagementtotesttherecoveryplanimmediately.
B. Recommendthatmanagementandusersupdateandtesttherecoveryplan. C. Update the recovery plan for management as part of the review.
D. Review the recovery plan and report weaknesses to management.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 101
The most effective method of reporting engagement results to management and stimulating action is to:
A. Deliveralectureontheengagementresults.
B. Limitverbalcommentaryandpresentaseriesofslidesthatgraphicallydepicttheengagementresults. C. Use slides to support a discussion of major points.
D. Distribute copies of the report, ask the participants to read the report, and ask for questions.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 102
Which of the following items should be addressed in an organization's privacy statement?
A. Intendeduseofcollectedinformation. II.
Data storage and security.
III.
Network/infrastructure authentication controls. IV.
Data retention policy of the organization. Parties authorized to access information.
B. IandIIonly
C. IandIVonly
D. I,II,andVonly
E. II,III,IV,andVonly
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 103
An internal auditor is conducting tests to determine if an organization is in compliance with its payment approval policies. After reviewing a sample of vouchers selected, the internal auditor concluded that there were indicators of fraud. Which of the following would be the most appropriate method to expand the audit test to achieve the audit objective?
A. Validatethecompletenessoftheaccountspayablefiles. II.
Examine the sample of vouchers in greater detail. III.
Increase the number of vouchers in the sample. IV.
Broaden the scope of the examination to include credits received by accounts payable.
B. IandIIonly
C. II and III only
D. I, II, and IV only
E. I,III,andIVonly
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 104
During a review of performance measures in an organization's purchasing function, the preliminary survey indicates that most of the measures have been in use for some time. The internal auditor should:
A. Reviewthedatathatwasusedtodevelopthemeasures.
B. Performbenchmarkinginordertoverifythatthemeasuresbeingusedaremeaningful. C. Establish the history of the measures and reasons for use.
D. Report that the measures being used are out-of-date and should be improved.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 105
What is the primary reason for having audit management approve audit engagement reports?
A. Toensurethatclientconcernsareappropriatelyaddressed.
B. Toconfirmproperformat,grammar,andpunctuation.
C. To verify that senior management supports the report's conclusions. D. To validate that report findings are substantiated.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 106
Which of the following best defines an audit opinion?
A. Asummaryofthesignificantauditobservationsandrecommendations.
B. Anauditor'sevaluationoftheeffectsoftheobservationsandrecommendationsontheactivities reviewed.
C. A conclusion which must be included in the audit report.
D. A recommendation for corrective action.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 107
Which of the following is typically not a reason for committing financial statement fraud?
A. T o dispel negative market perception.
B. Todisguiseaduplicatepaymenttoavendor.
C. To obtain more favorable terms on financing.
D. To receive performance-related bonuses.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 108
Which of the following is a red flag associated with fictitious revenues?
A. Slowgrowthorunusuallylowprofitability.
B. Unusualdecreaseinthenumberofdays'salesinreceivables. C. Substantial increase in receivables turnover.
D. Significant transactions with related parties.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 109
Which of the following is a red flag associated with improper asset valuation?
A. Unusualincreaseingrossmargin.
B. Unusualdecreaseinthenumberofdays'purchasesininventory. C. Recurring positive cash flows from operations.
D. Allowance for bad debts that is increasing in percentage terms.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 110
To furnish useful and timely information and promote improvements in operations, internal auditors should provide:
A. Seniormanagementwithreportsthatemphasizetheoperationaldetailsofdefectiveconditions. B. Operatingmanagementwithreportsthatemphasizegeneralconcernsandrisks.
C. Information in written form before it is discussed with the engagement client.
D. Reports that meet the expectations of both operational and senior management.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 111
An auditor evaluating excessive product rejection rates should investigatE.
A. Communicationbetweensalesandproductiondepartmentsonsalesreturns. II.
Volume of product sales year-to-date in comparison to prior year-to-date. III.
Changes in credit ratings of customers versus sales to those customers. IV.
Detailed product scrap accounts and accumulations.
B. IandIIIonly
C. IandIVonly
D. II, III, and IV only
E. I,II,III,andIV.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 112
Which of the following is the correct ratio to use in calculating the dollar value of the population if the auditor is using ratio estimation?
Number of Items Audited Value Carrying Amount Sample $500,000 $480,000 Population
3,000 $5,000,000
A. 0.10 B. 0.96 C. 1.04 D. 10.00
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 113
During an audit of a major contract, an auditor finds that actual hours and dollars billed are consistently at or near budgeted amounts. This condition is a red flag for which of the following procurement fraud schemes?
A. Defectivepricing. B. Costmischarging. C. Fictitious vendor. D. Bid rotation.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 114
A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive but performs no further follow-up. The auditor's actions woulD.
A. BeinviolationoftheIIACodeofEthicsforwithholdingmeaningfulinformation. II.
Be in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud.
III.
Not be in violation of either the IIA Code of Ethics or Standards.
B. Ionly
C. II only
D. III only
E. IandIIonly
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 115
An internal auditor has completed an audit of an organization's activities and is ready to issue a report. However, the client disagrees with the internal auditor's conclusions. The auditor should:
A. Withholdtheissuanceoftheauditreportuntilagreementontheissuesisobtained.
B. Issuetheauditreportandstateboththeauditorandclientpositionsandthereasonsforthe disagreement.
C. Issue the audit report and omit the client's conclusion as it is not the opinion of the internal auditor.
D. Perform additional work, with the client's concurrence, to resolve the areas of disagreement and delay the issuance of the report until agreement is reached.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 116
Which of the following is an advantage of an interim report?
A. Aninterimreportprovidestimelyfeedbacktotheauditengagementclient. II.
An interim report provides a mechanism for communicating information on red flags promptly while they are being investigated.
III.
An interim report provides an opportunity for auditor follow-up of findings before the engagement is completed.
IV.
An interim report increases the probability that corrective action will be initiated more quickly.
B. IandIVonly
C. II and III only
D. I, III, and IV only
E. I,II,III,andIV.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 117
An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels. A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of $1
million. The chief audit executive (CAE) would be justified in reporting this situation to the organization's board iF.
A. IntheopinionoftheCAE,thelevelofresidualriskassumedbyseniormanagementistoohigh. II.
Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales.
III.
The cost of modifying the sales system to include a preventive control is less than $100,000.
B. Ionly
C. III only
D. I and III only
E. I,II,andIII
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 118
Which of the following factors would not be considered in determining appropriate follow-up procedures?
A. Thesignificanceoftheauditfinding.
B. Theeffortandcostneededtocorrectthereportedcondition.
C. The availability of funds in the audited department's budget to correct the reported condition. D. The potential consequences if the corrective action fails.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 119
Persuasive evidence indicates that a member of senior management has been involved in insider trading that would be considered fraudulent. However, the evidence was encountered during an operational audit and is not considered relevant to the audit. Which of the following is the most appropriate action for the chief audit executive to take?
A. Reporttheevidencetoexternallegalcounselforinvestigation.Reportthelegalcounselfindingsto management.
B. Reporttheevidencetothechairpersonoftheauditcommitteeandrecommendaninvestigation.
C. Conduct sufficient audit work to conclude whether fraudulent activity has taken place, then report the findings to the chairperson of the audit committee and to government officials if appropriate action is not taken.
D. Discontinue audit work associated with the insider trading since it is not relevant to the existing audit.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 120
What is the most likely source of information for a detailed schedule of a company's insurance policies in force?
A. Originaljournalentriesfoundinthecashdisbursementsjournal,alongwithsupportingchecks processed by the bank.
B. Policiesandproceduresgoverninginsurancecoverage.
C. The current fiscal year's budget for insurance, together with the beginning balance of the prepaid insurance account.
D. The files containing insurance policies with various carriers.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 121
Confirmation would be most effective in addressing the existence assertion for:
A. Theadditionofamillingmachinetoamachineshop.
B. Salesofmerchandiseduringtheregularcourseofbusiness.
C. Inventory held on consignment.
D. The granting of a patent for a special process developed by the organization.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 122
In a payroll audit, a staff auditor suspects that signatures on some of the documents being sampled for examination are not authentic. What action should the auditor take before proceeding with the examination?
A. Suggesttothepayrollmanagerthatthesuspiciousdocumentsshouldbesenttotheorganization's security department for forensic review.
B. Keepthesuspiciousdocumentsintheworkpaperfileuntiltheendoftheengagement,andthendiscuss the suspicions with the payroll manager.
C. Discuss the suspicious documents with payroll staff to seek their views on the authenticity of the signatures.
D. Review the suspicious documents with the chief audit executive and seek advice concerning further examination.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 123
In evaluating the validity of different types of audit evidence, which of the following conclusions is not correct?
A. Recomputation,thoughhighlyvalid,islimitedinusefulnessduetoitslimitedscope.
B. Thevalidityofdocumentaryevidenceisindependentoftheeffectivenessofthecontrolsysteminwhich it was created.
C. Internally created documentary evidence is considered less valid than externally created documentary evidence.
D. The validity of confirmations varies directly with the independence of the party receiving the confirmation.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 124
Which of the following types of sampling techniques should an internal auditor use when testing the effectiveness of internal controls?
A. Mean-per-unitsampling. B. Attributessampling.
C. Variables sampling.
D. Dollar-unit sampling.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 125
What type of analysis is performed when an auditor tests for unusual variations in information by comparing the number of employees working at a factory site with the direct cost of production each month over a period of one year?
A. Trendanalysis.
B. Ratioanalysis.
C. Regression analysis. D. Horizontal analysis.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 126
Which of the following data sources would provide the least valid data for an audit of a retail store's customer service?
A. Agraphthatcomparesstaffinglevelsforselectedtimeswithstoretraffic(numberofcustomers)over the same time period.
B. Arandomsurveyofcustomersatisfactiongiventocustomersastheyleavethestore.
C. Interviews of randomly selected service personnel regarding the quality of service that they provide.
D. A graph of customer service training across stores, comparing training with overall levels of service
satisfaction.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 127
Which of the following examples of audit evidence is the most persuasive?
A. Realestatedeeds,whichwereproperlyrecordedwithagovernmentagency. B. Canceledcheckswrittenbythetreasurerandreturnedfromabank.
C. Time cards for employees, which are stored by a manager.
D. Vendor invoices filed by the accounting department.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 128
In reviewing the appropriateness of the minimum quantity level of inventory established by a department, an auditor would be least likely to consider:
A. Stockoutcosts,includinglostcustomers.
B. Seasonalvariationsinforecastinginventorydemand.
C. Optimal order sizes determined by an economic order quantity model. D. The potential for obsolescence of inventory items.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 129
During an audit, an employee, who does not want to be identified, offers to provide information that would be damaging to the organization and may concern illegal activities. Which of the following actions by the auditor would not be consistent with the IIA Code of Ethics and Standards?
A. Promisingtomaintaintheemployee'sanonymityandlisteningtotheinformation.
B. Suggestingthattheemployeeconsidertalkingtolegalcounsel.
C. Informing the employee that an attempt will be made to keep the source of the information confidential while looking into the matter further.
D. Informing the employee of other methods of communicating this type of information.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 130
Which of the following would have the least impact (either positive or negative) on an assessment of a
department's control environment?
A. Thedepartmentmanagedlong-terminvestments,includinginvestmentinderivativesandotherfinancial instruments, to maximize return.
B. Thedepartmentmanagersetsatoneofhonestyandintegrityinallbusinessdealingsandthistoneis emulated by department personnel.
C. Many department functions were duplicated or verified by other department employees as part of the department's normal procedures.
D. Audittestsdesignedtoverifycompliancewithcontrolproceduresdetectedageneralfailuretofollow standard procedures for transaction authorization.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 131
A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:
Which of the following statements regarding risk in the department is true?
A. AscomparedtodepartmentsAandC,departmentBhasastrongercontrolsystemtocompensatefor the greater complexity of the department's transactions and dollar value of its assets.
B. TheinternalauditactivityshouldscheduleauditsofdepartmentBmoreoftenthanauditsofdepartment C because of the relative control strength of department C as compared to department B.
C. The nature of department A's control structure may be justified by the nature of the department's assets and the complexity of its transactions.
D. The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 132
A chief audit executive (CAE) is evaluating four potential audit engagements based on the following factors: the engagement's ability to reduce risk to the organization, the engagement's ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parentheses:
Risk Reduction
Cost Savings Changes
High (3) Medium (2) Low (1)
High (3) Low (1) High (3)
Low (1) High (3) Medium (2)
Medium (2) Medium (2) High (3)
If the organization has asked the CAE to consider the cost savings factor to be twice as important as any other factor, which engagements should the CAE pursue?
A. 1and2only B. 1and3only C. 2and4only D. 3and4only
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 133
Which of the following is least likely to vary when conducting audit engagements in different regions of an international organization?
A. Applicationofgovernmentalregulationstobusinessactivities.
B. Workschedulesandholidaysoftheindividualregions.
C. Level of workpaper documentation needed to support audit observations. D. Availabilityoftechnologyandtechnicalsupport.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 134
Which of the following is not likely to be included as an audit step when assessing vendor performance policies?
A. Determinewhetheragreed-uponlotsizesweresentbyvendors.
B. Determinewhetheronlyauthorizeditemswerereceivedfromvendors.
C. Determine whether the balances owed to vendors are correct.
D. Determine whether the quality of the goods purchased from the vendors has been satisfactory.
Correct Answer: C Section: (none)
Explanation Explanation/Reference:
Explanation:
Which of the following tests must an internal auditor perform in order to ensure that inbound electronic data interchange (EDI) transactions are received and translated accurately?
A. Computerizedteststoassesstransactionreasonablenessandvalidity.
II. Review of log books to ensure that transactions are logged upon receipt.
III. Edit checks to identify unusual transactions.
IV. Verification of limitations on the authority of users to initiate specific EDI transactions.
B. IandIVonly
C. II and III only
D. I, II, and III only
E. I,II,III,andIV.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 88
A chief audit executive has noticed that staff auditors are presenting more oral reports to supplement written reports. The best reason for the increased use of oral reports is that they:
A. Reducetheamountoftestingrequiredtosupportauditfindings.
B. Canbedeliveredinaninformalmannerwithoutpreparation.
C. Can be prepared using a flexible format and reduce the information included in the written report.
D. Permit auditors to counter arguments and provide additional information that the audience may require.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 89
Which of the following is a responsibility of the internal auditor once a fraud investigation has been concluded?
A. Ascertaintheextenttowhichfraudhasbeenperpetrated.
B. Notifytheappropriateregulatoryauthoritiesregardingtheoutcomeoftheinvestigation.
C. Determine if controls need to be implemented or strengthened to reduce future vulnerability. D. Implement controls to prevent future occurrences.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 90
A bank is developing an integrated customer information system. The type of audit involvement that would most likely help avoid implementation of a system that does not cover all types of accounts would be:
A. Adesignreview.
B. Anapplicationcontrolreview. C. A source code review.
D. An access control review.
Correct Answer: A
Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 91
The internal audit activity can be involved with systems development continuously, immediately prior to implementation, after implementation, or not at all. An advantage of continuous internal audit involvement compared to the other types of involvement is that:
A. Thecostofauditinvolvementcanbeminimized.
B. Thereareclearlydefinedpointsatwhichtoissueauditcomments. C. Redesign costs can be minimized.
D. The threat of lack of audit independence can be minimized.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 92
In a review of an electronic data interchange application using a third-party service provider, the auditor should:
A. EnsureencryptionkeysmeetInternationalOrganizationforStandardization(ISO)standards.
II. Determine whether an independent review of the service provider's operation has been conducted. III. Verify that only public-switched data networks are used by the service provider.
IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit.
B. IandIIonly
C. IandIVonly
D. II and III only
E. IIandIVonly
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 93
Once an audit report is drafted, the auditor's supervisor should review it primarily to ensure that all:
A. Statementsaresupportedandcanbeauthenticated. B. Recommendationsforcorrectiveactionareclear.
C. Processes within the audited area were reviewed.
D. Sample sizes appear appropriate for any issues found.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 94
In preparing to facilitate a control self-assessment session, an auditor would be least likely to ensure that:
A. Keystakeholdersarerepresentedinthegroup.
B. Anindependentcontentexpertisavailabletohelpsettledisagreements.
C. Background research is completed to familiarize the auditor with relevant issues. D. Management is consulted on the issues and priorities.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 95
What decision-making approach should a facilitator initiate if a group addresses an unfamiliar situation during a control self-assessment session?
A. Spontaneousagreement. B. Consensusbuilding.
C. Majorityvoting.
D. Compromise.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 96
If participants in a control self-assessment workshop begin breaking their agreed-upon ground rules, the facilitator should:
A. Ignorethebehaviorandcontinuetheworkshop.
B. Allowthemtocontinuebrieflyandthenremindthemofthegroundrules. C. Have the participants modify the ground rules.
D. Strictly enforce the ground rules.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 97
Which of the following is the first step in the process where auditors and clients work together to evaluate the clients' system of internal control?
A. Assessrisks.
B. Developquestionnaires.
C. Identify and assess controls. D. Identifyobjectives.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 98
An internal auditor has a recommendation to change operations which could potentially increase profits by $50,000. The best way to sell this recommendation to management is to:
A. Carefullyworkoutthedetailsofimplementationbeforepresentingittodepartmentmanagement.
B. Discussitwithoperatingsupervisorswhoaredirectlyaffectedbythechange,andthenwithdepartment management.
C. Bring it to the audit manager, who should bring it immediately to senior management's attention.
D. Wait until the exit conference to discuss it in order to ensure all affected parties are present.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 99
A chief audit executive agrees to conduct an engagement that will focus on customers' perceptions of the quality of the organization's products and services. Which of the following issues should be addressed first?
A. Cost-effectiveness. B. Qualitycontrol.
C. Customer complaints. D. Supplier deliveries.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 100
During an information security audit, an auditor discovers that the current disaster recovery plan was developed three years ago but never tested. There have been significant changes to information systems since the plan was developed. The auditor should:
A. Askmanagementtotesttherecoveryplanimmediately.
B. Recommendthatmanagementandusersupdateandtesttherecoveryplan. C. Update the recovery plan for management as part of the review.
D. Review the recovery plan and report weaknesses to management.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 101
The most effective method of reporting engagement results to management and stimulating action is to:
A. Deliveralectureontheengagementresults.
B. Limitverbalcommentaryandpresentaseriesofslidesthatgraphicallydepicttheengagementresults. C. Use slides to support a discussion of major points.
D. Distribute copies of the report, ask the participants to read the report, and ask for questions.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 102
Which of the following items should be addressed in an organization's privacy statement?
A. Intendeduseofcollectedinformation. II.
Data storage and security.
III.
Network/infrastructure authentication controls. IV.
Data retention policy of the organization. Parties authorized to access information.
B. IandIIonly
C. IandIVonly
D. I,II,andVonly
E. II,III,IV,andVonly
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 103
An internal auditor is conducting tests to determine if an organization is in compliance with its payment approval policies. After reviewing a sample of vouchers selected, the internal auditor concluded that there were indicators of fraud. Which of the following would be the most appropriate method to expand the audit test to achieve the audit objective?
A. Validatethecompletenessoftheaccountspayablefiles. II.
Examine the sample of vouchers in greater detail. III.
Increase the number of vouchers in the sample. IV.
Broaden the scope of the examination to include credits received by accounts payable.
B. IandIIonly
C. II and III only
D. I, II, and IV only
E. I,III,andIVonly
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 104
During a review of performance measures in an organization's purchasing function, the preliminary survey indicates that most of the measures have been in use for some time. The internal auditor should:
A. Reviewthedatathatwasusedtodevelopthemeasures.
B. Performbenchmarkinginordertoverifythatthemeasuresbeingusedaremeaningful. C. Establish the history of the measures and reasons for use.
D. Report that the measures being used are out-of-date and should be improved.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 105
What is the primary reason for having audit management approve audit engagement reports?
A. Toensurethatclientconcernsareappropriatelyaddressed.
B. Toconfirmproperformat,grammar,andpunctuation.
C. To verify that senior management supports the report's conclusions. D. To validate that report findings are substantiated.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 106
Which of the following best defines an audit opinion?
A. Asummaryofthesignificantauditobservationsandrecommendations.
B. Anauditor'sevaluationoftheeffectsoftheobservationsandrecommendationsontheactivities reviewed.
C. A conclusion which must be included in the audit report.
D. A recommendation for corrective action.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 107
Which of the following is typically not a reason for committing financial statement fraud?
A. T o dispel negative market perception.
B. Todisguiseaduplicatepaymenttoavendor.
C. To obtain more favorable terms on financing.
D. To receive performance-related bonuses.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 108
Which of the following is a red flag associated with fictitious revenues?
A. Slowgrowthorunusuallylowprofitability.
B. Unusualdecreaseinthenumberofdays'salesinreceivables. C. Substantial increase in receivables turnover.
D. Significant transactions with related parties.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 109
Which of the following is a red flag associated with improper asset valuation?
A. Unusualincreaseingrossmargin.
B. Unusualdecreaseinthenumberofdays'purchasesininventory. C. Recurring positive cash flows from operations.
D. Allowance for bad debts that is increasing in percentage terms.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 110
To furnish useful and timely information and promote improvements in operations, internal auditors should provide:
A. Seniormanagementwithreportsthatemphasizetheoperationaldetailsofdefectiveconditions. B. Operatingmanagementwithreportsthatemphasizegeneralconcernsandrisks.
C. Information in written form before it is discussed with the engagement client.
D. Reports that meet the expectations of both operational and senior management.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 111
An auditor evaluating excessive product rejection rates should investigatE.
A. Communicationbetweensalesandproductiondepartmentsonsalesreturns. II.
Volume of product sales year-to-date in comparison to prior year-to-date. III.
Changes in credit ratings of customers versus sales to those customers. IV.
Detailed product scrap accounts and accumulations.
B. IandIIIonly
C. IandIVonly
D. II, III, and IV only
E. I,II,III,andIV.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 112
Which of the following is the correct ratio to use in calculating the dollar value of the population if the auditor is using ratio estimation?
Number of Items Audited Value Carrying Amount Sample $500,000 $480,000 Population
3,000 $5,000,000
A. 0.10 B. 0.96 C. 1.04 D. 10.00
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 113
During an audit of a major contract, an auditor finds that actual hours and dollars billed are consistently at or near budgeted amounts. This condition is a red flag for which of the following procurement fraud schemes?
A. Defectivepricing. B. Costmischarging. C. Fictitious vendor. D. Bid rotation.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 114
A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive but performs no further follow-up. The auditor's actions woulD.
A. BeinviolationoftheIIACodeofEthicsforwithholdingmeaningfulinformation. II.
Be in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud.
III.
Not be in violation of either the IIA Code of Ethics or Standards.
B. Ionly
C. II only
D. III only
E. IandIIonly
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 115
An internal auditor has completed an audit of an organization's activities and is ready to issue a report. However, the client disagrees with the internal auditor's conclusions. The auditor should:
A. Withholdtheissuanceoftheauditreportuntilagreementontheissuesisobtained.
B. Issuetheauditreportandstateboththeauditorandclientpositionsandthereasonsforthe disagreement.
C. Issue the audit report and omit the client's conclusion as it is not the opinion of the internal auditor.
D. Perform additional work, with the client's concurrence, to resolve the areas of disagreement and delay the issuance of the report until agreement is reached.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 116
Which of the following is an advantage of an interim report?
A. Aninterimreportprovidestimelyfeedbacktotheauditengagementclient. II.
An interim report provides a mechanism for communicating information on red flags promptly while they are being investigated.
III.
An interim report provides an opportunity for auditor follow-up of findings before the engagement is completed.
IV.
An interim report increases the probability that corrective action will be initiated more quickly.
B. IandIVonly
C. II and III only
D. I, III, and IV only
E. I,II,III,andIV.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 117
An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels. A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of $1
million. The chief audit executive (CAE) would be justified in reporting this situation to the organization's board iF.
A. IntheopinionoftheCAE,thelevelofresidualriskassumedbyseniormanagementistoohigh. II.
Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales.
III.
The cost of modifying the sales system to include a preventive control is less than $100,000.
B. Ionly
C. III only
D. I and III only
E. I,II,andIII
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 118
Which of the following factors would not be considered in determining appropriate follow-up procedures?
A. Thesignificanceoftheauditfinding.
B. Theeffortandcostneededtocorrectthereportedcondition.
C. The availability of funds in the audited department's budget to correct the reported condition. D. The potential consequences if the corrective action fails.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 119
Persuasive evidence indicates that a member of senior management has been involved in insider trading that would be considered fraudulent. However, the evidence was encountered during an operational audit and is not considered relevant to the audit. Which of the following is the most appropriate action for the chief audit executive to take?
A. Reporttheevidencetoexternallegalcounselforinvestigation.Reportthelegalcounselfindingsto management.
B. Reporttheevidencetothechairpersonoftheauditcommitteeandrecommendaninvestigation.
C. Conduct sufficient audit work to conclude whether fraudulent activity has taken place, then report the findings to the chairperson of the audit committee and to government officials if appropriate action is not taken.
D. Discontinue audit work associated with the insider trading since it is not relevant to the existing audit.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 120
What is the most likely source of information for a detailed schedule of a company's insurance policies in force?
A. Originaljournalentriesfoundinthecashdisbursementsjournal,alongwithsupportingchecks processed by the bank.
B. Policiesandproceduresgoverninginsurancecoverage.
C. The current fiscal year's budget for insurance, together with the beginning balance of the prepaid insurance account.
D. The files containing insurance policies with various carriers.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 121
Confirmation would be most effective in addressing the existence assertion for:
A. Theadditionofamillingmachinetoamachineshop.
B. Salesofmerchandiseduringtheregularcourseofbusiness.
C. Inventory held on consignment.
D. The granting of a patent for a special process developed by the organization.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 122
In a payroll audit, a staff auditor suspects that signatures on some of the documents being sampled for examination are not authentic. What action should the auditor take before proceeding with the examination?
A. Suggesttothepayrollmanagerthatthesuspiciousdocumentsshouldbesenttotheorganization's security department for forensic review.
B. Keepthesuspiciousdocumentsintheworkpaperfileuntiltheendoftheengagement,andthendiscuss the suspicions with the payroll manager.
C. Discuss the suspicious documents with payroll staff to seek their views on the authenticity of the signatures.
D. Review the suspicious documents with the chief audit executive and seek advice concerning further examination.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 123
In evaluating the validity of different types of audit evidence, which of the following conclusions is not correct?
A. Recomputation,thoughhighlyvalid,islimitedinusefulnessduetoitslimitedscope.
B. Thevalidityofdocumentaryevidenceisindependentoftheeffectivenessofthecontrolsysteminwhich it was created.
C. Internally created documentary evidence is considered less valid than externally created documentary evidence.
D. The validity of confirmations varies directly with the independence of the party receiving the confirmation.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 124
Which of the following types of sampling techniques should an internal auditor use when testing the effectiveness of internal controls?
A. Mean-per-unitsampling. B. Attributessampling.
C. Variables sampling.
D. Dollar-unit sampling.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 125
What type of analysis is performed when an auditor tests for unusual variations in information by comparing the number of employees working at a factory site with the direct cost of production each month over a period of one year?
A. Trendanalysis.
B. Ratioanalysis.
C. Regression analysis. D. Horizontal analysis.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 126
Which of the following data sources would provide the least valid data for an audit of a retail store's customer service?
A. Agraphthatcomparesstaffinglevelsforselectedtimeswithstoretraffic(numberofcustomers)over the same time period.
B. Arandomsurveyofcustomersatisfactiongiventocustomersastheyleavethestore.
C. Interviews of randomly selected service personnel regarding the quality of service that they provide.
D. A graph of customer service training across stores, comparing training with overall levels of service
satisfaction.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 127
Which of the following examples of audit evidence is the most persuasive?
A. Realestatedeeds,whichwereproperlyrecordedwithagovernmentagency. B. Canceledcheckswrittenbythetreasurerandreturnedfromabank.
C. Time cards for employees, which are stored by a manager.
D. Vendor invoices filed by the accounting department.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 128
In reviewing the appropriateness of the minimum quantity level of inventory established by a department, an auditor would be least likely to consider:
A. Stockoutcosts,includinglostcustomers.
B. Seasonalvariationsinforecastinginventorydemand.
C. Optimal order sizes determined by an economic order quantity model. D. The potential for obsolescence of inventory items.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 129
During an audit, an employee, who does not want to be identified, offers to provide information that would be damaging to the organization and may concern illegal activities. Which of the following actions by the auditor would not be consistent with the IIA Code of Ethics and Standards?
A. Promisingtomaintaintheemployee'sanonymityandlisteningtotheinformation.
B. Suggestingthattheemployeeconsidertalkingtolegalcounsel.
C. Informing the employee that an attempt will be made to keep the source of the information confidential while looking into the matter further.
D. Informing the employee of other methods of communicating this type of information.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 130
Which of the following would have the least impact (either positive or negative) on an assessment of a
department's control environment?
A. Thedepartmentmanagedlong-terminvestments,includinginvestmentinderivativesandotherfinancial instruments, to maximize return.
B. Thedepartmentmanagersetsatoneofhonestyandintegrityinallbusinessdealingsandthistoneis emulated by department personnel.
C. Many department functions were duplicated or verified by other department employees as part of the department's normal procedures.
D. Audittestsdesignedtoverifycompliancewithcontrolproceduresdetectedageneralfailuretofollow standard procedures for transaction authorization.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 131
A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:
Which of the following statements regarding risk in the department is true?
A. AscomparedtodepartmentsAandC,departmentBhasastrongercontrolsystemtocompensatefor the greater complexity of the department's transactions and dollar value of its assets.
B. TheinternalauditactivityshouldscheduleauditsofdepartmentBmoreoftenthanauditsofdepartment C because of the relative control strength of department C as compared to department B.
C. The nature of department A's control structure may be justified by the nature of the department's assets and the complexity of its transactions.
D. The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 132
A chief audit executive (CAE) is evaluating four potential audit engagements based on the following factors: the engagement's ability to reduce risk to the organization, the engagement's ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parentheses:
Risk Reduction
Cost Savings Changes
High (3) Medium (2) Low (1)
High (3) Low (1) High (3)
Low (1) High (3) Medium (2)
Medium (2) Medium (2) High (3)
If the organization has asked the CAE to consider the cost savings factor to be twice as important as any other factor, which engagements should the CAE pursue?
A. 1and2only B. 1and3only C. 2and4only D. 3and4only
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 133
Which of the following is least likely to vary when conducting audit engagements in different regions of an international organization?
A. Applicationofgovernmentalregulationstobusinessactivities.
B. Workschedulesandholidaysoftheindividualregions.
C. Level of workpaper documentation needed to support audit observations. D. Availabilityoftechnologyandtechnicalsupport.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 134
Which of the following is not likely to be included as an audit step when assessing vendor performance policies?
A. Determinewhetheragreed-uponlotsizesweresentbyvendors.
B. Determinewhetheronlyauthorizeditemswerereceivedfromvendors.
C. Determine whether the balances owed to vendors are correct.
D. Determine whether the quality of the goods purchased from the vendors has been satisfactory.
Correct Answer: C Section: (none)
Explanation Explanation/Reference:
Explanation: