Management has asked the internal audit activity to perform an operational audit of a division that recently reported an increase in expenditures in addition to a decrease in profits. However, existing internal audit resources are currently engaged in a legal compliance audit. Which factor would be considered least important in deciding whether resources should be removed from the legal compliance audit to the operational audit?
A. Theincreaseinexpendituresatthedivisionoverthepastyear.
B. Theprobabilitythatthelegalcomplianceauditwilldetectfraud.
C. The results of the external auditor's most recent financial audit.
D. The potential for regulatory fines associated with the legal compliance audit.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 181
Given the scarcity of internal audit resources, a chief audit executive (CAE) decides not to schedule a follow-up of audit recommendations when developing engagement work schedules. Why does the CAE's decision violate the Standards?
A. ItisnottheCAE'sresponsibilitytoestablishaprocessforafollow-up.
B. Lackofresourcesisnotasufficientreasontoforgoafollow-up.
C. Follow-up actions should take priority over new engagements in scheduling.
D. When resources are scarce, the follow-up can be incorporated into the next engagement.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 182
As part of a preliminary survey of the purchasing function, an internal auditor reads the department's policies and procedures manual and concludes that the manual describes the processing steps clearly and contains an appropriate internal control design. The next engagement objective is to evaluate the operating effectiveness of internal controls. Which procedure would fulfill this objective most effectively?
A. Performadesigntest.
B. Performacompliancetest. C. Perform a systems test.
D. Perform an efficiency test.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 183
An organization has recently incurred significant cost overruns on one of its construction projects. Management suspects that these overruns were caused by the contractor improperly charging for costs related to contract change orders. Which of the following procedures are appropriate for testing this suspicion?
1. Determine if the contractor has received proper approval of change orders from management.
2. Determine if the contractor has billed for original contract work cancelled by the change orders.
3. Determine if the contractor has charged change orders with costs already billed to the original contract. 4. Determine if the contractor has been paid for change orders that have not yet been completed.
A. 1and2only B. 1and3only C. 2and3only D. 3and4only
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 184
A consumer electronics company is considering acquiring a small flash memory manufacturer. An internal auditor has been assigned to determine if the manufacturer's accounts payable contain all outstanding liabilities. Which audit procedure is not relevant for this objective?
A. Verifytheperiodofliabilityofsubsequentcashdisbursementsusingrelatedsupportingdocumentation.
B. Sendconfirmations,includingzero-balanceaccounts,tovendorswithwhomthemanufacturernormally does business.
C. Trace receiving reports issued before the period end to the accounts payable list and vendor invoices.
D. Verify a sample of accounts payable by using related invoices, receiving reports, and purchase orders.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 185
An internal auditor notices that a division has recorded uncharacteristically high sales and gross margins for the past three months and now suspects the division is reporting fictitious sales. Which course of action should the auditor follow to determine whether fraud has occurred?
A. Traceasampleofshippingdocumentstorelatedsalesinvoicestoverifyproperbilling.
B. Sendaccountsreceivablebalanceconfirmationstocustomers.
C. Compare the division's sales and gross margins to those of the prior three-month period.
D. Estimate the sales and cost of goods sold for the three-month period by using regression analysis.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 186
An audit of an organization's fulfillment department discovered that problems in the order processing system led to a significant number of orders being fulfilled multiple times. During the exit conference, the head of the department informed the auditors that the processing system would be enhanced within six months to correct the problems. Which course of action should the chief audit executive follow?
A. Adjustthescopeofthenextscheduledaudittodeterminethattheproblemshavebeenresolved. B. Monitorthestatusofcorrectiveactionandscheduleafollow-upengagementwhenappropriate. C. Meet with the audit committee to determine the appropriate follow-up action.
D. Assess the status of corrective action in a follow-up engagement in six months.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 187
When interviewing an individual in relation to a fraud investigation, which course of action should the internal auditor follow?
A. Assuretheindividualthattheresultsoftheinterviewwillremainconfidential. B. Establisharapportwiththesubjecttoencourageopenness.
C. Discontinue questioning once the individual has confessed to the fraud.
D. Refrain from deviating from the list of questions prepared before the interview.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 188
While performing a follow-up of a concern about equipment-inventory tracking, which course of action is not necessary for the auditor to take?
A. Ensurethatthestepsbeingtakenresolvetheconditiondisclosedbytheinitialfinding.
B. Ensurethatcontrolshavebeenimplementedtopreventtheissuefromoccurringagain. C. Ensure that the entity has begun to experience benefits as a result of resolving the issue. D. Ensure that the inherent risk has been eliminated as a result of resolving the issue.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 189
Because of a new marketing initiative, an organization has reduced requirements for extending credit to new customers. As a result, outstanding accounts receivable as a percentage of revenue has increased significantly during the past two years. Which of the following would be least useful in monitoring this finding?
A. Updatesfromthemanagerofaccountsreceivableregardingcollectionofoutstandingreceivables.
B. Updatesfromtheinformationtechnologydivisionregardingdevelopmentofanewaccountsreceivable system.
C. Updates from the controller regarding the status of corrective actions.
D. Updates from the credit and marketing personnel tasked with reevaluating credit policies.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 190
Which of the following tasks would be considered unusual for planning a control self-assessment workshop?
A. Conductinginterviewstoidentifyrelevantissuesforthediscussion.
B. Identifyingkeystakeholdersandensuringtheyarerepresentedinthegroup. C. Securing an external subject matter expert to arbitrate disputes.
D. Ensuring that managers are willing to accept constructive criticism.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 191
An internal auditor has been assigned to perform a quality audit on a manufacturing plant. Which course of action should the auditor perform first?
A. Comparetheplannedoutputswiththeactualoutputs. B. Ascertainthecostsofmaterialspurchased.
C. Evaluate the plant's ability to meet production quotas. D. Review the levels of scrap and rework.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 192
According to IIA guidance, which of the following are acceptable strategies for an internal audit activity (IAA) to establish or build relationships?
A. Assistexecutiveswiththeiradministrativeandgovernanceresponsibilities,andencourageallIAA members to develop relationships with the organization's executives.
B. Assistexecutiveswiththeiradministrativeandgovernanceresponsibilities,andensurethatall communications with the board are formal audit reports or preset agendas.
C. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and encourage all IAA members to develop relationships with the organization's executives.
D. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and ensure that all communications with the board are formal audit reports or preset agendas.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 193
During an audit of an ethics program, which of the following procedures are most appropriate to evaluate the effectiveness of the program?
· Testing whether corrective actions taken on involved parties breaching the ethics program are adequate. · Testing whether all employees are mandated through policy to comply with the ethics program. · Testing whether all employees are required to confirm in writing their compliance with the ethics program.
· Testing through surveys employee's level of understanding and commitment to the ethics program.
A. 1and2only B. 1and4only C. 2and3only D. 3and4only
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 194
According to IIA guidance, which of the following should be considered when creating policies and procedures for the internal audit activity (IAA)?
A. Numberofauditors,complexityofauditactivities,andstructureoftheIAA.
B. Numberofauditors,complexityofauditactivities,andauditstaffskillsandcompetencies. C. Number of auditors, structure of the IAA, and audit staff skills and competencies.
D. Complexity of audit activities, structure of the IAA, and audit staff skills and competencies.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 195
The internal audit activity of an organization obtained approval to add a senior auditor to its staff. The chief audit executive, audit manager, and audit supervisor each will interview the candidates. According to the Standards, which of the following best explains the involvement of management in the interview process?
A. Providesauditmanagementwiththeopportunitytocommunicateexpectationsregardingethical behavior standards.
B. Enablesauditmanagementtooutlineitsqualityassuranceandimprovementprogramwiththesenior auditor.
C. Assistsauditmanagementinplanningbymoreeffectivelyallocatingtheseniorauditortoappropriate audits.
D. Allows audit management to explain the criteria that will be used to evaluate the senior auditor's performance.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 196
The chief audit executive (CAE) of an organization has established an internal audit activity (IAA) quality assessment program. According to IIA guidance, which of the following would be part of this program?
A. AssessmentoftheIAAconductedindependentlyofclientfeedback,andthereviewofindividualaudits to determine the quality and timeliness of supervision.
B. AssessmentoftheIAAconductedindependentlyofclientfeedback,andidentifiedareasof improvement reviewed at the end of the year.
C. Compliance with a checklist of required audit procedures, and review of individual audits to determine
the quality and timeliness of supervision.
D. Compliance with a checklist of required audit procedures, and identified areas of improvement reviewed at the end of the year.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 197
The internal audit activity performs the following sequence of risk management activities: identification, analysis, and evaluation. According to IIA guidance, which of the following assurance approaches does this describe?
A. Processelementsapproach.
B. Enterprise-wideriskmanagementapproach. C. Key principles approach.
D. Maturitymodelapproach.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 198
A chief audit executive (CAE) has decided to add an engagement to the current audit plan which will exceed available audit resources. Which of the following is the best course of action for the CAE to take?
A. Presenttheplanchangetoseniormanagementandrequestadditionalresourcesbeforegoingtothe board of directors.
B. Seekapprovalfromseniormanagementandtheboardofdirectorsfortheplanchangeandadvisethem of the issue of limited resources.
C. Add this change to the plan and request senior management to indicate which other engagement should be deleted to keep the overall plan within resource constraints.
D. Immediately seek additional resources from senior management and the board of directors to meet the needs of the organization.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 199
While performing an audit of the human resources department, an internal auditor discovered unencrypted files containing the personal information of employees stored on a public shared drive. According to IIA guidance, which of the following actions by the auditor would be the most appropriate?
A. Removethefilescontainingthesocialsecuritynumbersandpersonalinformation.
B. CommunicatetheissuetothechiefauditexecutiveaswellasITandlegaldepartments.
C. Change permissions to the shared drive to only allow access to human resources personnel. D. Immediately review the audit logs to see if anyone has accessed this information and follow-up.
Correct Answer: B Section: (none)
Explanation Explanation/Reference:
Explanation:
QUESTION 200
An auditor-in-charge is preparing her audit team for a consulting engagement at one of the organization's foreign subsidiaries. According to the Standards, which of the following would not be a necessary step prior to beginning the engagement?
A. Verifythatnoneoftheauditteamworkedfortheforeignsubsidiarywithinthelastyeartoensure independence.
B. Agree,inwriting,withthesubsidiary'sseniormanagementregardingthescopeoftheengagement.
C. Communicate a time frame as well as a contingency plan in the event the engagement may take longer than expected.
D. Communicate what logistical support will be provided by the subsidiary for the duration of the engagement.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 201
The chief audit executive (CAE) of a multinational entity with highly automated and complex operations has just completed the update of the risk-based audit plan. Interviews with management revealed the introduction of new technology and a significant increase in both the number and severity of technology- based risk exposures. According to the International Professional Practices Framework, which of the following would be the best course of action for the CAE to undertake next?
A. Developadetailedauditplanthatmakesthemostefficientuseandreallocationofexistinginternalaudit resources.
B. Arrangefortheoutsourcingofsometechnologyintensiveauditprocessesandproceduresbasedonthe plan changes.
C. Evaluate whether appropriate skills and knowledge required to perform the necessary audit work currently exist in the department.
D. Begin planning to recruit information technology audit specialists and other expert personnel into the internal audit activity.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 202
Which of the following risks assumes an absence of compensating controls in the area being reviewed?
A. Controlrisk. B. Detectionrisk.
C. Inherent risk. D. Sampling risk.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 203
According to the Standards, which of the following objectives is not required to ensure the appropriate completion of an engagement?
A. Determiningauditteammembersarecoordinatedtoensuretheefficientexecutionofallengagement procedures.
B. Confirmingengagementworkingpapersproperlysupporttheobservations,recommendationsand conclusions.
C. Providing structured learning opportunities for engagement auditors when and wherever possible.
D. Ensuring all engagement objectives are reviewed for satisfactory achievement and properly documented.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 204
According to the International Professional Practices Framework, which of the following is not an objective of the exit conference?
A. Receiveclientfeedbackandclarification. B. Reviewauditrecommendations.
C. Plan future engagements.
D. Resolve disagreements.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 205
Which of the following would most likely include recommendations for process improvements? · Due diligence engagement.
· Forensic investigation.
· Internal audit engagement.
· Consulting engagement.
A. 1,2,and3only B. 1,2,and4only C. 1,3,and4only D. 2,3,and4only
Correct Answer: D Section: (none)
Explanation Explanation/Reference:
Explanation:
QUESTION 206
According to the Standards, which of the following best describes the responsibility of the chief audit executive (CAE) for approving the final engagement report? · The CAE is responsible for obtaining management approval before issuing the final report. · The CAE has overall responsibility for the report but can delegate the review and approval of the report.
· The CAE is responsible for obtaining senior management's approval before releasing the final report. · The CAE is responsible for approving to whom and how the final report will be disseminated.
A. 1and3only B. 1and4only C. 2and3only D. 2and4only
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 207
A report prepared by the internal audit activity contains several observations that disclose proprietary information regarding the organization's manufacturing process. According to the International Professional Practices Framework, which of the following is the appropriate treatment for this report?
A. Distributethereportonlytotheboardtoprotectdisclosure.
B. Discloseanddistributethisinformationinaseparatereport.
C. Remove the observations and report verbally to senior management. D. Require a separate non-disclosure statement from each recipient.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 208
According to the International Professional Practices Framework, the internal audit activity's decision to defer follow-up of recommendations and management's corrective actions until the next scheduled engagement for the area is justified when:
A. Thereportedfindingsorrecommendationsaresignificantenoughtorequireimmediateactionby management.
B. Theactiontakenbymanagementtoaddresstherecommendationissufficientwhenweighedagainst the importance of the finding.
C. Management has adequately understood and appropriately accepted the risk of not taking action to implement the recommendation.
D. The significance of the finding or recommendation will allow auditors to perform monitoring by receiving periodic updates from management on corrective actions taken.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 209
Which of the following conditions should a chief audit executive take into account when deciding if a follow- up audit engagement is necessary?
· The reported observations were significant and high risk. · Internal audit resources and the time it will require for follow-up. · Management may not have the resources to take action. · Management has previously decided not to take any action.
A. 1,2,and3only B. 1,2,and4only C. 1,3,and4only D. 2,3,and4only
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 210
According to the Standards, which of the following would least likely be considered a red flag when evaluating the risk for fraud?
A. Cashreceiptsappeartobelowerthanexpectedfromanemployee'scashdrawer. B. Healthbenefitsaredetectedtobeclaimedforadeceasedemployee.
C. An employee did not approve an internal report detailing expenses for the month. D. It is alleged that an employee is receiving vendor kickbacks.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 211
A payroll clerk enters payroll transactions into the general ledger. The staff accountant reconciles the payroll ledgers. The payroll manager issues the manual payroll checks. The checks are maintained in a locked cabinet. The chief financial officer secures the keys to the cabinet. The payroll clerk distributes the manual checks.
The payroll manager reconciles the bank statements monthly. Which of the following audit steps best addresses the risk of fraud in the payroll process?
A. Examinewhetherthepayrollmanagerapprovesthereconciliationsofledgers. B. Determinewhetheranapprovedlistofvoidedchecksexists.
C. Determine whether the cabinet keys are secured properly.
D. Vouch a sample of items on bank reconciliations to supporting documentation.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 212
According to the International Professional Practices Framework, which of the following situations is an indicator of a healthy relationship between the audit committee and the internal audit function?
A. Thechiefauditexecutive(CAE)hasdirectaccesstotheauditcommitteeandtheboardbuttypically does not interact directly with them unless a material weakness in the control environment is identified.
B. TheCAEsendstheauditcommitteeallcommunicationsbetweentheinternalauditdepartmentandthe audit client in order to keep the audit committee up to date on the engagement.
C. The CAE does not distribute audit reports to the audit committee. However, the audit committee is made aware of the scope and findings of audits performed.
D. Whenever a potential audit finding or testing exception is first identified, the audit committee is immediately notified, as well as for any subsequent changes in the status of the engagement.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 213
An internal auditor has been asked to participate in an advisory capacity to assist a committee in redesigning the organization's current financial reports to provide better information to management and the board. Which of the following actions on the part of the auditor would provide the greatest value to this project?
A. Theinternalauditorhasasetofgenericreporttemplatesfromaformerprojectandpresentsthemto the group because they worked so well for the previous employer.
B. Theinternalauditorinterviewseachstakeholderanddocumentstherequirementsandpreferencesof each and creates a report template that meets as many of the requirements and preferences as possible.
C. The internal auditor gathers the stakeholder group and holds a brainstorming session where they generate report requirements and preferences and then rank them in order of importance.
D. The internal auditor undertakes a project to gather report templates and formats from other organizations in the same line of business and presents them all to the group for review.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 214
The internal audit activity of an investment company received a request to provide assurance on the risk management process. Preliminary discussion with senior management revealed that separate functions within the organization perform some form of risk management activities. Which of the following is the most effective tool for ensuring that risk management activities are coordinated among these functions?
A. Delphitechnique.
B. Assurancemap.
C. Facilitated workshop. D. Analyticalreviews.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 215
The chief audit executive (CAE) is adding a new audit position to the team. According to the International Professional Practices Framework, which of the following candidates would the CAE be least likely to
accept for the position?
A. ThecandidateisapplyingforanITauditposition,whileoriginallycomingfromanITbackground,but has only experiences of financial and compliance audits in the previous position.
B. Thecandidateisknowledgeableaboutpotentialindicatorsoffraudincludingtypicalrisks,buthasonly participated as a staff auditor in one investigative fraud audit.
C. The candidate meets the minimum educational requirements established by the chief audit executive, but has less formal education than any of the other candidates being considered.
D. The candidate provides examples of previous reports demonstrating excellent writing skills, but lacks ability to clearly communicate ideas and conclusions in a meeting.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 216
According to IIA guidance, which of the following are potential benefits of using an assurance map?
A. Indicationofanygapsinassurancecoverage,andimprovedrelevanceofassurancerecommendations.
B. Identificationofduplicateoroverlappingassuranceactivities,andimprovedrelevanceofassurance recommendations.
C. Indication of gaps in assurance coverage, and enhanced effectiveness of assurance providers.
D. Enhanced effectiveness of assurance providers, and improved relevance of assurance recommendations.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 217
Which of the following events would most likely cause the chief audit executive to consider changing the current year's audit plan?
The government announced that new regulatory requirements will be introduced in the coming years which may significantly impact the organization's primary product. A major competitor unexpectedly introduced a new model at a lower price point to compete with the organization's market leading product.
The organization announced a new joint venture with a long time corporate partner to introduce a new product with development costs and sales beginning next fiscal year. An equal joint venture partner filed a lawsuit against the organization and requested that the court issue an immediate suspension of future product shipments.
A. 1and2only B. 1and3only C. 2and4only D. 3and4only
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 218
Which of the following statements is true?
A. Consultingengagementsprovidetheinternalauditactivitywithflexibilitytoaddvalueanddonotneedto be included in the long-range audit plan.
B. Theinternalauditactivity'splanofengagmentsmustbebasedonaformalquantitativerisk assessment.
C. The chief audit executive should consider changes to the long-range audit plan based on the requests of business unit managers.
D. A risk assessment on which to base the internal audit activity's long-range plan must be undertaken at least once every three years.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 219
In performance auditing, which of the following must first be determined by the internal auditor?
A. Whichkeyperformanceindicatorsareinuse.
B. Management'sobjectivesfortheprocess.
C. Whether management controls are appropriate.
D. Determination that appropriate benchmarks are in place.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 220
According to the Standards, which of the following best describes what must be agreed upon to establish an understanding with clients prior to starting a consulting engagement?
A. Theengagementobjectives,accesstoclientsrecords,andexpectations.
B. Theengagementobjectives,scope,andtimeframetocompletetheengagement.
C. The engagement scope, opportunities for making significant improvements, and client expectations. D. The engagement objectives, scope, respective responsibilities, and other client expectations.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 221
An airline contracted with an external service provider to perform maintenance on all aircraft ground support equipment. Management then asked the internal audit activity (IAA) to evaluate the controls in place that would permit appropriate oversight of the service provider in maintaining required maintenance standards.
According to the International Professional Practices Framework, which of the following would be the most appropriate course of action for the IAA to undertake to establish the engagement objectives?
A. Developadraftauditplanandcreateanappropriatescopeandresourceschedule.
B. Developapreliminaryauditprogramandobtainseniormanagement'sapproval.
C. Conduct a preliminary assessment of the risks associated with the maintenance contract.
D. Obtain a copy of the maintenance contract and review the contract for pricing discrepancies.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 222
According to the International Professional Practices Framework, which of the following would not be considered when performing an initial risk assessment in engagement planning?
A. Thereliabilityofmanagement'sassessmentofrisk.
B. Management'sprocessformonitoring,reporting,andresolvingriskissues. C. Management's methodology for defining risk criteria.
D. Risks in related activities relevant to the activity under review.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 223
According to IIA guidance, which of the following strategies would be the least effective in helping a chief audit executive build a stronger relationship with the board?
A. Considerformalityandtoneofcommunicationstoensuretheyareappropriate. B. Minimizeinstancesofadhoccommunicationswithboardmembers.
C. Consider the possible repercussions created by commentary on deficiencies. D. Avoid making presumptuous comments without sufficient facts.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 224
The chief audit executive established an internal audit activity (IAA) performance standard requiring all audit reports to be issued within 48 hours of the exit meeting with the client. Which of the following describes an exit meeting strategy that would best help the IAA meet this performance standard?
A. Theobjectiveoftheexitmeetingistoreachagreementonauditobservations. B. Theobjectiveoftheexitmeetingistosolicitactionplansforauditobservations. C. The objective of the exit meeting is to confirm final details of fieldwork.
D. The objective of the exit meeting is to confirm understanding of audit results
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 225
Which of the following would not include recommendations for process improvements?
A. Duediligenceengagement. B. Forensicinvestigation.
C. Internal audit engagement. D. Consulting engagement.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 226
When approving the final engagement report, which of the following is most critical?
A. Opinionsareadequatelysupported.
B. Conclusionsarereachedforallobjectives. C. Report is distributed to appropriate parties. D. Report is clear and concise.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 227
According to the Standards, which of the following would have the least direct interest in the draft report of a compliance review of the purchasing function?
A. Purchasingstaff.
B. Purchasingmanager. C. Director of finance. D. Audit committee.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 228
The chief audit executive (CAE) notes during review of the final report of an assurance engagement that management has decided to accept the risks of two significant exposures identified by the audit. Which of the following actions by the CAE would be least prudent in these circumstances?
A. Implementfollow-upprocedurestomonitorthepotentialimpactofthoserisks. B. Reviewtheworkingpapersandconclusionsastotheperceivedresidualrisk. C. Meet with senior management to consider their reasoning for the decision.
D. Meet with the auditor-in-charge to review the conclusions.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 229
According to the International Professional Practices Framework, which of the following is correct regarding conducting and reporting follow-up activities by the internal audit activity (IAA)?
A. Duetomanagementchanges,theIAAisadvisedbymanagementthatnofurtherworkwillbedone. Further follow-up work is not required as management has accepted the related risk.
B. Anewlyappointedauditorimmediatelyproceedstoconductfollow-uptestingbasedonpreviouswork performed for the engagement and then reports the results to the chief audit executive (CAE).
C. Management has stopped implementing several key recommendations citing a growing disagreement with their effectiveness. The auditor communicates the situation to the CAE who then escalates the matter to senior management.
D. In situations where the identified risk may have a significant impact to the business and senior management has accepted the risk, it is not necessary for the CAE to inform the board of the decision.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 230
An internal auditor compares real-time gasoline production data to corresponding final gasoline production reports and finds minor but consistent daily discrepancies. If the auditor is concerned about theft, which of the following next steps is most consistent with IIA guidance?
A. Reconcileonlinedataandthefinalproductionreportstogasolinesalesreports.
B. Contactsecuritypersonnelasevidencesuggestsgasolineisbeingstolenfromproductionpremises.
C. Confront the production manager and ask her to explain the differences between real-time and reported data.
D. Review the processes used to collect the production data and to compile the final production reports.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 231
According to IIA guidance, which of the following is the least appropriate role for the internal audit activity in the organization's risk management program?
A. Conductingfullinvestigationsofsuspectedfraud.
B. Monitoringtheorganization'swhistle-blowerhotline.
C. Assessing the risk of fraudulent activity in the organization. D. Providing ethics training sessions to organization staff.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 232
An organization decides to create an internal audit function and hires a new chief audit executive (CAE). Which of the following should the CAE first consider when developing the internal audit process?
A. Requirementsoftheexternalauditorstoensureanefficientcoordinationofauditeffort. B. Sufficientresourcestoadequatelymeettheneedsoftheannualauditplan.
C. Alignment of internal audit objectives with the organization's strategic plan.
D. An appropriate training plan for audit staff.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 233
Which of the following is not true regarding the management of internal audit resources?
A. Aminimumlevelofinformationtechnologyknowledgeisnecessary.
B. Theadequacyofinternalauditresourcesisultimatelyaboardresponsibility.
C. Resources include external service providers and computer-assisted audit techniques. D. Skills availability must be aligned with financial constraints.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 234
An organization has an opening for an entry-level internal audit position. When interviewing for the position, which of the following is the least important skill for an entry-level internal auditor?
A. Conflictresolutionskills. B. Communicationskills.
C. Time management skills. D. Interpersonal skills.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 235
During a consulting engagement, an internal auditor identifies new risks which will impact the scope and sufficiency of the engagement audit plan. According to the Standards, the internal auditor should:
A. Discussthepotentialimpactonthescopewiththeclient.
B. Modifythescopetoincorporatethenewrisksandcontinuetheengagement.
C. End the engagement, as the audit scope is no longer sufficient to meet the audit objective. D. Continue the engagement but highlight the impacts on the audit scope in the final report.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 236
When establishing the internal audit activity's annual plan, which of the following would be the best source of potential audit engagement topics?
A. Theorganization'sbudget.
B. Operationsinvolvingcashtransactions.
C. Recent changes in management objectives.
D. Risk factors utilized in the organization's risk models.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 237
Which of the following would be included in an internal audit department's quality assurance and improvement program?
1. Ongoing internal assessments of the performance of the internal audit department.
2. Periodic internal reviews through self-assessments.
3. Assessments conducted by a qualified external reviewer at least once every five years.
A. 1only
B. 1and2only C. 2and3only D. 1,2,and3
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 238
Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailed audit work begins?
A. Theobjectivesoftheauditshouldbeset.
B. Theorganization'smanagementshouldbeinformedabouttheworktobeperformed. C. Attentionshouldbedevotedtowardthekeyauditareas.
D. The timing of the audit should be set.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 239
When determining if appropriate resources exist to achieve engagement objectives, which of the following factors should a chief audit executive consider?
1. Nature and complexity of the audit engagement.
2. Time constraints.
3. Effectiveness of the audit committee.
4. Availability of resources for the engagement.
A. 1and2only
B. 1,2,and3only C. 1,2,and4only D. 1,3,and4only
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 240
Which of the following is true regarding roles and responsibilities in risk management processes?
A. Settingstrategicdirectionresideswithseniormanagement.
B. Ownershipofrisksresideswiththeboard.
C. Acceptance of residual risk resides with executive management level.
D. Identifying, assessing, mitigating and monitoring activities on a continuous basis rests with the internal audit activity.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 241
While preparing the annual audit plan, the newly assigned chief audit executive (CAE) learns that the organization has not yet implemented a risk framework. Which of the following would be the most appropriate action for the CAE to take regarding potential engagements?
A. Prioritizetheengagementsthatwerenotdoneinpreviousyearsandschedulethemfortheupcoming year.
B. Consultwithseniormanagementandtheboardandmakeadjustmentsregardingrisk.
C. Review all outstanding recommendations from prior audit engagements and focus on them in the upcoming year.
D. Use the previous three-year audit plan to extrapolate potential engagements for the upcoming year's schedule of engagement.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 242
Which of the following would be the most important reason for the chief audit executive (CAE) to use inputs from management strategy to update the audit universe?
A. TheauditcharterrequirestheCAEtoupdatetheaudituniversebeforeembarkingontheselectionof potential audit engagements.
B. TheCAEwantstoconsidertheorganization'sstrategicplanincludingattitudetowardriskandthe degree of difficulty to achieving planned objectives.
C. The CAE wants to cover management planned activities for the upcoming year in the audit plan.
D. The CAE wants to determine internal audit resourcing requirements to cover the organization's major processes and activities over time.
Correct Answer: B
Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 243
Management requested the chief audit executive (CAE) to include an audit of the organization's health and safety program in next year's annual audit plan. However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?
A. Withmanagement'sagreement,amendthescopeoftheaudittoensurethatareasexamineddonot require specialized knowledge and expertise.
B. Meetwithmanagementtoexplainthattheauditcannotbeundertakenanddiscussalternativestrategies that can be implemented until internal audit can develop its capability in the area.
C. Accept the request provided management has conducted a thorough risk assessment prior to the engagement to help guide the audit.
D. Advisemanagementthatcomplianceauditsofthistypeshouldonlybeconductedbythecorresponding regulatory agency to ensure independence.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 244
While developing a risk based audit plan, which of the following sources of information would provide the least value to the chief audit executive?
A. Resultsfromtheorganization'sbusinessprocessmanagementprogram.
B. Useracceptancetestingoftheorganization'senterpriseresourceplanningapplication. C. Risk assessments conducted by the board.
D. Key business strategies adopted by the organization in the strategic plan.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 245
An organization has a large number of vendors supplying goods to its various branches across the region. The code of conduct statements signed by the employees specify that the employees or their families will not sell goods to the organization. However, during the internal audit of a branch, the internal auditor suspected that some of the employees may be supplying goods to the organization contrary to the code of conduct. The chief audit executive has requested that a thorough review be completed to identify the potential employee vendors. Of the following tests, it would be least useful to compare
- with
- .
- A. VendorbankaccountnumbersEmployeebankaccountnumbers
B. DatesofpaymentstovendorsDatesofsalarypaymentstoemployees
C. Addresses of vendors from the vendor databaseAddresses of employees from the employee databaseD .Vendor namesEmployee names
Correct Answer: B Section: (none)
Explanation Explanation/Reference:
Explanation:
QUESTION 246
Which of the following is correct with respect to roles within an enterprise-wide risk management process? 1. The board provides oversight to the risk management process.
2. Executive management owns the risk management framework.
3. Senior management is assigned ownership of risks.
4. Internal audit modifies the risk assessment determined by management.
A. 1and2only
B. 3and4only
C. 1,2,and3only D. 1,2,3,and4
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 247
According to the Standards, which of the following is applicable to the internal audit activity's quality assurance and improvement program?
A. Periodicmonitoringoftheinternalauditactivityshouldbedone. B. Allaspectsoftheinternalauditactivityshouldbeevaluated.
C. Anexternalassessmentshouldbeobtainedeverythreeyears. D. The review of assurance services should be the primary focus.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 248
During the planning phase of an audit of the treasury function, an internal auditor conducted a risk assessment of the function in order to:
A. Reportanyhigh-riskexposuresofthetreasuryfunctiontomanagementandtheboard.
B. Determinewhetherappropriateresourcesarepresenttocarryoutthetreasuryfunction.
C. Comply with the internal audit charter and applicable regulatory requirements.
D. Identify areas of the treasury function that should be considered for potential engagement objectives.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 249
Ordinarily, which of the following would not be an objective of an internal audit quality assurance review? A.
- A. VendorbankaccountnumbersEmployeebankaccountnumbers
- .