QUESTION 58
If management expects 100 percent compliance with a procedure, which of the following sampling approaches would be most appropriate?
A. Attributessampling. B. Discoverysampling. C. Targeted sampling. D. Variables sampling.
Correct Answer: B Section: Volume A Explanation
Explanation/Reference: QUESTION 59
An internal auditor is discussing an audit problem with an engagement client. While listening to the client, the internal auditor should:
A. Preparearesponsetotheclient.
B. Takementalnotesonthespeaker'snonverbalcommunication,asitismoreimportantthanwhatisbeingsaid. C. Make sure that all details, as well as the main ideas of the client, are remembered.
D. Integrate the incoming information from the client with information that is already known.
Correct Answer: D Section: Volume A Explanation
Explanation/Reference:
QUESTION 60
An auditor is using an internal control questionnaire as part of a preliminary survey. Which of the following is the best reason for the auditor to interview management regarding the questionnaire responses?
A. Interviewsprovidetheopportunitytoinsertquestionstoprobepromisingareas.
B. Interviewsarethemostefficientwaytoupgradetheinformationtothelevelofobjectiveevidence.
C. Interviewing is the least costly audit technique when a large amount of information is involved.
D. Interviewing is the only audit procedure which does not require confirmation of the information that is obtained.
Correct Answer: A Section: Volume A Explanation
Explanation/Reference:
QUESTION 61
Many questionnaires are made up of a series of different questions that use the same response categories (for example: strongly agree, agree, neither, disagree, strongly disagree). Some designs will have different groups of respondents answer alternate versions of the questionnaire that present the questions in different orders and reverse the orientation of the endpoints of the scale (for example: agree on the right and disagree on the left). The purpose of such questionnaire variations is to:
A. Eliminateintentionalmisrepresentations.
B. Reducetheeffectsofpatternresponsetendencies.
C. Test whether respondents are reading the questionnaire.
D. Make it possible to get information about more than one population parameter using the same questions.
Correct Answer: B Section: Volume A Explanation
Explanation/Reference:
QUESTION 62
An auditor used a questionnaire during an interview to gather information about the nature of credit sales processing. The questionnaire did not cover some pertinent information offered by the person being interviewed, and the auditor did not document the potential problems for further investigation.
The primary deficiency with the above process is that:
A. Theauditorfailedtoconsidertheimportanceoftheinformationoffered.
B. Aquestionnairewasusedinasituationwhereastructuredinterviewshouldhavebeenused. C. Using a questionnaire precludes the auditor from documenting other information.
D. The engagement program was incomplete.
Correct Answer: A Section: Volume A Explanation
Explanation/Reference: QUESTION 63
Which of the following techniques could be used to evaluate the effectiveness of changes to the operation of a computer help line?
A. Benchmarking.
B. Baselinemeasurements. C. Walk-throughs.
D. Qualitycircles.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference: QUESTION 64
One method for dealing with the uncertainty of demand forecasts used in linear programming is to extend the model solution to include.
A. Sensitivityanalysis.
B. Goalseeking.
C. Branch-and-bound solutions. D. Nonlinear programming.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 65
Which of the following factors is least essential to a successful control self-assessment workshop?
A. Votingtechnology. B. Facilitationtraining. C. Prior planning.
D. Group dynamics.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference: QUESTION 66
Which of the following would not be characteristic of control self-assessment implemented by an audit department?
A. Anauditorusuallyfacilitatesthediscussionduringtheworkshopphasewhileanotherrecordscommentsforsubsequentuse. B. Auditorsandbusiness-unitemployeesworkasateam.
C. Auditors perform traditional audit tests to identify control weaknesses.
D. Participants discuss the control weaknesses that hinder the achievement of objectives.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference: QUESTION 67
Which of the following is an advantage of control self-assessment (CSA) over conventional auditing techniques?
A. CSAevaluatescontrolactivitiesandhumanresourcepractices.
B. CSAprovidesassuranceaboutwhetherbusinessobjectiveswillbemet. C. CSA facilitates obtaining input from subject-matter experts efficiently.
D. CSA provides assurance that action will be taken to improve deficiencies.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference: QUESTION 68
During which of the following systems development stages would it be most useful for an internal auditor to be involved?
A. Codingandtesting.
B. Useracceptanceandpost-implementation. C. Design and implementation.
D. Testing and user acceptance.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 69
An auditor decides to vouch a sample of ledger entries back to their original documentation. In terms of whether all transactions had been recorded, this test would be:
A. Relevanttothecompletenessobjective.
B. Irrelevanttothecompletenessobjective.
C. A more timely test of completeness than evidence from interviews. D. A more biased test of completeness than evidence from interviews.
Correct Answer: B
Section: Volume B Explanation
Explanation/Reference: QUESTION 70
All of the following tools are employed to control large-scale projects except:
A. Programevaluationandreviewtechnique(PERT). B. Criticalpathmethod.
C. Statistical process control.
D. Gantt charts.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 71
An audit of an organization's claims department determined that a large number of duplicate payments had been issued due to problems in the claims processing system. During the exit conference, the vice president of the claims department informed the auditors that attempts to recover the duplicate payments would be initiated immediately and that the claims processing system would be enhanced within six months to correct the problems. Based on this response, the chief audit executive should:
A. Adjustthescopeofthenextregularlyscheduledaudittoassesscontrolswithintheclaimsprocessingsystem.
B. Discussthefindingswiththeauditcommitteeandaskthecommitteetodeterminetheappropriatefollow-upaction. C. Schedule a follow-up engagement within six months to assess the status of corrective action.
D. Monitor the status of corrective action and schedule a follow-up engagement when appropriate.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 72
An audit of a company's accounts payable found that the individuals responsible for maintaining the vendor master file could also enter vendor invoices into the accounts payable system. During the exit conference, management agreed to correct this problem. When performing a follow-up engagement of accounts payable, the auditor should expect to find that management has:
A. Transferredtheindividualswhomaintainedthevendormasterfiletoanotherdepartmenttoensurethatresponsibilitiesareappropriatelysegregated. B. Comparedthevendorandemployeemasterfilestodetermineifanyunauthorizedvendorshavebeenaddedtothevendormasterfile.
C. Changed the access control system to prevent employees from both entering invoices and approving payments.
D. Modified the accounts payable system to prevent individuals who maintain the vendor master file from entering invoices.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference: QUESTION 73
What is the primary factor that determines the depth and breadth of audit follow-up?
A. Theengagementclient'swrittenresponsetotheauditfindings.
B. Theauditor'sassessmentofriskassociatedwiththeauditfindings.
C. The auditor's assessment of personnel responsible for correcting audit findings. D. The availability of audit personnel and financial resources.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 74
At the conclusion of an audit of an organization's treasury department, a report was issued to the treasurer, chief financial officer, president, and board. Because of the sensitivity of some findings, a follow-up review was performed. The auditor should provide the report of follow-up findings to the:
I. Treasurer.
II. Chief financial officer. III. President.
IV. Board.
A. IandIIonly
B. IIIandIVonly C. I, II, and III only D. I, II, III, and IV.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference: QUESTION 75
When interrogating an individual who is suspected of fraud, it is appropriate to:
A. Telltheindividualthatanyinformationdisclosedintheinterrogationwillnotbedisclosedoutsideofthecompany. B. Starttheinterviewwithquestionstowhichtheintervieweralreadyknowstheanswer.
C. Discontinue questioning once the individual has confessed to the fraud.
D. Prepare a list of questions prior to the interrogation and strictly adhere to the list.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference: QUESTION 76
Questions used to interrogate individuals suspected of fraud should:
A. Adheretoapredeterminedorder.
B. Covermorethanonesubjectortopic. C. Move from general to specific.
D. Direct the individual to a desired answer.
Correct Answer: C Section: Volume B
Explanation Explanation/Reference:
QUESTION 77
A chief audit executive (CAE) suspects that several employees have used desktop computers for personal gain. In conducting an investigation, the primary reason that the CAE would choose to engage a forensic information systems auditor rather than using the organization's information systems auditor is that a forensic information systems auditor would possess:
A. Knowledgeofthecomputingsystemthatwouldenableamorecomprehensiveassessmentofthecomputeruseandabuse.
B. Knowledgeofwhatconstitutesevidenceacceptableinacourtoflaw.
C. Superior analytical skills that would facilitate the identification of computer abuse.
D. Superior documentation and organization skills that would facilitate in the presentation of findings to senior management and the board.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 78
While conducting a payroll audit, an internal auditor in a large government organization found inadequate segregation in the duties assigned to the assistant director of personnel. When the auditor explained the risk of fraud, the assistant director became upset, terminated the interview, and threatened to sue the organization for defamation of character if the audit engagement was not curtailed. The auditor discussed the situation with the chief audit executive (CAE). The CAE should then:
A. Curtailtheauditengagementtoavoidpotentiallegalaction.
B. Provideareporttoseniormanagementrecommendingafraudinvestigation.
C. Continue the original engagement program as planned but include a comment about the assistant director's reaction in the engagement final communication. D. Add additional testing to determine whether other indicators of fraud exist.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference: QUESTION 79
Which of the following is the most appropriate step for the chief audit executive to take in order to avoid defamation of character of the principal suspect in a fraud investigation?
A. Restricttheuseofpotentiallydamagingwordstoprivilegedreportsordiscussions.
B. Labelallworkpapers,reports,andcorrespondenceoftheinternalauditactivityasprivate.
C. Restrict discussions of the fraud to members of management who express an interest in the investigation. D. Destroy all investigation workpapers and reports if the fraud cannot be proven.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference: QUESTION 80
The scope of a consulting engagement performed by internal auditors should:
A. Besufficienttoaddresstheobjectivesagreeduponwiththeclient.
B. Excludeareasthatmightbethesubjectofsubsequentassuranceengagements. C. Be limited to activities within the current operating period.
D. Be preapproved in conjunction with the annual plan of consulting engagements.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 81
The following are potential sources of evidence regarding the effectiveness of a division's total quality management program. The least persuasive evidence would be a comparison of:
A. Employeemoralebeforeandafterprogramimplementation.
B. Scrapandreworkcostsbeforeandafterprogramimplementation.
C. Customer returns before and after program implementation.
D. Manufacturing and distribution costs per unit before and after program implementation.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 82
A chief audit executive (CAE) of a major retailer has engaged an independent firm of information security specialists to perform specialized internal audit activities. The CAE can rely on the specialists' work only if it is:
A. Performedinaccordancewiththetermsofthecontract.
B. CarriedoutinaccordancewiththeStandards.
C. Performed under the supervision of the information technology department. D. Carried out using standard review procedures for retailers.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference: QUESTION 83
When conducting a performance appraisal of an internal auditor who has been a below-average performer, it is not appropriate to:
A. Notifytheinternalauditoroftheupcomingappraisalseveraldaysinadvance. B. Useobjective,impartiallanguage.
C. Use generalizations.
D. Document the appraisal.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference: QUESTION 84
An organization contracted a third party to construct a new facility that was estimated to cost $25 million. Which of the following is the most pertinent reason for the organization to audit the contractor's records?
A. Thecontractincludesaright-to-auditclause.
B. Thecontractorwillbepaidonacost-plusbasis.
C. The estimated cost is high.
D. The contractor has subcontracted much of the work.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference: QUESTION 85
Which of the following would not be an appropriate step for an internal auditor to perform during an assessment of compliance with an organization's privacy policy?
A. Determinewhocanaccessdatabasescontainingconfidentialinformation.
B. Evaluatetheorganization'sprivacypolicytodetermineifappropriateinformationiscovered.
C. Analyze access to permanent files and reports containing confidential information.
D. Evaluate the government's security measures related to confidential information received from the organization.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 86
An internal auditor for a financial institution has just completed an audit of loan processing. Of the 81 loans approved by the loan committee, the auditor found seven loans which exceeded the approved amount. Which of the following actions would be inappropriate on the part of the auditor?
A. Examinethesevenloanstodetermineifthereisapattern.Summarizeamountsandincludeintheengagementfinalcommunication.
B. Reporttheamountstotheloancommitteeandleaveituptothemtocorrect.Takenofurtherfollow-upactionatthistimeanddonotincludetheitemsinthe engagement final communication.
C. Follow up with the appropriate vice president and include the vice president's acknowledgment of the situation in the engagement final communication.
D. Determine the amount of the differences and make an assessment as to whether the dollar differences are material. If the amounts are not material, not in
violation of government regulations, and can be rationally explained, omit the observation from the engagement final communication.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 87
During a systems development audit, software developers indicated that all programs were moved from the development environment to the production environment and then tested in the production environment. What should the auditor recommend?
I. Implement a test environment to ensure that testing is not performed in the production environment.
II. Require developers to move modified programs from the development environment to the test environment and from the test environment to the production environment.
III. Eliminate access by developers to the production environment.
A. Ionly
B. IIIonly
C. IandIIonly D. I and III only
Correct Answer: D Section: Volume B Explanation
Explanation/Reference: QUESTION 88
A post-audit questionnaire sent to audit clients is an effective mechanism for:
A. Substantiatingauditobservations.
B. Promotingtheinternalauditactivity. C. Improving future audit engagements. D. Validating process flow.
Correct Answer: C
Section: Volume B Explanation
Explanation/Reference:
QUESTION 89
As part of an operational audit, an auditor compared records of current inventory with usage during the prior two-year period and determined that the spare parts inventory was excessive. What step should the auditor perform first?
A. Determinetheeffectsofastock-outontheorganization'sprofitability. B. Determinewhetheraclearpolicyexistsforsettinginventorylimits.
C. Determine who approved the purchase orders for the spare parts.
D. Determine whether purchases were properly recorded.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference: QUESTION 90
A performance audit engagement typically involves:
A. Reviewoffinancialstatementinformation,includingtheappropriatenessofvariousaccountingtreatments. B. Testsofcompliancewithpolicies,procedures,laws,andregulations.
C. Appraisal of the environment and comparison against established criteria.
D. Evaluation of organizational and departmental structures, including assessments of process flows.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference: QUESTION 91
The scope of a business process review primarily involves:
A. Appraisingtheenvironmentandcomparingagainstestablishedcriteria.
B. Assessingtheorganization'ssystemofinternalcontrols.
C. Reviewing routine financial information and assessing the appropriateness of various accounting treatments. D. Evaluating organizational and departmental structures, including assessments of transaction flows.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 92
An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between six and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. Which of the following is the most appropriate course of action for the chief audit executive to take?
A. Assesstheadequacyoftheactionplanandmonitorkeydatesanddeliverables.
B. Scheduleafollow-upauditengagementtoassessthestatusofcorrectiveaction.
C. Reassign information systems auditors to assist the information technology department in correcting the weaknesses.
D. Evaluate statistics related to unplanned system outages, unauthorized access attempts, and denials of service to assess the effectiveness of corrections.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference: QUESTION 93
In a client satisfaction survey for an internal audit engagement, client management should be asked to assess which of the following factors?
I. Audit team's knowledge of the audited area.
II. Usefulness of the audit results.
III. Quality of management of the internal audit activity.
IV. Clarity of the scope and objectives of the audit engagement.
A. IandIIonly
B. IIandIVonly
C. I, II, and IV only D. I, III, and IV only
Correct Answer: C Section: Volume B Explanation
Explanation/Reference: QUESTION 94
In response to an accounts receivable confirmation, a customer indicated that the invoice listed on the confirmation letter had been paid two months earlier. This may indicate that:
A. Thereceivablewasselectedforconfirmationinerror. B. Thecustomerisabadcreditrisk.
C. The receivable should be written off.
D. Fraudulent activity has occurred.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference: QUESTION 95
Which of the following conclusions would be appropriate for a beginning auditor performing an audit of a payroll department?
A. Employeetaxeshavebeendeductedatthecorrectrates,andthetaxeshavebeenforwardedtotheappropriategovernmentagency. B. Althoughthereisinsufficientsegregationofduties,theimpactismitigatedbycompensatingcontrols.
C. The payroll computer system should be replaced.
D. The payroll department staff has the appropriate level of skills.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 96
An audit of customer accounts receivable found that outstanding receivables as a percentage of revenue had increased significantly during the past two years. The increase was attributed to the extension of credit, at the urging of the marketing department, to a number of companies that were not credit worthy. Which of the following would be least useful in monitoring the disposition of this finding?
A. Responsesfromthemanagerofaccountsreceivableregardingcollectionofoutstandingreceivables.
B. Periodicupdatesfromthecontrollerregardingthestatusofcorrectiveactions.
C. Information from the credit and marketing personnel assigned the responsibility for reevaluating credit policies.
D. Updates from the information technology division regarding implementation of a new accounts receivable system.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 97
During an audit of a major metropolitan museum, an auditor was unable to locate selected items from the museum's collection. The director of the museum informed the auditor that the upcoming replacement of the museum's inventory tracking system would address the auditor's concerns. What follow-up activity should the auditor propose?
A. Receiveperiodicfeedbackfrommuseumstaffregardingthestatusofthesystemimplementation.
B. Monitorthesystemimplementationandscheduleafollow-upreviewoncethenewsystemisinplace.
C. Determine whether the items are indeed missing and assess the ability of the new system to remedy the problem. D. Schedule an audit of the museum's security systems to determine if theft is a problem.
Correct Answer: C Section: Volume B
Explanation Explanation/Reference:
QUESTION 98
An audit of a Web-based third-party payment processor determined that a programming error enabled customers to create multiple accounts for each mailing address. This caused problems during the processing of credit card transactions. Management agreed to correct the program and notify customers with multiple accounts that the accounts would be consolidated. What should the auditor do in response?
I. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated. II. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
III. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
IV. Do nothing because management has agreed to address the problem.
A. IIIonly
B. IV only
C. IandIIonly D. II and III only
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 99
A company's cellular phone costs vary significantly by sales representative and by month. Which of the following would be the most appropriate approach for a consulting project concerning this issue?
A. Controlself-assessmentinvolvingsalesrepresentatives.
B. Benchmarkingwithothercellularphoneusers.
C. Business process review of cellular phone needs.
D. Performance measurement and design of the budgeting process.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 100
Which of the following would be the most effective method to prevent installation of new equipment that does not meet environmental permit requirements, or to prevent modification of current processes in such a way that they no longer meet permit requirements?
A. Requirethattheenvironmentalcompliancedepartmentperformregularinspectionsofthemanufacturingfacilitytoidentifynewequipmentorprocess modifications in progress.
B. Relyonannualinspectionsbyvariousregulatoryagenciestoidentifyequipmentorprocessesthatrequireapermit.
C. Require that the staff of the environmental compliance department attend monthly safety meetings in different parts of the facility so that they can hear directly from the workers about any changes.
D. Include the environmental compliance department in the review of proposed process changes and equipment purchases affecting permit requirements.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference: QUESTION 101
Which of the following types of internal audit consulting engagements is an example of a facilitation service?
I. Conducting control self-assessment workshops. II. Participating on standing committees.
III. Reviewing regulatory compliance.
IV. Benchmarking.
V. Estimating savings from outsourcing processes.
A. IandIVonly
B. I,III,andIVonly C. II, III, and V only D. I, II, III, IV, and V.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 102
Which of the following best defines an engagement conclusion?
A. Anauditor'sdeterminationofthecauseofanengagementobservation. B. Anauditor'sprofessionaljudgmentofthesituationwhichwasreviewed. C. An opinion that must be included in the engagement final communication. D. A recommendation for corrective action.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 103
While investigating a compromised Web server, an auditor found that the Web server logs had been deleted. The auditor should recommend that the Web server logs be:
A. Generatedandmaintainedonaseparatesecureserver.
B. Accessiblebyadministrativeusersonly
C. Encrypted to ensure that the logs cannot be deleted.
D. Restored automatically to the Web server from backup files.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference: QUESTION 104
Which of the following actions by management would reduce an employee's opportunity to commit fraud?
A. Establishingphysicalcontrolsovercompanyassets.
B. Eliminatingbonusestiedtosalesorotherperformancegoals.
C. Defining ethical behavior expectations in the company handbook.
D. Identifying consequences, such as termination, for fraudulent activities.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference: QUESTION 105
Which of the following are typical steps in the design of an organization's performance measurement system?
A. Understandorganizationalstrategy;performasituationalassessment;establishmeasurementcategories;andtakeactionsbaseduponmeasurementresults. B. Categorizeperformancemeasures;establishadatacollectionplan;analyzedata;andpredictfutureperformance.
C. Establish a measurement plan; create an organizational strategy linked to those measurements; trend measurement data; and measure data variability.
D. Perform a situational assessment; generate macro measurements; review measurement data; and change strategy based upon measurement results.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference: QUESTION 106
When interviewing an individual suspected of fraud, what type of questions would be asked after the introductory questions?
A. Informationalquestions.
B. Admission-seekingquestions. C. Assessment questions.
D. Closing questions.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 107
Which of the following activities would be performed during a benchmarking consulting engagement?
I. Collect data relevant to the benchmarking process. II. Review all business processes.
III. Define critical success factors.
IV. Identify performance gaps.
A. IandIIIonly
B. IIandIVonly
C. I, II, and III only D. I, III, and IV only
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 108
Which of the following tests must an internal auditor perform in order to ensure that inbound electronic data interchange (EDI) transactions are received and translated accurately?
I. Computerized tests to assess transaction reasonableness and validity.
II. Review of log books to ensure that transactions are logged upon receipt.
III. Edit checks to identify unusual transactions.
IV. Verification of limitations on the authority of users to initiate specific EDI transactions.
A. IandIVonly
B. IIandIIIonly C. I, II, and III only D. I, II, III, and IV.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 109
A chief audit executive has noticed that staff auditors are presenting more oral reports to supplement written reports. The best reason for the increased use of oral reports is that they:
A. Reducetheamountoftestingrequiredtosupportauditfindings.
B. Canbedeliveredinaninformalmannerwithoutpreparation.
C. Can be prepared using a flexible format and reduce the information included in the written report.
D. Permit auditors to counter arguments and provide additional information that the audience may require.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference: QUESTION 110
Which of the following is a responsibility of the internal auditor once a fraud investigation has been concluded?
A. Ascertaintheextenttowhichfraudhasbeenperpetrated.
B. Notifytheappropriateregulatoryauthoritiesregardingtheoutcomeoftheinvestigation.
C. Determine if controls need to be implemented or strengthened to reduce future vulnerability. D. Implement controls to prevent future occurrences.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 111
A bank is developing an integrated customer information system. The type of audit involvement that would most likely help avoid implementation of a system that does not cover all types of accounts would be:
A. Adesignreview.
B. Anapplicationcontrolreview. C. A source code review.
D. An access control review.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference:
QUESTION 112
The internal audit activity can be involved with systems development continuously, immediately prior to implementation, after implementation, or not at all. An advantage of continuous internal audit involvement compared to the other types of involvement is that:
A. Thecostofauditinvolvementcanbeminimized.
B. Thereareclearlydefinedpointsatwhichtoissueauditcomments. C. Redesign costs can be minimized.
D. The threat of lack of audit independence can be minimized.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference: QUESTION 113
In a review of an electronic data interchange application using a third-party service provider, the auditor should:
I. Ensure encryption keys meet International Organization for Standardization (ISO) standards.
II. Determine whether an independent review of the service provider's operation has been conducted. III. Verify that only public-switched data networks are used by the service provider.
IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit.
A. IandIIonly B. IandIVonly C. II and III only D. II and IV only
Correct Answer: D
Section: Volume B Explanation
Explanation/Reference: QUESTION 114
Once an audit report is drafted, the auditor's supervisor should review it primarily to ensure that all:
A. Statementsaresupportedandcanbeauthenticated. B. Recommendationsforcorrectiveactionareclear.
C. Processes within the audited area were reviewed.
D. Sample sizes appear appropriate for any issues found.
Correct Answer: A Section: Volume B Explanation
Explanation/Reference: QUESTION 115
In preparing to facilitate a control self-assessment session, an auditor would be least likely to ensure that:
A. Keystakeholdersarerepresentedinthegroup.
B. Anindependentcontentexpertisavailabletohelpsettledisagreements.
C. Background research is completed to familiarize the auditor with relevant issues. D. Management is consulted on the issues and priorities.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference: QUESTION 116
What decision-making approach should a facilitator initiate if a group addresses an unfamiliar situation during a control self-assessment session?
A. Spontaneousagreement. B. Consensusbuilding.
C. Majorityvoting.
D. Compromise.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference: QUESTION 117
If participants in a control self-assessment workshop begin breaking their agreed-upon ground rules, the facilitator should:
A. Ignorethebehaviorandcontinuetheworkshop.
B. Allowthemtocontinuebrieflyandthenremindthemofthegroundrules. C. Have the participants modify the ground rules.
D. Strictly enforce the ground rules.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference: QUESTION 118
Which of the following is the first step in the process where auditors and clients work together to evaluate the clients' system of internal control?
A. Assessrisks.
B. Developquestionnaires.
C. Identify and assess controls. D. Identifyobjectives.
Correct Answer: D Section: Volume B Explanation
Explanation/Reference:
QUESTION 119
An internal auditor has a recommendation to change operations which could potentially increase profits by $50,000. The best way to sell this recommendation to management is to:
A. Carefullyworkoutthedetailsofimplementationbeforepresentingittodepartmentmanagement.
B. Discussitwithoperatingsupervisorswhoaredirectlyaffectedbythechange,andthenwithdepartmentmanagement. C. Bring it to the audit manager, who should bring it immediately to senior management's attention.
D. Wait until the exit conference to discuss it in order to ensure all affected parties are present.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
QUESTION 120
A chief audit executive agrees to conduct an engagement that will focus on customers' perceptions of the quality of the organization's products and services. Which of the following issues should be addressed first?
A. Cost-effectiveness. B. Qualitycontrol.
C. Customer complaints. D. Supplier deliveries.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 121
During an information security audit, an auditor discovers that the current disaster recovery plan was developed three years ago but never tested. There have been significant changes to information systems since the plan was developed. The auditor should:
A. Askmanagementtotesttherecoveryplanimmediately.
B. Recommendthatmanagementandusersupdateandtesttherecoveryplan. C. Update the recovery plan for management as part of the review.
D. Review the recovery plan and report weaknesses to management.
Correct Answer: B Section: Volume B Explanation
Explanation/Reference: QUESTION 122
The most effective method of reporting engagement results to management and stimulating action is to:
A. Deliveralectureontheengagementresults.
B. Limitverbalcommentaryandpresentaseriesofslidesthatgraphicallydepicttheengagementresults. C. Use slides to support a discussion of major points.
D. Distribute copies of the report, ask the participants to read the report, and ask for questions.
Correct Answer: C Section: Volume B Explanation
Explanation/Reference: QUESTION 123
Which of the following items should be addressed in an organization's privacy statement? I. Intended use of collected information.
II. Data storage and security.
III. Network/infrastructure authentication controls.
IV. Data retention policy of the organization. Parties authorized to access information.
A. IandIIonly
B. IandIVonly
C. I,II,andVonly
D. II, III, IV, and V only
Correct Answer: C Section: Volume B Explanation
Explanation/Reference:
QUESTION 124
An internal auditor is conducting tests to determine if an organization is in compliance with its payment approval policies. After reviewing a sample of vouchers selected, the internal auditor concluded that there were indicators of fraud. Which of the following would be the most appropriate method to expand the audit test to achieve the audit objective?
I. Validate the completeness of the accounts payable files.
II. Examine the sample of vouchers in greater detail.
III. Increase the number of vouchers in the sample.
IV. Broaden the scope of the examination to include credits received by accounts payable.
A. IandIIonly
B. IIandIIIonly
C. I, II, and IV only D. I, III, and IV only
Correct Answer: B Section: Volume B Explanation
Explanation/Reference:
Certified Internal Auditor Questions + Answers Part 16
-
answerhappygod
- Site Admin
- Posts: 899603
- Joined: Mon Aug 02, 2021 8:13 am