Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

IIA-CIA-Part1 Internal Audit Fundamentals Questions and Answers

Questions 4

Which of the following best describes a proactive role for the internal audit activity with regard to the organization ' s ethics program?

Options:

A.

Becoming a voting member of the organization ' s internal ethics council.

B.

Performing an annual organizationwide employee survey.

C.

Reviewing all departmental ethics-related policies.

D.

Conducting annual ethics training for all employees.

Buy Now
Questions 5

During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as he are earning a significantly higher salary. The auditor noted the names and amounts of each, and he planned to prepare a request to the chief audit executive for a salary increase based on this information. Which of the following IIA Code of Ethics principles was violated in this scenario?

Options:

A.

Competency.

B.

Objectivity,

C.

Integrity.

D.

Confidentiality

Buy Now
Questions 6

Which of the following is the first step in the process of identifying relevant fraud risk factors?

Options:

A.

Identifying preventive and detective controls

B.

Gathering information about the organization’s business activities to gain an understanding of fraud risks

C.

Engaging in strategic reasoning to anticipate the fraud scheme

D.

The use of brainstorming, management interviews, analytical procedures and review of prior frauds.

Buy Now
Questions 7

The chief audit executive (CAE) is drafting the annual internal audit plan and seeks input from senior management and the external auditor prior to submitting it for approval to the board. According to MA guidance, which of the following statements is true regarding this scenario?

Options:

A.

The CAE ' s actions are likely to impair the Independence of the internal audit activity.

B.

The CAE acted appropriately, and the independence of the internal audit activity was not impaired.

C.

The CAE should have developed the audit plan without outside influence to maintain objectivity.

D.

The CAE acted appropriately, as he has authority to determine who reviews and approves the audit plan.

Buy Now
Questions 8

The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?

Options:

A.

Request the internal audit activity to perform an ethics-related assurance engagement.

B.

Offer in-house ethics-related training seminars for employees to attend.

C.

Reaffirm the importance of the organization ' s code of ethics to all employees.

D.

Conduct an organizationwide employee survey on ethical practices

Buy Now
Questions 9

In which of the following audits would the internal auditors most likely contribute to the assessment of organizational governance?

Options:

A.

An assessment of compliance of individual data protection procedures with data protection regulations

B.

An assessment of profit and loss generated by financial assets and instruments in the past quarter

C.

An assessment of the effectiveness of back-up procedures and execution of business recovery plans

D.

An assessment of performance management practices and establishment of key performance indicators

Buy Now
Questions 10

To comply with the proficiency standard which of the following would the chief audit executive likely consider as the primary hiring criterion when choosing a new internal auditor?

Options:

A.

The length and consistency of the auditor ' s work experience

B.

The auditor ' s demonstrated problem-solving skills

C.

The auditor ' s skills compared to those already possessed by other audit staff

D.

The auditor ' s ability to be self motivated and a good team player

Buy Now
Questions 11

An experienced internal auditor is planning an assurance engagement of the organization ' s sales activities. During process walkthroughs and interviews, many sales representatives expressed concerns about management ' s escalating demands to meet the organization ' s sales goals. According to the MA guidance, which of the following is the best application of due professional care in planning the engagement?

Options:

A.

Disregard the complaints because the information isn ' t reliable and isn ' t sufficient to support engagement conclusions and results.

B.

Consider the significance of the risks related to the complaints and develop appropriate assurance procedures in work programs.

C.

Disregard the complaints because using them would violate the confidentiality principle.

D.

Discuss management ' s needs and expectations related to including the complaints in the audit scope.

Buy Now
Questions 12

Which of the following is a control that is used mainly to check the integrity of data entered into a business application, whether the data is entered directly by staff, remotely by a business partner, or through a web-enabled application?

Options:

A.

General IT control.

B.

Processing control.

C.

Input control

D.

Integrity control

Buy Now
Questions 13

Which of the following best describes a purpose for the internal audit charter?

Options:

A.

The internal audit charter authorizes the internal audit activity ' s reporting structure and clearly defines the roles of each internal auditor.

B.

The internal audit charter defines the roles and responsibilities of the chief audit executive, board of directors, and senior management.

C.

The internal audit charter authorizes access to records, personnel, and physical properties relevant to the performance of audit engagements.

D.

The internal audit charter defines the criteria by which the internal audit activity ' s performance will be evaluated

Buy Now
Questions 14

An internal auditor was completely honest with operational management when delivering unfavorable audit results. Which of the following best describes the IIA Code of Ethics principle that the auditor demonstrated?

Options:

A.

Integrity

B.

Objectivity

C.

Competency

D.

Transparency

Buy Now
Questions 15

Operational management in the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge/skills gap,

B.

Monitoring gap.

C.

Accountability/reward failure,

D.

Communication failure.

Buy Now
Questions 16

Regarding the chief audit executive (CAE). which ot the following is considered an impairment to the independence of the internal audit activity?

Options:

A.

The CAE reports administratively to the CEO.

B.

The CAE is asked to submit the liquidation of her travel allowances to human resources for approval.

C.

The CAE ' s supervisor is responsible for the risk management function.

D.

The CAE is asked to review new procedures before implementation.

Buy Now
Questions 17

An internal auditor wants to compare her organization’s governance processes to those of a well-known governance model. Which of the following approaches would the auditor take for this purpose?

Options:

A.

Perform a gap analysis to assess me differences between the approaches

B.

Assess the governance processes using computerized modeling techniques

C.

identify any differences between the processes using a variance analysis

D.

Benchmark the governance processes using a capability maturity modal

Buy Now
Questions 18

Which of the following best demonstrates that the internal audit activity is using due professional care?

Options:

A.

The internal audit activity reports directly to the board on the engagements it performs.

B.

Internal auditors undertake the necessary training to complete their audit work.

C.

The completion of engagements is based on the assumption that fraudulent activities may exist.

D.

Internal auditors consider the use of technology-based audit and other data analysts techniques

Buy Now
Questions 19

Which of the following scenarios would most significantly restrict the areas where internal audit could perform assurance services?

Options:

A.

Regulators mandate specific audit engagements to be included in the audit plan.

B.

The internal audit activity reports functionally to the chief financial officer

C.

The internal audit activity reports administratively to the CEO and functionally to the audit committee.

D.

The internal audit activity reports administratively to the chief financial officer.

Buy Now
Questions 20

A newly appointed chief audit executive (CAE) started analyzing the organization ' s policies in an attempt to customize them to address internal audit specifics. Which of the following organizationwide practices is most likely to be acceptable to the CAE?

Options:

A.

Internal auditors1performance evaluation is primarily based on both client satisfaction surveys and cost savings identified from the audits.

B.

Standard training for each employee, including internal auditors, is 10 hours per year.

C.

To enhance efficiency, internal auditors should not be rotated regularly among engagements.

D.

Hiring practices include requiring potential auditors to disclose any significant stock ownership in the organization.

Buy Now
Questions 21

Which of the following describes a responsibility of operating management in an organization ' s corporate social responsibility (CSR) efforts?

Options:

A.

Responsible for implementing CSR principles and overseeing of CSR performance.

B.

Responsible for performing periodic internal self-verifications of reported CSR results.

C.

Responsible for performing analysis and comparison of CSR reports and performance.

D.

Responsible for ongoing CSR reporting and accomplishing of performance targets.

Buy Now
Questions 22

During a review of the procurement function, an internal auditor identified an existing control for adding new vendors into the vendor contract system. Which of the following would best help the auditor determine the adequacy of the control ' s design?

Options:

A.

Flowchart of the vendor addition process.

B.

Independent confirmations sent to vendors.

C.

Analysis of the control ' s costs and benefits.

D.

Interview with management of the procurement function.

Buy Now
Questions 23

Which of the following situations presents the lowest risk of impairing an internal audit activity ' s independence?

Options:

A.

Senior management has the authority to terminate the chief audit executive

B.

Senior management has control over the internal audit activity ' s budget

C.

Senior management provides feedback on the scope of the internal audit plan.

D.

Senior management limits the internal audit activity ' s access to the board

Buy Now
Questions 24

An organization sells products through distributors. The organization ' s chief audit executive insists that the organization ' s code of conduct be applicable to their distributors as well. Which of the following risks would this mitigate?

Options:

A.

Business continuity

B.

Market manipulation

C.

intellectual property leakage

D.

Reputational damage

Buy Now
Questions 25

In its five years of existence, an internal audit activity conducted a single internal assessment of its quality assurance and improvement program (QAIP). The results of that assessment showed that the internal audit activity did not conform with the Standards. Prior to this, an external assessment of the internal audit activity ' s QAIP was conducted, which reported that the internal audit activity was in conformance with the Standards. Considering the two assessments, what would be the internal audit activity ' s current state of conformance with the Standards?

Options:

A.

Conformance with the Standards.

B.

Nonconformance with the Standards

C.

Unable to determine conformance with the Standards.

D.

Partial conformance with the Standards

Buy Now
Questions 26

A subsidiary of the organization was preparing for an initial public offering (IPO). Af the request of the audit committee, the chief audit executive (CAE) and all senior audit staff were actively involved in the process by helping collect and validate financial data, conducting assessments, and participating in meetings with IPO advisors. Six months later, it became obvious that the IPO had to be canceled. Newly appointed audit committee members requested an assurance engagement that v/ould assess the IPO preparation process. Which of the following would be the best course of action for the chief audit executive (CAE) to take?

Options:

A.

The decision to involve auditors in the IPO was made by former audit committee members; therefore, the CAE is not responsible and can proceed with the new assignment.

B.

The CAE should reject the assignment, as such engagements are beyond the scope of auditors who are usually not familiar with root cause analysis methodology.

C.

The engagement should be undertaken by audit assistants and other junior staff members who were not involved in the IPO process.

D.

The CAE should disclose objectivity limitations to the audit committee and suggest alternatives, such as outsourcing the engagement.

Buy Now
Questions 27

Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook. Which of the following handbook policies has the greatest risk of compromising audit objectivity?

Options:

A.

Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related.

B.

Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization ' s operations.

C.

Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board.

D.

Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer.

Buy Now
Questions 28

Which of the following represents a deficiency in the control environment?

Options:

A.

The sales department has failed to achieve targets for the last nine months.

B.

Employees report suspicious activity by calling the organization ' s ethics hotline.

C.

Hiring procedures do not include background checks for prospective job candidates.

D.

Management reports three potential ethics issues to the board of directors.

Buy Now
Questions 29

Which of the following statements best represents the due professional care that is required of internal auditors?

Options:

A.

Internal auditors should perform assurance procedures to ensure that all significant risks are identified.

B.

Internal auditors should not perform consulting engagements for operations for which they had previous responsibilities.

C.

Internal auditors should consider the cost of assurance in relation to the potential benefits.

D.

Internal auditors should devise internal audit programs to confirm that the results are accurate.

Buy Now
Questions 30

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently.

Which common characteristics of fraud will the practice and policy most likely reduce?

Options:

A.

Pressure or incentive.

B.

Opportunity.

C.

Rationalization.

D.

Commitment.

Buy Now
Questions 31

An organization opened its warehouse to sell written-off surplus and outdated office furniture to the general public. Prices were negotiable, and customers could pay by cash, check, or credit card. Receipts were available upon request, and were issued by the inventory manager upon collection of payment. At the end of the day, the manager forwarded all of the funds he had collected to the finance department for deposit. Which of the following types of fraud is most likely to occur under these circumstances?

Options:

A.

Asset misappropriation.

B.

Bribery.

C.

Falsifying records.

D.

Skimming

Buy Now
Questions 32

Which of the following principles of The IIA ' s Code of Ethics implies that internal auditors should refrain from performing assurance services when there is an impairment to audit independence that has not been declared?

Options:

A.

Confidentiality.

B.

Objectivity.

C.

Integrity.

D.

Competency.

Buy Now
Questions 33

An internal audit team analyzed the organization ' s value-at-risk model during an assurance engagement and suggested several useful improvements. Management was impressed by the internal audit team’s work and requested additional actions. Which of the following requested actions would impact internal audit independence most severely if fulfilled?

Options:

A.

Assess the effectiveness of the model at least semi-annually.

B.

Modify model inputs and suggest courses of action based on outcomes.

C.

Employ acquired experience to test other models used by the company.

D.

Validate whether model outputs serve the purpose stated by the model.

Buy Now
Questions 34

Which of the following most accurately describes the role of the board when it comes to organizational governance?

Options:

A.

Responsibility for outcome of the process.

B.

Responsibility to be involved in management of the organization.

C.

Responsibility to determine who is accountable for outcomes.

D.

Responsibility to identify risks in the organization’s business environment

Buy Now
Questions 35

Which of the following drivers of fraud is directly controllable by an organization?

Options:

A.

Pressure

B.

Rationalization

C.

Opportunity

D.

Incentive

Buy Now
Questions 36

According to IIA guidance, which of the following actions by the chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity?

Options:

A.

The CAE seeks senior management approval of the internal audit charter

B.

The CAE obtains senior management ' s approval to hire staff

C.

The CAE reports significant issues to the organization ' s CEO

D.

The CAE provides the board with an annual budget for approval

Buy Now
Questions 37

Which of the following best demonstrates the application of due professional care?

Options:

A.

An engagement supervisor requests that the employment of a process owner be terminated due to a significant control failure.

B.

An audit lead establishes internal audit manuals to guide the internal audit activity on now to undertake audit engagements.

C.

An audit manager provides a guarantee to senior management that internal controls relating to an audited process operate effectively.

D.

An organization ' s internal audit activity operates under a direct reporting structure to tie audit committee of the board

Buy Now
Questions 38

According to IIA guidance, which of the following activities is appropriate for an internal auditor to perform with regard to the organization ' s corporate social responsibility (CSR) program?

1. Determine whether the organization has adequate controls to achieve its CSR objectives.

2. Facilitate a management self-assessment of CSR controls and results.

3. Consult on the project design and implementation for the CSR program.

4. Exclude CSR-related external risks that are beyond the control of the organization.

Options:

A.

1 and 2 only.

B.

1, 2 and 3 only.

C.

2, 3, and 4 only.

D.

3 and 4 only.

Buy Now
Questions 39

According to HA guidance, if an internal auditor suspects fraud during an assurance engagement, what should the auditor do first?

Options:

A.

Recommend parties involved to be sanctioned in accordance with the organization ' s policy.

B.

Determine whether any additional audit work needs to be performed.

C.

Launch an investigation to obtain details of the fraud and parties involved.

D.

Request that the responsible process owner remediate the issue immediately.

Buy Now
Questions 40

To assure that the technical proficiency of internal auditors is appropriate for the audit engagements to be performed, a chief audit executive should:

Options:

A.

Consider the scope of work and level of responsibility when establishing criteria for education and experience in filling internal audit positions.

B.

Ensure that each newly hired auditor is qualified in all of the disciplines needed to accomplish the department’s audit mission.

C.

Oversee a training program that matches the actual training provided with the interests of individual auditors.

D.

Require all of the audit staff to pursue a minimum number of continuing professional education hours each year

Buy Now
Questions 41

The organization ' s chief audit executive (CAE) is planning an immediate assurance engagement following several product recalls. However, the internal audit staff does not have the required Knowledge and experience to adequately assess all the relevant processes and procedures. According to 11A guidance, which of the following actions should the CAE take under these circumstances?

Options:

A.

Use the current available resources to conduct the review and exclude those procedures that can ' t currently be performed.

B.

Implement an accelerated training plan to provide the audit staff with the necessary skills and knowledge to conduct the engagement.

C.

Encourage management to accept the assessed risk until the internal audit activity is able to adequately review the area.

D.

Obtain assistance for the audit team from other internal assurance providers who possess the requisite expertise in the area.

Buy Now
Questions 42

According to IIA guidance, which of the following statements regarding ethics is true?

Options:

A.

Business ethics may vary within an organization with both domestic and foreign operations.

B.

Business ethics are universal in nature and organizations across the world are expected to comply with similar standards.

C.

A business ethics policy for an organization is established solely to direct the behavior and expectations of employees.

D.

Business ethics of an organization must remain independent from those of suppliers, customers, and business partners.

Buy Now
Questions 43

Which of the following scenarios best illustrates due professional care?

Options:

A.

An internal auditor who previously worked in the payroll department within the last year was intentionally excluded by the chief audit executive from the audit team assigned to a payroll audit

B.

While performing a payroll audit an auditor became skeptical about significant payments made to a manager. The auditor sought to determine whether these payments were reasonable through discussion with a manager in a different department in the organization

C.

The head of the payroll department being audited is a business partner of the engagement supervisor During the audit the engagement supervisor sought to maintain his objectivity by not participating in fieldwork

D.

An auditor assigned to a payroll audit was unable to reperform some complex payroll computations for a small number of employees The sum of these payments was below the materiality thresholds provided so the auditor did not perform further tests

Buy Now
Questions 44

Which of the following describes the most appropriate match between a potential temporary guest auditor candidate and an upcoming audit assignment?

Options:

A.

A purchasing manager with two years of prior audit experience in public practice to lead a contracts management audit

B.

A communications officer who worked in the marketing department during the last six months to conduct a customer loyalty program audit

C.

A manager of social responsibility who has a nursing background to participate m a health and safety audit for the corporate office and plant facilities

D.

An accounting manager who discovered and reported fraud committed by a payables clerk to conduct a performance audit of accounts payable

Buy Now
Questions 45

Which of the following is the most appropriate reason for a chief audit executive to conduct an external assessment more frequently than five years?

Options:

A.

Significant changes in the organization ' s accounting policies or procedures would warrant timely analysis and feedback.

B.

More frequent external assessments can serve as an equivalent substitute for internal assessments.

C.

The parent organization ' s internal audit activity agreed to perform biennial reciprocal external assessments to provide greater assurance at a reduced cost.

D.

A change in senior management or internal audit leadership may change expectations and commitment to conformance.

Buy Now
Questions 46

A chief audit executive has reported to the board that the internal audit activity is lacking financial accounting knowledge for specific audit projects. Upon approval from the board which of the following hiring approaches is best in this situation?

Options:

A.

An inbound rotational program

B.

A full-time permanent recruitment

C.

An outbound rotational program

D.

A guest auditor program

Buy Now
Questions 47

Which of the following is the internal audit activity expected to do with respect to the organization ' s governance processes?

Options:

A.

Formally audit all governance activities.

B.

Provide strategic guidance on the organizational processes to senior management.

C.

Achieve agreement with the board regarding the range of activities, depth of review, and time period to include in the assessment.

D.

Audit against the governance structures and practices widely used in the industry.

Buy Now
Questions 48

Which of the following describes the internal audit activity ' s most appropriate role in an organization ' s risk management process?

Options:

A.

Reporting to the board on management ' s assessment of current risks

B.

Establishing a risk management policy and framework for the organization

C.

Assigning responsibility for identifying and managing significant risks

D.

Developing key controls to mitigate risks across the organization

Buy Now
Questions 49

Which of the following skills is critical for assessing corporate social responsibility through a self-assessment?

Options:

A.

Assessment skills

B.

Assurance skills

C.

Interviewing skills

D.

Facilitation skills

Buy Now
Questions 50

Which of the following would most likely represent an objectivity impairment for an internal auditor?

Options:

A.

Providing fraud awareness training and disseminating information regarding the organization ' s fraud hotline.

B.

Performing consulting services after disclosing that the auditor had previous responsibilities in the area under review.

C.

Performing an assurance engagement related to the cash receipts process three years after transferring to the internal audit activity from accounts receivable.

D.

Performing a compliance audit on a vendor prior to disclosing that the vendor ' s office manager is the auditor’s brother.

Buy Now
Questions 51

Which of the following best describes a consulting engagement rather than an assurance engagement?

Options:

A.

Bank internal auditors review an activity checklist to determine that the loan officer followed proper procedures.

B.

The chief financial officer asks for the internal auditor ' s opinion regarding whether the new accounting pronouncements were properly and comprehensively adopted.

C.

An internal auditor is assigned to assess whether a proposed new initiative to convert a customer service system would be cost-effective.

D.

Senior management asks the internal audit activity to review compliance with customer data security regulations.

Buy Now
Questions 52

IT management requires all employees in the IT department to attend annual training on the department ' s mission, values, and key performance measures. This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge/skills gap.

B.

Monitoring gap.

C.

Accountability/reward failure.

D.

Communication failure.

Buy Now
Questions 53

Which of the following would be a preventive control for helping to manage fraud in an organization?

Options:

A.

Reviews of reports to determine which issued payments lack evidence of supervisory review.

B.

A monthly review of new vendors performed by management for reasonableness.

C.

Bank reconciliations performed on a monthly basis by the accounting department.

D.

A code of conduct and whistleblower policy that must be signed by all employees annually.

Buy Now
Questions 54

At the beginning of an IT development project, key risks were identified and assessed, and risk owners were appointed. Six months later, the IT development team reported that the project is significantly over budget, it will not be completed on time, and key personnel had left the organization. Which of the following risk management practices should be improved for future projects?

Options:

A.

Risk response

B.

Risk assessment

C.

Risk monitoring

D.

Risk avoidance

Buy Now
Questions 55

Prior to commencing a financial compliance engagement, the engagement supervisor reads the business plan for the finance department and meets informally with the director to learn more about any key issues. Which of the following competencies is the engagement supervisor demonstrating?

Options:

A.

The ability to inspire trust

B.

The ability to communicate effectively

C.

The ability to display courage

D.

The ability to understand the needs of stakeholders

Buy Now
Questions 56

Which of the following activities should the chief audit executive perform to ensure compliance with an organization ' s code of conduct?

Options:

A.

Act as an advisor to the committee responsible for reviewing violations of the code.

B.

Review and adjudicate all violations of the code of conduct.

C.

Lead the committee responsible for the oversight of the code.

D.

Implement a system of procedures to inform all employees of the code.

Buy Now
Questions 57

Which of the following is an example of an application control?

Options:

A.

Employees in the data center must always wear identification badges

B.

Operating system updates must be installed within 48 hours.

C.

A two stage authentication process must be used to access customer information

D.

System backup and recovery testing must be done monthly

Buy Now
Questions 58

Which of the following would be considered a violation of The HAfs mandatory guidance on independence?

Options:

A.

The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer.

B.

The board seeks senior management ' s recommendation before approving the annual salary adjustment of the CAE.

C.

The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity,

D.

The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline

Buy Now
Questions 59

Internal audit is performing an engagement to determine whether there were indications of questionable bidding on a city s infrastructure project. As part of the engagement the internal audit activity became aware that certain firms tend to receive the contracts for large city projects. How should the internal audit activity proceed with the engagement and identify questionable bidding practices?

Options:

A.

Obtain the city s vendor listing to determine whether there was an adequate number of firms available to solicit bids for protects

B.

Obtain at of the city s financial records to identify any firms that received payments for contracted goods and services.

C.

Obtain the city ' s contracting files to determine whether the city demonstrated efforts to solicit bids from various interested firms.

D.

Obtain the city’s official public meeting minutes to determine whether there were concerns about the contracting practices

Buy Now
Questions 60

An internal auditor at a multinational organization is reviewing the effectiveness of the organization ' s risk management framework. In this scenario, which of the following statements is true?

Options:

A.

The auditor should consider local cultures and customs in various regions when assessing control effectiveness.

B.

Regardless of their location, employees at all levels share responsibility for designing effective controls to mitigate risks.

C.

To achieve an effective internal control environment, the organization ' s risk management plan must be documented and communicated to all levels throughout each region.

D.

Setting clear objectives is a precondition to effectively identifying, assessing, and responding to the organization ' s risks.

Buy Now
Questions 61

After the draft engagement report is issued, the manager of the area that was reviewed is informally interviewed by the engagement supervisor regarding the audit experience. Which of the following is most likely the purpose for this interview?

Options:

A.

Such an interview is performed when there is a need to dismiss an internal auditor

B.

Feedback from the manager will contribute to the audit team ' s professional development

C.

The manager ' s opinion will be used to form the final audit assessment and report rating.

D.

The manager will provide insights into the audited industry ' s trends

Buy Now
Questions 62

According to IIA guidance, which of the following statements is true regarding ISO 31000?

Options:

A.

The key principles approach checks whether each element of the risk management process is in place.

B.

The framework is effective in addressing the organization ' s structure, size, and risk profile but not its culture objectives.

C.

The end point for improving an organization s approach to risk management should be a gap analysis that evaluates any changes.

D.

A combination of the three primary approaches to the framework generally yields the most information despite the complexity

Buy Now
Questions 63

If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable

resolution?

Options:

A.

Politely decline the engagement due to a lack of qualified staff available at the time.

B.

Complete the engagement as requested, with the best of the current staffs abilities.

C.

Consider using employees from other departments in the organization on the audit team.

D.

Change the scope of the testing to ensure that only available staff proficiencies are used

Buy Now
Questions 64

Which of the following best describes why a chief audit executive might obtain the services of a fraud specialist to assist in a major fraud investigation?

Options:

A.

Fraud specialists are better at using computer-assisted audit techniques.

B.

Fraud specialists are better equipped to act as an expert witness in court.

C.

Fraud specialists are better able to properly apply due professional care.

D.

Fraud specialists are better at using crime scene investigation techniques.

Buy Now
Questions 65

With regard to the internal audit activity ' s quality assurance and improvement program, which of the following topics would the chief audit executive include on the quarterly board meeting agenda?

Options:

A.

The scope and frequency of both internal and external quality assessments.

B.

The list of audit engagements that will be assessed during the year.

C.

The number and qualifications of internal audit staff members assigned to perform internal assessments during the year.

D.

The compensation structure of the qualified assessment team.

Buy Now
Questions 66

In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?

Options:

A.

The CAE would need to procure external services to deliver the internal audit assurance program.

B.

There is no expertise within the internal audit team for detecting and investigating fraud.

C.

There is no expertise within the internal audit team for auditing an IT engagement.

D.

There is no available expertise on the internal audit team to perform a consulting engagement

Buy Now
Questions 67

Wi ch of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

Options:

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed the last year

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistieblower hotline.

Buy Now
Questions 68

The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions The CAE was an accounting manager for the organization six months ago How should she respond to the request?

Options:

A.

Decline, if it is consulting engagement because she recently worked in the organization s accounting department

B.

Accept, 11 is an assurance engagement, as she has been out of the department long enough to not impair objectivity.

C.

Inform the accounting department mat me engagement can take place m the future once she has been removed from accounting for a longer period of time.

D.

Accept, it is a consulting engagement with agreed-upon scope and services to be provided by me internal audit activity.

Buy Now
Questions 69

Which of the following indicates that internal audit independence may be compromised?

Options:

A.

The internal auditor maintains a close personal relationship with operational management.

B.

Material observations were intentionally left out of the audit report.

C.

Internal auditors assigned to the audit engagement did not have the knowledge, skills, and competencies needed to perform their responsibilities.

D.

An internal auditor failed to apply professional skepticism while performing audit tests in an area overseen by an experienced, reputable manager

Buy Now
Questions 70

A chief audit executive (CAE) recruited a few new internal auditors to reduce the resource gaps identified in this year ' s internal audit plan. One of the new recruits has several years of experience with the organization. Ten months ago. she served as a senior supervisor in the finance department. However, for the past 10 months, she has been helping the organization with implementing a new IT system. What approach should the CAE take for the upcoming financial statement controls audit?

Options:

A.

Assign the new auditor to assist with conducting the fieldwork. but ensure that her work is reviewed by the CAE.

B.

Assign the new auditor to assist with developing the audit program, but ensure that the audit program is executed by other audit staff.

C.

Ensure that the new auditor ' s previous manager, and other close former coworkers, are excused during the audit.

D.

Ensure that the new auditor is responsible only for the supervisory review, but not the execution of the audit field work.

Buy Now
Questions 71

An internal audit activity is taking steps to promote professional development among the staff, and is in the process of implementing a mentorship program. According to HA guidance, which of the following is important for a successful mentorship program?

Options:

A.

It is best if the mentor is the chief audit executive.

B.

Mentor meeting documentation should be retained in personnel files.

C.

It should target both new hires and highly experienced staff.

D.

Meetings with mentors should be formal and scheduled.

Buy Now
Questions 72

Which of the following best demonstrates that an internal auditor is applying due professional care when planning an assurance engagement?

Options:

A.

Assessing the risk of noncompliance with laws and regulations

B.

Following the policies as prescribed by the internal audit manual.

C.

Advising management of the area under review on how to mitigate internal control risks.

D.

Conducting the engagement on the presupposition that fraud exists.

Buy Now
Questions 73

Which of the following would be most helpful to measure whether an internal audit activity successfully provides risk-based assurance?

Options:

A.

Percentage of highly significant risks covered by internal audit plan.

B.

Percentage of previously unknown risks identified per engagement.

C.

Percentage of internal audit staff skilled in alignment with the organization ' s structure and key risks.

D.

Percentage of observations made in assurance engagements compared to advisory engagements.

Buy Now
Questions 74

Which of the following is most important for an internal auditor to consider when developing an approach for an audit engagement in a foreign country?

Options:

A.

Currency exchange rates, as they relate to internal audit-related expenses.

B.

Differences in typical working hours, compared to other countries.

C.

The effects of subtle language nuances on translations.

D.

Accepted practices that may be illegal in other countries.

Buy Now
Questions 75

Which of the following relates to the concept of due professional care?

Options:

A.

An auditor attempts to obtain information needed to complete an assurance engagement but is denied access.

B.

The appointment of the chief audit executive is ratified by the board.

C.

An auditor demonstrates a good understanding of the steps involved in carrying out a consulting engagement.

D.

The internal audit resource plan is only approved by the chief financial officer.

Buy Now
Questions 76

Which of the following practices is generally most effective to protect internal audit objectivity?

Options:

A.

Ensuring regular documentation of auditor skills and experience in the workpapers.

B.

Basing performance evaluations heavily on customer satisfaction surveys.

C.

Prohibiting auditors from accepting gifts from audit clients or potential clients.

D.

Ensuring that auditors have a balance of both operational and internal audit responsibilities.

Buy Now
Questions 77

An internal auditor is assessing the effectiveness of the organization ' s risk management practices. She checks to see whether risk management is an integral part of decision making and whether risk management is transparent, responsive to change, and addresses uncertainty. According to IIA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?

Options:

A.

Maturity model approach.

B.

Process element approach.

C.

Key principles approach.

D.

Key performance indicators approach.

Buy Now
Questions 78

Internal controls belong to which risk response category?

Options:

A.

Reduction.

B.

Avoidance.

C.

Sharing.

D.

Acceptance.

Buy Now
Questions 79

Which of the following is an indicator that the internal audit activity does not fully conform with the Standards?

Options:

A.

The quality assurance and improvement program identified several opportunities for the internal audit activity to make improvements.

B.

In lieu of an external assessment, the internal audit activity performed a self-assessment with independent external validation.

C.

During an internal quality assessment, it was identified that rotational auditors often perform consulting engagements for areas of the organization where they had previous responsibilities.

D.

External assessments are performed every five years by a competent internal audit team from the organization ' s parent company.

Buy Now
Questions 80

Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?

Options:

A.

Evaluate how the organization manages fraud risk.

B.

Establish procedures for improving risk management processes.

C.

Ensure risk responses are aligned with industry standards.

D.

Verify that organizational objectives are aligned with each department’s objectives.

Buy Now
Questions 81

Which of the following statements about internal audit consulting engagements is true?

Options:

A.

The primary purpose of a consulting engagement is to assess evidence and provide conclusions.

B.

The internal audit activity determines the nature and scope of work for the specific consulting engagement

C.

Internal auditors may provide consulting services relating to operations for which they had previous responsibilities.

D.

It is not appropriate to communicate control issues identified during consulting engagements to the board

Buy Now
Questions 82

Which of the following statements best describes a functional difference between external auditors and internal auditors?

Options:

A.

Internal auditors evaluate past achievements to understand whether controls are operating effectively, and external auditors focus on the accuracy of financial reporting.

B.

Internal auditors provide assurance about the sufficiency of controls to manage risks. Including risks of failure to achieve future goals, and external auditors evaluate the accuracy and understandability of financial reporting.

C.

internal auditors are always employed by the organization, rather than outsourced, and external auditors are never employed by the organization but contracted independently.

D.

Internal auditors are most directly concerned with the detection of fraud, while external auditors are most directly concerned with the prevention of fraud.

Buy Now
Questions 83

Which of the following best describes the risk contained in an initial public offering for a new stock?

Options:

A.

Residual risk.

B.

Net risk.

C.

Inherent risk.

D.

Underlying risk.

Buy Now
Questions 84

In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?

Options:

A.

The effectiveness of process-level and transaction-level controls.

B.

Conflicts of interest within the organizational structure of the senior management.

C.

The alignment of management decisions with the level of risk the organization is willing to accept.

D.

The actions of upper management in response to the internal audit activity ' s reporting

Buy Now
Questions 85

A new internal audit activity is considering the adoption of a risk and control framework. Which of the following is the most appropriate consideration during this process?

Options:

A.

The framework should not be developed by the internal audit activity

B.

The framework should apply to individual projects rather than the organization as a whole

C.

The framework should always be tailored to the organization

D.

The framework should require fewer resources to implement

Buy Now
Questions 86

An organization allows the same individuals to physical access inventory and purchase new assets when supplies are depleted. Which of the following would best help the organization manage the risk of fraud?

Options:

A.

Accounting personnel should regularly perform reconciliation between invoices and purchase orders

B.

Accounting personnel should conduct a periodic inventory count and reconcile inventory movements

C.

internal auditors should review Vie frequency and volume of purchased assets to detect trends in the inventory levels

D.

Management should established a policy requiring new inventory asset purchases to be made on serialized order forms with copies retained

Buy Now
Questions 87

Which of the following situations undermines the independence of the internal audit activity?

Options:

A.

The internal audit activity is responsible for the company ' s risk management function and its head manager reports to the chief audit executive

B.

A senior member of the internal audit activity once worked in the corporate finance department

C.

The organization ' s CEO reviews the internal audit activity ' s annual budget per the organization’s policies and procedures

D.

The internal audit activity often uses management ' s risk profile to build its own risk profile for annual planning

Buy Now
Questions 88

An internal auditor is performing testing to gather evidence regarding an organization’s inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is. The auditor ' s concern best describes which of the following risks?

Options:

A.

incorrect rejection risk

B.

Incorrect acceptance risk.

C.

Tolerable misstatement risk.

D.

Anticipated misstatement risk

Buy Now
Questions 89

Which of the following best demonstrates conformance with IIA standards related to continuing professional development?

Options:

A.

Retaining evidence of training in the form of continuing education credits

B.

Seeking guidance regarding internal audit best practices from The IIA

C.

Retaining supervisory reviews conducted on the basis of the development plan

D.

Giving consideration to certain areas of specialization as part of development planning

Buy Now
Questions 90

A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?

Options:

A.

The annual audit plan.

B.

The audit report.

C.

The annual risk assessment.

D.

The audit charter.

Buy Now
Questions 91

Which of the following is most likely to result in the impairment of independence for the internal audit activity?

Options:

A.

The chief audit executive (CAE) has a dual reporting relationship within the organization.

B.

The CAE performs an audit of a functional area that is also under the CAE ' s oversight.

C.

The CAE has unrestricted access to information throughout the organization and to the board.

D.

The board is involved in decisions to hire or remove the CAE and in drafting and approving an internal audit charter.

Buy Now
Questions 92

Senior management relies on the professional judgment of an internal auditor and uses outcomes of her audit work to make business decisions Which of the following personal qualities displayed by the internal auditor is most likely the foundation for this relationship?

Options:

A.

Integrity

B.

Negotiation skills.

C.

Business acumen

D.

Flexibility

Buy Now
Questions 93

According to IIA guidance which of the following statements is true regarding the internal audit charier?

Options:

A.

The charier should be revised and re-approved whenever a new chief audit executive (CAE) is appointed or at the request of the board

B.

The charier should be re-approved every five years, in conjunction with the external quality assessment

C.

The charier can be revised at the discretion of the CAE whenever 4 is determined that its content no longer supports the achievement of objectives

D.

The charier should be reviewed and resubmitted for board approval annually together with the audit plan

Buy Now
Questions 94

Which of the following organizations is adopting an acceptance technique in terms of its risk response?

Options:

A.

An organization that takes no action in managing the possible exposure to an earthquake.

B.

An organization that opts out of investing in a new region due to volatility in foreign exchange rates.

C.

An organization that takes out insurance policies to protect its property and equipment.

D.

An organization that deploys policies and procedures to guide business activities and practices

Buy Now
Questions 95

Which of the following would decrease or be reduced if an organization establishes and implements excessive internal controls?

Options:

A.

Production cycle time.

B.

Activities that add no value.

C.

Staff productivity.

D.

Complexity of operations.

Buy Now
Questions 96

Which of the following strategies for professional development best demonstrates an internal auditor’s competency ' ?

Options:

A.

Completed education credits

B.

Membership in professional organizations

C.

Subscriptions to sources of relevant professional information

D.

Professional development and training plans

Buy Now
Questions 97

Which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

Options:

A.

The QAIP scope includes assurance work performed by the internal audit activity but not consulting work.

B.

The QAIP verifies conformance with the Definition of Internal Auditing, Code of Ethics, and Standards.

C.

QAIP reports are for internal use primarily and typically are not shared with members outside of the internal audit activity.

D.

QAIPs make a distinction between fully outsourced internal audit activities and in-house internal audit teams, as a different set of criteria is applied for each.

Buy Now
Questions 98

Which principle of the HA Code of Ethics focuses on continuing education and professional development?

Options:

A.

Due professional care

B.

Professionalism

C.

Proficiency

D.

Competency

Buy Now
Questions 99

A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to IIA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

Options:

A.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees

B.

Review the investigation and implement any improvements to the process.

C.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

D.

Determine why the fraud was not detected earlier and design controls to strengthen early detection.

Buy Now
Questions 100

An accounts payable clerk has recently transferred Into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible Which of the following is the best action for the new internal auditor to take?

Options:

A.

If it is an assurance engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

B.

If it is a consulting engagement decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible

C.

If it is a consulting engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

D.

If it is an assurance engagement accept the assignment becausethe chief audit executive had knowledge of the internal auditor ' s previous role when this engagement was assigned

Buy Now
Questions 101

Which of the following is a limitation of detective internal controls in fraud management?

Options:

A.

Implementation costs tend to be higher than the expected benefits.

B.

They tend to be easy for fraudsters to circumvent.

C.

They are not designed to improve efficiency of operations.

D.

They are not effective in preventing fraud.

Buy Now
Questions 102

During a monthly internal audit staff meeting, the chief audit executive (CAE) decided to reinforce the importance of internal audit staff being objective in their work. Which of the following examples would be most appropriate for the CAE to include as part of the meeting presentation?

Options:

A.

Statistical sampling techniques should always be used to pull unbiased sampling for testing.

B.

Fieldwork completed by internal auditors should be appropriately reviewed.

C.

Internal auditors should avoid using the lunch room simultaneously with audit clients.

D.

During the audit review period, there should be no nonaudit dialogues with the audit client.

Buy Now
Questions 103

An audit client who was unsatisfied with the audit report rating called the chief audit executive (CAE) and complained that the internal auditor who performed the audit was biased because his spouse, who worked in the area under review, was on a list of employees to be terminated. Which of the following measures would be most appropriate to prevent this situation from arising?

Options:

A.

Initiating an internal investigation to clarify whether a biased judgment took place.

B.

Requiring the internal auditors to disclose any potential conflicts of interest.

C.

Requiring that the audit client disclose any potential conflicts of interest with the auditor.

D.

Requiring human resources manager to submit all future job applicants ' data in order to identify relatives of auditors.

Buy Now
Questions 104

Which of the following situations is most likely to heighten an internal auditor ' s professional skepticism regarding potential fraud?

Options:

A.

A procurement manager does not have the expected academic credentials for his position.

B.

A salesperson frequently complains about the organization ' s policy on sales commissions.

C.

The accounts payable supervisor has requested advances against her monthly salary on several occasions.

D.

A financial accountant is absent from work frequently due to regular medical procedures.

Buy Now
Questions 105

According to IIA guidance, which of the following is accurate regarding the chief audit executive ' s (CAE ' s) requirement to report the results of quality assessments?

1. The CAE must report the results of external assessments at least annually.

2. The CAE must report the results of ongoing monitoring at least annually.

3. The CAE must report the results of quality assessments to senior management.

4. The CAE must report the results of quality assessments to the board.

Options:

A.

1 and 3 only.

B.

2 and 4 only.

C.

1,2. and 3.

D.

2,3, and 4.

Buy Now
Questions 106

In which of the following ways could stakeholders be engaged in corporate social responsibility efforts?

Options:

A.

Investigation of health and safety incidents.

B.

Auditing of controls and management systems.

C.

Communication of disclosures and external reporting,

D.

Involvement in focus groups and complaint management

Buy Now
Questions 107

A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?

Options:

A.

Low-level audit expertise

B.

Narrow industry experience

C.

MPotential conflict of interest

D.

Weak interpersonal skills

Buy Now
Questions 108

What is the primary reason a chief audit executive should dedicate time and resources to support continuing professional development of internal audit staff?

Options:

A.

To ensure that internal audit staff maintains high overall job satisfaction.

B.

To ensure that internal audit staff acquired continuing professional education credits timely.

C.

To ensure that top risks are mitigated to an acceptance level.

D.

To ensure that internal audit staff have the competency to address high-priority risks.

Buy Now
Questions 109

An organization employs ongoing monitoring and is considering implementing periodic evaluations to assess the continuing effectiveness of its risk management process. Which of the following statements Is true with regard to such periodic evaluations?

Options:

A.

Periodic evaluations are considered to be less objective than ongoing monitoring.

B.

Periodic evaluations can be more effective than ongoing monitoring.

C.

Periodic evaluation frequency may depend on the results of ongoing monitoring.

D.

Periodic evaluations frequently identify problems more quickly than ongoing monitoring.

Buy Now
Questions 110

Which of the following statements is the most appropriate example of the internal audit activity exercising due professional care during an audit of the payroll department?

Options:

A.

Internal auditors ensure that the work program is appropriately designed in order to identify all of the risks surrounding the payroll process.

B.

Internal auditors determine whether the policies, procedures, and practices of the payroll department are operating in accordance with relevant laws.

C.

Internal auditors verify whether the board of directors has implemented effective internal controls over the processes used by the payroll department.

D.

Internal auditors ask the organization ' s risk manager to determine whether the degree of work planned is sufficient to determine whether payroll payments were complete and accurate.

Buy Now
Questions 111

The board requested the chief audit executive (CAE) to provide consulting services for a new systems implementation project Which of the following statements is true regarding this scenario?

Options:

A.

The CAE should avoid making decisions on risk responses within risk management processes.

B.

The CAE may only provide consulting and not assurance services in risk management processes

C.

The CAE may manage the project risks on behalf of management in this particular situation

D.

The CAE should avoid giving assurance on risk management processes in this particular situation

Buy Now
Questions 112

Which of the following is an example of a detective control?

Options:

A.

Automatic shut-off valve.

B.

Auto-correct software functionality.

C.

Confirmation with suppliers and vendors.

D.

Safety instructions.

Buy Now
Questions 113

The internal audit activity was asked to conduct an investigation for potential fraud in the treasury department and subsequently contracted with a forensic accountant to join the team for the engagement. Which of the following parties has the primary responsibility for resolving any fraud incidents found as a result of this investigation?

Options:

A.

Chief audit executive.

B.

Senior management.

C.

The forensic accountant.

D.

The legal department.

Buy Now
Questions 114

Which of the following is an example of risk monitoring to ensure a system is performing as intended?

Options:

A.

Checking the progress of risk treatment plans

B.

Considering the consequence and likelihood of risks

C.

Documenting the risks and their areas of impact

D.

Communicating to management about risks

Buy Now
Questions 115

An internal auditor believes that a weakness exists in the control environment relating to the delegation of authority and responsibility within the management structure. Which of the following actions should the internal auditor first consider in this matter?

Options:

A.

Recommend a control change and obtain management support.

B.

Evaluate the potential Impact on related controls.

C.

Address the risk with senior management and the board.

D.

Develop and communicate the scope and evaluation criteria to be used by management.

Buy Now
Questions 116

Which of the following requests, if accepted by the internal audit activity, would impair its independence?

Options:

A.

A request to develop workshops on corporate governance for management.

B.

A request to act as liaison with external auditors.

C.

A request to determine appropriate risk management responses for management.

D.

A request to provide counseling services on ethical matters.

Buy Now
Questions 117

According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?

1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.

2. Ability to provide relevant advice and recommendations to management and the board.

3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.

4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.

Options:

A.

1 and 4 only.

B.

1, 2, and 3 only.

C.

1, 2, and 4 only.

D.

2, 3. and 4 only

Buy Now
Questions 118

The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?

Options:

A.

Audits of risk management and compliance functions should be overseen by a competent external assurance provider

B.

Audits of risk management and compliance functions should be overseen by a senior audit manager within the internal audit activity other than the CAE

C.

Audits of risk management and compliance functions should be conducted by internal auditors under the supervision of management from both functions

D.

Audits of risk management and compliance functions should be earned out by a team of the most experienced auditors overseen by the CAE

Buy Now
Questions 119

What is an appropriate first step in an internal auditor’s fraud risk assessment to evaluate how the organization manages such risk?

Options:

A.

Develop preventive and detective controls

B.

Identify potential fraud scenarios

C.

Assess the impact and likelihood of fraud risks

D.

Determine fraud risk responses

Buy Now
Questions 120

Who is responsible for setting the risk appetite?

Options:

A.

External auditors.

B.

Chief risk officer.

C.

Operations management.

D.

Board of directors.

Buy Now
Questions 121

Which of the following activities would an internal auditor perform as a consulting engagement for an organization?

Options:

A.

Advising new internal auditors working for the organization on how to develop strategies on planning audits for the upcoming fiscal year

B.

Assessing whether the organization ' s corporate social responsibility program is meeting its yearly goals to reduce carbon emissions.

C.

Briefing the organization ' s department managers on how to implement risk management processes into their daily operations.

D.

Communicating with senior management to better understand how new purchasing controls will minimize payment processing time.

Buy Now
Questions 122

Which of the following actions would best help the internal audit activity promote continuous improvement in control effectiveness within the organization?

Options:

A.

Determining whether management measures and monitors the costs and benefits of controls.

B.

Providing training on controls and ongoing self-monitoring processes.

C.

Developing flowcharts to obtain information about control design adequacy.

D.

Identifying objectives and the risks involved in achieving them.

Buy Now
Questions 123

According to IIA guidance, which of the following statements is true regarding risk management in an organization?

Options:

A.

The risk management function has the sole responsibility for identifying and managing risks in all departments

B.

Risk management is a core responsibility of the internal audit activity

C.

The internal audit activity should consider the organization’s maturity, structure, and the competitive environment to establish the organization’s risk appetite

D.

The internal audit activity may use a risk management or control framework to assist in risk identification

Buy Now
Questions 124

Which of the following is a consulting service the internal audit activity can perform with respect to the organization ' s risk management?

Options:

A.

Delivering assurance on the risk management system

B.

Facilitating risk assessment workshops

C.

Evaluating principal risk reporting

D.

Deciding on the appropriate risk response

Buy Now
Questions 125

Which of the following procedures will best help an internal auditor assess operating effectiveness of fraud prevention and detection controls?

Options:

A.

Benchmarking best practices

B.

Testing,

C.

Mapping,

D.

Interviewing

Buy Now
Questions 126

According to IIA guidance, which of the following statements is true regarding consulting engagements performed by the internal audit activity?

Options:

A.

Consulting engagements typically involve four or five parties: the internal audit activity, engagement client, senior management, board, and sometimes the external auditor.

B.

The scope of a consulting engagement is determined by either the engagement supervisor or chief audit executive, and it is finalized prior to beginning fieldwork.

C.

According to the Standards, internal auditors are permitted to carry out certain management functions during a consulting engagement.

D.

A preliminary risk assessment may not be needed for consulting engagements, because the expectations and objectives of the engagement are determined by the engagement client.

Buy Now
Questions 127

Which documents would help a forensic auditor identify instances of collusion between an employee and vendor to defraud the organization?

Options:

A.

Email correspondence.

B.

Payment request forms.

C.

Vendor invoices.

D.

Bank statements.

Buy Now
Questions 128

Which of the following best demonstrates organizational independence of the internal audit activity?

Options:

A.

The chief audit executive (CAE) reports functionally to the CEO.

B.

The CAE ' s compensation is approved by the chief financial officer.

C.

The CAE ' s appointment Is determined by the CEO

D.

The CAE reports administratively to the chief operating officer.

Buy Now
Questions 129

Which of the following would a chief audit executive most likely use to identify a need for improvement in a staff internal auditor ' s business acumen?

Options:

A.

A quality assessment review.

B.

An internal audit client survey.

C.

A control self-assessment.

D.

A peer review of the internal audit activity.

Buy Now
Questions 130

An internal auditor extended the scope of testing for a disbursements engagement following a fraud risk assessment Despite the investment of additional audit resources no significant issues were found Unfortunately a major payment fraud was discovered several

months later According to IIA guidance which of the following statements is true regarding the internal auditor ' s application of due professional care?

Options:

A.

Due professional care was not applied because no additional work should have been performed unless there was actual evidence of fraud

B.

Due professional care was not applied because the extended scope resulted in no issues being identified, while fraud actually existed

C.

Due professional care was applied as the internal auditor modified the scope based on reasonable judgment, despite the additional cost of resources

D.

Due professional care was applied as the cost of audit resources should not be a determining factor in the degree of testing undertaken

Buy Now
Questions 131

Which of the following approaches will internal audit utilize when developing a set of performance standards to measure an organization’s risk management process against?

Options:

A.

Key principles approach

B.

Process elements approach

C.

Holistic approach

D.

Maturity model approach

Buy Now
Questions 132

Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?

Options:

A.

Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions.

B.

The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff.

C.

Security cameras that monitor cash handling at the register are not functioning.

D.

The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff

Buy Now
Questions 133

Which of the following statements is true regarding organizational independence of the internal audit activity (IAA)?

Options:

A.

Reporting to a higher level within the organization reduces the potential scope of engagements that can be undertaken by the IAA.

B.

The benefit of the IAA ' s organizational independence is realized primarily via reduced costs for the external auditor.

C.

Independence is impaired when the scope of the IAA is subject to changes required by senior management.

D.

Inadequate organizational independence can result in the chief audit executive being able to fire staff without consulting the audit committee.

Buy Now
Questions 134

During the closing meeting of a procurement audit, the business manager disagrees with the observation presented by the engagement supervisor and accuses the team of not understanding the procurement objectives The engagement supervisor blames the manager for impeding the audit What skillset should the chief audit executive utilize to manage this situation?

Options:

A.

The ability to negotiate

B.

The ability to use analytical tools

C.

The ability to foresee issues

D.

The ability to manage conflict

Buy Now
Questions 135

To encourage internal audit objectivity, which of the following is an appropriate policy the chief audit executive should establish?

Options:

A.

Internal auditors should report their audit findings directly to the audit committee.

B.

To receive an outstanding performance rating, internal auditors are required to generate audit findings.

C.

Prior to hiring a new internal auditor, the chief audit executive must determine whether the auditor owns stock in the organization.

D.

Internal auditors are permitted to audit an entity managed by a close friend or relative, as long as they notify the chief audit executive.

Buy Now
Questions 136

To comply with the proficiency standard, which of the following would the chief audit executive likely consider as the primary hiring criterion when choosing a new internal auditor?

Options:

A.

The auditor ' s demonstrated problem-solving skills.

B.

The auditor ' s skills compared to those already possessed by other audit staff.

C.

The auditor ' s ability to be self-motivated and a good team player.

D.

The length and consistency of the auditor ' s work experience.

Buy Now
Questions 137

Which of the following best demonstrates internal auditors performing their work with proficiency?

Options:

A.

Internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA’s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Buy Now
Questions 138

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

A description of their job responsibilities,

Options:

A.

A non-disclosure agreement.

B.

An annual declaration of commitment to

C.

The IIA s Code of Ethics.

D.

The internal audit charter.

Buy Now
Questions 139

According to IIA guidance, which of the following is true of the internal audit activity’s quality assurance and improvement program?

1 Monitoring the internal audit activity’s performance must be ongoing

2 All aspects of the internal audit activity should be evaluated

3 The requirement for external assessments can be satisfied through self-assessments that are validated by an independent external party

4 The review of assurance services should be the primary focus

Options:

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2 and 3

D.

1 3 and 4

Buy Now
Questions 140

Which of the following is most likely to be considered a control weakness?

Options:

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms.

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent.

Buy Now
Questions 141

Which of the following options describes the reason that conformance with The IIA ' s Code of Ethics is mandatory for internal auditors?

Options:

A.

Ethical compliance provides the basis for stakeholder confidence in the competence of the internal audit activity and of professional internal auditors.

B.

Ethical compliance is necessary for internal auditors and the internal audit activity to accept responsibility for providing g absolute assurance about the organization ' s risk management.

C.

Ethical compliance provides the basis for stakeholder trust and confidence in the validity of the profession of internal auditing and the internal audit activity ' s findings.

D.

The internal audit activity ' s ethical compliance sets the tone for the ethical compliance by the organization ' s board, management, and employees.

Buy Now
Questions 142

During fieldwork, an internal auditor located a significant internal control issue. Without identifying the origins of the issue, the auditor concluded the engagement and included the issue in the final audit report. To enhance audit quality, which of the following skills should the internal auditor improve?

Options:

A.

Business acumen.

B.

Critical thinking.

C.

Communication.

D.

Audit report writing.

Buy Now
Questions 143

Which of the following Code of Ethics principles specifically requires internal auditors to disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review?

Options:

A.

Confidentiality.

B.

Transparency.

C.

Integrity.

D.

Objectivity.

Buy Now
Questions 144

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls?

Options:

A.

Mitigating risks affecting achievement of organizational objectives.

B.

Enabling opportunities affecting achievement of organizational objectives.

C.

Analyzing and advising regarding costs versus benefits of control activities,

D.

Attesting to fairness of financial statements.

Buy Now
Questions 145

Which of the following is a detective control strategy against fraud?

Options:

A.

Requiring employees to attend ethics training.

B.

Performing background checks on employees.

C.

Implementing a control self-assessment.

D.

Performing a surprise audit

Buy Now
Questions 146

According to IIA guidance, which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

Options:

A.

Internal assessments rely solely on the review of completed audit engagements for demonstrated performance.

B.

The chief audit executive is responsible for assessing the suitability and competence of an external assessor.

C.

QAIP results must first be discussed with the board and approval obtained for distribution to senior management.

D.

At the board ' s discretion, the frequency of external assessments can exceed the five-year guideline.

Buy Now
Questions 147

Which of the following statements is true regarding intangible assets?

Options:

A.

The amortization period of an intangible asset cannot exceed 20 years.

B.

The cost intangible assets with indefinite lives should be amortized.

C.

Intangible assets are categorized as having either a limited life or an indefinite life.

D.

Companies should record intangible assets at fair market value

Buy Now
Questions 148

In which of the following situations may the internal audit activity report conformance with the Standards?

Options:

A.

An internal audit activity has been in existence at least five years and has not completed an external assessment,

B.

An internal auditor was assigned to an audit engagement but did not meet individual objectivity requirements.

C.

The internal audit activity prepared an internal audit plan that was not risk-based.

D.

The internal audit activity has been in existence fewer than five years, but periodic self-assessments were conducted.

Buy Now
Questions 149

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

Options:

A.

ISO 26000.

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework

Buy Now
Questions 150

A manufacturer of power tools is experiencing regular fluctuations in the price of electrical power which is having a serious impact on the bottom line. Which of the following would be the most effective risk strategy to reduce the impact of these fluctuations?

Options:

A.

Use an average cost for power to smooth the bottom line.

B.

Analyze the amount of power used to produce each power tool.

C.

Review the current process to identify opportunities to reduce power usage.

D.

Use a forward contract for bulk power purchases

Buy Now
Questions 151

During a procurement process audit the internal audit activity undertakes a fraud risk assessment and considers a range of possible fraud scenarios within the process. Which of the following scenarios constitutes a pressure to commit fraud?

Options:

A.

An employee believes his poor compensation package justifies engaging in unethical behavior.

B.

The head of the department is the only signatory to purchase orders issued to third party contractors.

C.

Some employees strongly believe monetary gifts from vendors is a means of saving for life after employment.

D.

One of the employees was found to have an obsession with expensive jewelry

Buy Now
Questions 152

Which of the following needs to be established prior to undertaking an assessment of the quality assurance and improvement program?

Options:

A.

Department performance standards.

B.

Remediation timeframes.

C.

Nonconformance disclosures.

D.

External assessment resources

Buy Now
Questions 153

An internal auditor has documented several instances in which management asked employees to ad against the policies and procedures. Which of the following is the most appropriate next step?

Options:

A.

Report the non-compliance cases to the board of directors.

B.

Recommend that management update its policies and procedures based on the circumstances.

C.

Investigate the rationale for management ' s actions.

D.

Recommend those employees to report the cases through the designed whistleblowing channel for the appropriate treatment.

Buy Now
Questions 154

During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company ' s expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?

Options:

A.

Skills in evaluating the risk of fraud.

B.

Knowledge of key IT risks and controls

C.

Soft skills such as communication and negotiation.

D.

Knowledge and understanding of the company ' s expenses policy

Buy Now
Questions 155

Which of the following scenarios would cause a chief audit executive (CAE) to immediately discontinue using any statements that would indicate conformance with the Standards in an audit report?

Options:

A.

The internal audit activity used a risk-based approach to create the internal audit plan.

B.

The engagement supervisor considered requests from senior management regarding engagements to include in the internal audit plan.

C.

The CAE only accepted engagements that the internal audit activity collectively had the knowledge to perform.

D.

The area under review restricted the internal audit activity ' s ability to access records, impacting the audit results.

Buy Now
Questions 156

Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?

Options:

A.

The risk of collusion between parties.

B.

The risk of falsified reconciliations.

C.

The risk of low-liquidity inventory.

D.

The risk of damages to the inventory.

Buy Now
Questions 157

Upon completion of an external quality assessment, which of the following would the chief audit executive be required to report to the board?

Options:

A.

The total time spent to accomplish the external assessment

B.

The detailed evaluation results of the external assessment

C.

The competency and independence of the external assessment team

D.

The timetable and schedule of the next external assessment

Buy Now
Questions 158

According to the IIA Code of Ethics, which of the following best describes the conduct of an internal auditor who demonstrates the principle of competency?

Options:

A.

The auditor is prudent in the use and protection of information acquired in the course of his work.

B.

The auditor does not accept anything that may impair or be presumed to impair his professional judgment.

C.

The auditor does not perform services in a particular area when he lacks skills in that area.

D.

The auditor performs work with honesty, diligence, and responsibility.

Buy Now
Questions 159

Which of the following statements is true regarding organizational culture and an audit of the control environment?

Options:

A.

For multinational organizations it is important to ensure that the organizational culture is consistent at all locations

B.

Because the chief audit executive (CAE) is part of the organizational culture, external auditors should be engaged to evaluate the control environment

C.

If there are unresolved scope restrictions, the CAE should consider whether to pursue the audit and note the scope restrictions in the audit report

D.

Because it will create a conflict of interest relating to the control environment, senior management should not be consulted during the audit

Buy Now
Questions 160

A series of incidents over the past year reveals several members of senior management possess a limited understanding of the concept and impact of fraud. Which of the following would be the most effective way to approach this issue?

Options:

A.

The board should ask the internal audit activity to perform additional assurance engagements.

B.

A comprehensive fraud risk assessment and management program should be carried out.

C.

The organization should conduct training sessions on fraud, which should be attended by senior management and staff.

D.

Anti-fraud and whistleblowing policies should be implemented and their importance should be clearly stated.

Buy Now
Questions 161

Which of the followIng would permit an internal audit activity to use the statement " conducted m conformance with the International Standards for the Professional Practice of Internal Auditing m audit reports?

Options:

A.

The result of a quality assurance and improvement program confirm there are no material issues.

B.

Engagement workpapers are retained by the internet audit activity according to the retention and deletion policy.

C.

The internal audit activity receives positive feedback from the managers of the areas that were under review.

D.

internal auditors demonstrate proficiency by maintaining professional internal audit certifications

Buy Now
Questions 162

Which of the following statements would typically be included in the responsibility section of the internal audit charter?

Options:

A.

The internal audit activity will have free and unrestricted access to the chief executive officer, audit committee, and chairman of the board of directors.

B.

The internal audit activity shall develop a flexible audit plan, based on a risk assessment conducted at least annually and taking into consideration the risks or control concerns identified by management, and shall submit the plan to the board for approval.

C.

The chief audit executive shall obtain the necessary assistance of personnel in areas where audits are performed, as well as specialized services within or outside of the organization.

D.

The internal audit activity will not implement controls, develop procedures, install systems, prepare records, or engage in activities that may impair internal auditors’ judgments.

Buy Now
Questions 163

Which of the following best describes why a chief audit executive might obtain the services of a fraud specialist to assist in a major fraud investigation ' ?

Options:

A.

Fraud specialists are better at using computer-assisted audit techniques

B.

Fraud specialists are better equipped to act as an expert witness in court

C.

Fraud specialists are better able to properly apply due professional care

D.

Fraud specialists are better at using crime scene investigation techniques

Buy Now
Questions 164

Nearing the completion of fieldwork, an internal auditor shared the draft report findings with management prior to the closing meeting. During the closing meeting, management expressed dissatisfaction in that they were not familiar with some of the findings. Management also noted that some aspects of the report seemed confusing. Which of the following competencies appears to have been lacking in this scenario?

Options:

A.

Communication.

B.

Business acumen.

C.

Persuasion.

D.

Critical thinking.

Buy Now
Questions 165

Which of the following statements is true regarding occupational fraud?

Options:

A.

An employee who diverts the organization ' s purchases for personal use is demonstrating asset misappropriation

B.

An employee who intentionally omits negative information in the financial statement disclosures is demonstrating an example of corruption

C.

An employee who made an error in estimating losses may have committed fraud even if the error was not intentional

D.

An employee who creates a denial of service in the organization’s computer systems is committing asset misappropriation

Buy Now
Questions 166

Which of the following is part of a fraud detection program?

Options:

A.

Whistleblower hotline.

B.

Authority limits.

C.

Background investigations

D.

Evaluation of compensation programs.

Buy Now
Questions 167

During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management ' s request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?

Options:

A.

Assurance services

B.

Blended services

C.

Consulting services

D.

Prohibited services

Buy Now
Questions 168

Which of the following best demonstrates the authority of the internal audit activity?

Options:

A.

Suggesting alternatives to decision makers.

B.

Improving the integrity of information.

C.

Determining the scope of internal audit services

D.

Achieving engagement objectives.

Buy Now
Questions 169

The results of an assessment of the adequacy of controls would be considered incomplete or misleading unless the internal auditor considers which of the following?

Options:

A.

Number of mitigating controls.

B.

Effectiveness of the control environment

C.

Use of computer-assisted auditing techniques.

D.

IT security controls

Buy Now
Questions 170

An internal auditor believes that a weakness exists in the control environment relating to the delegation of authority and responsibility within the management structure. Which of the following actions should the internal auditor first consider in this matter?

Options:

A.

Recommend a control change and obtain management support

B.

Evaluate the potential impact on related controls

C.

Address the risk with senior management and the board

D.

Develop and communicate the scope and evaluation criteria to be used by management

Buy Now
Questions 171

Which of the following statements best represents the duo professional care that is required of internal auditor’s?

Options:

A.

Internal auditors should perform assurance procedures to ensure that all significant risks are identified.

B.

Internal auditor should not perform consulting engagements for operations for which they had previous responsibilities.

C.

Internal auditors should consider the cost of assurance in relation to the potential benefits.

D.

Internal auditors should device internal audit programs to confirm that the results are accurate.

Buy Now
Questions 172

The chief audit executive (CAE) of a new internal audit activity is creating an internal audit charter According to IIA guidance, which of the following terms is most likely to

be included in the charter?

Options:

A.

Senior management will be present whenever the CAE interacts with the board, to ensure effective communication among all three parties.

B.

Internal auditors will advise on the design of control policies and procedures in any area where the organization does not possess the requisite expertise,

C.

Internal auditors will demonstrate competence, concern, and the dedication expected of a professional,

D.

Internal auditors will receive performance-based compensation, including bonuses for reporting more than a stipulated number of observations.

Buy Now
Questions 173

A significant number of employees expressed concerns of a hostile work environment within a large manufacturing plant, which is in contrast to the organization ' s stated culture of tolerance and open communication. Which of the following approaches would be most effective for an internal auditor to assess whether the organization supports a culture of tolerance and open communication?

Options:

A.

Assess plant employees ' social media activity for specific messages related to tolerance and open communication

B.

Compare plant employees’ compensation and benefits with those at similar sized organizations that have a stated culture of tolerance and open communication.

C.

Evaluate organization policies and procedures for references related to encouraging tolerance and open communication.

D.

Conduct a meeting with all plant employees and management to discuss tolerance and open communication

Buy Now
Questions 174

Which of the following should the internal audit activity establish to ensure auditors develop the appropriate skills for conducting audits?

Options:

A.

An audit charter that includes the internal audit activity mission and vision

B.

A policy encouraging audit staff to earn certifications

C.

A quality assurance and improvement program to address audit risk areas

D.

An internal audit plan that links engagements to strategic objectives

Buy Now
Questions 175

According to IIA guidance, an internal audit charter should detail which of the following?

Options:

A.

The objectives and goals of management

B.

The process used by the CAE to manage the organization ' s internal controls

C.

The nature of services that the internal audit activity will provide to external third parties

D.

The responsibilities of the audit committee

Buy Now
Questions 176

When performing an audit of the risk management process an auditor makes the observations listed below. Which poses the greatest risk to the organization?

Options:

A.

The identified risks have not undergone a detailed review to ensure completeness in the past two years.

B.

The controls in place to mitigate the risks are not tested on an annual basis to confirm operating effectiveness.

C.

The process in place to identify and evaluate new risks to the organization is informal and poorly documented.

D.

The identified risks have not been ranked to establish their importance and risk management priority.

Buy Now
Questions 177

According to The IIA’s Code of Ethics, which of the following statements is true?

Options:

A.

When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value.

B.

When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity.

C.

When an internal auditor disagrees with the treatment received by workers in the organization’s foreign subsidiary and alters the audit program to highlight the issue, the fails to demonstrate objectivity.

D.

When an internal auditor continues with an audit engagement, despite the audit client’s claims that the work performed is unnecessary and redundant, he fails to demonstrate competency.

Buy Now
Questions 178

Which of the following best describes the risk created when a manager bypasses organizational policies and procedures in order to meet an organization’s objective?

Options:

A.

Accountability/reward risk.

B.

Monitoring failure risk.

C.

Communication failure risk.

D.

Knowledge/skills risk

Buy Now
Questions 179

Which of the following documents would promote objectivity within an organization ' s internal audit activity?

Options:

A.

Internal audit charter.

B.

Internal audit manual.

C.

Audit committee charter

D.

Human resources employee handbook.

Buy Now
Questions 180

According to IIA guidance, which of the following would be included in an internal audit charter to help establish the authority of the internal audit activity?

Options:

A.

Outline expectations for communicating the results of all aspects of the internal audit activity.

B.

Declare the internal audit activity’s accountability for safeguarding assets and confidentiality.

C.

Document the chief audit executive’s (CAE ' s) reporting line

D.

Document agreement between the CAE and the individual to whom the CAE reports

Buy Now
Questions 181

While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company ' s engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?

Options:

A.

Include the engineering department on the audit plan, use the available internal audit resources to conduct the review, and exclude procedures that cannot be adequately assessed.

B.

Advise management to accept the assessed risk until the internal auditors are able to review the area adequately.

C.

Recruit internal auditors with the required competencies and wait until they are employed before including this audit on the internal audit plan.

D.

Proceed with a review of the engineering department but supplement the internal audit team with nonauditors from an external engineering company who have the required skills to assist

Buy Now
Questions 182

According to IIA guidance, which of the following conditions would enhance the independence of the internal audit activity?

Options:

A.

The organizational culture rewards critical and objective thinking.

B.

The quality of work performed by the internal audit activity is periodically reviewed.

C.

The organization establishes effective governing body oversight.

D.

Audit assignments are rotated among internal audit staff.

Buy Now
Questions 183

A technology company recently hired an entry-level internal auditor. To achieve conformance with the Standards, which of the following must the newly hired internal auditor possess?

Options:

A.

An understanding of fraud and fraud risk.

B.

IT audit expertise.

C.

Industry-specific knowledge

D.

At least one audit-related certification

Buy Now
Questions 184

According to NA guidance, which of the following provides the best evidence of conformance with the Standards with respect to the proficiency required of the internal audit activity?

Options:

A.

Discussions with the chief audit executive.

B.

A listing of employee profiles and certifications.

C.

Inquiry of external auditors.

D.

Validation by human resources.

Buy Now
Questions 185

Which of the following would be considered a primary control to reduce the risk associated with setting up duplicate vendors?

Options:

A.

Receipt of a signed and approved vendor setup form.

B.

Segregation of duties between setting up vendors and making vendor payments.

C.

System validation and edit checks on vendor identification number

D.

A vendor setup policy and procedure.

Buy Now
Questions 186

IT management requires all employees in the IT department to attend annual training on the department’s mission values and key performance measures This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge’s kills gap

B.

Monitoring gap

C.

Accountability/reward failure

D.

Communication failure

Buy Now
Questions 187

An internal auditor believes that the internal audit activity ' s independence is impaired. Which of the following actions should the internal auditor take first?

Options:

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Buy Now
Questions 188

Which of the following statements is true with regard to services provided by the internal audit activity?

Options:

A.

For consulting engagements, internal auditors do not need to be alert to control issues.

B.

Assurance and consulting services have similar objectives.

C.

Internal auditors may not perform assurance and consulting roles at the same time.

D.

Both assurance and consulting engagements require a final engagement report

Buy Now
Questions 189

An internal auditor has suspicions that some fictitious vendors have been created in the organization ' s computer system. Which of the following would be the best technique to detect this fraud?

Options:

A.

Review for duplicate invoice numbers, duplicate dates, and duplicate amounts

B.

Run checks to find matches between vendor and employee addresses

C.

Check for recurring requests for refunds where invoices are paid twice

D.

Review for unexplained increases in inventory

Buy Now
Questions 190

Which of the following is an example of the chief audit executive (CAE) demonstrating due professional care?

Options:

A.

The CAE relies on CAEs in other organizations to understand how due professional care should be executed in her internal audit activity

B.

The CAE meets with the board of directors on a quarterly basis to provide a status update.

C.

The CAE assesses the audit staff ' s knowledge and skills annually to determine whether additional resources are needed to fulfill the internal audit plan.

D.

The CAE provides absolute assurance to line management during each eternal audit engagement

Buy Now
Questions 191

An internal auditor creates a professional development plan to obtain more experience in the organization ' s environmental, social, and corporate governance initiatives. Which of the following would the auditor include in the plan to support these objectives?

Options:

A.

A plan to study for and obtain a certification in nonprofit management.

B.

A deadline within the individual development plan to meet the overall engagement objectives.

C.

A plan to perform a variety of engagements to develop general skills that could be used to assess environmental, social, and governance initiatives.

D.

A request to attend the organization ' s committee meeting that is focused on strategic community awareness.

Buy Now
Questions 192

When the chief audit executive Is responsible for risk management in an organization, which of the following parties is responsible for overseeing the internal audit activity ' s assurance over risk management?

Options:

A.

The chief audit executive.

B.

A member of the compliance function.

C.

A party outside of the internal audit activity.

D.

A member of the risk management function.

Buy Now
Questions 193

Which of the following is the best way for an internal auditor to demonstrate due professional care?

Options:

A.

Conduct an audit to the same extent that another prudent auditor would under similar circumstances

B.

Seek feedback from the engagement supervisor during the engagement

C.

Execute internal audit work in such a manner as to provide absolute assurance of compliance

D.

Request and receive client feedback surveys during the engagement

Buy Now
Questions 194

Which of the following tests would most likely help discover a fictitious invoice?

Options:

A.

Compare vendor addresses to employee addresses.

B.

Match cancelled checks to invoices.

C.

Search for duplicate payment amounts.

D.

Check employee bank records against invoice amounts.

Buy Now
Questions 195

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

Options:

A.

Leadership.

B.

Documentation.

C.

Analysis.

D.

Reporting.

Buy Now
Questions 196

Which of the following represents an example of an ethical issue that the organization should address ' ?

Options:

A.

An employee discovered that there is no personal protective equipment at a temporary construction site

B.

An employee saw that a group of other employees were smoking in close proximity to petrol distribution tanks

C.

A supervisor insists that an employee complete time sheets regularly

D.

An employee received concert tickets from a vendor and asked whether she could keep them

Buy Now
Questions 197

According to IIA guidance, which of the following training methods is considered most effective in assisting new entry-level internal auditors in achieving competence with internal audit practices in the workplace?

Options:

A.

Pursuance of an internal audit certification.

B.

Enrollment in internal audit practice webinars.

C.

Attendance of internal audit workshops.

D.

Involvement in a variety of audit assignments.

Buy Now
Questions 198

Which of the following is an indicator that an organization ' s risk management processes are effective?

Options:

A.

Departmental objectives are managed by department heads and are independent of the organization ' s mission.

B.

Organization wide mechanisms exist to enable the identification and assessment of all significant risks.

C.

Department heads have the autonomy to determine risk responses that fall outside of the organizations risk appetite

D.

Relevant risk information is captured and communicated primarily between management and the board

Buy Now
Questions 199

An internal auditor discovered that a former colleague from the internal audit activity now works in a junior position in a department scheduled for an upcoming audit. How can the auditor best ensure his objectivity for this engagement?

Options:

A.

Recommend mat the chief audit executive outsource the upcoming audit engagement

B.

Proceed with the audit engagement in accordance with the internal audit manual

C.

Increase the amount of fieldwork in order to build greater credibility for audit conclusions

D.

Declare a conflict of interest and hand over the engagement to another auditor

Buy Now
Questions 200

Which of the following fraud prevention measures is most likely to trigger undesired adverse behavior if improperly designed?

Options:

A.

Disclosure of outside business activities

B.

Ethics training programs

C.

Compensation programs

D.

Exit interviews

Buy Now
Questions 201

According to IIA guidance, which of the following is the primary reason the chief audit executive discusses the internal audit charter with senior management and the board?

Options:

A.

To provide guidance and solicit feedback on managing the internal audit activity as expected by various stakeholders.

B.

To provide an understanding of the Mission of Internal Audit and The IIA ' s mandatory guidance elements.

C.

To provide an update on the internal audit activity ' s quality of engagement supervision.

D.

To provide information on existing internal audit planning, changes to the internal audit plan, and the rationale for the changes

Buy Now
Questions 202

A senior executive at a government-owned organization received an invitation to attend a public exhibition where he can learn about new trucks relevant to the organization ' s business. As a special perk, the executive is offered an opportunity to drive a luxury vehicle manufactured by one of the exhibiting companies. Prior to the event, the executive asked for the chief audit executive s (CAE’s) advice. What should the CAE recommend as the most appropriate course of action for the executive?

Options:

A.

Attend the event, but decline the offer to use the luxury vehicle

B.

Decline the invitation to the exhibition.

C.

Ask the board to decide on the issue.

D.

Select a lower-level employee to enjoy the luxury vehicle instead

Buy Now
Questions 203

An organization ' s operations management is aware of existing internal control deficiencies but they lack the competency to execute internal control measures. Which of the following actions if taken by the internal audit activity is appropriate to assist operating management in achieving continuous improvement on internal controls?

Options:

A.

Foster the importance of the control environment

B.

Provide training on controls and on self-monitoring processes

C.

Recommend installing an enterprisewide risk management system.

D.

Conduct more assurance assignments on high risk areas

Buy Now
Questions 204

A financial services organization ' s board is assessing increased regulations and its effect on current industry lending practices. Which of the following committees would help the board identify and assess the effects of the increased regulations?

Options:

A.

Quality committee.

B.

Audit committee.

C.

Risk committee.

D.

Governance committee.

Buy Now
Questions 205

Management decided to post the organization ' s newly established code of conduct on its website. This decision is primarily intended to mitigate which of the following risks?

Options:

A.

Accountability risk.

B.

Communication risk.

C.

Knowledge risk.

D.

Cultural risk.

Buy Now
Questions 206

According to IIA guidance, which of the following is most critical to ensuring that an organization ' s risk management program remains effective over time?

Options:

A.

Ensuring a fully executed assurance role for the internal audit activity.

B.

Conducting risk evaluations that include ranking the relative importance of each risk.

C.

Establishing a risk management function and appointing a chief risk officer.

D.

Conducting a combination of ongoing risk reviews and individual evaluations.

Buy Now
Questions 207

An existing Internal audit charter is currently under review for revision. Who is responsible for assuring that all required components are included?

Options:

A.

The audit committee.

B.

The head of legal and compliance.

C.

The chief audit executive.

D.

Senior management.

Buy Now
Questions 208

Which of the following is a true statement regarding controls such as ethical values, tone at the top and operational style?

Options:

A.

Transaction testing, mapping and flowcharting is applicable while testing such controls

B.

Breakdowns in the these types of controls have historically led to fraudulent financial reporting

C.

Such controls can be defined as inherently ob)ective and tangible elements of control

D.

From an audit perspective it is significantly easier to assess ethical values than segregation of duties

Buy Now
Questions 209

Which of the following activities would breach the principles of The IIA ' s Code of Ethics?

Options:

A.

The internal auditor is keeping personal notes from an engagement conducted on the organization ' s information system security for future use.

B.

The internal auditor is performing an engagement of the purchasing department where he used to work five years ago.

C.

The internal auditor is using information from a recent engagement to assist with a friend ' s business.

D.

The internal auditor is discussing relevant information involving questionable vendors with a government regulatory agency.

Buy Now
Questions 210

Which of the following best describes the Standards requirement for collective proficiency of the internal audit activity?

Options:

A.

The internal audit activity must have auditors on staff who collectively possess all of the competencies required to fulfill the internal audit plan,

B.

All internal auditors on staff should possess the knowledge, skills, and competencies needed to perform any assurance engagement on the audit plan.

C.

The internal audit activity must possess or obtain the competencies needed to carry out their professional responsibilities, including providing relevant advice and recommendations.

D.

Internal auditors collectively are responsible for ensuring that the internal audit activity has the competencies required to fulfill the internal audit plan.

Buy Now
Questions 211

The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions. The CAE was an accounting manager for the organization six months ago.

How should she respond to the request?

Options:

A.

Decline, if it is a consulting engagement, because she recently worked in the organization ' s accounting department.

B.

Accept, if it is an assurance engagement, as she has been out of the department long enough to not impair objectivity.

C.

Inform the accounting department that the engagement can take place in the future, once she has been removed from accounting for a longer period of time.

D.

Accept, if it is a consulting engagement with agreed-upon scope and services to be provided by the internal audit activity.

Buy Now
Questions 212

According to IIA guidance, which of the following activities would typically be examined when using the maturity model approach for assessing an organization ' s risk management program?

Options:

A.

Monitor and review

B.

Performance measurement.

C.

Setting the context.

D.

Communication.

Buy Now
Questions 213

The organization ' s internal audit charter was last updated six years ago. To update the charter, which of the following actions is most appropriate for the chief audit executive to take?

Options:

A.

Wait for the next external assessment and address all of the missing information in the charter based on the recommendations from the external assessment team.

B.

Perform a review of IIA guidance to become acquainted with the latest mandatory elements prior to updating the charter

C.

Use an internal audit charter template from another organization that operates within the same industry.

D.

Identify an individual within the internal audit activity who has in-depth knowledge of mandatory IIA guidance elements to address any gaps or areas of the current version of the charter that could be improved.

Buy Now
Questions 214

Which of the following describes a primary responsibility for the internal audit activity in helping management maintain effective controls?

Options:

A.

Promoting continuous evaluation

B.

Promoting continuous monitoring

C.

Promoting continuous improvement

D.

Promoting continuous reporting

Buy Now
Questions 215

According to IIA guidance, which of the following is an appropriate role for the internal audit activity?

Options:

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management’s behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Buy Now
Questions 216

During an audit of a foreign subsidiary an internal audit team discovered that products were sold to a prohibited country due to sanctions. What is the best course of action for the internal audit team?

Options:

A.

Include the facts m the engagement communications

B.

Inform me external auditors of the violation.

C.

Report the violation to the government regulators

D.

Consult with the legal department

Buy Now
Questions 217

Which of the following scenarios is a characterize of an organization with a highly effective ethical culture?

Options:

A.

An organization implements and communicates to staff a formal and comprehensive code of conduct, which is clear and understandable.

B.

An organization waives reference and background checks when hiring for certain sensitive positions in order to not violate potential employees ' rights to privacy.

C.

An organization punishes senior management more harshly for ethics violations than it would for lower-level staff to send a message throughout the organization.

D.

An organization conducts surveys of employees, suppliers, and customers once every five years to determine the slate of the ethical climate in the organization.

Buy Now
Questions 218

Which of the following actions by the internal audit activity requires disclosure to the board of nonconformance with the Standards?

Options:

A.

The internal audit activity did not complete an external assessment within the last seven years

B.

The internal audit activity performed an engagement with limited scope due to lack of knowledge

C.

The internal audit activity failed to consider risk when conducting a review of a department

D.

An internal auditor was assigned to an engagement m an area where she previously worked more than 10 years ago

Buy Now
Questions 219

According to IIA guidance, which of the following best describes the chief audit executive s responsibility for confirming to the board the organizational independence of the internal audit activity ' ?

Options:

A.

The CAE must do this at least annually

B.

The CAE must do this at least once every five years

C.

The CAE must do this upon completion of each external quality assessment

D.

The CAE should do this periodically in conjunction with a review of the internal audit charter

Buy Now
Questions 220

Under which of the following circumstances should the final audit report include a disclosure of nonconformance with the Standards?

Options:

A.

An external quality assessment of the internal audit activity is performed only once every five years.

B.

The internal auditor provided negative assurance, because he found no evidence of misconduct.

C.

The annual internal audit plan includes some consulting engagements that are based on opportunities rather than risks to the organization.

D.

A new internal auditor moved into the internal audit activity from the payroll department and was immediately assigned to the payroll audit.

Buy Now
Exam Code: IIA-CIA-Part1
Exam Name: Internal Audit Fundamentals
Last Update: Jul 5, 2026
Questions: 735
IIA-CIA-Part1 pdf

IIA-CIA-Part1 PDF

$25.5  $84.99
IIA-CIA-Part1 Engine

IIA-CIA-Part1 Testing Engine

$30  $99.99
IIA-CIA-Part1 PDF + Engine

IIA-CIA-Part1 PDF + Testing Engine

$40.5  $134.99