Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

IIA-CIA-Part2 Internal Audit Engagement Questions and Answers

Questions 4

An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

Options:

A.

Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.

B.

Confirm the decision with management and document this decision in the audit file.

C.

Document the issue in the audit file and follow up until the issues are resolved.

D.

Initiate an assurance engagement on the unresolved issues.

Buy Now
Questions 5

An internal auditor conducted interviews with several employees, documented the interviews analyzed the summaries, and drew a number of conclusions. What sort of audit evidence has the internal auditor primarily obtained?

Options:

A.

Documentary evidence

B.

Testimonial evidence

C.

Analytical evidence

D.

Physical evidence

Buy Now
Questions 6

An internal auditor develops an engagement observation related to an organization ' s accumulation of large travel advances. The auditor observes that the organization ' s procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization ' s procedures?

Options:

A.

A criterion of the organization ' s accumulation of large travel advances

B.

A condition of the organization ' s accumulation of large travel advances

C.

A consequence of the organization ' s accumulation of large travel advances

D.

A cause of the organization ' s accumulation of large travel advances

Buy Now
Questions 7

Which of the following is a true statement regarding whistleblowing?

Options:

A.

Whistleblowing is one of several possible ethical structures an organization can undertake to encourage ethical behavior.

B.

Whistleblowing programs help employees deal with ethical questions and instill ethical values into everyday behavior

C.

Whistleblowers are current or former employees who are disgruntled and looking to retaliate.

D.

Whistleblowers should inform the organization about actual criminal circumstances, not assumed allegations.

Buy Now
Questions 8

An organization has identified new strategic goals, and a current objective is to determine an optimal course of action to meet those goals. Which data analytics method is used to achieve this objective?

Options:

A.

Diagnostic analysis

B.

Predictive analysis

C.

Network analysis

D.

Prescriptive analysis

Buy Now
Questions 9

An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization ' s health and safety program?

Options:

A.

The CAE has no role to play, because the chief health and safety officer reports to a senior executive.

B.

The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.

C.

The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.

D.

The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.

Buy Now
Questions 10

An internal auditor suspects that a program contains unauthorized code or errors. Which of the following would assist the internal auditor in this regard?

Options:

A.

Utility software

B.

Generalized audit software

C.

Application software tracing and mapping

D.

Audit expert systems

Buy Now
Questions 11

Which of the following internal audit activity staffing models has the disadvantage that auditors are always new and in training?

Options:

A.

Career model.

B.

Center of competence model.

C.

Rotational model.

D.

Hybrid model.

Buy Now
Questions 12

An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?

Options:

A.

Observe corrective measures.

B.

Seek a management assurance declaration.

C.

Follow up during the next scheduled audit.

D.

Conduct appropriate testing to verify management responses.

Buy Now
Questions 13

Which of the following would most likely prompt special notification from the chief audit executive to same management?

Options:

A.

Operational management has decried to weigh an audit issue against the organization ' s risk tolerance

B.

A controls inaccurate operation has materially impacted the accuracy of the poor year ' s financial statements

C.

Occurrences of asset misappropriation have been identified as a result of an ineffective operational control design

D.

The controls that management performed to confirm compliance with health and safety standards were not systematically documented

Buy Now
Questions 14

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management ' s compliance with privacy laws for safeguarding customer information stored on the organization ' s servers. Which course of action is appropriate for this phase of the engagement?

Options:

A.

Solicit the services of a specialist information systems auditor

B.

Obtain the most current approved copies of the organization ' s privacy policy

C.

Consult with legal counsel about new privacy laws to establish appropriate criteria

D.

Consider the detection risk of noncompliance with the laws

Buy Now
Questions 15

Which of the following is least likely to help ensure that risk is considered in a work program?

Options:

A.

Risks are discussed with audit client.

B.

All available information from the risk-based plan is used.

C.

Client efforts to affect risk management are considered.

D.

Prior risk assessments are considered.

Buy Now
Questions 16

A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks. When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

Options:

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CCO and present the revised audit plan to the board for approval

Buy Now
Questions 17

Which of the following best describes the guideline for preparing audit engagement workpapers?

Options:

A.

Workpapers should be understandable to the auditor in charge and the chief audit executive.

B.

Workpapers should be understandable to the audit client and the board.

C.

Workpapers should be understandable to another internal auditor who was not involved in the engagement.

D.

Workpapers should be understandable to external auditors and regulatory agencies.

Buy Now
Questions 18

According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?

Options:

A.

Sufficiency.

B.

Appropriateness.

C.

Effective deployment.

D.

Cost effectiveness.

Buy Now
Questions 19

When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?

Options:

A.

The overall adequacy of the internal audit activity ' s resources.

B.

The availability of guest auditors for the engagement.

C.

The number of internal auditors used for the previous review of the same area.

D.

The available resources with the specific skill set required.

Buy Now
Questions 20

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

Options:

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment.

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms.

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with internal policy.

Buy Now
Questions 21

While conducting an audit of a third party ' s Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?

1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.

2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.

3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.

4. Submit management ' s plan of action to the external auditors for additional review.

Options:

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Buy Now
Questions 22

Which of the following statements is true regarding the use of internal control questionnaires (ICOs)?

Options:

A.

ICQs are efficient because they minimize the need for follow-up with survey respondents

B.

Controls with positive survey responses can be eliminated from further testing

C.

Answers to survey questions can be easily misinterpreted

D.

ICQs offer limited value for organizations with uniform procedures

Buy Now
Questions 23

An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable parts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production. The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor ' s theory?

Options:

A.

Compare purchase orders generated from test data Input into the LAN with purchase orders generated from production data for the most recent period.

B.

Develop a report of excess inventory and compare the inventory with current production volume.

C.

Compare the parts needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

D.

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Buy Now
Questions 24

An internal auditor is analyzing sates records and is concerned whether a transaction is recorded in the coned period. The accounting manager explains that the external auditor approved the records and produces an email from the external audit team leader. How should tie internal auditor respond?

Options:

A.

Ask the external auditor to review the same transaction again as an independent third party

B.

Consult account accounting principles, standards, and relevant guidelines in regard to timing of the entry

C.

Interview the chief financial officer and obtain her opinion on how the transactions should be recorded

D.

Compare the recording of this transaction to now similar ones were executed last year

Buy Now
Questions 25

A corporate merger decision prompts the chief audit executive (CAE) to propose interm changes to the existing annual audit plan to account for emerging risks Which of the following Is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

Options:

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval.

C.

Present the revised audit plan directly to the CEO for approval.

D.

Communicate with the CEO and present the revised audit plan to the board for approval

Buy Now
Questions 26

Which of the following should the chief audit executive do when evaluating the possibility of relying on external auditors ' work?

Options:

A.

Perform comprehensive background checks on all independent auditors on the engagement.

B.

Recalculate all financial calculations to confirm competency.

C.

Examine objectivity and any perceived or actual conflicts of interest.

D.

Review audit tests employed in all previous audits.

Buy Now
Questions 27

A company makes a product at a cost of $26 per unit, of which $10 is fixed cost. The product is usually sold for $30 per unit; however, the company has been approached by a new customer who would like to purchase 3,500 units for $18 each Further, the company would Incur additional cost to deliver the units to this customer If the company has the excess manufacturing capacity and all other factors are constant, what is the additional cost that the company would Incur in order to make a profit of $1.50 per unit for this order?

Options:

A.

$0.50

B.

$1.50

C.

$2 50

D.

$3.50

Buy Now
Questions 28

According to IIA guidance, which of the following describes the primary reason the chief audit executive (CAE) should actively network and build relationships with senior management and the board?

Options:

A.

To fulfill the CAE ' s responsibility to keep the board appropriately informed.

B.

To expand the CAE ' s understanding of management issues.

C.

To help maintain the objectivity of the internal audit activity.

D.

To increase opportunities to demonstrate the internal audit activity performance.

Buy Now
Questions 29

When presenting an observation m writing which or the Mowing is usually true regarding the level of detail provided?

1. The description of the observation in the final audit report contains more detail then the description m the engagement workpapers

2. The description of the observation m the engagement workpapers contains more detail than the descriptor n a preliminary observation document

3. A preliminary observation document contains more detail than tie observation description in the final audit report

4. A preliminary observation document contains more detail than tie observation description in the engagement workpapers

Options:

A.

1 and 2

B.

1 and 4

C.

2 and3

D.

3 and 4

Buy Now
Questions 30

An internal audit report includes a recommendation to remove inappropriate user access to an IT application. Which of the following does the recommendation represent?

Options:

A.

An agreed action adopted by management.

B.

A condition-based recommendation as an interim solution to correct a current condition.

C.

A cause-based recommendation to prevent inappropriate access being granted again.

D.

A management action plan.

Buy Now
Questions 31

Which of the following is one of the advantages of organizing the risk universe by processes?

Options:

A.

Interfaces between organizational units are captured during audits by processes

B.

Audits by processes are less time-consuming

C.

During audits by processes, managers are more open at interviews

D.

The advantage of audits by processes is true completeness

Buy Now
Questions 32

Which of the following actives is an internal auditor most likely to perform when establishing the objectives of an assurance engagement?

Options:

A.

Discuss the internal audit risk assessment including applicable risks and objectives with internal audit management

B.

Perform a walk-through of the process under review to determine whether control wore operating, effectively

C.

Identify when controls will be tested and the sampling method to be used based on control risk

D.

Meet with operational management to team about any areas of concern and to agree on the engagement objectives

Buy Now
Questions 33

Senior management is challenging regulatory fines that were assessed to the organization due to questionable business practices. Their actions and the fines could have an adverse effect on the organization ' s ability to continue business. How would the chief audit executive respond?

Options:

A.

Assume responsibility for quantifying and minimizing the residual risks to the organization.

B.

Assess the level of financial risks that may affect the organization ' s stability.

C.

Inform the regulatory agency about senior management ' s action and seek guidance.

D.

Proceed with a consulting engagement to benchmark similar organizations ' business practices in the region.

Buy Now
Questions 34

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

Options:

A.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

B.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

C.

The auditor should get permission to extend the current engagement, and with the process owner ' s approval, perform the improvement task.

D.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Buy Now
Questions 35

A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline ' s pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?

Options:

A.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

B.

All completed training costs, and the cost of actual production hours completed to date.

C.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

D.

All completed training costs, and 50% of the contracted production costs.

Buy Now
Questions 36

Which of the following internal control attributes should internal auditors consider testing during a review of the board of directors?

Options:

A.

The presence of an independent critical mass

B.

The established philosophy and operating style of senior management

C.

The articulated internal control objectives of the organization

D.

The organization ' s employee recruiting and retention policies

Buy Now
Questions 37

Which of the following is a true statement regarding the use of flowcharts as an audit tool?

Options:

A.

Flowcharts are typically not well suited to support information provided by a risk and control matrix.

B.

Flowcharts are preferred to narratives, as they can provide much greater detail on the design and operation of a process.

C.

Flowcharts are best applied to linear process flows but cannot address all risks related to the process.

D.

Flowcharts describe process steps but cannot provide the level of detail needed to adequately assess the design of the process.

Buy Now
Questions 38

According to IIA guidance, organizations have the most influence on which element of fraud?

Options:

A.

Opportunity.

B.

Rationalization.

C.

Pressure.

D.

Incentives.

Buy Now
Questions 39

An internal auditor is asked to perform an assurance engagement in the organization ' s newly acquired subsidiary When developing the objectives tor the engagement which ot the following statements describes the most important items that the auditor needs to consider?

Options:

A.

Previous performance of the subsidiary specifically its financial results over the last three years and the outcome of external audit reviews

B.

The results of previous internal audits of the subsidiary the recommendations provided and whether the recommended actions have been implemented

C.

Organizational strategy objectives, risks, control framework and the expectations of stakeholders regarding the audit

D.

The qualifications and competencies of the subsidiary ' s management team and their understanding of risk and control

Buy Now
Questions 40

Which of the following is an appropriate documentation of proper engagement supervision?

Options:

A.

A completed engagement workpaper review checklist.

B.

The supervisor ' s review notes on engagement workpapers.

C.

The email exchanges between the audit team and the supervisor.

D.

A supervisor ' s approval of resources allocated to the engagement

Buy Now
Questions 41

Which of the following should an internal auditor document to support an assurance engagement’s conclusions?

Options:

A.

Evidence of all data used in an engagement

B.

Internal audit policies and workpaper templates

C.

Workpapers, cross-referenced to audit observations

D.

Satisfaction ratings from management of the area under review

Buy Now
Questions 42

An internal auditor wants to determine whether the key risks identified by management in the risk register are reflective of the key risks in the industry. Which of the following techniques would the auditor apply to achieve this goal?

Options:

A.

Perform benchmarking

B.

Perform a trend analysis

C.

Perform a ratio analysis

D.

Perform observation to gather evidence

Buy Now
Questions 43

Applying ISO 31000; which of the following is part of the external context for risk management?

Options:

A.

Risk treatment method based on risk evaluation.

B.

Organizational culture, objectives, and processes.

C.

The regulatory and competitive environment.

D.

The method of determining the risk level

Buy Now
Questions 44

Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate

option for the chief audit executive?

Options:

A.

Appoint an independent fraud investigation specialist to work with the selected internal auditors.

B.

Organize in-house fraud investigation training sessions for selected internal auditors.

C.

Assign an experienced auditor to the engagement for a development opportunity.

D.

Hire a new internal auditor who possesses fraud investigation experience.

Buy Now
Questions 45

Which of the following statements is true regarding internal auditors and other assurance providers?

Options:

A.

Assurance providers who report to management and/or are part of management cannot provide control serf-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit

D.

hours Internal auditors can rely on the work of other assurance providers only rf the other assurance providers report directly to the board

Buy Now
Questions 46

According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?

Options:

A.

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

B.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

C.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

D.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

Buy Now
Questions 47

Which of the following statements is true regarding the audit objective for an assurance engagement?

Options:

A.

Operational management must determine the audit objective in cooperation with the internal auditor

B.

The audit objective may be adjusted after the start of an engagement and it does not need to align with the assessed risks

C.

The audit objective must consider the possibility of fraud and noncompliance

D.

The audit objective may or may not consider the possibility of fraud depending on the assessed likelihood and impact

Buy Now
Questions 48

The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed. How should the internal audit team proceed?

Options:

A.

Communicate immediately to the relevant regulatory agency the information regarding the company ' s control breaches along with details of recommended corrective actions to address the issue.

B.

Complete the branch reviews, ensure that the issue and impact are adequately detailed in the audit report, hold an exit meeting to discuss the issue with branch management, and provide recommendations for corrective actions.

C.

Have a discussion with branch management on the matter and recommend in an interim audit report that management take appropriate corrective action in order to address the current identified issues.

D.

Expand the audit to include the branches that were not previously selected and determine whether there are similar control breaches at those branches prior to compiling a comprehensive audit report and reporting the issue to senior management and the board.

Buy Now
Questions 49

Which of the following is an appropriate role for the internal audit activity with regard to the organization ' s risk management program?

Options:

A.

Identify and manage risks in line with the organization ' s risk appetite.

B.

Ensure that a proper and effective risk management process exists.

C.

Attain an adequate understanding of the organization ' s key risk mitigation strategies.

D.

Identify and ensure that appropriate controls exist to mitigate risks.

Buy Now
Questions 50

In the years after the mid-service point of a depreciable asset, which of the following depreciation methods will result in the highest depreciation expense?

Options:

A.

Sum of the years’ digits.

B.

Declining balance.

C.

Double-declining balance.

D.

Straight line.

Buy Now
Questions 51

An internal auditor is using computer-assisted audit techniques to examine employee expenses across several divisions of the organization. Which of the following is true in this situation?

Options:

A.

The data from various sources should remain segregated for easier analysis and discovery of anomalies.

B.

Fraud detection techniques should be performed against full data populations.

C.

A reactive approach is best suited for fraud detection due to the effectiveness of tips and whistleblowing programs.

D.

Random sampling is an effective method of detecting fraudulent transactions.

Buy Now
Questions 52

An internal audit activity is planning its first audit of IT shared services. Which of the following controls would typically be evaluated first?

Options:

A.

Entity-level controls

B.

Application controls

C.

General controls.

D.

Transaction controls

Buy Now
Questions 53

Which of the following behaviors could represent a significant ethical risk if exhibited by an organization ' s board?

1. Intervening during an audit involving ethical wrongdoing.

2. Discussing periodic reports of ethical breaches.

3. Authorizing an investigation of an unsafe product.

4. Negotiating a settlement of an employee claim for personal damages.

Options:

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Buy Now
Questions 54

According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

Options:

A.

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B.

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

C.

The exit conference provides only anticipated results for inclusion in the final audit communication.

D.

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

Buy Now
Questions 55

An organization has a mature control environment but limited internal audit resources. Given this scenario, on which of the following should the internal auditors focus their testing?

Options:

A.

Detective compensating controls

B.

Preventive compensating controls.

C.

Detective key controls.

D.

Preventive key controls

Buy Now
Questions 56

According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization ' s cash disbursements process?

Options:

A.

The accounts payable supervisor, accounts payable manager, and controller.

B.

The accounts payable manager, purchasing manager, and receiving manager.

C.

The accounts payable supervisor, controller, and treasurer.

D.

The accounts payable manager, chief financial officer, and audit committee.

Buy Now
Questions 57

Which of the following computerized audit tools or techniques should be used if the internal auditor wants to extract specific files and records in the database?

Options:

A.

An expert or decision support system

B.

Generalized audit software

C.

A system utility program

D.

An integrated test facility

Buy Now
Questions 58

Management has taken immediate action to address an observation received during an audit of the organization ' s manufacturing process Which of the following is true regarding the validity of the observation closure?

Options:

A.

Valid closure requires evidence that ensures the corrected process will function as expected in the future

B.

Valid closure requires the client lo address not only the condition, but also the cause of the condition

C.

Valid closure of an observation ensures it will be included in the final engagement report

D.

Valid closure requires assurance from management that the original problem will not recur in the future

Buy Now
Questions 59

Which of the following is the primary weakness of internal control questionnaires (ICQs)?

Options:

A.

ICQs do not allow for open-ended questions.

B.

ICQs do not allow for evaluating multiple locations.

C.

ICQs require significant auditor follow-up, as different managers may give different responses.

D.

ICQ respondents have incentives to answer that there are internal controls in place.

Buy Now
Questions 60

Which of the following audit steps would an internal auditor most likely be questioned on?

Options:

A.

The auditor confirms the organization ' s ownership of physical equipment by verifying its presence on site visually.

B.

The auditor vouches for a sample of check copies to support voucher packages to test the checks ' validity.

C.

The auditor vouches a sales invoice to a shipping document to conclude that the invoice has been issued.

D.

The auditor recalculates the allowance for doubtful accounts based on management assertions.

Buy Now
Questions 61

Which of the following statements best describes the difference between risk appetite and risk tolerance?

Options:

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization ' s general attitude toward risk.

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management

C.

Risk appetite refers to an organization’s general level of acceptance, while risk tolerance is a more specific and subordinate concept

D.

There is no significant difference between the two terms

Buy Now
Questions 62

An internal auditor is assigned to validate calculations on the organization ' s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?

Options:

A.

Generalized audit software.

B.

Utility software

C.

integrated test facilities

D.

Audit expert systems

Buy Now
Questions 63

Which of the following represents a ratio that measures short-term debt-paying ability?

Options:

A.

Debt-to-equity ratio

B.

Profit margin

C.

Current ratio

D.

Times interest earned

Buy Now
Questions 64

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?

Options:

A.

The review notes may be cleared from the final documentation once the engagement supervisors concerns have been addressed

B.

Management of the area under review must address the engagement supervisors review notes before the audit report can be finalized.

C.

The chief audit executive must initial or sign the engagement supervisors review notes to provide evidence of appropriate engagement supervision.

D.

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program

Buy Now
Questions 65

The final engagement communication contains the following observation:

The internal auditor discovered that three of the 10 contracts reviewed failed to meet the organization ' s competitive bidding requirements Management explained that senior management deemed these purchases to be critical and awarded them as sole-source. "

Which of the following components is missing in the documentation of the observation?

Options:

A.

Criteria.

B.

Effect

C.

Condition

D.

Cause

Buy Now
Questions 66

An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?

Options:

A.

Utility software

B.

Integrated test facility

C.

Parallel simulation

D.

Generalized audit software

Buy Now
Questions 67

According to IIA guidance which of the following statements is true regarding heat maps?

Options:

A.

A heat map sets likelihood to have higher priority than impact.

B.

A heat map sets impact to have higher priority than likelihood.

C.

A heat map recognizes that the priority of impact and likelihood can vary.

D.

A heat map recognizes impact and likelihood as equally important

Buy Now
Questions 68

In the following risk control map risks have been categorized based on the level of significance and the associated level of control. Which of the following statements is true regarding Risk C?

Options:

A.

The level of control is appropriate given the level of risk

B.

The level of control is excessive given the level of risk

C.

The level of control is inadequate given the level of risk

D.

There is not enough of information to determine whether the controls are appropriate or not

Buy Now
Questions 69

Which of the following statements is true regarding risk assessments, including the evaluation and prioritization of risk and control factors?

Options:

A.

A risk-by-process matrix enables the user to determine associations between any of the processes and the risks.

B.

The risk-factor approach for linking business processes and risks is more direct than the use of a risk-by-process matrix.

C.

Internal risk factors are built into the environment and the nature of the process itself.

D.

A risk map is used primarily to depict which risks will be reduced and which will be shared.

Buy Now
Questions 70

A multinational organization has multiple divisions that sell their products internally to other divisions When selling internally, which of the following transfer prices would lead to the best decisions for the organization?

Options:

A.

Full cost

B.

Full cost plus a markup.

C.

Market price of the product.

D.

Variable cost plus a markup.

Buy Now
Questions 71

A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate ' s ability to probe further when reviewing incidents that have the appearance of misbehavior?

Options:

A.

Integrity.

B.

Flexibility.

C.

Initiative.

D.

Curiosity.

Buy Now
Questions 72

Which of the following is most likely to impair the organizational independence of the internal audit activity?

Options:

A.

The chief audit executive (CAE) reports administratively to the chief financial officer

B.

The CAE oversees the effectiveness of the organization’s risk management function.

C.

The CAE reports functionally to the CEO.

D.

The CAE managed the finance department for the past five years.

Buy Now
Questions 73

Which of the following processes does the board manage to ensure adequate governance?

Options:

A.

Establish and measure performance objectives for the internal audit activity

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization

D.

Develop strategies to mitigate the risks to achieving the organization ' s objectives

Buy Now
Questions 74

Which of the following is one of the differences between probability-proportional-to-size (PPS) and attribute sampling?

Options:

A.

PPS sampling s used to reach conclusions regarding monetary amounts, attribute sampling is not.

B.

PPS sampling is used to roach conclusions regarding rates of occurrence, attribute sampling is not.

C.

PPS sampling a applied within the context of testing controls attribute sampling s not.

D.

Attribute sampling is affected by the monetary book value of the population PPS sampling is not

Buy Now
Questions 75

Which of the following statements is true regarding the reporting of tangible and intangible assets?

Options:

A.

For plant assets, cost includes the purchase price and the cost of design and construction

B.

For intangible assets, cost includes the purchase price and development costs.

C.

Due to their indefinite nature, intangible assets are not subject to amortization.

D.

The organization must expense any cost incurred in developing a plant asset

Buy Now
Questions 76

An organization ' s chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?

Options:

A.

It allows the internal audit function to provide more subjective conclusions that would help the organization meet its goals and objectives.

B.

It allows the internal audit function to perform the appropriate engagements that minimize audit fatigue within the organization.

C.

It allows the internal audit function to focus more attention on ensuring that solutions and risks adhere to defined regulations.

D.

It allows the internal audit function to obtain more resources to perform more engagements of departments within the organization.

Buy Now
Questions 77

Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?

Options:

A.

Appoint the chief audit executive as a member of the board.

B.

Adopt written policies and procedures for the internal audit activity, approved by the board.

C.

Ensure the chief audit executive reports administratively to the audit committee.

D.

Establish the internal audit activity ' s position within the organization in an audit charter

Buy Now
Questions 78

An internal auditor is planning an audit engagement of a subsidiary organization. The auditor learns that a corporate investigator from the holding organization is investigating the subsidiary regarding a fraud case. Which of the following is true regarding the scope of the internal auditor’s engagement?

Options:

A.

As the fraud is already being investigated by the corporate investigator, it should be excluded from the scope of the audit engagement

B.

The engagement should be framed as an advisory engagement to support the corporate investigator ' s work

C.

The area under investigation should be excluded from the engagement scope if the auditor does not have the technical skills required to support a fraud investigation

D.

The scope should consider the nature of the fraud risk and control weaknesses identified from the fraud case

Buy Now
Questions 79

When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?

Options:

A.

The need and availability of automated support.

B.

The potential impact of key risks.

C.

The expected outcomes and deliverables.

D.

The operational and geographic boundaries.

Buy Now
Questions 80

An internal audit function described scenarios of fraud indicators and fraud-related key words. The objective is for this data to serve as an input into algorithms that will forecast potentially fraudulent behavior and prevent the execution of flagged transactions. Which of the following analytic methods is the internal audit function most likely developing?

Options:

A.

Diagnostic analytics

B.

Descriptive analytics

C.

Prescriptive analytics

D.

Predictive analytics

Buy Now
Questions 81

In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?

Options:

A.

To obtain sufficient audit evidence.

B.

To test the client ' s knowledge.

C.

To agree on the auditor’s scope of authority.

D.

To establish rapport.

Buy Now
Questions 82

Which of the following is the most important concept to be included in a consulting engagement agreement?

Options:

A.

Define the duties and responsibilities needed from management to perform the engagement.

B.

Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of the review.

C.

Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee.

D.

Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.

Buy Now
Questions 83

Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor ' s most appropriate next step?

Options:

A.

Immediately notify management of the area under review and the other internal auditors involved in the engagement

B.

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C.

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud

D.

Provide the evidence that was discovered to local lav/ enforcement for possible prosecution of the suspected fraud

Buy Now
Questions 84

In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?

Options:

A.

The CAE previously undertook a consulting assignment in that area to improve processes.

B.

A couple of years ago, the CAE performed accounting functions for the payroll department.

C.

Prior to becoming the CAE, the CAE was the payroll manager.

D.

The assurance review was initiated following issues identified during a consulting assignment requested by management.

Buy Now
Questions 85

After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the

organization. What is the most appropriate first step for the CAE to take?

Options:

A.

Discuss the issue with senior management.

B.

Discuss the issue only with the CEO.

C.

Inform the board.

D.

Discuss the issue with the members of management responsible for the risk area.

Buy Now
Questions 86

Which of the following is the most appropriate reason for a chief audit executive to conduct an external assessment more frequently than five years?

Options:

A.

Significant changes in the organization ' s accounting policies or procedures would warrant timely analysis and feedback.

B.

More frequent external assessments can serve as an equivalent substitute for internal assessments.

C.

The parent organization ' s internal audit activity agreed to perform biennial reciprocal external assessments to provide greater assurance at a reduced cost.

D.

A change in senior management or internal audit leadership may change expectations and commitment to conformance

Buy Now
Questions 87

During a review of the organization ' s waste management processes, the internal auditor discovered that wastewater is being disposed of inappropriately. The auditor ' s recommendations, suggested to mitigate the risk of regulatory sanctions and reputational damages, were accepted and timelines for implementation were agreed. However, during the internal audit activity ' s periodic follow-up exercise, management indicated that the recommendation was too expensive to implement and the current disposal method has been cost-effective. What should the chief audit executive do in this case?

Options:

A.

Nothing, as the internal audit activity has fulfilled its responsibility of providing recommendations to mitigate the risks to which the organization is exposed.

B.

Contact the regulatory agency responsible for monitoring such matters in order to convince management to implement the recommendations.

C.

Convene a meeting with senior management and discuss the issue and the potential impact it may have on the organization.

D.

Highlight the current exposure to the external auditors so they too can highlight the issue and further pressure management to address the concern.

Buy Now
Questions 88

Which of the following should be included in a privacy audit engagement?

1. Assess the appropriateness of the information gathered.

2. Review the methods used to collect information.

3. Consider whether the information collected is in compliance with applicable laws.

4. Determine how the information is stored.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Buy Now
Questions 89

An internal auditor is assessing whether a vendor onboarding procedure is being followed in all business units. The procedure has been centrally designed and depicts activities and validations that must be performed at every step. Which of the following is the most suitable way to compile an internal control questionnaire?

Options:

A.

Develop statements that are based on the procedure requirements and ask respondents to select yes or no responses

B.

Develop open questions that inquire about the appropriateness and efficacy of the procedure

C.

Develop closed questions asking managers to describe the onboarding process in detail

D.

Develop multiple response questions where a respondent has to identify one correct answer out of four

Buy Now
Questions 90

As a result of server managements assumption of risk there is residual risk that exceeds me organisation ' s risk appetite. Which of the following actions would be most appropriate for the chief audit executive to take?

Options:

A.

ignore the responsibility of addressing the residual risk

B.

Assume the responsibility of addressing the residual risk

C.

Ensure senior management acknowledges residual risk

D.

Communicate with the board the issue of residual risk

Buy Now
Questions 91

Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding Which of the following is a reason to use narrative memoranda?

Options:

A.

To create a detailed risk assessment

B.

To identify individuals who perform key roles

C.

To explain a simple process.

D.

To document which outputs support other activities.

Buy Now
Questions 92

The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?

Options:

A.

The CAE is required to review, approve, and sign every engagement report.

B.

The CAE is required to review, approve, and sign all regulatory compliance engagement reports only

C.

The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.

D.

The internal audit charter must identify authorized signers of engagement reports.

Buy Now
Questions 93

The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?

Options:

A.

Request the internal audit activity to perform an ethics-related assurance engagement.

B.

Offer in-house ethics-related training seminars for employees to attend

C.

Reaffirm the importance of the organization ' s code of ethics to all employees

D.

Conduct an organization wide employee survey on ethical practices.

Buy Now
Questions 94

Which of the following statements accurately describes the Standards requirement for ret internal audit records?

Options:

A.

Retention requirements for internal audit records should be compliant with ones set for external audit records

B.

Retention requirements should take into account the medium in which internal audit records are stored

C.

Retention requirements should be set by the chief audit executive and aligned will the organization s process and procedures

D.

Retention requirements should set a minimum period of the for records storage and the process of archiving documents

Buy Now
Questions 95

An organization ' s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

Options:

A.

Manage and coordinate risk management processes.

B.

Audit risk management processes.

C.

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.

Accept management ' s responsibility for risk management without board approval.

Buy Now
Questions 96

An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income Which of the following terms would the investor most likely label this investment in her portfolio?

Options:

A.

A star.

B.

A cash cow.

C.

A question mark.

D.

A dog

Buy Now
Questions 97

Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?

1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.

2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.

3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.

4. Communicate to senior management a summary report on the status and adequacy of audit resources.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 4

D.

2, 3, and 4

Buy Now
Questions 98

During an audit, the chief audit executive reviews and approves changes to the audit program. Which of the following describes this activity?

Options:

A.

Engagement reporting

B.

Continuous monitoring

C.

Engagement supervision

D.

Engagement risk assessment

Buy Now
Questions 99

During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?

Options:

A.

Scheme.

B.

Opportunity.

C.

Rationalization.

D.

Pressure.

Buy Now
Questions 100

Which of the following statements regarding the risk management process ' support of the internal audit activity is true?

Options:

A.

The risk management process can provide more extensive internal audit services to the organization if it does not have an internal audit department

B.

The risk management process supports internal audit by evaluating whether critical controls are adequate and effective.

C.

The risk management process can determine whether all significant risks have been identified and are being treated.

D.

The risk management process establishes an organization-specific documented risk management framework.

Buy Now
Questions 101

The audit engagement objective is to identify vendors who might be involved in money laundering processes or tax evasion schemes. How would the internal auditor use data analytics to fulfill this objective?

Options:

A.

Run reports listing all payments made in countries other than vendor locations

B.

Run reports listing all credit limit overrides

C.

Run reports listing all instances of delayed revenue recognition

D.

Run three-way match reports, matching invoices, purchase orders, and receiving reports

Buy Now
Questions 102

The chief audit executive (CAE) of an organization has completed this year’s risk-based audit plan and realized that current staff resources are insufficient to meet the needs of the plan. What course of action should the CAE take?

Options:

A.

Amend the audit plan so that available audit resources are adequate to meet the plan’s requirements.

B.

Inform the board and senior management of the resources needed, as well as the associated risks.

C.

Communicate early to those unit managers whose areas would most likely not be able to get reviewed.

D.

Get approval from human resources regarding overtime payment to be made in an effort to complete the audit plan.

Buy Now
Questions 103

The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable. When should this be communicated to senior management?

Options:

A.

When the CAE reports the audit outcome to senior management.

B.

When the residual risk is identified before the engagement is complete.

C.

Immediately, as residual risk should be communicated as soon as possible

D.

When management of the area under review has resolved and mitigated the residual risk

Buy Now
Questions 104

The human resources (HR) department was last reviewed three years ago and is due for an assurance engagement after undergoing recent process changes. Which of the following would the most effective option identify the HR department ' s risks and controls?

Options:

A.

Meet with the chief operating officer 10 obtain Information about the MR department

B.

Review the previous internal audit report and locus on key audit observations and action plans

C.

Review the organization ' s risk strategy and risk appetite framework

D.

Discuss the department ' s present strategies ‘and objectives with the head of the HR department

Buy Now
Questions 105

For an action plan to be effective, it should be designed primarily to address which of the following elements of an observation?

Options:

A.

Condition

B.

Root cause

C.

Criteria

D.

Recommendation

Buy Now
Questions 106

An internal auditor is planning to audit the organization ' s payroll function, which was recently outsourced. Which of the following is the most appropriate first step for the auditor?

Options:

A.

Review management ' s organ nationwide risk assessment

B.

Understand the objectives and strategies of the new arrangement

C.

Revise the scope of the audit engagement

D.

Form objectives for the audit engagement

Buy Now
Questions 107

A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components ' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?

Options:

A.

A risk assessment

B.

An operational audit

C.

A third-party audit

D.

A fraud investigation

Buy Now
Questions 108

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

Options:

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with the internal policy.

Buy Now
Questions 109

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

Options:

A.

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.

Oversight of the coordination between the internal audit activity and independent outside auditors

C.

The internal audit activity ' s purpose, authority, responsibility, and performance relative to plan.

D.

Management ' s assertions regarding the system of internal controls.

Buy Now
Questions 110

Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?

Options:

A.

End the consulting engagement and report the results to management as planned

B.

Report the significant control issues to senior management and the board and recommend corrective action

C.

Mutually agree with the engagement client on corrective actions

D.

Focus on the consulting engagement and schedule an assurance engagement next to address the control issues

Buy Now
Questions 111

The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?

Options:

A.

The scope of the engagement, the estimated time frame, and the names of the auditors.

B.

The estimated time frame, the names of the auditors, and the resources and travel budget.

C.

The names of the auditors, the resources and travel budget, and the scope of the engagement.

D.

The resources and travel budget, the scope of the engagement, and the estimated time frame.

Buy Now
Questions 112

Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?

Options:

A.

Stratification of numeric values

B.

Gap testing

C.

Joining different data sources

D.

Duplicate testing

Buy Now
Questions 113

Which of the following situations is most likely to heighten an internal auditors professional skepticism regarding potential fraud?

Options:

A.

A procurement manager does not have the expected academic credentials for his position

B.

A salesperson frequently complains about the organization ' s policy on sales commissions.

C.

The accounts payable supervisor has requested advances against her monthly salary on several occasions

D.

A financial accountant is absent from work frequently due to regular medical procedures

Buy Now
Questions 114

A compliance engagement is underway, and management of the activity under review has asked the internal auditor to provide regular status updates and information regarding preliminary observations before the engagement is complete. Which of the following would be the internal auditor’s most appropriate response?

Options:

A.

The auditor should accommodate the request for information and brief management on significant preliminary observations as they develop.

B.

The auditor should advise management that the requested information cannot be communicated until the engagement is complete and the results undergo a quality check by the engagement supervisor.

C.

The auditor should share the requested information but clearly communicate that it is not appropriate for him to correct any observations based on further information that may be provided by management.

D.

The auditor should partially accommodate the request, explaining that he can provide status updates regarding the engagement procedures and timeline but he is unable to provide information regarding preliminary observations.

Buy Now
Questions 115

According to IIA guidance, which of the following provides additional insight into errors, problems, missed opportunities, or noncompliance to improve the effectiveness and efficiency of an organization ' s control process?

Options:

A.

Reperformance.

B.

Vouching.

C.

Independent confirmation.

D.

Root cause analysis.

Buy Now
Questions 116

An internal auditor completed a test of 30 randomly selected accounts. For five of the accounts selected, the auditor was unable to find supporting documentation in the normal place of storage. Which of the following next steps would be most appropriate for the internal auditor to take?

Options:

A.

Conclude that the test failed because at least 17 percent of the sample items were not supported.

B.

Select five new accounts to replace the ones that were missing supporting documentation.

C.

Expand the sample size to 60 to determine whether the error rate remains the same.

D.

Contact management to determine whether the supporting documentation can be located elsewhere.

Buy Now
Questions 117

An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?

Options:

A.

Inform the audit supervisor.

B.

Investigate the potential conflict of interest.

C.

Inform the external auditors of the potential conflict of interest.

D.

Disregard the potential conflict, because it is outside the scope of the audit assignment.

Buy Now
Questions 118

Which of the following is the primary reason a chief audit executive should network with an organization’s executives?

Options:

A.

To better understand and influence executives ' planning.

B.

To make executives aware of the benefits that the internal audit activity can provide.

C.

To assist executives in setting the organization’s risk appetite.

D.

To have a better understanding of the training needed to strengthen the audit team.

Buy Now
Questions 119

Which of the following analytical procedures should an internal auditor use to determine whether monthly expenses for the accounting department are reasonable?

Options:

A.

Review year-over-year trending of total dollars spent in each period.

B.

Review changes to the vendor master file for suspicious activity.

C.

Review the percentage of on-time payments against prior periods.

D.

Review total expenses for accounting against other department expenses in the organization.

Buy Now
Questions 120

Which of the following is not an outcome of control self-assessment?

Options:

A.

Informal, soft controls are omitted, and greater focus is placed on hard controls.

B.

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

C.

Internal auditors become involved in and knowledgeable about the self-assessment process.

D.

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

Buy Now
Questions 121

Which of the following is an advantage of nonstatistical sampling over statistical sampling?

Options:

A.

Nonstatistical sampling provides more objective recommendations for management.

B.

Nonstatistical sampling provides an opportunity to select the minimum sample size required to satisfy the objectives of the audit tests.

C.

Nonstatistical sampling provides for the use of subjective judgment in determining the sample size.

D.

Nonstatistical sampling permits the auditor to specify a level of reliability and the desired degree of precision.

Buy Now
Questions 122

An internal auditor is conducting an assurance engagement. One engagement objective is to evaluate the project manager’s effectiveness at controlling project costs. Which of the following audit tests should be included in the engagement program?

Options:

A.

Prepare a bank reconciliation statement for all the bank accounts of the organization

B.

Track a sample of project payments from accounts payable to concluded agreements and authorization rights

C.

Validate the accuracy of assumptions and inputs used for calculations in the project’s feasibility model

D.

Investigate whether the budget of the project was approved timely as required by internal policies

Buy Now
Questions 123

In which of the following situations has an internal audit of obtained physical evidence?

Options:

A.

An internal auditor made purchases from several of the organization ' s retail outlets to evaluate customer service

B.

An internal auditor interviewed various employees regarding health and safety issues and recorded their answers

C.

An internal auditor obtained the current quarterly financial report and computed changes in deb-to-equity ratio

D.

An internal auditor received a signed confirmation regarding the terms of a transaction from an independent attorney

Buy Now
Questions 124

Which statement best describes the benefit of using workpapers from recent internal audit engagements of the area under review to plan new engagements?

Options:

A.

Recent workpapers can help during the planning of a new engagement to understand any corrective actions taken by management to address previous engagement observations.

B.

Tests described in recent workpapers can be copied into the new workpapers to save time from reperforming a risk assessment.

C.

Recent workpapers serve as the best source for identification of the risks to be examined in the new engagement.

D.

The new engagement scope can be derived from recent workpapers to ensure the reperformance of engagement procedures.

Buy Now
Questions 125

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

Options:

A.

To prepare for testing the effectiveness of controls.

B.

To plan for evaluating potential losses.

C.

To prepare a sampling plan for the engagement.

D.

To evaluate the design of controls.

Buy Now
Questions 126

An internal auditor is using attributes sampling to test internal controls. Under which of the following circumstances would the auditor increase the original sample size to estimate error occurrence at a given precision and confidence level?

Options:

A.

The sample rate of occurrence plus the precision exceeds the acceptable error rate.

B.

The sample rate of occurrence is less than the acceptable error rate.

C.

The acceptable rate of occurrence less the precision exceeds the sample rate of occurrence.

D.

The sample rate of occurrence plus the precision equals the acceptable error rate.

Buy Now
Questions 127

The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review Which of the following would be the most appropriate approach?

Options:

A.

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

B.

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

C.

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures

D.

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

Buy Now
Questions 128

An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?

Options:

A.

Verify that approvals of purchasing documents comply with the authority matrix.

B.

Observe whether the purchase orders are sequentially numbered.

C.

Examine whether the sales department supervisor approves invoices for payment.

D.

Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

Buy Now
Questions 129

Which of the following is most likely to be judged as a significant residual risk that would exceed the organization ' s acceptable risk level?

Options:

A.

Any risk involving organizational expansion into a new geographical area with an unstable political environment.

B.

Any risk involving investments into bitcoin and suspicious derivatives

C.

Any risk that can cause material or financial loss

D.

Any risk that could cause injuries or pollute the environment

Buy Now
Questions 130

Some lime after the final audit report was issued, the engagement supervisor teamed that several internal control deficiencies were not remedied, despite management ' s previous agreement to remedy them According to IIA guidance, which of the following is the most appropriate response ' 5

Options:

A.

The engagement supervisor must notify the chief audit executive (CAE) that the deficiencies have not been rectified

B.

The engagement supervisor should rely on professional judgment as to whether the CAE should be informed, or the management action plan should be adjusted

C.

The engagement supervisor should rely on his negotiation skills and issue an ultimatum to management to remedy the control deficiencies

D.

Ensure that these deficiencies are captured in the documentation as high-priority areas to be reviewed during the next audit.

Buy Now
Questions 131

In which of following scenarios is the internal auditor performing benchmarking?

Options:

A.

The auditor compares information from one period with the same information from the poor period

B.

The auditor compares new information to his general knowledge of the organization

C.

The auditor compares information he collected with simmer information from another source

D.

The auditor compares expected outcomes with actual results

Buy Now
Questions 132

Which of the following should be the focus of the effect section of the preliminary observations document?

Options:

A.

Residual risk

B.

Inherent risk

C.

Compensating controls

D.

Control activities

Buy Now
Questions 133

According to IIA guidance, which of the following statements about analytical procedures is true?

Options:

A.

Analytical procedures compare information against expectations

B.

Analytical procedures begin after the engagements planning phase.

C.

Analytical procedures provide internal auditors with explainable results.

D.

Analytical procedures are computer-assisted audit techniques

Buy Now
Questions 134

During engagement planning, which party provides the most accurate and up-to-date description of how organizational processes and key controls operate?

Options:

A.

The management responsible for the activity under review

B.

The individuals who perform the daily tasks and functions of the activity under review

C.

The external auditors since they understand the key controls behind the financial statements

D.

The board of directors since they provide overall oversight for the organization

Buy Now
Questions 135

A healthcare organization ' s chief audit executive (CAE) noted that the organization ' s IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization ' s chief information officer (ClO) does not agree with the audit team ' s recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?

Options:

A.

Write a risk acceptance memo for the CIO to sign acknowledging the observation and indicating a willingness to accept the risk.

B.

Provide an example of the attestation form that vendors must use. Then, recommend that the IT team require vendors to submit the attestation form on a regular basis.

C.

Escalate the issue to the audit committee, as the CIO is unwilling to implement the recommended action plan.

D.

Escalate the issue to the CAE to assess whether the ClO ' s reasoning is acceptable.

Buy Now
Questions 136

Which of the following would be considered a violation of The IIA’s mandatory guidance on independence?

Options:

A.

The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer

B.

The board seeks senior managements recommendation before approving the annual salary adjustment of the CAE.

C.

The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit act/vity.

D.

The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline

Buy Now
Questions 137

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

Options:

A.

ISO 26000

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework.

Buy Now
Questions 138

Which phase of an audit engagement is typically the most effective time for an internal auditor to develop a risk and control matrix?

Options:

A.

When preparing to recap audit test results.

B.

At sample selection, to determine sampling methodology.

C.

At the start of fieldwork, as part of developing the annual audit plan.

D.

At planning, to assist in developing the engagement work program.

Buy Now
Questions 139

According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?

Options:

A.

The review should focus on the efficiency of the controls in place to prevent fraud.

B.

The scope of the review does not need to include all operating areas of the organization.

C.

The cost of the control should be compared to the benefit of mitigating the related risk.

D.

The review should assess whether the internal controls can be circumvented.

Buy Now
Questions 140

According to ISO 31000, which of the following statements is correct?

Options:

A.

The board is responsible for setting the organizational attitude through tone at the top.

B.

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities

C.

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.

The framework is designed to be effective for organizations no matter how small.

Buy Now
Questions 141

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Options:

A.

Report follow-up activities to senior management.

B.

Implement follow-up procedures to evaluate residual risk.

C.

Determine the costs of implementing the recommendations.

D.

Evaluate the extent of improvements.

Buy Now
Questions 142

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Options:

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Buy Now
Questions 143

Which of the following would be the most helpful to a chief audit executive when developing a talent management strategy?

Options:

A.

Gap analysis

B.

Staff preferences

C.

Maturity analysis

D.

Extent of external audit coverage

Buy Now
Questions 144

When forming an opinion on the adequacy of management ' s systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?

• During an audit of the hiring process in a law firm, it was discovered that potential employees ' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.

• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.

• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.

• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Buy Now
Questions 145

Which of The following best describes a risk that is deemed " unacceptable " to the organization?

Options:

A.

A risk where likelihood and impact are high

B.

A risk where inherent risk exceeds its residual risk

C.

A risk where inherent risk exceeds the tolerance level

D.

A risk where residual risk exceeds the tolerance level

Buy Now
Questions 146

A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?

1. The client manager and her superior.

2. Anyone who may object to the report’s validity.

3. Anyone required to take action.

4. The same individuals who receive the final report.

Options:

A.

1 only

B.

1 and 2 only

C.

1, 2, and 3

D.

1, 2, and 4

Buy Now
Questions 147

The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?

Options:

A.

It minimizes the amount of time spent and cost incurred to gather the necessary information.

B.

Responses can be confidential, thus encouraging participants to be candid expressing their concerns.

C.

Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.

D.

Workshop participants have an opportunity to learn while contributing ideas toward the objectives.

Buy Now
Questions 148

During a review of data privacy an internal auditor is tasked with testing management ' s identification and prioritization of critical data collected by the organization. Which of the following steps would accomplish this objective?

Options:

A.

interview management to determine what types of data are collected and maintained

B.

Trace data from storage to the collection sources to determine how critical data is collected and organized

C.

Review a sample of data to determine whether the risk classification is reasonable

D.

Document and test a data inventory and classification program by determining the data classification levels and framework

Buy Now
Questions 149

Which of the following statements best explains why an internal auditor should pay attention to retained earnings of an organization?

Options:

A.

Retained earnings indicate the amount of potential dividends to be paid out to new investors.

B.

Retained earnings represent the amount of excess cash available in the organization.

C.

Retained earnings demonstrate that the organization was able to generate working capital from its own activities.

D.

Retained earnings constitute the main criterion used by ratings agencies to assess an organization.

Buy Now
Questions 150

Which of the following engagement techniques would be best to meet the objective of denting a personal conflict -of -interest situation affecting an organization’s procurement function?

Options:

A.

Inquiry

B.

Analytical review

C.

Observation

D.

Inspection of documents

Buy Now
Questions 151

According to IIA guidance, which of the following is least likely to be a key financial control in an organization ' s accounts payable process?

Options:

A.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Buy Now
Questions 152

An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for

testing. Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?

Options:

A.

Review logs of the vehicles assigned to employees for the delivery of goods during the engagement period.

B.

Visit the home address of the specific employee to see the selected vehicle.

C.

Compare the registered details of the vehicle in the fixed asset register to a date-stamped photograph of the vehicle.

D.

Seek independent confirmation of the vehicle ' s details from one of the delivery employees.

Buy Now
Questions 153

A technology firm ' s internal audit function is slated to perform a series of engagements assessing the security of its software development processes. To successfully perform these engagements, which competency should the internal audit function possess?

Options:

A.

Expertise in IT general controls

B.

Understanding of change management processes

C.

Proficiency in using design software

D.

Fluency in multiple programming languages

Buy Now
Questions 154

Which of the following statements is true regarding internal controls?

Options:

A.

For assurance engagements, internal auditors should plan to assess the effectiveness of all entity-level controls.

B.

Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.

C.

During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review, to prevent tipping off probable audit tests.

D.

Reviewing process maps and flowcharts is an appropriate method for the internal auditor to identify all key risks and controls during engagement planning.

Buy Now
Questions 155

An engagement work program o of greatest value to audit management when which of the following is true?

Options:

A.

The work program provides more detailed support for the audit report

B.

The work program helps determined the required amount of audit resources

C.

The work program helps ensure tie achievement of the engagement objectives

D.

The work program assists the auditor n developing and managing audit tests

Buy Now
Questions 156

For a new board chair who has not previously served on the organization’s board, which of the following steps should first be undertaken to ensure effective leadership to the board*?

Options:

A.

Chair should learn the current organizational culture of the company.

B.

Chair should learn the current risk management system of the company

C.

Chair should determine the appropriateness of the current strategic risks.

D.

Chair should gain an understanding of the needs of key stakeholders.

Buy Now
Questions 157

An organization ' s internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?

1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.

2. The AIC should notify HR management before the planning stage begins.

3. The AIC should schedule formal status meetings with HR management at the start of the engagement.

4. The AIC should finalize the scope of the engagement before communicating with HR management.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Buy Now
Questions 158

When auditing an organization ' s purchasing function, which of the following appropriately matches an engagement objective and the resulting audit procedure?

Options:

A.

Determine whether the purchasing department complies with policy by examining a random selection of purchase orders.

B.

Evaluate whether purchasing requests are properly approved by authorized staff by obtaining independent verification from the vendors.

C.

Ascertain whether material receipts are recorded on a timely basis by reviewing physical inventory stock counts.

D.

Determine whether prices charged for goods received are correct by reviewing the appropriate accounts payable record by vendor.

Buy Now
Questions 159

An internal auditor is conducting a preliminary survey of the investments area, and sends an internal control questionnaire to the management of the function. (An extract of the survey is provided below).

1. Are there any restrictions for any company ' s investments?

2. Are there any written policies and procedures that document the flow of investment processing?

3. Are investment purchases recorded in the general ledger on the date traded?

4. Is the documentation easily accessible to an persons who need in to perform their job?

Which of the following is a drawback of testing methods like this?

Options:

A.

They ore kitted as they do not allow the auditor to test many controls.

B.

They do not highlight control gaps

C.

They are not useful for identifying areas on which the auditor should locus.

D.

They are limited as there is a risk that management may not answer fairly.

Buy Now
Questions 160

An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the

bank heading, logo, or address. Which of the following statements is true regarding this situation?

Options:

A.

The evidence may not be reliable.

B.

The evidence is not relevant.

C.

The evidence may not be sufficient.

D.

The information missing is not relevant to the audit.

Buy Now
Questions 161

Which method of examining entity-level controls involves gathering information from work groups that represent different levels in an organization?

Options:

A.

Questionnaires.

B.

Surveys.

C.

Structured interviews

D.

Facilitated team workshops

Buy Now
Questions 162

Which of the following recognized competitive strategies focuses on gaining efficiencies?

Options:

A.

Focus

B.

Cost leadership.

C.

Innovation

D.

Differentiation

Buy Now
Questions 163

Which of the following best describes the engagement objective in a banking compliance audit?

Options:

A.

Assessing the cost-efficiency of business continuity plans

B.

Assessing whether the business continuity plans implement regulatory requirements

C.

Assessing whether the business continuity plans implement best practice recommendations

D.

Assessing the operating effectiveness of the business continuity plans

Buy Now
Questions 164

Which of the following statement is consistent with IIA guidance the use of mentoring for internal auditors?

Options:

A.

The member and the internal auditor should opt for informal meetings even if it means that no formal documentation will be created.

B.

The mentor relationship is usually not suitable for internal audit staff, as it does not leas to professional development.

C.

The value of mentoring is derived primarily from the personal relationship between the two parties involved, and the mentor’s level of relevant experience should not be a key factor.

D.

The mentor should be the internal auditor’s supervisor to ensure that the auditor performance is assessed in a relevant and meaningful context.

Buy Now
Questions 165

Which of the following performance measures is considered a lagging indicator to the largest degree?

Options:

A.

Return on investment

B.

Customer retention

C.

Employee satisfaction

D.

Cost of research and development

Buy Now
Questions 166

Which of the following would help the internal audit activity assess compliance with the organization ' s standard operating procedures for bank deposits during a preliminary survey?

Options:

A.

Issue an internal control questionnaire to select branch customers.

B.

Issue an internal control questionnaire to the president of the organization.

C.

Issue an internal control questionnaire to the director of bank operations.

D.

Issue an internal control questionnaire to select branch managers.

Buy Now
Questions 167

Which of the following statements best demonstrates application of due professional care during an assurance engagement?

Options:

A.

The engagement detected irregularities and noncompliance instances.

B.

The engagement supervisor had no significant comments in the supervisory review.

C.

The audit procedures were systematically planned: executed, and documented.

D.

The engagement objectives were designed to assist the engagement client

Buy Now
Questions 168

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

Options:

A.

An independent third party has assessed the organization ' s system of internal controls to be adequate and effective.

B.

The chief audit executive reports both functionally and administratively to the CEO

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives

Buy Now
Questions 169

The chief audit executive (CAE) for a manufacturing company included in this year s audit plan a review of the company ' s laboratory, using an experienced external service provider. The audit plan was approved by the audit committee without any changes At the time of engaging the external service provider, the CAE also secured the approval from the CEO. Who is responsible for ensuring that the conclusions reached for this exercise are adequately supported7

Options:

A.

Audit committee

B.

CEO

C.

CAE.

D.

External service provider

Buy Now
Questions 170

According to the IIA guidance, which of the following foes the engagement work test in a review in a review of an organization al process?

Options:

A.

Process objectives

B.

Process risks

C.

Process controls

D.

Process scope

Buy Now
Questions 171

Which of the following is the advantage of using internal control questionnaires (ICQs) as part of a preliminary survey for an engagement?

Options:

A.

ICQs provide testimonial evidence.

B.

ICQs are efficient.

C.

ICQs provide tangible evidence to be quantified.

D.

ICQs put observations into perspective.

Buy Now
Questions 172

The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?

Options:

A.

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Buy Now
Questions 173

In which of the following ways can the internal audit activity new engagement opportunities?

Options:

A.

By defining activities by business processes.

B.

By looking external factors such as product complaints.

C.

By looking at activities by businesses cost centers.

D.

By defining activities by the organization chart.

Buy Now
Questions 174

During follow-up. the internal auditor discovered that operational management did not implement effective actions to address a significant control breach If the issue is left unresolved it may result in regulatory sanctions and damage the organization ' s reputation What is the most appropriate next step for the chief audit executive to lake?

Options:

A.

Report the matter to the board

B.

Implement the recommended control to address the exposure

C.

Discuss the matter with senior management

D.

Ask the regulatory agency to persuade management to address the issue

Buy Now
Questions 175

An organization ' s finance manager plans to implement a state-of-the-art management system to better manage the organization ' s receivables. The finance manager consulted the chief audit executive (CAE) and asked for her assistance in determining whether the organization is able to accommodate this system. How would the CAE proceed to determine the objectives of this engagement

Options:

A.

Ask the CEO to determine the scope and objectives of the engagement

B.

Request that the board disclose its concerns over governance for inclusion in the engagement

C.

Discuss the concerns with the finance manager and work together to agree on the engagement objectives

D.

Review previous audit reports from the area and develop engagement objectives to address the area ' s key risks and controls

Buy Now
Questions 176

Which of the following statements is true regarding internal controls?

Options:

A.

For assurance engagements internal auditors should plan to assess the effectiveness of all entity-level controls

B.

Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.

C.

During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review to prevent tipping off probable audit lasts

D.

Reviewing process maps and flowcharts is an appropriate method for the internal a auditor to identify all key risks and controls during engagement planning

Buy Now
Questions 177

Senior management wants assurance that third-party contractors are following procedures as agreed with the organization. Which type of audit would be most appropriate

to achieve this objective?

Options:

A.

A compliance audit.

B.

A due diligence audit.

C.

A financial audit.

D.

An external audit.

Buy Now
Questions 178

An internal auditor s testing tor proper authorization of contracts and finds that the rate of deviations discovered in the sample is equal to the tolerable deviation rate. When of the following is the most appropriate conclusion for the internal auditor to make based on this result?

Options:

A.

The internal auditor concludes that management may be placing undue reliance on me specified control

B.

The internal auditor concludes that the specified control is more effective than it really is.

C.

The internal auditor concludes that the specified control is acceptably effective

D.

The internal auditor concludes that additional testing will be required to evaluate the specified control

Buy Now
Questions 179

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

Options:

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Buy Now
Questions 180

An internal auditor is planning a consuming engagement and the objective is to identify opportunities to improve the efficiency of the organization’s procurement process. The auditor is preparing to conduct a preliminary survey of the area. Which of the following approaches would be most useful to obtain relevant information to support the engagement objective?

Options:

A.

Complete a transaction walkthrough fiat focuses on the design and operation of financial reporting controls

B.

Conduct interviews with senior management to obtain their input and insights regarding operational controls.

C.

Perform a comprehensive review of the organization s existing policies and standard operating procedures.

D.

Review the procurement process map w*h employees who carry out key activities to obtain their input and insights.

Buy Now
Questions 181

Which of the following statements is most accurate with respect to the required elements of the quality assurance and improvement program?

Options:

A.

Internal assessments provide sufficient objectivity to provide evidence to the board that the internal audit activity understands the organization ' s control processes.

B.

Quality assessments focus on the internal audit activity’s structure, relationships with stakeholders, compliance with the Standards, and internal audit staff proficiency.

C.

in order to comply with the Standards, the internal audit activity must obtain an objective assessment of its processes and function at least once a year

D.

Internal auditors completing internal assessments must demonstrate certification to perform quality assessments

Buy Now
Questions 182

According to the Standards, which of the following is true regarding the auditor ' s inclusion of management ' s satisfactory performance in the final audit report?

Options:

A.

Acknowledgement of satisfactory performance is encouraged but not required.

B.

There are no standards to address the inclusion of satisfactory performance.

C.

Satisfactory performance should only be acknowledged with the advice of corporate counsel.

D.

Auditors must include satisfactory performance with the approval of the board.

Buy Now
Questions 183

Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?

Options:

A.

The person responsible for performing the task

B.

Two or more people that work in the area

C.

The supervisor in charge of the process

D.

The manager that wrote the steps to be followed

Buy Now
Questions 184

Which of the following statements is true regarding a drawback of using internal control questionnaires (ICQs)?

Options:

A.

When internal auditors need to cover many control procedures using ICQs is generally less efficient than conducting observations and inspections

B.

It is generally difficult for internal auditors lo compile appropriate ICQs for business activities that are governed by standardized operating procedures

C.

ICQs are inadequate to provide effective assurance on how organizational processes are executed in practice.

D.

It is generally difficult for internal auditors to process completed questionnaires, because ICQs frequently elicit detailed comments and long answers from management

Buy Now
Questions 185

In a small internal audit function, a single auditor is responsible for conducting the entire audit engagement. In this situation, what is the benefit of using a checklist as part of an engagement work program?

Options:

A.

Allocation of tasks and responsibilities within the team.

B.

Facilitation of review by business representatives involved.

C.

Overview of results from previous audits.

D.

Retention of an audit trail regarding completion of tasks.

Buy Now
Questions 186

According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?

Options:

A.

Criteria

B.

Cause

C.

Effect

D.

Condition

Buy Now
Questions 187

The objective of an upcoming engagement is to review the wind park projects and assess compliance with established project management principles. Which of the following is most likely to be the aim of the engagement work program?

Options:

A.

Evaluate the application of project management guidance in the development of wind parks.

B.

Identify key risks and mitigation plans pertaining to the management of wind parks.

C.

Assess whether development of wind parks is compliant with relevant legal acts and international best practices.

D.

Review the wind park development strategy and compare its goals with operational targets and metrics.

Buy Now
Questions 188

An internal auditor is performing an assessment in a vehicle brake manufacturing company. The auditor learned that the product quality test conditions are aligned with the company’s written test procedures. However, the test conditions are not similar to conditions experienced by vehicles in the real world. Documentation shows that a significant percentage of products fail the quality tests. Products that fail the tests are discarded. Which perspective is appropriate?

Options:

A.

The tests are acceptable since they are good enough to detect quality problems and failure products are not sent to the market.

B.

Despite a significant rejection percentage, the test conditions are not useful because they are not similar to real world conditions. The significance of the finding is reduced because tests are performed in accordance with written procedures.

C.

The quality tests must be run in similar conditions as vehicles experience in the real world. This is a major finding since there is a risk to life considering the type of product being evaluated.

D.

Despite the risk of an accident, the severity of the finding can be reduced because the company discards the failed products. Due to this, the likelihood of occurrence is low.

Buy Now
Questions 189

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

Options:

A.

The financial interest the service provider may have in the organization.

B.

The relationship the service provider may have had with the organization or the activities being reviewed.

C.

Compensation or other incentives that may be applicable to the service provider.

D.

The service provider ' s experience in the type of work being considered.

Buy Now
Questions 190

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?

There is a clear strategy and timeline to migrate risk management responsibility back to management.

The internal audit activity has the final approval on any risk management decisions.

The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.

The nature of services provided to the organization is documented in the internal audit charter.

Options:

A.

1 and 4 only.

B.

2 and 4 only.

C.

1 and 3 only.

D.

2 and 3 only.

Buy Now
Questions 191

Which of the following actions best describes an internal auditor ' s use of test data to determine whether an organization ' s new accounts payable system avoids processing questionable invoices for payment?

Options:

A.

Creating an automated tool that monitors the computer program on a daily basis for potential issues that need corrective actions.

B.

Using an automated system that assists internal auditors with automating the risk analysis of the computer program for invoicing

C.

Embedding tools in the computer program to analyze the review processes of invoices for potential issues that may hamper payments

D.

Adding invoices to the computer program to assess the reliability and effectiveness of the review process and whether controls work.

Buy Now
Questions 192

Which of the following is an example of a properly supervised engagement?

Options:

A.

Auditors are asked to keep a daily record of their activity for review by the auditor in charge following the engagement.

B.

The senior internal auditor requires each auditor to review and initial colleagues’ workpapers for completeness and format

C.

A new internal auditor is accompanied by an experienced auditor during a highly sensitive fraud investigation.

D.

The auditor in charge provides reasonable assurance that engagement objectives were met

Buy Now
Questions 193

Which type of assurance engagement is conducted to determine whether a process or area is performing as intended, accomplishing its objectives, and doing so in an efficient and economical way?

Options:

A.

Compliance audit.

B.

Operational audit.

C.

Financial audit.

D.

Provider audit.

Buy Now
Questions 194

Which of the following statements is false regarding audit criteria?

Options:

A.

Audit criteria should be consistent across audit assignments.

B.

Audit criteria should represent reasonable standards against which to assess existing conditions.

C.

Audit criteria should provide flexibility but allow identification of nonadherence.

D.

Audit criteria should equate to good or acceptable management practices.

Buy Now
Questions 195

Which of the following is the most appropriate objective for establishing a professional development plan for the internal audit activity?

Options:

A.

A plan that focuses on furthering the independence of the internal audit activity.

B.

A plan that ensures internal auditors collectively possess expertise in various fields to avoid outsourcing.

C.

A plan based on individual preferences and proposals, which helps internal auditors achieve greater success.

D.

A plan that focuses on filling gaps in the current skills needed to complete audit objectives.

Buy Now
Questions 196

While performing fieldwork for an assurance engagement, a member of the internal audit team identified a key control that was not identified during the planning phase of the engagement Which of the following actions by the internal auditor would be most appropriate?

Options:

A.

Promptly adjust the audit work program to include tests that address the newly identified control and notify the other audit team members of the change

B.

Proceed with the current audit work program because the engagement scope has already been finalized but plan to address the newly identified control as part of the follow up engagement

C.

Adjust the audit work program to account for the new control, but only with approval from the engagement supervisor

D.

Discuss the control with management of the area under review and seek their approval prior to including the control in the current audit engagement

Buy Now
Questions 197

An internal auditor believes that the internal audit activity ' s independence is impaired Which of the following actions should the internal auditor take first?

Options:

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager.

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Buy Now
Questions 198

Which of the following attribute sampling methods would be most appropriate to use to measure the total misstatement posted to an accounts payable ledger?

Options:

A.

Stop-or-go sampling

B.

Probability to proportional size sampling

C.

Classical variable sampling

D.

Discovery sampling

Buy Now
Questions 199

According to Herzberg’s Two-Factor Theory of Motivation, which of the following factors are mentioned most often by satisfied employees9

Options:

A.

Salary and status.

B.

Responsibility and advancement

C.

Work conditions and security.

D.

Peer relationships and personal life

Buy Now
Questions 200

Which of the following statements is true regarding corporate social responsibility (CSR)?

Options:

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan

B.

Despite significant corporate resources spent on CSR reporting, investors generally do not rely on CSR information.

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary.

D.

Typically, operating management does not have a major role to play based on the public nature of reporting

Buy Now
Questions 201

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy Which of the following is the most appropriate idea to include?

Options:

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board Is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported

C.

Management is responsible for ensuring that the organization ' s CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization, thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Buy Now
Questions 202

New environmental regulations require the board to certify that the organization ' s reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization ' s compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?

Options:

A.

The audit committee of the board.

B.

The environmental, health, and safety manager.

C.

The organization ' s external environmental lawyers.

D.

The organization ' s insurance department.

Buy Now
Questions 203

It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?

Options:

A.

The internal audit risk assessment and audit plan for the next fiscal year.

B.

The internal audit budget and resource plan for the coming fiscal year.

C.

A request for an increase of the CAE ' s salary for the next fiscal year.

D.

The evaluation and compensation of the internal audit team.

Buy Now
Questions 204

Which of the following items, included in the preliminary audit communication would be most useful for management to formulate action plans in response to audit recommendations?

Options:

A.

A condition

B.

An audit objectives

C.

An audit scope

D.

An observation rating

Buy Now
Questions 205

Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?

Options:

A.

Evaluate how the organization manages fraud risk.

B.

Establish procedures for improving risk management processes.

C.

Ensure risk responses are aligned with industry standards

D.

Verify that organizational objectives are aligned with each departments objectives.

Buy Now
Questions 206

Which of the following internal audit activities is performed in the design evaluation phase?

Options:

A.

The internal auditor reviews prior audits and workpapers.

B.

The internal auditor identifies the controls over segregation of duties.

C.

The internal auditor checks a process for completeness.

D.

The internal auditor communicates the audit results to management.

Buy Now
Questions 207

Which of the following statements is true regarding engagement planning?

Options:

A.

The scope of the engagement should be planned according to the internal audit activity ' s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational managements view of risk objectives

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence

Buy Now
Questions 208

An internal auditor finds inconsistencies in a risk area that needs immediate attention. Which of the following actions is most appropriate for the auditor?

Options:

A.

Prepare an action plan to address the inconsistencies

B.

Contact regulatory agencies to report the inconsistencies and recommended corrective actions

C.

Assess the risk of the inconsistencies against the organization ' s mission

D.

Issue an interim report to senior management

Buy Now
Questions 209

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

Options:

A.

Report the monitoring status to senior management when requested.

B.

Assist management with implementing corrective actions.

C.

Determine the frequency and approach to monitoring

D.

Include all types of observations in the monitoring process

Buy Now
Questions 210

Which of the following engagement supervision activities should be performed first?

Options:

A.

Ensure that internal audit recommendations are practical, cost-effective, and value-added

B.

Ensure that internal audit conclusions am based on sufficient and reliable evidence

C.

Ensure that risks to the timely completion of the engagement are assessed

D.

Ensure that performance assessments are completed for audit team members

Buy Now
Questions 211

A chief audit executive (CAE) identifies that the internal audit activity lacks a necessary skill to perform a management request for a consulting engagement. According to IIA guidance, which of the following Is the most appropriate action the CAE should take regarding the request?

Options:

A.

Assign the engagement to a more senior internal auditor.

B.

Decline the engagement request.

C.

Allow the internal auditors to acquire the needed skills while performing the engagement.

D.

Supervise the assigned internal auditors throughout the engagement.

Buy Now
Questions 212

While reviewing warehouse inventory records, an internal auditor noticed that the warehouse has a surprisingly high number of products in storage. Over the past three years, the auditor had visited this particular warehouse numerous times for previous engagements and remembered that the warehouse was rather small. The auditor then decided to compare the square footage of the warehouse to the recorded number of products in storage. The auditor’s action is an example of which of the following?

Options:

A.

Performing a reasonableness test.

B.

Conducting a fraud investigation.

C.

Conducting trend analysis.

D.

Operating with impaired objectivity.

Buy Now
Questions 213

According to IIA guidance which of the following represents sufficient information?

Options:

A.

Information that is factual adequate and convincing

B.

Information that is best attainable through the use of appropriate engagement techniques

C.

Information that supports engagement objectives and recommendations

D.

Information that helps the organization meet its goals

Buy Now
Questions 214

According to IIA guidance, which of the following activities is most likely to enhance stakeholders ' perception of the value the internal audit activity (IAA) adds to the organization?

1. The IAA uses computer-assisted audit techniques and IT applications.

2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.

3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.

4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Buy Now
Questions 215

Organizations that adopt just-in-time purchasing systems often experience which of the following?

Options:

A.

A slight increase in carrying costs.

B.

A greater need for inspection of goods as the goods arrive

C.

A greater need for linkage with a vendors computerized order entry system.

D.

An Increase in the number of suitable suppliers

Buy Now
Questions 216

Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?

Options:

A.

Proposing fine item recommendation lot the annual financial budget of the accounting department

B.

Making recommendations regarding financial approval authority limits for the operations department

C.

Validating whether employees are following established policies and procedures in the procurement department

D.

Generating expense report metrics for employees in the finance department

Buy Now
Questions 217

Which of the following methodologies consists of the internal auditor holding individual meetings with different people, asking them the same questions, and aggregating the results?

Options:

A.

Facilitated workshops.

B.

Surveys.

C.

Structured interviews.

D.

Elicitation.

Buy Now
Questions 218

According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?

Options:

A.

Enable training and development of staff, identify engagement objectives, and assign responsibilities to individual auditors.

B.

Identify engagement objectives, assign responsibilities to individual auditors, and approve the engagement program.

C.

Assign responsibilities to individual auditors, approve the engagement program, and enable training and development of staff.

D.

Approve the engagement program, enable training and development of staff, and identify engagement objectives

Buy Now
Questions 219

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

Options:

A.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

B.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

C.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

D.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Buy Now
Questions 220

Which of the following statements is true regarding the management-by-objectives method?

Options:

A.

Management by objectives is most helpful in organizations that have rapid changes

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

C.

Management by objectives helps organizations to keep employees motivated.

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Buy Now
Questions 221

The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management ' s corrective actions Doing so would help the CAE assess which of the following?

Options:

A.

Disclosure risk.

B.

Residual risk

C.

Compliance risk

D.

Inherent risk

Buy Now
Questions 222

The internal audit activity is currently working on several engagements, including a consulting engagement on the management process in the human resources department. Which of the following actions should the chief audit executive take to most efficiently and effectively ensure the quality of the engagement?

Options:

A.

Assign an experienced manager to monitor the whole engagement process.

B.

Employ fieldwork peer review to enhance the work quality.

C.

Require internal auditors to follow a standardized work program.

D.

Personally supervise the engagement.

Buy Now
Questions 223

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

Options:

A.

Increased access to the organization’s employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization ' s key business processes.

D.

Increased access to the organization’s software and proprietary data.

Buy Now
Questions 224

Which of the following statements about internal audit ' s follow-up process is true?

Options:

A.

The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure quality performance.

B.

The actions of external auditors and other external assurance providers is not encompassed by internal audit ' s follow-up process.

C.

Internal auditors have responsibility for determining if management and the board have implemented the recommended action or otherwise accepted the risk.

D.

The follow-up process must be complete and documented in the working papers in order to conclude the engagement.

Buy Now
Exam Code: IIA-CIA-Part2
Exam Name: Internal Audit Engagement
Last Update: Jul 5, 2026
Questions: 747
IIA-CIA-Part2 pdf

IIA-CIA-Part2 PDF

$25.5  $84.99
IIA-CIA-Part2 Engine

IIA-CIA-Part2 Testing Engine

$30  $99.99
IIA-CIA-Part2 PDF + Engine

IIA-CIA-Part2 PDF + Testing Engine

$40.5  $134.99