Question 1

When performing benchmarking during the planning phase of a performance audit, an internal auditor should:

Accepted Answer

A)  Determine the current performance gap. 
B)  Project future performance levels. 
C)  Develop functional action plans. 
D)  Identify comparative organizations. 
A)  Determine the current performance gap. 
B)  Project future performance levels. 
C)  Develop functional action plans. 
D)  Identify comparative organizations.

Question 2

Which of the following controls is not appropriate for sales in a manufacturing organization?

Accepted Answer

A)  Customers' orders are recorded promptly. 
B)  Goods shipped are matched with valid customer orders. 
C)  Goods returned are inspected for damage by the receiving department for proper disposition. 
D)  Sales department approval is required for credit sales transactions. 
A)  Customers' orders are recorded promptly. 
B)  Goods shipped are matched with valid customer orders. 
C)  Goods returned are inspected for damage by the receiving department for proper disposition. 
D)  Sales department approval is required for credit sales transactions.

Question 3

During an audit of financial contracts, an auditor learns that a relative has a substantial loan with the organization. The auditor should:

Accepted Answer

A)  Exclude the relative's information from the audited work and proceed with the audit engagement. 
B)  Proceed with the audit engagement but disclose in the engagement final communication that the relative is a customer. 
C)  Immediately withdraw from the audit engagement. 
D)  Notify management and the chief audit executive (CA
E)  and have the CAE determine whether the auditor should continue with the audit engagement. 
A)  Exclude the relative's information from the audited work and proceed with the audit engagement. 
B)  Proceed with the audit engagement but disclose in the engagement final communication that the relative is a customer. 
C)  Immediately withdraw from the audit engagement. 
D)  Notify management and the chief audit executive (CA
E)  and have the CAE determine whether the auditor should continue with the audit engagement.

Question 4

Inadequate risk assessment would have the strongest negative impact in which of the following phases of an audit engagement?

Accepted Answer

A)  Determining the scope. 
B)  Reviewing internal controls. 
C)  Testing. 
D)  Evaluating findings. 
A)  Determining the scope. 
B)  Reviewing internal controls. 
C)  Testing. 
D)  Evaluating findings.

Question 5

When internal auditors perform consulting services that add value and improve an organization's operations, these services:

Accepted Answer

A)  Impair the internal auditors' objectivity with respect to an assurance service involving the same engagement client. 
B)  Would preclude the achievement of assurance from the consulting engagement. 
C)  Should be consistent with the internal audit activity's empowerment reflected in the charter. 
D)  Impose no responsibility to communicate information other than to the engagement client. 
A)  Impair the internal auditors' objectivity with respect to an assurance service involving the same engagement client. 
B)  Would preclude the achievement of assurance from the consulting engagement. 
C)  Should be consistent with the internal audit activity's empowerment reflected in the charter. 
D)  Impose no responsibility to communicate information other than to the engagement client.

Question 6

To enhance the independence of both the internal and external audit functions, audit committees should be composed of:

Accepted Answer

A)  A rotating subcommittee of the board of directors or its equivalent. 
B)  A combination of external members of the board of directors and company officers. 
C)  Members from all important constituencies, specifically including representatives from banking, labor, regulatory agencies, shareholders, and officers. 
D)  Only external members of the board of directors or other similar oversight committees. 
A)  A rotating subcommittee of the board of directors or its equivalent. 
B)  A combination of external members of the board of directors and company officers. 
C)  Members from all important constituencies, specifically including representatives from banking, labor, regulatory agencies, shareholders, and officers. 
D)  Only external members of the board of directors or other similar oversight committees.

Question 7

If management has not established a risk management process, the internal audit activity could.

Accepted Answer

A)  Take a proactive role that supplements traditional assurance activities. 
B)  Identify and mitigate risks to the organization. 
C)  Assume responsibility for the management of identified risks. 
D)  Assume primary responsibility for determining if adequate and effective processes are in place. 
A)  Take a proactive role that supplements traditional assurance activities. 
B)  Identify and mitigate risks to the organization. 
C)  Assume responsibility for the management of identified risks. 
D)  Assume primary responsibility for determining if adequate and effective processes are in place.

Question 8

Which of the following topics would a chief audit executive most likely include with their report to the board?

Accepted Answer

A)  The status of labor contract negotiations at the largest manufacturing plant. 
B)  A significant level of senior management turnover throughout the organization. 
C)  A recent management hire to oversee labor concerns. 
D)  Analyses of recent increases in overtime. 
A)  The status of labor contract negotiations at the largest manufacturing plant. 
B)  A significant level of senior management turnover throughout the organization. 
C)  A recent management hire to oversee labor concerns. 
D)  Analyses of recent increases in overtime.

Question 9

Which of the following would not be a red flag for fraud?

Accepted Answer

A)  Several recent, large expenditures to a new vendor have not been documented. 
B)  A manager has bragged about multiple extravagant vacations taken within the last year, which are excessive relative to the manager's salary. 
C)  A weak control environment has been accepted by management to encourage creativity. 
D)  New employees occasionally fail to meet established project deadlines due to staffing shortages. 
A)  Several recent, large expenditures to a new vendor have not been documented. 
B)  A manager has bragged about multiple extravagant vacations taken within the last year, which are excessive relative to the manager's salary. 
C)  A weak control environment has been accepted by management to encourage creativity. 
D)  New employees occasionally fail to meet established project deadlines due to staffing shortages.

Question 10

Which of the following statements is correct with regard to risk management?

Accepted Answer

A)  The board's responsibility for risk management cannot be assigned to a board committee, such as a board risk committee. 
B)  The chief audit executive is accountable to the board for designing, implementing and monitoring the risk management process. 
C)  The total process of risk management, which includes a related system of internal control, is the responsibility of the board. 
D)  The finance director is responsible for the overall implementation of the risk management process. 
A)  The board's responsibility for risk management cannot be assigned to a board committee, such as a board risk committee. 
B)  The chief audit executive is accountable to the board for designing, implementing and monitoring the risk management process. 
C)  The total process of risk management, which includes a related system of internal control, is the responsibility of the board. 
D)  The finance director is responsible for the overall implementation of the risk management process.

Question 11

According to IIA guidance, which of the following are macro-level audit activities performed for an assurance engagement of the purchasing department? 1. Obtain and review all purchasing-related audit reports issued within the past year. 2. Meet with the quality assurance group to discuss its previous reports of any purchasing-related findings. 3. Review a memo written by the purchasing manager that outlines ongoing problems with the purchasing software. 4. Request a copy of the report from a purchasing audit conducted last year by an external service provider.

Accepted Answer

A)  1 and 2. 
B)  1 and 3. 
C)  2 and 4. 
D)  3 and 4. 
A)  1 and 2. 
B)  1 and 3. 
C)  2 and 4. 
D)  3 and 4.

Question 12

Internal auditors who are concerned with potential risks due to the mishandling of records or transactions should take into consideration:

Accepted Answer

A)  The type and nature of the activities to be examined. 
B)  Whether employees in key positions of trust are bonded. 
C)  The history of losses suffered by the company. 
D)  The results of prior risk assessments. 
A)  The type and nature of the activities to be examined. 
B)  Whether employees in key positions of trust are bonded. 
C)  The history of losses suffered by the company. 
D)  The results of prior risk assessments.

Question 13

Which of the following risk management activities is most appropriate for an internal auditor to undertake?

Accepted Answer

A)  Impose risk management processes. 
B)  Coordinate risk management activities. 
C)  Implement risk responses on management's behalf. 
D)  Review the management of key risks. 
A)  Impose risk management processes. 
B)  Coordinate risk management activities. 
C)  Implement risk responses on management's behalf. 
D)  Review the management of key risks.

Question 14

An internal auditor is using a spreadsheet application to review a cash flow forecast prepared by management. Which of the following correctly identifies the type of evidence this information represents?

Accepted Answer

A)  Competent, corroborative evidence of future working capital requirements. 
B)  Sufficient, analytical evidence of the cash flow position at a given point of time in the future. 
C)  Competent, documentary evidence of future cash flow changes within the organization. 
D)  Sufficient, circumstantial evidence of the future solvency of the organization. 
A)  Competent, corroborative evidence of future working capital requirements. 
B)  Sufficient, analytical evidence of the cash flow position at a given point of time in the future. 
C)  Competent, documentary evidence of future cash flow changes within the organization. 
D)  Sufficient, circumstantial evidence of the future solvency of the organization.

Question 15

During a review of data center physical security and environmental controls, an auditor should ensure that:

Accepted Answer

A)  Visitors are accompanied by authorized personnel at all times. II. Only developers and operators have access to the data center. III. Fire suppression equipment is tested periodically. IV. Fire and water detectors have been installed. 
B)  I and III only 
C)  II and IV only 
D)  I, III, and IV only 
E)  II, III, and IV only 
A)  Visitors are accompanied by authorized personnel at all times. II. Only developers and operators have access to the data center. III. Fire suppression equipment is tested periodically. IV. Fire and water detectors have been installed. 
B)  I and III only 
C)  II and IV only 
D)  I, III, and IV only 
E)  II, III, and IV only

Question 16

Which of the following scenarios exemplifies a potential internal control weakness?

Accepted Answer

A)  The same employee who receives cash from customers prepares a prelisting of cash receipts. 
B)  The same employee who records cash receipts in the accounts receivable subsidiary ledger ensures that the ledger automatically updates the information. 
C)  The same employee who restrictively endorses checks received from customers prepares the bank's check deposit slips. 
D)  The same employee who makes deposits at the bank prepares the monthly bank reconciliation. 
A)  The same employee who receives cash from customers prepares a prelisting of cash receipts. 
B)  The same employee who records cash receipts in the accounts receivable subsidiary ledger ensures that the ledger automatically updates the information. 
C)  The same employee who restrictively endorses checks received from customers prepares the bank's check deposit slips. 
D)  The same employee who makes deposits at the bank prepares the monthly bank reconciliation.

Question 17

Why are preventative controls generally preferred to detective controls?

Accepted Answer

A)  Because preventive controls promote doing the right thing in the first place, and lessen the need for corrective action. 
B)  Because preventive controls are more sensitive and identify more exceptions than detective controls. 
C)  Because preventive controls include output procedures, which cover the full range of possible reviews, reconciliations and analysis. 
D)  Because preventive controls identify exceptions after-the-fact, allowing them to be used after the entire review is complete and therefore finding exceptions that detective controls may have missed. 
A)  Because preventive controls promote doing the right thing in the first place, and lessen the need for corrective action. 
B)  Because preventive controls are more sensitive and identify more exceptions than detective controls. 
C)  Because preventive controls include output procedures, which cover the full range of possible reviews, reconciliations and analysis. 
D)  Because preventive controls identify exceptions after-the-fact, allowing them to be used after the entire review is complete and therefore finding exceptions that detective controls may have missed.

Question 18

If an engagement client disputes that a specific action or process is within the scope of the internal audit activity, what would be the most appropriate way for the internal audit activity (IAA) to respond?

Accepted Answer

A)  Terminate the audit engagement in full because an operational audit will not be productive without the client's cooperation. 
B)  Terminate only the specific action or process with which the client disagrees and work to determine a substitute function that will not impede further IAA or the client-audit relationship. 
C)  Refer the client to the IAA's charter and the approved yearly audit plan, which includes the areas designated for audit in the current time period. 
D)  Seek the approval of senior management or the board in mediation, allowing an overseer to clarify the scope of the audit engagement for the client. 
A)  Terminate the audit engagement in full because an operational audit will not be productive without the client's cooperation. 
B)  Terminate only the specific action or process with which the client disagrees and work to determine a substitute function that will not impede further IAA or the client-audit relationship. 
C)  Refer the client to the IAA's charter and the approved yearly audit plan, which includes the areas designated for audit in the current time period. 
D)  Seek the approval of senior management or the board in mediation, allowing an overseer to clarify the scope of the audit engagement for the client.

Question 19

When developing the organization's first risk universe, which of the following would the chief audit executive be least likely to consider?

Accepted Answer

A)  The amount of risk that an organization is willing to seek or accept. 
B)  The extent and degree of interdependency for identified key risks. 
C)  The boundaries established to manage the amount of risk taken. 
D)  The exposure to risks following management's risk responses. 
A)  The amount of risk that an organization is willing to seek or accept. 
B)  The extent and degree of interdependency for identified key risks. 
C)  The boundaries established to manage the amount of risk taken. 
D)  The exposure to risks following management's risk responses.

Question 20

Management has requested that an internal auditor serve as member of a task force that will review current receivables practices and make recommendations to improve processes. Which of the following is the most appropriate response by the internal auditor?

Accepted Answer

A)  Accept the assignment provided that such consulting services are defined in the charter. 
B)  Decline the assignment because participation on task forces will impair the auditor's objectivity in future audit engagements. 
C)  Accept the assignment if the auditor believes that it will not impair objectivity in future audit engagements. 
D)  Do not accept the assignment because the assignment is not part of an approved audit plan. 
A)  Accept the assignment provided that such consulting services are defined in the charter. 
B)  Decline the assignment because participation on task forces will impair the auditor's objectivity in future audit engagements. 
C)  Accept the assignment if the auditor believes that it will not impair objectivity in future audit engagements. 
D)  Do not accept the assignment because the assignment is not part of an approved audit plan.

When performing benchmarking during the planning phase of a performance audit, an internal auditor should:

Which of the following controls is not appropriate for sales in a manufacturing organization?

During an audit of financial contracts, an auditor learns that a relative has a substantial loan with the organization. The auditor should:

Inadequate risk assessment would have the strongest negative impact in which of the following phases of an audit engagement?

When internal auditors perform consulting services that add value and improve an organization's operations, these services:

To enhance the independence of both the internal and external audit functions, audit committees should be composed of:

If management has not established a risk management process, the internal audit activity could.

Which of the following topics would a chief audit executive most likely include with their report to the board?

Which of the following would not be a red flag for fraud?

Which of the following statements is correct with regard to risk management?

Internal auditors who are concerned with potential risks due to the mishandling of records or transactions should take into consideration:

Which of the following risk management activities is most appropriate for an internal auditor to undertake?

An internal auditor is using a spreadsheet application to review a cash flow forecast prepared by management. Which of the following correctly identifies the type of evidence this information represents?

During a review of data center physical security and environmental controls, an auditor should ensure that:

Which of the following scenarios exemplifies a potential internal control weakness?

Why are preventative controls generally preferred to detective controls?

If an engagement client disputes that a specific action or process is within the scope of the internal audit activity, what would be the most appropriate way for the internal audit activity (IAA) to respond?

When developing the organization's first risk universe, which of the following would the chief audit executive be least likely to consider?

Management has requested that an internal auditor serve as member of a task force that will review current receivables practices and make recommendations to improve processes. Which of the following is the most appropriate response by the internal auditor?

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters

Exam 3: The Internal Audit Activity Role in Governance, Risk, and Control

When performing benchmarking during the planning phase of a performance audit, an internal auditor should:

Which of the following controls is not appropriate for sales in a manufacturing organization?

During an audit of financial contracts, an auditor learns that a relative has a substantial loan with the organization. The auditor should:

Inadequate risk assessment would have the strongest negative impact in which of the following phases of an audit engagement?

When internal auditors perform consulting services that add value and improve an organization's operations, these services:

To enhance the independence of both the internal and external audit functions, audit committees should be composed of:

If management has not established a risk management process, the internal audit activity could.

Which of the following topics would a chief audit executive most likely include with their report to the board?

Which of the following would not be a red flag for fraud?

Which of the following statements is correct with regard to risk management?

Internal auditors who are concerned with potential risks due to the mishandling of records or transactions should take into consideration:

Which of the following risk management activities is most appropriate for an internal auditor to undertake?

An internal auditor is using a spreadsheet application to review a cash flow forecast prepared by management. Which of the following correctly identifies the type of evidence this information represents?

During a review of data center physical security and environmental controls, an auditor should ensure that:

Which of the following scenarios exemplifies a potential internal control weakness?

Why are preventative controls generally preferred to detective controls?

If an engagement client disputes that a specific action or process is within the scope of the internal audit activity, what would be the most appropriate way for the internal audit activity (IAA) to respond?

When developing the organization's first risk universe, which of the following would the chief audit executive be least likely to consider?

Management has requested that an internal auditor serve as member of a task force that will review current receivables practices and make recommendations to improve processes. Which of the following is the most appropriate response by the internal auditor?

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters