Question 1

Overall audit efficiency is enhanced between the internal and external audit functions when:

Accepted Answer

A)  Internal audit coverage is reduced to avoid potential conflicts of interest. 
B)  Audits of the same department are conducted at different times. 
C)  The internal audit department reviews functions or departments prior to the external audit. 
D)  External audit scope is reduced based on the internal audit department's activities. 
A)  Internal audit coverage is reduced to avoid potential conflicts of interest. 
B)  Audits of the same department are conducted at different times. 
C)  The internal audit department reviews functions or departments prior to the external audit. 
D)  External audit scope is reduced based on the internal audit department's activities.

Question 2

According to the International Professional Practices Framework, a primary purpose of evaluating the adequacy of an organization's risk management, control, and governance processes is to determine if it:

Accepted Answer

A)  Was designed to ensure compliance with policies, plans, procedures, laws, and regulations. 
B)  Provides reasonable assurance that the organization's objectives will be met. 
C)  Mitigates inherent risk. 
D)  Assures the reliability and integrity of information used by management. 
A)  Was designed to ensure compliance with policies, plans, procedures, laws, and regulations. 
B)  Provides reasonable assurance that the organization's objectives will be met. 
C)  Mitigates inherent risk. 
D)  Assures the reliability and integrity of information used by management.

Question 3

An organization invests its savings in a volatile stock with the potential for high gains rather than a mutual fund with a lower expected return and lower volatility. This best describes which of the following risk concepts?

Accepted Answer

A)  Risk identification. 
B)  Risk appetite. 
C)  Risk capacity. 
D)  Risk tolerance. 
A)  Risk identification. 
B)  Risk appetite. 
C)  Risk capacity. 
D)  Risk tolerance.

Question 4

Which of the following would be the least significant consideration when performing a risk analysis?

Accepted Answer

A)  Financial exposure and potential loss. 
B)  Skills available within the audit staff. 
C)  Results of prior audits. 
D)  Major operating changes. 
A)  Financial exposure and potential loss. 
B)  Skills available within the audit staff. 
C)  Results of prior audits. 
D)  Major operating changes.

Question 5

Which of the following combinations of conditions is most likely a red flag for fraud?

Accepted Answer

A)  The practice of surprise audits and the implementation of an employee support program. 
B)  Hiring an employee with a prior fraud conviction and yearly management review. 
C)  Occasional accounting department overrides and discontinuation of the anonymous fraud hotline due to infrequent use. 
D)  A veteran employee in upper management experiencing financial difficulties and recently implemented enhanced controls. 
A)  The practice of surprise audits and the implementation of an employee support program. 
B)  Hiring an employee with a prior fraud conviction and yearly management review. 
C)  Occasional accounting department overrides and discontinuation of the anonymous fraud hotline due to infrequent use. 
D)  A veteran employee in upper management experiencing financial difficulties and recently implemented enhanced controls.

Question 6

When an external auditor unknowingly fails to modify an opinion on financial statements that are materially misstated, this is an example of:

Accepted Answer

A)  An inherent risk. 
B)  A control risk. 
C)  An audit risk. 
D)  A residual risk. 
A)  An inherent risk. 
B)  A control risk. 
C)  An audit risk. 
D)  A residual risk.

Question 7

Which of the following is a role of the board of directors in the governance process?

Accepted Answer

A)  Conduct periodic assessments of the organization's governance systems. 
B)  Obtain assurance concerning the effectiveness of the organization's governance systems. 
C)  Implement an effective system of internal controls to support the organization's governance systems. 
D)  Review and approve operational goals and objectives. 
A)  Conduct periodic assessments of the organization's governance systems. 
B)  Obtain assurance concerning the effectiveness of the organization's governance systems. 
C)  Implement an effective system of internal controls to support the organization's governance systems. 
D)  Review and approve operational goals and objectives.

Question 8

An organization has a policy requiring two signatures on all checks written for amounts in excess of $10, 000. When evaluating controls over disbursements, an auditor would conclude that a greater risk exists if.

Accepted Answer

A)  The auditor located two checks for $9, 000 each that contained one authorized signature. 
B)  The $10, 000 was an immaterial amount to the organization and very few cash disbursements required an amount in excess of $10, 000. 
C)  The director of accounting was not one of the authorized signers. 
D)  There were several instances in which successively numbered checks for amounts between $5, 000 and $10, 000 were made payable to the same vendor. 
A)  The auditor located two checks for $9, 000 each that contained one authorized signature. 
B)  The $10, 000 was an immaterial amount to the organization and very few cash disbursements required an amount in excess of $10, 000. 
C)  The director of accounting was not one of the authorized signers. 
D)  There were several instances in which successively numbered checks for amounts between $5, 000 and $10, 000 were made payable to the same vendor.

Question 9

According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?

Accepted Answer

A)  Rating each engagement record to assess its relevance and accessibility for the organization's board. 
B)  Controlling access to engagement records, including access by senior management. 
C)  Developing retention requirements for engagement records that are consistent with organizational guidelines. 
D)  Forming policies governing the custody and retention of consulting engagement records before their release to other parties. 
A)  Rating each engagement record to assess its relevance and accessibility for the organization's board. 
B)  Controlling access to engagement records, including access by senior management. 
C)  Developing retention requirements for engagement records that are consistent with organizational guidelines. 
D)  Forming policies governing the custody and retention of consulting engagement records before their release to other parties.

Question 10

Which of the following actions by a chief audit executive would be most effective in preventing fraud?

Accepted Answer

A)  Ensure that the board is aware of all fraud that has been identified or reported. 
B)  Train the internal audit staff in identifying fraud indicators. 
C)  Review the adequacy of all policies that describe prohibited activities. 
D)  Submit an annual report to the board on all fraud that has been detected. 
A)  Ensure that the board is aware of all fraud that has been identified or reported. 
B)  Train the internal audit staff in identifying fraud indicators. 
C)  Review the adequacy of all policies that describe prohibited activities. 
D)  Submit an annual report to the board on all fraud that has been detected.

Question 11

An external quality assurance review which was authorized by the chief audit executive (CAE) indicated significant findings from the Standards. To whom should the final results of the quality assurance review be reported?

Accepted Answer

A)  Confidentially to the CAE only 
B)  The CAE with copies to the board and senior management. 
C)  To the board with copies to the external auditor or regulatory oversight body. 
D)  To the senior management with a copy to the board. 
A)  Confidentially to the CAE only 
B)  The CAE with copies to the board and senior management. 
C)  To the board with copies to the external auditor or regulatory oversight body. 
D)  To the senior management with a copy to the board.

Question 12

A chief audit executive (CAE) submits internal audit activity (IAA) plans and information about significant interim changes to senior management and the board for review. Which other piece of information should the CAE provide to senior management and the board?

Accepted Answer

A)  Identification of proposed consultants and support staff for the IAA. 
B)  The most recent engagement of each member of the audit staff and its duration. 
C)  The CAE's preferred statistical analysis methods and relevant software to be utilized. 
D)  Resource requirements and resource limitations. 
A)  Identification of proposed consultants and support staff for the IAA. 
B)  The most recent engagement of each member of the audit staff and its duration. 
C)  The CAE's preferred statistical analysis methods and relevant software to be utilized. 
D)  Resource requirements and resource limitations.

Question 13

Which is the least effective form of risk management?

Accepted Answer

A)  Systems-based preventive control. 
B)  People-based preventive control. 
C)  Systems-based detective control. 
D)  People-based detective control. 
A)  Systems-based preventive control. 
B)  People-based preventive control. 
C)  Systems-based detective control. 
D)  People-based detective control.

Question 14

Which of the following best describes the underlying premise of the COSO enterprise risk management framework?

Accepted Answer

A)  Management should set objectives before assessing risk. 
B)  Every entity exists to provide value for its stakeholders. 
C)  Policies are established to ensure that risk responses are performed effectively. 
D)  Enterprise risk management can minimize the impact and likelihood of unanticipated events. 
A)  Management should set objectives before assessing risk. 
B)  Every entity exists to provide value for its stakeholders. 
C)  Policies are established to ensure that risk responses are performed effectively. 
D)  Enterprise risk management can minimize the impact and likelihood of unanticipated events.

Question 15

During an audit of a major contract, an internal auditor finds that actual hours and dollars billed are consistently at or near budgeted amounts. This condition is a red flag for which of the following procurement fraud schemes?

Accepted Answer

A)  Defective pricing. 
B)  Cost mischarging. 
C)  Fictitious vendor. 
D)  Bid rotation. 
A)  Defective pricing. 
B)  Cost mischarging. 
C)  Fictitious vendor. 
D)  Bid rotation.

Question 16

The chief audit executive (CAE) has been asked to manage the regulatory compliance function for the organization's retail store operations. Store operations are included in the annual audit plan. Which of the following strategies best fulfills the requirements of the Standards regarding these audits?

Accepted Answer

A)  The scope of store operations audits should exclude compliance. 
B)  Store operations audits can be fully executed with appropriate disclosure to the board. 
C)  Store operations audits should be performed by an external service provider. 
D)  A store operations compliance audit should be performed by a staff internal auditor under the direction of the CAE. 
A)  The scope of store operations audits should exclude compliance. 
B)  Store operations audits can be fully executed with appropriate disclosure to the board. 
C)  Store operations audits should be performed by an external service provider. 
D)  A store operations compliance audit should be performed by a staff internal auditor under the direction of the CAE.

Question 17

Which of the following is the best example of a strategic objective?

Accepted Answer

A)  Opening a new product line. 
B)  Adhering to laws and regulations. 
C)  Attaining a specified sales target. 
D)  Safeguarding assets. 
A)  Opening a new product line. 
B)  Adhering to laws and regulations. 
C)  Attaining a specified sales target. 
D)  Safeguarding assets.

Question 18

If an engagement client's operating standards are vague and thus subject to interpretation, the auditor should:

Accepted Answer

A)  Seek agreement with the client as to the standards to be used to measure operating performance. 
B)  Determine best practices in the area and use them as the standard. 
C)  Interpret the standards in their strictest sense because standards are otherwise only minimum measures of acceptance. 
D)  Omit any comments on standards and the client's performance in relationship to those standards, because such an analysis would be meaningless. 
A)  Seek agreement with the client as to the standards to be used to measure operating performance. 
B)  Determine best practices in the area and use them as the standard. 
C)  Interpret the standards in their strictest sense because standards are otherwise only minimum measures of acceptance. 
D)  Omit any comments on standards and the client's performance in relationship to those standards, because such an analysis would be meaningless.

Question 19

Which of the following steps would not be included in a program of selecting and developing human resources for an internal audit department?

Accepted Answer

A)  Scheduling periodic meetings with individual auditors, during which the chief audit executive provides counsel regarding each auditor's performance and professional career development. 
B)  Establishing an internal review team to assess the auditors' and audit department's compliance with standards, level of audit effectiveness, and compliance with departmental policy. 
C)  Developing specific job descriptions for audit staff, audit managers, and other auditing positions. 
D)  Establishing in-house training programs and requiring continuing education for audit staff. 
A)  Scheduling periodic meetings with individual auditors, during which the chief audit executive provides counsel regarding each auditor's performance and professional career development. 
B)  Establishing an internal review team to assess the auditors' and audit department's compliance with standards, level of audit effectiveness, and compliance with departmental policy. 
C)  Developing specific job descriptions for audit staff, audit managers, and other auditing positions. 
D)  Establishing in-house training programs and requiring continuing education for audit staff.

Question 20

Which of the following is an appropriate consideration by the auditor when preparing an engagement program for a human resource audit?

Accepted Answer

A)  State the work steps in the form of questions. 
B)  Use standard audit program for HR from previous years. 
C)  Include in the audit program certain audit tests requested by audit client. 
D)  Defer preparation of the audit program after the field work. 
A)  State the work steps in the form of questions. 
B)  Use standard audit program for HR from previous years. 
C)  Include in the audit program certain audit tests requested by audit client. 
D)  Defer preparation of the audit program after the field work.

Overall audit efficiency is enhanced between the internal and external audit functions when:

According to the International Professional Practices Framework, a primary purpose of evaluating the adequacy of an organization's risk management, control, and governance processes is to determine if it:

An organization invests its savings in a volatile stock with the potential for high gains rather than a mutual fund with a lower expected return and lower volatility. This best describes which of the following risk concepts?

Which of the following would be the least significant consideration when performing a risk analysis?

Which of the following combinations of conditions is most likely a red flag for fraud?

When an external auditor unknowingly fails to modify an opinion on financial statements that are materially misstated, this is an example of:

Which of the following is a role of the board of directors in the governance process?

An organization has a policy requiring two signatures on all checks written for amounts in excess of $10, 000. When evaluating controls over disbursements, an auditor would conclude that a greater risk exists if.

According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?

Which of the following actions by a chief audit executive would be most effective in preventing fraud?

An external quality assurance review which was authorized by the chief audit executive (CAE) indicated significant findings from the Standards. To whom should the final results of the quality assurance review be reported?

A chief audit executive (CAE) submits internal audit activity (IAA) plans and information about significant interim changes to senior management and the board for review. Which other piece of information should the CAE provide to senior management and the board?

Which is the least effective form of risk management?

Which of the following best describes the underlying premise of the COSO enterprise risk management framework?

During an audit of a major contract, an internal auditor finds that actual hours and dollars billed are consistently at or near budgeted amounts. This condition is a red flag for which of the following procurement fraud schemes?

Which of the following is the best example of a strategic objective?

If an engagement client's operating standards are vague and thus subject to interpretation, the auditor should:

Which of the following steps would not be included in a program of selecting and developing human resources for an internal audit department?

Which of the following is an appropriate consideration by the auditor when preparing an engagement program for a human resource audit?

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters

Exam 3: The Internal Audit Activity Role in Governance, Risk, and Control

Overall audit efficiency is enhanced between the internal and external audit functions when:

According to the International Professional Practices Framework, a primary purpose of evaluating the adequacy of an organization's risk management, control, and governance processes is to determine if it:

An organization invests its savings in a volatile stock with the potential for high gains rather than a mutual fund with a lower expected return and lower volatility. This best describes which of the following risk concepts?

Which of the following would be the least significant consideration when performing a risk analysis?

Which of the following combinations of conditions is most likely a red flag for fraud?

When an external auditor unknowingly fails to modify an opinion on financial statements that are materially misstated, this is an example of:

Which of the following is a role of the board of directors in the governance process?

An organization has a policy requiring two signatures on all checks written for amounts in excess of $10, 000. When evaluating controls over disbursements, an auditor would conclude that a greater risk exists if.

According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?

Which of the following actions by a chief audit executive would be most effective in preventing fraud?

An external quality assurance review which was authorized by the chief audit executive (CAE) indicated significant findings from the Standards. To whom should the final results of the quality assurance review be reported?

A chief audit executive (CAE) submits internal audit activity (IAA) plans and information about significant interim changes to senior management and the board for review. Which other piece of information should the CAE provide to senior management and the board?

Which is the least effective form of risk management?

Which of the following best describes the underlying premise of the COSO enterprise risk management framework?

During an audit of a major contract, an internal auditor finds that actual hours and dollars billed are consistently at or near budgeted amounts. This condition is a red flag for which of the following procurement fraud schemes?

Which of the following is the best example of a strategic objective?

If an engagement client's operating standards are vague and thus subject to interpretation, the auditor should:

Which of the following steps would not be included in a program of selecting and developing human resources for an internal audit department?

Which of the following is an appropriate consideration by the auditor when preparing an engagement program for a human resource audit?

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters