Question 1

Which of the following is not part of the five-attribute approach to developing documentation for an audit observation?

Accepted Answer

A)  Condition. 
B)  Effect. 
C)  Management response. 
D)  Recommendation. 
A)  Condition. 
B)  Effect. 
C)  Management response. 
D)  Recommendation.

Question 2

Which of the following is a limitation of using observation as a manual audit procedure?

Accepted Answer

A)  Observation provides information at a certain time and makes it difficult to draw representative conclusions. 
B)  Observation is not as persuasive as inquiry due to a lack of direct evidence. 
C)  Observation is performed specifically to test the validity of documented or recorded information. 
D)  Observation may cause individuals to behave less critically or carefully if they are aware that other forms of manual audit procedures have already taken place. 
A)  Observation provides information at a certain time and makes it difficult to draw representative conclusions. 
B)  Observation is not as persuasive as inquiry due to a lack of direct evidence. 
C)  Observation is performed specifically to test the validity of documented or recorded information. 
D)  Observation may cause individuals to behave less critically or carefully if they are aware that other forms of manual audit procedures have already taken place.

Question 3

During an engagement, an internal auditor decided to use variance analysis as an auditing techniques. Which of the following steps should the auditor pursue if he discovers unexpected deviations of actual results from budget?

Accepted Answer

A)  Report the deviations immediately to the audit committee. 
B)  Gather additional information to determine the cause of the deviations. 
C)  Conclude that the budget was unreasonably set and accept the deviations. 
D)  Perform alternative forms of analytical procedures which provide no deviations. 
A)  Report the deviations immediately to the audit committee. 
B)  Gather additional information to determine the cause of the deviations. 
C)  Conclude that the budget was unreasonably set and accept the deviations. 
D)  Perform alternative forms of analytical procedures which provide no deviations.

Question 4

An internal auditor notes that employees are able to download files from the internet. According to IIA guidance, which of the following strategies would best protect the organization from the risk of copyright infringement and licensing violations resulting from this practice?

Accepted Answer

A)  Apply antivirus and patch management software. 
B)  Utilize dedicated and encrypted network connections. 
C)  Install a software inventory management application. 
D)  Utilize secure socket layer encryption. 
A)  Apply antivirus and patch management software. 
B)  Utilize dedicated and encrypted network connections. 
C)  Install a software inventory management application. 
D)  Utilize secure socket layer encryption.

Question 5

After several years in the engineering department, an engineer was transferred to the internal audit department. One month later, the new auditor was assigned to an assurance engagement for the engineering department. When the auditor's former engineering supervisor suggested a change in the sample selection method, the auditor consulted with the audit supervisor. They determined that the suggested method would not be as representative and that the original selection method should be used. In this situation, the auditor:

Accepted Answer

A)  Maintained an independent mental attitude and is therefore objective. 
B)  Has subordinated professional judgment, and objectivity is therefore impaired. 
C)  Does not have objectivity since the auditor recently transferred from the engineering department. 
D)  Does not have independent organizational status since the auditor recently transferred from the engineering department. 
A)  Maintained an independent mental attitude and is therefore objective. 
B)  Has subordinated professional judgment, and objectivity is therefore impaired. 
C)  Does not have objectivity since the auditor recently transferred from the engineering department. 
D)  Does not have independent organizational status since the auditor recently transferred from the engineering department.

Question 6

Which of the following actions by the internal audit activity provides strong evidence that it is organizationally independent?

Accepted Answer

A)  It reviews engagement results for evidence of undue influence before releasing the final report. 
B)  It requires all internal audit staff to sign annual non-disclosure and potential conflict of interest statements. 
C)  It maintains direct interactions with the audit committee or board. 
D)  It releases an approved internal audit charter stating that the internal audit activity is independent. 
A)  It reviews engagement results for evidence of undue influence before releasing the final report. 
B)  It requires all internal audit staff to sign annual non-disclosure and potential conflict of interest statements. 
C)  It maintains direct interactions with the audit committee or board. 
D)  It releases an approved internal audit charter stating that the internal audit activity is independent.

Question 7

A chief audit executive (CAE) is planning to issue an annual report concluding on the overall effectiveness of the organization's internal control system. According to the Standards, which of the following is likely the most significant challenge facing the CAE when creating the report?

Accepted Answer

A)  The opinion must include difficult to measure risks such as the risks of management override of controls, and collusion among dishonest personnel. 
B)  The opinion is dependent on complex analyses of numerous internal audit engagements carried out over the prior year. 
C)  The opinion is only issued once a year, limiting its usefulness. 
D)  Assessing control effectiveness is complicated by inherent risks. 
A)  The opinion must include difficult to measure risks such as the risks of management override of controls, and collusion among dishonest personnel. 
B)  The opinion is dependent on complex analyses of numerous internal audit engagements carried out over the prior year. 
C)  The opinion is only issued once a year, limiting its usefulness. 
D)  Assessing control effectiveness is complicated by inherent risks.

Question 8

Which of the following statements is correct regarding risk analysis?

Accepted Answer

A)  The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis. 
B)  The highest risk assessment should always be assigned to the area with the largest potential loss. 
C)  The highest risk assessment should always be assigned to the area with the highest probability of occurrence. 
D)  Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization. 
A)  The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis. 
B)  The highest risk assessment should always be assigned to the area with the largest potential loss. 
C)  The highest risk assessment should always be assigned to the area with the highest probability of occurrence. 
D)  Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.

Question 9

Which of the following should be the primary objective of an audit of an entity's business continuity plan?

Accepted Answer

A)  Cost of testing and updating the plan. 
B)  Delegation of responsibilities for the plan. 
C)  Relationship of the plan to risk exposures. 
D)  Efficiency of the planning procedures. 
A)  Cost of testing and updating the plan. 
B)  Delegation of responsibilities for the plan. 
C)  Relationship of the plan to risk exposures. 
D)  Efficiency of the planning procedures.

Question 10

An organization's external auditor has prepared a list of risks and issues and has recommended to senior management that the internal audit activity focus on these items. Senior management has forwarded the list to the chief audit executive (CAE). The CAE should:

Accepted Answer

A)  Incorporate the external auditor's requirements into the internal audit plan. 
B)  Ignore the external auditor's requirements because they are outside of the internal audit activity's planned scope of work. 
C)  Consider the issues raised by the external auditor for possible inclusion in the planned scope of work. 
D)  Report the risks and issues to the audit committee for possible future attention. 
A)  Incorporate the external auditor's requirements into the internal audit plan. 
B)  Ignore the external auditor's requirements because they are outside of the internal audit activity's planned scope of work. 
C)  Consider the issues raised by the external auditor for possible inclusion in the planned scope of work. 
D)  Report the risks and issues to the audit committee for possible future attention.

Question 11

The chief audit executive (CAE) routinely provides activity reports to the board during quarterly board meetings. Senior management has asked to review the CAE's board presentation before each board meeting so that any issues or questions can be discussed beforehand. The CAE should:

Accepted Answer

A)  Provide the activity reports to senior management as requested and discuss any issues that may require action to be taken. 
B)  Not provide activity reports to senior management because such matters are the sole province of the board. 
C)  Disclose only those matters in the activity reports that pertain to expenditures and financial budgets of the internal audit activity. 
D)  Provide information to senior management that pertains only to completed audit engagements and observations available in published engagement final communications. 
A)  Provide the activity reports to senior management as requested and discuss any issues that may require action to be taken. 
B)  Not provide activity reports to senior management because such matters are the sole province of the board. 
C)  Disclose only those matters in the activity reports that pertain to expenditures and financial budgets of the internal audit activity. 
D)  Provide information to senior management that pertains only to completed audit engagements and observations available in published engagement final communications.

Question 12

A member of the IT department transfers to the internal audit department. A few months after transferring, the new auditor volunteers to assist in an assurance engagement for the IT department. According to the Standards, how should the chief audit executive respond?

Accepted Answer

A)  Decline the offer because the internal auditor subordinated professional judgment, and objectivity is therefore impaired. 
B)  Decline the offer because the internal auditor recently transferred from the IT department. 
C)  Accept the offer because the internal auditor maintains an independent mental attitude and is therefore objective. 
D)  Accept the offer because the internal audit charter grants the internal auditor authority to maintain objectivity. 
A)  Decline the offer because the internal auditor subordinated professional judgment, and objectivity is therefore impaired. 
B)  Decline the offer because the internal auditor recently transferred from the IT department. 
C)  Accept the offer because the internal auditor maintains an independent mental attitude and is therefore objective. 
D)  Accept the offer because the internal audit charter grants the internal auditor authority to maintain objectivity.

Question 13

The internal audit staff lacks the expertise to perform a specific activity when auditing an organization. Which of the following individuals is not an appropriate choice to perform this task?

Accepted Answer

A)  A consultant from an outside firm. 
B)  An expert within the department being audited. 
C)  A researcher affiliated with a college or university. 
D)  A specialist from the staff of a government agency. 
A)  A consultant from an outside firm. 
B)  An expert within the department being audited. 
C)  A researcher affiliated with a college or university. 
D)  A specialist from the staff of a government agency.

Question 14

In order to ensure that the internal auditors have the objectivity required by the Standards, the chief audit executive should:

Accepted Answer

A)  Demonstrate willingness to include in engagement final communications all matters believed to be important. 
B)  Require all auditors to sign statements attesting to their independent mental attitudes and honest belief in their work product. 
C)  Carefully assign personnel to individual audit engagements and require auditors to disclose all conflicts of interest. 
D)  Appraise each auditor's performance on each audit assignment. 
A)  Demonstrate willingness to include in engagement final communications all matters believed to be important. 
B)  Require all auditors to sign statements attesting to their independent mental attitudes and honest belief in their work product. 
C)  Carefully assign personnel to individual audit engagements and require auditors to disclose all conflicts of interest. 
D)  Appraise each auditor's performance on each audit assignment.

Question 15

Which of the following would provide the best guidance to a chief audit executive who is setting internal audit staff requirements?

Accepted Answer

A)  A review of audit staff education and training records. 
B)  Information about the audit staff size and composition of comparable organizations. 
C)  Results from discussions of audit needs with executive management and the audit committee. 
D)  The results of the audit staff's most recent performance reviews. 
A)  A review of audit staff education and training records. 
B)  Information about the audit staff size and composition of comparable organizations. 
C)  Results from discussions of audit needs with executive management and the audit committee. 
D)  The results of the audit staff's most recent performance reviews.

Question 16

This chief audit executive (CAE) engaged an internal auditor to consult on an organization's complex information technology system. Shortly after beginning the engagement, the auditor unexpectedly resigned. Unfortunately, this auditor was the only available auditor with the necessary expertise. The CAE will not be able to hire someone with similar expertise in time to meet a regulatory deadline. Which of the following would be the best course of action for the CAE to take?

Accepted Answer

A)  Continue with the engagement in order to meet the regulatory deadline, but highlight areas in the final report that might need to be revised in the future. 
B)  Ask that a senior member of the organization's IT department with the required systems expertise join the audit team to assist in completing the engagement. 
C)  Delay the engagement and inform the board of the situation, asking them to provide acceptable alternatives for completing the engagement. 
D)  Remove the planned engagement from the audit plan and explain to senior management the problems with moving forward without an auditor with the necessary expertise. 
A)  Continue with the engagement in order to meet the regulatory deadline, but highlight areas in the final report that might need to be revised in the future. 
B)  Ask that a senior member of the organization's IT department with the required systems expertise join the audit team to assist in completing the engagement. 
C)  Delay the engagement and inform the board of the situation, asking them to provide acceptable alternatives for completing the engagement. 
D)  Remove the planned engagement from the audit plan and explain to senior management the problems with moving forward without an auditor with the necessary expertise.

Question 17

An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

Accepted Answer

A)  Preventive controls. 
B)  Detective controls. 
C)  Soft controls. 
D)  Directive controls. 
A)  Preventive controls. 
B)  Detective controls. 
C)  Soft controls. 
D)  Directive controls.

Question 18

Which of the following would be most relevant regarding the internal control environment?

Accepted Answer

A)  Assessing controls over computerized applications. 
B)  Documenting the organizational structure. 
C)  Comparing and validating internal performance with external benchmarking. 
D)  Maintaining and reviewing detailed financial records. 
A)  Assessing controls over computerized applications. 
B)  Documenting the organizational structure. 
C)  Comparing and validating internal performance with external benchmarking. 
D)  Maintaining and reviewing detailed financial records.

Question 19

In order to use "Conducted in accordance with the International Standards for the Professional Practice of Internal Auditing, " an internal audit activity must:

Accepted Answer

A)  Satisfy all requirements of the International Professional Practices Framework during each internal audit engagement. 
B)  Complete an external assessment of quality assurance to demonstrate compliance with the Standards. 
C)  Establish a continuous quality assurance and improvement program. 
D)  Have its charter reviewed and approved by management and the board. 
A)  Satisfy all requirements of the International Professional Practices Framework during each internal audit engagement. 
B)  Complete an external assessment of quality assurance to demonstrate compliance with the Standards. 
C)  Establish a continuous quality assurance and improvement program. 
D)  Have its charter reviewed and approved by management and the board.

Question 20

Which of the following statements best describes the competency requirement for an auditor regarding fraud risks encountered in an engagement execution?

Accepted Answer

A)  The auditor should be able to have comparable competencies of a person whose primary responsibility is detecting and investigating fraud. 
B)  The auditor must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization. 
C)  The auditor is not expected to have any competency requirement regarding fraud since the role of investigating and detecting fraud belongs to other functions in the organization. 
D)  The auditor must be able to have an appreciation of the fundamentals of fraud detection and investigation techniques. 
A)  The auditor should be able to have comparable competencies of a person whose primary responsibility is detecting and investigating fraud. 
B)  The auditor must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization. 
C)  The auditor is not expected to have any competency requirement regarding fraud since the role of investigating and detecting fraud belongs to other functions in the organization. 
D)  The auditor must be able to have an appreciation of the fundamentals of fraud detection and investigation techniques.

Which of the following is not part of the five-attribute approach to developing documentation for an audit observation?

Which of the following is a limitation of using observation as a manual audit procedure?

During an engagement, an internal auditor decided to use variance analysis as an auditing techniques. Which of the following steps should the auditor pursue if he discovers unexpected deviations of actual results from budget?

An internal auditor notes that employees are able to download files from the internet. According to IIA guidance, which of the following strategies would best protect the organization from the risk of copyright infringement and licensing violations resulting from this practice?

Which of the following actions by the internal audit activity provides strong evidence that it is organizationally independent?

A chief audit executive (CAE) is planning to issue an annual report concluding on the overall effectiveness of the organization's internal control system. According to the Standards, which of the following is likely the most significant challenge facing the CAE when creating the report?

Which of the following statements is correct regarding risk analysis?

Which of the following should be the primary objective of an audit of an entity's business continuity plan?

An organization's external auditor has prepared a list of risks and issues and has recommended to senior management that the internal audit activity focus on these items. Senior management has forwarded the list to the chief audit executive (CAE). The CAE should:

The chief audit executive (CAE) routinely provides activity reports to the board during quarterly board meetings. Senior management has asked to review the CAE's board presentation before each board meeting so that any issues or questions can be discussed beforehand. The CAE should:

A member of the IT department transfers to the internal audit department. A few months after transferring, the new auditor volunteers to assist in an assurance engagement for the IT department. According to the Standards, how should the chief audit executive respond?

The internal audit staff lacks the expertise to perform a specific activity when auditing an organization. Which of the following individuals is not an appropriate choice to perform this task?

In order to ensure that the internal auditors have the objectivity required by the Standards, the chief audit executive should:

Which of the following would provide the best guidance to a chief audit executive who is setting internal audit staff requirements?

An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

Which of the following would be most relevant regarding the internal control environment?

In order to use "Conducted in accordance with the International Standards for the Professional Practice of Internal Auditing, " an internal audit activity must:

Which of the following statements best describes the competency requirement for an auditor regarding fraud risks encountered in an engagement execution?

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters

Exam 3: The Internal Audit Activity Role in Governance, Risk, and Control

Which of the following is not part of the five-attribute approach to developing documentation for an audit observation?

Which of the following is a limitation of using observation as a manual audit procedure?

During an engagement, an internal auditor decided to use variance analysis as an auditing techniques. Which of the following steps should the auditor pursue if he discovers unexpected deviations of actual results from budget?

An internal auditor notes that employees are able to download files from the internet. According to IIA guidance, which of the following strategies would best protect the organization from the risk of copyright infringement and licensing violations resulting from this practice?

Which of the following actions by the internal audit activity provides strong evidence that it is organizationally independent?

A chief audit executive (CAE) is planning to issue an annual report concluding on the overall effectiveness of the organization's internal control system. According to the Standards, which of the following is likely the most significant challenge facing the CAE when creating the report?

Which of the following statements is correct regarding risk analysis?

Which of the following should be the primary objective of an audit of an entity's business continuity plan?

An organization's external auditor has prepared a list of risks and issues and has recommended to senior management that the internal audit activity focus on these items. Senior management has forwarded the list to the chief audit executive (CAE). The CAE should:

The chief audit executive (CAE) routinely provides activity reports to the board during quarterly board meetings. Senior management has asked to review the CAE's board presentation before each board meeting so that any issues or questions can be discussed beforehand. The CAE should:

A member of the IT department transfers to the internal audit department. A few months after transferring, the new auditor volunteers to assist in an assurance engagement for the IT department. According to the Standards, how should the chief audit executive respond?

The internal audit staff lacks the expertise to perform a specific activity when auditing an organization. Which of the following individuals is not an appropriate choice to perform this task?

In order to ensure that the internal auditors have the objectivity required by the Standards, the chief audit executive should:

Which of the following would provide the best guidance to a chief audit executive who is setting internal audit staff requirements?

An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

Which of the following would be most relevant regarding the internal control environment?

In order to use "Conducted in accordance with the International Standards for the Professional Practice of Internal Auditing, " an internal audit activity must:

Which of the following statements best describes the competency requirement for an auditor regarding fraud risks encountered in an engagement execution?

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters