Question 1

Which of the following is true with respect to the risk assessment process?

Accepted Answer

A)  The ethical climate should not be included since this factor cannot be measured quantitatively. 
B)  More than one risk factor may have to be used to ensure that the risk assessment is comprehensive. 
C)  Each risk factor should be given equal weighting in order to reduce the opportunity for bias. 
D)  The risk assessment process should be conducted at least every three years. 
A)  The ethical climate should not be included since this factor cannot be measured quantitatively. 
B)  More than one risk factor may have to be used to ensure that the risk assessment is comprehensive. 
C)  Each risk factor should be given equal weighting in order to reduce the opportunity for bias. 
D)  The risk assessment process should be conducted at least every three years.

Question 2

Which of the following methods is not valid for completing continuing professional education hours?

Accepted Answer

A)  Attending technical session meetings held by state auditing organizations. 
B)  Completing all audit engagements in accordance with the Standards. 
C)  Publishing an article on the organization's internal audit department. 
D)  Participating in a formal in-house training program. 
A)  Attending technical session meetings held by state auditing organizations. 
B)  Completing all audit engagements in accordance with the Standards. 
C)  Publishing an article on the organization's internal audit department. 
D)  Participating in a formal in-house training program.

Question 3

In order to effectively handle conflict between audit team members, an audit team leader should:

Accepted Answer

A)  Avoid addressing the conflict until the leader is sure that there is a problem. 
B)  Be assertive and keep the team members focused on a resolution. 
C)  Ask one of the team members to resolve the issue by being more conciliatory. 
D)  Transfer one of the team members to another assignment. 
A)  Avoid addressing the conflict until the leader is sure that there is a problem. 
B)  Be assertive and keep the team members focused on a resolution. 
C)  Ask one of the team members to resolve the issue by being more conciliatory. 
D)  Transfer one of the team members to another assignment.

Question 4

Which of the following corporate travel policies is least likely to be cost-effective?

Accepted Answer

A)  Negotiating corporate agreements with hotels, airlines, and car rental firms. 
B)  Tracking credits for canceled airline reservations. 
C)  Selecting the least expensive airline travel available, without regard to total travel time and distance. 
D)  Traveling to facilities in tourist areas during the off-season when possible. 
A)  Negotiating corporate agreements with hotels, airlines, and car rental firms. 
B)  Tracking credits for canceled airline reservations. 
C)  Selecting the least expensive airline travel available, without regard to total travel time and distance. 
D)  Traveling to facilities in tourist areas during the off-season when possible.

Question 5

For a bank handling large amounts of cash, which of the following types of control would be the most effective to use?

Accepted Answer

A)  Detective controls. 
B)  Corrective controls. 
C)  Preventive controls. 
D)  Directive controls. 
A)  Detective controls. 
B)  Corrective controls. 
C)  Preventive controls. 
D)  Directive controls.

Question 6

Which of the following statements is correct regarding corporate compensation systems and related bonuses?

Accepted Answer

A)  A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control. II. Compensation systems are not part of an organization's control system and should not be reported as such. III. An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses. 
B)  I only 
C)  II only 
D)  III only 
E)  II and III only 
A)  A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control. II. Compensation systems are not part of an organization's control system and should not be reported as such. III. An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses. 
B)  I only 
C)  II only 
D)  III only 
E)  II and III only

Question 7

An internal auditor is assessing the risk of employees falsifying reimbursement requests for business-related meals or travel. Which of the following procedures would the internal auditor most likely perform first?

Accepted Answer

A)  Review the supplemental documentation provided for a sample of reimbursement requests. 
B)  Interview the payroll/accounting supervisor to determine what controls exist to prevent fraud. 
C)  Determine whether or not the payroll/accounting department has been subject to regular review. 
D)  Establish a flowchart of the payroll/accounting functions that include any controls currently in place. 
A)  Review the supplemental documentation provided for a sample of reimbursement requests. 
B)  Interview the payroll/accounting supervisor to determine what controls exist to prevent fraud. 
C)  Determine whether or not the payroll/accounting department has been subject to regular review. 
D)  Establish a flowchart of the payroll/accounting functions that include any controls currently in place.

Question 8

According to the COSO framework, which of the following is not a principle of internal control?

Accepted Answer

A)  Management's philosophy and operating style. 
B)  Human resource policies and practices. 
C)  Integrity and ethical values. 
D)  Risk assessment. 
A)  Management's philosophy and operating style. 
B)  Human resource policies and practices. 
C)  Integrity and ethical values. 
D)  Risk assessment.

Question 9

According to IIA guidance, which of the following risk management process evaluation findings would the internal audit activity consider most effective?

Accepted Answer

A)  Relevant risk information is captured and communicated in a periodic manner to management. 
B)  Risk management processes are monitored through an annual assessment. 
C)  Risk responses align with the organization's risk appetite. 
D)  Strategic risks with low residual values are continuously monitored. 
A)  Relevant risk information is captured and communicated in a periodic manner to management. 
B)  Risk management processes are monitored through an annual assessment. 
C)  Risk responses align with the organization's risk appetite. 
D)  Strategic risks with low residual values are continuously monitored.

Question 10

The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?

Accepted Answer

A)  The CAE's work may be reviewed by any other experienced staff member within the IAA. 
B)  The CAE's work should be reviewed by an individual with the appropriate background and knowledge. 
C)  The CAE may self-review his work, provided he discloses this practice in the final report. 
D)  The CAE should avoid performing engagements to ensure he is able to review all audit work objectively. 
A)  The CAE's work may be reviewed by any other experienced staff member within the IAA. 
B)  The CAE's work should be reviewed by an individual with the appropriate background and knowledge. 
C)  The CAE may self-review his work, provided he discloses this practice in the final report. 
D)  The CAE should avoid performing engagements to ensure he is able to review all audit work objectively.

Which of the following is true with respect to the risk assessment process?

Which of the following methods is not valid for completing continuing professional education hours?

In order to effectively handle conflict between audit team members, an audit team leader should:

Which of the following corporate travel policies is least likely to be cost-effective?

For a bank handling large amounts of cash, which of the following types of control would be the most effective to use?

Which of the following statements is correct regarding corporate compensation systems and related bonuses?

An internal auditor is assessing the risk of employees falsifying reimbursement requests for business-related meals or travel. Which of the following procedures would the internal auditor most likely perform first?

According to the COSO framework, which of the following is not a principle of internal control?

According to IIA guidance, which of the following risk management process evaluation findings would the internal audit activity consider most effective?

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters

Exam 3: The Internal Audit Activity Role in Governance, Risk, and Control

Which of the following is true with respect to the risk assessment process?

Which of the following methods is not valid for completing continuing professional education hours?

In order to effectively handle conflict between audit team members, an audit team leader should:

Which of the following corporate travel policies is least likely to be cost-effective?

For a bank handling large amounts of cash, which of the following types of control would be the most effective to use?

Which of the following statements is correct regarding corporate compensation systems and related bonuses?

An internal auditor is assessing the risk of employees falsifying reimbursement requests for business-related meals or travel. Which of the following procedures would the internal auditor most likely perform first?

According to the COSO framework, which of the following is not a principle of internal control?

According to IIA guidance, which of the following risk management process evaluation findings would the internal audit activity consider most effective?

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters