Question 1

Which of the following is not an objective of internal control?

Accepted Answer

A)  Compliance. 
B)  Accuracy. 
C)  Efficiency. 
D)  Validation. 
A)  Compliance. 
B)  Accuracy. 
C)  Efficiency. 
D)  Validation.

Question 2

An organization that outsources much of its internal audit work to an external service provider is planning for an external quality assessment. Which of the following options would accomplish this task and be in conformance with the Standards?

Accepted Answer

A)  Engaging an external industry associate that performed a similar review for a supplier of the organization. 
B)  Selecting a team from an independent entity that previously employed the chief audit executive of the organization. 
C)  Using a team under the direction of the organization's chief audit executive, and obtaining validation from a former manager of the internal audit activity. 
D)  Using the same external service provider because of its competency and experience with the organization. 
A)  Engaging an external industry associate that performed a similar review for a supplier of the organization. 
B)  Selecting a team from an independent entity that previously employed the chief audit executive of the organization. 
C)  Using a team under the direction of the organization's chief audit executive, and obtaining validation from a former manager of the internal audit activity. 
D)  Using the same external service provider because of its competency and experience with the organization.

Question 3

According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?

Accepted Answer

A)  A former employee knowledgeable of the IAA who resigned three years earlier from the organization. 
B)  A competent employee of an independent external organization that provides co-sourcing services to the IAA. 
C)  An employee in an affiliated organization who has never worked directly with the IAA. 
D)  An employee in the parent organization who has not had any previous contact with the IAA. 
A)  A former employee knowledgeable of the IAA who resigned three years earlier from the organization. 
B)  A competent employee of an independent external organization that provides co-sourcing services to the IAA. 
C)  An employee in an affiliated organization who has never worked directly with the IAA. 
D)  An employee in the parent organization who has not had any previous contact with the IAA.

Question 4

In preparing for an audit of the footwear division of a major retail organization, an internal auditor gathered the following information about the organization's stores:   In addition to labor costs, the other costs associated with each store are leasing and maintenance expenses. Which of the following is a valid conclusion?

Accepted Answer

A)  Sales per store are directly related to the size of the store. 
B)  Employees are less productive in larger stores. 
C)  Gross margin is directly related to the size of the store. 
D)  Cost of goods sold is directly related to the size of the store. 
A)  Sales per store are directly related to the size of the store. 
B)  Employees are less productive in larger stores. 
C)  Gross margin is directly related to the size of the store. 
D)  Cost of goods sold is directly related to the size of the store.

Question 5

In order to provide the most useful information for an organization's risk management decisions, which of the following should be assessed?

Accepted Answer

A)  Risk levels for future events based on the degree of uncertainty of those events and their cost of mitigation. 
B)  Inherent and control risks and their impact on the extent of financial misstatements. 
C)  Risk levels of current and future events, their effect on the achievement of the organization's objectives, and their underlying causes. 
D)  Risk levels of current and future events, their impact on the organization's mission, and the potential for the elimination of existing risk factors. 
A)  Risk levels for future events based on the degree of uncertainty of those events and their cost of mitigation. 
B)  Inherent and control risks and their impact on the extent of financial misstatements. 
C)  Risk levels of current and future events, their effect on the achievement of the organization's objectives, and their underlying causes. 
D)  Risk levels of current and future events, their impact on the organization's mission, and the potential for the elimination of existing risk factors.

Question 6

A major difference between enterprise risk management and traditional risk management lies in the narrow focus of traditional risk management on:

Accepted Answer

A)  Property and liability risks. II. Risks with insurance solutions. III. Risks impacting organizational objectives. 
B)  I and II only 
C)  I and III only 
D)  II and III only 
E)  I, II, and III. 
A)  Property and liability risks. II. Risks with insurance solutions. III. Risks impacting organizational objectives. 
B)  I and II only 
C)  I and III only 
D)  II and III only 
E)  I, II, and III.

Question 7

When an internal auditor applies due professional care to perform an assurance engagement, which of the following must she consider? 1. Findings of the last audit engagement performed. 2. Probability of significant errors, irregularities, or noncompliance. 3. Extent of work needed to achieve engagement objectives. 4. Cost of the engagement versus the potential benefits.

Accepted Answer

A)  1 and 4 only 
B)  2 and 3 only 
C)  2, 3, and 4 only 
D)  1, 2, 3, and 4 
A)  1 and 4 only 
B)  2 and 3 only 
C)  2, 3, and 4 only 
D)  1, 2, 3, and 4

Question 8

The audit process used by the internal audit activity of a large wholesale clothing company does not include an engagement letter or project approval document. The most serious consequence of this deficiency in the process is that the:

Accepted Answer

A)  Audit schedule may not be optimal from the engagement client's perspective. 
B)  Audit objectives may not be understood by management of the area being audited. 
C)  Audit resources may not be sufficient. 
D)  Audit plan priority may have changed. 
A)  Audit schedule may not be optimal from the engagement client's perspective. 
B)  Audit objectives may not be understood by management of the area being audited. 
C)  Audit resources may not be sufficient. 
D)  Audit plan priority may have changed.

Question 9

Which of the following would be an appropriate outcome of a quality assurance and improvement program in an internal audit activity? 1. Modification of resources. 2. Corrections to procedures. 3. Changes in processes. 4. Implementation of new technology.

Accepted Answer

A)  2 and 4 only 
B)  3 and 4 only 
C)  1, 2, and 3 only 
D)  1, 2, 3, and 4 
A)  2 and 4 only 
B)  3 and 4 only 
C)  1, 2, and 3 only 
D)  1, 2, 3, and 4

Question 10

Which of the following are components of the COSO enterprise risk management framework? 1. Objective setting. 2. External environment. 3. Data collection. 4. Control activities.

Accepted Answer

A)  1 and 3 only 
B)  1 and 4 only 
C)  2 and 3 only 
D)  2 and 4 only 
A)  1 and 3 only 
B)  1 and 4 only 
C)  2 and 3 only 
D)  2 and 4 only

Question 11

While attending a conference, an internal auditor won an all-expense paid trip sponsored by a vendor of the internal auditor's organization. Which of the following actions are most appropriate for the auditor to take?

Accepted Answer

A)  Consult with an immediate supervisor and notify the organization's audit committee. 
B)  Consult with an immediate supervisor and review the organization's ethics policy. 
C)  Give the prize to a friend or family member and notitfy the organization's audit committee. 
D)  Give the prize to a friend or family member and review the organization's ethics policy. 
A)  Consult with an immediate supervisor and notify the organization's audit committee. 
B)  Consult with an immediate supervisor and review the organization's ethics policy. 
C)  Give the prize to a friend or family member and notitfy the organization's audit committee. 
D)  Give the prize to a friend or family member and review the organization's ethics policy.

Question 12

Sometimes, internal audit staff may partner with operating managers to rank risks. Which of the following outcomes may be the most beneficial aspects of this strategy? 1. Reappraising risks levels. 2. Providing accurate information to management. 3. Marketing the internal audit activity. 4. Planning safeguards for assets in high-risk areas.

Accepted Answer

A)  1 and 2. 
B)  1 and 3. 
C)  2 and 3. 
D)  3 and 4. 
A)  1 and 2. 
B)  1 and 3. 
C)  2 and 3. 
D)  3 and 4.

Question 13

Which of the following internal auditor attributes are affected by a conflict of interest?

Accepted Answer

A)  Independence and authority. 
B)  Authority and proficiency. 
C)  Independence and objectivity. 
D)  Objectivity and due professional care. 
A)  Independence and authority. 
B)  Authority and proficiency. 
C)  Independence and objectivity. 
D)  Objectivity and due professional care.

Question 14

An audit of the quality control department is being planned. Which of the following would least likely be used in the preparation of a preliminary survey questionnaire?

Accepted Answer

A)  An analysis of quality control documents. 
B)  The permanent audit file. 
C)  The prior audit report. 
D)  Management's charter for the quality control department. 
A)  An analysis of quality control documents. 
B)  The permanent audit file. 
C)  The prior audit report. 
D)  Management's charter for the quality control department.

Question 15

In a manufacturing company, which department would be the internal audit activity's most reliable source of information on the controls over minimizing defective goods?

Accepted Answer

A)  Manufacturing. 
B)  Quality control. 
C)  Research and development. 
D)  Inventory management. 
A)  Manufacturing. 
B)  Quality control. 
C)  Research and development. 
D)  Inventory management.

Question 16

Which of the following is accomplished by the internal audit charter?

Accepted Answer

A)  It establishes the audit committee's position within the organization. 
B)  It authorizes access to records, personnel and physical properties relevant to the performance of engagements. 
C)  It defines the scope of internal and external audit activities. 
D)  It states the nature of the chief audit executive's administrative reporting relationship with the board. 
A)  It establishes the audit committee's position within the organization. 
B)  It authorizes access to records, personnel and physical properties relevant to the performance of engagements. 
C)  It defines the scope of internal and external audit activities. 
D)  It states the nature of the chief audit executive's administrative reporting relationship with the board.

Question 17

During an internal audit, an organization's processing department is found to have incidences of both duplicate invoices and notices from customers that purchased goods were not received. The department under review insists that some of these reports are false and that others were isolated oversights due to understaffing. Which of the following tests would best help the internal auditor detect fraudulent activity?

Accepted Answer

A)  Check inventory levels. 
B)  Search for gaps in check numbers. 
C)  Compare vendor summaries. 
D)  Review raw material purchase quantities. 
A)  Check inventory levels. 
B)  Search for gaps in check numbers. 
C)  Compare vendor summaries. 
D)  Review raw material purchase quantities.

Question 18

During an interview with a data-entry clerk in the human resources department, an internal auditor recognizes a potentially significant weakness with a database system used to track employee performance ratings. Which of the following actions should the auditor take after discovering the weakness?

Accepted Answer

A)  Schedule a series of follow-up interviews with the data-entry clerk. 
B)  Avoid either directly or indirectly confronting the data-entry clerk about the system weakness. 
C)  Question the data-entry clerk indirectly to help obtain more factual information about the weakness. 
D)  Immediately document the weakness and write a report to the data-entry clerk's superior. 
A)  Schedule a series of follow-up interviews with the data-entry clerk. 
B)  Avoid either directly or indirectly confronting the data-entry clerk about the system weakness. 
C)  Question the data-entry clerk indirectly to help obtain more factual information about the weakness. 
D)  Immediately document the weakness and write a report to the data-entry clerk's superior.

Question 19

When planning an audit engagement, what should an internal auditor first consider when assessing the risk of fraud in the area to be audited?

Accepted Answer

A)  Impact of and exposure to fraud. 
B)  Existence of evidence of fraud. 
C)  Organizational structure. 
D)  Management's risk appetite. 
A)  Impact of and exposure to fraud. 
B)  Existence of evidence of fraud. 
C)  Organizational structure. 
D)  Management's risk appetite.

Question 20

A charitable organization provides substantial grants for important medical research. Assuming marginal controls are in place, which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk?

Accepted Answer

A)  Senior executives are using company travel and entertainment funds for activities that might be considered questionable. 
B)  Purchases of office supplies are made from fictitious vendors. 
C)  Grants are made to organizations associated with senior executives. 
D)  A payroll clerk has added a fictitious employee. 
A)  Senior executives are using company travel and entertainment funds for activities that might be considered questionable. 
B)  Purchases of office supplies are made from fictitious vendors. 
C)  Grants are made to organizations associated with senior executives. 
D)  A payroll clerk has added a fictitious employee.

Which of the following is not an objective of internal control?

An organization that outsources much of its internal audit work to an external service provider is planning for an external quality assessment. Which of the following options would accomplish this task and be in conformance with the Standards?

According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?

In order to provide the most useful information for an organization's risk management decisions, which of the following should be assessed?

A major difference between enterprise risk management and traditional risk management lies in the narrow focus of traditional risk management on:

The audit process used by the internal audit activity of a large wholesale clothing company does not include an engagement letter or project approval document. The most serious consequence of this deficiency in the process is that the:

Which of the following would be an appropriate outcome of a quality assurance and improvement program in an internal audit activity? 1. Modification of resources. 2. Corrections to procedures. 3. Changes in processes. 4. Implementation of new technology.

Which of the following are components of the COSO enterprise risk management framework? 1. Objective setting. 2. External environment. 3. Data collection. 4. Control activities.

While attending a conference, an internal auditor won an all-expense paid trip sponsored by a vendor of the internal auditor's organization. Which of the following actions are most appropriate for the auditor to take?

Which of the following internal auditor attributes are affected by a conflict of interest?

An audit of the quality control department is being planned. Which of the following would least likely be used in the preparation of a preliminary survey questionnaire?

In a manufacturing company, which department would be the internal audit activity's most reliable source of information on the controls over minimizing defective goods?

Which of the following is accomplished by the internal audit charter?

During an interview with a data-entry clerk in the human resources department, an internal auditor recognizes a potentially significant weakness with a database system used to track employee performance ratings. Which of the following actions should the auditor take after discovering the weakness?

When planning an audit engagement, what should an internal auditor first consider when assessing the risk of fraud in the area to be audited?

A charitable organization provides substantial grants for important medical research. Assuming marginal controls are in place, which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk?

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters

Exam 3: The Internal Audit Activity Role in Governance, Risk, and Control

Which of the following is not an objective of internal control?

An organization that outsources much of its internal audit work to an external service provider is planning for an external quality assessment. Which of the following options would accomplish this task and be in conformance with the Standards?

According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?

In order to provide the most useful information for an organization's risk management decisions, which of the following should be assessed?

A major difference between enterprise risk management and traditional risk management lies in the narrow focus of traditional risk management on:

The audit process used by the internal audit activity of a large wholesale clothing company does not include an engagement letter or project approval document. The most serious consequence of this deficiency in the process is that the:

Which of the following would be an appropriate outcome of a quality assurance and improvement program in an internal audit activity? 1. Modification of resources. 2. Corrections to procedures. 3. Changes in processes. 4. Implementation of new technology.

Which of the following are components of the COSO enterprise risk management framework? 1. Objective setting. 2. External environment. 3. Data collection. 4. Control activities.

While attending a conference, an internal auditor won an all-expense paid trip sponsored by a vendor of the internal auditor's organization. Which of the following actions are most appropriate for the auditor to take?

Which of the following internal auditor attributes are affected by a conflict of interest?

An audit of the quality control department is being planned. Which of the following would least likely be used in the preparation of a preliminary survey questionnaire?

In a manufacturing company, which department would be the internal audit activity's most reliable source of information on the controls over minimizing defective goods?

Which of the following is accomplished by the internal audit charter?

During an interview with a data-entry clerk in the human resources department, an internal auditor recognizes a potentially significant weakness with a database system used to track employee performance ratings. Which of the following actions should the auditor take after discovering the weakness?

When planning an audit engagement, what should an internal auditor first consider when assessing the risk of fraud in the area to be audited?

A charitable organization provides substantial grants for important medical research. Assuming marginal controls are in place, which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk?

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters