Exam 3: The Internal Audit Activity Role in Governance, Risk, and Control

A chief audit executive used risk assessment to prepare the audit work schedule. Which of the following would be the least appropriate reason to modify the schedule?

Which of the following should an internal auditor possess in order to fulfill the responsibilities of the internal audit activity?

The internal audit supervisor is reviewing the workpapers prepared by the staff. According to the Standards, which of the following statements regarding workpaper supervision is not true?

Risk assessments can vary in format, but generally include.

Which of the following is not an advantage of face-to-face interviews over electronic surveys?

During the planning phase of an audit of suspected overbilling on contracts for security services, an internal auditor should perform all of the following except:

An internal auditor is reviewing the accounts receivable when she discovers account balances more than three years old. The auditor was previously supervising the area during this time, and she subsequently advises the chief audit executive (CAE) of a potential conflict. Which of the following is the most appropriate course of action for the CAE to take?

Which of the following is true of a horizontal flowchart as compared to a vertical flowchart?

Which of the following is not true with regard to the internal audit charter?

Which of the following is not an appropriate activity for internal auditors to perform?

A senior manager asks the chief audit executive (CAE) to explain why statistical sampling is the best method to use in conducting an internal audit. Which advantages should the CAE point to in order to justify the internal audit activity's (IAA) use of statistical sampling?

An internal auditor is gathering evidence for an organization's internal audit engagement and requests a sample of vendor invoices from the organization. Which of the following is true regarding the reliability of this evidence?

Management has asked the chief audit executive (CAE) to provide assurance on the organization's automated control system related to financial data. The current audit staff does not have the expertise needed to conduct this type of engagement. Which of the following would be the best response by the CAE?

When developing an effective risk-based plan to determine audit priorities, an internal audit activity should start by:

A product manager occasionally overrides established purchasing policies in order to expedite the introduction of new products in a competitive industry. The manager's overrides are:

Which type of objectives can best be described as broad goals that promote the effective and efficient use of resources?

The chief audit executive needs to revise the internal audit activity's (IAA) charter. The revision must address the element of authority. Which of the following statements meets this requirement?

Which of the following statements correctly describes how workpaper standards can improve the efficiency of internal audit operations?

Which of the following statements is not true about red flags?

Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit? 1. Acceptance of CAATs findings by entity management. 2. Computer knowledge and expertise of the auditor. 3. Time constraints. 4. Level of audit risk.