Exam 3: The Internal Audit Activity Role in Governance, Risk, and Control

Management of a publicly-held organization requires the internal audit activity to be involved with quarterly financial statements, which are made public and used internally. Which of the following explanations of management's decision is least plausible?

In an audit engagement, a group of internal auditors used an integrated test facility to test payroll processing. The auditors identified the key controls and processing steps in the computer software, and then developed test data. Over the course of 24 months, they submitted test transactions on a regular basis but did not find any differences between payroll processing and integrated test facility results. Based on the data, what can the auditors conclude?

Which of the following is the most appropriate outcome measure for assessing safety operations?

Regarding an organization's decision to retain an external audit firm, the chief audit executive (CAE) should:

Within the internal audit process, which of the following is not a significant advantage of employing a control model?

Which of the following are core responsibilities to be included in the internal audit charter? 1. Review reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information. 2. Determine the adequacy and effectiveness of the organization's systems of internal accounting and operating controls. 3. Participate in the planning and performance of audits of potential acquisitions with the organization's outside accountants and other members of the corporate staff. 4. Report to those members of management who should be informed of results of audit examinations, the audit opinions formed, and the recommendations made.

COBIT is primarily designed to:

A computer system automatically locks a user's account after three unsuccessful attempts to log on. Which type of control does this scenario represent?

According to the Standards, which of the following is not a consideration when exercising due professional care for an assurance engagement?

According to the Standards, the organizational status of the internal audit activity:

Which of the following statements regarding an internal auditor's responsibility for detecting fraud is not correct?

An organization receives the most value from an internal audit activity's enterprise-wide risk assessment when the auditor:

Using the internal audit department to coordinate regulatory examiners' efforts is beneficial to the organization because internal auditors can:

Which of the following procedures would be most effective in detecting fraud in electronically-submitted claims to insurance companies?

Risk assessments are valuable to the internal audit activity's planning process because they assist in:

A chief audit executive (CAE) is obtaining information required by a regulatory oversight body and discovers a situation that requires management to take immediate corrective action. What is the best course of action for the CAE to take?

Which of the following would provide the best assessment of an organization's ethical climate?

While reviewing the workpapers of a new auditor, the auditor in charge discovered that additional audit procedures might be necessary. According to IIA guidance, which of the following would be most relevant for the auditor in charge to consider when making this decision?

When conducting an interview, an internal auditor is most likely to ask open-ended questions in order to:

Which of the following actions would be considered a violation of the Standards?