Question 1

Once the cause of a problem has been identified, the next step is to:

Accepted Answer

A)  Select a solution. 
B)  Generate alternative solutions. 
C)  Identify the problem. 
D)  Consider the reaction of competitors to various courses of action. 
A)  Select a solution. 
B)  Generate alternative solutions. 
C)  Identify the problem. 
D)  Consider the reaction of competitors to various courses of action.

Question 2

A manufacturer uses improved linkage between order entry, production, and shipping to reduce raw materials and work-in-process inventory. Which type of fraud will these changes likely reduce?

Accepted Answer

A)  Payment of fraudulent invoices. 
B)  Purchases from a related party. 
C)  Theft of resources from inventory. 
D)  False reporting of hours worked. 
A)  Payment of fraudulent invoices. 
B)  Purchases from a related party. 
C)  Theft of resources from inventory. 
D)  False reporting of hours worked.

Question 3

The audit committee is concerned that the small size of the internal audit activity (IAA) makes it impractical to achieve full conformance with the Standards. To address this concern, which of the following actions is most appropriate for the CAE to take?

Accepted Answer

A)  The CAE should agree with the audit committee and implement only those standards appropriate to the size of the IAA. 
B)  The CAE should request the audit committee to review the Standards to identify specifically which are creating the greatest concern. 
C)  The CAE should seek sufficient funding to increase audit resources to meet the minimum requirements of the Standards. 
D)  The CAE should explain that conformance with the Standards is essential and not dependent upon the size of the IAA. 
A)  The CAE should agree with the audit committee and implement only those standards appropriate to the size of the IAA. 
B)  The CAE should request the audit committee to review the Standards to identify specifically which are creating the greatest concern. 
C)  The CAE should seek sufficient funding to increase audit resources to meet the minimum requirements of the Standards. 
D)  The CAE should explain that conformance with the Standards is essential and not dependent upon the size of the IAA.

Question 4

Line management of a manufacturing operation requests an operational audit. They are seeking recommendations for policies and procedures to enhance control over the operation. What should the internal audit activity do?

Accepted Answer

A)  Review the effectiveness of current policies and procedures but avoid making control recommendations due to impaired objectivity. 
B)  Perform the engagement and make appropriate recommendations for policies and procedures. 
C)  Turn down the engagement because recommending controls would impair future objectivity regarding this client. 
D)  Turn down the engagement because an operational audit should not review policies and procedures. 
A)  Review the effectiveness of current policies and procedures but avoid making control recommendations due to impaired objectivity. 
B)  Perform the engagement and make appropriate recommendations for policies and procedures. 
C)  Turn down the engagement because recommending controls would impair future objectivity regarding this client. 
D)  Turn down the engagement because an operational audit should not review policies and procedures.

Question 5

What information should the internal quality assessment of the internal audit activity communicate to the chief audit executive?

Accepted Answer

A)  Detailed objectives for internal audit engagements. 
B)  Confirmation that past audit recommendations have been implemented. 
C)  Evaluation of the adequacy of internal audit policies and procedures. 
D)  Performance appraisals of the internal audit staff. 
A)  Detailed objectives for internal audit engagements. 
B)  Confirmation that past audit recommendations have been implemented. 
C)  Evaluation of the adequacy of internal audit policies and procedures. 
D)  Performance appraisals of the internal audit staff.

Question 6

An internal auditor finds during an engagement that payment for the organization's general insurance policy is two months overdue. The issue is informally mentioned to the finance department which immediately submits the invoice for payment. The auditor decides to exclude this finding from the final audit report as the oversight was immediately corrected and there were no consequences because of this late payment. Which of the following rules of conduct as described in the IIA Code of Ethics, did the auditor fail to uphold?

Accepted Answer

A)  Confidentiality. 
B)  Objectivity. 
C)  Integrity. 
D)  Competency. 
A)  Confidentiality. 
B)  Objectivity. 
C)  Integrity. 
D)  Competency.

Question 7

Which aspect of the audit function would be most impacted by a lack of coordination between an organization's internal and external auditors?

Accepted Answer

A)  Responsiveness. 
B)  Timeliness. 
C)  Effectiveness. 
D)  Efficiency. 
A)  Responsiveness. 
B)  Timeliness. 
C)  Effectiveness. 
D)  Efficiency.

Question 8

An internal audit activity's work schedule should always provide sufficient information to the audit committee to enable it to determine whether the proposed engagements:

Accepted Answer

A)  Support the organization's objectives. 
B)  Include sufficient fraud awareness. 
C)  Will likely result in the detection of any major risk exposures. 
D)  Are likely to detect control deficiencies. 
A)  Support the organization's objectives. 
B)  Include sufficient fraud awareness. 
C)  Will likely result in the detection of any major risk exposures. 
D)  Are likely to detect control deficiencies.

Question 9

During the course of an audit, an internal auditor discovers that a valuable employee in the research department has been patenting new developments in the employee's name that are unrelated to the basic business of the organization. The organization does not have a policy addressing this specific issue, but does have a general policy that all important new discoveries by employees are the property of the organization. Division management views the employee's actions as extra incentive to retain the employee. A decision to include the employee's action in the engagement final communication would be: 1. A violation of the IIA Code of Ethics. 2. A violation of the reporting requirements in the Standards. 3. Justified and necessary, according to the IIA Code of Ethics and Standards.

Accepted Answer

A)  1 only 
B)  2 only 
C)  3 only 
D)  1 and 2 only 
A)  1 only 
B)  2 only 
C)  3 only 
D)  1 and 2 only

Question 10

Which of the following situations would most likely result in the auditor in charge (AIC) recommending that the staff auditor further investigate non-compliant items?

Accepted Answer

A)  A staff auditor conducted a test of 25 non-statistical sample items, selected judgmentally, and 5 are not in compliance with organizational policy. 
B)  A staff auditor conducted a test of 85 non-statistical sample items, selected randomly, and 5 are not in compliance with organizational policy. 
C)  Before the staff auditor conducted a test of statistical sample items, the AIC was already aware of underlying control weaknesses. 
D)  A staff auditor conducted a test of statistical sample items, the results of which fall below the acceptable error rate by less than one percentage point. 
A)  A staff auditor conducted a test of 25 non-statistical sample items, selected judgmentally, and 5 are not in compliance with organizational policy. 
B)  A staff auditor conducted a test of 85 non-statistical sample items, selected randomly, and 5 are not in compliance with organizational policy. 
C)  Before the staff auditor conducted a test of statistical sample items, the AIC was already aware of underlying control weaknesses. 
D)  A staff auditor conducted a test of statistical sample items, the results of which fall below the acceptable error rate by less than one percentage point.

Question 11

The chief audit executive for an organization has just completed a risk assessment process, identified the areas with the highest risk, and assigned an audit priority to each. Which of the following statements is true and consistent with the International Professional Practices Framework?

Accepted Answer

A)  Items should be ranked in the order of quantifiable dollar exposure to the organization. II. The audit priorities should be in order of major control deficiencies. III. The risk assessment, though quantified, is the result of professional judgments about both exposures and probability of occurrences. 
B)  I only 
C)  III only 
D)  II and III only 
E)  I, II, and III. 
A)  Items should be ranked in the order of quantifiable dollar exposure to the organization. II. The audit priorities should be in order of major control deficiencies. III. The risk assessment, though quantified, is the result of professional judgments about both exposures and probability of occurrences. 
B)  I only 
C)  III only 
D)  II and III only 
E)  I, II, and III.

Question 12

An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information. In order to test whether data currently within the automated system are correct, an auditor should:

Accepted Answer

A)  Use test data and determine whether all the data entered are captured correctly in the updated database. 
B)  Select a sample of data to be entered for a few days and trace the data to the updated database to determine the correctness of the updates. 
C)  Use generalized audit software to provide a printout of all employees with invalid job descriptions. Investigate the causes of the problems. 
D)  Use generalized audit software to select a sample of employees from the database. Verify the data fields. 
A)  Use test data and determine whether all the data entered are captured correctly in the updated database. 
B)  Select a sample of data to be entered for a few days and trace the data to the updated database to determine the correctness of the updates. 
C)  Use generalized audit software to provide a printout of all employees with invalid job descriptions. Investigate the causes of the problems. 
D)  Use generalized audit software to select a sample of employees from the database. Verify the data fields.

Question 13

Which of the following would be outside the scope of acquiring and developing human resources for an internal audit department?

Accepted Answer

A)  Requiring audit staff to participate in continuing education activities. 
B)  Writing job descriptions for audit staff, audit managers, and other auditing positions. 
C)  Conducting individual counseling sessions regarding professional development and performance. 
D)  Evaluating auditors' compliance with standards and level of audit effectiveness. 
A)  Requiring audit staff to participate in continuing education activities. 
B)  Writing job descriptions for audit staff, audit managers, and other auditing positions. 
C)  Conducting individual counseling sessions regarding professional development and performance. 
D)  Evaluating auditors' compliance with standards and level of audit effectiveness.

Question 14

Which of the following would provide the most reliable information on the risk associated with an auditable activity?

Accepted Answer

A)  Event scenarios with regression analysis. 
B)  Past audit findings and instances of management failures. 
C)  Consequences and economic predictability of loss. 
D)  Management assessment and corroboration by the internal audit activity. 
A)  Event scenarios with regression analysis. 
B)  Past audit findings and instances of management failures. 
C)  Consequences and economic predictability of loss. 
D)  Management assessment and corroboration by the internal audit activity.

Question 15

A tax consultancy agency retains sensitive personal information regarding its clients. Which of the following is a violation of acceptable privacy practices?

Accepted Answer

A)  Copies of printed client information not used by the agency are shredded. 
B)  Employees share client information with coworkers with the permission of the client. 
C)  The agency only releases client information with management's approval. 
D)  The agency advises clients of their privacy rights before they commence business with the agency. 
A)  Copies of printed client information not used by the agency are shredded. 
B)  Employees share client information with coworkers with the permission of the client. 
C)  The agency only releases client information with management's approval. 
D)  The agency advises clients of their privacy rights before they commence business with the agency.

Question 16

The top three sales representatives for a company consistently include non-allowable charges on their expense reports. Line management is reluctant to deny reimbursement of the charges for fear of losing the sales representatives. This situation has the greatest negative impact on which of the following internal control components?

Accepted Answer

A)  Monitoring. 
B)  Control environment. 
C)  Information and communication. 
D)  Control activities. 
A)  Monitoring. 
B)  Control environment. 
C)  Information and communication. 
D)  Control activities.

Question 17

A code of business conduct provides?

Accepted Answer

A)  A fraud avoidance plan that does not explicitly describe punishments for violations. 
B)  A passive method of fraud deterrence. 
C)  A program to anonymously report irregularities to authorities. 
D)  An alternative to "tone at the top" programs. 
A)  A fraud avoidance plan that does not explicitly describe punishments for violations. 
B)  A passive method of fraud deterrence. 
C)  A program to anonymously report irregularities to authorities. 
D)  An alternative to "tone at the top" programs.

Question 18

An internal auditor is preparing a draft observation based on her assessment of an accounts payable process. Which of the following is a process recommendation?

Accepted Answer

A)  Authorization policy for accounts payable was not followed for payments above $10, 000. 
B)  Authorization policy requires two levels of approval for all payments above $10, 000. 
C)  Because of non-compliance with authorization policy, inappropriate payments may be made for payments above $10, 000. 
D)  The accounts payable authorization actions for all payments should be automated. 
A)  Authorization policy for accounts payable was not followed for payments above $10, 000. 
B)  Authorization policy requires two levels of approval for all payments above $10, 000. 
C)  Because of non-compliance with authorization policy, inappropriate payments may be made for payments above $10, 000. 
D)  The accounts payable authorization actions for all payments should be automated.

Question 19

During an audit of financial contracts, an internal auditor learns that a relative has a substantial loan with the organization. The auditor should:

Accepted Answer

A)  Exclude the relative's information from the audited work and proceed with the audit engagement. 
B)  Proceed with the audit engagement but disclose in the engagement final communication that the relative is a customer. 
C)  Immediately withdraw from the audit engagement. 
D)  Notify management and the chief audit executive (CA
E)  and have the CAE determine whether the auditor should continue with the audit engagement. 
A)  Exclude the relative's information from the audited work and proceed with the audit engagement. 
B)  Proceed with the audit engagement but disclose in the engagement final communication that the relative is a customer. 
C)  Immediately withdraw from the audit engagement. 
D)  Notify management and the chief audit executive (CA
E)  and have the CAE determine whether the auditor should continue with the audit engagement.

Question 20

Fraud is most frequently detected by:

Accepted Answer

A)  Following up on tips from employees or citizens. 
B)  Following up on analytical review of high-risk areas. 
C)  Performing periodic reconciliations over cash and other assets. 
D)  Performing unannounced audits or reviews of programs or departments. 
A)  Following up on tips from employees or citizens. 
B)  Following up on analytical review of high-risk areas. 
C)  Performing periodic reconciliations over cash and other assets. 
D)  Performing unannounced audits or reviews of programs or departments.

Once the cause of a problem has been identified, the next step is to:

A manufacturer uses improved linkage between order entry, production, and shipping to reduce raw materials and work-in-process inventory. Which type of fraud will these changes likely reduce?

The audit committee is concerned that the small size of the internal audit activity (IAA) makes it impractical to achieve full conformance with the Standards. To address this concern, which of the following actions is most appropriate for the CAE to take?

Line management of a manufacturing operation requests an operational audit. They are seeking recommendations for policies and procedures to enhance control over the operation. What should the internal audit activity do?

What information should the internal quality assessment of the internal audit activity communicate to the chief audit executive?

Which aspect of the audit function would be most impacted by a lack of coordination between an organization's internal and external auditors?

An internal audit activity's work schedule should always provide sufficient information to the audit committee to enable it to determine whether the proposed engagements:

Which of the following situations would most likely result in the auditor in charge (AIC) recommending that the staff auditor further investigate non-compliant items?

The chief audit executive for an organization has just completed a risk assessment process, identified the areas with the highest risk, and assigned an audit priority to each. Which of the following statements is true and consistent with the International Professional Practices Framework?

An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information. In order to test whether data currently within the automated system are correct, an auditor should:

Which of the following would be outside the scope of acquiring and developing human resources for an internal audit department?

Which of the following would provide the most reliable information on the risk associated with an auditable activity?

A tax consultancy agency retains sensitive personal information regarding its clients. Which of the following is a violation of acceptable privacy practices?

A code of business conduct provides?

An internal auditor is preparing a draft observation based on her assessment of an accounts payable process. Which of the following is a process recommendation?

During an audit of financial contracts, an internal auditor learns that a relative has a substantial loan with the organization. The auditor should:

Fraud is most frequently detected by:

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters

Exam 3: The Internal Audit Activity Role in Governance, Risk, and Control

Once the cause of a problem has been identified, the next step is to:

A manufacturer uses improved linkage between order entry, production, and shipping to reduce raw materials and work-in-process inventory. Which type of fraud will these changes likely reduce?

The audit committee is concerned that the small size of the internal audit activity (IAA) makes it impractical to achieve full conformance with the Standards. To address this concern, which of the following actions is most appropriate for the CAE to take?

Line management of a manufacturing operation requests an operational audit. They are seeking recommendations for policies and procedures to enhance control over the operation. What should the internal audit activity do?

What information should the internal quality assessment of the internal audit activity communicate to the chief audit executive?

Which aspect of the audit function would be most impacted by a lack of coordination between an organization's internal and external auditors?

An internal audit activity's work schedule should always provide sufficient information to the audit committee to enable it to determine whether the proposed engagements:

Which of the following situations would most likely result in the auditor in charge (AIC) recommending that the staff auditor further investigate non-compliant items?

The chief audit executive for an organization has just completed a risk assessment process, identified the areas with the highest risk, and assigned an audit priority to each. Which of the following statements is true and consistent with the International Professional Practices Framework?

An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information. In order to test whether data currently within the automated system are correct, an auditor should:

Which of the following would be outside the scope of acquiring and developing human resources for an internal audit department?

Which of the following would provide the most reliable information on the risk associated with an auditable activity?

A tax consultancy agency retains sensitive personal information regarding its clients. Which of the following is a violation of acceptable privacy practices?

A code of business conduct provides?

An internal auditor is preparing a draft observation based on her assessment of an accounts payable process. Which of the following is a process recommendation?

During an audit of financial contracts, an internal auditor learns that a relative has a substantial loan with the organization. The auditor should:

Fraud is most frequently detected by:

Certified Financial Services Auditor

Certified Government Auditing Professional

Conducting the Internal Audit Engagement

Business Analysis and Information Technology

Filters