Question 1

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Accepted Answer

A)  Report follow-up activities to senior management. 
B)  Implement follow-up procedures to evaluate residual risk. 
C)  Determine the costs of implementing the recommendations. 
D)  Evaluate the extent of improvements. 
A)  Report follow-up activities to senior management. 
B)  Implement follow-up procedures to evaluate residual risk. 
C)  Determine the costs of implementing the recommendations. 
D)  Evaluate the extent of improvements.

Question 2

According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?

Accepted Answer

A)  Degree of effort and cost needed to correct the reported condition. 
B)  Complexity of the corrective action. 
C)  Impact that may result should the corrective action fail. 
D)  Amount of resources required to conduct the follow-up activities. 
A)  Degree of effort and cost needed to correct the reported condition. 
B)  Complexity of the corrective action. 
C)  Impact that may result should the corrective action fail. 
D)  Amount of resources required to conduct the follow-up activities.

Question 3

A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:   Which of the following statements regarding risk in the department is true?

Accepted Answer

A)  As compared to departments A and C, department B has a stronger control system to compensate for the greater complexity of the department's transactions and dollar value of its assets. 
B)  The internal audit activity should schedule audits of department B more often than audits of department C because of the relative control strength of department C as compared to department B. 
C)  The nature of department A's control structure may be justified by the nature of the department's assets and the complexity of its transactions. 
D)  The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B. 
A)  As compared to departments A and C, department B has a stronger control system to compensate for the greater complexity of the department's transactions and dollar value of its assets. 
B)  The internal audit activity should schedule audits of department B more often than audits of department C because of the relative control strength of department C as compared to department B. 
C)  The nature of department A's control structure may be justified by the nature of the department's assets and the complexity of its transactions. 
D)  The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.

Question 4

The chief audit executive (CAE) decided that based on management's oral response, the action taken on an audit observation for a minor improvement in the client's process is sufficient and no further follow-up is necessary. Which of the following would be the best statement regarding the action of the CAE?

Accepted Answer

A)  The CAE action is not acceptable, as a follow-up audit is needed to ensure that action is really taken by management. 
B)  The CAE action is not acceptable, as follow-up on the issue is critical until a written response is obtained from management. 
C)  The CAE action is acceptable as long as the follow-up is sufficient when weighed against the relative importance of the recommendation. 
D)  The CAE action is acceptable as long as the issue has been escalated to the board to get their position on the issue. 
A)  The CAE action is not acceptable, as a follow-up audit is needed to ensure that action is really taken by management. 
B)  The CAE action is not acceptable, as follow-up on the issue is critical until a written response is obtained from management. 
C)  The CAE action is acceptable as long as the follow-up is sufficient when weighed against the relative importance of the recommendation. 
D)  The CAE action is acceptable as long as the issue has been escalated to the board to get their position on the issue.

Question 5

An audit of a company's accounts payable found that the individuals responsible for maintaining the vendor master file could also enter vendor invoices into the accounts payable system. During the exit conference, management agreed to correct this problem. When performing a follow-up engagement of accounts payable, the auditor should expect to find that management has:

Accepted Answer

A)  Transferred the individuals who maintained the vendor master file to another department to ensure that responsibilities are appropriately segregated. 
B)  Compared the vendor and employee master files to determine if any unauthorized vendors have been added to the vendor master file. 
C)  Changed the access control system to prevent employees from both entering invoices and approving payments. 
D)  Modified the accounts payable system to prevent individuals who maintain the vendor master file from entering invoices. 
A)  Transferred the individuals who maintained the vendor master file to another department to ensure that responsibilities are appropriately segregated. 
B)  Compared the vendor and employee master files to determine if any unauthorized vendors have been added to the vendor master file. 
C)  Changed the access control system to prevent employees from both entering invoices and approving payments. 
D)  Modified the accounts payable system to prevent individuals who maintain the vendor master file from entering invoices.

Question 6

Which of the following controls in a computerized consumer loan system of a major bank would be the least effective in detecting a fraudulent loan?

Accepted Answer

A)  All log-in accounts become inaccessible after three incorrect password attempts. 
B)  Loan approvals over a pre-determined limit must have management approval. 
C)  Customer information is matched to payment data prior to funds disbursement. 
D)  System controls prevent supervisors from delegating their approval authority during vacation periods. 
A)  All log-in accounts become inaccessible after three incorrect password attempts. 
B)  Loan approvals over a pre-determined limit must have management approval. 
C)  Customer information is matched to payment data prior to funds disbursement. 
D)  System controls prevent supervisors from delegating their approval authority during vacation periods.

Question 7

According to IIA guidance, which of the following are potential benefits of using an assurance map?

Accepted Answer

A)  Indication of any gaps in assurance coverage, and improved relevance of assurance recommendations. 
B)  Identification of duplicate or overlapping assurance activities, and improved relevance of assurance recommendations. 
C)  Indication of gaps in assurance coverage, and enhanced effectiveness of assurance providers. 
D)  Enhanced effectiveness of assurance providers, and improved relevance of assurance recommendations. 
A)  Indication of any gaps in assurance coverage, and improved relevance of assurance recommendations. 
B)  Identification of duplicate or overlapping assurance activities, and improved relevance of assurance recommendations. 
C)  Indication of gaps in assurance coverage, and enhanced effectiveness of assurance providers. 
D)  Enhanced effectiveness of assurance providers, and improved relevance of assurance recommendations.

Question 8

While developing a risk based audit plan, which of the following sources of information would provide the least value to the chief audit executive?

Accepted Answer

A)  Results from the organization's business process management program. 
B)  User acceptance testing of the organization's enterprise resource planning application. 
C)  Risk assessments conducted by the board. 
D)  Key business strategies adopted by the organization in the strategic plan. 
A)  Results from the organization's business process management program. 
B)  User acceptance testing of the organization's enterprise resource planning application. 
C)  Risk assessments conducted by the board. 
D)  Key business strategies adopted by the organization in the strategic plan.

Question 9

Management requested the chief audit executive (CAE) to include an audit of the organization's health and safety program in next year's annual audit plan. However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?

Accepted Answer

A)  With management's agreement, amend the scope of the audit to ensure that areas examined do not require specialized knowledge and expertise. 
B)  Meet with management to explain that the audit cannot be undertaken and discuss alternative strategies that can be implemented until internal audit can develop its capability in the area. 
C)  Accept the request provided management has conducted a thorough risk assessment prior to the engagement to help guide the audit. 
D)  Advise management that compliance audits of this type should only be conducted by the corresponding regulatory agency to ensure independence. 
A)  With management's agreement, amend the scope of the audit to ensure that areas examined do not require specialized knowledge and expertise. 
B)  Meet with management to explain that the audit cannot be undertaken and discuss alternative strategies that can be implemented until internal audit can develop its capability in the area. 
C)  Accept the request provided management has conducted a thorough risk assessment prior to the engagement to help guide the audit. 
D)  Advise management that compliance audits of this type should only be conducted by the corresponding regulatory agency to ensure independence.

Question 10

After partially completing an internal control review of the accounts payable department, an auditor suspects that some type of fraud has occurred. To ascertain whether the fraud is present, the best sampling approach would be to use.

Accepted Answer

A)  Simple random sampling to select a sample of vouchers processed by the department during the past year. 
B)  Probability-proportional-to-size sampling to select a sample of vouchers processed by the department during the past year. 
C)  Discovery sampling to select a sample of vouchers processed by the department during the past year. 
D)  Judgmental sampling to select a sample of vouchers processed by clerks who were identified by the department manager as acting suspiciously. 
A)  Simple random sampling to select a sample of vouchers processed by the department during the past year. 
B)  Probability-proportional-to-size sampling to select a sample of vouchers processed by the department during the past year. 
C)  Discovery sampling to select a sample of vouchers processed by the department during the past year. 
D)  Judgmental sampling to select a sample of vouchers processed by clerks who were identified by the department manager as acting suspiciously.

Question 11

An internal audit activity is participating in the due diligence work for an acquisition that a company is considering. One engagement objective is to determine if the acquisition's accounts payable contain all outstanding liabilities. Which of the following audit procedures would not be relevant for this objective?

Accepted Answer

A)  Examine supporting documentation of subsequent (after-period) cash disbursements and verify period of liability. 
B)  Send confirmations, including zero-balance accounts, to vendors with whom the company normally does business. 
C)  Select a sample of accounts payable from the accounts payable list and verify the supporting receiving reports, purchase orders, and invoices. 
D)  Trace receiving reports issued before the period end to the related vendor invoices and accounts payable list. 
A)  Examine supporting documentation of subsequent (after-period) cash disbursements and verify period of liability. 
B)  Send confirmations, including zero-balance accounts, to vendors with whom the company normally does business. 
C)  Select a sample of accounts payable from the accounts payable list and verify the supporting receiving reports, purchase orders, and invoices. 
D)  Trace receiving reports issued before the period end to the related vendor invoices and accounts payable list.

Question 12

Which of the following actions by management would reduce an employee's opportunity to commit fraud?

Accepted Answer

A)  Establishing physical controls over company assets. 
B)  Eliminating bonuses tied to sales or other performance goals. 
C)  Defining ethical behavior expectations in the company handbook. 
D)  Identifying consequences, such as termination, for fraudulent activities. 
A)  Establishing physical controls over company assets. 
B)  Eliminating bonuses tied to sales or other performance goals. 
C)  Defining ethical behavior expectations in the company handbook. 
D)  Identifying consequences, such as termination, for fraudulent activities.

Question 13

The following is an excerpt from an audit engagement workpaper: A Company Accounts Receivable Date Objective. To determine if the computer system is correctly recording all accounts receivable transactions. Procedures: Judgmental selection of a sample of all accounts receivable balances greater than $50,000 for positive confirmation of balances. Conclusion: Based on the results of testing wherein all but three confirmations were returned, the accounts receivable balance is fairly presented in all material respects. Which of the following is true regarding the workpaper?

Accepted Answer

A)  It is not appropriate to judgmentally select a sample when testing accounts receivable. 
B)  A conclusion should be reached only for the results of overall testing, not for individual procedures. 
C)  The audit procedures used are not consistent with the audit objective. 
D)  The format of the workpaper does not conform to the standard format for workpapers. 
A)  It is not appropriate to judgmentally select a sample when testing accounts receivable. 
B)  A conclusion should be reached only for the results of overall testing, not for individual procedures. 
C)  The audit procedures used are not consistent with the audit objective. 
D)  The format of the workpaper does not conform to the standard format for workpapers.

Question 14

According to the Standards, which of the following should be the basis for scheduling follow-up of engagement recommendations?

Accepted Answer

A)  The follow-up manual procedures. 
B)  The internal audit charter. 
C)  The agreement made between internal auditors and management. 
D)  The risks and exposures involved. 
A)  The follow-up manual procedures. 
B)  The internal audit charter. 
C)  The agreement made between internal auditors and management. 
D)  The risks and exposures involved.

Question 15

The scope of a consulting engagement performed by internal auditors should:

Accepted Answer

A)  Be sufficient to address the objectives agreed upon with the client. 
B)  Exclude areas that might be the subject of subsequent assurance engagements. 
C)  Be limited to activities within the current operating period. 
D)  Be preapproved in conjunction with the annual plan of consulting engagements. 
A)  Be sufficient to address the objectives agreed upon with the client. 
B)  Exclude areas that might be the subject of subsequent assurance engagements. 
C)  Be limited to activities within the current operating period. 
D)  Be preapproved in conjunction with the annual plan of consulting engagements.

Question 16

Which of the following would not include recommendations for process improvements?

Accepted Answer

A)  Due diligence engagement. 
B)  Forensic investigation. 
C)  Internal audit engagement. 
D)  Consulting engagement. 
A)  Due diligence engagement. 
B)  Forensic investigation. 
C)  Internal audit engagement. 
D)  Consulting engagement.

Question 17

According to the Standards, which of the following is applicable to the internal audit activity's quality assurance and improvement program?

Accepted Answer

A)  Periodic monitoring of the internal audit activity should be done. 
B)  All aspects of the internal audit activity should be evaluated. 
C)  An external assessment should be obtained every three years. 
D)  The review of assurance services should be the primary focus. 
A)  Periodic monitoring of the internal audit activity should be done. 
B)  All aspects of the internal audit activity should be evaluated. 
C)  An external assessment should be obtained every three years. 
D)  The review of assurance services should be the primary focus.

Question 18

Which of the following processes real-transaction data through auditor-developed test programs?

Accepted Answer

A)  Generalized audit software. 
B)  Tracing. 
C)  Parallel simulation. 
D)  Mapping. 
A)  Generalized audit software. 
B)  Tracing. 
C)  Parallel simulation. 
D)  Mapping.

Question 19

A chief audit executive (CAE) has decided to add an engagement to the current audit plan which will exceed available audit resources. Which of the following is the best course of action for the CAE to take?

Accepted Answer

A)  Present the plan change to senior management and request additional resources before going to the board of directors. 
B)  Seek approval from senior management and the board of directors for the plan change and advise them of the issue of limited resources. 
C)  Add this change to the plan and request senior management to indicate which other engagement should be deleted to keep the overall plan within resource constraints. 
D)  Immediately seek additional resources from senior management and the board of directors to meet the needs of the organization. 
A)  Present the plan change to senior management and request additional resources before going to the board of directors. 
B)  Seek approval from senior management and the board of directors for the plan change and advise them of the issue of limited resources. 
C)  Add this change to the plan and request senior management to indicate which other engagement should be deleted to keep the overall plan within resource constraints. 
D)  Immediately seek additional resources from senior management and the board of directors to meet the needs of the organization.

Question 20

The chief audit executive (CAE) of a multinational entity with highly automated and complex operations has just completed the update of the risk-based audit plan. Interviews with management revealed the introduction of new technology and a significant increase in both the number and severity of technology-based risk exposures. According to the International Professional Practices Framework, which of the following would be the best course of action for the CAE to undertake next?

Accepted Answer

A)  Develop a detailed audit plan that makes the most efficient use and reallocation of existing internal audit resources. 
B)  Arrange for the outsourcing of some technology intensive audit processes and procedures based on the plan changes. 
C)  Evaluate whether appropriate skills and knowledge required to perform the necessary audit work currently exist in the department. 
D)  Begin planning to recruit information technology audit specialists and other expert personnel into the internal audit activity. 
A)  Develop a detailed audit plan that makes the most efficient use and reallocation of existing internal audit resources. 
B)  Arrange for the outsourcing of some technology intensive audit processes and procedures based on the plan changes. 
C)  Evaluate whether appropriate skills and knowledge required to perform the necessary audit work currently exist in the department. 
D)  Begin planning to recruit information technology audit specialists and other expert personnel into the internal audit activity.

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?

Which of the following controls in a computerized consumer loan system of a major bank would be the least effective in detecting a fraudulent loan?

According to IIA guidance, which of the following are potential benefits of using an assurance map?

While developing a risk based audit plan, which of the following sources of information would provide the least value to the chief audit executive?

Management requested the chief audit executive (CAE) to include an audit of the organization's health and safety program in next year's annual audit plan. However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?

After partially completing an internal control review of the accounts payable department, an auditor suspects that some type of fraud has occurred. To ascertain whether the fraud is present, the best sampling approach would be to use.

Which of the following actions by management would reduce an employee's opportunity to commit fraud?

According to the Standards, which of the following should be the basis for scheduling follow-up of engagement recommendations?

The scope of a consulting engagement performed by internal auditors should:

Which of the following would not include recommendations for process improvements?

According to the Standards, which of the following is applicable to the internal audit activity's quality assurance and improvement program?

Which of the following processes real-transaction data through auditor-developed test programs?

A chief audit executive (CAE) has decided to add an engagement to the current audit plan which will exceed available audit resources. Which of the following is the best course of action for the CAE to take?

Certified Financial Services Auditor

Certified Government Auditing Professional

The Internal Audit Activity Role in Governance, Risk, and Control

Business Analysis and Information Technology

Filters

Exam 4: Conducting the Internal Audit Engagement

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?

Which of the following controls in a computerized consumer loan system of a major bank would be the least effective in detecting a fraudulent loan?

According to IIA guidance, which of the following are potential benefits of using an assurance map?

While developing a risk based audit plan, which of the following sources of information would provide the least value to the chief audit executive?

Management requested the chief audit executive (CAE) to include an audit of the organization's health and safety program in next year's annual audit plan. However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?

After partially completing an internal control review of the accounts payable department, an auditor suspects that some type of fraud has occurred. To ascertain whether the fraud is present, the best sampling approach would be to use.

Which of the following actions by management would reduce an employee's opportunity to commit fraud?

According to the Standards, which of the following should be the basis for scheduling follow-up of engagement recommendations?

The scope of a consulting engagement performed by internal auditors should:

Which of the following would not include recommendations for process improvements?

According to the Standards, which of the following is applicable to the internal audit activity's quality assurance and improvement program?

Which of the following processes real-transaction data through auditor-developed test programs?

A chief audit executive (CAE) has decided to add an engagement to the current audit plan which will exceed available audit resources. Which of the following is the best course of action for the CAE to take?

Certified Financial Services Auditor

Certified Government Auditing Professional

The Internal Audit Activity Role in Governance, Risk, and Control

Business Analysis and Information Technology

Filters