Question 1

Which of the following statements is not true about the oversight and review of working papers by the chief audit executive (CAE)?

Accepted Answer

A)  The CAE has ultimate responsibility for reviewing working papers and remains accountable for the achievement of objectives and the quality of work. 
B)  The need for CAE review depends on the proficiency and experience of the internal auditor and the complexity of the task. 
C)  The CAE is responsible for all significant professional judgments made during the audit process and should therefore personally review working papers to ensure conclusions were professionally arrived at. 
D)  The CAE, although having overall responsibility for reviewing work completed, can delegate such task to appropriately experienced internal audit staff. 
A)  The CAE has ultimate responsibility for reviewing working papers and remains accountable for the achievement of objectives and the quality of work. 
B)  The need for CAE review depends on the proficiency and experience of the internal auditor and the complexity of the task. 
C)  The CAE is responsible for all significant professional judgments made during the audit process and should therefore personally review working papers to ensure conclusions were professionally arrived at. 
D)  The CAE, although having overall responsibility for reviewing work completed, can delegate such task to appropriately experienced internal audit staff.

Question 2

Which of the following statements regarding the use of external contracted services by the chief audit executive (CAE) is false?

Accepted Answer

A)  The CAE's responsibility is not impaired by engaging an external expert. 
B)  The external expert could have a prior relationship with the audit client. 
C)  The audit report should not disclose the use of contracted services. 
D)  The expert should be directed by the objectives and scope of work. 
A)  The CAE's responsibility is not impaired by engaging an external expert. 
B)  The external expert could have a prior relationship with the audit client. 
C)  The audit report should not disclose the use of contracted services. 
D)  The expert should be directed by the objectives and scope of work.

Question 3

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

Accepted Answer

A)  The auditor must not perform the training, because any task to improve the business process could impact audit independence. 
B)  The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task. 
C)  The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task. 
D)  The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive. 
A)  The auditor must not perform the training, because any task to improve the business process could impact audit independence. 
B)  The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task. 
C)  The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task. 
D)  The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Question 4

In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should:

Accepted Answer

A)  Tell the employee a piece of information obtained from a coworker in a previous interview. 
B)  Put sensitive questions at the beginning of a questionnaire to ensure that they are answered. 
C)  Explain that the auditor's reputation for integrity, which is vital to the auditor's business success, would be seriously damaged if confidentiality were breached. 
D)  Point out that management has given the auditor full authority to conduct this interview. 
A)  Tell the employee a piece of information obtained from a coworker in a previous interview. 
B)  Put sensitive questions at the beginning of a questionnaire to ensure that they are answered. 
C)  Explain that the auditor's reputation for integrity, which is vital to the auditor's business success, would be seriously damaged if confidentiality were breached. 
D)  Point out that management has given the auditor full authority to conduct this interview.

Question 5

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

Accepted Answer

A)  The financial interest the service provider may have in the organization. 
B)  The relationship the service provider may have had with the organization or the activities being reviewed. 
C)  Compensation or other incentives that may be applicable to the service provider. 
D)  The service provider's experience in the type of work being considered. 
A)  The financial interest the service provider may have in the organization. 
B)  The relationship the service provider may have had with the organization or the activities being reviewed. 
C)  Compensation or other incentives that may be applicable to the service provider. 
D)  The service provider's experience in the type of work being considered.

Question 6

During an audit, an employee, who does not want to be identified, offers to provide information that would be damaging to the organization and may concern illegal activities. Which of the following actions by the auditor would not be consistent with the IIA Code of Ethics and Standards?

Accepted Answer

A)  Promising to maintain the employee's anonymity and listening to the information. 
B)  Suggesting that the employee consider talking to legal counsel. 
C)  Informing the employee that an attempt will be made to keep the source of the information confidential while looking into the matter further. 
D)  Informing the employee of other methods of communicating this type of information. 
A)  Promising to maintain the employee's anonymity and listening to the information. 
B)  Suggesting that the employee consider talking to legal counsel. 
C)  Informing the employee that an attempt will be made to keep the source of the information confidential while looking into the matter further. 
D)  Informing the employee of other methods of communicating this type of information.

Question 7

In performance auditing, which of the following must first be determined by the internal auditor?

Accepted Answer

A)  Which key performance indicators are in use. 
B)  Management's objectives for the process. 
C)  Whether management controls are appropriate. 
D)  Determination that appropriate benchmarks are in place. 
A)  Which key performance indicators are in use. 
B)  Management's objectives for the process. 
C)  Whether management controls are appropriate. 
D)  Determination that appropriate benchmarks are in place.

Question 8

According to the International Professional Practices Framework, which of the following statements is true regarding the use of the statement, "Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing," when communicating results of a seven-year-old internal audit activity?

Accepted Answer

A)  The statement may be used only when conducting international engagements. 
B)  The statement may be used only if the results of the quality assurance and improvement program support the statement. 
C)  The statement may be used whether or not the internal audit department has an external quality assessment review or an independent validation of a self-assessment. 
D)  The statement should not be used for a consulting engagement. 
A)  The statement may be used only when conducting international engagements. 
B)  The statement may be used only if the results of the quality assurance and improvement program support the statement. 
C)  The statement may be used whether or not the internal audit department has an external quality assessment review or an independent validation of a self-assessment. 
D)  The statement should not be used for a consulting engagement.

Question 9

In a review of an electronic data interchange application using a third-party service provider, the auditor should:

Accepted Answer

A)  Ensure encryption keys meet International Organization for Standardization (ISO) standards. II. Determine whether an independent review of the service provider's operation has been conducted. III. Verify that only public-switched data networks are used by the service provider. IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit. 
B)  I and II only 
C)  I and IV only 
D)  II and III only 
E)  II and IV only 
A)  Ensure encryption keys meet International Organization for Standardization (ISO) standards. II. Determine whether an independent review of the service provider's operation has been conducted. III. Verify that only public-switched data networks are used by the service provider. IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit. 
B)  I and II only 
C)  I and IV only 
D)  II and III only 
E)  II and IV only

Question 10

An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?

Accepted Answer

A)  Inform the audit supervisor. 
B)  Investigate the potential conflict of interest. 
C)  Inform the external auditors of the potential conflict of interest. 
D)  Disregard the potential conflict, because it is outside the scope of the audit assignment. 
A)  Inform the audit supervisor. 
B)  Investigate the potential conflict of interest. 
C)  Inform the external auditors of the potential conflict of interest. 
D)  Disregard the potential conflict, because it is outside the scope of the audit assignment.

Question 11

Which of the following would constitute a violation of the IIA Code of Ethics?

Accepted Answer

A)  An internal auditor, who has recently joined the organization, has accepted an assignment to audit the electronics manufacturing division. The auditor previously served as senior auditor for the external audit of that division and has audited many electronics companies during the past two years. 
B)  An internal auditor has accepted an assignment to audit the warehousing function six months from now. The auditor has no expertise in that area but has signed up for courses in warehousing that will be completed before the assignment begins. 
C)  An internal auditor has no ambitions for promotion and has not engaged in training or other professional development activities during the last three years. The auditor's performance assessments indicate consistent quality of work. 
D)  An internal auditor discovered an internal financial fraud during the year, and the financial statements were adjusted to properly reflect the loss associated with the fraud. The auditor discussed the fraud with the external auditor during the external auditor's review of the working papers detailing the incident. 
A)  An internal auditor, who has recently joined the organization, has accepted an assignment to audit the electronics manufacturing division. The auditor previously served as senior auditor for the external audit of that division and has audited many electronics companies during the past two years. 
B)  An internal auditor has accepted an assignment to audit the warehousing function six months from now. The auditor has no expertise in that area but has signed up for courses in warehousing that will be completed before the assignment begins. 
C)  An internal auditor has no ambitions for promotion and has not engaged in training or other professional development activities during the last three years. The auditor's performance assessments indicate consistent quality of work. 
D)  An internal auditor discovered an internal financial fraud during the year, and the financial statements were adjusted to properly reflect the loss associated with the fraud. The auditor discussed the fraud with the external auditor during the external auditor's review of the working papers detailing the incident.

Question 12

Which of the following would be the least desirable criteria against which to judge current operations of an organization's treasury function?

Accepted Answer

A)  The operations of the treasury function as documented during the last audit engagement. 
B)  Company policies and procedures delegating authority and assigning responsibilities. 
C)  Finance textbook illustrations of generally accepted good treasury function practices. 
D)  Codification of best practices of the treasury function in relevant industries. 
A)  The operations of the treasury function as documented during the last audit engagement. 
B)  Company policies and procedures delegating authority and assigning responsibilities. 
C)  Finance textbook illustrations of generally accepted good treasury function practices. 
D)  Codification of best practices of the treasury function in relevant industries.

Question 13

The chief audit executive (CAE) notes that management has adopted the option of not taking action on an audit issue involving a sizeable risk which has been accepted in the past. Which would be an appropriate action by the CAE?

Accepted Answer

A)  Close the issue by noting that follow-up will be completed as part of the next engagement. 
B)  Discuss the matter with management to determine a resolution. 
C)  Accept management's decision as the same risk has been accepted in the past. 
D)  Report the situation to the board for immediate resolution. 
A)  Close the issue by noting that follow-up will be completed as part of the next engagement. 
B)  Discuss the matter with management to determine a resolution. 
C)  Accept management's decision as the same risk has been accepted in the past. 
D)  Report the situation to the board for immediate resolution.

Question 14

New environmental regulations require the board to certify that the organization's reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization's compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?

Accepted Answer

A)  The audit committee of the board. 
B)  The environmental, health, and safety manager. 
C)  The organization's external environmental lawyers. 
D)  The organization's insurance department. 
A)  The audit committee of the board. 
B)  The environmental, health, and safety manager. 
C)  The organization's external environmental lawyers. 
D)  The organization's insurance department.

Question 15

A chief audit executive (CAE) suspects that several employees have used desktop computers for personal gain. In conducting an investigation, the primary reason that the CAE would choose to engage a forensic information systems auditor rather than using the organization's information systems auditor is that a forensic information systems auditor would possess:

Accepted Answer

A)  Knowledge of the computing system that would enable a more comprehensive assessment of the computer use and abuse. 
B)  Knowledge of what constitutes evidence acceptable in a court of law. 
C)  Superior analytical skills that would facilitate the identification of computer abuse. 
D)  Superior documentation and organization skills that would facilitate in the presentation of findings to senior management and the board. 
A)  Knowledge of the computing system that would enable a more comprehensive assessment of the computer use and abuse. 
B)  Knowledge of what constitutes evidence acceptable in a court of law. 
C)  Superior analytical skills that would facilitate the identification of computer abuse. 
D)  Superior documentation and organization skills that would facilitate in the presentation of findings to senior management and the board.

Question 16

Which of the following tasks is typically performed in the analysis phase of a benchmarking consulting engagement?

Accepted Answer

A)  Identifying business capabilities. 
B)  Developing data collection tools. 
C)  Determining benchmarked process attributes. 
D)  Determining sample size. 
A)  Identifying business capabilities. 
B)  Developing data collection tools. 
C)  Determining benchmarked process attributes. 
D)  Determining sample size.

Question 17

When assessing the risk associated with an activity, an internal auditor should:

Accepted Answer

A)  Determine how the risk should best be managed. 
B)  Provide assurance on the management of the risk. 
C)  Modify the risk management process based on risk exposures. 
D)  Design controls to mitigate the identified risks. 
A)  Determine how the risk should best be managed. 
B)  Provide assurance on the management of the risk. 
C)  Modify the risk management process based on risk exposures. 
D)  Design controls to mitigate the identified risks.

Question 18

Production managers for a manufacturing company are authorized to prepare emergency purchase orders for raw materials. These manually prepared orders do not go through the purchasing department and do not require a receiving report. The managers forward the invoice and purchase order to the accounting department for payment. Which of the following internal controls would efficiently prevent abuse of this system?

Accepted Answer

A)  Institute a company policy requiring rotation of orders among several suppliers. 
B)  Require a manual receiving report from the warehouse prior to payment. 
C)  Forbid the use of emergency purchase orders. 
D)  Review the level of safety stock. 
A)  Institute a company policy requiring rotation of orders among several suppliers. 
B)  Require a manual receiving report from the warehouse prior to payment. 
C)  Forbid the use of emergency purchase orders. 
D)  Review the level of safety stock.

Question 19

During an audit of a contract for computer security, a governmental auditor finds that a contractor has developed a system that could be the most advanced in the industry. If it seems that the contractor is charging the government for developmental cost of a system that might be sold to other organizations, what is the auditor's best course of action?

Accepted Answer

A)  Estimate the cost to develop the advanced security system and inform the contractor that it will be a disallowed cost. 
B)  Exclude the observation from the engagement final communication because the contract was vague and the level of security is clearly acceptable. 
C)  Estimate the added cost, report it to management, and suggest that management meet with its lawyers and the contractor to resolve differences. 
D)  Compare the cost of the security program with previous costs incurred by governmental operations and inform the contractor that the difference will be a disallowed cost. 
A)  Estimate the cost to develop the advanced security system and inform the contractor that it will be a disallowed cost. 
B)  Exclude the observation from the engagement final communication because the contract was vague and the level of security is clearly acceptable. 
C)  Estimate the added cost, report it to management, and suggest that management meet with its lawyers and the contractor to resolve differences. 
D)  Compare the cost of the security program with previous costs incurred by governmental operations and inform the contractor that the difference will be a disallowed cost.

Question 20

Which of the following audit steps would be most effective to review proper recording of and accountability over physical assets?

Accepted Answer

A)  Physically inspect all assets on the organization's property. II. Select a sample department and physically inspect assets in the department. III. Select a sample from the organization's records of physical assets and physically locate each asset. IV. Identify assets at a sample of locations and trace to the organization's records. 
B)  I only 
C)  I and IV only 
D)  II and III only 
E)  III and IV only 
A)  Physically inspect all assets on the organization's property. II. Select a sample department and physically inspect assets in the department. III. Select a sample from the organization's records of physical assets and physically locate each asset. IV. Identify assets at a sample of locations and trace to the organization's records. 
B)  I only 
C)  I and IV only 
D)  II and III only 
E)  III and IV only

Which of the following statements is not true about the oversight and review of working papers by the chief audit executive (CAE)?

Which of the following statements regarding the use of external contracted services by the chief audit executive (CAE) is false?

In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should:

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

During an audit, an employee, who does not want to be identified, offers to provide information that would be damaging to the organization and may concern illegal activities. Which of the following actions by the auditor would not be consistent with the IIA Code of Ethics and Standards?

In performance auditing, which of the following must first be determined by the internal auditor?

In a review of an electronic data interchange application using a third-party service provider, the auditor should:

Which of the following would constitute a violation of the IIA Code of Ethics?

Which of the following would be the least desirable criteria against which to judge current operations of an organization's treasury function?

The chief audit executive (CAE) notes that management has adopted the option of not taking action on an audit issue involving a sizeable risk which has been accepted in the past. Which would be an appropriate action by the CAE?

Which of the following tasks is typically performed in the analysis phase of a benchmarking consulting engagement?

When assessing the risk associated with an activity, an internal auditor should:

Which of the following audit steps would be most effective to review proper recording of and accountability over physical assets?

Certified Financial Services Auditor

Certified Government Auditing Professional

The Internal Audit Activity Role in Governance, Risk, and Control

Business Analysis and Information Technology

Filters

Exam 4: Conducting the Internal Audit Engagement

Which of the following statements is not true about the oversight and review of working papers by the chief audit executive (CAE)?

Which of the following statements regarding the use of external contracted services by the chief audit executive (CAE) is false?

In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should:

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

During an audit, an employee, who does not want to be identified, offers to provide information that would be damaging to the organization and may concern illegal activities. Which of the following actions by the auditor would not be consistent with the IIA Code of Ethics and Standards?

In performance auditing, which of the following must first be determined by the internal auditor?

In a review of an electronic data interchange application using a third-party service provider, the auditor should:

Which of the following would constitute a violation of the IIA Code of Ethics?

Which of the following would be the least desirable criteria against which to judge current operations of an organization's treasury function?

The chief audit executive (CAE) notes that management has adopted the option of not taking action on an audit issue involving a sizeable risk which has been accepted in the past. Which would be an appropriate action by the CAE?

Which of the following tasks is typically performed in the analysis phase of a benchmarking consulting engagement?

When assessing the risk associated with an activity, an internal auditor should:

Which of the following audit steps would be most effective to review proper recording of and accountability over physical assets?

Certified Financial Services Auditor

Certified Government Auditing Professional

The Internal Audit Activity Role in Governance, Risk, and Control

Business Analysis and Information Technology

Filters