TestKings.IIA-CIA-Part2 - GRATIS EXAM · TestKings.IIA-CIA-Part2.508Q Number : IIA-CIA-Part2 Passing Score : 800 Time Limit : 120 min File Version : 6.6 IIA-CIA-Part2

TestKings.IIA-CIA-Part2.508Q

Number: IIA-CIA-Part2Passing Score: 800Time Limit: 120 minFile Version: 6.6

http://www.gratisexam.com/

IIA-CIA-Part2

Certified Internal Auditor - Part 2, Conducting the Internal Audit Engagement

I am so happy today because I today my result announce and it declared me passed with very goodgrades 91%.

I think,TestKing is the one to provide the highest amount of valid questions and correct answers.

Thank God that you guys supported and helped me in the right manner for making my success possiblein the exam with ease.

This product are the perfect ones that can help and guide you in achieving the biggest success in thistough test.

Questions cover all the new areas listed by IIA-CIA and look very valid and professional,

ALL the credit goes to this Excellent and wonderful vce file. Thanks

Exam A

QUESTION 1Which of the following audit techniques provides for continuous monitoring and analysis of computertransactions for detailed auditing?

A. Integrated test facility.B. Parallel simul-ation.C. Test data.D. Embedded audit routines.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:answer is right.

QUESTION 2Access control software on an organization's mainframe computer records detailed information concerningboth successful and unsuccessful log-on attempts to applications. Which of the following audit tools wouldbe best suited to review the access information that has been recorded?

A. Generalized audit software.B. Flowcharting.C. Integrated test facility.D. Test data.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:Explanation:

QUESTION 3Which of the following would provide the greatest assurance of the accuracy of a computer program'scomputation of freight charges for catalog sales?

A. Use discovery sampling, selecting transactions from invoices which should have freight charges addedto them.

B. Use either test data or parallel simul-ation to test the computer application.C. Use difference estimation, selecting transactions from invoices which should have freight charges

added to them.D. Use generalized audit software to select a monetary-unit sample of invoices that have been billed to

customers.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:absolute answer.

QUESTION 4If an auditor used nonstatistical sampling instead of statistical sampling to estimate the value of inventory,which of the following would be true?

A. The confidence level could not be quantified.B. The precision would be larger.

C. The projected value of inventory would be less reliable.D. The risk of incorrect acceptance would be higher.


Explanation/Reference:fine.

QUESTION 5In a sampling application, the group of items about which the auditor wants to estimate some characteristicis called the.


A. Population.B. Attribute of interest.C. Sample.D. Sampling unit.


Explanation/Reference:answer is perfect.

QUESTION 6An internal auditor would most likely use attributes sampling when testing which of the following?

A. Accounts receivable balances.B. Correct coding of accounts payable disbursement vouchers.C. Year-end inventory value.D. Fixed asset book value.


Explanation/Reference:answer is perfect.

QUESTION 7An audit department has received anonymous information that an employee has allegedly been able tosteal and cash checks sent to the organization by customers. What is the most efficient way for an auditorto determine how this type of fraud could occur and who might be the perpetrator?

A. Confirm accounts receivable.B. Confirm accounts payable.C. Review the endorsements and banks of deposit on customers' canceled checks.D. Flowchart and analyze key controls in the cash receipts process.


Explanation/Reference:Best answer.

QUESTION 8If an auditor expects to find numerous discrepancies between recorded values and audited values ofsample selections, which sampling technique would be most appropriate?

A. Attributes sampling.B. Probability-proportional-to-size sampling.C. Difference estimation sampling.D. Discovery sampling.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:absolute answer.

QUESTION 9During an audit of a retail organization, an internal auditor found a scheme in which the warehouse directorand the purchasing agent diverted approximately $500,000 of goods to their own warehouse, then sold thegoods to third parties. The fraud was not found earlier since the warehouse director updated the perpetualinventory records and then forwarded receiving reports to the accounts payable department for processing.Which of the following procedures would have most likely led to the discovery of the missing materials andthe fraud?

A. Select a random sample of receiving reports and trace to the recording in the perpetual inventoryrecords. Note differences and investigate by type of product.

B. Select a random sample of purchase orders and trace to receiving reports and to the records in theaccounts payable department.

C. Take an annual physical inventory, reconciling amounts with the perpetual inventory records. Note thepattern of differences and investigate.

D. Select a random sample of sales invoices and trace to the perpetual inventory records to see ifinventory was on hand. Investigate any differences.


Explanation/Reference:options are clearly written.

QUESTION 10Which of the following factors would increase the confidence level in a variables sampling plan?

A. A larger sample size.II. A stratified sample.III. A larger standard deviation.

B. I and II onlyC. I and III onlyD. II and III onlyE. I, II, and III

Correct Answer: ASection: (none)

Explanation

Explanation/Reference:proper answer.

QUESTION 11If an auditor is sampling to test compliance with a particular company policy, which of the following factorsshould not affect the allowable level of sampling risk?

A. The experience and knowledge of the auditor.B. The adverse consequences of noncompliance.C. The acceptable level of risk of making an incorrect audit conclusion.D. The cost of performing auditing procedures on sample selections.


Explanation/Reference:exact answer.

QUESTION 12Which of the following describes an internal auditor's responsibilities to include audit procedures to detectfraud in audits of a multinational organization?

A. International Accounting Standards require the internal auditor to include audit procedures which woulddetect fraud if it would cause a material misrepresentation of the financial statements.

B. Internal auditors do not have any specific responsibilities with respect to including fraud-related auditprocedures.

C. Proper audit procedures, when carried out with due professional care, will guarantee that fraud, ifpresent, will be detected.

D. If significant control weaknesses are detected, additional tests should be directed toward otherindicators of fraud.


Explanation/Reference:genuine answer.

QUESTION 13An appliance repair company is considering relocating the center that houses its service vehicles. Aninternal auditor wants to determine the potential reduction in average miles driven by the service vehicles ifthe center is relocated. Which of the following statistical sampling methods would be most appropriate forthis test?

A. Attributes sampling.B. Discovery sampling.C. Probability-proportional-to-size sampling.D. Mean-per-unit sampling.


Explanation/Reference:real answer.

QUESTION 14

Monetary-unit sampling is most useful when the internal auditor:

A. Is testing the accounts payable balance.B. Cannot cumulatively arrange the population items.C. Expects to find several material errors in the sample.D. Is concerned with overstatements.


Explanation/Reference:rightful answer.

QUESTION 15If management expects 100 percent compliance with a procedure, which of the following samplingapproaches would be most appropriate?

A. Attributes sampling.B. Discovery sampling.C. Targeted sampling.D. Variables sampling.


Explanation/Reference:answer is valid.

QUESTION 16An internal auditor is discussing an audit problem with an engagement client. While listening to the client,the internal auditor should:

A. Prepare a response to the client.B. Take mental notes on the speaker's nonverbal communication, as it is more important than what is

being said.C. Make sure that all details, as well as the main ideas of the client, are remembered.D. Integrate the incoming information from the client with information that is already known.



QUESTION 17An auditor is using an internal control questionnaire as part of a preliminary survey. Which of the followingis the best reason for the auditor to interview management regarding the questionnaire responses?

A. Interviews provide the opportunity to insert questions to probe promising areas.B. Interviews are the most efficient way to upgrade the information to the level of objective evidence.C. Interviewing is the least costly audit technique when a large amount of information is involved.D. Interviewing is the only audit procedure which does not require confirmation of the information that is

obtained.


Explanation


QUESTION 18Many questionnaires are made up of a series of different questions that use the same response categories(for example: strongly agree, agree, neither, disagree, strongly disagree). Some designs will have differentgroups of respondents answer alternate versions of the questionnaire that present the questions in differentorders and reverse the orientation of the endpoints of the scale (for example:agree on the right and disagree on the left). The purpose of such questionnaire variations is to:

A. Eliminate intentional misrepresentations.B. Reduce the effects of pattern response tendencies.C. Test whether respondents are reading the questionnaire.D. Make it possible to get information about more than one population parameter using the same

questions.



QUESTION 19An auditor used a questionnaire during an interview to gather information about the nature of credit salesprocessing. The questionnaire did not cover some pertinent information offered by the person beinginterviewed, and the auditor did not document the potential problems for further investigation.

The primary deficiency with the above process is that:

A. The auditor failed to consider the importance of the information offered.B. A questionnaire was used in a situation where a structured interview should have been used.C. Using a questionnaire precludes the auditor from documenting other information.D. The engagement program was incomplete.



QUESTION 20The use of standard operating procedure questionnaires in audit fieldwork can be beneficial because.

A. These questionnaires can both identify discrepancies and educate clients.B. Standard operating procedures are essential to the effectiveness and efficiency of operations.C. These questionnaires are more comprehensive than are other types of techniques for gathering data

during fieldwork.D. These questionnaires do not normally require prior clearance with management of the audited area.



QUESTION 21Checklists used to assess audit risk have been criticized for all of the following reasons except:

A. Providing a false sense of security that all relevant factors are addressed.B. Inappropriately implying equal weight to each item on the checklist.C. Decreasing the uniformity of data acquisition.D. Being incapable of translating the experience or sound reasoning intended to be captured by each item

on the checklist.


Explanation/Reference:straight answer.

QUESTION 22A limitation of using ratio analysis in an audit engagement is that it:

A. Often uses financial information provided by management which has not been reviewed for reliabilityand validity.

B. Is an expensive method of testing.C. Requires computer software in order to develop meaningful interpretations of data.D. Is useful only when comparisons can be made across other industries.



QUESTION 23Which of the following would cause a company's accounts receivable turnover ratio to decrease steadilyover a three-year period?

A. An increase in the discount offered for early payment.B. A more liberal credit policy.


C. Invoices provided on a weekly rather than a monthly basis.D. Increased cash sales.


Explanation/Reference:answer is real.

QUESTION 24Which of the following would be the best audit procedure to use to determine if a division's unusually highsales and gross margin for November and December were the result of fraudulently recorded sales?

A. Trace a sample of shipping documents to related sales invoices to verify proper billing.B. Confirm accounts receivable balances with customers.C. Compare sales and gross margin totals with those of the previous ten months and the first month of the

following year.D. Use regression analysis techniques to estimate the sales and cost of goods sold for November and

December.


Explanation/Reference:satisfied with the answer.

QUESTION 25Which of the following factors could interfere with effective problem solving by an internal auditor?

A. Reacting to previous experiences with clients.II. Focusing only on the most likely cause.III. Correcting the symptoms of problems.

B. I onlyC. III onlyD. I and II onlyE. I, II, and III



QUESTION 26A company owns a machine that will produce 100 light switches in four hours. Due to increased demand, asecond machine capable of producing 100 light switches in three hours has been added.

Approximately how many hours will it take to produce 100 light switches using both machines workingtogether?

A. 7.0B. 3.5C. 1.7D. 0.58



QUESTION 27A retail sales company has discontinued a product that normally sold for $100. During the first month of asale of the product, a 20 percent discount was given. Later that sale price was reduced by an additional 40percent. What was the overall discount from the original selling price?

A. 60 percent.B. 52 percent.C. 48 percent.

D. 30 percent.


Explanation/Reference:nice.

QUESTION 28A recent survey indicated that residents of a small town take the train to a nearby city eight times permonth, on average. The same survey showed that the number of train trips that a resident takes per month(y) is determined by the number of days per month that the resident works in the nearby city (x), accordingto the equation: y = 2 + 2x. A person who never works in the nearby city is expected to take the train:

A. Zero times per month.B. Two times per month.C. Four times per month.D. Eight times per month.



QUESTION 29A manager of one of a retailer's several retail outlets is stealing cash from cash sales, recording the salesas accounts receivable, and subsequently writing off the fictitious accounts receivable as bad debts. Whichof the following comparisons would be most effective in signaling the possibility of such a fraud?

A. Bad debt expense as a percentage of sales, compared to that of the other outlets.B. Bad debt expense as a percentage of sales, compared to that of previous years.C. Percentage of past-due accounts receivable, compared to that of the other outlets.D. Percentage of past-due accounts receivable, compared to that of previous years.



QUESTION 30An auditor is performing a review of a complex process to identify opportunities to increase efficiency. Whatis the most practical way to document the process to identify areas of inefficiency?

A. Write a description of the process activities in sequential order.B. Develop a PERT (program evaluation and review technique) diagram.C. Flowchart the process.D. Create a decision tree.


Explanation/Reference:fit answer.

QUESTION 31Which of the following methods would an auditor most likely use to document a complex sales orderprocess?

A. Develop a horizontal flowchart, with supporting documentation for key control points.B. Create a critical path method chart, noting the processes involved for each step.C. Perform a process review, assigning time and cost to each step of the process to develop a hierarchy

flowchart.D. Utilize a systems narrative, which can be updated during subsequent audits.


Explanation/Reference:up to date answer.

QUESTION 32An internal auditor is evaluating controls over the purchasing function. The function includes the materialcontrol department, the purchasing department, and the receiving department. Which of the following istrue regarding the presentation of the process flow among the three departments?

A. A vertical flowchart of each department, showing inputs at the top and outputs at the bottom, would bemost useful.

B. Flowcharts are not useful for documenting process flow.C. A horizontal flowchart, with the departments described across the top and the process flowing

horizontally, would be most useful.D. Both a flowchart and narratives are needed due to the number of departments involved.



QUESTION 33A fast-food company is developing a computer simul-ation involving arrival time at a drive-throughrestaurant. The distribution for arrival times is:

TimeSingle-Digit RandomBetween ArrivalsProbabilityNumber Assigned1 minute0.12 minutes0.21, 23 minutes0.33, 4, 54 minutes0.46, 7, 8, 9

Six random numbers are selected to represent the arrival of six cars: 1, 6, 9, 0, 5, 6. The mean timebetween arrivals for these cars, in this run of the simul-ation model, is:

A. 1 minute.

B. 2 minutes.C. 3 minutes.D. 4 minutes.


Explanation/Reference:answer is to the point.

QUESTION 34The internal auditor of a bank has developed a multiple regression model which has been used for anumber of years to estimate the amount of interest income from commercial loans. During the current year,the auditor applies the model and discovers that the R2 value has decreased dramatically, but that themodel otherwise seems to be working correctly. Which of the following conclusions is justified by thechange?

A. Changing to a cross-sectional regression analysis should cause the R2 to increase.B. Regression analysis is no longer an appropriate technique to estimate interest income.C. Some new factors, not included in the model, are causing interest income to change.D. A linear regression analysis would increase the model's reliability.



QUESTION 35Five brand managers in a consumer products company met to determine how well certain promotions hadperformed. The data that they needed to analyze consisted of approximately 50 gigabytes of daily point-of-sale (POS) data for each month. The brand managers tried to download the POS data from the mainframeand import it into microcomputer spreadsheets for analysis. Their efforts were unsuccessful, most likelybecause oF.

A. The complexity of the mainframe data structure and the large volume of data.B. The difficulty of establishing access privileges for each subset of the mainframe data.C. Inconsistencies in the mainframe data due to lack of integrity constraints on the data files.D. Error-prone transmission links for downloading the data from the mainframe data files.



QUESTION 36After completing a net present value (NPV) calculation on a proposed project, an analyst explores thechange in NPV with changes in the interest rate. This additional analysis is referred to as:

A. Decision analysis.B. simul-ation.C. Sensitivity analysis.D. Variance analysis.

Correct Answer: CSection: (none)

Explanation


QUESTION 37A company used simple regression analysis to analyze maintenance costs against machine hours (MH) fora 26-week period when the plant was in full operation. The regression yielded the following estimated costfunction:

Maintenance Cost = $60 + $0.25/MH

The regression analysis also generated a coefficient of determination (R2), or goodness of fit, of 0.85.Which of the following statements regarding this regression analysis is appropriate?

A. This regression can be used to determine the maintenance cost for any period at any activity level bysubstituting the machine hours in the equation.

B. The $60 component represents the best estimate of fixed maintenance costs for the company in ashutdown situation.

C. The $0.25 component is the slope coefficient of the cost estimate and represents the average variablemaintenance cost per machine hour.

D. The coefficient of determination of R2 = 0.85 indicates that the goodness of fit is poor because the valueis close to the maximum value of one.


Explanation/Reference:valid.

QUESTION 38Which of the following techniques could be used to evaluate the effectiveness of changes to the operationof a computer help line?

A. Benchmarking.B. Baseline measurements.C. Walk-throughs.D. Quality circles.



QUESTION 39One method for dealing with the uncertainty of demand forecasts used in linear programming is to extendthe model solution to include.

A. Sensitivity analysis.B. Goal seeking.C. Branch-and-bound solutions.D. Nonlinear programming.


Explanation/Reference:

Explanation:

QUESTION 40Which of the following factors is least essential to a successful control self-assessment workshop?

A. Voting technology.B. Facilitation training.C. Prior planning.D. Group dynamics.



QUESTION 41Which of the following would not be characteristic of control self-assessment implemented by an auditdepartment?

A. An auditor usually facilitates the discussion during the workshop phase while another records commentsfor subsequent use.

B. Auditors and business-unit employees work as a team.C. Auditors perform traditional audit tests to identify control weaknesses.D. Participants discuss the control weaknesses that hinder the achievement of objectives.



QUESTION 42Which of the following is an advantage of control self-assessment (CSA) over conventional auditingtechniques?

A. CSA evaluates control activities and human resource practices.B. CSA provides assurance about whether business objectives will be met.C. CSA facilitates obtaining input from subject-matter experts efficiently.D. CSA provides assurance that action will be taken to improve deficiencies.



QUESTION 43During which of the following systems development stages would it be most useful for an internal auditor tobe involved?

A. Coding and testing.B. User acceptance and post-implementation.C. Design and implementation.D. Testing and user acceptance.



QUESTION 44An auditor decides to vouch a sample of ledger entries back to their original documentation. In terms ofwhether all transactions had been recorded, this test would bE.

A. Relevant to the completeness objective.B. Irrelevant to the completeness objective.C. A more timely test of completeness than evidence from interviews.D. A more biased test of completeness than evidence from interviews.



QUESTION 45All of the following tools are employed to control large-scale projects except:

A. Program evaluation and review technique (PERT).B. Critical path method.C. Statistical process control.D. Gantt charts.



QUESTION 46An audit of an organization's claims department determined that a large number of duplicate payments hadbeen issued due to problems in the claims processing system. During the exit conference, the vicepresident of the claims department informed the auditors that attempts to recover the duplicate paymentswould be initiated immediately and that the claims processing system would be enhanced within six monthsto correct the problems. Based on this response, the chief audit executive should:

A. Adjust the scope of the next regularly scheduled audit to assess controls within the claims processingsystem.

B. Discuss the findings with the audit committee and ask the committee to determine the appropriatefollow-up action.

C. Schedule a follow-up engagement within six months to assess the status of corrective action.D. Monitor the status of corrective action and schedule a follow-up engagement when appropriate.



QUESTION 47

An audit of a company's accounts payable found that the individuals responsible for maintaining the vendormaster file could also enter vendor invoices into the accounts payable system. During the exit conference,management agreed to correct this problem. When performing a follow-up engagement of accountspayable, the auditor should expect to find that management has:

A. Transferred the individuals who maintained the vendor master file to another department to ensure thatresponsibilities are appropriately segregated.

B. Compared the vendor and employee master files to determine if any unauthorized vendors have beenadded to the vendor master file.

C. Changed the access control system to prevent employees from both entering invoices and approvingpayments.

D. Modified the accounts payable system to prevent individuals who maintain the vendor master file fromentering invoices.



QUESTION 48What is the primary factor that determines the depth and breadth of audit follow-up?

A. The engagement client's written response to the audit findings.B. The auditor's assessment of risk associated with the audit findings.C. The auditor's assessment of personnel responsible for correcting audit findings.D. The availability of audit personnel and financial resources.



QUESTION 49At the conclusion of an audit of an organization's treasury department, a report was issued to the treasurer,chief financial officer, president, and board. Because of the sensitivity of some findings, a follow-up reviewwas performed. The auditor should provide the report of follow-up findings to the.

A. Treasurer.II. Chief financial officer.III. President.IV. Board.

B. I and II onlyC. III and IV onlyD. I, II, and III onlyE. I, II, III, and IV.



QUESTION 50When interrogating an individual who is suspected of fraud, it is appropriate to:

A. Tell the individual that any information disclosed in the interrogation will not be disclosed outside of thecompany.

B. Start the interview with questions to which the interviewer already knows the answer.C. Discontinue questioning once the individual has confessed to the fraud.D. Prepare a list of questions prior to the interrogation and strictly adhere to the list.



QUESTION 51Questions used to interrogate individuals suspected of fraud should:

A. Adhere to a predetermined order.B. Cover more than one subject or topic.C. Move from general to specific.D. Direct the individual to a desired answer.



QUESTION 52A chief audit executive (CAE) suspects that several employees have used desktop computers for personalgain. In conducting an investigation, the primary reason that the CAE would choose to engage a forensicinformation systems auditor rather than using the organization's information systems auditor is that aforensic information systems auditor would possess:

A. Knowledge of the computing system that would enable a more comprehensive assessment of thecomputer use and abuse.

B. Knowledge of what constitutes evidence acceptable in a court of law.C. Superior analytical skills that would facilitate the identification of computer abuse.D. Superior documentation and organization skills that would facilitate in the presentation of findings to

senior management and the board.



QUESTION 53While conducting a payroll audit, an internal auditor in a large government organization found inadequatesegregation in the duties assigned to the assistant director of personnel. When the auditor explained therisk of fraud, the assistant director became upset, terminated the interview, and threatened to sue theorganization for defamation of character if the audit engagement was not curtailed. The auditor discussedthe situation with the chief audit executive (CAE). The CAE should then:

A. Curtail the audit engagement to avoid potential legal action.B. Provide a report to senior management recommending a fraud investigation.C. Continue the original engagement program as planned but include a comment about the assistant

director's reaction in the engagement final communication.D. Add additional testing to determine whether other indicators of fraud exist.



QUESTION 54Which of the following is the most appropriate step for the chief audit executive to take in order to avoiddefamation of character of the principal suspect in a fraud investigation?

A. Restrict the use of potentially damaging words to privileged reports or discussions.B. Label all workpapers, reports, and correspondence of the internal audit activity as private.C. Restrict discussions of the fraud to members of management who express an interest in the

investigation.D. Destroy all investigation workpapers and reports if the fraud cannot be proven.



QUESTION 55The scope of a consulting engagement performed by internal auditors should:

A. Be sufficient to address the objectives agreed upon with the client.B. Exclude areas that might be the subject of subsequent assurance engagements.C. Be limited to activities within the current operating period.D. Be preapproved in conjunction with the annual plan of consulting engagements.



QUESTION 56The following are potential sources of evidence regarding the effectiveness of a division's total qualitymanagement program. The least persuasive evidence would be a comparison oF.


A. Employee morale before and after program implementation.B. Scrap and rework costs before and after program implementation.C. Customer returns before and after program implementation.D. Manufacturing and distribution costs per unit before and after program implementation.



QUESTION 57A chief audit executive (CAE) of a major retailer has engaged an independent firm of information securityspecialists to perform specialized internal audit activities. The CAE can rely on the specialists' work only if itis:

A. Performed in accordance with the terms of the contract.B. Carried out in accordance with the Standards.C. Performed under the supervision of the information technology department.D. Carried out using standard review procedures for retailers.



QUESTION 58When conducting a performance appraisal of an internal auditor who has been a below-average performer,it is not appropriate to:

A. Notify the internal auditor of the upcoming appraisal several days in advance.B. Use objective, impartial language.C. Use generalizations.D. Document the appraisal.



QUESTION 59An organization contracted a third party to construct a new facility that was estimated to cost $25 million.Which of the following is the most pertinent reason for the organization to audit the contractor's records?

A. The contract includes a right-to-audit clause.B. The contractor will be paid on a cost-plus basis.C. The estimated cost is high.D. The contractor has subcontracted much of the work.



QUESTION 60Which of the following would not be an appropriate step for an internal auditor to perform during anassessment of compliance with an organization's privacy policy?

A. Determine who can access databases containing confidential information.B. Evaluate the organization's privacy policy to determine if appropriate information is covered.C. Analyze access to permanent files and reports containing confidential information.

D. Evaluate the government's security measures related to confidential information received from theorganization.



QUESTION 61An internal auditor for a financial institution has just completed an audit of loan processing. Of the 81 loansapproved by the loan committee, the auditor found seven loans which exceeded the approved amount.Which of the following actions would be inappropriate on the part of the auditor?

A. Examine the seven loans to determine if there is a pattern. Summarize amounts and include in theengagement final communication.

B. Report the amounts to the loan committee and leave it up to them to correct. Take no further follow- upaction at this time and do not include the items in the engagement final communication.

C. Follow up with the appropriate vice president and include the vice president's acknowledgment of thesituation in the engagement final communication.

D. Determine the amount of the differences and make an assessment as to whether the dollar differencesare material. If the amounts are not material, not in violation of government regulations, and can berationally explained, omit the observation from the engagement final communication.



QUESTION 62During a systems development audit, software developers indicated that all programs were moved from thedevelopment environment to the production environment and then tested in the production environment.What should the auditor recommend?

A. Implement a test environment to ensure that testing is not performed in the production environment.II. Require developers to move modified programs from the development environment to the testenvironment and from the test environment to the production environment.III. Eliminate access by developers to the production environment.

B. I onlyC. III onlyD. I and II onlyE. I and III only



QUESTION 63A post-audit questionnaire sent to audit clients is an effective mechanism for:

A. Substantiating audit observations.B. Promoting the internal audit activity.C. Improving future audit engagements.D. Validating process flow.



QUESTION 64Which of the following must an auditor establish in order to demonstrate that fraud has occurred?

A. Monetary damage to the victim.B. The suspect's intent.C. Existence of an internal control deficiency.D. Evidence of collusion.



QUESTION 65Which of the following would be the least important reason for a company to merge with another company?

A. To diversify risk.B. As a response to new government policy.C. To reduce labor costs.D. To increase stock prices.



QUESTION 66Which of the following potential performance measures should an auditor recommend excluding from aperformance scorecard?

A. Number of employees.B. Market share.C. Number of customer complaints.D. Training dollars per employee.



QUESTION 67Which of the following is the best approach for obtaining feedback from engagement clients regarding thequality of internal audit work?

A. Ask questions during the exit interviews and send copies of the documented responses to the clients.B. Call engagement clients after the exit interviews and send copies of the documented responses to the

clients.C. Distribute questionnaires to selected engagement clients shortly before preparing the internal audit

annual activity report.D. Provide questionnaires to engagement clients at the beginning of each engagement and request that

the clients complete and return them after the engagements.



QUESTION 68After completing a fraud investigation but before publishing a formal written report, the chief audit executiveshould submit a draft of the final report to the organization's:

A. Legal counsel.B. External auditor.C. Audit committee chairperson.D. Chief executive officer.



QUESTION 69Senior management of an organization has requested that the internal audit activity provide ongoinginternal control training for all managerial personnel. This is best addressed by:

A. A formal consulting engagement.B. An informal consulting engagement.C. A performance assurance engagement.D. An operational assurance engagement.



QUESTION 70A key to effective benchmarking in a consulting engagement is identifying the issues that can be:

A. Reviewed by all internal audit staff members.B. Shared with all internal audit customers.C. Measured and controlled by the engagement client.D. Discussed with the board or audit committee.



QUESTION 71After issuance of the engagement final communication for an audit of an organization's accounts payablefunction, which of the following should be sent satisfaction surveys?

A. Manager of disbursements.II. Controller.III. Chief operating officer.IV. Audit committee members.

B. I onlyC. I and II onlyD. II and III onlyE. II, III, and IV only



QUESTION 72In a client satisfaction survey for an internal audit engagement, client management should be asked toassess which of the following factors?

A. Audit team's knowledge of the audited area.II. Usefulness of the audit results.III. Quality of management of the internal audit activity.IV. Clarity of the scope and objectives of the audit engagement.

B. I and II onlyC. II and IV onlyD. I, II, and IV onlyE. I, III, and IV only



QUESTION 73In response to an accounts receivable confirmation, a customer indicated that the invoice listed on theconfirmation letter had been paid two months earlier.This may indicate that:

A. The receivable was selected for confirmation in error.B. The customer is a bad credit risk.C. The receivable should be written off.D. Fraudulent activity has occurred.



QUESTION 74Which of the following conclusions would be appropriate for a beginning auditor performing an audit of apayroll department?

A. Employee taxes have been deducted at the correct rates, and the taxes have been forwarded to theappropriate government agency.

B. Although there is insufficient segregation of duties, the impact is mitigated by compensating controls.C. The payroll computer system should be replaced.D. The payroll department staff has the appropriate level of skills.



QUESTION 75An audit of customer accounts receivable found that outstanding receivables as a percentage of revenuehad increased significantly during the past two years. The increase was attributed to the extension of credit,at the urging of the marketing department, to a number of companies that were not creditworthy. Which ofthe following would be least useful in monitoring the disposition of this finding?

A. Responses from the manager of accounts receivable regarding collection of outstanding receivables.B. Periodic updates from the controller regarding the status of corrective actions.C. Information from the credit and marketing personnel assigned the responsibility for reevaluating credit

policies.D. Updates from the information technology division regarding implementation of a new accounts

receivable system.



QUESTION 76During an audit of a major metropolitan museum, an auditor was unable to locate selected items from themuseum's collection. The director of the museum informed the auditor that the upcoming replacement ofthe museum's inventory tracking system would address the auditor's concerns. What follow-up activityshould the auditor propose?

A. Receive periodic feedback from museum staff regarding the status of the system implementation.B. Monitor the system implementation and schedule a follow-up review once the new system is in place.C. Determine whether the items are indeed missing and assess the ability of the new system to remedy the

problem.D. Schedule an audit of the museum's security systems to determine if theft is a problem.



QUESTION 77An audit of a Web-based third-party payment processor determined that a programming error enabledcustomers to create multiple accounts for each mailing address. This caused problems during theprocessing of credit card transactions. Management agreed to correct the program and notify customerswith multiple accounts that the accounts would be consolidated. What should the auditor do in response?

A. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts

were consolidated.II. Evaluate the adequacy and effectiveness of the corrective action proposed by management.III. Schedule a follow-up review to verify that the program was corrected and the accounts wereconsolidated.IV. Do nothing because management has agreed to address the problem.

B. III onlyC. IV onlyD. I and II onlyE. II and III only



QUESTION 78A company's cellular phone costs vary significantly by sales representative and by month. Which of thefollowing would be the most appropriate approach for a consulting project concerning this issue?

A. Control self-assessment involving sales representatives.B. Benchmarking with other cellular phone users.C. Business process review of cellular phone needs.D. Performance measurement and design of the budgeting process.



QUESTION 79Which of the following would be the most effective method to prevent installation of new equipment thatdoes not meet environmental permit requirements, or to prevent modification of current processes in such away that they no longer meet permit requirements?

A. Require that the environmental compliance department perform regular inspections of themanufacturing facility to identify new equipment or process modifications in progress.

B. Rely on annual inspections by various regulatory agencies to identify equipment or processes thatrequire a permit.

C. Require that the staff of the environmental compliance department attend monthly safety meetings indifferent parts of the facility so that they can hear directly from the workers about any changes.

D. Include the environmental compliance department in the review of proposed process changes andequipment purchases affecting permit requirements.



QUESTION 80Which of the following types of internal audit consulting engagements is an example of a facilitationservice?

A. Conducting control self-assessment workshops.II. Participating on standing committees.

III. Reviewing regulatory compliance.IV. Benchmarking.

B. Estimating savings from outsourcing processes.C. I and IV onlyD. I, III, and IV onlyE. II, III, and V onlyF. I, II, III, IV, and V.



QUESTION 81Which of the following best defines an engagement conclusion?

A. An auditor's determination of the cause of an engagement observation.B. An auditor's professional judgment of the situation which was reviewed.C. An opinion that must be included in the engagement final communication.D. A recommendation for corrective action.



QUESTION 82While investigating a compromised Web server, an auditor found that the Web server logs had beendeleted. The auditor should recommend that the Web server logs bE.

A. Generated and maintained on a separate secure server.B. Accessible by administrative users onlyC. Encrypted to ensure that the logs cannot be deleted.D. Restored automatically to the Web server from backup files.



QUESTION 83Which of the following actions by management would reduce an employee's opportunity to commit fraud?

A. Establishing physical controls over company assets.B. Eliminating bonuses tied to sales or other performance goals.C. Defining ethical behavior expectations in the company handbook.D. Identifying consequences, such as termination, for fraudulent activities.



Explanation:

QUESTION 84Which of the following are typical steps in the design of an organization's performance measurementsystem?

A. Understand organizational strategy; perform a situational assessment; establish measurementcategories; and take actions based upon measurement results.

B. Categorize performance measures; establish a data collection plan; analyze data; and predict futureperformance.

C. Establish a measurement plan; create an organizational strategy linked to those measurements; trendmeasurement data; and measure data variability.

D. Perform a situational assessment; generate macro measurements; review measurement data; andchange strategy based upon measurement results.



QUESTION 85When interviewing an individual suspected of fraud, what type of questions would be asked after theintroductory questions?

A. Informational questions.B. Admission-seeking questions.C. Assessment questions.D. Closing questions.



QUESTION 86Which of the following activities would be performed during a benchmarking consulting engagement?

A. Collect data relevant to the benchmarking process.II. Review all business processes.III. Define critical success factors.IV. Identify performance gaps.

B. I and III onlyC. II and IV onlyD. I, II, and III onlyE. I, III, and IV only



QUESTION 87Which of the following tests must an internal auditor perform in order to ensure that inbound electronic datainterchange (EDI) transactions are received and translated accurately?

A. Computerized tests to assess transaction reasonableness and validity.II. Review of log books to ensure that transactions are logged upon receipt.III. Edit checks to identify unusual transactions.IV. Verification of limitations on the authority of users to initiate specific EDI transactions.

B. I and IV onlyC. II and III onlyD. I, II, and III onlyE. I, II, III, and IV.



QUESTION 88A chief audit executive has noticed that staff auditors are presenting more oral reports to supplementwritten reports. The best reason for the increased use of oral reports is that they:

A. Reduce the amount of testing required to support audit findings.B. Can be delivered in an informal manner without preparation.C. Can be prepared using a flexible format and reduce the information included in the written report.D. Permit auditors to counter arguments and provide additional information that the audience may require.



QUESTION 89Which of the following is a responsibility of the internal auditor once a fraud investigation has beenconcluded?

A. Ascertain the extent to which fraud has been perpetrated.B. Notify the appropriate regulatory authorities regarding the outcome of the investigation.C. Determine if controls need to be implemented or strengthened to reduce future vulnerability.D. Implement controls to prevent future occurrences.



QUESTION 90A bank is developing an integrated customer information system. The type of audit involvement that wouldmost likely help avoid implementation of a system that does not cover all types of accounts would be:

A. A design review.B. An application control review.C. A source code review.D. An access control review.

Correct Answer: A

Section: (none)Explanation


QUESTION 91The internal audit activity can be involved with systems development continuously, immediately prior toimplementation, after implementation, or not at all. An advantage of continuous internal audit involvementcompared to the other types of involvement is that:

A. The cost of audit involvement can be minimized.B. There are clearly defined points at which to issue audit comments.C. Redesign costs can be minimized.D. The threat of lack of audit independence can be minimized.



QUESTION 92In a review of an electronic data interchange application using a third-party service provider, the auditorshould:

A. Ensure encryption keys meet International Organization for Standardization (ISO) standards.II. Determine whether an independent review of the service provider's operation has been conducted.III. Verify that only public-switched data networks are used by the service provider.IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit.

B. I and II onlyC. I and IV onlyD. II and III onlyE. II and IV only



QUESTION 93Once an audit report is drafted, the auditor's supervisor should review it primarily to ensure that all:

A. Statements are supported and can be authenticated.B. Recommendations for corrective action are clear.C. Processes within the audited area were reviewed.D. Sample sizes appear appropriate for any issues found.



QUESTION 94In preparing to facilitate a control self-assessment session, an auditor would be least likely to ensure that:

A. Key stakeholders are represented in the group.B. An independent content expert is available to help settle disagreements.C. Background research is completed to familiarize the auditor with relevant issues.D. Management is consulted on the issues and priorities.



QUESTION 95What decision-making approach should a facilitator initiate if a group addresses an unfamiliar situationduring a control self-assessment session?

A. Spontaneous agreement.B. Consensus building.C. Majority voting.D. Compromise.



QUESTION 96If participants in a control self-assessment workshop begin breaking their agreed-upon ground rules, thefacilitator should:

A. Ignore the behavior and continue the workshop.B. Allow them to continue briefly and then remind them of the ground rules.C. Have the participants modify the ground rules.D. Strictly enforce the ground rules.



QUESTION 97Which of the following is the first step in the process where auditors and clients work together to evaluatethe clients' system of internal control?

A. Assess risks.B. Develop questionnaires.C. Identify and assess controls.D. Identify objectives.



Explanation:

QUESTION 98An internal auditor has a recommendation to change operations which could potentially increase profits by$50,000. The best way to sell this recommendation to management is to:

A. Carefully work out the details of implementation before presenting it to department management.B. Discuss it with operating supervisors who are directly affected by the change, and then with department

management.C. Bring it to the audit manager, who should bring it immediately to senior management's attention.D. Wait until the exit conference to discuss it in order to ensure all affected parties are present.



QUESTION 99A chief audit executive agrees to conduct an engagement that will focus on customers' perceptions of thequality of the organization's products and services. Which of the following issues should be addressed first?

A. Cost-effectiveness.B. Quality control.C. Customer complaints.D. Supplier deliveries.



QUESTION 100During an information security audit, an auditor discovers that the current disaster recovery plan wasdeveloped three years ago but never tested. There have been significant changes to information systemssince the plan was developed. The auditor should:

A. Ask management to test the recovery plan immediately.B. Recommend that management and users update and test the recovery plan.C. Update the recovery plan for management as part of the review.D. Review the recovery plan and report weaknesses to management.



QUESTION 101The most effective method of reporting engagement results to management and stimulating action is to:

A. Deliver a lecture on the engagement results.B. Limit verbal commentary and present a series of slides that graphically depict the engagement results.C. Use slides to support a discussion of major points.D. Distribute copies of the report, ask the participants to read the report, and ask for questions.



QUESTION 102Which of the following items should be addressed in an organization's privacy statement?

A. Intended use of collected information.II.Data storage and security.III.Network/infrastructure authentication controls.IV.Data retention policy of the organization.Parties authorized to access information.

B. I and II onlyC. I and IV onlyD. I, II, and V onlyE. II, III, IV, and V only



QUESTION 103An internal auditor is conducting tests to determine if an organization is in compliance with its paymentapproval policies. After reviewing a sample of vouchers selected, the internal auditor concluded that therewere indicators of fraud. Which of the following would be the most appropriate method to expand the audittest to achieve the audit objective?

A. Validate the completeness of the accounts payable files.II.Examine the sample of vouchers in greater detail.III.Increase the number of vouchers in the sample.IV.Broaden the scope of the examination to include credits received by accounts payable.

B. I and II onlyC. II and III onlyD. I, II, and IV onlyE. I, III, and IV only



QUESTION 104During a review of performance measures in an organization's purchasing function, the preliminary surveyindicates that most of the measures have been in use for some time. The internal auditor should:

A. Review the data that was used to develop the measures.

B. Perform benchmarking in order to verify that the measures being used are meaningful.C. Establish the history of the measures and reasons for use.D. Report that the measures being used are out-of-date and should be improved.



QUESTION 105What is the primary reason for having audit management approve audit engagement reports?

A. To ensure that client concerns are appropriately addressed.B. To confirm proper format, grammar, and punctuation.C. To verify that senior management supports the report's conclusions.D. To validate that report findings are substantiated.



QUESTION 106Which of the following best defines an audit opinion?

A. A summary of the significant audit observations and recommendations.B. An auditor's evaluation of the effects of the observations and recommendations on the activities

reviewed.C. A conclusion which must be included in the audit report.D. A recommendation for corrective action.



QUESTION 107Which of the following is typically not a reason for committing financial statement fraud?

A. To dispel negative market perception.B. To disguise a duplicate payment to a vendor.C. To obtain more favorable terms on financing.D. To receive performance-related bonuses.



QUESTION 108Which of the following is a red flag associated with fictitious revenues?

A. Slow growth or unusually low profitability.B. Unusual decrease in the number of days' sales in receivables.C. Substantial increase in receivables turnover.D. Significant transactions with related parties.



QUESTION 109Which of the following is a red flag associated with improper asset valuation?

A. Unusual increase in gross margin.B. Unusual decrease in the number of days' purchases in inventory.C. Recurring positive cash flows from operations.D. Allowance for bad debts that is increasing in percentage terms.



QUESTION 110To furnish useful and timely information and promote improvements in operations, internal auditors shouldprovide:

A. Senior management with reports that emphasize the operational details of defective conditions.B. Operating management with reports that emphasize general concerns and risks.C. Information in written form before it is discussed with the engagement client.D. Reports that meet the expectations of both operational and senior management.



QUESTION 111An auditor evaluating excessive product rejection rates should investigatE.

A. Communication between sales and production departments on sales returns.II.Volume of product sales year-to-date in comparison to prior year-to-date.III.Changes in credit ratings of customers versus sales to those customers.IV.Detailed product scrap accounts and accumulations.

B. I and III onlyC. I and IV onlyD. II, III, and IV onlyE. I, II, III, and IV.



QUESTION 112Which of the following is the correct ratio to use in calculating the dollar value of the population if the auditoris using ratio estimation?

Number of ItemsAudited ValueCarrying AmountSample$500,000$480,000Population3,000$5,000,000

A. 0.10B. 0.96C. 1.04D. 10.00



QUESTION 113During an audit of a major contract, an auditor finds that actual hours and dollars billed are consistently ator near budgeted amounts. This condition is a red flag for which of the following procurement fraudschemes?

A. Defective pricing.B. Cost mischarging.C. Fictitious vendor.D. Bid rotation.



QUESTION 114A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has agambling habit. The gambling issue is not directly related to the existing engagement and there is pressureto complete the current engagement. The auditor notes the problem and forwards the information to thechief audit executive but performs no further follow-up. The auditor's actions woulD.

A. Be in violation of the IIA Code of Ethics for withholding meaningful information.II.Be in violation of the Standards because the auditor did not properly follow up on a red flag that mightindicate the existence of fraud.III.

Not be in violation of either the IIA Code of Ethics or Standards.B. I onlyC. II onlyD. III onlyE. I and II only



QUESTION 115An internal auditor has completed an audit of an organization's activities and is ready to issue a report.However, the client disagrees with the internal auditor's conclusions. The auditor should:

A. Withhold the issuance of the audit report until agreement on the issues is obtained.B. Issue the audit report and state both the auditor and client positions and the reasons for the

disagreement.C. Issue the audit report and omit the client's conclusion as it is not the opinion of the internal auditor.D. Perform additional work, with the client's concurrence, to resolve the areas of disagreement and delay

the issuance of the report until agreement is reached.



QUESTION 116Which of the following is an advantage of an interim report?

A. An interim report provides timely feedback to the audit engagement client.II.An interim report provides a mechanism for communicating information on red flags promptly while theyare being investigated.III.An interim report provides an opportunity for auditor follow-up of findings before the engagement iscompleted.IV.An interim report increases the probability that corrective action will be initiated more quickly.

B. I and IV onlyC. II and III onlyD. I, III, and IV onlyE. I, II, III, and IV.



QUESTION 117An internal auditor recommended that an organization implement computerized controls in its sales systemin order to prevent sales representatives from executing contracts in excess of their delegated authoritylevels. A follow-up review found that the sales system had not been modified, but a process had beenimplemented to obtain written approval by the vice president of sales for all contracts in excess of $1

million. The chief audit executive (CAE) would be justified in reporting this situation to the organization'sboard iF.

A. In the opinion of the CAE, the level of residual risk assumed by senior management is too high.II.Testing of compliance with the new process finds that all new contracts in excess of $1 million havebeen approved by the vice president of sales.III.The cost of modifying the sales system to include a preventive control is less than $100,000.

B. I onlyC. III onlyD. I and III onlyE. I, II, and III



QUESTION 118Which of the following factors would not be considered in determining appropriate follow-up procedures?

A. The significance of the audit finding.B. The effort and cost needed to correct the reported condition.C. The availability of funds in the audited department's budget to correct the reported condition.D. The potential consequences if the corrective action fails.



QUESTION 119Persuasive evidence indicates that a member of senior management has been involved in insider tradingthat would be considered fraudulent. However, the evidence was encountered during an operational auditand is not considered relevant to the audit. Which of the following is the most appropriate action for thechief audit executive to take?

A. Report the evidence to external legal counsel for investigation. Report the legal counsel findings tomanagement.

B. Report the evidence to the chairperson of the audit committee and recommend an investigation.C. Conduct sufficient audit work to conclude whether fraudulent activity has taken place, then report the

findings to the chairperson of the audit committee and to government officials if appropriate action is nottaken.

D. Discontinue audit work associated with the insider trading since it is not relevant to the existing audit.



QUESTION 120What is the most likely source of information for a detailed schedule of a company's insurance policies inforce?


A. Original journal entries found in the cash disbursements journal, along with supporting checksprocessed by the bank.

B. Policies and procedures governing insurance coverage.C. The current fiscal year's budget for insurance, together with the beginning balance of the prepaid

insurance account.D. The files containing insurance policies with various carriers.



QUESTION 121Confirmation would be most effective in addressing the existence assertion for:

A. The addition of a milling machine to a machine shop.B. Sales of merchandise during the regular course of business.C. Inventory held on consignment.D. The granting of a patent for a special process developed by the organization.



QUESTION 122In a payroll audit, a staff auditor suspects that signatures on some of the documents being sampled forexamination are not authentic. What action should the auditor take before proceeding with theexamination?

A. Suggest to the payroll manager that the suspicious documents should be sent to the organization'ssecurity department for forensic review.

B. Keep the suspicious documents in the workpaper file until the end of the engagement, and then discussthe suspicions with the payroll manager.

C. Discuss the suspicious documents with payroll staff to seek their views on the authenticity of thesignatures.

D. Review the suspicious documents with the chief audit executive and seek advice concerning furtherexamination.



QUESTION 123

In evaluating the validity of different types of audit evidence, which of the following conclusions is notcorrect?

A. Recomputation, though highly valid, is limited in usefulness due to its limited scope.B. The validity of documentary evidence is independent of the effectiveness of the control system in which

it was created.C. Internally created documentary evidence is considered less valid than externally created documentary

evidence.D. The validity of confirmations varies directly with the independence of the party receiving the

confirmation.



QUESTION 124Which of the following types of sampling techniques should an internal auditor use when testing theeffectiveness of internal controls?

A. Mean-per-unit sampling.B. Attributes sampling.C. Variables sampling.D. Dollar-unit sampling.



QUESTION 125What type of analysis is performed when an auditor tests for unusual variations in information by comparingthe number of employees working at a factory site with the direct cost of production each month over aperiod of one year?

A. Trend analysis.B. Ratio analysis.C. Regression analysis.D. Horizontal analysis.



QUESTION 126Which of the following data sources would provide the least valid data for an audit of a retail store'scustomer service?

A. A graph that compares staffing levels for selected times with store traffic (number of customers) overthe same time period.

B. A random survey of customer satisfaction given to customers as they leave the store.C. Interviews of randomly selected service personnel regarding the quality of service that they provide.D. A graph of customer service training across stores, comparing training with overall levels of service

satisfaction.



QUESTION 127Which of the following examples of audit evidence is the most persuasive?

A. Real estate deeds, which were properly recorded with a government agency.B. Canceled checks written by the treasurer and returned from a bank.C. Time cards for employees, which are stored by a manager.D. Vendor invoices filed by the accounting department.



QUESTION 128In reviewing the appropriateness of the minimum quantity level of inventory established by a department, anauditor would be least likely to consider:

A. Stockout costs, including lost customers.B. Seasonal variations in forecasting inventory demand.C. Optimal order sizes determined by an economic order quantity model.D. The potential for obsolescence of inventory items.



QUESTION 129During an audit, an employee, who does not want to be identified, offers to provide information that wouldbe damaging to the organization and may concern illegal activities. Which of the following actions by theauditor would not be consistent with the IIA Code of Ethics and Standards?

A. Promising to maintain the employee's anonymity and listening to the information.B. Suggesting that the employee consider talking to legal counsel.C. Informing the employee that an attempt will be made to keep the source of the information confidential

while looking into the matter further.D. Informing the employee of other methods of communicating this type of information.



QUESTION 130Which of the following would have the least impact (either positive or negative) on an assessment of a

department's control environment?

A. The department managed long-term investments, including investment in derivatives and other financialinstruments, to maximize return.

B. The department manager sets a tone of honesty and integrity in all business dealings and this tone isemulated by department personnel.

C. Many department functions were duplicated or verified by other department employees as part of thedepartment's normal procedures.

D. Audit tests designed to verify compliance with control procedures detected a general failure to followstandard procedures for transaction authorization.



QUESTION 131A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involvesrating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. Apartial list of risk factors and the ratings given to three of the bank's departments is provided below:

Which of the following statements regarding risk in the department is true?

A. As compared to departments A and C, department B has a stronger control system to compensate forthe greater complexity of the department's transactions and dollar value of its assets.

B. The internal audit activity should schedule audits of department B more often than audits of departmentC because of the relative control strength of department C as compared to department B.

C. The nature of department A's control structure may be justified by the nature of the department's assetsand the complexity of its transactions.

D. The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.



QUESTION 132A chief audit executive (CAE) is evaluating four potential audit engagements based on the following factors:the engagement's ability to reduce risk to the organization, the engagement's ability to save the organizationmoney, and the extent of change in the area since the last engagement. The CAE has scored theengagements for each factor from low to high, assigned points, and calculated an overall ranking. Theresults are shown below with the points in parentheses:

Risk Reduction

Cost SavingsChanges

High (3)Medium (2)Low (1)

High (3)Low (1)High (3)

Low (1)High (3)Medium (2)

Medium (2)Medium (2)High (3)

If the organization has asked the CAE to consider the cost savings factor to be twice as important as anyother factor, which engagements should the CAE pursue?

A. 1 and 2 onlyB. 1 and 3 onlyC. 2 and 4 onlyD. 3 and 4 only



QUESTION 133Which of the following is least likely to vary when conducting audit engagements in different regions of aninternational organization?

A. Application of governmental regulations to business activities.B. Work schedules and holidays of the individual regions.C. Level of workpaper documentation needed to support audit observations.D. Availability of technology and technical support.



QUESTION 134Which of the following is not likely to be included as an audit step when assessing vendor performancepolicies?

A. Determine whether agreed-upon lot sizes were sent by vendors.B. Determine whether only authorized items were received from vendors.C. Determine whether the balances owed to vendors are correct.D. Determine whether the quality of the goods purchased from the vendors has been satisfactory.


Explanation


QUESTION 135An organization has developed a large database that tracks employees, employee benefits, payrolldeductions, job classifications, and other similar information. The internal auditor reviews the retirementbenefits plan and determines that the pension and medical benefits have been changed several times inthe past ten years. The auditor wishes to determine whether there is justification to perform further auditinvestigation. The most appropriate audit procedure would be to:

A. Review the trend of overall retirement expense over the last ten years. If the retirement expenseincreased, it would indicate the need for further investigation.

B. Use generalized audit software to select a monetary-unit sample of retirement pay, and determinewhether each retired employee was paid correctly.

C. Review reasonableness of retirement pay and medical expenses on a per-person basis stratified bywhich plan was in effect when the employee retired.

D. Use generalized audit software to select an attributes sample of retirement pay, and perform detailedtesting to determine whether each person chosen was given the proper benefits.



QUESTION 136Risk assessments can vary in format, but generally include:1. A description of identified risks.2. Tests of audit controls.3. A system of rating risks.4. Sample size identification.

A. 1 and 2 onlyB. 1 and 3 onlyC. 1, 3, and 4 onlyD. 2, 3, and 4 only



QUESTION 137An internal auditor has just undertaken an organization-wide risk assessment. In identifying potential auditengagements the internal auditor should consider least:

A. Focusing on the high risk areas as sources of potential engagements.B. Focusing in areas not audited last year.C. Factoring in management requests.D. Focusing on those risks highlighted by the external auditor.



Explanation:

QUESTION 138When planning an audit engagement, what should an internal auditor first consider when assessing the riskof fraud in the area to be audited?

A. Impact of and exposure to fraud.B. Existence of evidence of fraud.C. Organizational structure.D. Management's risk appetite.



QUESTION 139Which of the following actions is related to the preliminary survey process?

A. Determining if controls are effective.B. Preparing the engagement work program.C. Identifying the current controls.D. Completing a detailed test of controls.



QUESTION 140A code of business conduct provides:

A. A fraud avoidance plan that does not explicitly describe punishments for violations.B. A passive method of fraud deterrence.C. A program to anonymously report irregularities to authorities.D. An alternative to "tone at the top" programs.



QUESTION 141The chief executive officer has requested that the chief audit executive (CAE) coordinate the establishmentof an enterprise risk management (ERM) program for the organization. Which of the following would be themost appropriate action for the CAE?

A. Accept the request as the role of coordinating ERM is a core function of internal audit.B. Decline the request as this role compromises the CAE's objectivity.C. Accept the request after consulting with the board and adhering to proper safeguards.D. Decline the request as internal audit has limited knowledge and experience of risk at the enterprise level

to undertake the assignment.



QUESTION 142Which of the following is the most common method management can use to manage risk within its riskappetite?

A. Implementation of controls.B. Use of risk registers and dashboard.C. Frequent communication of risk appetite for operating personnel.D. Continuous evaluations and audits.



QUESTION 143Which of the following is an effective way for an internal auditor to improve communications with the clientduring a contentious audit?

A. Encourage the client to participate as a partner in the decision-making process to determine thechanges that need to be made.

B. Clearly explain to the client the role of the internal audit activity in the change process.C. Obtain the support of the board of directors for proposed changes before discussing the changes with

operating management.D. Speak privately with key client personnel immediately after proposed changes are announced to

address their concerns.



QUESTION 144The chief audit executive's responsibility regarding control processes includes:

A. Assisting senior management and the audit committee in the development of an annual assessmentabout internal control.

B. Overseeing the establishment of internal control processes.C. Maintaining the organization's governance processes.D. Ensuring that the internal audit activity assesses all control processes annually.



QUESTION 145Inadequate risk assessment would have the strongest negative impact in which of the following phases of

an audit engagement?

A. Determining the scope.B. Reviewing internal controls.C. Testing.D. Evaluating findings.



QUESTION 146The best method for assessing the relative importance of risk factors is to:

A. Change the rating of the factors from a 1-3 scale to a 1-5 scale.B. Assign weights to the factors based on the comparative impact.C. List the risk factors in a priority order.D. Use data from an independent source.



QUESTION 147Which of the following audit planning activities adds the least value in understanding the current riskexposures facing the corporation?

A. Review of organizational strategic plans and operational plans.B. Consultation with senior management and the audit committee.C. Review of the external auditor's risk assessment.D. Review of corporate performance reporting and benchmarking.



QUESTION 148The internal audit activity's primary responsibility in a review or examination of the organization by anexternal regulatory body is to:

A. Verify that regulatory reviews occur with adequate frequency.B. Provide follow-up to determine if the regulator's findings are appropriately resolved by management.C. Prepare documentation for the regulator.D. Document the responses to the regulator's findings.



Explanation:

QUESTION 149Under what circumstances would internal audit not become involved when intentional misconduct issuspected?

A. Management is involved in wrongdoing.B. Management is running a parallel investigation.C. Management does not believe a trusted employee could be guilty.D. Management does not maintain strong internal controls.



QUESTION 150During a payroll audit of a large organization, an internal auditor noted that the assistant personnel directoris responsible for many aspects of the computerized payroll system, including adding new employees in thesystem; entering direct-deposit information for employees; approving and entering all payroll changes; andproviding training for system users. After discussions with the director of personnel, the auditor concludedthat the director was not comfortable dealing with information technology issues and felt obliged to supportall actions taken by the assistant director. The auditor should:

A. Continue to follow the engagement program because the engagement scope and objectives havealready been discussed with management.

B. Review the engagement program to ensure testing of direct deposits to employee bank accounts isadequately covered.

C. Recommend to the chief audit executive that a fraud investigation be started.D. Test a sample of payroll changes to ensure that they were approved by the assistant director before

being processed.



QUESTION 151The most effective procedure to verify compliance with a requirement that materials be purchased from thelowest-priced source is to compare:

A. Prices paid for selected materials with prices listed on related purchase orders.B. Bids obtained for selected purchases with related purchase orders.C. Vendors' current prices with prices listed on related purchase orders.D. Approved vendor lists with bids obtained for selected purchases.



QUESTION 152A major insurance company provides a discount on automobile insurance if the vehicle meets certain safetycriteria. Which of the following audit tests would provide an internal auditor with the best evidence that allqualifying insured automobiles are receiving the discount?

A. Compare the percentage of automobiles receiving discounts this year to that of last year.B. Ask managers whether they are aware of the discount criteria and whether they are providing the

discount to all qualifying automobiles.C. Select a sample of automobiles that are not receiving the discount and determine if they have been

properly excluded.D. Select a sample of automobiles receiving the discount and determine that the required discount criteria

are being met.



QUESTION 153Which of the following best describes the most important criteria when assigning responsibility for specifictasks required in an audit engagement?

A. Auditors must be given assignments based primarily upon their years of experience.B. All auditors assigned an audit task must have the knowledge and skills necessary to complete the task

satisfactorily.C. Tasks must be assigned to the audit team member who is most qualified to perform them.D. All audit team members must have the skills necessary to satisfactorily complete any task that will be

required in the audit engagement.



QUESTION 154Cross-referencing individual payroll time cards to personnel department records and reports would allow aninternal auditor to determine whether:

A. Individuals are bona fide employees.B. Personnel department records agree with payroll accounting records.C. Individuals were paid at the proper rates.D. Individuals were paid only for time worked.



QUESTION 155Which of the following would most likely contribute to discrepancies between receiving reports and thenumber of units in a shipment?

A. Failing to compare the quality of goods received with specifications.B. Using inadequate vendor selection procedures.C. Accepting improper authorization for purchases.D. Indicating the quantities ordered on the receiving department's copy of the purchase order.



QUESTION 156Which of the following would have the least significance in an audit of the efficiency of a driver's licensetesting facility?

A. Clerical staff administer written tests to allow examiners more time to supervise driving tests.B. Staff are cross-trained to provide backup for other areas of the facility as required.C. A point-of-sale cashiering system reduces the need to reenter payment data.D. Examiners are required to be recertified on an annual basis.



QUESTION 157A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on adirect relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditionswould an internal auditor look for as an indicator of employee theft of food from a specific store?

A. On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.B. On a sunny day, total sales are less than expected when compared to the cost of ingredients used.C. Both total sales and cost of ingredients used are greater than expected.D. Both total sales and cost of ingredients used are less than expected.



QUESTION 158An organization's policies allow buyers to authorize expenditures up to $50,000 without any other approval.Which of the following audit procedures would be most effective in determining if fraud in the form ofpayments to fictitious companies has occurred?

A. Use generalized audit software to list all purchases over $50,000 to determine whether they wereproperly approved.

B. Develop a snapshot technique to trace all transactions by suspected buyers.C. Use generalized audit software to take a random sample of all expenditures under $50,000 to determine

whether they were properly approved.D. Use generalized audit software to select a sample of paid invoices to new vendors and examine

evidence that shows that services or goods were received.



QUESTION 159Production managers for a manufacturing company are authorized to prepare emergency purchase ordersfor raw materials. These manually prepared orders do not go through the purchasing department and donot require a receiving report. The managers forward the invoice and purchase order to the accountingdepartment for payment. Which of the following internal controls would efficiently prevent abuse of thissystem?

A. Institute a company policy requiring rotation of orders among several suppliers.B. Require a manual receiving report from the warehouse prior to payment.C. Forbid the use of emergency purchase orders.D. Review the level of safety stock.



QUESTION 160Which of the following is most appropriate when conducting an interview during the course of a fraudinvestigation?

A. Schedule the interview well in advance.B. Explain the detailed purpose to the interviewee.C. Assume that the interviewee is guilty.D. Have a witness present during the interview.



QUESTION 161Which of the following types of contracts would provide the least incentive for a contractor to achieveeconomy and efficiency?

A. Lump-sum contract.B. Cost-plus contract.C. Unit-price contract.D. Indefinite delivery contract.



QUESTION 162Which of the following best describes the primary concern of the audit manager upon review ofengagement working papers of an auditor?

A. To ensure adequate control over the custody of working papers is exercised by the auditor.B. To ensure that as part of the documentation the auditor collected original documents that can

corroborate the audit findings.C. To ensure that the work papers create background for subsequent reviews.D. To ensure that the audit programs are followed by the auditor.



QUESTION 163Information gathered in a forensic investigation of business fraud is usually gathered with which of thefollowing standards in mind?

A. Generally Accepted Auditing Standards.B. Generally Accepted Accounting Principles.C. The International Professional Practices Framework.D. Legal evidence.


Explanation/Reference:Okay.

QUESTION 164The internal auditor's opinion in terms of due professional care should be:

A. Limited to the effectiveness of internal controls.B. Expressed only when consensus with top management has been achieved.C. Based on experience and free of all bias.D. Based on sufficient factual evidence.



QUESTION 165According to the Standards, which of the following describes the condition attribute when applied to theobservations and recommendations contained in the audit report?

A. The standards, measures, or expectations used in making an evaluation or verification.B. The reason for the difference between the expected state and the actual state.C. The factual evidence that the internal auditor found in the course of the examination.D. The risk or exposure the organization encounters because the actual state is not consistent with the

criteria.



QUESTION 166When determining the nature, timing, and extent of follow up, the chief audit executive considers all of thefollowing factors except:

A. Significance of the reported observation or recommendation, degree of effort, and cost needed tocorrect the reported condition.

B. Impact that may result should the corrective action fail.C. Authority and responsibility of the person required to take corrective action.D. Complexity of the corrective action and time period involved.


Explanation/Reference:actual answer.

QUESTION 167With which of the following would the internal audit activity discuss findings, conclusions andrecommendations prior to issuance of internal audit report?1. Business unit management.2. Chief audit executive.3. Audit committee.4. Chief executive officer.

A. 1 and 2 onlyB. 1 and 3 onlyC. 2 and 3 onlyD. 1, 2, 3, and 4



QUESTION 168According to the International Professional Practices Framework, which of the following statements is trueregarding the use of the statement, "Conducted in Conformance with the International Standards for theProfessional Practice of Internal Auditing," when communicating results of a seven-year-old internal auditactivity?

A. The statement may be used only when conducting international engagements.B. The statement may be used only if the results of the quality assurance and improvement program

support the statement.C. The statement may be used whether or not the internal audit department has an external quality

assessment review or an independent validation of a self assessment.D. The statement should not be used for a consulting engagement.



QUESTION 169During an engagement, an internal auditor discovered that an organization's policy on delegation ofauthority listed six individuals who were no longer employed with the organization. In addition, fourindividuals acting with disbursement authority were not identified in the policy as having such authority.Which of the following is the most effective course of action to address the control weakness?

A. Immediately initiate a complete audit of the disbursement function to determine if significant frauds have

occurred.B. Recommend that management review the process supporting the policy and make improvements.C. Advise management to add the four additional names and remove the incorrect names from the policy

to make it current.D. Review further to ensure that the four individuals do not have the appropriate authority through

delegation.


Explanation/Reference:ALL right.

QUESTION 170In which of the following cases is it appropriate for an audit report to not contain management's responseeither within the report or as an attachment?

A. Management's response to an audit report is generally not a requirement.B. Internal controls were found to be properly designed and operating effectively although operations are

deemed inefficient.C. There was insufficient time to obtain management's response during the draft reporting process.D. An internal audit report contains no observations.



QUESTION 171When performing a compliance audit of the organization's outsourced services, which of the following isconsidered the primary engagement objective?

A. Verifying that the organization does not have the appropriate knowledge and resources in-house.B. Ensuring the provider has adequate internal controls in order to protect the quality of their service.C. Evaluating the efficiency, effectiveness, economy, and sufficiency of the services provided.D. Assessing the provider's adherence to contract and regulatory requirements.


Explanation/Reference:good answer.

QUESTION 172Which of the following actions has the least influence on the chief audit executive's development of an auditplan?

A. Input from senior management and the board.B. An evaluation of the complexity of each audit engagement.C. Changes in the organizations structure or budget.D. An assessment of risk and exposures affecting the organization.



QUESTION 173Which role is not considered a change agent when an organization wants to implement structural changes?

A. Senior management.B. Line management.C. Independent consultant.D. Shareholder.



QUESTION 174Because of an abundance of high priority requests from management, an internal audit activity no longerhas the resources to meet all of its commitments contained in the annual audit plan. Which of the followingwould be the best course of action for the chief audit executive to follow?

A. Continue with the plan and seek opportunities to adjust priorities and reallocate resources.B. Present a reassessment of the plan to the board and senior management for consideration.C. Reassess the plan and either cancel or divert resources away from the lowest priority activities.D. Advise the board immediately and seek their support for additional resources to meet the needs of the

plan.



QUESTION 175Why should internal auditors develop a strong relationship with the external auditors?

A. External auditors offer an additional layer of approval to internal auditors' reports.B. External auditors can help improve the effectiveness of internal control sampling techniques.C. External auditors can offer an independent and knowledgeable viewpoint.D. External auditors can share information gained from work with similar clients.



QUESTION 176An internal auditor is planning an assurance engagement. The auditor first reviews the department'sbusiness objectives. What is the next step?

A. Review control activities.B. Evaluate potential risks.C. Establish risk management roles.

D. Set the scope of the engagement.



QUESTION 177Which characteristic of risk assessment makes it a useful tool for audit planning?

A. It provides a list of auditable activities in the organization.B. It ranks the severity of potentially adverse effects on the organization.C. It provides a process for identifying and analyzing potentially adverse effects.D. It evaluates the probability that an event or action may adversely affect the organization.



QUESTION 178An internal audit manager is supervising an engagement. A senior auditor deviates from the approvedengagement plan but meets all deadlines in the approved time schedule. Which activity is not required forthe audit manager to provide proper engagement supervision?

A. Actively participate in audit procedures.B. Ensure that all engagement objectives are met.C. Approve the deviation from the engagement plan.D. Ensure compliance with the time schedule.



QUESTION 179Which of the following statements is correct regarding the assessment of risk in the annual audit planningprocess?1. Activities requested by management should be considered higher risk than those requested by the auditcommittee.2. Activities with lower budgets can be as high risk as those with higher budgets.3. The potential financial or adverse exposure should always be considered in the assessment of risk.

A. 1 onlyB. 2 onlyC. 3 onlyD. 2 and 3 only



QUESTION 180Management has asked the internal audit activity to perform an operational audit of a division that recentlyreported an increase in expenditures in addition to a decrease in profits. However, existing internal auditresources are currently engaged in a legal compliance audit. Which factor would be considered leastimportant in deciding whether resources should be removed from the legal compliance audit to theoperational audit?

A. The increase in expenditures at the division over the past year.B. The probability that the legal compliance audit will detect fraud.C. The results of the external auditor's most recent financial audit.D. The potential for regulatory fines associated with the legal compliance audit.



QUESTION 181Given the scarcity of internal audit resources, a chief audit executive (CAE) decides not to schedule afollow-up of audit recommendations when developing engagement work schedules. Why does the CAE'sdecision violate the Standards?

A. It is not the CAE's responsibility to establish a process for a follow-up.B. Lack of resources is not a sufficient reason to forgo a follow-up.C. Follow-up actions should take priority over new engagements in scheduling.D. When resources are scarce, the follow-up can be incorporated into the next engagement.



QUESTION 182As part of a preliminary survey of the purchasing function, an internal auditor reads the department'spolicies and procedures manual and concludes that the manual describes the processing steps clearly andcontains an appropriate internal control design. The next engagement objective is to evaluate the operatingeffectiveness of internal controls. Which procedure would fulfill this objective most effectively?

A. Perform a design test.B. Perform a compliance test.C. Perform a systems test.D. Perform an efficiency test.



QUESTION 183An organization has recently incurred significant cost overruns on one of its construction projects.Management suspects that these overruns were caused by the contractor improperly charging for costsrelated to contract change orders. Which of the following procedures are appropriate for testing thissuspicion?1. Determine if the contractor has received proper approval of change orders from management.

2. Determine if the contractor has billed for original contract work cancelled by the change orders.3. Determine if the contractor has charged change orders with costs already billed to the original contract.4. Determine if the contractor has been paid for change orders that have not yet been completed.




QUESTION 184A consumer electronics company is considering acquiring a small flash memory manufacturer. An internalauditor has been assigned to determine if the manufacturer's accounts payable contain all outstandingliabilities. Which audit procedure is not relevant for this objective?

A. Verify the period of liability of subsequent cash disbursements using related supporting documentation.B. Send confirmations, including zero-balance accounts, to vendors with whom the manufacturer normally

does business.C. Trace receiving reports issued before the period end to the accounts payable list and vendor invoices.D. Verify a sample of accounts payable by using related invoices, receiving reports, and purchase orders.



QUESTION 185An internal auditor notices that a division has recorded uncharacteristically high sales and gross margins forthe past three months and now suspects the division is reporting fictitious sales. Which course of actionshould the auditor follow to determine whether fraud has occurred?

A. Trace a sample of shipping documents to related sales invoices to verify proper billing.B. Send accounts receivable balance confirmations to customers.C. Compare the division's sales and gross margins to those of the prior three-month period.D. Estimate the sales and cost of goods sold for the three-month period by using regression analysis.



QUESTION 186An audit of an organization's fulfillment department discovered that problems in the order processingsystem led to a significant number of orders being fulfilled multiple times. During the exit conference, thehead of the department informed the auditors that the processing system would be enhanced within sixmonths to correct the problems. Which course of action should the chief audit executive follow?

A. Adjust the scope of the next scheduled audit to determine that the problems have been resolved.B. Monitor the status of corrective action and schedule a follow-up engagement when appropriate.C. Meet with the audit committee to determine the appropriate follow-up action.

D. Assess the status of corrective action in a follow-up engagement in six months.



QUESTION 187When interviewing an individual in relation to a fraud investigation, which course of action should theinternal auditor follow?

A. Assure the individual that the results of the interview will remain confidential.B. Establish a rapport with the subject to encourage openness.C. Discontinue questioning once the individual has confessed to the fraud.D. Refrain from deviating from the list of questions prepared before the interview.



QUESTION 188While performing a follow-up of a concern about equipment-inventory tracking, which course of action is notnecessary for the auditor to take?

A. Ensure that the steps being taken resolve the condition disclosed by the initial finding.B. Ensure that controls have been implemented to prevent the issue from occurring again.C. Ensure that the entity has begun to experience benefits as a result of resolving the issue.D. Ensure that the inherent risk has been eliminated as a result of resolving the issue.



QUESTION 189Because of a new marketing initiative, an organization has reduced requirements for extending credit tonew customers. As a result, outstanding accounts receivable as a percentage of revenue has increasedsignificantly during the past two years. Which of the following would be least useful in monitoring thisfinding?

A. Updates from the manager of accounts receivable regarding collection of outstanding receivables.B. Updates from the information technology division regarding development of a new accounts receivable

system.C. Updates from the controller regarding the status of corrective actions.D. Updates from the credit and marketing personnel tasked with reevaluating credit policies.



QUESTION 190Which of the following tasks would be considered unusual for planning a control self-assessmentworkshop?

A. Conducting interviews to identify relevant issues for the discussion.B. Identifying key stakeholders and ensuring they are represented in the group.C. Securing an external subject matter expert to arbitrate disputes.D. Ensuring that managers are willing to accept constructive criticism.



QUESTION 191An internal auditor has been assigned to perform a quality audit on a manufacturing plant. Which course ofaction should the auditor perform first?

A. Compare the planned outputs with the actual outputs.B. Ascertain the costs of materials purchased.C. Evaluate the plant's ability to meet production quotas.D. Review the levels of scrap and rework.



QUESTION 192According to IIA guidance, which of the following are acceptable strategies for an internal audit activity (IAA)to establish or build relationships?

A. Assist executives with their administrative and governance responsibilities, and encourage all IAAmembers to develop relationships with the organization's executives.

B. Assist executives with their administrative and governance responsibilities, and ensure that allcommunications with the board are formal audit reports or preset agendas.

C. During an engagement, restrict communications with affected executives to matters pertaining to theengagement; and encourage all IAA members to develop relationships with the organization'sexecutives.

D. During an engagement, restrict communications with affected executives to matters pertaining to theengagement; and ensure that all communications with the board are formal audit reports or presetagendas.



QUESTION 193During an audit of an ethics program, which of the following procedures are most appropriate to evaluatethe effectiveness of the program?

· Testing whether corrective actions taken on involved parties breaching the ethics program are adequate.· Testing whether all employees are mandated through policy to comply with the ethics program. · Testingwhether all employees are required to confirm in writing their compliance with the ethics program.

· Testing through surveys employee's level of understanding and commitment to the ethics program.




QUESTION 194According to IIA guidance, which of the following should be considered when creating policies andprocedures for the internal audit activity (IAA)?

A. Number of auditors, complexity of audit activities, and structure of the IAA.B. Number of auditors, complexity of audit activities, and audit staff skills and competencies.C. Number of auditors, structure of the IAA, and audit staff skills and competencies.D. Complexity of audit activities, structure of the IAA, and audit staff skills and competencies.



QUESTION 195The internal audit activity of an organization obtained approval to add a senior auditor to its staff. The chiefaudit executive, audit manager, and audit supervisor each will interview the candidates. According to theStandards, which of the following best explains the involvement of management in the interview process?

A. Provides audit management with the opportunity to communicate expectations regarding ethicalbehavior standards.

B. Enables audit management to outline its quality assurance and improvement program with the seniorauditor.

C. Assists audit management in planning by more effectively allocating the senior auditor to appropriateaudits.

D. Allows audit management to explain the criteria that will be used to evaluate the senior auditor'sperformance.



QUESTION 196The chief audit executive (CAE) of an organization has established an internal audit activity (IAA) qualityassessment program. According to IIA guidance, which of the following would be part of this program?

A. Assessment of the IAA conducted independently of client feedback, and the review of individual auditsto determine the quality and timeliness of supervision.

B. Assessment of the IAA conducted independently of client feedback, and identified areas ofimprovement reviewed at the end of the year.

C. Compliance with a checklist of required audit procedures, and review of individual audits to determine

the quality and timeliness of supervision.D. Compliance with a checklist of required audit procedures, and identified areas of improvement reviewed

at the end of the year.



QUESTION 197The internal audit activity performs the following sequence of risk management activities:identification, analysis, and evaluation. According to IIA guidance, which of the following assuranceapproaches does this describe?

A. Process elements approach.B. Enterprise-wide risk management approach.C. Key principles approach.D. Maturity model approach.



QUESTION 198A chief audit executive (CAE) has decided to add an engagement to the current audit plan which willexceed available audit resources. Which of the following is the best course of action for the CAE to take?

A. Present the plan change to senior management and request additional resources before going to theboard of directors.

B. Seek approval from senior management and the board of directors for the plan change and advise themof the issue of limited resources.

C. Add this change to the plan and request senior management to indicate which other engagementshould be deleted to keep the overall plan within resource constraints.

D. Immediately seek additional resources from senior management and the board of directors to meet theneeds of the organization.



QUESTION 199While performing an audit of the human resources department, an internal auditor discovered unencryptedfiles containing the personal information of employees stored on a public shared drive. According to IIAguidance, which of the following actions by the auditor would be the most appropriate?

A. Remove the files containing the social security numbers and personal information.B. Communicate the issue to the chief audit executive as well as IT and legal departments.C. Change permissions to the shared drive to only allow access to human resources personnel.D. Immediately review the audit logs to see if anyone has accessed this information and follow-up.

Correct Answer: BSection: (none)

Explanation


QUESTION 200An auditor-in-charge is preparing her audit team for a consulting engagement at one of the organization'sforeign subsidiaries. According to the Standards, which of the following would not be a necessary step priorto beginning the engagement?


A. Verify that none of the audit team worked for the foreign subsidiary within the last year to ensureindependence.

B. Agree, in writing, with the subsidiary's senior management regarding the scope of the engagement.C. Communicate a time frame as well as a contingency plan in the event the engagement may take longer

than expected.D. Communicate what logistical support will be provided by the subsidiary for the duration of the

engagement.



QUESTION 201The chief audit executive (CAE) of a multinational entity with highly automated and complex operations hasjust completed the update of the risk-based audit plan. Interviews with management revealed theintroduction of new technology and a significant increase in both the number and severity of technology-based risk exposures. According to the International Professional Practices Framework, which of thefollowing would be the best course of action for the CAE to undertake next?

A. Develop a detailed audit plan that makes the most efficient use and reallocation of existing internal auditresources.

B. Arrange for the outsourcing of some technology intensive audit processes and procedures based on theplan changes.

C. Evaluate whether appropriate skills and knowledge required to perform the necessary audit workcurrently exist in the department.

D. Begin planning to recruit information technology audit specialists and other expert personnel into theinternal audit activity.



QUESTION 202Which of the following risks assumes an absence of compensating controls in the area being reviewed?

A. Control risk.B. Detection risk.

C. Inherent risk.D. Sampling risk.



QUESTION 203According to the Standards, which of the following objectives is not required to ensure the appropriatecompletion of an engagement?

A. Determining audit team members are coordinated to ensure the efficient execution of all engagementprocedures.

B. Confirming engagement working papers properly support the observations, recommendations andconclusions.

C. Providing structured learning opportunities for engagement auditors when and wherever possible.D. Ensuring all engagement objectives are reviewed for satisfactory achievement and properly

documented.



QUESTION 204According to the International Professional Practices Framework, which of the following is not an objectiveof the exit conference?

A. Receive client feedback and clarification.B. Review audit recommendations.C. Plan future engagements.D. Resolve disagreements.



QUESTION 205Which of the following would most likely include recommendations for process improvements? · Duediligence engagement.· Forensic investigation.· Internal audit engagement.· Consulting engagement.

A. 1, 2, and 3 onlyB. 1, 2, and 4 onlyC. 1, 3, and 4 onlyD. 2, 3, and 4 only

Correct Answer: DSection: (none)

Explanation


QUESTION 206According to the Standards, which of the following best describes the responsibility of the chief auditexecutive (CAE) for approving the final engagement report? · The CAE is responsible for obtainingmanagement approval before issuing the final report. · The CAE has overall responsibility for the report butcan delegate the review and approval of the report.· The CAE is responsible for obtaining senior management's approval before releasing the final report. ·The CAE is responsible for approving to whom and how the final report will be disseminated.




QUESTION 207A report prepared by the internal audit activity contains several observations that disclose proprietaryinformation regarding the organization's manufacturing process. According to the International ProfessionalPractices Framework, which of the following is the appropriate treatment for this report?

A. Distribute the report only to the board to protect disclosure.B. Disclose and distribute this information in a separate report.C. Remove the observations and report verbally to senior management.D. Require a separate non-disclosure statement from each recipient.



QUESTION 208According to the International Professional Practices Framework, the internal audit activity's decision todefer follow-up of recommendations and management's corrective actions until the next scheduledengagement for the area is justified when:

A. The reported findings or recommendations are significant enough to require immediate action bymanagement.

B. The action taken by management to address the recommendation is sufficient when weighed againstthe importance of the finding.

C. Management has adequately understood and appropriately accepted the risk of not taking action toimplement the recommendation.

D. The significance of the finding or recommendation will allow auditors to perform monitoring by receivingperiodic updates from management on corrective actions taken.



Explanation:

QUESTION 209Which of the following conditions should a chief audit executive take into account when deciding if a follow-up audit engagement is necessary?· The reported observations were significant and high risk. · Internal audit resources and the time it willrequire for follow-up. · Management may not have the resources to take action. · Management haspreviously decided not to take any action.




QUESTION 210According to the Standards, which of the following would least likely be considered a red flag whenevaluating the risk for fraud?

A. Cash receipts appear to be lower than expected from an employee's cash drawer.B. Health benefits are detected to be claimed for a deceased employee.C. An employee did not approve an internal report detailing expenses for the month.D. It is alleged that an employee is receiving vendor kickbacks.



QUESTION 211A payroll clerk enters payroll transactions into the general ledger. The staff accountant reconciles thepayroll ledgers. The payroll manager issues the manual payroll checks. The checks are maintained in alocked cabinet. The chief financial officer secures the keys to the cabinet. The payroll clerk distributes themanual checks.

The payroll manager reconciles the bank statements monthly. Which of the following audit steps bestaddresses the risk of fraud in the payroll process?

A. Examine whether the payroll manager approves the reconciliations of ledgers.B. Determine whether an approved list of voided checks exists.C. Determine whether the cabinet keys are secured properly.D. Vouch a sample of items on bank reconciliations to supporting documentation.



QUESTION 212According to the International Professional Practices Framework, which of the following situations is anindicator of a healthy relationship between the audit committee and the internal audit function?

A. The chief audit executive (CAE) has direct access to the audit committee and the board but typicallydoes not interact directly with them unless a material weakness in the control environment is identified.

B. The CAE sends the audit committee all communications between the internal audit department and theaudit client in order to keep the audit committee up to date on the engagement.

C. The CAE does not distribute audit reports to the audit committee. However, the audit committee ismade aware of the scope and findings of audits performed.

D. Whenever a potential audit finding or testing exception is first identified, the audit committee isimmediately notified, as well as for any subsequent changes in the status of the engagement.



QUESTION 213An internal auditor has been asked to participate in an advisory capacity to assist a committee inredesigning the organization's current financial reports to provide better information to management and theboard. Which of the following actions on the part of the auditor would provide the greatest value to thisproject?

A. The internal auditor has a set of generic report templates from a former project and presents them tothe group because they worked so well for the previous employer.

B. The internal auditor interviews each stakeholder and documents the requirements and preferences ofeach and creates a report template that meets as many of the requirements and preferences aspossible.

C. The internal auditor gathers the stakeholder group and holds a brainstorming session where theygenerate report requirements and preferences and then rank them in order of importance.

D. The internal auditor undertakes a project to gather report templates and formats from otherorganizations in the same line of business and presents them all to the group for review.



QUESTION 214The internal audit activity of an investment company received a request to provide assurance on the riskmanagement process. Preliminary discussion with senior management revealed that separate functionswithin the organization perform some form of risk management activities. Which of the following is the mosteffective tool for ensuring that risk management activities are coordinated among these functions?

A. Delphi technique.B. Assurance map.C. Facilitated workshop.D. Analytical reviews.



QUESTION 215The chief audit executive (CAE) is adding a new audit position to the team. According to the InternationalProfessional Practices Framework, which of the following candidates would the CAE be least likely to

accept for the position?

A. The candidate is applying for an IT audit position, while originally coming from an IT background, buthas only experiences of financial and compliance audits in the previous position.

B. The candidate is knowledgeable about potential indicators of fraud including typical risks, but has onlyparticipated as a staff auditor in one investigative fraud audit.

C. The candidate meets the minimum educational requirements established by the chief audit executive,but has less formal education than any of the other candidates being considered.

D. The candidate provides examples of previous reports demonstrating excellent writing skills, but lacksability to clearly communicate ideas and conclusions in a meeting.



QUESTION 216According to IIA guidance, which of the following are potential benefits of using an assurance map?

A. Indication of any gaps in assurance coverage, and improved relevance of assurance recommendations.B. Identification of duplicate or overlapping assurance activities, and improved relevance of assurance

recommendations.C. Indication of gaps in assurance coverage, and enhanced effectiveness of assurance providers.D. Enhanced effectiveness of assurance providers, and improved relevance of assurance

recommendations.



QUESTION 217Which of the following events would most likely cause the chief audit executive to consider changing thecurrent year's audit plan?

The government announced that new regulatory requirements will be introduced in the coming years whichmay significantly impact the organization's primary product. A major competitor unexpectedly introduced anew model at a lower price point to compete with the organization's market leading product.The organization announced a new joint venture with a long time corporate partner to introduce a newproduct with development costs and sales beginning next fiscal year. An equal joint venture partner filed alawsuit against the organization and requested that the court issue an immediate suspension of futureproduct shipments.




QUESTION 218Which of the following statements is true?

A. Consulting engagements provide the internal audit activity with flexibility to add value and do not need tobe included in the long-range audit plan.

B. The internal audit activity's plan of engagments must be based on a formal quantitative riskassessment.

C. The chief audit executive should consider changes to the long-range audit plan based on the requestsof business unit managers.

D. A risk assessment on which to base the internal audit activity's long-range plan must be undertaken atleast once every three years.



QUESTION 219In performance auditing, which of the following must first be determined by the internal auditor?

A. Which key performance indicators are in use.B. Management's objectives for the process.C. Whether management controls are appropriate.D. Determination that appropriate benchmarks are in place.



QUESTION 220According to the Standards, which of the following best describes what must be agreed upon to establishan understanding with clients prior to starting a consulting engagement?

A. The engagement objectives, access to clients records, and expectations.B. The engagement objectives, scope, and time frame to complete the engagement.C. The engagement scope, opportunities for making significant improvements, and client expectations.D. The engagement objectives, scope, respective responsibilities, and other client expectations.



QUESTION 221An airline contracted with an external service provider to perform maintenance on all aircraft ground supportequipment. Management then asked the internal audit activity (IAA) to evaluate the controls in place thatwould permit appropriate oversight of the service provider in maintaining required maintenance standards.

According to the International Professional Practices Framework, which of the following would be the mostappropriate course of action for the IAA to undertake to establish the engagement objectives?

A. Develop a draft audit plan and create an appropriate scope and resource schedule.B. Develop a preliminary audit program and obtain senior management's approval.C. Conduct a preliminary assessment of the risks associated with the maintenance contract.D. Obtain a copy of the maintenance contract and review the contract for pricing discrepancies.



QUESTION 222According to the International Professional Practices Framework, which of the following would not beconsidered when performing an initial risk assessment in engagement planning?

A. The reliability of management's assessment of risk.B. Management's process for monitoring, reporting, and resolving risk issues.C. Management's methodology for defining risk criteria.D. Risks in related activities relevant to the activity under review.



QUESTION 223According to IIA guidance, which of the following strategies would be the least effective in helping a chiefaudit executive build a stronger relationship with the board?

A. Consider formality and tone of communications to ensure they are appropriate.B. Minimize instances of ad hoc communications with board members.C. Consider the possible repercussions created by commentary on deficiencies.D. Avoid making presumptuous comments without sufficient facts.



QUESTION 224The chief audit executive established an internal audit activity (IAA) performance standard requiring all auditreports to be issued within 48 hours of the exit meeting with the client. Which of the following describes anexit meeting strategy that would best help the IAA meet this performance standard?

A. The objective of the exit meeting is to reach agreement on audit observations.B. The objective of the exit meeting is to solicit action plans for audit observations.C. The objective of the exit meeting is to confirm final details of fieldwork.D. The objective of the exit meeting is to confirm understanding of audit results



QUESTION 225Which of the following would not include recommendations for process improvements?

A. Due diligence engagement.B. Forensic investigation.C. Internal audit engagement.D. Consulting engagement.



QUESTION 226When approving the final engagement report, which of the following is most critical?

A. Opinions are adequately supported.B. Conclusions are reached for all objectives.C. Report is distributed to appropriate parties.D. Report is clear and concise.



QUESTION 227According to the Standards, which of the following would have the least direct interest in the draft report of acompliance review of the purchasing function?

A. Purchasing staff.B. Purchasing manager.C. Director of finance.D. Audit committee.



QUESTION 228The chief audit executive (CAE) notes during review of the final report of an assurance engagement thatmanagement has decided to accept the risks of two significant exposures identified by the audit. Which ofthe following actions by the CAE would be least prudent in these circumstances?

A. Implement follow-up procedures to monitor the potential impact of those risks.B. Review the working papers and conclusions as to the perceived residual risk.C. Meet with senior management to consider their reasoning for the decision.D. Meet with the auditor-in-charge to review the conclusions.



QUESTION 229According to the International Professional Practices Framework, which of the following is correct regardingconducting and reporting follow-up activities by the internal audit activity (IAA)?

A. Due to management changes, the IAA is advised by management that no further work will be done.Further follow-up work is not required as management has accepted the related risk.

B. A newly appointed auditor immediately proceeds to conduct follow-up testing based on previous workperformed for the engagement and then reports the results to the chief audit executive (CAE).

C. Management has stopped implementing several key recommendations citing a growing disagreementwith their effectiveness. The auditor communicates the situation to the CAE who then escalates thematter to senior management.

D. In situations where the identified risk may have a significant impact to the business and seniormanagement has accepted the risk, it is not necessary for the CAE to inform the board of the decision.



QUESTION 230An internal auditor compares real-time gasoline production data to corresponding final gasoline productionreports and finds minor but consistent daily discrepancies. If the auditor is concerned about theft, which ofthe following next steps is most consistent with IIA guidance?

A. Reconcile online data and the final production reports to gasoline sales reports.B. Contact security personnel as evidence suggests gasoline is being stolen from production premises.C. Confront the production manager and ask her to explain the differences between real-time and reported

data.D. Review the processes used to collect the production data and to compile the final production reports.



QUESTION 231According to IIA guidance, which of the following is the least appropriate role for the internal audit activity inthe organization's risk management program?

A. Conducting full investigations of suspected fraud.B. Monitoring the organization's whistle-blower hotline.C. Assessing the risk of fraudulent activity in the organization.D. Providing ethics training sessions to organization staff.



QUESTION 232An organization decides to create an internal audit function and hires a new chief audit executive (CAE).Which of the following should the CAE first consider when developing the internal audit process?

A. Requirements of the external auditors to ensure an efficient coordination of audit effort.B. Sufficient resources to adequately meet the needs of the annual audit plan.C. Alignment of internal audit objectives with the organization's strategic plan.D. An appropriate training plan for audit staff.



QUESTION 233Which of the following is not true regarding the management of internal audit resources?

A. A minimum level of information technology knowledge is necessary.B. The adequacy of internal audit resources is ultimately a board responsibility.C. Resources include external service providers and computer-assisted audit techniques.D. Skills availability must be aligned with financial constraints.



QUESTION 234An organization has an opening for an entry-level internal audit position. When interviewing for the position,which of the following is the least important skill for an entry-level internal auditor?

A. Conflict resolution skills.B. Communication skills.C. Time management skills.D. Interpersonal skills.



QUESTION 235During a consulting engagement, an internal auditor identifies new risks which will impact the scope andsufficiency of the engagement audit plan. According to the Standards, the internal auditor should:

A. Discuss the potential impact on the scope with the client.B. Modify the scope to incorporate the new risks and continue the engagement.C. End the engagement, as the audit scope is no longer sufficient to meet the audit objective.D. Continue the engagement but highlight the impacts on the audit scope in the final report.



QUESTION 236When establishing the internal audit activity's annual plan, which of the following would be the best sourceof potential audit engagement topics?

A. The organization's budget.B. Operations involving cash transactions.C. Recent changes in management objectives.D. Risk factors utilized in the organization's risk models.



QUESTION 237Which of the following would be included in an internal audit department's quality assurance andimprovement program?1. Ongoing internal assessments of the performance of the internal audit department.2. Periodic internal reviews through self-assessments.3. Assessments conducted by a qualified external reviewer at least once every five years.

A. 1 onlyB. 1 and 2 onlyC. 2 and 3 onlyD. 1, 2, and 3



QUESTION 238Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailedaudit work begins?

A. The objectives of the audit should be set.B. The organization's management should be informed about the work to be performed.C. Attention should be devoted toward the key audit areas.D. The timing of the audit should be set.



QUESTION 239When determining if appropriate resources exist to achieve engagement objectives, which of the followingfactors should a chief audit executive consider?1. Nature and complexity of the audit engagement.2. Time constraints.3. Effectiveness of the audit committee.4. Availability of resources for the engagement.

A. 1 and 2 only

B. 1, 2, and 3 onlyC. 1, 2, and 4 onlyD. 1, 3, and 4 only



QUESTION 240Which of the following is true regarding roles and responsibilities in risk management processes?

A. Setting strategic direction resides with senior management.B. Ownership of risks resides with the board.C. Acceptance of residual risk resides with executive management level.D. Identifying, assessing, mitigating and monitoring activities on a continuous basis rests with the internal

audit activity.



QUESTION 241While preparing the annual audit plan, the newly assigned chief audit executive (CAE) learns that theorganization has not yet implemented a risk framework. Which of the following would be the mostappropriate action for the CAE to take regarding potential engagements?

A. Prioritize the engagements that were not done in previous years and schedule them for the upcomingyear.

B. Consult with senior management and the board and make adjustments regarding risk.C. Review all outstanding recommendations from prior audit engagements and focus on them in the

upcoming year.D. Use the previous three-year audit plan to extrapolate potential engagements for the upcoming year's

schedule of engagement.



QUESTION 242Which of the following would be the most important reason for the chief audit executive (CAE) to use inputsfrom management strategy to update the audit universe?

A. The audit charter requires the CAE to update the audit universe before embarking on the selection ofpotential audit engagements.

B. The CAE wants to consider the organization's strategic plan including attitude toward risk and thedegree of difficulty to achieving planned objectives.

C. The CAE wants to cover management planned activities for the upcoming year in the audit plan.D. The CAE wants to determine internal audit resourcing requirements to cover the organization's major

processes and activities over time.

Correct Answer: B



QUESTION 243Management requested the chief audit executive (CAE) to include an audit of the organization's health andsafety program in next year's annual audit plan. However, the internal audit department has no expertise inthis area. Which of the following would be the most appropriate action by the CAE?

A. With management's agreement, amend the scope of the audit to ensure that areas examined do notrequire specialized knowledge and expertise.

B. Meet with management to explain that the audit cannot be undertaken and discuss alternative strategiesthat can be implemented until internal audit can develop its capability in the area.

C. Accept the request provided management has conducted a thorough risk assessment prior to theengagement to help guide the audit.

D. Advise management that compliance audits of this type should only be conducted by the correspondingregulatory agency to ensure independence.



QUESTION 244While developing a risk based audit plan, which of the following sources of information would provide theleast value to the chief audit executive?

A. Results from the organization's business process management program.B. User acceptance testing of the organization's enterprise resource planning application.C. Risk assessments conducted by the board.D. Key business strategies adopted by the organization in the strategic plan.



QUESTION 245An organization has a large number of vendors supplying goods to its various branches across the region.The code of conduct statements signed by the employees specify that the employees or their families willnot sell goods to the organization. However, during the internal audit of a branch, the internal auditorsuspected that some of the employees may be supplying goods to the organization contrary to the code ofconduct. The chief audit executive has requested that a thorough review be completed to identify thepotential employee vendors. Of the following tests, it would be least useful to compare [List A] with [List B].

[List A][List B]

A. Vendor bank account numbersEmployee bank account numbersB. Dates of payments to vendorsDates of salary payments to employeesC. Addresses of vendors from the vendor databaseAddresses of employees from the employee databaseD

.Vendor namesEmployee names


Explanation


QUESTION 246Which of the following is correct with respect to roles within an enterprise-wide risk management process?1. The board provides oversight to the risk management process.2. Executive management owns the risk management framework.3. Senior management is assigned ownership of risks.4. Internal audit modifies the risk assessment determined by management.

A. 1 and 2 onlyB. 3 and 4 onlyC. 1, 2, and 3 onlyD. 1, 2, 3, and 4



QUESTION 247According to the Standards, which of the following is applicable to the internal audit activity's qualityassurance and improvement program?

A. Periodic monitoring of the internal audit activity should be done.B. All aspects of the internal audit activity should be evaluated.C. An external assessment should be obtained every three years.D. The review of assurance services should be the primary focus.



QUESTION 248During the planning phase of an audit of the treasury function, an internal auditor conducted a riskassessment of the function in order to:

A. Report any high-risk exposures of the treasury function to management and the board.B. Determine whether appropriate resources are present to carry out the treasury function.C. Comply with the internal audit charter and applicable regulatory requirements.D. Identify areas of the treasury function that should be considered for potential engagement objectives.



QUESTION 249Ordinarily, which of the following would not be an objective of an internal audit quality assurance review?

A. Ensuring that the internal audit activity meets the external auditor's expectations.

B. Ensuring that the internal audit activity has an audit charter approved by the board of directors.C. Complying with specific standards for the professional practice of internal auditing.D. Ensuring the adequacy of the goals, mission and vision of the internal audit activity.



QUESTION 250An organization has adopted an enterprise-wide risk management process and has appointed a chief riskofficer (CRO) to manage the process. The board has requested that the audit committee have oversightover the risk management function. Which of the following statements is not true regarding this situation?

A. The audit committee should get assurance on the adequacy and effectiveness of the risk managementprocess from the CRO.

B. The chief audit executive has the mandate to conduct risk assessments and give assurance to the auditcommittee.

C. The audit committee, on behalf of the board, has overall responsibility for the risk management processin the organization.

D. Senior management is accountable to the board for monitoring the system of internal controls.



QUESTION 251Which of the following are key characteristics of enterprise risk management?1. It considers risk in the formulation of strategy.2. It applies risk management in some units of an entity.3. It takes a portfolio view of risks throughout the enterprise.4. It restricts the organization's ability to seize opportunities inherent in future events.




QUESTION 252Due to the expanded role of internal audit in the organization, the chief audit executive (CAE) of aconstruction company decides to employ the services of an outsourced audit service provider to augmentthe internal audit staff. What does the CAE need to consider in determining whether the outsourced auditservice provider possesses the necessary knowledge, skills and other competencies to perform an auditengagement?

A. Specific matters expected to be covered in the engagement communications.B. The financial interest that the external service provider may have in the organization.C. The extent of other ongoing services the external service provider may be performing for the

organization.D. The reputation of the external service provider.



QUESTION 253Which of the following would be an appropriate role of the internal audit function?

A. Determine the consequences for ethics violations.B. Be responsible for the management of a whistle blowing hotline.C. Establish the ethics policies for the organization.D. Evaluate the effectiveness of the organization's ethics-related activities.



QUESTION 254Which of the following is a preventive control strategy against fraud?

A. Performing a surprise audit.B. Maintaining a whistleblower hotline.C. Implementing control self-assessment.D. Performing background checks on employees.



QUESTION 255An internal auditor is reviewing purchases made through the organization's corporate credit card program.Which of the following statements best describes a root cause of a deficiency?

A. A personal computer was purchased from a non-approved vendor.B. Company policy limits card use to $500 per transaction.C. A control to detect split purchases has not been activated in the credit card system.D. Sample testing found 10% non-compliance with the organization's business travel policy.



QUESTION 256According to the International Professional Practices Framework, which of the following should be excludedfrom a final communication for a performance audit engagement?

A. Recommendations and conclusions.B. The internal auditor's unbiased opinion.C. Timely and relevant information.D. Legal opinions related to illegal acts.



QUESTION 257In response to an audit finding, senior management informed the auditor that the issue would beinvestigated and resolved when time permitted. According to the International Professional PracticesFramework, this action was not acceptable because:

A. The appropriate level of management was not involved in the review and resolution of the issue.B. Responses should include sufficient information to evaluate the adequacy and timeliness of corrective

action.C. The board had not reviewed management's responses to the engagement observations and

recommendations.D. Other departments should have been contacted to determine if they shared responsibility for corrective

action.



QUESTION 258Which of the following tasks is typically performed in the analysis phase of a benchmarking consultingengagement?

A. Identifying business capabilities.B. Developing data collection tools.C. Determining benchmarked process attributes.D. Determining sample size.



QUESTION 259Which of the following should be included in the scope of an audit of a third-party contractor?1. Budgets and financial forecasts for the project.2. Contractor's information and control systems.3. Contractor's financial position.4. Progress of the project and costs incurred.

A. 1 and 4 onlyB. 1, 2, and 3 onlyC. 2, 3, and 4 onlyD. 1, 2, 3, and 4



QUESTION 260Which of the following controls in a computerized consumer loan system of a major bank would be the leasteffective in detecting a fraudulent loan?

A. All log-in accounts become inaccessible after three incorrect password attempts.B. Loan approvals over a pre-determined limit must have management approval.C. Customer information is matched to payment data prior to funds disbursement.D. System controls prevent supervisors from delegating their approval authority during vacation periods.



QUESTION 261According to the International Professional Practices Framework, the responsibility for establishing andmaintaining a system to monitor the disposition of results communicated to management falls upon:

A. Compliance officer.B. Chief audit executive.C. Senior management.D. Risk manager.



QUESTION 262Controls are implemented to:

A. Eliminate risk and reduce the potential for loss.B. Mitigate risk and eliminate the potential for loss.C. Mitigate risk and reduce the potential for loss.D. Eliminate risk and eliminate potential for loss.



QUESTION 263According to the Standards, which of the following should be the basis for scheduling follow-up ofengagement recommendations?

A. The follow-up manual procedures.B. The internal audit charter.

C. The agreement made between internal auditors and management.D. The risks and exposures involved.



QUESTION 264Which of the following would be a legitimate action for the internal auditor to take when monitoring auditengagement results?1. Disregard a certain risk because management and the board accepted the risk in the past.2. Abdicate the responsibility for a particular risk because it is not part of the audit plan.3. Obtain agreement from senior management that unresolved audit issues will be reported to the board.Request corrective action from management in writing.

A. 1 and 3 onlyB. 2 and 3 onlyC. 3 and 4 onlyD. 1, 2, and 4 only



QUESTION 265Which of the following statements is not true about the oversight and review of working papers by the chiefaudit executive (CAE)?

A. The CAE has ultimate responsibility for reviewing working papers and remains accountable for theachievement of objectives and the quality of work.

B. The need for CAE review depends on the proficiency and experience of the internal auditor and thecomplexity of the task.

C. The CAE is responsible for all significant professional judgments made during the audit process andshould therefore personally review working papers to ensure conclusions were professionally arrived at.

D. The CAE, although having overall responsibility for reviewing work completed, can delegate such task toappropriately experienced internal audit staff.



QUESTION 266The chief audit executive (CAE) notes that management has adopted the option of not taking action on anaudit issue involving a sizeable risk which has been accepted in the past. Which would be an appropriateaction by the CAE?

A. Close the issue by noting that follow-up will be completed as part of the next engagement.B. Discuss the matter with management to determine a resolution.C. Accept management's decision as the same risk has been accepted in the past.D. Report the situation to the board for immediate resolution.



QUESTION 267Which of the following is a preventive control for fraud?


A. Determining if the number of manually prepared disbursement checks is high.B. Reconciling the purchase orders with the requisitions.C. Verifying that new vendors appear on the vendor pre-approved list.D. Conducting an inventory count of the warehouse.



QUESTION 268The chief audit executive (CAE) decided that based on management's oral response, the action taken onan audit observation for a minor improvement in the client's process is sufficient and no further follow- up isnecessary. Which of the following would be the best statement regarding the action of the CAE?

A. The CAE action is not acceptable, as a follow-up audit is needed to ensure that action is really taken bymanagement.

B. The CAE action is not acceptable, as follow-up on the issue is critical until a written response isobtained from management.

C. The CAE action is acceptable as long as the follow-up is sufficient when weighed against the relativeimportance of the recommendation.

D. The CAE action is acceptable as long as the issue has been escalated to the board to get their positionon the issue.



QUESTION 269Which two of the following considerations must an internal auditor take into account while planning an auditof an accounting system/application that has been in use for the last five years? · The level and manner oflinkages between the business' mission, objectives, and structure and the accounting system/application.· Presence or absence of computerized and manual controls that address risks. · Identification of risks atthe application level, e.g. availability and security of the system. · Testing of the system/application for bugsand errors.

A. 1 and 3 onlyB. 2 and 3 only

C. 2 and 4 onlyD. 3 and 4 only



QUESTION 270The following audit observation was included in the final audit report:"Our review concluded that bank reconciliation statements for March and April did not show evidence ofsupervisory review. We recommend strict compliance with the controller's manual, which requires thedepartment head to place their initials on the reconciliation statements to document their review."

Which of the following attributes are missing from the above audit observation?1. Criteria.2. Condition.3. Cause.4. Effect.

A. 1 and 4 onlyB. 2 and 3 onlyC. 1, 3, and 4 onlyD. 3 and 4 only



QUESTION 271If the chief audit executive believes that senior management has accepted a level of residual risk that isunacceptable to the organization, they should:

A. Accept the decision of senior management as they are ultimately responsible for risk management.B. Report the concern directly to the board.C. Discuss the concern with management and if not resolved, escalate it to the board.D. Disclose the issue in the audit report when auditing the area where the risk was identified.



QUESTION 272During an engagement the internal auditors reported that the organization was paying suppliers withoutreceiving the merchandise. Management responded that it would immediately establish the use of receivingreports. As part of the follow-up activity, which of the following procedures would be the most appropriate indetermining that management action was implemented?

A. Ask management if the new policy related to the receiving reports is in place.B. Select a sample of receiving reports and determine if payments were made.C. Interview warehouse employees to ascertain adherence to new policy.D. Select a sample of payments and determine if a receiving report exists.


Explanation/Reference:appropriate answer.

QUESTION 273According to the Standards, which of the following is an attribute when applied to the observations andrecommendations contained in the audit report?

A. Client accomplishments.B. Effect.C. Supportive information.D. Scope statements.


Explanation/Reference:answer is confirmed.

QUESTION 274An internal auditor was assigned to conduct an inventory control and stock room area engagement. Duringthe audit, the auditor observed that there were some items that have a shelf life expiration date requirementbased on a certificate of conformance received with the product. The certificates of conformance are kepton file in the inventory area office and the expiration date is verified at the time the item is taken from stock.The auditor reviewed the items in the stock room and also on the production floor for the expiration dates tosee if there was any expired product. All items with a shelf life requirement were found to be within theexpiration date requirement. Which of the following recommendations would be appropriate?

A. Take no action, because all the items were within the expiration date requirement, and no correctiveaction is needed.

B. Permit production staff the access to files where the certificates of conformity are kept, so they canchoose the items with the closest expiration date.

C. Determine the cost of inventory for the items that have a shelf life and apply a new policy regardinginventory levels to be maintained (i.e., minimums, maximums, reorder points etc.).

D. Add to the product label a "use by date" line, enter the expiration at the time of receipt, and performperiodic inventory checks.


Explanation/Reference:answer is complete.

QUESTION 275In addition to the internal auditor, which of the following parties should be present at an exit or closingconference?1. Audit committee members.2. The external auditor.3. The management responsible for the areas covered by the engagement.4. The chief executive officer.

A. 2 onlyB. 3 onlyC. 3 and 4 onlyD. 1, 3, and 4 only


Explanation/Reference:well defined answer.

QUESTION 276Reviewing internal audit report drafts with clients is:1. Required according to the Standards.2. A form of courtesy.3. Ethically mandated.4. A form of validation.




QUESTION 277Which of the following is an advantage to using the questionnaire approach when conducting risk andcontrol self assessments?

A. Responses can easily be quantified and analyzed.B. Follow-up for clarification is efficient.C. It is educational for participants.D. It allows for in-depth probing of issues.



QUESTION 278Which of the following documents should the chief audit executive review and approve?1. Workpaper retention policy.2. Audit committee meeting minutes.3. Internal audit handbook.4. Quarterly financial statements.

A. 1 and 2 onlyB. 1 and 3 onlyC. 2 and 4 onlyD. 1, 3, and 4 only



Explanation:

QUESTION 279Which of the following topics must the internal audit staff discuss with management during the exitconference?1. Issues identified during the audit.2. Evaluation criteria used to select controls for testing.3. Staff who were interviewed during the audit.4. The reporting process for the draft and final report.




QUESTION 280A manufacturing organization is considering a merger with a similar firm, and requests that the chief auditexecutive (CAE) perform a due diligence audit. During the preliminary survey, the CAE notes that inventorymanagement is a high risk area. In consultation with the external auditors and legal advisors, the CAElearns that they share those concerns. Which of the following is the CAE's best course of action?

A. Perform an independent audit of the merging firm's inventory management practices to verify theconcerns and to provide relevant and reliable results to management for their consideration and action.

B. Advise management that internal audit, external audit, and legal advisors all have concerns aboutinventory management and, given the high materiality of inventory, management should not proceedwith the merger.

C. Coordinate a review of inventory management with external auditors and legal advisors and ensureeach group focuses on their area of expertise to ascertain the extent of the problems, if any.

D. Coordinate with the merging firm's internal audit department to better understand the inventorymanagement function and whether the concerns are well-founded.



QUESTION 281The chief audit executive (CAE) manages a large internal audit activity (IAA) reporting functionally to theaudit committee and administratively to the chief risk officer. During the CAE's recent unplanned medicalleave, several internal audit reports were completed and waiting for CAE approval, however, no formaldelegation of authority was in place to anticipate this situation. In order to preserve the independence of theIAA, which of the following would be the most appropriate individual to review and approve these reportsduring the CAE's absence?

A. External auditor.B. Chief risk officer.C. Engagement lead auditor.D. Audit committee chair.



QUESTION 282During the audit of a large decentralized supply chain function, the chief audit executive (CAE) receivesserious allegations of fraud concerning the vice president responsible for this function. The CAE engages athird party to provide forensic audit services and lead the investigation portion of the engagement. As partof this team, which of the following would be an appropriate role for the investigator?1. Authenticate the original approval signatures on contracts.2. Interview personnel to understand the supply chain processes.3. Provide certified copies of relevant original documents for the audit file.4. Identify variances in pixels on original electronic documents.




QUESTION 283The chief audit executive (CAE) of a new organization is in the process of determining the manner in whichaudit reports will be distributed and to whom. According to the Standards, which of the following is the mostappropriate course of action for the CAE to take to develop this distribution process?

A. The process should be determined in meetings with the external auditor and senior management toensure alignment with external reporting.

B. The CAE should meet with senior management for their input, but finalize the distribution of all reportswith the board.

C. The CAE should independently implement the report distribution, using best judgment to ensure that allrelevant stakeholders are informed.

D. The CAE should request that senior management and the board meet to determine the mostappropriate reporting method.



QUESTION 284An organization has acquired a new line of business. None of the organization's internal auditors have therequired expertise to perform an internal audit of the new business line; therefore, the chief audit executive(CAE) has contracted the services of an external audit firm to perform the engagement. The CAE hasassigned a member of the internal audit team to assist the external team with the engagement. Accordingto the Standards, which of the following statements is true regarding supervision of the engagement?

A. The CAE may rely upon the external firm's auditor in charge to supervise the engagement.B. The external firm's auditor in charge must defer to the judgment of the CAE for any disputes.C. The CAE is not responsible for the quality of an audit performed by an external firm.D. The CAE should not assign an inexperienced staff member to assist with the engagement.


Explanation


QUESTION 285An organization does not have a formal risk management function. According to the Standards, which ofthe following are conditions where the internal audit activity (IAA) may provide risk management consulting?1. There is a clear strategy and timeline to migrate risk management responsibility back to management.2. The IAA has the final approval on any risk management decisions.3. The IAA does not give objective assurance on any part of the risk management framework for which it isresponsible.4. The nature of services provided to the organization is documented in the internal audit charter.




QUESTION 286Which of the following statements regarding the use of external contracted services by the chief auditexecutive (CAE) is false?

A. The CAE's responsibility is not impaired by engaging an external expert.B. The external expert could have a prior relationship with the audit client.C. The audit report should not disclose the use of contracted services.D. The expert should be directed by the objectives and scope of work.



QUESTION 287The internal auditor is asked to conduct an investigation involving a suspected fraud. According to theStandards, which of the following statements regarding the investigation process is false?

A. The auditor should use anonymous surveys of coworkers to assess the character and behavior of thesuspect.

B. The auditor must give consideration to the risk of unidentified co-conspirators whether indications existor not.

C. The auditor should not limit the collection of information by prejudging its relevance to the investigation.D. The auditor must consider the risk that audit procedures may inadvertently violate the rights of the

suspect.



QUESTION 288According to the Standards, which of the following control strategies would be the most effective in helpingto prevent fraud?

A. Have employees annually sign a code of conduct requiring that they report any known violations.B. Implement a whistleblower hotline where individuals can make anonymous phone calls to report

fraudulent activities.C. Provide periodic fraud awareness training to employees and test their understanding of the training

through online surveys.D. Conduct routine employee surveys to solicit their knowledge of fraud and unethical behavior within the

organization.



QUESTION 289An internal auditor is conducting an assessment of the organization's fraud controls. Which of the followingwould not be considered a preventive control?1. Daily report that identifies unsuccessful system log-in attempts.2. Weekly management communication with tips on identifying possible fraud.3. E-mail alert sent to management for checks issued over $100,000.00.4. New hire training to explain fraud and employee misconduct.




QUESTION 290Which of the following is the least relevant when preparing the internal audit activity's annual engagementplan?

A. Senior management's requests for internal audit engagements.B. A rotation of internal audit engagements selected on a time basis.C. The organization's current risk priority and exposure.D. Coordination with the audit plans of the external auditor.



QUESTION 291Which of the following statements is true?

A. If management chooses not to take action on internal audit's assurance engagement observation, thechief audit executive (CAE) has a responsibility to propose an action plan to the board.

B. Internal audit's responsibility for an assurance engagement observation ends when managementimplements changes to remediate the observation.

C. When management decides to accept the risk of not taking action on an assurance observation, the(CAE) is responsible for judging whether or not that decision is prudent.

D. An assurance engagement observation is considered remediated when management's corrective actionplan is approved by the board.



QUESTION 292An audit engagement objective at a manufacturer is to determine the quality of raw materials purchased.Which of the following actions would best enable an internal auditor to satisfy this objective?

A. Analyze the provision for sales allowances.B. Analyze the percentage of scrap incurred during production.C. Research the rationale for customer returns.D. Evaluate the volume and characteristics of products rejected during processing.



QUESTION 293Which of the following statements is true regarding the communication of audit engagement observations?

A. Criteria, condition, cause, and effect must be communicated for material observations onlyB. Criteria, condition, cause, and effect must be communicated for material observations and significant

deficiencies onlyC. Criteria, condition, cause, and effect must be communicated for all engagement observations.D. Criteria, condition, cause, and effect do not need to be communicated for insignificant observations with

adquate compensating key controls.



QUESTION 294Which of the following situations justifies the release of an interim report to management and the board?· The internal auditor is convinced that the audit observations require immediate attention. · The internalauditor would like to communicate a change in engagement scope for the activity under review.· The internal auditor notes that the engagement may extend over a longer time period. · The auditsupervisor believes that issuing interim reports eases supervisory review and controls over working papers.

A. 1 and 3 onlyB. 2 and 3 onlyC. 1, 2, and 3 onlyD. 2, 3, and 4 only

Correct Answer: C



QUESTION 295The chief audit executive of a large publicly held bank is using a risk based approach to update the annualaudit plan. Which of the following sources of information will have the least impact on the plan?

A. The 12 month forecast of commercial property values.B. Recent changes to the bank's strategic plan.C. Regulatory changes impacting capitalization for all publicly traded banks.D. Continuous changes in the prime lending rate set by the country's central bank.



QUESTION 296According to IIA guidance,when performing a compliance audit of data security standards for a large e-commerce retailer, which of the following would represent the least likely area of risk exposure?

A. Operational risks.B. Change or configuration risks.C. Access risks.D. Physical security risks.



QUESTION 297An internal auditor for a large telecommunications organization identified potential risk factors related to aplanned billing system conversion. Which of the following risk factors would present the least potentialexposure to the organization?

A. Critical customer support functions are not available for a short period.B. Invoice generation disruptions due to required maintenance.C. Inaccurate billing of telephone calls due to database error.D. End user criticism and lack of support for the new system.



QUESTION 298While reviewing the draft report of an audit engagement, the chief audit executive (CAE) is not inagreement with management's acceptance of the potential risk exposure resulting from an observed keycontrol weakness. Which of the following actions by the CAE would be appropriate for addressing thisconcern?

· Meet with the auditor-in-charge.· Discuss with senior management.· Monitor the result of the accepted risk.· Report the matter to the board.




QUESTION 299Which of the following statements is correct regarding the use of a program evaluation and reviewtechnique (PERT) model?· It makes use of a probability model to arrive at a realistic estimate of time necessary for completion of theaudit engagement.· It requires that activities are performed in sequence such that each task is completed before thecommencement of the next activity.· It remains fixed once completed to act as a baseline for measuring the performance of the audit stafffollowing completion of the engagement.· It begins with the auditor-in-charge identifying the overall scope and then breaking down the auditengagement into identifiable activity units.




QUESTION 300According to IIA guidance, which of the following are benefits to the internal audit activity when conductingan assurance mapping exercise?

A. Identification of gaps in risk coverage, and minimization of duplicate assurance efforts.B. Identification of gaps in risk coverage, and consolidation of risk reporting efforts.C. Resolution of identified testing errors, and miminization of duplicate assurance efforts.D. Resolution of identified testing errors, and consolidation of risk reporting efforts.



QUESTION 301The chief audit executive (CAE) of a large retail operation believes that senior management has accepted alevel of risk that exceeds the organization's current risk tolerance with respect to a major expansion. TheCAE plans to meet with senior management to discuss these concerns. According to IIA guidance, which of

the following would be an appropriate course of action in preparation for this meeting?· Understand management's basis for the decision.· Advise the board of the concern and upcoming meeting. · Ascertain which members of management haveaccepted the risk. · Determine if management has the authority to accept the risk.




QUESTION 302During the quarterly review of the internal audit activity's performance, the chief audit executive (CAE) notesthat actual engagement hours consistently exceed the budget. Which of the following strategies would mostlikely help the CAE address this problem? · The budget should consider time spent on similarengagements. · The budget should consider the proficiency of the assigned auditors. · The budget estimateshould provide for unexpected delays. · The budget should be specific as to time for each work assignment.




QUESTION 303According to IIA guidance, which of the following actions might place the independence of the internal auditfunction in jeopardy?

A. Having no active role or involvement in the risk management process.B. Auditing the risk management process for reasonableness.C. Coordinating and managing the risk management process.D. Participating with management in identifying and evaluating risks.



QUESTION 304According to IIA guidance, which of the following would not be a consideration for the internal audit activity(IAA) when determining the need to follow-up on recommendations?

A. Degree of effort and cost needed to correct the reported condition.B. Complexity of the corrective action.

C. Impact that may result should the corrective action fail.D. Amount of resources required to conduct the follow-up activities.



QUESTION 305Which of the following is an appropriate responsibility for the internal audit activity with regard to theorganization's risk management program?

A. Identifying and managing risks in line with the entity's risk appetite.B. Ensuring that a proper and effective risk management process exists.C. Attaining an adequate understanding of the entity's key mitigation strategies.D. Identifying and ensuring that appropriate controls exist to mitigate risks.



QUESTION 306Which of the following is a detective control for managing the risk of fraud?

A. Awareness of prior incidents of fraud.B. Contractor non-disclosure agreements.C. Verification of currency exchange rates.D. Receipts for employee expenses.



QUESTION 307Which of the following is a justifiable reason for omitting advance client notice when planning an auditengagement?

A. Advance notice may result in management making corrections to reduce the number of potentialdeficiencies.

B. Previous management action plans addressing prior internal audit recommendations remainincomplete.

C. The engagement includes audit assurance procedures such as sensitive or restricted assetverifications.

D. The audit engagement has already been communicated and approved through the annual audit plan.



QUESTION 308According to IIA guidance, organizations have the most influence on which element of fraud?

A. Opportunity.B. Rationalization.C. Pressure.D. Incentives.



QUESTION 309The external auditor has identified a number of production process control deficiencies involving severaldepartments. As a result, senior management has asked the internal audit activity to complete internalcontrol training for all related staff. According to IIA guidance, which of the following would be the mostappropriate course of action for the chief audit executive to follow?

A. Refuse to accept the consulting engagement because it would be a violation of independence.B. Collaborate with the external auditor to ensure the most efficient use of resources.C. Accept the engagement but hire an external training specialist to provide the necessary expertise.D. Accept the engagement even if the audit engagement staff was previously responsible for operational

areas being trained.



QUESTION 310Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?

A. To gain access to a wider variety of skills, competencies and best practices.B. To complement existing expertise with a required skill and competency for a particular audit

engagement.C. To focus on and strengthen core audit competencies.D. To provide the organization with appropriate contingency planning for the internal audit function.



QUESTION 311Which of the following statements about internal audit's follow-up process is true?

A. The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure qualityperformance.

B. The actions of external auditors and other external assurance providers is not encompassed by internalaudit's follow-up process.

C. Internal auditors have responsibility for determining if management and the board have implementedthe recommended action or otherwise accepted the risk.

D. The follow-up process must be complete and documented in the working papers in order to conclude

the engagement.



QUESTION 312A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part ofthe contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, thedelivery of the aircraft had fallen substantially behind schedule while the training had already beencompleted. If half of the aircraft under contract have been delivered, which of the following should theinternal auditor expect to be accounted for in the general ledger?

A. Training costs allocated to the number of aircraft delivered, and the cost of actual production hourscompleted to date.

B. All completed training costs, and the cost of actual production hours completed to date.C. Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.D. All completed training costs, and 50% of the contracted production costs.



QUESTION 313An internal auditor determines that certain information from the engagement results is not appropriate fordisclosure to all report recipients because it is privileged. In this situation, which of the following actionswould be most appropriate?

A. Disclose the information in a separate report.B. Distribute the information in a confidential report to the board onlyC. Distribute the reports through the use of blind copies.D. Exclude the results from the report and verbally report the conditions to senior management and the

board.



QUESTION 314For which of the following fraud engagement activities would it be most appropriate to involve a forensicauditor?

A. Independently evaluating conflicts of interests.B. Assessing contracts for relevant terms and conditions.C. Performing statistical analysis for data anomalies.D. Preparing evidentiary documentation.



QUESTION 315According to IIA guidance,which of the following is true about the supervising internal auditor's reviewnotes?· They are discussed with management prior to finalizing the audit. · They may be discarded after workingpapers are amended as appropriate. · They are created by the auditor to support her fieldwork in case ofquestions. · They are not required to support observations issued in the audit report.




QUESTION 316During a fraud interview, it was discovered that unquestioned authority enabled a vice president to stealfunds from the organization. Which of the following best describes this condition?

A. Scheme.B. Opportunity.C. Rationalization.D. Pressure.



QUESTION 317According to IIA guidance, which of the following are appropriate actions for the chief audit executiveregarding management's response to audit recommendations?

A. Evaluate and verify management's response, and determine the need and scope for additional work.B. Evaluate and verify management's response, and establish timelines for corrective action by

management.C. Oversee the corrective actions undertaken by management, and determine the need and scope for

additional work.D. Oversee the corrective actions undertaken by management, and establish timelines for corrective action

by management.



QUESTION 318According to the Standards, which of the following is leastimportant in determining the adequacy of anannual audit plan?

A. Sufficiency.B. Appropriateness.C. Effective deployment.D. Cost effectiveness.



QUESTION 319The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internalaudit departments located around the world, is reviewing responsibilities for engagement reports. Accordingto IIA guidance, which of the following statements is true?

A. The CAE is required to review, approve, and sign every engagement report.B. The CAE is required to review, approve, and sign all regulatory compliance engagement reports onlyC. The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but

should review the reports after they are issued.D. The internal audit charter must identify authorized signers of engagement reports.



QUESTION 320The internal audit activity (IAA) wants to measure its performance related to the quality of auditrecommendations. Which of the following client survey questions would best help the IAA meet thisobjective?

A. Were audit findings relevant and useful to management?B. Does the audit report format present issues clearly and concisely?C. Does the IAA work with a high degree of professionalism and objectivity?D. Were the findings reported in a timely manner?



QUESTION 321When forming an opinion on the adequacy of management's systems of internal control, which of thefollowing findings would provide the most reliable assurance to the chief audit executive? · During an auditof the hiring process in a law firm, it was discovered that potential employees' credentials were not alwaysconfirmed sufficiently. This process remained unchanged at the following audit.· During an audit of the accounts payable department, auditors calculated that two percent of accountswere paid past due. This condition persisted at a follow up audit. · During an audit of the vehicle fleet of arental agency, it was determined that at any given time, eight percent of the vehicles were not operational.During the next audit, this figure had increased. · During an audit of the cash handling process in a casino,internal audit discovered control deficiencies in the transfer process between the slot machines and thecash counting area. It was corrected immediately.

A. 1 and 3 only

B. 1 and 4 onlyC. 2 and 3 onlyD. 2 and 4 only



QUESTION 322An internal auditor and engagement client are deadlocked over the auditor's differing opinion withmanagement on the adequacy of access controls for a major system. Which of the following strategieswould be the most helpful in resolving this dispute?

A. Conduct a joint brainstorming session with management.B. Ask the chief audit executive to mediate.C. Disclose the client's differing opinion in the final report.D. Escalate the issue to senior management for a decision.



QUESTION 323When setting the scope for the identification and assessment of key risks and controls in a process, whichof the following would be the least appropriate approach?

A. Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectivesare considered.

B. Develop the scope of the audit to include controls that are necessary to manage risk associated with acritical business objective.

C. Specify that the auditors need to assess only key controls, but may include an assessment of non-keycontrols if there is value to the business in providing such assurance.

D. Ensure the audit includes an assessment of manual and automated controls to determine whetherbusiness risks are effectively managed.



QUESTION 324According to IIA guidance, which of the following is true when the internal audit activity is asked toinvestigate potential ethics violations in a foreign subsidiary?

A. Communication of any internal ethics violations to external parties may occur with appropriatesafeguards.

B. Cultural impacts are less critical where the organization practices uniform polices around the globe.C. Cross-cultural differences should always be handled by the staff of the same cultural background.D. Local law enforcement should be involved as they are more familiar with the applicable local laws.


Explanation


QUESTION 325The chief audit executive of a medium-sized financial institution is evaluating the staffing model of theinternal audit activity (IAA). According to IIA guidance, which of the following are the most appropriatestrategies to maximize the value of the current IAA resources? · The annual audit plan should includeaudits that are consistent with the skills of the IAA. · Audits of high-risk areas of the organization should beconducted by internal audit staff. · External resources may be hired to provide subject-matter expertise butshould be supervised. · Auditors should develop their skills by being assigned to complex audits for learningopportunities.




QUESTION 326It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has thefollowing items to submit to either the board or the chief executive officer (CEO) for approval. According toIIA guidance, which of the following items should be submitted only to the CEO?

A. The internal audit risk assessment and audit plan for the next fiscal year.B. The internal audit budget and resource plan for the coming fiscal year.C. A request for an increase of the CAE's salary for the next fiscal year.D. The evaluation and compensation of the internal audit team.



QUESTION 327An internal control questionnaire would be most appropriate in which of the following situations?

A. Testing controls where operating procedures vary.B. Testing controls in decentralized offices.C. Testing controls in high risk areas.D. Testing controls in areas with high control failure rates.



QUESTION 328According to IIA guidance, which of the following statements is true regarding the authority of the chief audit

executive (CAE) to release previous audit reports to outside parties?

A. The CAE can release prior internal audit reports with the approval of the board and senior management.B. The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.C. The CAE can only release prior information outside the organization when mandated by legal or

statutory requirements.D. The CAE can release prior information provided it is as originally published and distributed within the

organization.



QUESTION 329An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group.Which of the following is the most appropriate role that she should assume when facilitating the workshop?

A. Express an opinion on the participants' inputs and conclusions as the assessment progresses.B. Provide appropriate techniques and guidelines on how the exercise should be undertaken.C. Evaluate and report on all issues that may be uncovered during the exercise.D. Screen and vet participants so that the most appropriate candidates are selected to participate in the

exercise.



QUESTION 330An audit identified a number of weaknesses in the configuration of a critical client/server system. Althoughsome of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest willrequire between 6 and 18 months for completion. Consequently, management has developed a detailedaction plan, with anticipated completion dates, for addressing the weaknesses. What is the mostappropriate course of action for the chief audit executive to take?

A. Assess the status of corrective action during a follow-up audit engagement after the action plan hasbeen completed.

B. Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages,and denials of service.

C. Reassign information systems auditors to assist in implementing management's action plan.D. Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and

deliverables.



QUESTION 331Which of the following is not an outcome of control self-assessment?

A. Informal, soft controls are omitted, and greater focus is placed on hard controls.B. The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and

continuous improvement.C. Internal auditors become involved in and knowledgeable about the self-assessment process.D. Nonaudit employees become experienced in assessing controls and associating control processes with

managing risks.



QUESTION 332A code of business conduct should include which of the following to increase its deterrent effect?1. Appropriate descriptions of penalties for misconduct.2. A notification that code of conduct violations may lead to criminal prosecution.3. A description of violations that injure the interests of the employer.4. A list of employees covered by the code of conduct.

A. 1 and 2B. 1 and 3C. 2 and 4D. 3 and 4



QUESTION 333New environmental regulations require the board to certify that the organization's reported pollutantemissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance overthe organization's compliance with the environmental regulations. Which of the following groups orindividuals is most important for the CAE to consult to determine the scope of the audit?

A. The audit committee of the board.B. The environmental, health, and safety manager.C. The organization's external environmental lawyers.D. The organization's insurance department.



QUESTION 334The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise riskmanagement process. Which of the following activities is appropriate for IAA to perform withoutsafeguards?

A. Coach management in responding to risks.B. Develop risk management strategies for board approval.C. Facilitate identification and evaluation of risks.D. Evaluate risk management processes.

Correct Answer: D



QUESTION 335According to IIA guidance, which of the following statements are true regarding the internal audit plan?1. The audit plan is based on an assessment of risks to the organization.2. The audit plan is designed to determine the effectiveness of the organization's risk managementprocess.3. The audit plan is developed by senior management of the organization.4. The audit plan is aligned with the organization's goals.

A. 1 and 2 onlyB. 3 and 4 onlyC. 1, 2, and 4D. 1, 3, and 4



QUESTION 336An internal auditor is assessing the organization's risk management framework. Which of the followingformulas should he use to calculate the residual risk?

A.

B.

C.

D.

A. Option AB. Option BC. Option CD. Option D



QUESTION 337Which of the following statements is false regarding roles and responsibilities pertaining to riskmanagement and control?

A. Senior management is charged with overseeing the establishment risk management and controlprocesses.

B. The chief audit executive is responsible for overseeing the evaluation risk management and controlprocesses.

C. Operating managers are responsible for assessing risks and controls in their departments.D. Internal auditors provide assurance about risk management and control process effectiveness.



QUESTION 338Which of the following should be included in a privacy audit engagement?1. Assess the appropriateness of the information gathered.2. Review the methods used to collect information.3. Consider whether the information collected is in compliance with applicable laws.4. Determine how the information is stored.

A. 1 and 3 onlyB. 2 and 4 onlyC. 1, 3, and 4 onlyD. 1, 2, 3, and 4



QUESTION 339Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forwardcontracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses fromindividual purchases of jet fuel, which of the following details does the internal auditor need to validate?1. The hedge documentation designating the hedge.2. The spot exchange rate on the transaction date.3. The terms of the forward contract.4. The amount of fuel purchased.





QUESTION 340Which of the following statements describes an engagement planning best practice?

A. It is best to determine planning activities on a case-by-case basis because they can vary widely fromengagement to engagement.

B. If the engagement subject matter is not unique, it is not necessary to outline specific testing proceduresduring the planning phase.

C. The engagement plan includes the expected distribution of the audit results, which should be keptconfidential until the audit report is final.

D. Engagement planning activities include setting engagement objectives that align with audit client'sbusiness objectives.



QUESTION 341Which of the following is not a primary purpose for conducting a walk-through during the initial stages of anassurance engagement?

A. To help develop process maps.B. To determine segregation of duties.C. To identify residual risks.D. To test the adequacy of controls.



QUESTION 342After the team member who specialized in fraud investigations left the internal audit team, the chief auditexecutive decided to outsource fraud investigations to a third party service provider on an as needed basis.Which of the following is most likely to be a disadvantage of this outsourcing decision?

A. Cost.B. Independence.C. Familiarity.D. Flexibility.



QUESTION 343Which of the following is an effective approach for internal auditors to take to improve collaboration withaudit clients during an engagement?1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scopeaccordingly.2. Discuss the engagement plan with the client so the client can understand the reasoning behind theapproach.3. Review test criteria and procedures where the client expresses concerns about the type of tests to beconducted.4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts beforepublishing the report.

A. 1 and 2 only

B. 1 and 4 onlyC. 2 and 3 onlyD. 3 and 4 only



QUESTION 344According to IIA guidance, which of the following is true regarding the exit conference for an internal auditengagement?

A. A primary purpose of the exit conference is to provide for the timely communication of observations thatcall for immediate management action.

B. Both the chief audit executive and the chief executive over the activity or function reviewed must attendthe exit conference to validate the findings.

C. The exit conference provides only anticipated results for inclusion in the final audit communication.D. During the exit conference, the performance of the internal auditors who executed the engagement is

reviewed.



QUESTION 345Which of the following components should be included in an audit finding?1. The scope of the audit.2. The standard(s) used by the auditor to make the evaluation.3. The engagement's objectives.4. The factual evidence that the internal auditor found in the course of the examination.

A. 1 and 2B. 1 and 3 onlyC. 2 and 4D. 1, 3, and 4



QUESTION 346A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports toreview for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statementon each report. According to IIA guidance, which of the following opinions would receive the lowest reviewpriority?1. Graded positive opinion.2. Negative assurance opinion.3. Limited assurance opinion.4. Third-party opinion.

A. 1 and 3

B. 1 and 4C. 2 and 3D. 2 and 4



QUESTION 347After finalizing an assurance engagement concerning safety operations in the oil mining process, the auditteam concluded that no key controls were compromised. However, some opportunities for improvementwere noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) toreport these results?

A. The CAE should send the final report to operational and senior management and the audit committee.B. The CAE should send the final report to operational management only, as there is no need to

communicate this information to higher levels.C. The CAE should notify operational and senior management that the audit engagement was completed

with no significant findings to report.D. The CAE should send the final report to operational management and notify senior management and

the audit committee that no significant findings were identified.



QUESTION 348While conducting an audit of a third party's Web-based payment processor, an internal auditor discoversthat a programming error allows customers to create multiple accounts for a single mailing address.Management agrees to correct the program and notify customers with multiple accounts that the accountswill be consolidated. Which of the following actions should the auditor take?1. Schedule a follow-up review to verify that the program was corrected and the accounts wereconsolidated.2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.3. Amend the scope of the subsequent audit to verify that the program was corrected and that accountswere consolidated.4. Submit management's plan of action to the external auditors for additional review.




QUESTION 349An internal auditor is conducting a review of the procurement function and uncovers a potential conflict ofinterest between the chief operating officer and a significant supplier of IT software development services.Which of the following actions is most appropriate for the internal auditor to take?

A. Inform the audit supervisor.B. Investigate the potential conflict of interest.C. Inform the external auditors of the potential conflict of interest.D. Disregard the potential conflict, because it is outside the scope of the audit assignment.



QUESTION 350A large retail organization, which sells most of its products online, experiences a computer hacking incident.The chief IT officer immediately investigates the incident and concludes that the attempt was notsuccessful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor.Which of the following actions should the CAE take?1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented asa result of the security breach, if any.2. Immediately inform the chair of the audit committee of the security breach, because thus far only thechief IT officer is aware of the incident.3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.4. Include the incident in the next quarterly report to the audit committee.




QUESTION 351During an assurance engagement, an internal auditor noted that the time staff spent accessing customerinformation in large Excel spreadsheets could be reduced significantly through the use of macros. Theauditor would like to train staff on how to use the macros. Which of the following is the most appropriatecourse of action for the internal auditor to take?

A. The auditor must not perform the training, because any task to improve the business process couldimpact audit independence.

B. The auditor must create a new, separate consulting engagement with the business process owner priorto performing the improvement task.

C. The auditor should get permission to extend the current engagement, and with the process owner'sapproval, perform the improvement task.

D. The auditor may proceed with the improvement task without obtaining formal approval, because thetask is voluntary and not time-intensive.



QUESTION 352According to IIA guidance, which of the following strategies would add the least value to the achievement of

the internal audit activity's (IAA's) objectives?

A. Align organizational activities to internal audit activities and measure according to the approved IAAperformance measures.

B. Establish a periodic review of monitoring and reporting processes to help ensure relevant IAA reporting.C. Use the results of IAA engagement and advisory reporting to guide current and future internal audit

activities.D. Establish a format and frequency for IAA reporting that is appropriate and aligns with the organization's

governance structure.



QUESTION 353According to IIA guidance, which of the following statements best justifies a chief audit executive's requestfor external consultants to complement internal audit activity (IAA) resources?

A. The organization's audit universe is extensive and diverse.B. There has been an increase in unanticipated requests for advisory work.C. Previous work provided by the external service provider has been of great quality and value.D. A recent benchmarking study found that using external service providers is a common practice of

similarly-sized IAAs in other organizations.



QUESTION 354The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with theStandards through a quality assurance review. According to the Standards, which of the following areacceptable practice for this review?1. Use an external service provider.2. Conduct a self-assessment with independent validation.3. Arrange for a review by qualified employees outside of the IAA.4. Arrange for reciprocal peer review with another CAE.

A. 1 and 2B. 2 and 4C. 1, 2, and 3D. 2, 3, and 4



QUESTION 355A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's riskmanagement processes. Which of the following people should prioritize risks to be used for the audit plan?

A. Operational management, because they are responsible for the day-to-day management of the

operational risks.B. The CRO, because he is responsible for coordinating and project managing risk activities based on his

specialized skills and knowledge.C. The chief audit executive, although he is not accountable for risk management in the organization.D. The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed

tolerance limits set by the board.



QUESTION 356Which of the following actions are appropriate for the chief audit executive to perform when identifying auditresource requirements?1. Consider employees from other operational areas as audit resources, to provide additional auditcoverage in the organization.2. Approach an external service provider to conduct internal audits on certain areas of the organization, dueto a lack of skills in the organization.3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due tolimited IT audit skills among the audit staff.4. Communicate to senior management a summary report on the status and adequacy of audit resources.




QUESTION 357The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop forprocess managers and staff to identify opportunities for improving productivity and reducing defects. Whichof the following is the most likely reason the CRO chose the workshop approach?

A. It minimizes the amount of time spent and cost incurred to gather the necessary information.B. Responses can be confidential, thus encouraging participants to be candid expressing their concerns.C. Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.D. Workshop participants have an opportunity to learn while contributing ideas toward the objectives.



QUESTION 358Which of the following is the primary purpose of financial statement audit engagements?

A. To assess the efficiency and effectiveness of the accounting department.B. To evaluate organizational and departmental structures, including assessments of process flows related

to financial matters.

C. To provide a review of routine financial reports, including analyses of selected accounts for compliancewith generally accepted accounting principles.

D. To provide an analysis of business process controls in the accounting department, including tests ofcompliance with internal policies and procedures.



QUESTION 359An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas ofthe finance department, despite previous audit recommendations. Which of the following recommendationsis the most appropriate to address this concern?

A. Recommend additional segregation-of-duty reviews.B. Recommend appropriate awareness training for all finance department staff.C. Recommend rotating finance staff in this area.D. Recommend that management address these concerns immediately.



QUESTION 360Which of the following has the greatest effect on the efficiency of an audit?

A. The complexity of deficiency findings.B. The adequacy of preliminary survey information.C. The organization and content of workpapers.D. The method and amount of supporting detail used for the audit report.



QUESTION 361Which of the following is least likely to help ensure that risk is considered in a work program?

A. Risks are discussed with audit client.B. All available information from the risk-based plan is used.C. Client efforts to affect risk management are considered.D. Prior risk assessments are considered.



QUESTION 362

An internal auditor is conducting an assessment of the purchasing department. She has worked the fullamount of hours budgeted for the engagement; however, the audit objectives are not yet complete.According to IIA guidance, which of the following are appropriate options available to the chief auditexecutive?1. Allow the auditor to decide whether to extend the audit engagement.2. Determine whether the work already completed is sufficient to conclude the engagement.3. Provide the auditor feedback on areas of improvement for future engagements.4. Provide the auditor with instructions and directions to complete the audit.

A. 1, 2, and 3B. 1, 2, and 4C. 1, 3, and 4D. 2, 3, and 4



QUESTION 363Which of the following factors would the auditor in charge be least likely to consider when assigning tasksto audit team members for an engagement?

A. The amount of experience the auditors have conducting audits in the specific area of the organization.B. The availability of the auditors in relation to the availability of key client staff.C. Whether the budgeted hours are sufficient to complete the audit within the current scope.D. Whether outside resources will be needed, and their availability.



QUESTION 364An organization's internal audit plan includes a recurring assurance review of the human resources (HR)department. Which of the following statements is true regarding preliminary communication between theauditor in charge (AIC) and the HR department?1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.2. The AIC should notify HR management before the planning stage begins.3. The AIC should schedule formal status meetings with HR management at the start of the engagement.4. The AIC should finalize the scope of the engagement before communicating with HR management.




QUESTION 365The final internal audit report should be distributed to which of the following individuals?

A. Audit client management onlyB. Executive management onlyC. Audit client management, executive management, and others approved by the chief audit executive.D. Audit client management, executive management, and any those who request a copy.



QUESTION 366According to IIA guidance, which of the following individuals should receive the final audit report on acompliance engagement for the organization's cash disbursements process?

A. The accounts payable supervisor, accounts payable manager, and controller.B. The accounts payable manager, purchasing manager, and receiving manager.C. The accounts payable supervisor, controller, and treasurer.D. The accounts payable manager, chief financial officer, and audit committee.



QUESTION 367If observed during fieldwork by an internal auditor, which of the following activities is least important tocommunicate formally to the chief audit executive?

A. Acts that may endanger the health or safety of individuals.B. Acts that favor one party to the detriment of another.C. Acts that damage or have an adverse effect on the environment.D. Acts that conceal inappropriate activities in the organization.



QUESTION 368An internal auditor submitted a report containing recommendations for management to enhance internalcontrols related to investments. To follow up, which of the following is the most appropriate action for theinternal auditor to take?

A. Observe corrective measures.B. Seek a management assurance declaration.C. Follow up during the next scheduled audit.D. Conduct appropriate testing to verify management responses.



Explanation:

QUESTION 369Which of the following would most likely cause an internal auditor to consider adding fraud work steps tothe audit program?

A. Improper segregation of duties.B. Incentives and bonus programs.C. An employee's reported concerns.D. Lack of an ethics policy.



QUESTION 370Which of the following recommendations made by the internal audit activity (IAA) is most likely to helpprevent fraud?

A. A review of password policy compliance found that employees frequently use the same password morethan once during a year. The IAA recommends that the access control software reject any passwordused more than once during a 12-month period.

B. A review of internal service-level agreement compliance in financial services found that requests forinformation frequently are fulfilled up to two weeks late. The IAA recommends that the financial servicesunit be eliminated for its ineffectiveness.

C. A vacation policy compliance review found that employees frequently leave on vacation before theirleave applications are signed by their manager. The IAA recommends that the manager attend to theleave applications in a more timely fashion.

D. A review of customer service-level agreements found that orders to several customers are frequentlydelivered late. The IAA recommends that the organization extend the expected delivery time advertisedon its website.



QUESTION 371An organization's board would like to establish a formal risk management function and has asked the chiefaudit executive (CAE) to be involved in the process. According to IIA guidance, which of the following rolesshould the CAE not undertake?

A. Manage and coordinate risk management processes.B. Audit risk management processes.C. Become involved in risk oversight committees, monitoring activities, and status reporting.D. Accept management's responsibility for risk management without board approval.



QUESTION 372When creating the internal audit plan, the chief audit executive should prioritize engagements based

primarily on which of the following?

A. The last available risk assessment.B. Requests from senior management and the board.C. The longest interval since the last examination of each audit universe item.D. The auditable areas required by regulatory agencies.



QUESTION 373Which of the following conditions are necessary for successful change management?1. Decisions and necessary actions are taken promptly.2. The traditions of the organization are respected.3. Changes result in improvement or reform.4. Internal and external communications are controlled.




QUESTION 374A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. Shewould like to consider the organization's attitude toward risk and the degree of difficulty in achievingobjectives. Which of the following resources should the CAE consult?

A. The corporate risk register.B. The strategic plan.C. Internal and external audit reports.D. The board's meeting records.



QUESTION 375When establishing a quality assurance and improvement program, the chief audit executive should ensurethe program is designed to accomplish which of the following objectives?1. Add value.2. Improve operations.3. Provide assurance that the internal audit activity conforms with the Standards.4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.

A. 1 onlyB. 1 and 2 only

C. 1 and 3 onlyD. 1, 2, 3, and 4



QUESTION 376Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?

A. To evaluate controls regarding the computer security of an oil refinery.B. To examine the processes involved in exploring, developing, and operating a gold mine.C. To assess the likelihood and impact of events associated with operating a finished goods warehouse.D. To link a financial institution's business objectives to a work unit responsible for the associated risk.



QUESTION 377Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following auditobjectives would be most important to prevent fraud?

A. Verify that amounts are correct.B. Verify that payments are on time.C. Verify that recipients are valid employees.D. Verify that benefits deductions are accurate.



QUESTION 378Which of the following statements is false regarding audit criteria?

A. Audit criteria should be consistent across audit assignments.B. Audit criteria should represent reasonable standards against which to assess existing conditions.C. Audit criteria should provide flexibility but allow identification of nonadherence.D. Audit criteria should equate to good or acceptable management practices.



QUESTION 379An audit client responded to recommendations from a recent consulting engagement. The client indicatedthat several recommended process improvements would not be implemented. Which of the following

actions should the internal audit activity take in response?

A. Escalate the unresolved issues to the board, because they could pose significant risk exposures to theorganization.

B. Confirm the decision with management and document this decision in the audit file.C. Document the issue in the audit file and follow up until the issues are resolved.D. Initiate an assurance engagement on the unresolved issues.



QUESTION 380Which of the following is the most important concept to be included in a consulting engagementagreement?

A. Define the duties and responsibilities needed from management to perform the engagement.B. Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of

the review.C. Clarify that matters discovered during the engagement may also be reported to senior management and

the audit committee.D. Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are

implemented adequately.



QUESTION 381An employee in the sales department completes a purchase requisition and forwards it to the purchaser.The purchaser places competitive bids and orders the requested items using approved purchase orders.When the employee receives the ordered items, she forwards the packing slips to the accounts payabledepartment. The invoice for the ordered items is sent directly to the sales department, and anadministrative assistant in the sales department forwards the invoices to the accounts payable departmentfor payment. Which of the following audit steps best addresses the risk of fraud in the cash receiptsprocess?

A. Verify that approvals of purchasing documents comply with the authority matrix.B. Observe whether the purchase orders are sequentially numbered.C. Examine whether the sales department supervisor approves invoices for payment.D. Determine whether the accounts payable department reconciles all purchasing documents prior to

payment.



QUESTION 382According to IIA guidance, which of the following are the most important objectives for helping to ensure theappropriate completion of an engagement?1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.

3. Provide structured learning opportunities for engagement auditors when possible.4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.

A. 1, 2, and 3B. 1, 2, and 4C. 1, 3, and 4D. 2, 3, and 4



QUESTION 383When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria aremost important for the chief audit executive to consider for the effective use of audit resources?1. The competency and qualifications of the audit staff for specific assignments.2. The effectiveness of IAA staff performance measures.3. The number of training hours received by staff auditors compared to the budget.4. The geographical dispersion of audit staff across the organization.




QUESTION 384When developing the scope of an audit engagement, which of the following would the internal auditortypically not need to consider?

A. The need and availability of automated support.B. The potential impact of key risks.C. The expected outcomes and deliverables.D. The operational and geographic boundaries.



QUESTION 385Which of the following situations would justify the removal of a finding from the final audit report?

A. Management disagrees with the report findings and conclusions in their responses.B. Management has already satisfactorily completed the recommended corrective action.C. Management has provided additional information that contradicts the findings.D. Management believes that the finding is insignificant and unfairly included in the report.



QUESTION 386According to IIA guidance, which of the following activities is most likely to enhance stakeholders'perception of the value the internal audit activity (IAA) adds to the organization?1. The IAA uses computer-assisted audit techniques and IT applications.2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.




QUESTION 387A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internalauditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probefurther when reviewing incidents that have the appearance of misbehavior?

A. Integrity.B. Flexibility.C. Initiative.D. Curiosity.



QUESTION 388According to IIA guidance, which of the following procedures would be least effective in managing the riskof payroll fraud?

A. The employee's name listed on organization's payroll is compared to the personnel records.B. Payroll time sheets are reviewed and approved by the timekeeper before processing.C. Employee access to the payroll database is deactivated immediately upon termination.D. Changes to payroll are validated by the personnel department before being processed.



QUESTION 389During an assurance engagement, an internal auditor discovered that a sales manager approved numeroussales contracts for values exceeding his authorization limit. The auditor reported the finding to the auditsupervisor, noting that the sales manager had additional new contracts under negotiation. According to IIAguidance, which of the following would be the most appropriate next step?

A. The audit supervisor should include the new contracts in the finding for the final audit report.B. The audit supervisor should communicate the finding to the supervisor of the sales manager through an

interim report.C. The audit supervisor should remind the sales manager of his authority limit for the contracts under

negotiation.D. The auditor should not reference the new contracts, because they are not yet signed and therefore

cannot be included in the final report.



QUESTION 390An internal auditor wants to determine whether employees are complying with the information securitypolicy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked asample of 90 desks and found eight that contained sensitive information. How should this observation bereported, if the organization tolerates 4 percent noncompliance?

A. The matter does not need to be reported, because the noncompliant findings fall within the acceptabletolerance limit.

B. The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to theinformation security manager.

C. The incidents of noncompliance fall outside the acceptable tolerance limit and require immediatecorrective action, as opposed to reporting.

D. The incidents of noncompliance exceed the tolerance level and should be included in the finalengagement report.



QUESTION 391Which of the following is the primary reason the chief audit executive should consider the organization'sstrategic plans when developing the annual audit plan?

A. Strategic plans reflect the organization's business objectives and overall attitude toward risk.B. Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal

audit activity resources.C. Strategic plans are likely to show areas of weak financial controls.D. The strategic plan is a relatively stable document on which to base audit planning.



QUESTION 392

An organization has a health and safety division that conducts audits to meet regulatory requirements. Thechief health and safety officer reports directly to the CEO. Which of the following describes an appropriaterole for the chief audit executive (CAE) with regard to the organization's health and safety program?

A. The CAE has no role to play, because the chief health and safety officer reports to a senior executive.B. The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an

understanding of whether risks related to health and safety are managed properly.C. The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is

the appropriate regulatory oversight body.D. The CAE should hire an independent external specialist to conduct an annual assessment and provide

assurance over the effectiveness of the health and safety program and the reliability of its reports.



QUESTION 393Which of the following factors should a chief audit executive consider when determining the audit universe?1. Components of the organization's strategic plan.2. Inputs from senior management and the board.3. Views of competitors and business associates.4. Results of exit interviews with departing employees.




QUESTION 394Which of the following evaluation criteria would be the most useful to help the chief audit executivedetermine whether an external service provider possesses the knowledge, skills, and other competenciesneeded to perform a review?

A. The financial interest the service provider may have in the organization.B. The relationship the service provider may have had with the organization or the activities being

reviewed.C. Compensation or other incentives that may be applicable to the service provider.D. The service provider's experience in the type of work being considered.



QUESTION 395Which of the following behaviors could represent a significant ethical risk if exhibited by an organization'sboard?1. Intervening during an audit involving ethical wrongdoing.2. Discussing periodic reports of ethical breaches.

3. Authorizing an investigation of an unsafe product.4. Negotiating a settlement of an employee claim for personal damages.




QUESTION 396According to IIA guidance, which of the following is true regarding audit supervision?1. Supervision should be performed throughout the planning, examination, evaluation, communication, andfollow-up stages of the audit engagement.2. Supervision should extend to training, time reporting, and expense control, as well as administrativematters.3. Supervision should include review of engagement workpapers, with documented evidence of the review.

A. 1 and 2 onlyB. 1 and 3 onlyC. 2 and 3 onlyD. 1, 2, and 3



QUESTION 397Which of the following best describes the four components of a balanced scorecard?

A. Customers, innovation, growth, and internal processes.B. Business objectives, critical success factors, innovation, and growth.C. Customers, support, critical success factors, and learning.D. Financial measures, learning and growth, customers, and internal processes.



QUESTION 398Which of the following is not a direct benefit of control self-assessment (CSA)?

A. CSA allows management to have input into the audit plan.B. CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.C. CSA can improve the control environment.D. CSA increases control consciousness.

Correct Answer: A



QUESTION 399An internal auditor is conducting a financial audit. Which of the following audit procedures is mostappropriate when existing internal controls are weak?

A. Analytical procedures.B. Detail testing.C. Test of design.D. Test of control.



QUESTION 400A draft internal audit report that cites deficient conditions generally should be reviewed with which of thefollowing groups?1. The client manager and her superior.2. Anyone who may object to the report's validity.3. Anyone required to take action.4. The same individuals who receive the final report.

A. 1 onlyB. 1 and 2 onlyC. 1, 2, and 3D. 1, 2, and 4



QUESTION 401Which of the following statements is true pertaining to interviewing a fraud suspect?1. Information gathered can be subjective as well as objective to be useful.2. The primary objective is to obtain a voluntary written confession.3. The interviewer is likely to begin the interview with open-ended questions.4. Video recordings always should be used to provide the highest quality evidence.

A. 1 onlyB. 4 onlyC. 1 and 3D. 2 and 4



QUESTION 402According to IIA guidance, which of the following statements is false regarding a review of the controls inplace to prevent fraud?

A. The review should focus on the efficiency of the controls in place to prevent fraud.B. The scope of the review does not need to include all operating areas of the organization.C. The cost of the control should be compared to the benefit of mitigating the related risk.D. The review should assess whether the internal controls can be circumvented.



QUESTION 403According to IIA guidance, which of the following accurately describes the responsibilities of the chief auditexecutive with respect to the final audit report?1. Coordinate post-engagement conferences to discuss the final audit report with management.2. Include management's responses in the final audit report.3. Review and approve the final audit report.4. Determine who will receive the final audit report.




QUESTION 404According to IIA guidance, which of the following factors should the auditor in charge consider whendetermining the resource requirements for an audit engagement?

A. The number, experience, and availability of audit staff as well as the nature, complexity, and timeconstraints of the engagement.

B. The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.C. The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate

with external auditors.D. The appropriateness and sufficiency of resources as well as the nature, complexity, and time

constraints of the engagement.



QUESTION 405According to IIA guidance, which of the following is least likely to be a key financial control in anorganization's accounts payable process?

A. Require the approval of additions and changes to the vendor master listing, where the inherent risk offalse vendors is high.

B. Monitor amounts paid each period and compare them to the budget to identify potential issues.C. Compare employee addresses to vendor addresses to identify potential employee fraud.D. Monitor customer quality complaints compared to the prior period to identify vendor issues.



QUESTION 406Which of the following is an appropriate role for the internal audit activity with regard to the organization'srisk management program?

A. Identify and manage risks in line with the organization's risk appetite.B. Ensure that a proper and effective risk management process exists.C. Attain an adequate understanding of the organization's key risk mitigation strategies.D. Identify and ensure that appropriate controls exist to mitigate risks.



QUESTION 407Which of the following would not be a typical activity for the chief audit executive to perform following anaudit engagement?

A. Report follow-up activities to senior management.B. Implement follow-up procedures to evaluate residual risk.C. Determine the costs of implementing the recommendations.D. Evaluate the extent of improvements.



QUESTION 408During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations arestill not performed regularly by the AR staff, a recommendation that was made following a previous audit.Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financialreporting function and AR report to the controller, who is responsible for implementing action plans. Whichof the following supports the internal auditor's decision to combine both observations into one reportedfinding?

A. The observation was made during the same audit, and the action plan has a common owner.B. The observation relates to the same control activity within a common process.C. The observation has a common control, and it was noted in a prior audit.D. The observation has a common process, and the action plan for the observation has a common owner.

Correct Answer: DSection: (none)

Explanation


QUESTION 409A chief audit executive (CAE) received a detailed internal report of senior management's internal controlassessment. Which of the following subsequent actions by the CAE would provide the greatest assuranceover management's assertions?

A. Assert whether the described and reported control processes and systems exist.B. Assess whether senior management adequately supports and promotes the internal control culture

described in the report.C. Evaluate the completeness of the report and management's responses to identified deficiencies.D. Determine whether management's operating style and the philosophy described in the report reflect the

effective functioning of internal controls.



QUESTION 410Which of the followings statements describes a best practice regarding assurance engagementcommunication activities?

A. All assurance engagement observations should be communicated to the audit committee.B. All assurance engagement observations should be included in the main section of the engagement

communication.C. During the "communicate" phase of an assurance engagement, it is best to define the methods and

timing of engagement communications.D. A detailed escalation process should be developed during the planning stage of an assurance

engagement.



QUESTION 411Which of the following would be a red flag that indicates the possibility of inventory fraud?

A. The controller has assumed responsibility for approving all payments to certain vendors.II. The controller has continuously delayed installation of a new accounts payable system, despite acorporate directive to implement it.III. Sales commissions are not consistent with the organization's increased levels of sales.IV. Payments to certain vendors are supported by copies of receiving memos, rather than originals.

B. I and II onlyC. II and III onlyD. I, II, and IV onlyE. I, III, and IV only



QUESTION 412During an operational audit of a chain of pizza delivery stores, an auditor determined that cold pizzas werecausing customer dissatisfaction. A review of oven calibration records for the last six months revealed thatadjustments were made on over 40 percent of the ovens. Based on this, the auditor:

A. Has enough evidence to conclude that improperly functioning ovens are the cause.B. Needs to conduct further inquiries and reviews to determine the impact of the oven variations on the

pizza temperature.


C. Has enough evidence to recommend the replacement of some of the ovens.D. Must search for another cause since approximately 60 percent of the ovens did not require adjustment.



QUESTION 413When assessing the risk associated with an activity, an internal auditor should:

A. Determine how the risk should best be managed.B. Provide assurance on the management of the risk.C. Modify the risk management process based on risk exposures.D. Design controls to mitigate the identified risks.



QUESTION 414Which of the following procedures would provide the best evidence of the effectiveness of a credit- grantingfunction?

A. Observe the process.B. Review the trend in receivables write-offs.C. Ask the credit manager about the effectiveness of the function.D. Check for evidence of credit approval on a sample of customer orders.



QUESTION 415What would be used to determine the collectability of accounts receivable balances?

A. The file of related shipping documents.B. Negative accounts receivable confirmations.C. Positive accounts receivable confirmations.D. An aged accounts receivable listing.



QUESTION 416Which of the following would provide the best evidence of compliance with an airline's standard of havingaircraft refueled and cleaned within a specified time of arrival at an airport?

A. Vendor fuel invoices that have been reconciled to inventory records.B. Time cards completed by aircraft cleaning and fueling crews.C. Observation of selected aircraft while they are being refueled and cleaned.D. Comparison of the standard hourly labor costs for cleaning and fueling personnel with actual labor

charges.



QUESTION 417A company's policy requires that all customers be treated in a fair and consistent manner. Which of thefollowing audit procedures would provide the most persuasive evidence that the policy was followed?

A. Compare the aging of outstanding receivables due from each customer.B. Compare credit reports with annual sales for a sample of customers.C. Compare the ratio of outstanding receivables to the authorized credit limit for each customer.D. Compare the sales discounts offered to each customer.



QUESTION 418An auditor plans to analyze customer satisfaction, including. (1) customer complaints recorded by thecustomer service department during the last three months; (2) merchandise returned in the last threemonths; and (3) responses to a survey of customers who made purchases in the last three months. Whichof the following statements regarding this audit approach is correct?

A. Although useful, such an analysis does not address any risk factors.B. The survey would not consider customers who did not make purchases in the last three months.C. Steps 1 and 2 of the analysis are not necessary or cost-effective if the customer survey is

comprehensive.D. Analysis of three months' activity would not evaluate customer satisfaction.



QUESTION 419Company A has a formal comprehensive corporate code of ethics while company B does not.

Which of the following statements regarding the existence of the code of ethics in company A can belogically inferred?

A. Company A exhibits a higher standard of ethical behavior than does company B.II. Company A has established objective criteria by which an employee's actions can be evaluated.III. The absence of a formal corporate code of ethics in company B would prevent a successful audit ofethical behavior in that company.

B. II onlyC. III onlyD. I and II onlyE. II and III only



QUESTION 420Which of the following files, when compared with billing records, would provide the best source ofinformation for determining if all goods shipped are billed to customers?

A. Pre-numbered customer invoices.B. Accounts receivable transactions.C. Pre-numbered shipping documents.D. Customer purchase orders.



QUESTION 421Which of the following is the best problem-solving technique to use when analyzing performance and cost?

A. Value analysis.B. Attribute listing.C. Brainstorming.D. Component analysis.



QUESTION 422The following is an excerpt from an audit engagement workpaper:

Objective. To determine if the computer system is correctly recording all accounts receivable transactions.

Procedures: Judgmental selection of a sample of all accounts receivable balances greater than $50,000 forpositive confirmation of balances.

Conclusion: Based on the results of testing wherein all but three confirmations were returned, the accountsreceivable balance is fairly presented in all material respects.

Which of the following is true regarding the workpaper?

A. It is not appropriate to judgmentally select a sample when testing accounts receivable.B. A conclusion should be reached only for the results of overall testing, not for individual procedures.C. The audit procedures used are not consistent with the audit objective.D. The format of the workpaper does not conform to the standard format for workpapers.



QUESTION 423Which of the following trends found on financial reports would most likely indicate a possible problem?

A. A material decrease in the receivables turnover.B. A material increase in inventory turnover.C. A material increase in daily sales compared to total outstanding receivables.D. A material increase in the acid-test ratio.



QUESTION 424Which of the following situations would best support the decision of a chief audit executive (CAE) to deferfollow-up activity at a branch office until the next audit engagement?

A. An audit of the branch office is routinely scheduled every three years.B. On-site follow-up of a remote branch may not be feasible due to travel costs.C. Branch office management states that correction of the audit issue may take longer than expected.D. The CAE and management agree that the corrective action taken to date is sufficient.



QUESTION 425When conducting research, which of the following is most important?

A. Using computer databases or the Internet to find all relevant sources.B. Providing documentation of the reference sources.C. Presenting only those facts that support the conclusion.D. Presenting all contrary views to balance the opinion.



QUESTION 426Productivity statistics are provided quarterly to a company's board of directors. An auditor checked theratios and other statistics in the four most recent reports. The auditor used scratch paper and copies of theboard reports to verify the accuracy of computations and compared the data used in the computations withsupporting documents. The auditor wrote a note describing this work for the workpapers and thendiscarded the scratch paper and report copies. The auditor's note stated.

"The ratios and other statistics in the quarterly board reports were checked for the last four quarters, andappropriate supporting documents were examined. All amounts appear to be appropriate."

In this situation:

A. Four quarters is not a large enough sample on which to base a conclusion.B. The auditor's workpapers are not sufficient to facilitate an efficient review of the auditor's work.C. The auditor should have included the scratch paper in the workpapers.D. The auditor should have considered whether the information in the board report was compiled

efficiently.



QUESTION 427What does the following scatter gram suggest?

A. Sales revenue is related to training costs.B. The training program is not effective.C. Increases in training costs consistently increase sales revenue.D. One data point is incorrectly plotted.



QUESTION 428New credit policies have been implemented in an automated order-entry system to improve the collection ofreceivables. Sales management has compiled several examples that show decreased sales and delayedorder entry, and contends that these examples are a direct result of the new credit-policy constraints. Salesmanagement's data and information provide.

A. Feedback control data.B. Irrelevant and argumentative information.

C. Evidence that the new credit policies do not meet the stated corporate objective to improve collections.D. A statistically valid conclusion about the impact of the new credit policies on customer goodwill.



QUESTION 429If an organization's chief audit executive wants to implement continuous auditing, what is the appropriateorder in which key steps should be undertaken?

A. Identify business applications that require access.II. Implement steps to continuously assess risks and controls.III. Define objectives of continuous auditing.IV. Manage and report results.

B. III, I, IV, II.C. II, I, III, IV.D. III, I, II, IV.E. II, III, I, IV.



QUESTION 430Which of the following is an example of the verification of internal documentary evidence?

A. Reviewing a carrier's bill of lading.B. Reconciling a vendor's month-end statement.C. Vouching a copy of a sales invoice to receivables.D. Recalculating a customer's purchase order.



QUESTION 431In order to effectively elicit sensitive information from an employee during an audit engagement, an auditorshould:

A. Tell the employee a piece of information obtained from a coworker in a previous interview.B. Put sensitive questions at the beginning of a questionnaire to ensure that they are answered.C. Explain that the auditor's reputation for integrity, which is vital to the auditor's business success, would

be seriously damaged if confidentiality were breached.D. Point out that management has given the auditor full authority to conduct this interview.



Explanation:

QUESTION 432During a routine audit of a customer service hotline, an internal auditor noticed that an unusually highnumber of customer complaints pertained to payments not being applied to the customers' accounts.

Which of the following would most likely be the reason for the high volume of complaints?

A. An ineffective customer service department.B. Poor controls in the invoice approval processes.C. Check tampering by an employee.D. Submission of fraudulent expense reports.



QUESTION 433An audit of management's quality program includes testing the accuracy of the cost-of-quality reportsprovided to management. Which of the following internal control objectives is the focus of this testing?

A. To ensure compliance with policies, plans, procedures, laws, and regulations.B. To ensure the accomplishment of established objectives and goals for operations or programs.C. To ensure the reliability and integrity of information.D. To ensure the economical and efficient use of resources.



QUESTION 434When internal auditors provide consulting services, the scope of the engagement is primarily determinedby:

A. Internal auditing standards.B. The audit engagement team.C. The engagement client.D. The internal audit activity's charter.



QUESTION 435A manufacturing process could create hazardous waste at several production stages, from raw materialshandling to finished goods storage. If the objective of a pollution prevention audit engagement is to identifyopportunities for minimizing waste, in what order should the following opportunities be considered?

A. Recycling and reuse.II. Elimination at the source.III. Energy conservation.

IV. Recovery as a usable product Treatment.B. V, II, IV, I, III.C. IV, II, I, III, V.D. I, III, IV, II, V.E. III, IV, II, V, I.



QUESTION 436Direct staff as a percentage of total staff is an example of which of the following types of efficiencymeasures?

A. Productivity ratio.B. Productivity index.C. Operating ratio.D. Resource utilization rate.



QUESTION 437Which of the following data collection strategies systematically tests the effects of various factors on anoutcome?

A. Content analysis.B. Sampling.C. Evaluation synthesis.D. Modeling.



QUESTION 438Which of the following audit procedures is most suitable for verifying that all sales transactions have beenrecorded?

A. Observation.B. Tracing.C. Re-computation.D. Vouching.



answer is good.

QUESTION 439Which of the following would be an appropriate and effective control self-assessment approach in anorganization with an authoritative culture?

A. Facilitated meetingII. SurveyIII. Management-produced analysis

B. I onlyC. I and III onlyD. II and III onlyE. I, II, and III



QUESTION 440In which of the following situations would it be most appropriate to employ the services of a forensicspecialist?

A. Detection of unauthorized changes to source documents.B. Review for misapplication of general computer controls over accounts receivable.C. Investigation of ghost employees in a large business.D. Verification of fixed assets in a manufacturing company.



QUESTION 441The balanced scorecard approach differs from traditional performance measurement approaches becauseit adds which of the following measures?

A. Financial measures.II. Internal business process measures.III. Client satisfaction measures.IV. Innovation and learning measures.

B. I onlyC. II and IV onlyD. III and IV onlyE. II, III, and IV only



QUESTION 442An auditor prepared a workpaper that consisted of a list of employee names and identification numbers aswell as the following statement:

"A statistical sample of 40 employee personnel files was selected to verify that they contain all documentsrequired by company policy 501 (copy attached). No exceptions were noted."

The auditor did not place any audit verification symbols on this workpaper. Which of the following changeswould most improve the auditor's workpaper?

A. Use of audit verification symbols to show that each file was examined.B. Removal of the employee names to protect their confidentiality.C. Justification for the sample size.D. Listing of the actual documents examined for each employee.



QUESTION 443During an interview with a manager in a company's claims department, an auditor noted that the managerbecame nervous and changed the subject whenever the auditor raised questions about certain types ofclaims. The manager's answers were consistent with company policies and procedures. Whendocumenting the interview, the auditor should:

A. Document the manager's answers, noting the nature of the nonverbal communication.B. Document the manager's answers but not the nonverbal communication because it is subjective and is

not corroborated.C. Conclude that the nonverbal communication is persuasive and that sufficient evidence exists to begin a

fraud investigation.D. Disregard the interview entirely because the verbal and nonverbal communications were contradictory.



QUESTION 444Which of the following is true of engagement recommendations?

A. Specific suggestions for implementation must be included.II. The internal auditor's observations and conclusions may serve as the basis.III. Actions to correct existing conditions or improve operations may be included.IV. Approaches to correcting or enhancing performance may be suggested.

B. I onlyC. III onlyD. I, III, and IV onlyE. II, III, and IV only



QUESTION 445Which of the following performance criteria would be most useful when measuring the performance of a

customer service desk?

A. The number of customer inquiries recorded per day.B. The percentage of customer issues resolved within 24 hours.C. The number of customer complaints recorded per day.D. The percentage of total customers served per day.



QUESTION 446The efficiency of internal audit operations is best enhanced if workpaper standards:

A. Permit the extent of documentation to vary according to engagement objectives.B. Require supervisors to initial and date each workpaper that they review.C. Allow access to workpapers by external parties if approved by senior management or the audit

committee.D. Mandate the workpaper retention period.



QUESTION 447According to the International Professional Practices Framework, which of the following statements iscorrect regarding the communication of audit results?

A. Summary reports may be issued separately from or in conjunction with the final report.II. Interim reports may be written or oral.III. Detailed reports should always be issued to the audit committee.IV. Interim reports should be used to communicate information which requires immediate attention.

B. I and III onlyC. II and IV onlyD. I, II, and IV onlyE. I, II, III, and IV.



QUESTION 448The chief audit executive (CAE) determined that based on management's oral response, the action takenregarding an audit observation was sufficient when weighted against the relative importance of the auditrecommendation. Which of the following is the most appropriate step for the internal auditor to take next?

A. Initiate a follow-up audit to ensure that action has really been taken.B. Follow-up with management until a written response is obtained.C. Escalate the issue to the board and get their position on the issue.D. Note in the permanent file that follow-up needs to be performed as part of the next engagement.



QUESTION 449The most effective way for internal auditors to enhance the reliability of computerized financial andoperating information is by:

A. Determining if controls over record keeping and reporting are adequate and effective.B. Reviewing data provided by information systems to test compliance with external requirements.C. Determining if information systems provide management with timely information.D. Determining if information systems provide complete information.



QUESTION 450Which of the following situations might allow an employee to steal checks sent to an organization andsubsequently cash them?

A. Checks are not restrictively endorsed when received.B. Only one signature is required on the organization's checks.C. One employee handles both accounts receivable and purchase orders.D. One employee handles both cash deposits and accounts payable.



QUESTION 451An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the financedepartment of the organization. Investment decisions, including the use of hedging strategies and financialderivatives, use data and financial models which run on the LAN. The LAN is also used to download datafrom the mainframe to assist in decisions. Which of the following should be considered outside the scope ofthis security audit engagement?

A. Investigation of the physical security over access to the components of the LAN.B. The ability of the LAN application to identify data items at the field or record level and implement user

access security at that level.C. Interviews with users to determine their assessment of the level of security in the system and the

vulnerability of the system to compromise.D. The level of security of other LANs in the company which also utilize sensitive data.



QUESTION 452An organization's internal auditors are reviewing production costs at a gas-powered electrical generatingplant. They identify a serious problem with the accuracy of carbon dioxide emissions reported to theenvironmental regulatory agency, due to computer errors. The auditors should immediately report theconcern to:

A. The regulatory agency.B. Plant management.C. A plant health and safety officer.D. The risk management function.



QUESTION 453Which of the following would be an appropriate improvement to controls over large quantities ofconsumable material that are charged to expense when placed in bins which are accessible to productionworkers?

A. Relocate bins to the inventory warehouse.B. Require management to compare the cost of consumable items used to the budget.C. Lock the bins during normal working hours.D. None of the above actions are needed for items of minor cost and size.



QUESTION 454Which of the following is a weakness that is inherent in the use of the test data method to test internalcontrols in a computer-based accounting system?

A. The auditor must test many transactions with the same condition in order to achieve assurance that thecondition is being detected.

B. Conditions that were not specifically considered by the auditor may go untested.C. The approach requires the creation of "dummy companies," possibly destroying or altering actual

company data in the process.D. Inclusion of atypical data in the test data may cause errors to be noted on the exception report.



QUESTION 455Which of the following would be most helpful to a governmental auditor searching for the existence ofmultiple welfare claims that were filed under different names but used the same address?

A. Tagging and tracing.B. Generalized audit software.

C. Integrated test facility.D. Spreadsheet analysis.



QUESTION 456As part of an operational audit, an auditor compared records of current inventory with usage during the priortwo-year period and determined that the spare parts inventory was excessive. What step should the auditorperform first?

A. Determine the effects of a stock-out on the organization's profitability.B. Determine whether a clear policy exists for setting inventory limits.C. Determine who approved the purchase orders for the spare parts.D. Determine whether purchases were properly recorded.



QUESTION 457A performance audit engagement typically involves:

A. Review of financial statement information, including the appropriateness of various accountingtreatments.

B. Tests of compliance with policies, procedures, laws, and regulations.C. Appraisal of the environment and comparison against established criteria.D. Evaluation of organizational and departmental structures, including assessments of process flows.



QUESTION 458The scope of a business process review primarily involves:

A. Appraising the environment and comparing against established criteria.B. Assessing the organization's system of internal controls.C. Reviewing routine financial information and assessing the appropriateness of various accounting

treatments.D. Evaluating organizational and departmental structures, including assessments of transaction flows.



QUESTION 459

An audit identified a number of weaknesses in the configuration of a critical client/server system. Althoughsome of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest willrequire between six and 18 months for completion. Consequently, management has developed a detailedaction plan, with anticipated completion dates, for addressing the weaknesses. Which of the following is themost appropriate course of action for the chief audit executive to take?

A. Assess the adequacy of the action plan and monitor key dates and deliverables.B. Schedule a follow-up audit engagement to assess the status of corrective action.C. Reassign information systems auditors to assist the information technology department in correcting the

weaknesses.D. Evaluate statistics related to unplanned system outages, unauthorized access attempts, and denials of

service to assess the effectiveness of corrections.



QUESTION 460An internal auditor found that the cost of some material installed on capital projects had been transferred tothe inventory account because the capital budget had been exceeded. Which of the following would be anappropriate technique for the auditor to use to determine the extent of the problem?

A. Identify variances between amounts capitalized each month and the capital budget.B. Analyze a sample of capital transactions each quarter to detect instances in which installed material was

transferred to inventory.C. Review all journal entries that transferred costs from capital to inventory accounts.D. Compare inventory receipts with debits to the inventory account and investigate discrepancies.



QUESTION 461When conducting audit follow-up of a finding related to cash management routines, an internal auditorwould expect to find that all of the following changes have occurred except:

A. The steps being taken are resolving the condition disclosed by the finding.B. Inherent risk has been eliminated as a result of resolution of the condition.C. Controls have been implemented to deter or detect a recurrence of the finding.D. Benefits have accrued to the entity as a result of resolving the condition.



QUESTION 462Which of the following represents appropriate evidence of supervisory review of engagement workpapers?

A. A supervisor's initials on each workpaper.II. An engagement workpaper review checklist.III. A memorandum specifying the nature, extent, and results of the supervisory review of workpapers.

IV. Performance appraisals that assess the quality of workpapers prepared by auditors.B. II and IV onlyC. I, II, and III onlyD. I, III, and IV onlyE. I, II, III, and IV.



QUESTION 463Recommendations should be included in the audit report in order to:

A. Provide management with options for addressing audit findings.B. Ensure that audit findings are resolved in the manner suggested by the auditor.C. Minimize the amount of time required to correct audit findings.D. Ensure that audit findings are addressed by management.



QUESTION 464Which of the following is not relevant when developing recommendations for inclusion in audit reports?

A. Feasibility.B. Cost of implementation.C. Underlying causes.D. Timing of follow-up.



QUESTION 465As a result of a recent discovery of false information on employment applications, an internal auditor hasreviewed hiring procedures. Which of the following represents a weakness in the control system?

A. Applicants are not required to have their signed applications legally authenticated.II. Applicants' educational information is not validated with the educational institution before employmentis offered.III. Information related to applicants' long-term work history is not validated before employment isoffered.

B. III onlyC. I and II onlyD. II and III onlyE. I, II, and III


Explanation


QUESTION 466An auditor is scheduled to audit payroll controls for a company which has recently outsourced its processingto an information service bureau. What action should the auditor take, considering the outsourcingdecision?

A. Review the controls over payroll in both the company and the service bureau.B. Review only the company's controls over data sent to and received from the service bureau.C. Review only the controls over payments to the service bureau based on the contract.D. Cancel the engagement because the processing is being performed outside of the organization.



QUESTION 467An internal auditor is reviewing a new automated human resources system. The system contains a table ofpay rates which are matched to the employee job classifications. The best control to ensure that the table isupdated correctly for only valid pay changes would be to:

A. Limit access to the data table to management and line supervisors who have the authority to determinepay rates.

B. Require a supervisor in the department, who does not have the ability to change the table, to comparethe changes to a signed management authorization.

C. Ensure that adequate edit and reasonableness checks are built into the automated system.D. Require that all pay changes be signed by the employee to verify that the change goes to a bona fide

employee.



QUESTION 468What is the most important risk in determining the validity of construction delay claims?

A. Contractor claims may be submitted prior to completion of the work.B. Contractor claims may include costs considered in the fixed-price portion of the work.C. Contractor claims may include subcontractor estimates of balances due to the subcontractor.D. Contractor claims may be understated.



QUESTION 469During an audit of a branch bank, an internal auditor learned that a series of system failures had resulted ina four-day delay in processing customers' scheduled payroll direct deposits. The first failure was that of a

disk drive, followed by software and other minor failures. Which of the following controls should the auditorrecommend to avoid similar delays in processing?

A. Contingency planning.B. Redundancy checks.C. Process monitoring.D. Preventive maintenance.



QUESTION 470An auditor analyzed a payroll system's data files for unusual activity, such as excessive overtime hours,unusual fluctuations in pay rates, and excessive vacation time. The application controls being verified bythis analysis are:

A. Edit and validation controls.B. Rejected and suspense item controls.C. Controls over update access to the database.D. Programmed balancing controls.



QUESTION 471During the development of a purchasing system, an auditor reviewed the payment authorization program.Which of the following actions should the auditor recommend for a situation in which the quantity invoiced isgreater than the quantity received?

A. Issue an exception report.B. Pay the amount billed and adjust the inventory account for the difference.C. Return the invoice to the vendor for correction.D. Authorize payment of the full invoice, but maintain an open purchase order record for the missing

goods.



QUESTION 472As part of an operational audit of the shipping department, an auditor selected a sample of 45 daily shippinglogs from the department's files. On 44 of the days, the log contained a sufficient number of shipments tomeet the department's daily quota. Based on this test, the auditor concluded that the shipping departmentwas effective at meeting its quotas. Which of the following is true about the auditor's conclusion?

A. The number of items selected for testing is inadequate to justify the conclusion.B. The shipping department is effective in meeting its responsibilities.C. This conclusion would negate any need to perform tests of efficiency.D. None of the above.



QUESTION 473An internal audit activity implemented an integrated test facility to test payroll processing. The auditorsidentified the key controls and processing steps built into the computer program and developed test data totest them. The auditors submitted test transactions throughout the year and did not find any differences intheir test results. The auditors can conclude that:

A. The system is properly capturing the hours worked by employees during the year and the hours havebeen properly submitted to payroll and processed correctly.

B. All employees were correctly paid during the year and their pay was correctly computed.C. The computer application and its control procedures were processing payroll transactions correctly

during the past year.D. All of the above.



QUESTION 474A code of ethics within the internal auditing profession is necessary in order to:

A. Reduce the likelihood that members of the profession will be sued for substandard work.B. Ensure that all members of the profession perform at approximately the same level of competence.C. Provide guidance to internal auditors in their service to others.D. Require members of the profession to exhibit loyalty in all matters pertaining to the affairs of their

organization.



QUESTION 475Which of the following is used to identify and prioritize critical business applications to determine those thatmust be restored and the order of restoration in the event that a disaster impairs information systemsprocessing?

A. Contingent facility contract analysis.B. System backup analysis.C. Vendor supply agreement analysis.D. Risk analysis.



QUESTION 476In forming a team to investigate an organization's potential adoption of an activity-based costing system, thebest reason to include an internal auditor on the team would be the auditor's knowledge of:

A. Activities and cost drivers.B. Information processing procedures.C. Current product cost structures.D. Internal control alternatives.



QUESTION 477Given the scarcity of internal audit resources, a chief audit executive (CAE) decided not to schedule afollow-up of audit recommendations when developing engagement work schedules. Does the CAE'sdecision violate the Standards?

A. No, because the Standards do not specify whether follow-up is needed.B. No, because when there is evidence of sufficient motivation by the client, there is no need for follow-up

action.C. Yes, because scarcity of resources is not a sufficient reason to omit follow-up action.D. Yes, because the Standards require the auditors to determine whether the client has appropriately

implemented all of the auditor's recommendations.



QUESTION 478An auditor for a major retail company suspects that inventory fraud is occurring at three stores which havehigh costs of goods sold. Which of the following audit activities would provide the most persuasive evidencethat fraud is occurring?

A. Use an integrated test facility (ITF) to compare individual sales transactions with test transactionssubmitted through the ITF and investigate all differences.

B. Interview the three individual store managers to determine if their explanations about the observeddifferences are the same, and then compare their explanations to that of the section manager.

C. Schedule a surprise inventory audit to include a physical inventory and investigate areas of inventoryshrinkage.

D. Select a sample of individual store prices and compare them with the sales entered on the cash registerfor the same items.



QUESTION 479Which of the following procedures would be most helpful in providing additional evidence when an auditorsuspects that an unidentified employee is submitting and approving invoices for payment?

A. Use generalized audit software to identify invoices from vendors with post office box numbers or otherunusual features. Select a sample of those invoices and trace to supporting documents such asreceiving reports.

B. Select a sample of payments made during the year and investigate each one for approval.C. Select a sample of receiving reports representative of the period under investigation and trace to

approved payment. Note any items not properly processed.D. Select a sample of invoices paid during the past month and trace them to appropriate vendor accounts.



QUESTION 480Insurance companies often receive electronic hospitalization claims directly from hospitals. Which of thefollowing control procedures would be most effective in detecting fraud in such an environment?

A. Use integrated test facilities to test the accuracy of processing in a manner that is transparent to dataprocessing.

B. Develop monitoring programs to identify unusual types of claims or an unusual number of claims bydemographic class for investigation by the claims department.

C. Use generalized audit software to match the claimant identification number with a master list of validpolicyholders.

D. Develop batch controls over all items received from a particular hospital and process those claims inbatches.



QUESTION 481A film company determined that income level impacts the number of films that people watch per month, asshown by the graph below:

The graph indicates that:

A. A richer person always sees more films than a poorer person.B. The number of films seen per month is a linear function of income level.C. A 20 percent pay increase is more likely to increase film viewing at lower income levels than at higher

income levels.D. A 20 percent pay increase is likely to increase film viewing by a constant amount regardless of income

level.



QUESTION 482Which of the following will be an appropriate course of action when an auditor disagrees with a client abouta well-documented audit finding?

A. Include both the audit finding and the client's position in the audit report.

B. Defer reporting the item and plan to perform more detailed work during the next audit.C. Change the finding so that it is acceptable to the client.D. Address the issue with senior management and the board for resolution prior to issuing the final report.



QUESTION 483A governmental auditor was assigned to determine reasons why the students in one region scoredsignificantly higher on education evaluation tests than did the students in another region. Previous researchshowed that there is a direct correlation between public financial support and student results. Which of thefollowing is most likely to explain the difference in the regional results?

A. The more successful region spends 30 percent more money on education than does the other region.B. A higher percentage of the general tax fund is spent on education in the more successful region than in

the other region.C. The more successful region spends more money per student on education than does the other region.D. The more successful region has increased educational spending by an average of 10 percent each year

for the last three years, whereas the other region's increase averaged only three percent.



QUESTION 484Which of the following would constitute a violation of the IIA Code of Ethics?

A. An internal auditor, who has recently joined the organization, has accepted an assignment to audit theelectronics manufacturing division. The auditor previously served as senior auditor for the external auditof that division and has audited many electronics companies during the past two years.

B. An internal auditor has accepted an assignment to audit the warehousing function six months from now.The auditor has no expertise in that area but has signed up for courses in warehousing that will becompleted before the assignment begins.

C. An internal auditor has no ambitions for promotion and has not engaged in training or other professionaldevelopment activities during the last three years. The auditor's performance assessments indicateconsistent quality of work.

D. An internal auditor discovered an internal financial fraud during the year, and the financial statementswere adjusted to properly reflect the loss associated with the fraud. The auditor discussed the fraud withthe external auditor during the external auditor's review of the working papers detailing the incident.



QUESTION 485In advance of a preliminary survey, a chief audit executive sends a memorandum and questionnaire to thesupervisors of the department to be audited. What is the most likely result of that procedure?

A. It creates apprehension about the audit engagement.B. It involves the engagement client's supervisory personnel in the audit.

C. It is an uneconomical approach to obtaining information.D. It is only useful for audits of distant locations.



QUESTION 486Which of the following would be the least desirable criteria against which to judge current operations of anorganization's treasury function?

A. The operations of the treasury function as documented during the last audit engagement.B. Company policies and procedures delegating authority and assigning responsibilities.C. Finance textbook illustrations of generally accepted good treasury function practices.D. Codification of best practices of the treasury function in relevant industries.


Explanation/Reference:rectified answer.

QUESTION 487An internal auditor compared the number of human resources professionals per employee with industrystandards. This comparison would assist the auditor in evaluating which of the following areas?

A. Sufficiency of controls over payroll rate increases.B. Current level of performance of the human resources department.C. Adequacy of controls over hiring new employees.D. Degree of compliance with human resources policies.




QUESTION 488During an audit of a contract for computer security, a governmental auditor finds that a contractor hasdeveloped a system that could be the most advanced in the industry. If it seems that the contractor ischarging the government for developmental cost of a system that might be sold to other organizations, whatis the auditor's best course of action?

A. Estimate the cost to develop the advanced security system and inform the contractor that it will be adisallowed cost.

B. Exclude the observation from the engagement final communication because the contract was vagueand the level of security is clearly acceptable.

C. Estimate the added cost, report it to management, and suggest that management meet with its lawyersand the contractor to resolve differences.

D. Compare the cost of the security program with previous costs incurred by governmental operations andinform the contractor that the difference will be a disallowed cost.



QUESTION 489An internal auditor noticed that employees with responsibilities for cash collection had recently issued anunusually large number of credit memos, indicating that the original charges had been made to the wrongcustomer accounts. From a control standpoint, the auditor would be concerned with the possibility that:

A. The organization is selling a large number of defective items.B. Employees in this function are concealing a theft of cash collected from customers.C. Credit memos are not being submitted on a timely basis.D. The credit department has not been properly screening customers and, as a result, a large portion of

the accounts receivable may not be collectible.


Explanation/Reference:answer is upgraded.

QUESTION 490After becoming aware of control weaknesses indicating that a fraud could have been committed, which ofthe following actions should an internal auditor take next?

A. Issue a written report identifying the control weaknesses.B. Perform tests directed toward the identification of other fraud indicators.C. Notify external auditors of the suspicion that fraud has been committed.D. Recommend that a fraud investigation be conducted involving internal auditors, lawyers, investigators,

security personnel, and other specialists, as appropriate.


Explanation/Reference:exact answer.

QUESTION 491Audit supervision includes approval of the engagement report in order to ensure that:

A. The client's objectives are met.B. Senior management supports the report's conclusions.C. Report style and grammar are appropriate.D. Report findings are substantiated.



appropriate.

QUESTION 492An auditor decides to perform an inventory turnover analysis for both raw materials inventory and finishedgoods inventory. The analysis would be potentially useful in:

A. Identifying products for which management has not been attuned to changes in market demand.II. Identifying potential problems in purchasing activities.III. Identifying obsolete inventory.

B. III onlyC. I and II onlyD. II and III onlyE. I, II, and III



QUESTION 493An internal auditor provided the following statement about division A's performance during the month:"Because supplies of raw material X were scarce, division A's profits declined by 15 percent."

Which of the following can be validly concluded from the auditor's statement?

A. Division A's production level declined by 15 percent.II. Division A could have sold more products than it produced.III. Division A usually sells all of the products that it produces.

B. I onlyC. II onlyD. III onlyE. I and II only



QUESTION 494During an audit of executive travel, an auditor noted that the president's travel expense reimbursementswere approved by an executive secretary who reported to the president. The organization's reimbursementpolicy requires all travel expense reimbursements to be approved by the traveler's supervisor, but it doesnot address the president's reimbursements. Which of the following represents the auditor's bestrecommendation in this situation?

A. The organization's reimbursement policy should be amended to grant the president's executivesecretary the authority to approve the president's travel expense reimbursements.

B. The approval policy for executive travel should be considered at the next meeting of the audit committeeof the board of directors.

C. The president's travel expense reimbursements should be reviewed and approved by the chief financialofficer.

D. The president's noncompliance should be considered immaterial.



QUESTION 495Which of the following, if observed, would not indicate the need to extend the search for other indicators offraud in a purchasing department?

A. The standard of living of one of the purchasing agents has increased.B. The internal control structure has significant weaknesses.C. The purchasing agents have convinced management to adopt a policy of paying vendors on a more

timely basis in order to avoid incurring penalty charges.D. The cost of goods procured seems to be excessive in comparison with previous years.



QUESTION 496Which of the following does not represent a difficulty in using red flags as fraud indicators?

A. Many common red flags are also associated with situations where no fraud exists.B. Some red flags are difficult to quantify or to evaluate.C. Red flag information is only gathered in extraordinary circumstances.D. The red flags literature is not well enough established to have a positive impact on auditing.



QUESTION 497Which of the following might alert an auditor to the possibility of fraud in a division?

A. The division is not scheduled for an external audit this year.II. Sales have increased by 10 percent.III. A significant portion of management's compensation is directly tied to reported net income of thedivision.

B. I onlyC. III onlyD. I and II onlyE. I, II, and III



QUESTION 498The most common motivation for management fraud is the existence of:

A. Vices, such as a gambling habit.B. Job dissatisfaction.

C. Financial pressures on the organization.D. The challenge of committing the perfect crime.



QUESTION 499Which of the following conditions is the strongest indicator of possible fraud?

A. An assistant treasurer who refuses to take vacations.B. Independent reconciliations of subsidiary to general ledgers that are not always completed on a timely

basis.C. A condition of excess manufacturing waste material.D. A manager who is often over budget at the end of a reporting period.



QUESTION 500Which sampling plan requires no additional sampling once the first error is found?

A. Stratified sampling.B. Attributes sampling.C. Stop-or-go sampling.D. Discovery sampling.


Explanation/Reference:applicable.

QUESTION 501After partially completing an internal control review of the accounts payable department, an auditorsuspects that some type of fraud has occurred. To ascertain whether the fraud is present, the bestsampling approach would be to usE.

A. Simple random sampling to select a sample of vouchers processed by the department during the pastyear.

B. Probability-proportional-to-size sampling to select a sample of vouchers processed by the departmentduring the past year.

C. Discovery sampling to select a sample of vouchers processed by the department during the past year.D. Judgmental sampling to select a sample of vouchers processed by clerks who were identified by the

department manager as acting suspiciously.



QUESTION 502Which of the following processes real-transaction data through auditor-developed test programs?

A. Generalized audit software.B. Tracing.C. Parallel simul-ation.D. Mapping.



QUESTION 503Which of the following would provide the best audit evidence regarding the effectiveness of an appliedresearch department?

A. Develop a cost-per-product analysis for products developed over the past five years.B. Develop a report on revenue generated by or cost savings directly attributable to newly developed

products.C. Compare research as a percentage of revenue between this company and all major competitors in the

same industry.D. Compare the number of this year's new product developments to the number of new product

developments for the past five years.


Explanation/Reference:confirmed answer.

QUESTION 504A retail company uses a computer program that matches electronic vendor invoices with the applicablepurchase orders and receiving information, which are also maintained electronically.

If an invoice does not match the other items within predefined ranges, a report is generated and sent to theaccounts payable department for further investigation. All of the applicable documents are electronicallymarked, cross-referenced, and retained in open files. Both an integrated test facility and a systems controlaudit review file (SCARF) have been included in the system.

An auditor wants to determine the extent to which items are not matched at year end and to investigate thepotential causes of the unmatched items. Which of the following audit procedures would be most effectivein determining the items to investigate?

A. Use generalized audit software to read the electronically marked unmatched items.B. Use generalized audit software to read the purchase orders and trace to applicable receiving and

vendor invoice files.C. Use the SCARF to identify unusual items. Select an attributes sample and trace to the underlying

documentation.D. Submit test data to identify attributes of unmatched items. Follow up by investigating the identified

attributes.



valuable answer.

QUESTION 505An auditor receives anonymous information that fraud is occurring in the operation being audited, but nodetails are given as to the type of fraud or the individuals involved. There are several areas in which fraudcould occur. The auditor should:

A. Identify the area that has the greatest volume of transactions and design a sampling plan forsubstantive testing.

B. Apply analytical procedures to areas that might be impacted by possible fraudulent activities.C. Interview employees to identify areas where the fraud could be occurring.D. Plan detailed tests of the areas that have the highest dollar amount of transactions.


Explanation/Reference:I agree with the answer.

QUESTION 506A company has recently incurred significant cost overruns on one of its construction projects. Managementsuspects that these overruns were caused by the contractor improperly accounting for costs related tocontract change orders. Which of the following procedures would be appropriate for testing this suspicion?

A. Verify that the contractor has not charged change orders with costs that have already been billed to theoriginal contract.II. Determine if the contractor has billed for original contract work that was canceled as a result ofchange orders.III. Verify that the change orders were properly approved by management.

B. I onlyC. III onlyD. I and II onlyE. I and III only



QUESTION 507An internal audit activity is participating in the due diligence work for an acquisition that a company isconsidering. One engagement objective is to determine if the acquisition's accounts payable contain alloutstanding liabilities. Which of the following audit procedures would not be relevant for this objective?

A. Examine supporting documentation of subsequent (after-period) cash disbursements and verify periodof liability.

B. Send confirmations, including zero-balance accounts, to vendors with whom the company normallydoes business.

C. Select a sample of accounts payable from the accounts payable list and verify the supporting receivingreports, purchase orders, and invoices.

D. Trace receiving reports issued before the period end to the related vendor invoices and accountspayable list.


Explanation/Reference:answer is complete.

QUESTION 508Which of the following audit steps would be most effective to review proper recording of and accountabilityover physical assets?

A. Physically inspect all assets on the organization's property.II. Select a sample department and physically inspect assets in the department.III. Select a sample from the organization's records of physical assets and physically locate each asset.IV. Identify assets at a sample of locations and trace to the organization's records.

B. I onlyC. I and IV onlyD. II and III onlyE. III and IV only




Documents

TestKings.IIA-CIA-Part2 - GRATIS EXAM · TestKings.IIA-CIA-Part2.508Q Number : IIA-CIA-Part2 Passing Score : 800 Time Limit : 120 min File Version : 6.6 IIA-CIA-Part2