IIA-CIA-Part2.exam · 4. Volume D 5. Volume E Exam A QUESTION 1 In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should:

IIA-CIA-Part2.exam.275q

Number: IIA-CIA-Part2

Passing Score: 800

Time Limit: 120 min

Website: https://vceplus.com

VCE to PDF Converter: https://vceplus.com/vce-to-pdf/

Facebook: https://www.facebook.com/VCE.For.All.VN/

Twitter : https://twitter.com/VCE_Plus

https://www.vceplus.com/

IIA-CIA-Part2

Certified Internal Auditor - Part 2, Conducting the Internal Audit Engagement

Sections

1. Volume A

2. Volume B

3. Volume C

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com

https://vceplus.com/

https://vceplus.com/vce-to-pdf/

https://www.facebook.com/VCE.For.All.VN/

https://twitter.com/VCE_Plus

4. Volume D

5. Volume E

Exam A

QUESTION 1

In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should:

A. Tell the employee a piece of information obtained from a coworker in a previous interview.

B. Put sensitive questions at the beginning of a questionnaire to ensure that they are answered.

C. Explain that the auditor's reputation for integrity, which is vital to the auditor's business success, would be seriously damaged if confidentiality were breached.

D. Point out that management has given the auditor full authority to conduct this interview.

Correct Answer: C

Section: Volume A

Explanation

Explanation/Reference:

QUESTION 2

During a routine audit of a customer service hotline, an internal auditor noticed that an unusually high number of customer complaints pertained to payments not

being applied to the customers' accounts.

Which of the following would most likely be the reason for the high volume of complaints?


A. An ineffective customer service department.

B. Poor controls in the invoice approval processes.


C. Check tampering by an employee.

D. Submission of fraudulent expense reports.

Correct Answer: C

Section: Volume A

Explanation


QUESTION 3

Direct staff as a percentage of total staff is an example of which of the following types of efficiency measures?

A. Productivity ratio.

B. Productivity index.

C. Operating ratio.

D. Resource utilization rate.

Correct Answer: C

Section: Volume A

Explanation


QUESTION 4

Which of the following data collection strategies systematically tests the effects of various factors on an outcome?

A. Content analysis.

B. Sampling.

C. Evaluation synthesis.

D. Modeling.

Correct Answer: D

Section: Volume A

Explanation



QUESTION 5

Which of the following audit procedures is most suitable for verifying that all sales transactions have been recorded?

A. Observation.

B. Tracing.

C. Re-computation.

D. Vouching.

Correct Answer: B

Section: Volume A

Explanation


QUESTION 6

Which of the following would be an appropriate and effective control self-assessment approach in an organization with an authoritative culture?

I. Facilitated meeting

II. Survey

III. Management-produced analysis

A. I only

B. I and III only

C. II and III only

D. I, II, and III

Correct Answer: C

Section: Volume A

Explanation


QUESTION 7

What does the following scatter gram suggest?


A. Sales revenue is related to training costs.

B. The training program is not effective.

C. Increases in training costs consistently increase sales revenue.

D. One data point is incorrectly plotted.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 8

New credit policies have been implemented in an automated order-entry system to improve the collection of receivables. Sales management has compiled several

examples that show decreased sales and delayed order entry, and contends that these examples are a direct result of the new credit-policy constraints. Sales

management's data and information provide.

A. Feedback control data.

B. Irrelevant and argumentative information.

C. Evidence that the new credit policies do not meet the stated corporate objective to improve collections.

D. A statistically valid conclusion about the impact of the new credit policies on customer goodwill.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 9

Productivity statistics are provided quarterly to a company's board of directors. An auditor checked the ratios and other statistics in the four most recent reports.

The auditor used scratch paper and copies of the board reports to verify the accuracy of computations and compared the data used in the computations with

supporting documents. The auditor wrote a note describing this work for the workpapers and then discarded the scratch paper and report copies. The auditor's

note stated.

“The ratios and other statistics in the quarterly board reports were checked for the last four quarters, and appropriate supporting documents were examined. All

amounts appear to be appropriate.”


In this situation:

A. Four quarters is not a large enough sample on which to base a conclusion.

B. The auditor's workpapers are not sufficient to facilitate an efficient review of the auditor's work.

C. The auditor should have included the scratch paper in the workpapers.

D. The auditor should have considered whether the information in the board report was compiled efficiently.

Correct Answer: B

Section: Volume A

Explanation


QUESTION 10

Which of the following is an example of the verification of internal documentary evidence?

A. Reviewing a carrier's bill of lading.

B. Reconciling a vendor's month-end statement.

C. Vouching a copy of a sales invoice to receivables.

D. Recalculating a customer's purchase order.

Correct Answer: C

Section: Volume A

Explanation


QUESTION 11

The balanced scorecard approach differs from traditional performance measurement approaches because it adds which of the following measures?

I. Financial measures.

II. Internal business process measures.

III. Client satisfaction measures.IV. Innovation and learning measures.



A. I only

B. II and IV only

C. III and IV only

D. II, III, and IV only

Correct Answer: D

Section: Volume A

Explanation


QUESTION 12

An auditor prepared a workpaper that consisted of a list of employee names and identification numbers as well as the following statement:

“A statistical sample of 40 employee personnel files was selected to verify that they contain all documents required by company policy 501 (copy attached). No

exceptions were noted.”

The auditor did not place any audit verification symbols on this workpaper. Which of the following changes would most improve the auditor's workpaper?

A. Use of audit verification symbols to show that each file was examined.

B. Removal of the employee names to protect their confidentiality.

C. Justification for the sample size.

D. Listing of the actual documents examined for each employee.

Correct Answer: C

Section: Volume A


Explanation


QUESTION 13

During an interview with a manager in a company's claims department, an auditor noted that the manager became nervous and changed the subject whenever the

auditor raised questions about certain types of claims. The manager's answers were consistent with company policies and procedures. When documenting the

interview, the auditor should:

A. Document the manager's answers, noting the nature of the nonverbal communication.

B. Document the manager's answers but not the nonverbal communication because it is subjective and is not corroborated.

C. Conclude that the nonverbal communication is persuasive and that sufficient evidence exists to begin a fraud investigation.

D. Disregard the interview entirely because the verbal and nonverbal communications were contradictory.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 14

Which of the following is true of engagement recommendations?

I. Specific suggestions for implementation must be included.

II. The internal auditor's observations and conclusions may serve as the basis.

III. Actions to correct existing conditions or improve operations may be included. IV. Approaches to correcting or enhancing performance may be suggested.

A. I only

B. III only

C. I, III, and IV only

D. II, III, and IV only

Correct Answer: D

Section: Volume A

Explanation



QUESTION 15

Which of the following performance criteria would be most useful when measuring the performance of a customer service desk?

A. The number of customer inquiries recorded per day.

B. The percentage of customer issues resolved within 24 hours.

C. The number of customer complaints recorded per day.

D. The percentage of total customers served per day.

Correct Answer: B

Section: Volume A

Explanation


QUESTION 16

The efficiency of internal audit operations is best enhanced if workpaper standards:

A. Permit the extent of documentation to vary according to engagement objectives.

B. Require supervisors to initial and date each workpaper that they review.

C. Allow access to workpapers by external parties if approved by senior management or the audit committee.

D. Mandate the workpaper retention period.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 17

According to the International Professional Practices Framework, which of the following statements is correct regarding the communication of audit results?

I. Summary reports may be issued separately from or in conjunction with the final report.

II. Interim reports may be written or oral.

III. Detailed reports should always be issued to the audit committee.

IV. Interim reports should be used to communicate information which requires immediate attention.


A. I and III only

B. II and IV only

C. I, II, and IV only

D. I, II, III, and IV.

Correct Answer: C

Section: Volume A

Explanation


QUESTION 18

The chief audit executive (CAE) determined that based on management's oral response, the action taken regarding an audit observation was sufficient when

weighted against the relative importance of the audit recommendation. Which of the following is the most appropriate step for the internal auditor to take next?

A. Initiate a follow-up audit to ensure that action has really been taken.

B. Follow-up with management until a written response is obtained.

C. Escalate the issue to the board and get their position on the issue.

D. Note in the permanent file that follow-up needs to be performed as part of the next engagement.

Correct Answer: D

Section: Volume A

Explanation


QUESTION 19

Which of the following will be an appropriate course of action when an auditor disagrees with a client about a well-documented audit finding?

A. Include both the audit finding and the client's position in the audit report.

B. Defer reporting the item and plan to perform more detailed work during the next audit.

C. Change the finding so that it is acceptable to the client.

D. Address the issue with senior management and the board for resolution prior to issuing the final report.


Correct Answer: A

Section: Volume A

Explanation


QUESTION 20

A governmental auditor was assigned to determine reasons why the students in one region scored significantly higher on education evaluation tests than did the

students in another region. Previous research showed that there is a direct correlation between public financial support and student results. Which of the following

is most likely to explain the difference in the regional results?

A. The more successful region spends 30 percent more money on education than does the other region.

B. A higher percentage of the general tax fund is spent on education in the more successful region than in the other region.

C. The more successful region spends more money per student on education than does the other region.

D. The more successful region has increased educational spending by an average of 10 percent each year for the last three years, whereas the other region's

increase averaged only three percent.

Correct Answer: C

Section: Volume A

Explanation


QUESTION 21

Which of the following would constitute a violation of the IIA Code of Ethics?

A. An internal auditor, who has recently joined the organization, has accepted an assignment to audit the electronics manufacturing division. The auditor

previously served as senior auditor for the external audit of that division and has audited many electronics companies during the past two years.

B. An internal auditor has accepted an assignment to audit the warehousing function six months from now. The auditor has no expertise in that area but has

signed up for courses in warehousing that will be completed before the assignment begins.

C. An internal auditor has no ambitions for promotion and has not engaged in training or other professional development activities during the last three years. The

auditor's performance assessments indicate consistent quality of work.

D. An internal auditor discovered an internal financial fraud during the year, and the financial statements were adjusted to properly reflect the loss associated with

the fraud. The auditor discussed the fraud with the external auditor during the external auditor's review of the working papers detailing the incident.


Correct Answer: C

Section: Volume A

Explanation


QUESTION 22

An auditor decides to perform an inventory turnover analysis for both raw materials inventory and finished goods inventory. The analysis would be potentially

useful in:

I. Identifying products for which management has not been attuned to changes in market demand.

II. Identifying potential problems in purchasing activities. III. Identifying obsolete inventory.

A. III only

B. I and II only

C. II and III only

D. I, II, and III

Correct Answer: D

Section: Volume A

Explanation


QUESTION 23

An internal auditor provided the following statement about division A's performance during the month: "Because supplies of raw material X were scarce, division

A's profits declined by 15 percent."

Which of the following can be validly concluded from the auditor's statement?

I. Division A's production level declined by 15 percent.

II. Division A could have sold more products than it produced.

III. Division A usually sells all of the products that it produces.



A. I only

B. II only

C. III only

D. I and II only

Correct Answer: B

Section: Volume A

Explanation


QUESTION 24

As part of an operational audit of the shipping department, an auditor selected a sample of 45 daily shipping logs from the department's files. On 44 of the days,

the log contained a sufficient number of shipments to meet the department's daily quota. Based on this test, the auditor concluded that the shipping department

was effective at meeting its quotas. Which of the following is true about the auditor's conclusion?

A. The number of items selected for testing is inadequate to justify the conclusion.

B. The shipping department is effective in meeting its responsibilities.

C. This conclusion would negate any need to perform tests of efficiency.

D. None of the above.

Correct Answer: D

Section: Volume A

Explanation



QUESTION 25

An internal audit activity implemented an integrated test facility to test payroll processing. The auditors identified the key controls and processing steps built into

the computer program and developed test data to test them. The auditors submitted test transactions throughout the year and did not find any differences in their

test results. The auditors can conclude that:

A. The system is properly capturing the hours worked by employees during the year and the hours have been properly submitted to payroll and processed

correctly.

B. All employees were correctly paid during the year and their pay was correctly computed.

C. The computer application and its control procedures were processing payroll transactions correctly during the past year.

D. All of the above.

Correct Answer: C

Section: Volume A

Explanation


QUESTION 26

A code of ethics within the internal auditing profession is necessary in order to:

A. Reduce the likelihood that members of the profession will be sued for substandard work.

B. Ensure that all members of the profession perform at approximately the same level of competence.

C. Provide guidance to internal auditors in their service to others.

D. Require members of the profession to exhibit loyalty in all matters pertaining to the affairs of their organization.

Correct Answer: C

Section: Volume A

Explanation


QUESTION 27

An auditor is scheduled to audit payroll controls for a company which has recently outsourced its processing to an information service bureau. What action should

the auditor take, considering the outsourcing decision?

A. Review the controls over payroll in both the company and the service bureau.


B. Review only the company's controls over data sent to and received from the service bureau.

C. Review only the controls over payments to the service bureau based on the contract.

D. Cancel the engagement because the processing is being performed outside of the organization.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 28

An internal auditor is reviewing a new automated human resources system. The system contains a table of pay rates which are matched to the employee job

classifications. The best control to ensure that the table is updated correctly for only valid pay changes would be to:

A. Limit access to the data table to management and line supervisors who have the authority to determine pay rates.

B. Require a supervisor in the department, who does not have the ability to change the table, to compare the changes to a signed management authorization.

C. Ensure that adequate edit and reasonableness checks are built into the automated system.

D. Require that all pay changes be signed by the employee to verify that the change goes to a bona fide employee.

Correct Answer: B

Section: Volume A

Explanation


QUESTION 29

What is the most important risk in determining the validity of construction delay claims?

A. Contractor claims may be submitted prior to completion of the work.

B. Contractor claims may include costs considered in the fixed-price portion of the work.

C. Contractor claims may include subcontractor estimates of balances due to the subcontractor.

D. Contractor claims may be understated.

Correct Answer: B


Section: Volume A

Explanation


QUESTION 30

During an audit of a branch bank, an internal auditor learned that a series of system failures had resulted in a four-day delay in processing customers' scheduled

payroll direct deposits. The first failure was that of a disk drive, followed by software and other minor failures. Which of the following controls should the auditor

recommend to avoid similar delays in processing?

A. Contingency planning.

B. Redundancy checks.

C. Process monitoring.

D. Preventive maintenance.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 31

An auditor analyzed a payroll system's data files for unusual activity, such as excessive overtime hours, unusual fluctuations in pay rates, and excessive vacation

time. The application controls being verified by this analysis are:

A. Edit and validation controls.

B. Rejected and suspense item controls.

C. Controls over update access to the database.

D. Programmed balancing controls.

Correct Answer: A

Section: Volume A

Explanation



QUESTION 32

During the development of a purchasing system, an auditor reviewed the payment authorization program. Which of the following actions should the auditor

recommend for a situation in which the quantity invoiced is greater than the quantity received?

A. Issue an exception report.

B. Pay the amount billed and adjust the inventory account for the difference.

C. Return the invoice to the vendor for correction.

D. Authorize payment of the full invoice, but maintain an open purchase order record for the missing goods.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 33

The most common motivation for management fraud is the existence of:

A. Vices, such as a gambling habit.

B. Job dissatisfaction.

C. Financial pressures on the organization.

D. The challenge of committing the perfect crime.

Correct Answer: C

Section: Volume A

Explanation


QUESTION 34

Which of the following conditions is the strongest indicator of possible fraud?

A. An assistant treasurer who refuses to take vacations.

B. Independent reconciliations of subsidiary to general ledgers that are not always completed on a timely basis.

C. A condition of excess manufacturing waste material.


D. A manager who is often over budget at the end of a reporting period.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 35

Which sampling plan requires no additional sampling once the first error is found?

A. Stratified sampling.

B. Attributes sampling.

C. Stop-or-go sampling.

D. Discovery sampling.

Correct Answer: D

Section: Volume A

Explanation


QUESTION 36

After partially completing an internal control review of the accounts payable department, an auditor suspects that some type of fraud has occurred. To ascertain

whether the fraud is present, the best sampling approach would be to use.

A. Simple random sampling to select a sample of vouchers processed by the department during the past year.

B. Probability-proportional-to-size sampling to select a sample of vouchers processed by the department during the past year.

C. Discovery sampling to select a sample of vouchers processed by the department during the past year.

D. Judgmental sampling to select a sample of vouchers processed by clerks who were identified by the department manager as acting suspiciously.

Correct Answer: C

Section: Volume A

Explanation



QUESTION 37

Which of the following processes real-transaction data through auditor-developed test programs?

A. Generalized audit software.

B. Tracing.

C. Parallel simulation.

D. Mapping.

Correct Answer: C

Section: Volume A

Explanation


QUESTION 38

Which of the following would provide the best audit evidence regarding the effectiveness of an applied research department?

A. Develop a cost-per-product analysis for products developed over the past five years.

B. Develop a report on revenue generated by or cost savings directly attributable to newly developed products.

C. Compare research as a percentage of revenue between this company and all major competitors in the same industry.

D. Compare the number of this year's new product developments to the number of new product developments for the past five years.

Correct Answer: B

Section: Volume A

Explanation


QUESTION 39

A retail company uses a computer program that matches electronic vendor invoices with the applicable purchase orders and receiving information, which are also

maintained electronically.


If an invoice does not match the other items within predefined ranges, a report is generated and sent to the accounts payable department for further investigation.

All of the applicable documents are electronically marked, cross-referenced, and retained in open files. Both an integrated test facility and a systems control audit

review file (SCARF) have been included in the system.

An auditor wants to determine the extent to which items are not matched at year end and to investigate the potential causes of the unmatched items. Which of the

following audit procedures would be most effective in determining the items to investigate?

A. Use generalized audit software to read the electronically marked unmatched items.

B. Use generalized audit software to read the purchase orders and trace to applicable receiving and vendor invoice files.

C. Use the SCARF to identify unusual items. Select an attributes sample and trace to the underlying documentation.

D. Submit test data to identify attributes of unmatched items. Follow up by investigating the identified attributes.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 40

An auditor receives anonymous information that fraud is occurring in the operation being audited, but no details are given as to the type of fraud or the individuals

involved. There are several areas in which fraud could occur. The auditor should:

A. Identify the area that has the greatest volume of transactions and design a sampling plan for substantive testing.

B. Apply analytical procedures to areas that might be impacted by possible fraudulent activities.

C. Interview employees to identify areas where the fraud could be occurring.

D. Plan detailed tests of the areas that have the highest dollar amount of transactions.

Correct Answer: B

Section: Volume A

Explanation


QUESTION 41


A company has recently incurred significant cost overruns on one of its construction projects. Management suspects that these overruns were caused by the

contractor improperly accounting for costs related to contract change orders. Which of the following procedures would be appropriate for testing this suspicion?

I. Verify that the contractor has not charged change orders with costs that have already been billed to the original contract.

II. Determine if the contractor has billed for original contract work that was canceled as a result of change orders.

III. Verify that the change orders were properly approved by management.

A. I only

B. III only

C. I and II only

D. I and III only

Correct Answer: C

Section: Volume A

Explanation


QUESTION 42

An internal audit activity is participating in the due diligence work for an acquisition that a company is considering. One engagement objective is to determine if the

acquisition's accounts payable contain all outstanding liabilities. Which of the following audit procedures would not be relevant for this objective?

A. Examine supporting documentation of subsequent (after-period) cash disbursements and verify period of liability.

B. Send confirmations, including zero-balance accounts, to vendors with whom the company normally does business.

C. Select a sample of accounts payable from the accounts payable list and verify the supporting receiving reports, purchase orders, and invoices.

D. Trace receiving reports issued before the period end to the related vendor invoices and accounts payable list.

Correct Answer: C

Section: Volume A

Explanation


QUESTION 43


Which of the following audit steps would be most effective to review proper recording of and accountability over physical assets?

I. Physically inspect all assets on the organization's property.

II. Select a sample department and physically inspect assets in the department.

III. Select a sample from the organization's records of physical assets and physically locate each asset. IV. Identify assets at a sample of locations and trace

to the organization's records.

A. I only

B. I and IV only C. II and III only

D. III and IV only

Correct Answer: D

Section: Volume A

Explanation


QUESTION 44

Which of the following audit techniques provides for continuous monitoring and analysis of computer transactions for detailed auditing?


A. Integrated test facility.

B. Parallel simulation.

C. Test data.

D. Embedded audit routines.

Correct Answer: D


Section: Volume A

Explanation


QUESTION 45

Access control software on an organization's mainframe computer records detailed information concerning both successful and unsuccessful log-on attempts to

applications. Which of the following audit tools would be best suited to review the access information that has been recorded?

A. Generalized audit software.

B. Flowcharting.

C. Integrated test facility.

D. Test data.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 46

Which of the following would provide the greatest assurance of the accuracy of a computer program's computation of freight charges for catalog sales?

A. Use discovery sampling, selecting transactions from invoices which should have freight charges added to them.

B. Use either test data or parallel simulation to test the computer application.

C. Use difference estimation, selecting transactions from invoices which should have freight charges added to them.

D. Use generalized audit software to select a monetary-unit sample of invoices that have been billed to customers.

Correct Answer: B

Section: Volume A

Explanation


QUESTION 47


If an auditor used nonstatistical sampling instead of statistical sampling to estimate the value of inventory, which of the following would be true?

A. The confidence level could not be quantified.

B. The precision would be larger.

C. The projected value of inventory would be less reliable.

D. The risk of incorrect acceptance would be higher.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 48

In a sampling application, the group of items about which the auditor wants to estimate some characteristic is called the:

A. Population.

B. Attribute of interest.

C. Sample.

D. Sampling unit.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 49

An internal auditor would most likely use attributes sampling when testing which of the following?

A. Accounts receivable balances.

B. Correct coding of accounts payable disbursement vouchers.

C. Year-end inventory value.

D. Fixed asset book value.


Correct Answer: B

Section: Volume A

Explanation


QUESTION 50

An audit department has received anonymous information that an employee has allegedly been able to steal and cash checks sent to the organization by

customers. What is the most efficient way for an auditor to determine how this type of fraud could occur and who might be the perpetrator?

A. Confirm accounts receivable.

B. Confirm accounts payable.

C. Review the endorsements and banks of deposit on customers' canceled checks.

D. Flowchart and analyze key controls in the cash receipts process.

Correct Answer: D

Section: Volume A

Explanation


QUESTION 51

If an auditor expects to find numerous discrepancies between recorded values and audited values of sample selections, which sampling technique would be most

appropriate?

A. Attributes sampling.

B. Probability-proportional-to-size sampling.

C. Difference estimation sampling.

D. Discovery sampling.

Correct Answer: C

Section: Volume A

Explanation



QUESTION 52

During an audit of a retail organization, an internal auditor found a scheme in which the warehouse director and the purchasing agent diverted approximately

$500,000 of goods to their own warehouse, then sold the goods to third parties. The fraud was not found earlier since the warehouse director updated the

perpetual inventory records and then forwarded receiving reports to the accounts payable department for processing. Which of the following procedures would

have most likely led to the discovery of the missing materials and the fraud?

A. Select a random sample of receiving reports and trace to the recording in the perpetual inventory records. Note differences and investigate by type of product.

B. Select a random sample of purchase orders and trace to receiving reports and to the records in the accounts payable department.

C. Take an annual physical inventory, reconciling amounts with the perpetual inventory records. Note the pattern of differences and investigate.

D. Select a random sample of sales invoices and trace to the perpetual inventory records to see if inventory was on hand. Investigate any differences.

Correct Answer: C

Section: Volume A

Explanation


QUESTION 53

Which of the following factors would increase the confidence level in a variables sampling plan?

I. A larger sample size.

II. A stratified sample.

III. A larger standard deviation.

A. I and II only

B. I and III only

C. II and III only

D. I, II, and III

Correct Answer: A

Section: Volume A

Explanation


QUESTION 54


If an auditor is sampling to test compliance with a particular company policy, which of the following factors should not affect the allowable level of sampling risk?

A. The experience and knowledge of the auditor.

B. The adverse consequences of noncompliance.

C. The acceptable level of risk of making an incorrect audit conclusion.

D. The cost of performing auditing procedures on sample selections.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 55

Which of the following describes an internal auditor's responsibilities to include audit procedures to detect fraud in audits of a multinational organization?

A. International Accounting Standards require the internal auditor to include audit procedures which would detect fraud if it would cause a material

misrepresentation of the financial statements.

B. Internal auditors do not have any specific responsibilities with respect to including fraud-related audit procedures.

C. Proper audit procedures, when carried out with due professional care, will guarantee that fraud, if present, will be detected.

D. If significant control weaknesses are detected, additional tests should be directed toward other indicators of fraud.

Correct Answer: D

Section: Volume A

Explanation


QUESTION 56

An appliance repair company is considering relocating the center that houses its service vehicles. An internal auditor wants to determine the potential reduction in

average miles driven by the service vehicles if the center is relocated. Which of the following statistical sampling methods would be most appropriate for this test?


B. Discovery sampling.

C. Probability-proportional-to-size sampling.


D. Mean-per-unit sampling.

Correct Answer: D

Section: Volume A

Explanation


QUESTION 57

Monetary-unit sampling is most useful when the internal auditor:

A. Is testing the accounts payable balance.

B. Cannot cumulatively arrange the population items.

C. Expects to find several material errors in the sample.

D. Is concerned with overstatements.

Correct Answer: D

Section: Volume A

Explanation


QUESTION 58

If management expects 100 percent compliance with a procedure, which of the following sampling approaches would be most appropriate?


B. Discovery sampling.

C. Targeted sampling.

D. Variables sampling.

Correct Answer: B

Section: Volume A

Explanation



QUESTION 59

An internal auditor is discussing an audit problem with an engagement client. While listening to the client, the internal auditor should:

A. Prepare a response to the client.

B. Take mental notes on the speaker's nonverbal communication, as it is more important than what is being said.

C. Make sure that all details, as well as the main ideas of the client, are remembered.

D. Integrate the incoming information from the client with information that is already known.

Correct Answer: D

Section: Volume A

Explanation


QUESTION 60

An auditor is using an internal control questionnaire as part of a preliminary survey. Which of the following is the best reason for the auditor to interview

management regarding the questionnaire responses?

A. Interviews provide the opportunity to insert questions to probe promising areas.

B. Interviews are the most efficient way to upgrade the information to the level of objective evidence.

C. Interviewing is the least costly audit technique when a large amount of information is involved.

D. Interviewing is the only audit procedure which does not require confirmation of the information that is obtained.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 61

Many questionnaires are made up of a series of different questions that use the same response categories (for example: strongly agree, agree, neither, disagree,

strongly disagree). Some designs will have different groups of respondents answer alternate versions of the questionnaire that present the questions in different

orders and reverse the orientation of the endpoints of the scale (for example: agree on the right and disagree on the left). The purpose of such questionnaire

variations is to:

A. Eliminate intentional misrepresentations.


B. Reduce the effects of pattern response tendencies.

C. Test whether respondents are reading the questionnaire.

D. Make it possible to get information about more than one population parameter using the same questions.

Correct Answer: B

Section: Volume A

Explanation


QUESTION 62

An auditor used a questionnaire during an interview to gather information about the nature of credit sales processing. The questionnaire did not cover some

pertinent information offered by the person being interviewed, and the auditor did not document the potential problems for further investigation.

The primary deficiency with the above process is that:

A. The auditor failed to consider the importance of the information offered.

B. A questionnaire was used in a situation where a structured interview should have been used.

C. Using a questionnaire precludes the auditor from documenting other information.

D. The engagement program was incomplete.

Correct Answer: A

Section: Volume A

Explanation


QUESTION 63

Which of the following techniques could be used to evaluate the effectiveness of changes to the operation of a computer help line?

A. Benchmarking.

B. Baseline measurements.

C. Walk-throughs.

D. Quality circles.

Correct Answer: B


Section: Volume B

Explanation


QUESTION 64

One method for dealing with the uncertainty of demand forecasts used in linear programming is to extend the model solution to include.

A. Sensitivity analysis.

B. Goal seeking.

C. Branch-and-bound solutions.

D. Nonlinear programming.

Correct Answer: A

Section: Volume B

Explanation


QUESTION 65

Which of the following factors is least essential to a successful control self-assessment workshop?


A. Voting technology.

B. Facilitation training.

C. Prior planning.

D. Group dynamics.


Correct Answer: A

Section: Volume B

Explanation


QUESTION 66

Which of the following would not be characteristic of control self-assessment implemented by an audit department?

A. An auditor usually facilitates the discussion during the workshop phase while another records comments for subsequent use.

B. Auditors and business-unit employees work as a team.

C. Auditors perform traditional audit tests to identify control weaknesses.

D. Participants discuss the control weaknesses that hinder the achievement of objectives.

Correct Answer: C

Section: Volume B

Explanation


QUESTION 67

Which of the following is an advantage of control self-assessment (CSA) over conventional auditing techniques?

A. CSA evaluates control activities and human resource practices.

B. CSA provides assurance about whether business objectives will be met.

C. CSA facilitates obtaining input from subject-matter experts efficiently.

D. CSA provides assurance that action will be taken to improve deficiencies.

Correct Answer: C

Section: Volume B

Explanation



QUESTION 68

During which of the following systems development stages would it be most useful for an internal auditor to be involved?

A. Coding and testing.

B. User acceptance and post-implementation.

C. Design and implementation.

D. Testing and user acceptance.

Correct Answer: C

Section: Volume B

Explanation


QUESTION 69

An auditor decides to vouch a sample of ledger entries back to their original documentation. In terms of whether all transactions had been recorded, this test would

be:

A. Relevant to the completeness objective.

B. Irrelevant to the completeness objective.

C. A more timely test of completeness than evidence from interviews.

D. A more biased test of completeness than evidence from interviews.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 70

All of the following tools are employed to control large-scale projects except:

A. Program evaluation and review technique (PERT).

B. Critical path method.


C. Statistical process control.

D. Gantt charts.

Correct Answer: C

Section: Volume B

Explanation


QUESTION 71

An audit of an organization's claims department determined that a large number of duplicate payments had been issued due to problems in the claims processing

system. During the exit conference, the vice president of the claims department informed the auditors that attempts to recover the duplicate payments would be

initiated immediately and that the claims processing system would be enhanced within six months to correct the problems. Based on this response, the chief audit

executive should:

A. Adjust the scope of the next regularly scheduled audit to assess controls within the claims processing system.

B. Discuss the findings with the audit committee and ask the committee to determine the appropriate follow-up action.

C. Schedule a follow-up engagement within six months to assess the status of corrective action.

D. Monitor the status of corrective action and schedule a follow-up engagement when appropriate.

Correct Answer: D

Section: Volume B

Explanation


QUESTION 72

An audit of a company's accounts payable found that the individuals responsible for maintaining the vendor master file could also enter vendor invoices into the

accounts payable system. During the exit conference, management agreed to correct this problem. When performing a follow-up engagement of accounts

payable, the auditor should expect to find that management has:

A. Transferred the individuals who maintained the vendor master file to another department to ensure that responsibilities are appropriately segregated.

B. Compared the vendor and employee master files to determine if any unauthorized vendors have been added to the vendor master file.

C. Changed the access control system to prevent employees from both entering invoices and approving payments.

D. Modified the accounts payable system to prevent individuals who maintain the vendor master file from entering invoices.


Correct Answer: D

Section: Volume B

Explanation


QUESTION 73

What is the primary factor that determines the depth and breadth of audit follow-up?

A. The engagement client's written response to the audit findings.

B. The auditor's assessment of risk associated with the audit findings.

C. The auditor's assessment of personnel responsible for correcting audit findings.

D. The availability of audit personnel and financial resources.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 74

At the conclusion of an audit of an organization's treasury department, a report was issued to the treasurer, chief financial officer, president, and board. Because of

the sensitivity of some findings, a follow-up review was performed. The auditor should provide the report of follow-up findings to the:

I. Treasurer.

II. Chief financial officer.

III. President.

IV. Board.

A. I and II only

B. III and IV only

C. I, II, and III only


Correct Answer: D


Section: Volume B

Explanation


QUESTION 75

When interrogating an individual who is suspected of fraud, it is appropriate to:

A. Tell the individual that any information disclosed in the interrogation will not be disclosed outside of the company.

B. Start the interview with questions to which the interviewer already knows the answer.

C. Discontinue questioning once the individual has confessed to the fraud.

D. Prepare a list of questions prior to the interrogation and strictly adhere to the list.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 76

Questions used to interrogate individuals suspected of fraud should:

A. Adhere to a predetermined order.

B. Cover more than one subject or topic.

C. Move from general to specific.

D. Direct the individual to a desired answer.

Correct Answer: C

Section: Volume B

Explanation


QUESTION 77


A chief audit executive (CAE) suspects that several employees have used desktop computers for personal gain. In conducting an investigation, the primary reason

that the CAE would choose to engage a forensic information systems auditor rather than using the organization's information systems auditor is that a forensic

information systems auditor would possess:

A. Knowledge of the computing system that would enable a more comprehensive assessment of the computer use and abuse.

B. Knowledge of what constitutes evidence acceptable in a court of law.

C. Superior analytical skills that would facilitate the identification of computer abuse.

D. Superior documentation and organization skills that would facilitate in the presentation of findings to senior management and the board.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 78

While conducting a payroll audit, an internal auditor in a large government organization found inadequate segregation in the duties assigned to the assistant

director of personnel. When the auditor explained the risk of fraud, the assistant director became upset, terminated the interview, and threatened to sue the

organization for defamation of character if the audit engagement was not curtailed. The auditor discussed the situation with the chief audit executive (CAE). The

CAE should then:

A. Curtail the audit engagement to avoid potential legal action.

B. Provide a report to senior management recommending a fraud investigation.

C. Continue the original engagement program as planned but include a comment about the assistant director's reaction in the engagement final communication.

D. Add additional testing to determine whether other indicators of fraud exist.

Correct Answer: D

Section: Volume B

Explanation


QUESTION 79

Which of the following is the most appropriate step for the chief audit executive to take in order to avoid defamation of character of the principal suspect in a fraud

investigation?


A. Restrict the use of potentially damaging words to privileged reports or discussions.

B. Label all workpapers, reports, and correspondence of the internal audit activity as private.

C. Restrict discussions of the fraud to members of management who express an interest in the investigation.

D. Destroy all investigation workpapers and reports if the fraud cannot be proven.

Correct Answer: A

Section: Volume B

Explanation


QUESTION 80

The scope of a consulting engagement performed by internal auditors should:

A. Be sufficient to address the objectives agreed upon with the client.

B. Exclude areas that might be the subject of subsequent assurance engagements.

C. Be limited to activities within the current operating period.

D. Be preapproved in conjunction with the annual plan of consulting engagements.

Correct Answer: A

Section: Volume B

Explanation


QUESTION 81

The following are potential sources of evidence regarding the effectiveness of a division's total quality management program. The least persuasive evidence would

be a comparison of:

A. Employee morale before and after program implementation.

B. Scrap and rework costs before and after program implementation.

C. Customer returns before and after program implementation.

D. Manufacturing and distribution costs per unit before and after program implementation.

Correct Answer: A

Section: Volume B


Explanation


QUESTION 82

A chief audit executive (CAE) of a major retailer has engaged an independent firm of information security specialists to perform specialized internal audit activities.

The CAE can rely on the specialists' work only if it is:

A. Performed in accordance with the terms of the contract.

B. Carried out in accordance with the Standards.

C. Performed under the supervision of the information technology department.

D. Carried out using standard review procedures for retailers.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 83

When conducting a performance appraisal of an internal auditor who has been a below-average performer, it is not appropriate to:

A. Notify the internal auditor of the upcoming appraisal several days in advance.

B. Use objective, impartial language.

C. Use generalizations.

D. Document the appraisal.

Correct Answer: C

Section: Volume B

Explanation


QUESTION 84


An organization contracted a third party to construct a new facility that was estimated to cost $25 million. Which of the following is the most pertinent reason for the

organization to audit the contractor's records?

A. The contract includes a right-to-audit clause.

B. The contractor will be paid on a cost-plus basis.

C. The estimated cost is high.

D. The contractor has subcontracted much of the work.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 85

Which of the following would not be an appropriate step for an internal auditor to perform during an assessment of compliance with an organization's privacy

policy?

A. Determine who can access databases containing confidential information.

B. Evaluate the organization's privacy policy to determine if appropriate information is covered.

C. Analyze access to permanent files and reports containing confidential information.

D. Evaluate the government's security measures related to confidential information received from the organization.

Correct Answer: D

Section: Volume B

Explanation


QUESTION 86

An internal auditor for a financial institution has just completed an audit of loan processing. Of the 81 loans approved by the loan committee, the auditor found

seven loans which exceeded the approved amount. Which of the following actions would be inappropriate on the part of the auditor?

A. Examine the seven loans to determine if there is a pattern. Summarize amounts and include in the engagement final communication.

B. Report the amounts to the loan committee and leave it up to them to correct. Take no further follow-up action at this time and do not include the items in the

engagement final communication.


C. Follow up with the appropriate vice president and include the vice president's acknowledgment of the situation in the engagement final communication.

D. Determine the amount of the differences and make an assessment as to whether the dollar differences are material. If the amounts are not material, not in

violation of government regulations, and can be rationally explained, omit the observation from the engagement final communication.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 87

During a systems development audit, software developers indicated that all programs were moved from the development environment to the production

environment and then tested in the production environment. What should the auditor recommend?

I. Implement a test environment to ensure that testing is not performed in the production environment.

II. Require developers to move modified programs from the development environment to the test environment and from the test environment to the production

environment.

III. Eliminate access by developers to the production environment.

A. I only

B. III only

C. I and II only

D. I and III only

Correct Answer: D

Section: Volume B

Explanation


QUESTION 88

A post-audit questionnaire sent to audit clients is an effective mechanism for:

A. Substantiating audit observations.

B. Promoting the internal audit activity.

C. Improving future audit engagements.


D. Validating process flow.

Correct Answer: C

Section: Volume B

Explanation


QUESTION 89

As part of an operational audit, an auditor compared records of current inventory with usage during the prior two-year period and determined that the spare parts

inventory was excessive. What step should the auditor perform first?


A. Determine the effects of a stock-out on the organization's profitability.

B. Determine whether a clear policy exists for setting inventory limits.

C. Determine who approved the purchase orders for the spare parts.

D. Determine whether purchases were properly recorded.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 90

A performance audit engagement typically involves:


A. Review of financial statement information, including the appropriateness of various accounting treatments.

B. Tests of compliance with policies, procedures, laws, and regulations.

C. Appraisal of the environment and comparison against established criteria.

D. Evaluation of organizational and departmental structures, including assessments of process flows.

Correct Answer: C

Section: Volume B

Explanation


QUESTION 91

The scope of a business process review primarily involves:

A. Appraising the environment and comparing against established criteria.

B. Assessing the organization's system of internal controls.

C. Reviewing routine financial information and assessing the appropriateness of various accounting treatments.

D. Evaluating organizational and departmental structures, including assessments of transaction flows.

Correct Answer: D

Section: Volume B

Explanation


QUESTION 92

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the

issuance of the audit report, correction of the rest will require between six and 18 months for completion. Consequently, management has developed a detailed

action plan, with anticipated completion dates, for addressing the weaknesses. Which of the following is the most appropriate course of action for the chief audit

executive to take?

A. Assess the adequacy of the action plan and monitor key dates and deliverables.

B. Schedule a follow-up audit engagement to assess the status of corrective action.

C. Reassign information systems auditors to assist the information technology department in correcting the weaknesses.

D. Evaluate statistics related to unplanned system outages, unauthorized access attempts, and denials of service to assess the effectiveness of corrections.


Correct Answer: A

Section: Volume B

Explanation


QUESTION 93

In a client satisfaction survey for an internal audit engagement, client management should be asked to assess which of the following factors?

I. Audit team's knowledge of the audited area.

II. Usefulness of the audit results.

III. Quality of management of the internal audit activity.

IV. Clarity of the scope and objectives of the audit engagement.

A. I and II only

B. II and IV only


D. I, III, and IV only

Correct Answer: C

Section: Volume B

Explanation


QUESTION 94

In response to an accounts receivable confirmation, a customer indicated that the invoice listed on the confirmation letter had been paid two months earlier.

This may indicate that:

A. The receivable was selected for confirmation in error.

B. The customer is a bad credit risk.

C. The receivable should be written off.

D. Fraudulent activity has occurred.


Correct Answer: D

Section: Volume B

Explanation


QUESTION 95

Which of the following conclusions would be appropriate for a beginning auditor performing an audit of a payroll department?

A. Employee taxes have been deducted at the correct rates, and the taxes have been forwarded to the appropriate government agency.

B. Although there is insufficient segregation of duties, the impact is mitigated by compensating controls.

C. The payroll computer system should be replaced.

D. The payroll department staff has the appropriate level of skills.

Correct Answer: A

Section: Volume B

Explanation


QUESTION 96

An audit of customer accounts receivable found that outstanding receivables as a percentage of revenue had increased significantly during the past two years.

The increase was attributed to the extension of credit, at the urging of the marketing department, to a number of companies that were not credit worthy. Which of

the following would be least useful in monitoring the disposition of this finding?

A. Responses from the manager of accounts receivable regarding collection of outstanding receivables.

B. Periodic updates from the controller regarding the status of corrective actions.

C. Information from the credit and marketing personnel assigned the responsibility for reevaluating credit policies.

D. Updates from the information technology division regarding implementation of a new accounts receivable system.

Correct Answer: D

Section: Volume B

Explanation



QUESTION 97

During an audit of a major metropolitan museum, an auditor was unable to locate selected items from the museum's collection. The director of the museum

informed the auditor that the upcoming replacement of the museum's inventory tracking system would address the auditor's concerns. What follow-up activity

should the auditor propose?

A. Receive periodic feedback from museum staff regarding the status of the system implementation.

B. Monitor the system implementation and schedule a follow-up review once the new system is in place.

C. Determine whether the items are indeed missing and assess the ability of the new system to remedy the problem.

D. Schedule an audit of the museum's security systems to determine if theft is a problem.

Correct Answer: C

Section: Volume B

Explanation


QUESTION 98

An audit of a Web-based third-party payment processor determined that a programming error enabled customers to create multiple accounts for each mailing

address. This caused problems during the processing of credit card transactions. Management agreed to correct the program and notify customers with multiple

accounts that the accounts would be consolidated. What should the auditor do in response?

I. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.

II. Evaluate the adequacy and effectiveness of the corrective action proposed by management.

III. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.

IV. Do nothing because management has agreed to address the problem.

A. III only

B. IV only

C. I and II only

D. II and III only

Correct Answer: D

Section: Volume B

Explanation



QUESTION 99

A company's cellular phone costs vary significantly by sales representative and by month. Which of the following would be the most appropriate approach for a

consulting project concerning this issue?

A. Control self-assessment involving sales representatives.

B. Benchmarking with other cellular phone users.

C. Business process review of cellular phone needs.

D. Performance measurement and design of the budgeting process.

Correct Answer: C

Section: Volume B

Explanation


QUESTION 100

Which of the following would be the most effective method to prevent installation of new equipment that does not meet environmental permit requirements, or to

prevent modification of current processes in such a way that they no longer meet permit requirements?

A. Require that the environmental compliance department perform regular inspections of the manufacturing facility to identify new equipment or process

modifications in progress.

B. Rely on annual inspections by various regulatory agencies to identify equipment or processes that require a permit.

C. Require that the staff of the environmental compliance department attend monthly safety meetings in different parts of the facility so that they can hear directly

from the workers about any changes.

D. Include the environmental compliance department in the review of proposed process changes and equipment purchases affecting permit requirements.

Correct Answer: D

Section: Volume B

Explanation


QUESTION 101

Which of the following types of internal audit consulting engagements is an example of a facilitation service?

I. Conducting control self-assessment workshops.

II. Participating on standing committees.


III. Reviewing regulatory compliance.

IV. Benchmarking.

V. Estimating savings from outsourcing processes.

A. I and IV only

B. I, III, and IV only

C. II, III, and V onlyD. I, II, III, IV, and V.

Correct Answer: A

Section: Volume B

Explanation


QUESTION 102

Which of the following best defines an engagement conclusion?

A. An auditor's determination of the cause of an engagement observation.

B. An auditor's professional judgment of the situation which was reviewed.

C. An opinion that must be included in the engagement final communication.

D. A recommendation for corrective action.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 103

While investigating a compromised Web server, an auditor found that the Web server logs had been deleted. The auditor should recommend that the Web server

logs be:

A. Generated and maintained on a separate secure server.

B. Accessible by administrative users only

C. Encrypted to ensure that the logs cannot be deleted.


D. Restored automatically to the Web server from backup files.

Correct Answer: A

Section: Volume B

Explanation


QUESTION 104

Which of the following actions by management would reduce an employee's opportunity to commit fraud?

A. Establishing physical controls over company assets.

B. Eliminating bonuses tied to sales or other performance goals.

C. Defining ethical behavior expectations in the company handbook.

D. Identifying consequences, such as termination, for fraudulent activities.

Correct Answer: A

Section: Volume B

Explanation


QUESTION 105

Which of the following are typical steps in the design of an organization's performance measurement system?

A. Understand organizational strategy; perform a situational assessment; establish measurement categories; and take actions based upon measurement results.

B. Categorize performance measures; establish a data collection plan; analyze data; and predict future performance.

C. Establish a measurement plan; create an organizational strategy linked to those measurements; trend measurement data; and measure data variability.

D. Perform a situational assessment; generate macro measurements; review measurement data; and change strategy based upon measurement results.

Correct Answer: A

Section: Volume B

Explanation



QUESTION 106

When interviewing an individual suspected of fraud, what type of questions would be asked after the introductory questions?

A. Informational questions.

B. Admission-seeking questions.

C. Assessment questions.

D. Closing questions.

Correct Answer: A

Section: Volume B

Explanation


QUESTION 107

Which of the following activities would be performed during a benchmarking consulting engagement?

I. Collect data relevant to the benchmarking process.

II. Review all business processes.

III. Define critical success factors.IV. Identify performance gaps.

A. I and III only

B. II and IV only

C. I, II, and III only


Correct Answer: D

Section: Volume B

Explanation


QUESTION 108

Which of the following tests must an internal auditor perform in order to ensure that inbound electronic data interchange (EDI) transactions are received and

translated accurately?

I. Computerized tests to assess transaction reasonableness and validity.


II. Review of log books to ensure that transactions are logged upon receipt.

III. Edit checks to identify unusual transactions.

IV. Verification of limitations on the authority of users to initiate specific EDI transactions.

A. I and IV only

B. II and III onlyC. I, II, and III only


Correct Answer: C

Section: Volume B

Explanation


QUESTION 109

A chief audit executive has noticed that staff auditors are presenting more oral reports to supplement written reports. The best reason for the increased use of oral

reports is that they:

A. Reduce the amount of testing required to support audit findings.

B. Can be delivered in an informal manner without preparation.

C. Can be prepared using a flexible format and reduce the information included in the written report.

D. Permit auditors to counter arguments and provide additional information that the audience may require.

Correct Answer: D

Section: Volume B

Explanation


QUESTION 110

Which of the following is a responsibility of the internal auditor once a fraud investigation has been concluded?

A. Ascertain the extent to which fraud has been perpetrated.

B. Notify the appropriate regulatory authorities regarding the outcome of the investigation.

C. Determine if controls need to be implemented or strengthened to reduce future vulnerability.

D. Implement controls to prevent future occurrences.


Correct Answer: C

Section: Volume B

Explanation


QUESTION 111

A bank is developing an integrated customer information system. The type of audit involvement that would most likely help avoid implementation of a system that

does not cover all types of accounts would be:

A. A design review.

B. An application control review.

C. A source code review.

D. An access control review.

Correct Answer: A

Section: Volume B

Explanation


QUESTION 112

The internal audit activity can be involved with systems development continuously, immediately prior to implementation, after implementation, or not at all. An

advantage of continuous internal audit involvement compared to the other types of involvement is that:

A. The cost of audit involvement can be minimized.

B. There are clearly defined points at which to issue audit comments.

C. Redesign costs can be minimized.

D. The threat of lack of audit independence can be minimized.

Correct Answer: C

Section: Volume B

Explanation



QUESTION 113

In a review of an electronic data interchange application using a third-party service provider, the auditor should:

I. Ensure encryption keys meet International Organization for Standardization (ISO) standards.

II. Determine whether an independent review of the service provider's operation has been conducted.

III. Verify that only public-switched data networks are used by the service provider.

IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit.

A. I and II only

B. I and IV only

C. II and III only

D. II and IV only

Correct Answer: D

Section: Volume B

Explanation


QUESTION 114

Once an audit report is drafted, the auditor's supervisor should review it primarily to ensure that all:

A. Statements are supported and can be authenticated.

B. Recommendations for corrective action are clear.

C. Processes within the audited area were reviewed.

D. Sample sizes appear appropriate for any issues found.

Correct Answer: A

Section: Volume B

Explanation



QUESTION 115

In preparing to facilitate a control self-assessment session, an auditor would be least likely to ensure that:

A. Key stakeholders are represented in the group.

B. An independent content expert is available to help settle disagreements.

C. Background research is completed to familiarize the auditor with relevant issues.

D. Management is consulted on the issues and priorities.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 116

What decision-making approach should a facilitator initiate if a group addresses an unfamiliar situation during a control self-assessment session?

A. Spontaneous agreement.

B. Consensus building.

C. Majority voting.

D. Compromise.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 117

If participants in a control self-assessment workshop begin breaking their agreed-upon ground rules, the facilitator should:

A. Ignore the behavior and continue the workshop.

B. Allow them to continue briefly and then remind them of the ground rules.

C. Have the participants modify the ground rules.


D. Strictly enforce the ground rules.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 118

Which of the following is the first step in the process where auditors and clients work together to evaluate the clients' system of internal control?

A. Assess risks.

B. Develop questionnaires.

C. Identify and assess controls.

D. Identify objectives.

Correct Answer: D

Section: Volume B

Explanation


QUESTION 119

An internal auditor has a recommendation to change operations which could potentially increase profits by $50,000. The best way to sell this recommendation to

management is to:

A. Carefully work out the details of implementation before presenting it to department management.

B. Discuss it with operating supervisors who are directly affected by the change, and then with department management.

C. Bring it to the audit manager, who should bring it immediately to senior management's attention.

D. Wait until the exit conference to discuss it in order to ensure all affected parties are present.

Correct Answer: B

Section: Volume B

Explanation



QUESTION 120

A chief audit executive agrees to conduct an engagement that will focus on customers' perceptions of the quality of the organization's products and services.

Which of the following issues should be addressed first?

A. Cost-effectiveness.

B. Quality control.

C. Customer complaints.

D. Supplier deliveries.

Correct Answer: C

Section: Volume B

Explanation


QUESTION 121

During an information security audit, an auditor discovers that the current disaster recovery plan was developed three years ago but never tested. There have

been significant changes to information systems since the plan was developed. The auditor should:

A. Ask management to test the recovery plan immediately.

B. Recommend that management and users update and test the recovery plan.

C. Update the recovery plan for management as part of the review.

D. Review the recovery plan and report weaknesses to management.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 122

The most effective method of reporting engagement results to management and stimulating action is to:


A. Deliver a lecture on the engagement results.

B. Limit verbal commentary and present a series of slides that graphically depict the engagement results.

C. Use slides to support a discussion of major points.

D. Distribute copies of the report, ask the participants to read the report, and ask for questions.

Correct Answer: C

Section: Volume B

Explanation


QUESTION 123

Which of the following items should be addressed in an organization's privacy statement?

I. Intended use of collected information.

II. Data storage and security.

III. Network/infrastructure authentication controls.

IV. Data retention policy of the organization.

Parties authorized to access information.

A. I and II only B.

I and IV only

C. I, II, and V only

D. II, III, IV, and V only

Correct Answer: C

Section: Volume B

Explanation


QUESTION 124


An internal auditor is conducting tests to determine if an organization is in compliance with its payment approval policies. After reviewing a sample of vouchers

selected, the internal auditor concluded that there were indicators of fraud. Which of the following would be the most appropriate method to expand the audit test

to achieve the audit objective?

I. Validate the completeness of the accounts payable files.

II. Examine the sample of vouchers in greater detail.

III. Increase the number of vouchers in the sample.

IV. Broaden the scope of the examination to include credits received by accounts payable.

A. I and II only

B. II and III only



Correct Answer: B

Section: Volume B

Explanation


QUESTION 125

During a review of performance measures in an organization's purchasing function, the preliminary survey indicates that most of the measures have been in use

for some time. The internal auditor should:

.



A. Review the data that was used to develop the measures.

B. Perform benchmarking in order to verify that the measures being used are meaningful.

C. Establish the history of the measures and reasons for use.

D. Report that the measures being used are out-of-date and should be improved.

Correct Answer: B

Section: Volume B

Explanation


QUESTION 126

What is the primary reason for having audit management approve audit engagement reports?

A. To ensure that client concerns are appropriately addressed.

B. To confirm proper format, grammar, and punctuation.

C. To verify that senior management supports the report's conclusions.

D. To validate that report findings are substantiated.

Correct Answer: D

Section: Volume B

Explanation


QUESTION 127

Which of the following best defines an audit opinion?

A. A summary of the significant audit observations and recommendations.

B. An auditor's evaluation of the effects of the observations and recommendations on the activities reviewed.

C. A conclusion which must be included in the audit report.

D. A recommendation for corrective action.


Correct Answer: B

Section: Volume B

Explanation


QUESTION 128

In reviewing the appropriateness of the minimum quantity level of inventory established by a department, an auditor would be least likely to consider:

A. Stockout costs, including lost customers.

B. Seasonal variations in forecasting inventory demand.

C. Optimal order sizes determined by an economic order quantity model.

D. The potential for obsolescence of inventory items.

Correct Answer: C

Section: Volume C

Explanation


QUESTION 129

During an audit, an employee, who does not want to be identified, offers to provide information that would be damaging to the organization and may concern illegal

activities. Which of the following actions by the auditor would not be consistent with the IIA Code of Ethics and Standards?

A. Promising to maintain the employee's anonymity and listening to the information.

B. Suggesting that the employee consider talking to legal counsel.

C. Informing the employee that an attempt will be made to keep the source of the information confidential while looking into the matter further.

D. Informing the employee of other methods of communicating this type of information.

Correct Answer: A

Section: Volume C

Explanation



QUESTION 130

Which of the following would have the least impact (either positive or negative) on an assessment of a department's control environment?

A. The department managed long-term investments, including investment in derivatives and other financial instruments, to maximize return.

B. The department manager sets a tone of honesty and integrity in all business dealings and this tone is emulated by department personnel.

C. Many department functions were duplicated or verified by other department employees as part of the department's normal procedures.

D. Audit tests designed to verify compliance with control procedures detected a general failure to follow standard procedures for transaction authorization.

Correct Answer: A

Section: Volume C

Explanation


QUESTION 131

A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1

to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:

Which of the following statements regarding risk in the department is true?

A. As compared to departments A and C, department B has a stronger control system to compensate for the greater complexity of the department's transactions

and dollar value of its assets.

B. The internal audit activity should schedule audits of department B more often than audits of department C because of the relative control strength of

department C as compared to department B.


C. The nature of department A's control structure may be justified by the nature of the department's assets and the complexity of its transactions.

D. The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.

Correct Answer: C

Section: Volume C

Explanation


QUESTION 132

A chief audit executive (CAE) is evaluating four potential audit engagements based on the following factors: the engagement's ability to reduce risk to the

organization, the engagement's ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the

engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parentheses:

Risk Reduction

Cost Savings

Changes

High (3)

Medium (2)

Low (1)

High (3)

Low (1)

High (3)

Low (1)

High (3)

Medium (2)

Medium (2)

Medium (2)

High (3)

If the organization has asked the CAE to consider the cost savings factor to be twice as important as any other factor, which engagements should the CAE

pursue?


A. 1 and 2 only

B. 1 and 3 only

C. 2 and 4 only

D. 3 and 4 only

Correct Answer: D

Section: Volume C

Explanation


QUESTION 133

Which of the following is least likely to vary when conducting audit engagements in different regions of an international organization?

A. Application of governmental regulations to business activities.

B. Work schedules and holidays of the individual regions.

C. Level of workpaper documentation needed to support audit observations.

D. Availability of technology and technical support.

Correct Answer: C

Section: Volume C

Explanation


QUESTION 134

Which of the following is not likely to be included as an audit step when assessing vendor performance policies?

A. Determine whether agreed-upon lot sizes were sent by vendors.

B. Determine whether only authorized items were received from vendors.

C. Determine whether the balances owed to vendors are correct.

D. Determine whether the quality of the goods purchased from the vendors has been satisfactory.

Correct Answer: C

Section: Volume C


Explanation


QUESTION 135

An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information.

The internal auditor reviews the retirement benefits plan and determines that the pension and medical benefits have been changed several times in the past ten

years. The auditor wishes to determine whether there is justification to perform further audit investigation. The most appropriate audit procedure would be to:

A. Review the trend of overall retirement expense over the last ten years. If the retirement expense increased, it would indicate the need for further investigation.

B. Use generalized audit software to select a monetary-unit sample of retirement pay, and determine whether each retired employee was paid correctly.

C. Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by which plan was in effect when the employee retired.

D. Use generalized audit software to select an attributes sample of retirement pay, and perform detailed testing to determine whether each person chosen was

given the proper benefits.

Correct Answer: C

Section: Volume C

Explanation


QUESTION 136

Risk assessments can vary in format, but generally include:

1. A description of identified risks.

2. Tests of audit controls.

3. A system of rating risks.

4. Sample size identification.

A. 1 and 2 only

B. 1 and 3 only

C. 1, 3, and 4 only

D. 2, 3, and 4 only

Correct Answer: B

Section: Volume C


Explanation


QUESTION 137

An internal auditor has just undertaken an organization-wide risk assessment. In identifying potential audit engagements, the internal auditor should consider least:

A. Focusing on the high risk areas as sources of potential engagements.

B. Focusing in areas not audited last year.

C. Factoring in management requests.

D. Focusing on those risks highlighted by the external auditor.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 138

When planning an audit engagement, what should an internal auditor first consider when assessing the risk of fraud in the area to be audited?

A. Impact of and exposure to fraud.

B. Existence of evidence of fraud.

C. Organizational structure.

D. Management's risk appetite.

Correct Answer: A

Section: Volume C

Explanation


QUESTION 139

Which of the following actions is related to the preliminary survey process?


A. Determining if controls are effective.

B. Preparing the engagement work program.

C. Identifying the current controls.

D. Completing a detailed test of controls.

Correct Answer: C

Section: Volume C

Explanation


QUESTION 140

A code of business conduct provides:

A. A fraud avoidance plan that does not explicitly describe punishments for violations.

B. A passive method of fraud deterrence.

C. A program to anonymously report irregularities to authorities.

D. An alternative to "tone at the top" programs.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 141

The chief executive officer has requested that the chief audit executive (CAE) coordinate the establishment of an enterprise risk management (ERM) program for

the organization. Which of the following would be the most appropriate action for the CAE?

A. Accept the request as the role of coordinating ERM is a core function of internal audit.

B. Decline the request as this role compromises the CAE's objectivity.

C. Accept the request after consulting with the board and adhering to proper safeguards.

D. Decline the request as internal audit has limited knowledge and experience of risk at the enterprise level to undertake the assignment.


Correct Answer: C

Section: Volume C

Explanation


QUESTION 142

Which of the following is the most common method management can use to manage risk within its risk appetite?

A. Implementation of controls.

B. Use of risk registers and dashboard.

C. Frequent communication of risk appetite for operating personnel.

D. Continuous evaluations and audits.

Correct Answer: A

Section: Volume C

Explanation


QUESTION 143

Which of the following is an effective way for an internal auditor to improve communications with the client during a contentious audit?

A. Encourage the client to participate as a partner in the decision-making process to determine the changes that need to be made.

B. Clearly explain to the client the role of the internal audit activity in the change process.

C. Obtain the support of the board of directors for proposed changes before discussing the changes with operating management.

D. Speak privately with key client personnel immediately after proposed changes are announced to address their concerns.

Correct Answer: A

Section: Volume C

Explanation



QUESTION 144

The chief audit executive's responsibility regarding control processes includes:

A. Assisting senior management and the audit committee in the development of an annual assessment about internal control.

B. Overseeing the establishment of internal control processes.

C. Maintaining the organization's governance processes.

D. Ensuring that the internal audit activity assesses all control processes annually.

Correct Answer: A

Section: Volume C

Explanation


QUESTION 145

Inadequate risk assessment would have the strongest negative impact in which of the following phases of an audit engagement?

A. Determining the scope.

B. Reviewing internal controls.

C. Testing.

D. Evaluating findings.

Correct Answer: A

Section: Volume C

Explanation


QUESTION 146

The best method for assessing the relative importance of risk factors is to:

A. Change the rating of the factors from a 1-3 scale to a 1-5 scale. B.

Assign weights to the factors based on the comparative impact.

C. List the risk factors in a priority order.

D. Use data from an independent source.


Correct Answer: B

Section: Volume C

Explanation


QUESTION 147

Which of the following audit planning activities adds the least value in understanding the current risk exposures facing the corporation?

A. Review of organizational strategic plans and operational plans.

B. Consultation with senior management and the audit committee.

C. Review of the external auditor's risk assessment.

D. Review of corporate performance reporting and benchmarking.

Correct Answer: D

Section: Volume C

Explanation


QUESTION 148

The internal audit activity's primary responsibility in a review or examination of the organization by an external regulatory body is to:

A. Verify that regulatory reviews occur with adequate frequency.

B. Provide follow-up to determine if the regulator's findings are appropriately resolved by management.

C. Prepare documentation for the regulator.

D. Document the responses to the regulator's findings.

Correct Answer: B

Section: Volume C

Explanation



QUESTION 149

Under what circumstances would internal audit not become involved when intentional misconduct is suspected?

A. Management is involved in wrongdoing.

B. Management is running a parallel investigation.

C. Management does not believe a trusted employee could be guilty.

D. Management does not maintain strong internal controls.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 150

During a payroll audit of a large organization, an internal auditor noted that the assistant personnel director is responsible for many aspects of the computerized

payroll system, including adding new employees in the system; entering direct-deposit information for employees; approving and entering all payroll changes; and

providing training for system users. After discussions with the director of personnel, the auditor concluded that the director was not comfortable dealing with

information technology issues and felt obliged to support all actions taken by the assistant director. The auditor should:

A. Continue to follow the engagement program because the engagement scope and objectives have already been discussed with management.

B. Review the engagement program to ensure testing of direct deposits to employee bank accounts is adequately covered.

C. Recommend to the chief audit executive that a fraud investigation be started.

D. Test a sample of payroll changes to ensure that they were approved by the assistant director before being processed.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 151

The most effective procedure to verify compliance with a requirement that materials be purchased from the lowest-priced source is to compare:

A. Prices paid for selected materials with prices listed on related purchase orders.


B. Bids obtained for selected purchases with related purchase orders.

C. Vendors' current prices with prices listed on related purchase orders.

D. Approved vendor lists with bids obtained for selected purchases.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 152

A major insurance company provides a discount on automobile insurance if the vehicle meets certain safety criteria. Which of the following audit tests would

provide an internal auditor with the best evidence that all qualifying insured automobiles are receiving the discount?

A. Compare the percentage of automobiles receiving discounts this year to that of last year.

B. Ask managers whether they are aware of the discount criteria and whether they are providing the discount to all qualifying automobiles.

C. Select a sample of automobiles that are not receiving the discount and determine if they have been properly excluded.

D. Select a sample of automobiles receiving the discount and determine that the required discount criteria are being met.

Correct Answer: C

Section: Volume C

Explanation


QUESTION 153

Which of the following best describes the most important criteria when assigning responsibility for specific tasks required in an audit engagement?

A. Auditors must be given assignments based primarily upon their years of experience.

B. All auditors assigned an audit task must have the knowledge and skills necessary to complete the task satisfactorily.

C. Tasks must be assigned to the audit team member who is most qualified to perform them.

D. All audit team members must have the skills necessary to satisfactorily complete any task that will be required in the audit engagement.

Correct Answer: B

Section: Volume C


Explanation


QUESTION 154

During an engagement, an internal auditor discovered that an organization’s policy on delegation of authority listed six individuals who were no longer employed

with the organization. In addition, four individuals acting with disbursement authority were not identified in the policy as having such authority. Which of the

following is the most effective course of action to address the control weakness?

A. Immediately initiate a complete audit of the disbursement function to determine if significant frauds have occurred.

B. Recommend that management review the process supporting the policy and make improvements.

C. Advise management to add the four additional names and remove the incorrect names from the policy to make it current.

D. Review further to ensure that the four individuals do not have the appropriate authority through delegation.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 155

In which of the following cases is it appropriate for an audit report to not contain management's response either within the report or as an attachment?

A. Management’s response to an audit report is generally not a requirement.

B. Internal controls were found to be properly designed and operating effectively although operations are deemed inefficient.

C. There was insufficient time to obtain management’s response during the draft reporting process.

D. An internal audit report contains no observations.

Correct Answer: D

Section: Volume C

Explanation


QUESTION 156


When performing a compliance audit of the organization’s outsourced services, which of the following is considered the primary engagement objective?

A. Verifying that the organization does not have the appropriate knowledge and resources in-house.

B. Ensuring the provider has adequate internal controls in order to protect the quality of their service.

C. Evaluating the efficiency, effectiveness, economy, and sufficiency of the services provided.

D. Assessing the provider's adherence to contract and regulatory requirements.

Correct Answer: D

Section: Volume C

Explanation


QUESTION 157

Which of the following actions has the least influence on the chief audit executive's development of an audit plan?

A. Input from senior management and the board.

B. An evaluation of the complexity of each audit engagement.

C. Changes in the organizations structure or budget.

D. An assessment of risk and exposures affecting the organization.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 158

Which role is not considered a change agent when an organization wants to implement structural changes?

A. Senior management.

B. Line management.

C. Independent consultant.


D. Shareholder.

Correct Answer: D

Section: Volume C

Explanation


QUESTION 159

Because of an abundance of high priority requests from management, an internal audit activity no longer has the resources to meet all of its commitments

contained in the annual audit plan. Which of the following would be the best course of action for the chief audit executive to follow?

A. Continue with the plan and seek opportunities to adjust priorities and reallocate resources.

B. Present a reassessment of the plan to the board and senior management for consideration.

C. Reassess the plan and either cancel or divert resources away from the lowest priority activities.

D. Advise the board immediately and seek their support for additional resources to meet the needs of the plan.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 160

Why should internal auditors develop a strong relationship with the external auditors?

A. External auditors offer an additional layer of approval to internal auditors' reports.

B. External auditors can help improve the effectiveness of internal control sampling techniques.

C. External auditors can offer an independent and knowledgeable viewpoint.

D. External auditors can share information gained from work with similar clients.

Correct Answer: C

Section: Volume C

Explanation



QUESTION 161

An internal auditor is planning an assurance engagement. The auditor first reviews the department's business objectives. What is the next step?

A. Review control activities.

B. Evaluate potential risks.

C. Establish risk management roles.

D. Set the scope of the engagement.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 162

Which characteristic of risk assessment makes it a useful tool for audit planning?

A. It provides a list of auditable activities in the organization.

B. It ranks the severity of potentially adverse effects on the organization.

C. It provides a process for identifying and analyzing potentially adverse effects.

D. It evaluates the probability that an event or action may adversely affect the organization.

Correct Answer: C

Section: Volume C

Explanation


QUESTION 163

An internal audit manager is supervising an engagement. A senior auditor deviates from the approved engagement plan but meets all deadlines in the approved

time schedule. Which activity is not required for the audit manager to provide proper engagement supervision?

A. Actively participate in audit procedures.


B. Ensure that all engagement objectives are met.

C. Approve the deviation from the engagement plan.

D. Ensure compliance with the time schedule.

Correct Answer: A

Section: Volume C

Explanation


QUESTION 164

Which of the following statements is correct regarding the assessment of risk in the annual audit planning process?

1. Activities requested by management should be considered higher risk than those requested by the audit committee.

2. Activities with lower budgets can be as high risk as those with higher budgets.

3. The potential financial or adverse exposure should always be considered in the assessment of risk.


A. 1 only

B. 2 only

C. 3 only

D. 2 and 3 only

Correct Answer: D

Section: Volume C

Explanation



QUESTION 165

Management has asked the internal audit activity to perform an operational audit of a division that recently reported an increase in expenditures in addition to a

decrease in profits. However, existing internal audit resources are currently engaged in a legal compliance audit. Which factor would be considered least important

in deciding whether resources should be removed from the legal compliance audit to the operational audit?

A. The increase in expenditures at the division over the past year.

B. The probability that the legal compliance audit will detect fraud. C. The results of the external auditor's most

recent financial audit.

D. The potential for regulatory fines associated with the legal compliance audit.

Correct Answer: C

Section: Volume C

Explanation


QUESTION 166

Given the scarcity of internal audit resources, a chief audit executive (CAE) decides not to schedule a follow-up of audit recommendations when developing

engagement work schedules. Why does the CAE’s decision violate the Standards?

A. It is not the CAE's responsibility to establish a process for a follow-up.

B. Lack of resources is not a sufficient reason to forgo a follow-up.

C. Follow-up actions should take priority over new engagements in scheduling.

D. When resources are scarce, the follow-up can be incorporated into the next engagement.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 167


As part of a preliminary survey of the purchasing function, an internal auditor reads the department's policies and procedures manual and concludes that the

manual describes the processing steps clearly and contains an appropriate internal control design. The next engagement objective is to evaluate the operating

effectiveness of internal controls. Which procedure would fulfill this objective most effectively?

A. Perform a design test.

B. Perform a compliance test.

C. Perform a systems test.

D. Perform an efficiency test.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 168

An organization has recently incurred significant cost overruns on one of its construction projects. Management suspects that these overruns were caused by the

contractor improperly charging for costs related to contract change orders. Which of the following procedures are appropriate for testing this suspicion?

1. Determine if the contractor has received proper approval of change orders from management.

2. Determine if the contractor has billed for original contract work cancelled by the change orders.

3. Determine if the contractor has charged change orders with costs already billed to the original contract.

4. Determine if the contractor has been paid for change orders that have not yet been completed.

A. 1 and 2 only B.

1 and 3 only C. 2

and 3 only

D. 3 and 4 only

Correct Answer: C

Section: Volume C

Explanation


QUESTION 169


A consumer electronics company is considering acquiring a small flash memory manufacturer. An internal auditor has been assigned to determine if the

manufacturer's accounts payable contain all outstanding liabilities. Which audit procedure is not relevant for this objective?

A. Verify the period of liability of subsequent cash disbursements using related supporting documentation.

B. Send confirmations, including zero-balance accounts, to vendors with whom the manufacturer normally does business.

C. Trace receiving reports issued before the period end to the accounts payable list and vendor invoices.

D. Verify a sample of accounts payable by using related invoices, receiving reports, and purchase orders.

Correct Answer: D

Section: Volume C

Explanation


QUESTION 170

An internal auditor notices that a division has recorded uncharacteristically high sales and gross margins for the past three months and now suspects the division

is reporting fictitious sales. Which course of action should the auditor follow to determine whether fraud has occurred?

A. Trace a sample of shipping documents to related sales invoices to verify proper billing.

B. Send accounts receivable balance confirmations to customers.

C. Compare the division's sales and gross margins to those of the prior three-month period.

D. Estimate the sales and cost of goods sold for the three-month period by using regression analysis.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 171

An audit of an organization's fulfillment department discovered that problems in the order processing system led to a significant number of orders being fulfilled

multiple times. During the exit conference, the head of the department informed the auditors that the processing system would be enhanced within six months to

correct the problems. Which course of action should the chief audit executive follow?

A. Adjust the scope of the next scheduled audit to determine that the problems have been resolved.


B. Monitor the status of corrective action and schedule a follow-up engagement when appropriate.

C. Meet with the audit committee to determine the appropriate follow-up action.

D. Assess the status of corrective action in a follow-up engagement in six months.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 172

When interviewing an individual in relation to a fraud investigation, which course of action should the internal auditor follow?

A. Assure the individual that the results of the interview will remain confidential.

B. Establish a rapport with the subject to encourage openness.

C. Discontinue questioning once the individual has confessed to the fraud.

D. Refrain from deviating from the list of questions prepared before the interview.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 173

While performing a follow-up of a concern about equipment-inventory tracking, which course of action is not necessary for the auditor to take?

A. Ensure that the steps being taken resolve the condition disclosed by the initial finding.

B. Ensure that controls have been implemented to prevent the issue from occurring again.

C. Ensure that the entity has begun to experience benefits as a result of resolving the issue.

D. Ensure that the inherent risk has been eliminated as a result of resolving the issue.

Correct Answer: D

Section: Volume C

Explanation



QUESTION 174

Because of a new marketing initiative, an organization has reduced requirements for extending credit to new customers. As a result, outstanding accounts

receivable as a percentage of revenue has increased significantly during the past two years. Which of the following would be least useful in monitoring this

finding?

A. Updates from the manager of accounts receivable regarding collection of outstanding receivables.

B. Updates from the information technology division regarding development of a new accounts receivable system.

C. Updates from the controller regarding the status of corrective actions.

D. Updates from the credit and marketing personnel tasked with reevaluating credit policies.

Correct Answer: B

Section: Volume C

Explanation


QUESTION 175

Which of the following tasks would be considered unusual for planning a control self-assessment workshop?

A. Conducting interviews to identify relevant issues for the discussion.

B. Identifying key stakeholders and ensuring they are represented in the group.

C. Securing an external subject matter expert to arbitrate disputes.

D. Ensuring that managers are willing to accept constructive criticism.

Correct Answer: C

Section: Volume C

Explanation


QUESTION 176


An internal auditor has been assigned to perform a quality audit on a manufacturing plant. Which course of action should the auditor perform first?

A. Compare the planned outputs with the actual outputs.

B. Ascertain the costs of materials purchased.

C. Evaluate the plant's ability to meet production quotas.

D. Review the levels of scrap and rework.

Correct Answer: D

Section: Volume C

Explanation


QUESTION 177

According to IIA guidance, which of the following are acceptable strategies for an internal audit activity (IAA) to establish or build relationships?

A. Assist executives with their administrative and governance responsibilities, and encourage all IAA members to develop relationships with the organization's

executives.

B. Assist executives with their administrative and governance responsibilities, and ensure that all communications with the board are formal audit reports or

preset agendas.

C. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and encourage all IAA members to develop

relationships with the organization's executives.

D. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and ensure that all communications with the

board are formal audit reports or preset agendas.

Correct Answer: A

Section: Volume C

Explanation


QUESTION 178

During an audit of an ethics program, which of the following procedures are most appropriate to evaluate the effectiveness of the program?


• Testing whether corrective actions taken on involved parties breaching the ethics program are adequate.

• Testing whether all employees are mandated through policy to comply with the ethics program.

• Testing whether all employees are required to confirm in writing their compliance with the ethics program.

• Testing through surveys employee's level of understanding and commitment to the ethics program. A. 1 and 2 only

B. 1 and 4 only C.

2 and 3 only

D. 3 and 4 only

Correct Answer: B

Section: Volume C

Explanation


QUESTION 179

According to IIA guidance, which of the following should be considered when creating policies and procedures for the internal audit activity (IAA)?

A. Number of auditors, complexity of audit activities, and structure of the IAA.

B. Number of auditors, complexity of audit activities, and audit staff skills and competencies.

C. Number of auditors, structure of the IAA, and audit staff skills and competencies.

D. Complexity of audit activities, structure of the IAA, and audit staff skills and competencies.

Correct Answer: A

Section: Volume C

Explanation


QUESTION 180

A payroll clerk enters payroll transactions into the general ledger. The staff accountant reconciles the payroll ledgers. The payroll manager issues the manual

payroll checks. The checks are maintained in a locked cabinet. The chief financial officer secures the keys to the cabinet. The payroll clerk distributes the manual

checks.


The payroll manager reconciles the bank statements monthly. Which of the following audit steps best addresses the risk of fraud in the payroll process?

A. Examine whether the payroll manager approves the reconciliations of ledgers.

B. Determine whether an approved list of voided checks exists.

C. Determine whether the cabinet keys are secured properly.

D. Vouch a sample of items on bank reconciliations to supporting documentation.

Correct Answer: D

Section: Volume D

Explanation


QUESTION 181

According to the International Professional Practices Framework, which of the following situations is an indicator of a healthy relationship between the audit

committee and the internal audit function?

A. The chief audit executive (CAE) has direct access to the audit committee and the board but typically does not interact directly with them unless a material

weakness in the control environment is identified.

B. The CAE sends the audit committee all communications between the internal audit department and the audit client in order to keep the audit committee up to

date on the engagement.

C. The CAE does not distribute audit reports to the audit committee. However, the audit committee is made aware of the scope and findings of audits performed.

D. Whenever a potential audit finding or testing exception is first identified, the audit committee is immediately notified, as well as for any subsequent changes

in the status of the engagement.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 182

An internal auditor has been asked to participate in an advisory capacity to assist a committee in redesigning the organization's current financial reports to provide

better information to management and the board. Which of the following actions on the part of the auditor would provide the greatest value to this project?


A. The internal auditor has a set of generic report templates from a former project and presents them to the group because they worked so well for the previous

employer.

B. The internal auditor interviews each stakeholder and documents the requirements and preferences of each and creates a report template that meets as many

of the requirements and preferences as possible.

C. The internal auditor gathers the stakeholder group and holds a brainstorming session where they generate report requirements and preferences and then rank

them in order of importance.

D. The internal auditor undertakes a project to gather report templates and formats from other organizations in the same line of business and presents them all to

the group for review.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 183

The internal audit activity of an investment company received a request to provide assurance on the risk management process. Preliminary discussion with senior

management revealed that separate functions within the organization perform some form of risk management activities. Which of the following is the most effective

tool for ensuring that risk management activities are coordinated among these functions?

A. Delphi technique.

B. Assurance map.

C. Facilitated workshop.

D. Analytical reviews.

Correct Answer: B

Section: Volume D

Explanation


QUESTION 184

The chief audit executive (CAE) is adding a new audit position to the team. According to the International Professional Practices Framework, which of the following

candidates would the CAE be least likely to accept for the position?


A. The candidate is applying for an IT audit position, while originally coming from an IT background, but has only experiences of financial and compliance audits

in the previous position.

B. The candidate is knowledgeable about potential indicators of fraud including typical risks, but has only participated as a staff auditor in one investigative fraud

audit.

C. The candidate meets the minimum educational requirements established by the chief audit executive, but has less formal education than any of the other

candidates being considered.

D. The candidate provides examples of previous reports demonstrating excellent writing skills, but lacks ability to clearly communicate ideas and conclusions in a

meeting.

Correct Answer: D

Section: Volume D

Explanation


QUESTION 185

According to IIA guidance, which of the following are potential benefits of using an assurance map?

A. Indication of any gaps in assurance coverage, and improved relevance of assurance recommendations.

B. Identification of duplicate or overlapping assurance activities, and improved relevance of assurance recommendations.

C. Indication of gaps in assurance coverage, and enhanced effectiveness of assurance providers.

D. Enhanced effectiveness of assurance providers, and improved relevance of assurance recommendations.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 186

Which of the following events would most likely cause the chief audit executive to consider changing the current year's audit plan?

1. The government announced that new regulatory requirements will be introduced in the coming years which may significantly impact the organization's primary

product.

2. A major competitor unexpectedly introduced a new model at a lower price point to compete with the organization's market leading product.


3. The organization announced a new joint venture with a long time corporate partner to introduce a new product with development costs and sales beginning next

fiscal year.

4. An equal joint venture partner filed a lawsuit against the organization and requested that the court issue an immediate suspension of future product shipments.

A. 1 and 2 only B.

1 and 3 only C. 2

and 4 only

D. 3 and 4 only

Correct Answer: C

Section: Volume D

Explanation


QUESTION 187

Which of the following statements is true?

A. Consulting engagements provide the internal audit activity with flexibility to add value and do not need to be included in the long-range audit plan.

B. The internal audit activity's plan of engagments must be based on a formal quantitative risk assessment.

C. The chief audit executive should consider changes to the long-range audit plan based on the requests of business unit managers.

D. A risk assessment on which to base the internal audit activity's long-range plan must be undertaken at least once every three years.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 188

In performance auditing, which of the following must first be determined by the internal auditor?

A. Which key performance indicators are in use.

B. Management's objectives for the process.


C. Whether management controls are appropriate.

D. Determination that appropriate benchmarks are in place.

Correct Answer: B

Section: Volume D

Explanation


QUESTION 189

According to the Standards, which of the following best describes what must be agreed upon to establish an understanding with clients prior to starting a

consulting engagement?

A. The engagement objectives, access to clients records, and expectations.

B. The engagement objectives, scope, and time frame to complete the engagement.

C. The engagement scope, opportunities for making significant improvements, and client expectations.

D. The engagement objectives, scope, respective responsibilities, and other client expectations.

Correct Answer: D

Section: Volume D

Explanation


QUESTION 190

An airline contracted with an external service provider to perform maintenance on all aircraft ground support equipment. Management then asked the internal audit

activity (IAA) to evaluate the controls in place that would permit appropriate oversight of the service provider in maintaining required maintenance standards.

According to the International Professional Practices Framework, which of the following would be the most appropriate course of action for the IAA to undertake to

establish the engagement objectives?

A. Develop a draft audit plan and create an appropriate scope and resource schedule.

B. Develop a preliminary audit program and obtain senior management's approval.

C. Conduct a preliminary assessment of the risks associated with the maintenance contract.

D. Obtain a copy of the maintenance contract and review the contract for pricing discrepancies.


Correct Answer: C

Section: Volume D

Explanation


QUESTION 191

According to the International Professional Practices Framework, which of the following would not be considered when performing an initial risk assessment in

engagement planning?

A. The reliability of management’s assessment of risk.

B. Management’s process for monitoring, reporting, and resolving risk issues.

C. Management's methodology for defining risk criteria.

D. Risks in related activities relevant to the activity under review.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 192

According to IIA guidance, which of the following strategies would be the least effective in helping a chief audit executive build a stronger relationship with the

board?

A. Consider formality and tone of communications to ensure they are appropriate.

B. Minimize instances of ad hoc communications with board members.

C. Consider the possible repercussions created by commentary on deficiencies.

D. Avoid making presumptuous comments without sufficient facts.

Correct Answer: B

Section: Volume D

Explanation



QUESTION 193

The chief audit executive established an internal audit activity (IAA) performance standard requiring all audit reports to be issued within 48 hours of the exit

meeting with the client. Which of the following describes an exit meeting strategy that would best help the IAA meet this performance standard?

A. The objective of the exit meeting is to reach agreement on audit observations.

B. The objective of the exit meeting is to solicit action plans for audit observations.

C. The objective of the exit meeting is to confirm final details of fieldwork.

D. The objective of the exit meeting is to confirm understanding of audit results

Correct Answer: D

Section: Volume D

Explanation


QUESTION 194

Which of the following would not include recommendations for process improvements?

A. Due diligence engagement.

B. Forensic investigation.

C. Internal audit engagement.

D. Consulting engagement.

Correct Answer: A

Section: Volume D

Explanation


QUESTION 195

When approving the final engagement report, which of the following is most critical?

A. Opinions are adequately supported.

B. Conclusions are reached for all objectives.

C. Report is distributed to appropriate parties.


D. Report is clear and concise.

Correct Answer: A

Section: Volume D

Explanation


QUESTION 196

According to the Standards, which of the following would have the least direct interest in the draft report of a compliance review of the purchasing function?

A. Purchasing staff.

B. Purchasing manager.

C. Director of finance.

D. Audit committee.

Correct Answer: D

Section: Volume D

Explanation


QUESTION 197

The chief audit executive (CAE) notes during review of the final report of an assurance engagement that management has decided to accept the risks of two

significant exposures identified by the audit. Which of the following actions by the CAE would be least prudent in these circumstances?

A. Implement follow-up procedures to monitor the potential impact of those risks.

B. Review the working papers and conclusions as to the perceived residual risk.

C. Meet with senior management to consider their reasoning for the decision.

D. Meet with the auditor-in-charge to review the conclusions.

Correct Answer: A

Section: Volume D

Explanation



QUESTION 198

According to the International Professional Practices Framework, which of the following is correct regarding conducting and reporting follow-up activities by the

internal audit activity (IAA)?

A. Due to management changes, the IAA is advised by management that no further work will be done. Further follow-up work is not required as management has

accepted the related risk.

B. A newly appointed auditor immediately proceeds to conduct follow-up testing based on previous work performed for the engagement and then reports the

results to the chief audit executive (CAE).

C. Management has stopped implementing several key recommendations citing a growing disagreement with their effectiveness. The auditor communicates the

situation to the CAE who then escalates the matter to senior management.

D. In situations where the identified risk may have a significant impact to the business and senior management has accepted the risk, it is not necessary for the

CAE to inform the board of the decision.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 199

An internal auditor compares real-time gasoline production data to corresponding final gasoline production reports and finds minor but consistent daily

discrepancies. If the auditor is concerned about theft, which of the following next steps is most consistent with IIA guidance?

A. Reconcile online data and the final production reports to gasoline sales reports.

B. Contact security personnel as evidence suggests gasoline is being stolen from production premises.

C. Confront the production manager and ask her to explain the differences between real-time and reported data.

D. Review the processes used to collect the production data and to compile the final production reports.

Correct Answer: D

Section: Volume D

Explanation


QUESTION 200


According to IIA guidance, which of the following is the least appropriate role for the internal audit activity in the organization's risk management program?


A. Conducting full investigations of suspected fraud.

B. Monitoring the organization's whistle-blower hotline.

C. Assessing the risk of fraudulent activity in the organization.

D. Providing ethics training sessions to organization staff.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 201

An organization decides to create an internal audit function and hires a new chief audit executive (CAE). Which of the following should the CAE first consider when

developing the internal audit process?

A. Requirements of the external auditors to ensure an efficient coordination of audit effort.

B. Sufficient resources to adequately meet the needs of the annual audit plan.

C. Alignment of internal audit objectives with the organization's strategic plan.

D. An appropriate training plan for audit staff.

Correct Answer: C

Section: Volume D

Explanation



QUESTION 202

Which of the following is not true regarding the management of internal audit resources?

A. A minimum level of information technology knowledge is necessary.

B. The adequacy of internal audit resources is ultimately a board responsibility.

C. Resources include external service providers and computer-assisted audit techniques.

D. Skills availability must be aligned with financial constraints.

Correct Answer: D

Section: Volume D

Explanation


QUESTION 203

An organization has an opening for an entry-level internal audit position. When interviewing for the position, which of the following is the least important skill for an

entry-level internal auditor?

A. Conflict resolution skills.

B. Communication skills.

C. Time management skills.

D. Interpersonal skills.

Correct Answer: A

Section: Volume D

Explanation


QUESTION 204

During a consulting engagement, an internal auditor identifies new risks which will impact the scope and sufficiency of the engagement audit plan. According to the

Standards, the internal auditor should:


A. Discuss the potential impact on the scope with the client.

B. Modify the scope to incorporate the new risks and continue the engagement.

C. End the engagement, as the audit scope is no longer sufficient to meet the audit objective.

D. Continue the engagement but highlight the impacts on the audit scope in the final report.

Correct Answer: A

Section: Volume D

Explanation


QUESTION 205

When establishing the internal audit activity's annual plan, which of the following would be the best source of potential audit engagement topics?

A. The organization's budget.

B. Operations involving cash transactions.

C. Recent changes in management objectives.

D. Risk factors utilized in the organization's risk models.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 206

Which of the following would be included in an internal audit department's quality assurance and improvement program?

1. Ongoing internal assessments of the performance of the internal audit department.

2. Periodic internal reviews through self-assessments.

3. Assessments conducted by a qualified external reviewer at least once every five years.

A. 1 only B. 1

and 2 only

C. 2 and 3 only


D. 1, 2, and 3

Correct Answer: D

Section: Volume D

Explanation


QUESTION 207

Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailed audit work begins?

A. The objectives of the audit should be set.

B. The organization's management should be informed about the work to be performed.

C. Attention should be devoted toward the key audit areas.

D. The timing of the audit should be set.

Correct Answer: B

Section: Volume D

Explanation


QUESTION 208

When determining if appropriate resources exist to achieve engagement objectives, which of the following factors should a chief audit executive consider?

1. Nature and complexity of the audit engagement.

2. Time constraints.

3. Effectiveness of the audit committee.

4. Availability of resources for the engagement.

A. 1 and 2 only

B. 1, 2, and 3 onlyC. 1, 2, and 4 only

D. 1, 3, and 4 only

Correct Answer: C


Section: Volume D

Explanation


QUESTION 209

During an engagement the internal auditors reported that the organization was paying suppliers without receiving the merchandise. Management responded that it

would immediately establish the use of receiving reports. As part of the follow-up activity, which of the following procedures would be the most appropriate in

determining that management action was implemented?

A. Ask management if the new policy related to the receiving reports is in place.

B. Select a sample of receiving reports and determine if payments were made.

C. Interview warehouse employees to ascertain adherence to new policy.

D. Select a sample of payments and determine if a receiving report exists.

Correct Answer: D

Section: Volume D

Explanation


QUESTION 210

According to the Standards, which of the following is an attribute when applied to the observations and recommendations contained in the audit report?

A. Client accomplishments.

B. Effect.

C. Supportive information.

D. Scope statements.

Correct Answer: B

Section: Volume D

Explanation



QUESTION 211

An internal auditor was assigned to conduct an inventory control and stock room area engagement. During the audit, the auditor observed that there were some

items that have a shelf life expiration date requirement based on a certificate of conformance received with the product. The certificates of conformance are kept

on file in the inventory area office and the expiration date is verified at the time the item is taken from stock. The auditor reviewed the items in the stock room and

also on the production floor for the expiration dates to see if there was any expired product. All items with a shelf life requirement were found to be within the

expiration date requirement. Which of the following recommendations would be appropriate?

A. Take no action, because all the items were within the expiration date requirement, and no corrective action is needed.

B. Permit production staff the access to files where the certificates of conformity are kept, so they can choose the items with the closest expiration date.

C. Determine the cost of inventory for the items that have a shelf life and apply a new policy regarding inventory levels to be maintained (i.e., minimums,

maximums, reorder points etc.).

D. Add to the product label a "use by date" line, enter the expiration at the time of receipt, and perform periodic inventory checks.

Correct Answer: D

Section: Volume D

Explanation


QUESTION 212

In addition to the internal auditor, which of the following parties should be present at an exit or closing conference?

1. Audit committee members.

2. The external auditor.

3. The management responsible for the areas covered by the engagement.

4. The chief executive officer.

A. 2 only

B. 3 only

C. 3 and 4 only

D. 1, 3, and 4 only

Correct Answer: B

Section: Volume D

Explanation



QUESTION 213

Reviewing internal audit report drafts with clients is:

1. Required according to the Standards.

2. A form of courtesy.

3. Ethically mandated.

4. A form of validation.

A. 1 and 2 only B.

2 and 3 only C. 2

and 4 only

D. 3 and 4 only

Correct Answer: C

Section: Volume D

Explanation


QUESTION 214

Which of the following is an advantage to using the questionnaire approach when conducting risk and control self assessments?

A. Responses can easily be quantified and analyzed.

B. Follow-up for clarification is efficient.

C. It is educational for participants.

D. It allows for in-depth probing of issues.

Correct Answer: A

Section: Volume D

Explanation



QUESTION 215

Which of the following documents should the chief audit executive review and approve?

1. Workpaper retention policy.

2. Audit committee meeting minutes.

3. Internal audit handbook.

4. Quarterly financial statements.

A. 1 and 2 only B.

1 and 3 only

C. 2 and 4 only

D. 1, 3, and 4 only

Correct Answer: B

Section: Volume D

Explanation


QUESTION 216

Which of the following topics must the internal audit staff discuss with management during the exit conference?

1. Issues identified during the audit.

2. Evaluation criteria used to select controls for testing.

3. Staff who were interviewed during the audit.

4. The reporting process for the draft and final report.

A. 1 and 3 only B.

1 and 4 only C. 2

and 3 only

D. 2 and 4 only

Correct Answer: B

Section: Volume D

Explanation



QUESTION 217

A manufacturing organization is considering a merger with a similar firm, and requests that the chief audit executive (CAE) perform a due diligence audit. During

the preliminary survey, the CAE notes that inventory management is a high risk area. In consultation with the external auditors and legal advisors, the CAE learns

that they share those concerns. Which of the following is the CAE's best course of action?

A. Perform an independent audit of the merging firm's inventory management practices to verify the concerns and to provide relevant and reliable results to

management for their consideration and action.

B. Advise management that internal audit, external audit, and legal advisors all have concerns about inventory management and, given the high materiality of

inventory, management should not proceed with the merger.

C. Coordinate a review of inventory management with external auditors and legal advisors and ensure each group focuses on their area of expertise to ascertain

the extent of the problems, if any.

D. Coordinate with the merging firm's internal audit department to better understand the inventory management function and whether the concerns are

wellfounded.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 218

The chief audit executive (CAE) manages a large internal audit activity (IAA) reporting functionally to the audit committee and administratively to the chief risk

officer. During the CAE's recent unplanned medical leave, several internal audit reports were completed and waiting for CAE approval, however, no formal

delegation of authority was in place to anticipate this situation. In order to preserve the independence of the IAA, which of the following would be the most

appropriate individual to review and approve these reports during the CAE's absence?

A. External auditor.

B. Chief risk officer.

C. Engagement lead auditor.

D. Audit committee chair.

Correct Answer: C

Section: Volume D


Explanation


QUESTION 219

During the audit of a large decentralized supply chain function, the chief audit executive (CAE) receives serious allegations of fraud concerning the vice president

responsible for this function. The CAE engages a third party to provide forensic audit services and lead the investigation portion of the engagement. As part of this

team, which of the following would be an appropriate role for the investigator?

1. Authenticate the original approval signatures on contracts.

2. Interview personnel to understand the supply chain processes.

3. Provide certified copies of relevant original documents for the audit file.

4. Identify variances in pixels on original electronic documents.

A. 1 and 2 only B.

1 and 4 only C. 2

and 3 only

D. 3 and 4 only

Correct Answer: B

Section: Volume D

Explanation


QUESTION 220

The chief audit executive (CAE) of a new organization is in the process of determining the manner in which audit reports will be distributed and to whom.

According to the Standards, which of the following is the most appropriate course of action for the CAE to take to develop this distribution process?

A. The process should be determined in meetings with the external auditor and senior management to ensure alignment with external reporting.

B. The CAE should meet with senior management for their input, but finalize the distribution of all reports with the board.

C. The CAE should independently implement the report distribution, using best judgment to ensure that all relevant stakeholders are informed.

D. The CAE should request that senior management and the board meet to determine the most appropriate reporting method.

Correct Answer: B

Section: Volume D


Explanation


QUESTION 221

An organization has acquired a new line of business. None of the organization's internal auditors have the required expertise to perform an internal audit of the

new business line; therefore, the chief audit executive (CAE) has contracted the services of an external audit firm to perform the engagement. The CAE has

assigned a member of the internal audit team to assist the external team with the engagement. According to the Standards, which of the following statements is

true regarding supervision of the engagement?

A. The CAE may rely upon the external firm's auditor in charge to supervise the engagement.

B. The external firm's auditor in charge must defer to the judgment of the CAE for any disputes.

C. The CAE is not responsible for the quality of an audit performed by an external firm.

D. The CAE should not assign an inexperienced staff member to assist with the engagement.

Correct Answer: B

Section: Volume D

Explanation


QUESTION 222

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit

activity (IAA) may provide risk management consulting?

1. There is a clear strategy and timeline to migrate risk management responsibility back to management.

2. The IAA has the final approval on any risk management decisions.

3. The IAA does not give objective assurance on any part of the risk management framework for which it is responsible.

4. The nature of services provided to the organization is documented in the internal audit charter.

A. 1, 2, and 3 only B.

1, 2, and 4 only C. 1,

3, and 4 only

D. 2, 3, and 4 only

Correct Answer: C


Section: Volume D

Explanation


QUESTION 223

Which of the following statements regarding the use of external contracted services by the chief audit executive (CAE) is false?

A. The CAE's responsibility is not impaired by engaging an external expert.

B. The external expert could have a prior relationship with the audit client.

C. The audit report should not disclose the use of contracted services.

D. The expert should be directed by the objectives and scope of work.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 224

The internal auditor is asked to conduct an investigation involving a suspected fraud. According to the Standards, which of the following statements regarding the

investigation process is false?

A. The auditor should use anonymous surveys of coworkers to assess the character and behavior of the suspect.

B. The auditor must give consideration to the risk of unidentified co-conspirators whether indications exist or not.

C. The auditor should not limit the collection of information by prejudging its relevance to the investigation.

D. The auditor must consider the risk that audit procedures may inadvertently violate the rights of the suspect.

Correct Answer: A

Section: Volume D

Explanation



QUESTION 225

According to the Standards, which of the following control strategies would be the most effective in helping to prevent fraud?

A. Have employees annually sign a code of conduct requiring that they report any known violations.

B. Implement a whistleblower hotline where individuals can make anonymous phone calls to report fraudulent activities.

C. Provide periodic fraud awareness training to employees and test their understanding of the training through online surveys.

D. Conduct routine employee surveys to solicit their knowledge of fraud and unethical behavior within the organization.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 226

An internal auditor is conducting an assessment of the organization's fraud controls. Which of the following would not be considered a preventive control?

1. Daily report that identifies unsuccessful system log-in attempts.

2. Weekly management communication with tips on identifying possible fraud.

3. E-mail alert sent to management for checks issued over $100,000.00.

4. New hire training to explain fraud and employee misconduct.

A. 1 and 2 only B.

1 and 3 only C. 2

and 4 only

D. 3 and 4 only

Correct Answer: B

Section: Volume D

Explanation


QUESTION 227

Which of the following is the least relevant when preparing the internal audit activity's annual engagement plan?


A. Senior management's requests for internal audit engagements.

B. A rotation of internal audit engagements selected on a time basis.

C. The organization's current risk priority and exposure.

D. Coordination with the audit plans of the external auditor.

Correct Answer: B

Section: Volume D

Explanation


QUESTION 228

Which of the following statements is true?

A. If management chooses not to take action on internal audit's assurance engagement observation, the chief audit executive (CAE) has a responsibility to

propose an action plan to the board.

B. Internal audit's responsibility for an assurance engagement observation ends when management implements changes to remediate the observation.

C. When management decides to accept the risk of not taking action on an assurance observation, the (CAE) is responsible for judging whether or not that

decision is prudent.

D. An assurance engagement observation is considered remediated when management's corrective action plan is approved by the board.

Correct Answer: C

Section: Volume D

Explanation


QUESTION 229

An audit engagement objective at a manufacturer is to determine the quality of raw materials purchased. Which of the following actions would best enable an

internal auditor to satisfy this objective?

A. Analyze the provision for sales allowances.

B. Analyze the percentage of scrap incurred during production.

C. Research the rationale for customer returns.

D. Evaluate the volume and characteristics of products rejected during processing.


Correct Answer: D

Section: Volume D

Explanation


QUESTION 230

Which of the following statements is true regarding the communication of audit engagement observations?

A. Criteria, condition, cause, and effect must be communicated for material observations only

B. Criteria, condition, cause, and effect must be communicated for material observations and significant deficiencies only

C. Criteria, condition, cause, and effect must be communicated for all engagement observations.

D. Criteria, condition, cause, and effect do not need to be communicated for insignificant observations with adequate compensating key controls. Correct

Answer: C

Section: Volume D

Explanation


QUESTION 231

Which of the following situations justifies the release of an interim report to management and the board?

• The internal auditor is convinced that the audit observations require immediate attention.

• The internal auditor would like to communicate a change in engagement scope for the activity under review.

• The internal auditor notes that the engagement may extend over a longer time period.

• The audit supervisor believes that issuing interim reports eases supervisory review and controls over working papers.

A. 1 and 3 only

B. 2 and 3 only

C. 1, 2, and 3 only

D. 2, 3, and 4 only

Correct Answer: C


Section: Volume D

Explanation


QUESTION 232

The chief audit executive of a large publicly held bank is using a risk based approach to update the annual audit plan. Which of the following sources of information

will have the least impact on the plan?


A. The 12 month forecast of commercial property values.

B. Recent changes to the bank's strategic plan.

C. Regulatory changes impacting capitalization for all publicly traded banks.

D. Continuous changes in the prime lending rate set by the country's central bank.

Correct Answer: D

Section: Volume D

Explanation


QUESTION 233

According to IIA guidance,when performing a compliance audit of data security standards for a large e-commerce retailer, which of the following would represent

the least likely area of risk exposure?

A. Operational risks.


B. Change or configuration risks.

C. Access risks.

D. Physical security risks.

Correct Answer: D

Section: Volume D

Explanation


QUESTION 234

An internal auditor for a large telecommunications organization identified potential risk factors related to a planned billing system conversion. Which of the

following risk factors would present the least potential exposure to the organization?

A. Critical customer support functions are not available for a short period.

B. Invoice generation disruptions due to required maintenance.

C. Inaccurate billing of telephone calls due to database error.

D. End user criticism and lack of support for the new system.

Correct Answer: B

Section: Volume D

Explanation


QUESTION 235

While reviewing the draft report of an audit engagement, the chief audit executive (CAE) is not in agreement with management's acceptance of the potential risk

exposure resulting from an observed key control weakness. Which of the following actions by the CAE would be appropriate for addressing this concern?

• Meet with the auditor-in-charge.

• Discuss with senior management.

• Monitor the result of the accepted risk.

• Report the matter to the board.


A. 1, 2, and 3 only B.

1, 2, and 4 only C. 1,

3, and 4 only

D. 2, 3, and 4 only

Correct Answer: B

Section: Volume D

Explanation


QUESTION 236

Which of the following statements is correct regarding the use of a program evaluation and review technique (PERT) model?

• It makes use of a probability model to arrive at a realistic estimate of time necessary for completion of the audit engagement.

• It requires that activities are performed in sequence such that each task is completed before the commencement of the next activity.

• It remains fixed once completed to act as a baseline for measuring the performance of the audit staff following completion of the engagement.

• It begins with the auditor-in-charge identifying the overall scope and then breaking down the audit engagement into identifiable activity units.

A. 1 and 3 only B.

1 and 4 only C. 2

and 3 only

D. 2 and 4 only

Correct Answer: B

Section: Volume D

Explanation


QUESTION 237

According to IIA guidance, which of the following are benefits to the internal audit activity when conducting an assurance mapping exercise?

A. Identification of gaps in risk coverage, and minimization of duplicate assurance efforts.

B. Identification of gaps in risk coverage, and consolidation of risk reporting efforts.

C. Resolution of identified testing errors, and minimization of duplicate assurance efforts.

D. Resolution of identified testing errors, and consolidation of risk reporting efforts.


Correct Answer: A

Section: Volume D

Explanation


QUESTION 238

The chief audit executive (CAE) of a large retail operation believes that senior management has accepted a level of risk that exceeds the organization's current

risk tolerance with respect to a major expansion. The CAE plans to meet with senior management to discuss these concerns. According to IIA guidance, which of

the following would be an appropriate course of action in preparation for this meeting?

• Understand management's basis for the decision.

• Advise the board of the concern and upcoming meeting.

• Ascertain which members of management have accepted the risk.

• Determine if management has the authority to accept the risk.

A. 1 and 2 only B.

1 and 4 only C. 2

and 3 only

D. 3 and 4 only

Correct Answer: B

Section: Volume D

Explanation


QUESTION 239

During the quarterly review of the internal audit activity's performance, the chief audit executive (CAE) notes that actual engagement hours consistently exceed the

budget. Which of the following strategies would most likely help the CAE address this problem?

• The budget should consider time spent on similar engagements.

• The budget should consider the proficiency of the assigned auditors.

• The budget estimate should provide for unexpected delays.

• The budget should be specific as to time for each work assignment.


A. 1 and 2 only B.

1 and 4 only C. 2

and 3 only

D. 3 and 4 only

Correct Answer: B

Section: Volume D

Explanation


QUESTION 240

According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?

A. Having no active role or involvement in the risk management process.

B. Auditing the risk management process for reasonableness.

C. Coordinating and managing the risk management process.

D. Participating with management in identifying and evaluating risks.

Correct Answer: C

Section: Volume E

Explanation


QUESTION 241

An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major

system. Which of the following strategies would be the most helpful in resolving this dispute?

A. Conduct a joint brainstorming session with management.

B. Ask the chief audit executive to mediate.

C. Disclose the client's differing opinion in the final report.

D. Escalate the issue to senior management for a decision.

Correct Answer: A


Section: Volume E

Explanation


QUESTION 242

When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate

approach?

A. Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.

B. Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.

C. Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing

such assurance.

D. Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Correct Answer: A

Section: Volume E

Explanation


QUESTION 243

According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?

A. Communication of any internal ethics violations to external parties may occur with appropriate safeguards.

B. Cultural impacts are less critical where the organization practices uniform polices around the globe.

C. Cross-cultural differences should always be handled by the staff of the same cultural background.

D. Local law enforcement should be involved as they are more familiar with the applicable local laws.

Correct Answer: A

Section: Volume E

Explanation



QUESTION 244

The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which

of the following are the most appropriate strategies to maximize the value of the current IAA resources?

• The annual audit plan should include audits that are consistent with the skills of the IAA.

• Audits of high-risk areas of the organization should be conducted by internal audit staff.

• External resources may be hired to provide subject-matter expertise but should be supervised.

• Auditors should develop their skills by being assigned to complex audits for learning opportunities.

A. 1 and 2 only B.

1 and 4 only C. 2

and 3 only

D. 3 and 4 only

Correct Answer: D

Section: Volume E

Explanation


QUESTION 245

It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief

executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?

A. The internal audit risk assessment and audit plan for the next fiscal year.

B. The internal audit budget and resource plan for the coming fiscal year.

C. A request for an increase of the CAE's salary for the next fiscal year.

D. The evaluation and compensation of the internal audit team.

Correct Answer: D

Section: Volume E

Explanation



QUESTION 246

An internal control questionnaire would be most appropriate in which of the following situations?

A. Testing controls where operating procedures vary.

B. Testing controls in decentralized offices.

C. Testing controls in high risk areas.

D. Testing controls in areas with high control failure rates.

Correct Answer: B

Section: Volume E

Explanation


QUESTION 247

According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to

outside parties?

A. The CAE can release prior internal audit reports with the approval of the board and senior management.

B. The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

C. The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

D. The CAE can release prior information provided it is as originally published and distributed within the organization.

Correct Answer: B

Section: Volume E

Explanation


QUESTION 248

An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that

she should assume when facilitating the workshop?

A. Express an opinion on the participants' inputs and conclusions as the assessment progresses.


B. Provide appropriate techniques and guidelines on how the exercise should be undertaken.

C. Evaluate and report on all issues that may be uncovered during the exercise.

D. Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.

Correct Answer: B

Section: Volume E

Explanation


QUESTION 249

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the

issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed

action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

A. Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

B. Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

C. Reassign information systems auditors to assist in implementing management's action plan.

D. Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

Correct Answer: D

Section: Volume E

Explanation


QUESTION 250

Which of the following is not an outcome of control self-assessment?

A. Informal, soft controls are omitted, and greater focus is placed on hard controls.

B. The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

C. Internal auditors become involved in and knowledgeable about the self-assessment process.

D. Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.


Correct Answer: A

Section: Volume E

Explanation


QUESTION 251

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

A. 1 and 2

B. 1 and 3

C. 2 and 4

D. 3 and 4

Correct Answer: A

Section: Volume E

Explanation


QUESTION 252

New environmental regulations require the board to certify that the organization's reported pollutant emissions data is accurate. The chief audit executive (CAE) is

planning an audit to provide assurance over the organization's compliance with the environmental regulations. Which of the following groups or individuals is most

important for the CAE to consult to determine the scope of the audit?

A. The audit committee of the board.

B. The environmental, health, and safety manager.

C. The organization's external environmental lawyers.

D. The organization's insurance department.

Correct Answer: B

Section: Volume E


Explanation


QUESTION 253

According to IIA guidance, which of the following statements are true regarding the internal audit plan?

1. The audit plan is based on an assessment of risks to the organization.

2. The audit plan is designed to determine the effectiveness of the organization's risk management process.

3. The audit plan is developed by senior management of the organization.

4. The audit plan is aligned with the organization's goals.

A. 1 and 2 only

B. 3 and 4 only

C. 1, 2, and 4

D. 1, 3, and 4

Correct Answer: C

Section: Volume E

Explanation


QUESTION 254

An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)


C)

D)

A. Option A

B. Option B

C. Option C

D. Option D

Correct Answer: B

Section: Volume E

Explanation


QUESTION 255

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

A. Senior management is charged with overseeing the establishment risk management and control processes.

B. The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C. Operating managers are responsible for assessing risks and controls in their departments.

D. Internal auditors provide assurance about risk management and control process effectiveness.

Correct Answer: B

Section: Volume E

Explanation



QUESTION 256

Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange

rate.

When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?

1. The hedge documentation designating the hedge.

2. The spot exchange rate on the transaction date.

3. The terms of the forward contract.

4. The amount of fuel purchased.

A. 1 and 2 B.

1 and 4 C. 2

and 3

D. 3 and 4

Correct Answer: C

Section: Volume E

Explanation


QUESTION 257

Which of the following statements describes an engagement planning best practice?

A. It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

B. If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

C. The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

D. Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

Correct Answer: D

Section: Volume E

Explanation


QUESTION 258

Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?


A. To help develop process maps.

B. To determine segregation of duties.

C. To identify residual risks.

D. To test the adequacy of controls.

Correct Answer: D

Section: Volume E

Explanation


QUESTION 259

Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?

1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.

2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.

3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.

4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.

A. 1 and 2 only B.

1 and 4 only C. 2

and 3 only

D. 3 and 4 only

Correct Answer: A

Section: Volume E

Explanation


QUESTION 260

According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

A. A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B. Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.


C. The exit conference provides only anticipated results for inclusion in the final audit communication.

D. During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

Correct Answer: C

Section: Volume E

Explanation


QUESTION 261

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however,

the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

A. 1, 2, and 3 B.

1, 2, and 4

C. 1, 3, and 4

D. 2, 3, and 4

Correct Answer: D

Section: Volume E

Explanation


QUESTION 262

Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?



A. The amount of experience the auditors have conducting audits in the specific area of the organization.

B. The availability of the auditors in relation to the availability of key client staff.

C. Whether the budgeted hours are sufficient to complete the audit within the current scope.

D. Whether outside resources will be needed, and their availability.

Correct Answer: C

Section: Volume E

Explanation


QUESTION 263

The final internal audit report should be distributed to which of the following individuals?

A. Audit client management only

B. Executive management only

C. Audit client management, executive management, and others approved by the chief audit executive.

D. Audit client management, executive management, and any those who request a copy.

Correct Answer: C

Section: Volume E

Explanation



QUESTION 264

According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization's cash

disbursements process?

A. The accounts payable supervisor, accounts payable manager, and controller.

B. The accounts payable manager, purchasing manager, and receiving manager.

C. The accounts payable supervisor, controller, and treasurer.

D. The accounts payable manager, chief financial officer, and audit committee.

Correct Answer: A

Section: Volume E

Explanation


QUESTION 265

An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the

following is the most appropriate action for the internal auditor to take?

A. Observe corrective measures.

B. Seek a management assurance declaration.

C. Follow up during the next scheduled audit.

D. Conduct appropriate testing to verify management responses.

Correct Answer: D

Section: Volume E

Explanation


QUESTION 266

Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?

A. Improper segregation of duties.

B. Incentives and bonus programs.


C. An employee's reported concerns.

D. Lack of an ethics policy.

Correct Answer: C

Section: Volume E

Explanation


QUESTION 267

An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process.

According to IIA guidance, which of the following roles should the CAE not undertake?

A. Manage and coordinate risk management processes.

B. Audit risk management processes.

C. Become involved in risk oversight committees, monitoring activities, and status reporting.

D. Accept management's responsibility for risk management without board approval.

Correct Answer: D

Section: Volume E

Explanation


QUESTION 268

When creating the internal audit plan, the chief audit executive should prioritize engagements based primarily on which of the following?

A. The last available risk assessment.

B. Requests from senior management and the board.

C. The longest interval since the last examination of each audit universe item.

D. The auditable areas required by regulatory agencies.

Correct Answer: A

Section: Volume E


Explanation


QUESTION 269

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward

risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

A. The corporate risk register.

B. The strategic plan.

C. Internal and external audit reports.

D. The board's meeting records.

Correct Answer: B

Section: Volume E

Explanation


QUESTION 270

When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the

following objectives?

1. Add value.

2. Improve operations.

3. Provide assurance that the internal audit activity conforms with the Standards.

4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.

A. 1 only

B. 1 and 2 only

C. 1 and 3 only

D. 1, 2, 3, and 4

Correct Answer: D

Section: Volume E


Explanation


QUESTION 271

Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?

A. Verify that amounts are correct.

B. Verify that payments are on time.

C. Verify that recipients are valid employees.

D. Verify that benefits deductions are accurate.

Correct Answer: C

Section: Volume E

Explanation


QUESTION 272

Which of the following statements is false regarding audit criteria?

A. Audit criteria should be consistent across audit assignments.

B. Audit criteria should represent reasonable standards against which to assess existing conditions.

C. Audit criteria should provide flexibility but allow identification of nonadherence.

D. Audit criteria should equate to good or acceptable management practices.

Correct Answer: A

Section: Volume E

Explanation


QUESTION 273

Which of the following is the most important concept to be included in a consulting engagement agreement?


A. Define the duties and responsibilities needed from management to perform the engagement.

B. Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of the review.

C. Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee.

D. Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.

Correct Answer: C

Section: Volume E

Explanation


QUESTION 274

An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the

requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable

department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the

invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?

A. Verify that approvals of purchasing documents comply with the authority matrix.

B. Observe whether the purchase orders are sequentially numbered.

C. Examine whether the sales department supervisor approves invoices for payment.

D. Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

Correct Answer: C

Section: Volume E

Explanation


QUESTION 275

When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider

for the effective use of audit resources?

1. The competency and qualifications of the audit staff for specific assignments.

2. The effectiveness of IAA staff performance measures.

3. The number of training hours received by staff auditors compared to the budget.


4. The geographical dispersion of audit staff across the organization.

A. 1 and 3

B. 1 and 4

C. 2 and 3

D. 2 and 4

Correct Answer: B

Section: Volume E

Explanation




Documents

IIA-CIA-Part2.exam · 4. Volume D 5. Volume E Exam A QUESTION 1 In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should: