Download TestKings.IIA-CIA-Part2.508Q IIA-CIA-Part2 Certified

TestKings.IIA-CIA-Part2.508Q
Number: IIA-CIA-Part2
Passing Score: 800
Time Limit: 120 min
File Version: 6.6
http://www.gratisexam.com/
IIA-CIA-Part2
Certified Internal Auditor - Part 2, Conducting the Internal Audit Engagement
I am so happy today because I today my result announce and it declared me passed with very good
grades 91%.
I think,TestKing is the one to provide the highest amount of valid questions and correct answers.
Thank God that you guys supported and helped me in the right manner for making my success possible
in the exam with ease.
This product are the perfect ones that can help and guide you in achieving the biggest success in this
tough test.
Questions cover all the new areas listed by IIA-CIA and look very valid and professional,
ALL the credit goes to this Excellent and wonderful vce file. Thanks
Exam A
QUESTION 1
Which of the following audit techniques provides for continuous monitoring and analysis of computer
transactions for detailed auditing?
A.
B.
C.
D.
Integrated test facility.
Parallel simul-ation.
Test data.
Embedded audit routines.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
answer is right.
QUESTION 2
Access control software on an organization's mainframe computer records detailed information concerning
both successful and unsuccessful log-on attempts to applications. Which of the following audit tools would
be best suited to review the access information that has been recorded?
A.
B.
C.
D.
Generalized audit software.
Flowcharting.
Integrated test facility.
Test data.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 3
Which of the following would provide the greatest assurance of the accuracy of a computer program's
computation of freight charges for catalog sales?
A. Use discovery sampling, selecting transactions from invoices which should have freight charges added
to them.
B. Use either test data or parallel simul-ation to test the computer application.
C. Use difference estimation, selecting transactions from invoices which should have freight charges
added to them.
D. Use generalized audit software to select a monetary-unit sample of invoices that have been billed to
customers.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
absolute answer.
QUESTION 4
If an auditor used nonstatistical sampling instead of statistical sampling to estimate the value of inventory,
which of the following would be true?
A. The confidence level could not be quantified.
B. The precision would be larger.
C. The projected value of inventory would be less reliable.
D. The risk of incorrect acceptance would be higher.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
fine.
QUESTION 5
In a sampling application, the group of items about which the auditor wants to estimate some characteristic
is called the.
http://www.gratisexam.com/
A.
B.
C.
D.
Population.
Attribute of interest.
Sample.
Sampling unit.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
answer is perfect.
QUESTION 6
An internal auditor would most likely use attributes sampling when testing which of the following?
A.
B.
C.
D.
Accounts receivable balances.
Correct coding of accounts payable disbursement vouchers.
Year-end inventory value.
Fixed asset book value.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
answer is perfect.
QUESTION 7
An audit department has received anonymous information that an employee has allegedly been able to
steal and cash checks sent to the organization by customers. What is the most efficient way for an auditor
to determine how this type of fraud could occur and who might be the perpetrator?
A.
B.
C.
D.
Confirm accounts receivable.
Confirm accounts payable.
Review the endorsements and banks of deposit on customers' canceled checks.
Flowchart and analyze key controls in the cash receipts process.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Best answer.
QUESTION 8
If an auditor expects to find numerous discrepancies between recorded values and audited values of
sample selections, which sampling technique would be most appropriate?
A.
B.
C.
D.
Attributes sampling.
Probability-proportional-to-size sampling.
Difference estimation sampling.
Discovery sampling.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
absolute answer.
QUESTION 9
During an audit of a retail organization, an internal auditor found a scheme in which the warehouse director
and the purchasing agent diverted approximately $500,000 of goods to their own warehouse, then sold the
goods to third parties. The fraud was not found earlier since the warehouse director updated the perpetual
inventory records and then forwarded receiving reports to the accounts payable department for processing.
Which of the following procedures would have most likely led to the discovery of the missing materials and
the fraud?
A. Select a random sample of receiving reports and trace to the recording in the perpetual inventory
records. Note differences and investigate by type of product.
B. Select a random sample of purchase orders and trace to receiving reports and to the records in the
accounts payable department.
C. Take an annual physical inventory, reconciling amounts with the perpetual inventory records. Note the
pattern of differences and investigate.
D. Select a random sample of sales invoices and trace to the perpetual inventory records to see if
inventory was on hand. Investigate any differences.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
options are clearly written.
QUESTION 10
Which of the following factors would increase the confidence level in a variables sampling plan?
A. A larger sample size.
II. A stratified sample.
III. A larger standard deviation.
B. I and II only
C. I and III only
D. II and III only
E. I, II, and III
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
proper answer.
QUESTION 11
If an auditor is sampling to test compliance with a particular company policy, which of the following factors
should not affect the allowable level of sampling risk?
A.
B.
C.
D.
The experience and knowledge of the auditor.
The adverse consequences of noncompliance.
The acceptable level of risk of making an incorrect audit conclusion.
The cost of performing auditing procedures on sample selections.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
exact answer.
QUESTION 12
Which of the following describes an internal auditor's responsibilities to include audit procedures to detect
fraud in audits of a multinational organization?
A. International Accounting Standards require the internal auditor to include audit procedures which would
detect fraud if it would cause a material misrepresentation of the financial statements.
B. Internal auditors do not have any specific responsibilities with respect to including fraud-related audit
procedures.
C. Proper audit procedures, when carried out with due professional care, will guarantee that fraud, if
present, will be detected.
D. If significant control weaknesses are detected, additional tests should be directed toward other
indicators of fraud.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
genuine answer.
QUESTION 13
An appliance repair company is considering relocating the center that houses its service vehicles. An
internal auditor wants to determine the potential reduction in average miles driven by the service vehicles if
the center is relocated. Which of the following statistical sampling methods would be most appropriate for
this test?
A.
B.
C.
D.
Attributes sampling.
Discovery sampling.
Probability-proportional-to-size sampling.
Mean-per-unit sampling.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
real answer.
QUESTION 14
Monetary-unit sampling is most useful when the internal auditor:
A.
B.
C.
D.
Is testing the accounts payable balance.
Cannot cumulatively arrange the population items.
Expects to find several material errors in the sample.
Is concerned with overstatements.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
rightful answer.
QUESTION 15
If management expects 100 percent compliance with a procedure, which of the following sampling
approaches would be most appropriate?
A.
B.
C.
D.
Attributes sampling.
Discovery sampling.
Targeted sampling.
Variables sampling.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
answer is valid.
QUESTION 16
An internal auditor is discussing an audit problem with an engagement client. While listening to the client,
the internal auditor should:
A. Prepare a response to the client.
B. Take mental notes on the speaker's nonverbal communication, as it is more important than what is
being said.
C. Make sure that all details, as well as the main ideas of the client, are remembered.
D. Integrate the incoming information from the client with information that is already known.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 17
An auditor is using an internal control questionnaire as part of a preliminary survey. Which of the following
is the best reason for the auditor to interview management regarding the questionnaire responses?
A.
B.
C.
D.
Interviews provide the opportunity to insert questions to probe promising areas.
Interviews are the most efficient way to upgrade the information to the level of objective evidence.
Interviewing is the least costly audit technique when a large amount of information is involved.
Interviewing is the only audit procedure which does not require confirmation of the information that is
obtained.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 18
Many questionnaires are made up of a series of different questions that use the same response categories
(for example: strongly agree, agree, neither, disagree, strongly disagree). Some designs will have different
groups of respondents answer alternate versions of the questionnaire that present the questions in different
orders and reverse the orientation of the endpoints of the scale (for example:
agree on the right and disagree on the left). The purpose of such questionnaire variations is to:
A.
B.
C.
D.
Eliminate intentional misrepresentations.
Reduce the effects of pattern response tendencies.
Test whether respondents are reading the questionnaire.
Make it possible to get information about more than one population parameter using the same
questions.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 19
An auditor used a questionnaire during an interview to gather information about the nature of credit sales
processing. The questionnaire did not cover some pertinent information offered by the person being
interviewed, and the auditor did not document the potential problems for further investigation.
The primary deficiency with the above process is that:
A.
B.
C.
D.
The auditor failed to consider the importance of the information offered.
A questionnaire was used in a situation where a structured interview should have been used.
Using a questionnaire precludes the auditor from documenting other information.
The engagement program was incomplete.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 20
The use of standard operating procedure questionnaires in audit fieldwork can be beneficial because.
A. These questionnaires can both identify discrepancies and educate clients.
B. Standard operating procedures are essential to the effectiveness and efficiency of operations.
C. These questionnaires are more comprehensive than are other types of techniques for gathering data
during fieldwork.
D. These questionnaires do not normally require prior clearance with management of the audited area.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 21
Checklists used to assess audit risk have been criticized for all of the following reasons except:
A.
B.
C.
D.
Providing a false sense of security that all relevant factors are addressed.
Inappropriately implying equal weight to each item on the checklist.
Decreasing the uniformity of data acquisition.
Being incapable of translating the experience or sound reasoning intended to be captured by each item
on the checklist.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
straight answer.
QUESTION 22
A limitation of using ratio analysis in an audit engagement is that it:
A. Often uses financial information provided by management which has not been reviewed for reliability
and validity.
B. Is an expensive method of testing.
C. Requires computer software in order to develop meaningful interpretations of data.
D. Is useful only when comparisons can be made across other industries.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 23
Which of the following would cause a company's accounts receivable turnover ratio to decrease steadily
over a three-year period?
A. An increase in the discount offered for early payment.
B. A more liberal credit policy.
http://www.gratisexam.com/
C. Invoices provided on a weekly rather than a monthly basis.
D. Increased cash sales.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
answer is real.
QUESTION 24
Which of the following would be the best audit procedure to use to determine if a division's unusually high
sales and gross margin for November and December were the result of fraudulently recorded sales?
A. Trace a sample of shipping documents to related sales invoices to verify proper billing.
B. Confirm accounts receivable balances with customers.
C. Compare sales and gross margin totals with those of the previous ten months and the first month of the
following year.
D. Use regression analysis techniques to estimate the sales and cost of goods sold for November and
December.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
satisfied with the answer.
QUESTION 25
Which of the following factors could interfere with effective problem solving by an internal auditor?
A. Reacting to previous experiences with clients.
II. Focusing only on the most likely cause.
III. Correcting the symptoms of problems.
B. I only
C. III only
D. I and II only
E. I, II, and III
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 26
A company owns a machine that will produce 100 light switches in four hours. Due to increased demand, a
second machine capable of producing 100 light switches in three hours has been added.
Approximately how many hours will it take to produce 100 light switches using both machines working
together?
A.
B.
C.
D.
7.0
3.5
1.7
0.58
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 27
A retail sales company has discontinued a product that normally sold for $100. During the first month of a
sale of the product, a 20 percent discount was given. Later that sale price was reduced by an additional 40
percent. What was the overall discount from the original selling price?
A. 60 percent.
B. 52 percent.
C. 48 percent.
D. 30 percent.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
nice.
QUESTION 28
A recent survey indicated that residents of a small town take the train to a nearby city eight times per
month, on average. The same survey showed that the number of train trips that a resident takes per month
(y) is determined by the number of days per month that the resident works in the nearby city (x), according
to the equation: y = 2 + 2x. A person who never works in the nearby city is expected to take the train:
A.
B.
C.
D.
Zero times per month.
Two times per month.
Four times per month.
Eight times per month.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 29
A manager of one of a retailer's several retail outlets is stealing cash from cash sales, recording the sales
as accounts receivable, and subsequently writing off the fictitious accounts receivable as bad debts. Which
of the following comparisons would be most effective in signaling the possibility of such a fraud?
A.
B.
C.
D.
Bad debt expense as a percentage of sales, compared to that of the other outlets.
Bad debt expense as a percentage of sales, compared to that of previous years.
Percentage of past-due accounts receivable, compared to that of the other outlets.
Percentage of past-due accounts receivable, compared to that of previous years.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 30
An auditor is performing a review of a complex process to identify opportunities to increase efficiency. What
is the most practical way to document the process to identify areas of inefficiency?
A.
B.
C.
D.
Write a description of the process activities in sequential order.
Develop a PERT (program evaluation and review technique) diagram.
Flowchart the process.
Create a decision tree.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
fit answer.
QUESTION 31
Which of the following methods would an auditor most likely use to document a complex sales order
process?
A. Develop a horizontal flowchart, with supporting documentation for key control points.
B. Create a critical path method chart, noting the processes involved for each step.
C. Perform a process review, assigning time and cost to each step of the process to develop a hierarchy
flowchart.
D. Utilize a systems narrative, which can be updated during subsequent audits.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
up to date answer.
QUESTION 32
An internal auditor is evaluating controls over the purchasing function. The function includes the material
control department, the purchasing department, and the receiving department. Which of the following is
true regarding the presentation of the process flow among the three departments?
A. A vertical flowchart of each department, showing inputs at the top and outputs at the bottom, would be
most useful.
B. Flowcharts are not useful for documenting process flow.
C. A horizontal flowchart, with the departments described across the top and the process flowing
horizontally, would be most useful.
D. Both a flowchart and narratives are needed due to the number of departments involved.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 33
A fast-food company is developing a computer simul-ation involving arrival time at a drive-through
restaurant. The distribution for arrival times is:
Time
Single-Digit Random
Between Arrivals
Probability
Number Assigned
1 minute
0.1
2 minutes
0.2
1, 2
3 minutes
0.3
3, 4, 5
4 minutes
0.4
6, 7, 8, 9
Six random numbers are selected to represent the arrival of six cars: 1, 6, 9, 0, 5, 6. The mean time
between arrivals for these cars, in this run of the simul-ation model, is:
A. 1 minute.
B. 2 minutes.
C. 3 minutes.
D. 4 minutes.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
answer is to the point.
QUESTION 34
The internal auditor of a bank has developed a multiple regression model which has been used for a
number of years to estimate the amount of interest income from commercial loans. During the current year,
the auditor applies the model and discovers that the R2 value has decreased dramatically, but that the
model otherwise seems to be working correctly. Which of the following conclusions is justified by the
change?
A.
B.
C.
D.
Changing to a cross-sectional regression analysis should cause the R2 to increase.
Regression analysis is no longer an appropriate technique to estimate interest income.
Some new factors, not included in the model, are causing interest income to change.
A linear regression analysis would increase the model's reliability.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 35
Five brand managers in a consumer products company met to determine how well certain promotions had
performed. The data that they needed to analyze consisted of approximately 50 gigabytes of daily point-ofsale (POS) data for each month. The brand managers tried to download the POS data from the mainframe
and import it into microcomputer spreadsheets for analysis. Their efforts were unsuccessful, most likely
because oF.
A.
B.
C.
D.
The complexity of the mainframe data structure and the large volume of data.
The difficulty of establishing access privileges for each subset of the mainframe data.
Inconsistencies in the mainframe data due to lack of integrity constraints on the data files.
Error-prone transmission links for downloading the data from the mainframe data files.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 36
After completing a net present value (NPV) calculation on a proposed project, an analyst explores the
change in NPV with changes in the interest rate. This additional analysis is referred to as:
A.
B.
C.
D.
Decision analysis.
simul-ation.
Sensitivity analysis.
Variance analysis.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 37
A company used simple regression analysis to analyze maintenance costs against machine hours (MH) for
a 26-week period when the plant was in full operation. The regression yielded the following estimated cost
function:
Maintenance Cost = $60 + $0.25/MH
The regression analysis also generated a coefficient of determination (R2), or goodness of fit, of 0.85.
Which of the following statements regarding this regression analysis is appropriate?
A. This regression can be used to determine the maintenance cost for any period at any activity level by
substituting the machine hours in the equation.
B. The $60 component represents the best estimate of fixed maintenance costs for the company in a
shutdown situation.
C. The $0.25 component is the slope coefficient of the cost estimate and represents the average variable
maintenance cost per machine hour.
D. The coefficient of determination of R2 = 0.85 indicates that the goodness of fit is poor because the value
is close to the maximum value of one.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
valid.
QUESTION 38
Which of the following techniques could be used to evaluate the effectiveness of changes to the operation
of a computer help line?
A.
B.
C.
D.
Benchmarking.
Baseline measurements.
Walk-throughs.
Quality circles.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 39
One method for dealing with the uncertainty of demand forecasts used in linear programming is to extend
the model solution to include.
A.
B.
C.
D.
Sensitivity analysis.
Goal seeking.
Branch-and-bound solutions.
Nonlinear programming.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 40
Which of the following factors is least essential to a successful control self-assessment workshop?
A.
B.
C.
D.
Voting technology.
Facilitation training.
Prior planning.
Group dynamics.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 41
Which of the following would not be characteristic of control self-assessment implemented by an audit
department?
A. An auditor usually facilitates the discussion during the workshop phase while another records comments
for subsequent use.
B. Auditors and business-unit employees work as a team.
C. Auditors perform traditional audit tests to identify control weaknesses.
D. Participants discuss the control weaknesses that hinder the achievement of objectives.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 42
Which of the following is an advantage of control self-assessment (CSA) over conventional auditing
techniques?
A.
B.
C.
D.
CSA evaluates control activities and human resource practices.
CSA provides assurance about whether business objectives will be met.
CSA facilitates obtaining input from subject-matter experts efficiently.
CSA provides assurance that action will be taken to improve deficiencies.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 43
During which of the following systems development stages would it be most useful for an internal auditor to
be involved?
A.
B.
C.
D.
Coding and testing.
User acceptance and post-implementation.
Design and implementation.
Testing and user acceptance.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 44
An auditor decides to vouch a sample of ledger entries back to their original documentation. In terms of
whether all transactions had been recorded, this test would bE.
A.
B.
C.
D.
Relevant to the completeness objective.
Irrelevant to the completeness objective.
A more timely test of completeness than evidence from interviews.
A more biased test of completeness than evidence from interviews.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 45
All of the following tools are employed to control large-scale projects except:
A.
B.
C.
D.
Program evaluation and review technique (PERT).
Critical path method.
Statistical process control.
Gantt charts.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 46
An audit of an organization's claims department determined that a large number of duplicate payments had
been issued due to problems in the claims processing system. During the exit conference, the vice
president of the claims department informed the auditors that attempts to recover the duplicate payments
would be initiated immediately and that the claims processing system would be enhanced within six months
to correct the problems. Based on this response, the chief audit executive should:
A. Adjust the scope of the next regularly scheduled audit to assess controls within the claims processing
system.
B. Discuss the findings with the audit committee and ask the committee to determine the appropriate
follow-up action.
C. Schedule a follow-up engagement within six months to assess the status of corrective action.
D. Monitor the status of corrective action and schedule a follow-up engagement when appropriate.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 47
An audit of a company's accounts payable found that the individuals responsible for maintaining the vendor
master file could also enter vendor invoices into the accounts payable system. During the exit conference,
management agreed to correct this problem. When performing a follow-up engagement of accounts
payable, the auditor should expect to find that management has:
A. Transferred the individuals who maintained the vendor master file to another department to ensure that
responsibilities are appropriately segregated.
B. Compared the vendor and employee master files to determine if any unauthorized vendors have been
added to the vendor master file.
C. Changed the access control system to prevent employees from both entering invoices and approving
payments.
D. Modified the accounts payable system to prevent individuals who maintain the vendor master file from
entering invoices.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 48
What is the primary factor that determines the depth and breadth of audit follow-up?
A.
B.
C.
D.
The engagement client's written response to the audit findings.
The auditor's assessment of risk associated with the audit findings.
The auditor's assessment of personnel responsible for correcting audit findings.
The availability of audit personnel and financial resources.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 49
At the conclusion of an audit of an organization's treasury department, a report was issued to the treasurer,
chief financial officer, president, and board. Because of the sensitivity of some findings, a follow-up review
was performed. The auditor should provide the report of follow-up findings to the.
A. Treasurer.
II. Chief financial officer.
III. President.
IV. Board.
B. I and II only
C. III and IV only
D. I, II, and III only
E. I, II, III, and IV.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 50
When interrogating an individual who is suspected of fraud, it is appropriate to:
A. Tell the individual that any information disclosed in the interrogation will not be disclosed outside of the
company.
B. Start the interview with questions to which the interviewer already knows the answer.
C. Discontinue questioning once the individual has confessed to the fraud.
D. Prepare a list of questions prior to the interrogation and strictly adhere to the list.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 51
Questions used to interrogate individuals suspected of fraud should:
A.
B.
C.
D.
Adhere to a predetermined order.
Cover more than one subject or topic.
Move from general to specific.
Direct the individual to a desired answer.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 52
A chief audit executive (CAE) suspects that several employees have used desktop computers for personal
gain. In conducting an investigation, the primary reason that the CAE would choose to engage a forensic
information systems auditor rather than using the organization's information systems auditor is that a
forensic information systems auditor would possess:
A. Knowledge of the computing system that would enable a more comprehensive assessment of the
computer use and abuse.
B. Knowledge of what constitutes evidence acceptable in a court of law.
C. Superior analytical skills that would facilitate the identification of computer abuse.
D. Superior documentation and organization skills that would facilitate in the presentation of findings to
senior management and the board.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 53
While conducting a payroll audit, an internal auditor in a large government organization found inadequate
segregation in the duties assigned to the assistant director of personnel. When the auditor explained the
risk of fraud, the assistant director became upset, terminated the interview, and threatened to sue the
organization for defamation of character if the audit engagement was not curtailed. The auditor discussed
the situation with the chief audit executive (CAE). The CAE should then:
A. Curtail the audit engagement to avoid potential legal action.
B. Provide a report to senior management recommending a fraud investigation.
C. Continue the original engagement program as planned but include a comment about the assistant
director's reaction in the engagement final communication.
D. Add additional testing to determine whether other indicators of fraud exist.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 54
Which of the following is the most appropriate step for the chief audit executive to take in order to avoid
defamation of character of the principal suspect in a fraud investigation?
A. Restrict the use of potentially damaging words to privileged reports or discussions.
B. Label all workpapers, reports, and correspondence of the internal audit activity as private.
C. Restrict discussions of the fraud to members of management who express an interest in the
investigation.
D. Destroy all investigation workpapers and reports if the fraud cannot be proven.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 55
The scope of a consulting engagement performed by internal auditors should:
A.
B.
C.
D.
Be sufficient to address the objectives agreed upon with the client.
Exclude areas that might be the subject of subsequent assurance engagements.
Be limited to activities within the current operating period.
Be preapproved in conjunction with the annual plan of consulting engagements.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 56
The following are potential sources of evidence regarding the effectiveness of a division's total quality
management program. The least persuasive evidence would be a comparison oF.
http://www.gratisexam.com/
A.
B.
C.
D.
Employee morale before and after program implementation.
Scrap and rework costs before and after program implementation.
Customer returns before and after program implementation.
Manufacturing and distribution costs per unit before and after program implementation.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 57
A chief audit executive (CAE) of a major retailer has engaged an independent firm of information security
specialists to perform specialized internal audit activities. The CAE can rely on the specialists' work only if it
is:
A.
B.
C.
D.
Performed in accordance with the terms of the contract.
Carried out in accordance with the Standards.
Performed under the supervision of the information technology department.
Carried out using standard review procedures for retailers.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 58
When conducting a performance appraisal of an internal auditor who has been a below-average performer,
it is not appropriate to:
A.
B.
C.
D.
Notify the internal auditor of the upcoming appraisal several days in advance.
Use objective, impartial language.
Use generalizations.
Document the appraisal.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 59
An organization contracted a third party to construct a new facility that was estimated to cost $25 million.
Which of the following is the most pertinent reason for the organization to audit the contractor's records?
A.
B.
C.
D.
The contract includes a right-to-audit clause.
The contractor will be paid on a cost-plus basis.
The estimated cost is high.
The contractor has subcontracted much of the work.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 60
Which of the following would not be an appropriate step for an internal auditor to perform during an
assessment of compliance with an organization's privacy policy?
A. Determine who can access databases containing confidential information.
B. Evaluate the organization's privacy policy to determine if appropriate information is covered.
C. Analyze access to permanent files and reports containing confidential information.
D. Evaluate the government's security measures related to confidential information received from the
organization.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 61
An internal auditor for a financial institution has just completed an audit of loan processing. Of the 81 loans
approved by the loan committee, the auditor found seven loans which exceeded the approved amount.
Which of the following actions would be inappropriate on the part of the auditor?
A. Examine the seven loans to determine if there is a pattern. Summarize amounts and include in the
engagement final communication.
B. Report the amounts to the loan committee and leave it up to them to correct. Take no further follow- up
action at this time and do not include the items in the engagement final communication.
C. Follow up with the appropriate vice president and include the vice president's acknowledgment of the
situation in the engagement final communication.
D. Determine the amount of the differences and make an assessment as to whether the dollar differences
are material. If the amounts are not material, not in violation of government regulations, and can be
rationally explained, omit the observation from the engagement final communication.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 62
During a systems development audit, software developers indicated that all programs were moved from the
development environment to the production environment and then tested in the production environment.
What should the auditor recommend?
A. Implement a test environment to ensure that testing is not performed in the production environment.
II. Require developers to move modified programs from the development environment to the test
environment and from the test environment to the production environment.
III. Eliminate access by developers to the production environment.
B. I only
C. III only
D. I and II only
E. I and III only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 63
A post-audit questionnaire sent to audit clients is an effective mechanism for:
A.
B.
C.
D.
Substantiating audit observations.
Promoting the internal audit activity.
Improving future audit engagements.
Validating process flow.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 64
Which of the following must an auditor establish in order to demonstrate that fraud has occurred?
A.
B.
C.
D.
Monetary damage to the victim.
The suspect's intent.
Existence of an internal control deficiency.
Evidence of collusion.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 65
Which of the following would be the least important reason for a company to merge with another company?
A.
B.
C.
D.
To diversify risk.
As a response to new government policy.
To reduce labor costs.
To increase stock prices.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 66
Which of the following potential performance measures should an auditor recommend excluding from a
performance scorecard?
A.
B.
C.
D.
Number of employees.
Market share.
Number of customer complaints.
Training dollars per employee.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 67
Which of the following is the best approach for obtaining feedback from engagement clients regarding the
quality of internal audit work?
A. Ask questions during the exit interviews and send copies of the documented responses to the clients.
B. Call engagement clients after the exit interviews and send copies of the documented responses to the
clients.
C. Distribute questionnaires to selected engagement clients shortly before preparing the internal audit
annual activity report.
D. Provide questionnaires to engagement clients at the beginning of each engagement and request that
the clients complete and return them after the engagements.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 68
After completing a fraud investigation but before publishing a formal written report, the chief audit executive
should submit a draft of the final report to the organization's:
A.
B.
C.
D.
Legal counsel.
External auditor.
Audit committee chairperson.
Chief executive officer.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 69
Senior management of an organization has requested that the internal audit activity provide ongoing
internal control training for all managerial personnel. This is best addressed by:
A.
B.
C.
D.
A formal consulting engagement.
An informal consulting engagement.
A performance assurance engagement.
An operational assurance engagement.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 70
A key to effective benchmarking in a consulting engagement is identifying the issues that can be:
A.
B.
C.
D.
Reviewed by all internal audit staff members.
Shared with all internal audit customers.
Measured and controlled by the engagement client.
Discussed with the board or audit committee.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 71
After issuance of the engagement final communication for an audit of an organization's accounts payable
function, which of the following should be sent satisfaction surveys?
A. Manager of disbursements.
II. Controller.
III. Chief operating officer.
IV. Audit committee members.
B. I only
C. I and II only
D. II and III only
E. II, III, and IV only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 72
In a client satisfaction survey for an internal audit engagement, client management should be asked to
assess which of the following factors?
A. Audit team's knowledge of the audited area.
II. Usefulness of the audit results.
III. Quality of management of the internal audit activity.
IV. Clarity of the scope and objectives of the audit engagement.
B. I and II only
C. II and IV only
D. I, II, and IV only
E. I, III, and IV only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 73
In response to an accounts receivable confirmation, a customer indicated that the invoice listed on the
confirmation letter had been paid two months earlier.
This may indicate that:
A.
B.
C.
D.
The receivable was selected for confirmation in error.
The customer is a bad credit risk.
The receivable should be written off.
Fraudulent activity has occurred.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 74
Which of the following conclusions would be appropriate for a beginning auditor performing an audit of a
payroll department?
A. Employee taxes have been deducted at the correct rates, and the taxes have been forwarded to the
appropriate government agency.
B. Although there is insufficient segregation of duties, the impact is mitigated by compensating controls.
C. The payroll computer system should be replaced.
D. The payroll department staff has the appropriate level of skills.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 75
An audit of customer accounts receivable found that outstanding receivables as a percentage of revenue
had increased significantly during the past two years. The increase was attributed to the extension of credit,
at the urging of the marketing department, to a number of companies that were not creditworthy. Which of
the following would be least useful in monitoring the disposition of this finding?
A. Responses from the manager of accounts receivable regarding collection of outstanding receivables.
B. Periodic updates from the controller regarding the status of corrective actions.
C. Information from the credit and marketing personnel assigned the responsibility for reevaluating credit
policies.
D. Updates from the information technology division regarding implementation of a new accounts
receivable system.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 76
During an audit of a major metropolitan museum, an auditor was unable to locate selected items from the
museum's collection. The director of the museum informed the auditor that the upcoming replacement of
the museum's inventory tracking system would address the auditor's concerns. What follow-up activity
should the auditor propose?
A. Receive periodic feedback from museum staff regarding the status of the system implementation.
B. Monitor the system implementation and schedule a follow-up review once the new system is in place.
C. Determine whether the items are indeed missing and assess the ability of the new system to remedy the
problem.
D. Schedule an audit of the museum's security systems to determine if theft is a problem.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 77
An audit of a Web-based third-party payment processor determined that a programming error enabled
customers to create multiple accounts for each mailing address. This caused problems during the
processing of credit card transactions. Management agreed to correct the program and notify customers
with multiple accounts that the accounts would be consolidated. What should the auditor do in response?
A. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts
B.
C.
D.
E.
were consolidated.
II. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
III. Schedule a follow-up review to verify that the program was corrected and the accounts were
consolidated.
IV. Do nothing because management has agreed to address the problem.
III only
IV only
I and II only
II and III only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 78
A company's cellular phone costs vary significantly by sales representative and by month. Which of the
following would be the most appropriate approach for a consulting project concerning this issue?
A.
B.
C.
D.
Control self-assessment involving sales representatives.
Benchmarking with other cellular phone users.
Business process review of cellular phone needs.
Performance measurement and design of the budgeting process.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 79
Which of the following would be the most effective method to prevent installation of new equipment that
does not meet environmental permit requirements, or to prevent modification of current processes in such a
way that they no longer meet permit requirements?
A. Require that the environmental compliance department perform regular inspections of the
manufacturing facility to identify new equipment or process modifications in progress.
B. Rely on annual inspections by various regulatory agencies to identify equipment or processes that
require a permit.
C. Require that the staff of the environmental compliance department attend monthly safety meetings in
different parts of the facility so that they can hear directly from the workers about any changes.
D. Include the environmental compliance department in the review of proposed process changes and
equipment purchases affecting permit requirements.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 80
Which of the following types of internal audit consulting engagements is an example of a facilitation
service?
A. Conducting control self-assessment workshops.
II. Participating on standing committees.
B.
C.
D.
E.
F.
III. Reviewing regulatory compliance.
IV. Benchmarking.
Estimating savings from outsourcing processes.
I and IV only
I, III, and IV only
II, III, and V only
I, II, III, IV, and V.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 81
Which of the following best defines an engagement conclusion?
A.
B.
C.
D.
An auditor's determination of the cause of an engagement observation.
An auditor's professional judgment of the situation which was reviewed.
An opinion that must be included in the engagement final communication.
A recommendation for corrective action.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 82
While investigating a compromised Web server, an auditor found that the Web server logs had been
deleted. The auditor should recommend that the Web server logs bE.
A.
B.
C.
D.
Generated and maintained on a separate secure server.
Accessible by administrative users only
Encrypted to ensure that the logs cannot be deleted.
Restored automatically to the Web server from backup files.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 83
Which of the following actions by management would reduce an employee's opportunity to commit fraud?
A.
B.
C.
D.
Establishing physical controls over company assets.
Eliminating bonuses tied to sales or other performance goals.
Defining ethical behavior expectations in the company handbook.
Identifying consequences, such as termination, for fraudulent activities.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 84
Which of the following are typical steps in the design of an organization's performance measurement
system?
A. Understand organizational strategy; perform a situational assessment; establish measurement
categories; and take actions based upon measurement results.
B. Categorize performance measures; establish a data collection plan; analyze data; and predict future
performance.
C. Establish a measurement plan; create an organizational strategy linked to those measurements; trend
measurement data; and measure data variability.
D. Perform a situational assessment; generate macro measurements; review measurement data; and
change strategy based upon measurement results.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 85
When interviewing an individual suspected of fraud, what type of questions would be asked after the
introductory questions?
A.
B.
C.
D.
Informational questions.
Admission-seeking questions.
Assessment questions.
Closing questions.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 86
Which of the following activities would be performed during a benchmarking consulting engagement?
A. Collect data relevant to the benchmarking process.
II. Review all business processes.
III. Define critical success factors.
IV. Identify performance gaps.
B. I and III only
C. II and IV only
D. I, II, and III only
E. I, III, and IV only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 87
Which of the following tests must an internal auditor perform in order to ensure that inbound electronic data
interchange (EDI) transactions are received and translated accurately?
A. Computerized tests to assess transaction reasonableness and validity.
II. Review of log books to ensure that transactions are logged upon receipt.
III. Edit checks to identify unusual transactions.
IV. Verification of limitations on the authority of users to initiate specific EDI transactions.
B. I and IV only
C. II and III only
D. I, II, and III only
E. I, II, III, and IV.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 88
A chief audit executive has noticed that staff auditors are presenting more oral reports to supplement
written reports. The best reason for the increased use of oral reports is that they:
A.
B.
C.
D.
Reduce the amount of testing required to support audit findings.
Can be delivered in an informal manner without preparation.
Can be prepared using a flexible format and reduce the information included in the written report.
Permit auditors to counter arguments and provide additional information that the audience may require.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 89
Which of the following is a responsibility of the internal auditor once a fraud investigation has been
concluded?
A.
B.
C.
D.
Ascertain the extent to which fraud has been perpetrated.
Notify the appropriate regulatory authorities regarding the outcome of the investigation.
Determine if controls need to be implemented or strengthened to reduce future vulnerability.
Implement controls to prevent future occurrences.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 90
A bank is developing an integrated customer information system. The type of audit involvement that would
most likely help avoid implementation of a system that does not cover all types of accounts would be:
A.
B.
C.
D.
A design review.
An application control review.
A source code review.
An access control review.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 91
The internal audit activity can be involved with systems development continuously, immediately prior to
implementation, after implementation, or not at all. An advantage of continuous internal audit involvement
compared to the other types of involvement is that:
A.
B.
C.
D.
The cost of audit involvement can be minimized.
There are clearly defined points at which to issue audit comments.
Redesign costs can be minimized.
The threat of lack of audit independence can be minimized.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 92
In a review of an electronic data interchange application using a third-party service provider, the auditor
should:
A. Ensure encryption keys meet International Organization for Standardization (ISO) standards.
II. Determine whether an independent review of the service provider's operation has been conducted.
III. Verify that only public-switched data networks are used by the service provider.
IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit.
B. I and II only
C. I and IV only
D. II and III only
E. II and IV only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 93
Once an audit report is drafted, the auditor's supervisor should review it primarily to ensure that all:
A.
B.
C.
D.
Statements are supported and can be authenticated.
Recommendations for corrective action are clear.
Processes within the audited area were reviewed.
Sample sizes appear appropriate for any issues found.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 94
In preparing to facilitate a control self-assessment session, an auditor would be least likely to ensure that:
A.
B.
C.
D.
Key stakeholders are represented in the group.
An independent content expert is available to help settle disagreements.
Background research is completed to familiarize the auditor with relevant issues.
Management is consulted on the issues and priorities.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 95
What decision-making approach should a facilitator initiate if a group addresses an unfamiliar situation
during a control self-assessment session?
A.
B.
C.
D.
Spontaneous agreement.
Consensus building.
Majority voting.
Compromise.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 96
If participants in a control self-assessment workshop begin breaking their agreed-upon ground rules, the
facilitator should:
A.
B.
C.
D.
Ignore the behavior and continue the workshop.
Allow them to continue briefly and then remind them of the ground rules.
Have the participants modify the ground rules.
Strictly enforce the ground rules.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 97
Which of the following is the first step in the process where auditors and clients work together to evaluate
the clients' system of internal control?
A.
B.
C.
D.
Assess risks.
Develop questionnaires.
Identify and assess controls.
Identify objectives.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 98
An internal auditor has a recommendation to change operations which could potentially increase profits by
$50,000. The best way to sell this recommendation to management is to:
A. Carefully work out the details of implementation before presenting it to department management.
B. Discuss it with operating supervisors who are directly affected by the change, and then with department
management.
C. Bring it to the audit manager, who should bring it immediately to senior management's attention.
D. Wait until the exit conference to discuss it in order to ensure all affected parties are present.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 99
A chief audit executive agrees to conduct an engagement that will focus on customers' perceptions of the
quality of the organization's products and services. Which of the following issues should be addressed first?
A.
B.
C.
D.
Cost-effectiveness.
Quality control.
Customer complaints.
Supplier deliveries.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 100
During an information security audit, an auditor discovers that the current disaster recovery plan was
developed three years ago but never tested. There have been significant changes to information systems
since the plan was developed. The auditor should:
A.
B.
C.
D.
Ask management to test the recovery plan immediately.
Recommend that management and users update and test the recovery plan.
Update the recovery plan for management as part of the review.
Review the recovery plan and report weaknesses to management.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 101
The most effective method of reporting engagement results to management and stimulating action is to:
A.
B.
C.
D.
Deliver a lecture on the engagement results.
Limit verbal commentary and present a series of slides that graphically depict the engagement results.
Use slides to support a discussion of major points.
Distribute copies of the report, ask the participants to read the report, and ask for questions.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 102
Which of the following items should be addressed in an organization's privacy statement?
A. Intended use of collected information.
II.
Data storage and security.
III.
Network/infrastructure authentication controls.
IV.
Data retention policy of the organization.
Parties authorized to access information.
B. I and II only
C. I and IV only
D. I, II, and V only
E. II, III, IV, and V only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 103
An internal auditor is conducting tests to determine if an organization is in compliance with its payment
approval policies. After reviewing a sample of vouchers selected, the internal auditor concluded that there
were indicators of fraud. Which of the following would be the most appropriate method to expand the audit
test to achieve the audit objective?
A. Validate the completeness of the accounts payable files.
II.
Examine the sample of vouchers in greater detail.
III.
Increase the number of vouchers in the sample.
IV.
Broaden the scope of the examination to include credits received by accounts payable.
B. I and II only
C. II and III only
D. I, II, and IV only
E. I, III, and IV only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 104
During a review of performance measures in an organization's purchasing function, the preliminary survey
indicates that most of the measures have been in use for some time. The internal auditor should:
A. Review the data that was used to develop the measures.
B. Perform benchmarking in order to verify that the measures being used are meaningful.
C. Establish the history of the measures and reasons for use.
D. Report that the measures being used are out-of-date and should be improved.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 105
What is the primary reason for having audit management approve audit engagement reports?
A.
B.
C.
D.
To ensure that client concerns are appropriately addressed.
To confirm proper format, grammar, and punctuation.
To verify that senior management supports the report's conclusions.
To validate that report findings are substantiated.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 106
Which of the following best defines an audit opinion?
A. A summary of the significant audit observations and recommendations.
B. An auditor's evaluation of the effects of the observations and recommendations on the activities
reviewed.
C. A conclusion which must be included in the audit report.
D. A recommendation for corrective action.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 107
Which of the following is typically not a reason for committing financial statement fraud?
A.
B.
C.
D.
To dispel negative market perception.
To disguise a duplicate payment to a vendor.
To obtain more favorable terms on financing.
To receive performance-related bonuses.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 108
Which of the following is a red flag associated with fictitious revenues?
A.
B.
C.
D.
Slow growth or unusually low profitability.
Unusual decrease in the number of days' sales in receivables.
Substantial increase in receivables turnover.
Significant transactions with related parties.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 109
Which of the following is a red flag associated with improper asset valuation?
A.
B.
C.
D.
Unusual increase in gross margin.
Unusual decrease in the number of days' purchases in inventory.
Recurring positive cash flows from operations.
Allowance for bad debts that is increasing in percentage terms.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 110
To furnish useful and timely information and promote improvements in operations, internal auditors should
provide:
A.
B.
C.
D.
Senior management with reports that emphasize the operational details of defective conditions.
Operating management with reports that emphasize general concerns and risks.
Information in written form before it is discussed with the engagement client.
Reports that meet the expectations of both operational and senior management.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 111
An auditor evaluating excessive product rejection rates should investigatE.
A. Communication between sales and production departments on sales returns.
II.
Volume of product sales year-to-date in comparison to prior year-to-date.
III.
Changes in credit ratings of customers versus sales to those customers.
IV.
Detailed product scrap accounts and accumulations.
B. I and III only
C. I and IV only
D. II, III, and IV only
E. I, II, III, and IV.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 112
Which of the following is the correct ratio to use in calculating the dollar value of the population if the auditor
is using ratio estimation?
Number of Items
Audited Value
Carrying Amount
Sample
$500,000
$480,000
Population
3,000
$5,000,000
A.
B.
C.
D.
0.10
0.96
1.04
10.00
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 113
During an audit of a major contract, an auditor finds that actual hours and dollars billed are consistently at
or near budgeted amounts. This condition is a red flag for which of the following procurement fraud
schemes?
A.
B.
C.
D.
Defective pricing.
Cost mischarging.
Fictitious vendor.
Bid rotation.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 114
A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a
gambling habit. The gambling issue is not directly related to the existing engagement and there is pressure
to complete the current engagement. The auditor notes the problem and forwards the information to the
chief audit executive but performs no further follow-up. The auditor's actions woulD.
A. Be in violation of the IIA Code of Ethics for withholding meaningful information.
II.
Be in violation of the Standards because the auditor did not properly follow up on a red flag that might
indicate the existence of fraud.
III.
B.
C.
D.
E.
Not be in violation of either the IIA Code of Ethics or Standards.
I only
II only
III only
I and II only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 115
An internal auditor has completed an audit of an organization's activities and is ready to issue a report.
However, the client disagrees with the internal auditor's conclusions. The auditor should:
A. Withhold the issuance of the audit report until agreement on the issues is obtained.
B. Issue the audit report and state both the auditor and client positions and the reasons for the
disagreement.
C. Issue the audit report and omit the client's conclusion as it is not the opinion of the internal auditor.
D. Perform additional work, with the client's concurrence, to resolve the areas of disagreement and delay
the issuance of the report until agreement is reached.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 116
Which of the following is an advantage of an interim report?
A. An interim report provides timely feedback to the audit engagement client.
II.
An interim report provides a mechanism for communicating information on red flags promptly while they
are being investigated.
III.
An interim report provides an opportunity for auditor follow-up of findings before the engagement is
completed.
IV.
An interim report increases the probability that corrective action will be initiated more quickly.
B. I and IV only
C. II and III only
D. I, III, and IV only
E. I, II, III, and IV.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 117
An internal auditor recommended that an organization implement computerized controls in its sales system
in order to prevent sales representatives from executing contracts in excess of their delegated authority
levels. A follow-up review found that the sales system had not been modified, but a process had been
implemented to obtain written approval by the vice president of sales for all contracts in excess of $1
million. The chief audit executive (CAE) would be justified in reporting this situation to the organization's
board iF.
A. In the opinion of the CAE, the level of residual risk assumed by senior management is too high.
II.
Testing of compliance with the new process finds that all new contracts in excess of $1 million have
been approved by the vice president of sales.
III.
The cost of modifying the sales system to include a preventive control is less than $100,000.
B. I only
C. III only
D. I and III only
E. I, II, and III
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 118
Which of the following factors would not be considered in determining appropriate follow-up procedures?
A.
B.
C.
D.
The significance of the audit finding.
The effort and cost needed to correct the reported condition.
The availability of funds in the audited department's budget to correct the reported condition.
The potential consequences if the corrective action fails.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 119
Persuasive evidence indicates that a member of senior management has been involved in insider trading
that would be considered fraudulent. However, the evidence was encountered during an operational audit
and is not considered relevant to the audit. Which of the following is the most appropriate action for the
chief audit executive to take?
A. Report the evidence to external legal counsel for investigation. Report the legal counsel findings to
management.
B. Report the evidence to the chairperson of the audit committee and recommend an investigation.
C. Conduct sufficient audit work to conclude whether fraudulent activity has taken place, then report the
findings to the chairperson of the audit committee and to government officials if appropriate action is not
taken.
D. Discontinue audit work associated with the insider trading since it is not relevant to the existing audit.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 120
What is the most likely source of information for a detailed schedule of a company's insurance policies in
force?
http://www.gratisexam.com/
A. Original journal entries found in the cash disbursements journal, along with supporting checks
processed by the bank.
B. Policies and procedures governing insurance coverage.
C. The current fiscal year's budget for insurance, together with the beginning balance of the prepaid
insurance account.
D. The files containing insurance policies with various carriers.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 121
Confirmation would be most effective in addressing the existence assertion for:
A.
B.
C.
D.
The addition of a milling machine to a machine shop.
Sales of merchandise during the regular course of business.
Inventory held on consignment.
The granting of a patent for a special process developed by the organization.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 122
In a payroll audit, a staff auditor suspects that signatures on some of the documents being sampled for
examination are not authentic. What action should the auditor take before proceeding with the
examination?
A. Suggest to the payroll manager that the suspicious documents should be sent to the organization's
security department for forensic review.
B. Keep the suspicious documents in the workpaper file until the end of the engagement, and then discuss
the suspicions with the payroll manager.
C. Discuss the suspicious documents with payroll staff to seek their views on the authenticity of the
signatures.
D. Review the suspicious documents with the chief audit executive and seek advice concerning further
examination.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 123
In evaluating the validity of different types of audit evidence, which of the following conclusions is not
correct?
A. Recomputation, though highly valid, is limited in usefulness due to its limited scope.
B. The validity of documentary evidence is independent of the effectiveness of the control system in which
it was created.
C. Internally created documentary evidence is considered less valid than externally created documentary
evidence.
D. The validity of confirmations varies directly with the independence of the party receiving the
confirmation.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 124
Which of the following types of sampling techniques should an internal auditor use when testing the
effectiveness of internal controls?
A.
B.
C.
D.
Mean-per-unit sampling.
Attributes sampling.
Variables sampling.
Dollar-unit sampling.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 125
What type of analysis is performed when an auditor tests for unusual variations in information by comparing
the number of employees working at a factory site with the direct cost of production each month over a
period of one year?
A.
B.
C.
D.
Trend analysis.
Ratio analysis.
Regression analysis.
Horizontal analysis.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 126
Which of the following data sources would provide the least valid data for an audit of a retail store's
customer service?
A. A graph that compares staffing levels for selected times with store traffic (number of customers) over
the same time period.
B. A random survey of customer satisfaction given to customers as they leave the store.
C. Interviews of randomly selected service personnel regarding the quality of service that they provide.
D. A graph of customer service training across stores, comparing training with overall levels of service
satisfaction.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 127
Which of the following examples of audit evidence is the most persuasive?
A.
B.
C.
D.
Real estate deeds, which were properly recorded with a government agency.
Canceled checks written by the treasurer and returned from a bank.
Time cards for employees, which are stored by a manager.
Vendor invoices filed by the accounting department.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 128
In reviewing the appropriateness of the minimum quantity level of inventory established by a department, an
auditor would be least likely to consider:
A.
B.
C.
D.
Stockout costs, including lost customers.
Seasonal variations in forecasting inventory demand.
Optimal order sizes determined by an economic order quantity model.
The potential for obsolescence of inventory items.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 129
During an audit, an employee, who does not want to be identified, offers to provide information that would
be damaging to the organization and may concern illegal activities. Which of the following actions by the
auditor would not be consistent with the IIA Code of Ethics and Standards?
A. Promising to maintain the employee's anonymity and listening to the information.
B. Suggesting that the employee consider talking to legal counsel.
C. Informing the employee that an attempt will be made to keep the source of the information confidential
while looking into the matter further.
D. Informing the employee of other methods of communicating this type of information.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 130
Which of the following would have the least impact (either positive or negative) on an assessment of a
department's control environment?
A. The department managed long-term investments, including investment in derivatives and other financial
instruments, to maximize return.
B. The department manager sets a tone of honesty and integrity in all business dealings and this tone is
emulated by department personnel.
C. Many department functions were duplicated or verified by other department employees as part of the
department's normal procedures.
D. Audit tests designed to verify compliance with control procedures detected a general failure to follow
standard procedures for transaction authorization.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 131
A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves
rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A
partial list of risk factors and the ratings given to three of the bank's departments is provided below:
Which of the following statements regarding risk in the department is true?
A. As compared to departments A and C, department B has a stronger control system to compensate for
the greater complexity of the department's transactions and dollar value of its assets.
B. The internal audit activity should schedule audits of department B more often than audits of department
C because of the relative control strength of department C as compared to department B.
C. The nature of department A's control structure may be justified by the nature of the department's assets
and the complexity of its transactions.
D. The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 132
A chief audit executive (CAE) is evaluating four potential audit engagements based on the following factors:
the engagement's ability to reduce risk to the organization, the engagement's ability to save the organization
money, and the extent of change in the area since the last engagement. The CAE has scored the
engagements for each factor from low to high, assigned points, and calculated an overall ranking. The
results are shown below with the points in parentheses:
Risk Reduction
Cost Savings
Changes
High (3)
Medium (2)
Low (1)
High (3)
Low (1)
High (3)
Low (1)
High (3)
Medium (2)
Medium (2)
Medium (2)
High (3)
If the organization has asked the CAE to consider the cost savings factor to be twice as important as any
other factor, which engagements should the CAE pursue?
A.
B.
C.
D.
1 and 2 only
1 and 3 only
2 and 4 only
3 and 4 only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 133
Which of the following is least likely to vary when conducting audit engagements in different regions of an
international organization?
A.
B.
C.
D.
Application of governmental regulations to business activities.
Work schedules and holidays of the individual regions.
Level of workpaper documentation needed to support audit observations.
Availability of technology and technical support.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 134
Which of the following is not likely to be included as an audit step when assessing vendor performance
policies?
A.
B.
C.
D.
Determine whether agreed-upon lot sizes were sent by vendors.
Determine whether only authorized items were received from vendors.
Determine whether the balances owed to vendors are correct.
Determine whether the quality of the goods purchased from the vendors has been satisfactory.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 135
An organization has developed a large database that tracks employees, employee benefits, payroll
deductions, job classifications, and other similar information. The internal auditor reviews the retirement
benefits plan and determines that the pension and medical benefits have been changed several times in
the past ten years. The auditor wishes to determine whether there is justification to perform further audit
investigation. The most appropriate audit procedure would be to:
A. Review the trend of overall retirement expense over the last ten years. If the retirement expense
increased, it would indicate the need for further investigation.
B. Use generalized audit software to select a monetary-unit sample of retirement pay, and determine
whether each retired employee was paid correctly.
C. Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by
which plan was in effect when the employee retired.
D. Use generalized audit software to select an attributes sample of retirement pay, and perform detailed
testing to determine whether each person chosen was given the proper benefits.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 136
Risk assessments can vary in format, but generally include:
1. A description of identified risks.
2. Tests of audit controls.
3. A system of rating risks.
4. Sample size identification.
A.
B.
C.
D.
1 and 2 only
1 and 3 only
1, 3, and 4 only
2, 3, and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 137
An internal auditor has just undertaken an organization-wide risk assessment. In identifying potential audit
engagements the internal auditor should consider least:
A.
B.
C.
D.
Focusing on the high risk areas as sources of potential engagements.
Focusing in areas not audited last year.
Factoring in management requests.
Focusing on those risks highlighted by the external auditor.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 138
When planning an audit engagement, what should an internal auditor first consider when assessing the risk
of fraud in the area to be audited?
A.
B.
C.
D.
Impact of and exposure to fraud.
Existence of evidence of fraud.
Organizational structure.
Management's risk appetite.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 139
Which of the following actions is related to the preliminary survey process?
A.
B.
C.
D.
Determining if controls are effective.
Preparing the engagement work program.
Identifying the current controls.
Completing a detailed test of controls.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 140
A code of business conduct provides:
A.
B.
C.
D.
A fraud avoidance plan that does not explicitly describe punishments for violations.
A passive method of fraud deterrence.
A program to anonymously report irregularities to authorities.
An alternative to "tone at the top" programs.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 141
The chief executive officer has requested that the chief audit executive (CAE) coordinate the establishment
of an enterprise risk management (ERM) program for the organization. Which of the following would be the
most appropriate action for the CAE?
A.
B.
C.
D.
Accept the request as the role of coordinating ERM is a core function of internal audit.
Decline the request as this role compromises the CAE's objectivity.
Accept the request after consulting with the board and adhering to proper safeguards.
Decline the request as internal audit has limited knowledge and experience of risk at the enterprise level
to undertake the assignment.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 142
Which of the following is the most common method management can use to manage risk within its risk
appetite?
A.
B.
C.
D.
Implementation of controls.
Use of risk registers and dashboard.
Frequent communication of risk appetite for operating personnel.
Continuous evaluations and audits.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 143
Which of the following is an effective way for an internal auditor to improve communications with the client
during a contentious audit?
A. Encourage the client to participate as a partner in the decision-making process to determine the
changes that need to be made.
B. Clearly explain to the client the role of the internal audit activity in the change process.
C. Obtain the support of the board of directors for proposed changes before discussing the changes with
operating management.
D. Speak privately with key client personnel immediately after proposed changes are announced to
address their concerns.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 144
The chief audit executive's responsibility regarding control processes includes:
A. Assisting senior management and the audit committee in the development of an annual assessment
about internal control.
B. Overseeing the establishment of internal control processes.
C. Maintaining the organization's governance processes.
D. Ensuring that the internal audit activity assesses all control processes annually.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 145
Inadequate risk assessment would have the strongest negative impact in which of the following phases of
an audit engagement?
A.
B.
C.
D.
Determining the scope.
Reviewing internal controls.
Testing.
Evaluating findings.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 146
The best method for assessing the relative importance of risk factors is to:
A.
B.
C.
D.
Change the rating of the factors from a 1-3 scale to a 1-5 scale.
Assign weights to the factors based on the comparative impact.
List the risk factors in a priority order.
Use data from an independent source.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 147
Which of the following audit planning activities adds the least value in understanding the current risk
exposures facing the corporation?
A.
B.
C.
D.
Review of organizational strategic plans and operational plans.
Consultation with senior management and the audit committee.
Review of the external auditor's risk assessment.
Review of corporate performance reporting and benchmarking.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 148
The internal audit activity's primary responsibility in a review or examination of the organization by an
external regulatory body is to:
A.
B.
C.
D.
Verify that regulatory reviews occur with adequate frequency.
Provide follow-up to determine if the regulator's findings are appropriately resolved by management.
Prepare documentation for the regulator.
Document the responses to the regulator's findings.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 149
Under what circumstances would internal audit not become involved when intentional misconduct is
suspected?
A.
B.
C.
D.
Management is involved in wrongdoing.
Management is running a parallel investigation.
Management does not believe a trusted employee could be guilty.
Management does not maintain strong internal controls.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 150
During a payroll audit of a large organization, an internal auditor noted that the assistant personnel director
is responsible for many aspects of the computerized payroll system, including adding new employees in the
system; entering direct-deposit information for employees; approving and entering all payroll changes; and
providing training for system users. After discussions with the director of personnel, the auditor concluded
that the director was not comfortable dealing with information technology issues and felt obliged to support
all actions taken by the assistant director. The auditor should:
A. Continue to follow the engagement program because the engagement scope and objectives have
already been discussed with management.
B. Review the engagement program to ensure testing of direct deposits to employee bank accounts is
adequately covered.
C. Recommend to the chief audit executive that a fraud investigation be started.
D. Test a sample of payroll changes to ensure that they were approved by the assistant director before
being processed.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 151
The most effective procedure to verify compliance with a requirement that materials be purchased from the
lowest-priced source is to compare:
A.
B.
C.
D.
Prices paid for selected materials with prices listed on related purchase orders.
Bids obtained for selected purchases with related purchase orders.
Vendors' current prices with prices listed on related purchase orders.
Approved vendor lists with bids obtained for selected purchases.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 152
A major insurance company provides a discount on automobile insurance if the vehicle meets certain safety
criteria. Which of the following audit tests would provide an internal auditor with the best evidence that all
qualifying insured automobiles are receiving the discount?
A. Compare the percentage of automobiles receiving discounts this year to that of last year.
B. Ask managers whether they are aware of the discount criteria and whether they are providing the
discount to all qualifying automobiles.
C. Select a sample of automobiles that are not receiving the discount and determine if they have been
properly excluded.
D. Select a sample of automobiles receiving the discount and determine that the required discount criteria
are being met.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 153
Which of the following best describes the most important criteria when assigning responsibility for specific
tasks required in an audit engagement?
A. Auditors must be given assignments based primarily upon their years of experience.
B. All auditors assigned an audit task must have the knowledge and skills necessary to complete the task
satisfactorily.
C. Tasks must be assigned to the audit team member who is most qualified to perform them.
D. All audit team members must have the skills necessary to satisfactorily complete any task that will be
required in the audit engagement.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 154
Cross-referencing individual payroll time cards to personnel department records and reports would allow an
internal auditor to determine whether:
A.
B.
C.
D.
Individuals are bona fide employees.
Personnel department records agree with payroll accounting records.
Individuals were paid at the proper rates.
Individuals were paid only for time worked.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 155
Which of the following would most likely contribute to discrepancies between receiving reports and the
number of units in a shipment?
A.
B.
C.
D.
Failing to compare the quality of goods received with specifications.
Using inadequate vendor selection procedures.
Accepting improper authorization for purchases.
Indicating the quantities ordered on the receiving department's copy of the purchase order.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 156
Which of the following would have the least significance in an audit of the efficiency of a driver's license
testing facility?
A.
B.
C.
D.
Clerical staff administer written tests to allow examiners more time to supervise driving tests.
Staff are cross-trained to provide backup for other areas of the facility as required.
A point-of-sale cashiering system reduces the need to reenter payment data.
Examiners are required to be recertified on an annual basis.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 157
A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a
direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions
would an internal auditor look for as an indicator of employee theft of food from a specific store?
A.
B.
C.
D.
On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.
On a sunny day, total sales are less than expected when compared to the cost of ingredients used.
Both total sales and cost of ingredients used are greater than expected.
Both total sales and cost of ingredients used are less than expected.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 158
An organization's policies allow buyers to authorize expenditures up to $50,000 without any other approval.
Which of the following audit procedures would be most effective in determining if fraud in the form of
payments to fictitious companies has occurred?
A. Use generalized audit software to list all purchases over $50,000 to determine whether they were
properly approved.
B. Develop a snapshot technique to trace all transactions by suspected buyers.
C. Use generalized audit software to take a random sample of all expenditures under $50,000 to determine
whether they were properly approved.
D. Use generalized audit software to select a sample of paid invoices to new vendors and examine
evidence that shows that services or goods were received.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 159
Production managers for a manufacturing company are authorized to prepare emergency purchase orders
for raw materials. These manually prepared orders do not go through the purchasing department and do
not require a receiving report. The managers forward the invoice and purchase order to the accounting
department for payment. Which of the following internal controls would efficiently prevent abuse of this
system?
A.
B.
C.
D.
Institute a company policy requiring rotation of orders among several suppliers.
Require a manual receiving report from the warehouse prior to payment.
Forbid the use of emergency purchase orders.
Review the level of safety stock.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 160
Which of the following is most appropriate when conducting an interview during the course of a fraud
investigation?
A.
B.
C.
D.
Schedule the interview well in advance.
Explain the detailed purpose to the interviewee.
Assume that the interviewee is guilty.
Have a witness present during the interview.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 161
Which of the following types of contracts would provide the least incentive for a contractor to achieve
economy and efficiency?
A.
B.
C.
D.
Lump-sum contract.
Cost-plus contract.
Unit-price contract.
Indefinite delivery contract.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 162
Which of the following best describes the primary concern of the audit manager upon review of
engagement working papers of an auditor?
A. To ensure adequate control over the custody of working papers is exercised by the auditor.
B. To ensure that as part of the documentation the auditor collected original documents that can
corroborate the audit findings.
C. To ensure that the work papers create background for subsequent reviews.
D. To ensure that the audit programs are followed by the auditor.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 163
Information gathered in a forensic investigation of business fraud is usually gathered with which of the
following standards in mind?
A.
B.
C.
D.
Generally Accepted Auditing Standards.
Generally Accepted Accounting Principles.
The International Professional Practices Framework.
Legal evidence.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Okay.
QUESTION 164
The internal auditor's opinion in terms of due professional care should be:
A.
B.
C.
D.
Limited to the effectiveness of internal controls.
Expressed only when consensus with top management has been achieved.
Based on experience and free of all bias.
Based on sufficient factual evidence.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 165
According to the Standards, which of the following describes the condition attribute when applied to the
observations and recommendations contained in the audit report?
A.
B.
C.
D.
The standards, measures, or expectations used in making an evaluation or verification.
The reason for the difference between the expected state and the actual state.
The factual evidence that the internal auditor found in the course of the examination.
The risk or exposure the organization encounters because the actual state is not consistent with the
criteria.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 166
When determining the nature, timing, and extent of follow up, the chief audit executive considers all of the
following factors except:
A. Significance of the reported observation or recommendation, degree of effort, and cost needed to
correct the reported condition.
B. Impact that may result should the corrective action fail.
C. Authority and responsibility of the person required to take corrective action.
D. Complexity of the corrective action and time period involved.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
actual answer.
QUESTION 167
With which of the following would the internal audit activity discuss findings, conclusions and
recommendations prior to issuance of internal audit report?
1. Business unit management.
2. Chief audit executive.
3. Audit committee.
4. Chief executive officer.
A.
B.
C.
D.
1 and 2 only
1 and 3 only
2 and 3 only
1, 2, 3, and 4
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 168
According to the International Professional Practices Framework, which of the following statements is true
regarding the use of the statement, "Conducted in Conformance with the International Standards for the
Professional Practice of Internal Auditing," when communicating results of a seven-year-old internal audit
activity?
A. The statement may be used only when conducting international engagements.
B. The statement may be used only if the results of the quality assurance and improvement program
support the statement.
C. The statement may be used whether or not the internal audit department has an external quality
assessment review or an independent validation of a self assessment.
D. The statement should not be used for a consulting engagement.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 169
During an engagement, an internal auditor discovered that an organization's policy on delegation of
authority listed six individuals who were no longer employed with the organization. In addition, four
individuals acting with disbursement authority were not identified in the policy as having such authority.
Which of the following is the most effective course of action to address the control weakness?
A. Immediately initiate a complete audit of the disbursement function to determine if significant frauds have
occurred.
B. Recommend that management review the process supporting the policy and make improvements.
C. Advise management to add the four additional names and remove the incorrect names from the policy
to make it current.
D. Review further to ensure that the four individuals do not have the appropriate authority through
delegation.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
ALL right.
QUESTION 170
In which of the following cases is it appropriate for an audit report to not contain management's response
either within the report or as an attachment?
A. Management's response to an audit report is generally not a requirement.
B. Internal controls were found to be properly designed and operating effectively although operations are
deemed inefficient.
C. There was insufficient time to obtain management's response during the draft reporting process.
D. An internal audit report contains no observations.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 171
When performing a compliance audit of the organization's outsourced services, which of the following is
considered the primary engagement objective?
A.
B.
C.
D.
Verifying that the organization does not have the appropriate knowledge and resources in-house.
Ensuring the provider has adequate internal controls in order to protect the quality of their service.
Evaluating the efficiency, effectiveness, economy, and sufficiency of the services provided.
Assessing the provider's adherence to contract and regulatory requirements.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
good answer.
QUESTION 172
Which of the following actions has the least influence on the chief audit executive's development of an audit
plan?
A.
B.
C.
D.
Input from senior management and the board.
An evaluation of the complexity of each audit engagement.
Changes in the organizations structure or budget.
An assessment of risk and exposures affecting the organization.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 173
Which role is not considered a change agent when an organization wants to implement structural changes?
A.
B.
C.
D.
Senior management.
Line management.
Independent consultant.
Shareholder.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 174
Because of an abundance of high priority requests from management, an internal audit activity no longer
has the resources to meet all of its commitments contained in the annual audit plan. Which of the following
would be the best course of action for the chief audit executive to follow?
A.
B.
C.
D.
Continue with the plan and seek opportunities to adjust priorities and reallocate resources.
Present a reassessment of the plan to the board and senior management for consideration.
Reassess the plan and either cancel or divert resources away from the lowest priority activities.
Advise the board immediately and seek their support for additional resources to meet the needs of the
plan.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 175
Why should internal auditors develop a strong relationship with the external auditors?
A.
B.
C.
D.
External auditors offer an additional layer of approval to internal auditors' reports.
External auditors can help improve the effectiveness of internal control sampling techniques.
External auditors can offer an independent and knowledgeable viewpoint.
External auditors can share information gained from work with similar clients.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 176
An internal auditor is planning an assurance engagement. The auditor first reviews the department's
business objectives. What is the next step?
A. Review control activities.
B. Evaluate potential risks.
C. Establish risk management roles.
D. Set the scope of the engagement.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 177
Which characteristic of risk assessment makes it a useful tool for audit planning?
A.
B.
C.
D.
It provides a list of auditable activities in the organization.
It ranks the severity of potentially adverse effects on the organization.
It provides a process for identifying and analyzing potentially adverse effects.
It evaluates the probability that an event or action may adversely affect the organization.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 178
An internal audit manager is supervising an engagement. A senior auditor deviates from the approved
engagement plan but meets all deadlines in the approved time schedule. Which activity is not required for
the audit manager to provide proper engagement supervision?
A.
B.
C.
D.
Actively participate in audit procedures.
Ensure that all engagement objectives are met.
Approve the deviation from the engagement plan.
Ensure compliance with the time schedule.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 179
Which of the following statements is correct regarding the assessment of risk in the annual audit planning
process?
1. Activities requested by management should be considered higher risk than those requested by the audit
committee.
2. Activities with lower budgets can be as high risk as those with higher budgets.
3. The potential financial or adverse exposure should always be considered in the assessment of risk.
A.
B.
C.
D.
1 only
2 only
3 only
2 and 3 only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 180
Management has asked the internal audit activity to perform an operational audit of a division that recently
reported an increase in expenditures in addition to a decrease in profits. However, existing internal audit
resources are currently engaged in a legal compliance audit. Which factor would be considered least
important in deciding whether resources should be removed from the legal compliance audit to the
operational audit?
A.
B.
C.
D.
The increase in expenditures at the division over the past year.
The probability that the legal compliance audit will detect fraud.
The results of the external auditor's most recent financial audit.
The potential for regulatory fines associated with the legal compliance audit.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 181
Given the scarcity of internal audit resources, a chief audit executive (CAE) decides not to schedule a
follow-up of audit recommendations when developing engagement work schedules. Why does the CAE's
decision violate the Standards?
A.
B.
C.
D.
It is not the CAE's responsibility to establish a process for a follow-up.
Lack of resources is not a sufficient reason to forgo a follow-up.
Follow-up actions should take priority over new engagements in scheduling.
When resources are scarce, the follow-up can be incorporated into the next engagement.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 182
As part of a preliminary survey of the purchasing function, an internal auditor reads the department's
policies and procedures manual and concludes that the manual describes the processing steps clearly and
contains an appropriate internal control design. The next engagement objective is to evaluate the operating
effectiveness of internal controls. Which procedure would fulfill this objective most effectively?
A.
B.
C.
D.
Perform
Perform
Perform
Perform
a design test.
a compliance test.
a systems test.
an efficiency test.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 183
An organization has recently incurred significant cost overruns on one of its construction projects.
Management suspects that these overruns were caused by the contractor improperly charging for costs
related to contract change orders. Which of the following procedures are appropriate for testing this
suspicion?
1. Determine if the contractor has received proper approval of change orders from management.
2. Determine if the contractor has billed for original contract work cancelled by the change orders.
3. Determine if the contractor has charged change orders with costs already billed to the original contract.
4. Determine if the contractor has been paid for change orders that have not yet been completed.
A.
B.
C.
D.
1 and 2 only
1 and 3 only
2 and 3 only
3 and 4 only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 184
A consumer electronics company is considering acquiring a small flash memory manufacturer. An internal
auditor has been assigned to determine if the manufacturer's accounts payable contain all outstanding
liabilities. Which audit procedure is not relevant for this objective?
A. Verify the period of liability of subsequent cash disbursements using related supporting documentation.
B. Send confirmations, including zero-balance accounts, to vendors with whom the manufacturer normally
does business.
C. Trace receiving reports issued before the period end to the accounts payable list and vendor invoices.
D. Verify a sample of accounts payable by using related invoices, receiving reports, and purchase orders.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 185
An internal auditor notices that a division has recorded uncharacteristically high sales and gross margins for
the past three months and now suspects the division is reporting fictitious sales. Which course of action
should the auditor follow to determine whether fraud has occurred?
A.
B.
C.
D.
Trace a sample of shipping documents to related sales invoices to verify proper billing.
Send accounts receivable balance confirmations to customers.
Compare the division's sales and gross margins to those of the prior three-month period.
Estimate the sales and cost of goods sold for the three-month period by using regression analysis.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 186
An audit of an organization's fulfillment department discovered that problems in the order processing
system led to a significant number of orders being fulfilled multiple times. During the exit conference, the
head of the department informed the auditors that the processing system would be enhanced within six
months to correct the problems. Which course of action should the chief audit executive follow?
A. Adjust the scope of the next scheduled audit to determine that the problems have been resolved.
B. Monitor the status of corrective action and schedule a follow-up engagement when appropriate.
C. Meet with the audit committee to determine the appropriate follow-up action.
D. Assess the status of corrective action in a follow-up engagement in six months.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 187
When interviewing an individual in relation to a fraud investigation, which course of action should the
internal auditor follow?
A.
B.
C.
D.
Assure the individual that the results of the interview will remain confidential.
Establish a rapport with the subject to encourage openness.
Discontinue questioning once the individual has confessed to the fraud.
Refrain from deviating from the list of questions prepared before the interview.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 188
While performing a follow-up of a concern about equipment-inventory tracking, which course of action is not
necessary for the auditor to take?
A.
B.
C.
D.
Ensure that the steps being taken resolve the condition disclosed by the initial finding.
Ensure that controls have been implemented to prevent the issue from occurring again.
Ensure that the entity has begun to experience benefits as a result of resolving the issue.
Ensure that the inherent risk has been eliminated as a result of resolving the issue.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 189
Because of a new marketing initiative, an organization has reduced requirements for extending credit to
new customers. As a result, outstanding accounts receivable as a percentage of revenue has increased
significantly during the past two years. Which of the following would be least useful in monitoring this
finding?
A. Updates from
B. Updates from
system.
C. Updates from
D. Updates from
the manager of accounts receivable regarding collection of outstanding receivables.
the information technology division regarding development of a new accounts receivable
the controller regarding the status of corrective actions.
the credit and marketing personnel tasked with reevaluating credit policies.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 190
Which of the following tasks would be considered unusual for planning a control self-assessment
workshop?
A.
B.
C.
D.
Conducting interviews to identify relevant issues for the discussion.
Identifying key stakeholders and ensuring they are represented in the group.
Securing an external subject matter expert to arbitrate disputes.
Ensuring that managers are willing to accept constructive criticism.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 191
An internal auditor has been assigned to perform a quality audit on a manufacturing plant. Which course of
action should the auditor perform first?
A.
B.
C.
D.
Compare the planned outputs with the actual outputs.
Ascertain the costs of materials purchased.
Evaluate the plant's ability to meet production quotas.
Review the levels of scrap and rework.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 192
According to IIA guidance, which of the following are acceptable strategies for an internal audit activity (IAA)
to establish or build relationships?
A. Assist executives with their administrative and governance responsibilities, and encourage all IAA
members to develop relationships with the organization's executives.
B. Assist executives with their administrative and governance responsibilities, and ensure that all
communications with the board are formal audit reports or preset agendas.
C. During an engagement, restrict communications with affected executives to matters pertaining to the
engagement; and encourage all IAA members to develop relationships with the organization's
executives.
D. During an engagement, restrict communications with affected executives to matters pertaining to the
engagement; and ensure that all communications with the board are formal audit reports or preset
agendas.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 193
During an audit of an ethics program, which of the following procedures are most appropriate to evaluate
the effectiveness of the program?
· Testing whether corrective actions taken on involved parties breaching the ethics program are adequate.
· Testing whether all employees are mandated through policy to comply with the ethics program. · Testing
whether all employees are required to confirm in writing their compliance with the ethics program.
· Testing through surveys employee's level of understanding and commitment to the ethics program.
A.
B.
C.
D.
1 and 2 only
1 and 4 only
2 and 3 only
3 and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 194
According to IIA guidance, which of the following should be considered when creating policies and
procedures for the internal audit activity (IAA)?
A.
B.
C.
D.
Number of auditors, complexity of audit activities, and structure of the IAA.
Number of auditors, complexity of audit activities, and audit staff skills and competencies.
Number of auditors, structure of the IAA, and audit staff skills and competencies.
Complexity of audit activities, structure of the IAA, and audit staff skills and competencies.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 195
The internal audit activity of an organization obtained approval to add a senior auditor to its staff. The chief
audit executive, audit manager, and audit supervisor each will interview the candidates. According to the
Standards, which of the following best explains the involvement of management in the interview process?
A. Provides audit management with the opportunity to communicate expectations regarding ethical
behavior standards.
B. Enables audit management to outline its quality assurance and improvement program with the senior
auditor.
C. Assists audit management in planning by more effectively allocating the senior auditor to appropriate
audits.
D. Allows audit management to explain the criteria that will be used to evaluate the senior auditor's
performance.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 196
The chief audit executive (CAE) of an organization has established an internal audit activity (IAA) quality
assessment program. According to IIA guidance, which of the following would be part of this program?
A. Assessment of the IAA conducted independently of client feedback, and the review of individual audits
to determine the quality and timeliness of supervision.
B. Assessment of the IAA conducted independently of client feedback, and identified areas of
improvement reviewed at the end of the year.
C. Compliance with a checklist of required audit procedures, and review of individual audits to determine
the quality and timeliness of supervision.
D. Compliance with a checklist of required audit procedures, and identified areas of improvement reviewed
at the end of the year.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 197
The internal audit activity performs the following sequence of risk management activities:
identification, analysis, and evaluation. According to IIA guidance, which of the following assurance
approaches does this describe?
A.
B.
C.
D.
Process elements approach.
Enterprise-wide risk management approach.
Key principles approach.
Maturity model approach.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 198
A chief audit executive (CAE) has decided to add an engagement to the current audit plan which will
exceed available audit resources. Which of the following is the best course of action for the CAE to take?
A. Present the plan change to senior management and request additional resources before going to the
board of directors.
B. Seek approval from senior management and the board of directors for the plan change and advise them
of the issue of limited resources.
C. Add this change to the plan and request senior management to indicate which other engagement
should be deleted to keep the overall plan within resource constraints.
D. Immediately seek additional resources from senior management and the board of directors to meet the
needs of the organization.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 199
While performing an audit of the human resources department, an internal auditor discovered unencrypted
files containing the personal information of employees stored on a public shared drive. According to IIA
guidance, which of the following actions by the auditor would be the most appropriate?
A.
B.
C.
D.
Remove the files containing the social security numbers and personal information.
Communicate the issue to the chief audit executive as well as IT and legal departments.
Change permissions to the shared drive to only allow access to human resources personnel.
Immediately review the audit logs to see if anyone has accessed this information and follow-up.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 200
An auditor-in-charge is preparing her audit team for a consulting engagement at one of the organization's
foreign subsidiaries. According to the Standards, which of the following would not be a necessary step prior
to beginning the engagement?
http://www.gratisexam.com/
A. Verify that none of the audit team worked for the foreign subsidiary within the last year to ensure
independence.
B. Agree, in writing, with the subsidiary's senior management regarding the scope of the engagement.
C. Communicate a time frame as well as a contingency plan in the event the engagement may take longer
than expected.
D. Communicate what logistical support will be provided by the subsidiary for the duration of the
engagement.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 201
The chief audit executive (CAE) of a multinational entity with highly automated and complex operations has
just completed the update of the risk-based audit plan. Interviews with management revealed the
introduction of new technology and a significant increase in both the number and severity of technologybased risk exposures. According to the International Professional Practices Framework, which of the
following would be the best course of action for the CAE to undertake next?
A. Develop a detailed audit plan that makes the most efficient use and reallocation of existing internal audit
resources.
B. Arrange for the outsourcing of some technology intensive audit processes and procedures based on the
plan changes.
C. Evaluate whether appropriate skills and knowledge required to perform the necessary audit work
currently exist in the department.
D. Begin planning to recruit information technology audit specialists and other expert personnel into the
internal audit activity.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 202
Which of the following risks assumes an absence of compensating controls in the area being reviewed?
A. Control risk.
B. Detection risk.
C. Inherent risk.
D. Sampling risk.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 203
According to the Standards, which of the following objectives is not required to ensure the appropriate
completion of an engagement?
A. Determining audit team members are coordinated to ensure the efficient execution of all engagement
procedures.
B. Confirming engagement working papers properly support the observations, recommendations and
conclusions.
C. Providing structured learning opportunities for engagement auditors when and wherever possible.
D. Ensuring all engagement objectives are reviewed for satisfactory achievement and properly
documented.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 204
According to the International Professional Practices Framework, which of the following is not an objective
of the exit conference?
A.
B.
C.
D.
Receive client feedback and clarification.
Review audit recommendations.
Plan future engagements.
Resolve disagreements.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 205
Which of the following would most likely include recommendations for process improvements? · Due
diligence engagement.
· Forensic investigation.
· Internal audit engagement.
· Consulting engagement.
A.
B.
C.
D.
1, 2, and 3 only
1, 2, and 4 only
1, 3, and 4 only
2, 3, and 4 only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 206
According to the Standards, which of the following best describes the responsibility of the chief audit
executive (CAE) for approving the final engagement report? · The CAE is responsible for obtaining
management approval before issuing the final report. · The CAE has overall responsibility for the report but
can delegate the review and approval of the report.
· The CAE is responsible for obtaining senior management's approval before releasing the final report. ·
The CAE is responsible for approving to whom and how the final report will be disseminated.
A.
B.
C.
D.
1 and 3 only
1 and 4 only
2 and 3 only
2 and 4 only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 207
A report prepared by the internal audit activity contains several observations that disclose proprietary
information regarding the organization's manufacturing process. According to the International Professional
Practices Framework, which of the following is the appropriate treatment for this report?
A.
B.
C.
D.
Distribute the report only to the board to protect disclosure.
Disclose and distribute this information in a separate report.
Remove the observations and report verbally to senior management.
Require a separate non-disclosure statement from each recipient.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 208
According to the International Professional Practices Framework, the internal audit activity's decision to
defer follow-up of recommendations and management's corrective actions until the next scheduled
engagement for the area is justified when:
A. The reported findings or recommendations are significant enough to require immediate action by
management.
B. The action taken by management to address the recommendation is sufficient when weighed against
the importance of the finding.
C. Management has adequately understood and appropriately accepted the risk of not taking action to
implement the recommendation.
D. The significance of the finding or recommendation will allow auditors to perform monitoring by receiving
periodic updates from management on corrective actions taken.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 209
Which of the following conditions should a chief audit executive take into account when deciding if a followup audit engagement is necessary?
· The reported observations were significant and high risk. · Internal audit resources and the time it will
require for follow-up. · Management may not have the resources to take action. · Management has
previously decided not to take any action.
A.
B.
C.
D.
1, 2, and 3 only
1, 2, and 4 only
1, 3, and 4 only
2, 3, and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 210
According to the Standards, which of the following would least likely be considered a red flag when
evaluating the risk for fraud?
A.
B.
C.
D.
Cash receipts appear to be lower than expected from an employee's cash drawer.
Health benefits are detected to be claimed for a deceased employee.
An employee did not approve an internal report detailing expenses for the month.
It is alleged that an employee is receiving vendor kickbacks.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 211
A payroll clerk enters payroll transactions into the general ledger. The staff accountant reconciles the
payroll ledgers. The payroll manager issues the manual payroll checks. The checks are maintained in a
locked cabinet. The chief financial officer secures the keys to the cabinet. The payroll clerk distributes the
manual checks.
The payroll manager reconciles the bank statements monthly. Which of the following audit steps best
addresses the risk of fraud in the payroll process?
A.
B.
C.
D.
Examine whether the payroll manager approves the reconciliations of ledgers.
Determine whether an approved list of voided checks exists.
Determine whether the cabinet keys are secured properly.
Vouch a sample of items on bank reconciliations to supporting documentation.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 212
According to the International Professional Practices Framework, which of the following situations is an
indicator of a healthy relationship between the audit committee and the internal audit function?
A. The chief audit executive (CAE) has direct access to the audit committee and the board but typically
does not interact directly with them unless a material weakness in the control environment is identified.
B. The CAE sends the audit committee all communications between the internal audit department and the
audit client in order to keep the audit committee up to date on the engagement.
C. The CAE does not distribute audit reports to the audit committee. However, the audit committee is
made aware of the scope and findings of audits performed.
D. Whenever a potential audit finding or testing exception is first identified, the audit committee is
immediately notified, as well as for any subsequent changes in the status of the engagement.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 213
An internal auditor has been asked to participate in an advisory capacity to assist a committee in
redesigning the organization's current financial reports to provide better information to management and the
board. Which of the following actions on the part of the auditor would provide the greatest value to this
project?
A. The internal auditor has a set of generic report templates from a former project and presents them to
the group because they worked so well for the previous employer.
B. The internal auditor interviews each stakeholder and documents the requirements and preferences of
each and creates a report template that meets as many of the requirements and preferences as
possible.
C. The internal auditor gathers the stakeholder group and holds a brainstorming session where they
generate report requirements and preferences and then rank them in order of importance.
D. The internal auditor undertakes a project to gather report templates and formats from other
organizations in the same line of business and presents them all to the group for review.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 214
The internal audit activity of an investment company received a request to provide assurance on the risk
management process. Preliminary discussion with senior management revealed that separate functions
within the organization perform some form of risk management activities. Which of the following is the most
effective tool for ensuring that risk management activities are coordinated among these functions?
A.
B.
C.
D.
Delphi technique.
Assurance map.
Facilitated workshop.
Analytical reviews.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 215
The chief audit executive (CAE) is adding a new audit position to the team. According to the International
Professional Practices Framework, which of the following candidates would the CAE be least likely to
accept for the position?
A. The candidate is applying for an IT audit position, while originally coming from an IT background, but
has only experiences of financial and compliance audits in the previous position.
B. The candidate is knowledgeable about potential indicators of fraud including typical risks, but has only
participated as a staff auditor in one investigative fraud audit.
C. The candidate meets the minimum educational requirements established by the chief audit executive,
but has less formal education than any of the other candidates being considered.
D. The candidate provides examples of previous reports demonstrating excellent writing skills, but lacks
ability to clearly communicate ideas and conclusions in a meeting.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 216
According to IIA guidance, which of the following are potential benefits of using an assurance map?
A. Indication of any gaps in assurance coverage, and improved relevance of assurance recommendations.
B. Identification of duplicate or overlapping assurance activities, and improved relevance of assurance
recommendations.
C. Indication of gaps in assurance coverage, and enhanced effectiveness of assurance providers.
D. Enhanced effectiveness of assurance providers, and improved relevance of assurance
recommendations.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 217
Which of the following events would most likely cause the chief audit executive to consider changing the
current year's audit plan?
The government announced that new regulatory requirements will be introduced in the coming years which
may significantly impact the organization's primary product. A major competitor unexpectedly introduced a
new model at a lower price point to compete with the organization's market leading product.
The organization announced a new joint venture with a long time corporate partner to introduce a new
product with development costs and sales beginning next fiscal year. An equal joint venture partner filed a
lawsuit against the organization and requested that the court issue an immediate suspension of future
product shipments.
A.
B.
C.
D.
1 and 2 only
1 and 3 only
2 and 4 only
3 and 4 only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 218
Which of the following statements is true?
A. Consulting engagements provide the internal audit activity with flexibility to add value and do not need to
be included in the long-range audit plan.
B. The internal audit activity's plan of engagments must be based on a formal quantitative risk
assessment.
C. The chief audit executive should consider changes to the long-range audit plan based on the requests
of business unit managers.
D. A risk assessment on which to base the internal audit activity's long-range plan must be undertaken at
least once every three years.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 219
In performance auditing, which of the following must first be determined by the internal auditor?
A.
B.
C.
D.
Which key performance indicators are in use.
Management's objectives for the process.
Whether management controls are appropriate.
Determination that appropriate benchmarks are in place.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 220
According to the Standards, which of the following best describes what must be agreed upon to establish
an understanding with clients prior to starting a consulting engagement?
A.
B.
C.
D.
The engagement objectives, access to clients records, and expectations.
The engagement objectives, scope, and time frame to complete the engagement.
The engagement scope, opportunities for making significant improvements, and client expectations.
The engagement objectives, scope, respective responsibilities, and other client expectations.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 221
An airline contracted with an external service provider to perform maintenance on all aircraft ground support
equipment. Management then asked the internal audit activity (IAA) to evaluate the controls in place that
would permit appropriate oversight of the service provider in maintaining required maintenance standards.
According to the International Professional Practices Framework, which of the following would be the most
appropriate course of action for the IAA to undertake to establish the engagement objectives?
A.
B.
C.
D.
Develop a draft audit plan and create an appropriate scope and resource schedule.
Develop a preliminary audit program and obtain senior management's approval.
Conduct a preliminary assessment of the risks associated with the maintenance contract.
Obtain a copy of the maintenance contract and review the contract for pricing discrepancies.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 222
According to the International Professional Practices Framework, which of the following would not be
considered when performing an initial risk assessment in engagement planning?
A.
B.
C.
D.
The reliability of management's assessment of risk.
Management's process for monitoring, reporting, and resolving risk issues.
Management's methodology for defining risk criteria.
Risks in related activities relevant to the activity under review.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 223
According to IIA guidance, which of the following strategies would be the least effective in helping a chief
audit executive build a stronger relationship with the board?
A.
B.
C.
D.
Consider formality and tone of communications to ensure they are appropriate.
Minimize instances of ad hoc communications with board members.
Consider the possible repercussions created by commentary on deficiencies.
Avoid making presumptuous comments without sufficient facts.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 224
The chief audit executive established an internal audit activity (IAA) performance standard requiring all audit
reports to be issued within 48 hours of the exit meeting with the client. Which of the following describes an
exit meeting strategy that would best help the IAA meet this performance standard?
A.
B.
C.
D.
The objective of the exit meeting is to reach agreement on audit observations.
The objective of the exit meeting is to solicit action plans for audit observations.
The objective of the exit meeting is to confirm final details of fieldwork.
The objective of the exit meeting is to confirm understanding of audit results
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 225
Which of the following would not include recommendations for process improvements?
A.
B.
C.
D.
Due diligence engagement.
Forensic investigation.
Internal audit engagement.
Consulting engagement.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 226
When approving the final engagement report, which of the following is most critical?
A.
B.
C.
D.
Opinions are adequately supported.
Conclusions are reached for all objectives.
Report is distributed to appropriate parties.
Report is clear and concise.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 227
According to the Standards, which of the following would have the least direct interest in the draft report of a
compliance review of the purchasing function?
A.
B.
C.
D.
Purchasing staff.
Purchasing manager.
Director of finance.
Audit committee.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 228
The chief audit executive (CAE) notes during review of the final report of an assurance engagement that
management has decided to accept the risks of two significant exposures identified by the audit. Which of
the following actions by the CAE would be least prudent in these circumstances?
A.
B.
C.
D.
Implement follow-up procedures to monitor the potential impact of those risks.
Review the working papers and conclusions as to the perceived residual risk.
Meet with senior management to consider their reasoning for the decision.
Meet with the auditor-in-charge to review the conclusions.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 229
According to the International Professional Practices Framework, which of the following is correct regarding
conducting and reporting follow-up activities by the internal audit activity (IAA)?
A. Due to management changes, the IAA is advised by management that no further work will be done.
Further follow-up work is not required as management has accepted the related risk.
B. A newly appointed auditor immediately proceeds to conduct follow-up testing based on previous work
performed for the engagement and then reports the results to the chief audit executive (CAE).
C. Management has stopped implementing several key recommendations citing a growing disagreement
with their effectiveness. The auditor communicates the situation to the CAE who then escalates the
matter to senior management.
D. In situations where the identified risk may have a significant impact to the business and senior
management has accepted the risk, it is not necessary for the CAE to inform the board of the decision.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 230
An internal auditor compares real-time gasoline production data to corresponding final gasoline production
reports and finds minor but consistent daily discrepancies. If the auditor is concerned about theft, which of
the following next steps is most consistent with IIA guidance?
A. Reconcile online data and the final production reports to gasoline sales reports.
B. Contact security personnel as evidence suggests gasoline is being stolen from production premises.
C. Confront the production manager and ask her to explain the differences between real-time and reported
data.
D. Review the processes used to collect the production data and to compile the final production reports.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 231
According to IIA guidance, which of the following is the least appropriate role for the internal audit activity in
the organization's risk management program?
A.
B.
C.
D.
Conducting full investigations of suspected fraud.
Monitoring the organization's whistle-blower hotline.
Assessing the risk of fraudulent activity in the organization.
Providing ethics training sessions to organization staff.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 232
An organization decides to create an internal audit function and hires a new chief audit executive (CAE).
Which of the following should the CAE first consider when developing the internal audit process?
A.
B.
C.
D.
Requirements of the external auditors to ensure an efficient coordination of audit effort.
Sufficient resources to adequately meet the needs of the annual audit plan.
Alignment of internal audit objectives with the organization's strategic plan.
An appropriate training plan for audit staff.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 233
Which of the following is not true regarding the management of internal audit resources?
A.
B.
C.
D.
A minimum level of information technology knowledge is necessary.
The adequacy of internal audit resources is ultimately a board responsibility.
Resources include external service providers and computer-assisted audit techniques.
Skills availability must be aligned with financial constraints.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 234
An organization has an opening for an entry-level internal audit position. When interviewing for the position,
which of the following is the least important skill for an entry-level internal auditor?
A.
B.
C.
D.
Conflict resolution skills.
Communication skills.
Time management skills.
Interpersonal skills.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 235
During a consulting engagement, an internal auditor identifies new risks which will impact the scope and
sufficiency of the engagement audit plan. According to the Standards, the internal auditor should:
A.
B.
C.
D.
Discuss the potential impact on the scope with the client.
Modify the scope to incorporate the new risks and continue the engagement.
End the engagement, as the audit scope is no longer sufficient to meet the audit objective.
Continue the engagement but highlight the impacts on the audit scope in the final report.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 236
When establishing the internal audit activity's annual plan, which of the following would be the best source
of potential audit engagement topics?
A.
B.
C.
D.
The organization's budget.
Operations involving cash transactions.
Recent changes in management objectives.
Risk factors utilized in the organization's risk models.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 237
Which of the following would be included in an internal audit department's quality assurance and
improvement program?
1. Ongoing internal assessments of the performance of the internal audit department.
2. Periodic internal reviews through self-assessments.
3. Assessments conducted by a qualified external reviewer at least once every five years.
A.
B.
C.
D.
1 only
1 and 2 only
2 and 3 only
1, 2, and 3
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 238
Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailed
audit work begins?
A.
B.
C.
D.
The objectives of the audit should be set.
The organization's management should be informed about the work to be performed.
Attention should be devoted toward the key audit areas.
The timing of the audit should be set.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 239
When determining if appropriate resources exist to achieve engagement objectives, which of the following
factors should a chief audit executive consider?
1. Nature and complexity of the audit engagement.
2. Time constraints.
3. Effectiveness of the audit committee.
4. Availability of resources for the engagement.
A. 1 and 2 only
B. 1, 2, and 3 only
C. 1, 2, and 4 only
D. 1, 3, and 4 only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 240
Which of the following is true regarding roles and responsibilities in risk management processes?
A.
B.
C.
D.
Setting strategic direction resides with senior management.
Ownership of risks resides with the board.
Acceptance of residual risk resides with executive management level.
Identifying, assessing, mitigating and monitoring activities on a continuous basis rests with the internal
audit activity.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 241
While preparing the annual audit plan, the newly assigned chief audit executive (CAE) learns that the
organization has not yet implemented a risk framework. Which of the following would be the most
appropriate action for the CAE to take regarding potential engagements?
A. Prioritize the engagements that were not done in previous years and schedule them for the upcoming
year.
B. Consult with senior management and the board and make adjustments regarding risk.
C. Review all outstanding recommendations from prior audit engagements and focus on them in the
upcoming year.
D. Use the previous three-year audit plan to extrapolate potential engagements for the upcoming year's
schedule of engagement.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 242
Which of the following would be the most important reason for the chief audit executive (CAE) to use inputs
from management strategy to update the audit universe?
A. The audit charter requires the CAE to update the audit universe before embarking on the selection of
potential audit engagements.
B. The CAE wants to consider the organization's strategic plan including attitude toward risk and the
degree of difficulty to achieving planned objectives.
C. The CAE wants to cover management planned activities for the upcoming year in the audit plan.
D. The CAE wants to determine internal audit resourcing requirements to cover the organization's major
processes and activities over time.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 243
Management requested the chief audit executive (CAE) to include an audit of the organization's health and
safety program in next year's annual audit plan. However, the internal audit department has no expertise in
this area. Which of the following would be the most appropriate action by the CAE?
A. With management's agreement, amend the scope of the audit to ensure that areas examined do not
require specialized knowledge and expertise.
B. Meet with management to explain that the audit cannot be undertaken and discuss alternative strategies
that can be implemented until internal audit can develop its capability in the area.
C. Accept the request provided management has conducted a thorough risk assessment prior to the
engagement to help guide the audit.
D. Advise management that compliance audits of this type should only be conducted by the corresponding
regulatory agency to ensure independence.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 244
While developing a risk based audit plan, which of the following sources of information would provide the
least value to the chief audit executive?
A.
B.
C.
D.
Results from the organization's business process management program.
User acceptance testing of the organization's enterprise resource planning application.
Risk assessments conducted by the board.
Key business strategies adopted by the organization in the strategic plan.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 245
An organization has a large number of vendors supplying goods to its various branches across the region.
The code of conduct statements signed by the employees specify that the employees or their families will
not sell goods to the organization. However, during the internal audit of a branch, the internal auditor
suspected that some of the employees may be supplying goods to the organization contrary to the code of
conduct. The chief audit executive has requested that a thorough review be completed to identify the
potential employee vendors. Of the following tests, it would be least useful to compare [List A] with [List B].
[List A]
[List B]
A. Vendor bank account numbersEmployee bank account numbers
B. Dates of payments to vendorsDates of salary payments to employees
C. Addresses of vendors from the vendor databaseAddresses of employees from the employee databaseD
.Vendor namesEmployee names
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 246
Which of the following is correct with respect to roles within an enterprise-wide risk management process?
1. The board provides oversight to the risk management process.
2. Executive management owns the risk management framework.
3. Senior management is assigned ownership of risks.
4. Internal audit modifies the risk assessment determined by management.
A.
B.
C.
D.
1 and 2 only
3 and 4 only
1, 2, and 3 only
1, 2, 3, and 4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 247
According to the Standards, which of the following is applicable to the internal audit activity's quality
assurance and improvement program?
A.
B.
C.
D.
Periodic monitoring of the internal audit activity should be done.
All aspects of the internal audit activity should be evaluated.
An external assessment should be obtained every three years.
The review of assurance services should be the primary focus.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 248
During the planning phase of an audit of the treasury function, an internal auditor conducted a risk
assessment of the function in order to:
A.
B.
C.
D.
Report any high-risk exposures of the treasury function to management and the board.
Determine whether appropriate resources are present to carry out the treasury function.
Comply with the internal audit charter and applicable regulatory requirements.
Identify areas of the treasury function that should be considered for potential engagement objectives.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 249
Ordinarily, which of the following would not be an objective of an internal audit quality assurance review?
A. Ensuring that the internal audit activity meets the external auditor's expectations.
B. Ensuring that the internal audit activity has an audit charter approved by the board of directors.
C. Complying with specific standards for the professional practice of internal auditing.
D. Ensuring the adequacy of the goals, mission and vision of the internal audit activity.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 250
An organization has adopted an enterprise-wide risk management process and has appointed a chief risk
officer (CRO) to manage the process. The board has requested that the audit committee have oversight
over the risk management function. Which of the following statements is not true regarding this situation?
A. The audit committee should get assurance on the adequacy and effectiveness of the risk management
process from the CRO.
B. The chief audit executive has the mandate to conduct risk assessments and give assurance to the audit
committee.
C. The audit committee, on behalf of the board, has overall responsibility for the risk management process
in the organization.
D. Senior management is accountable to the board for monitoring the system of internal controls.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 251
Which of the following are key characteristics of enterprise risk management?
1. It considers risk in the formulation of strategy.
2. It applies risk management in some units of an entity.
3. It takes a portfolio view of risks throughout the enterprise.
4. It restricts the organization's ability to seize opportunities inherent in future events.
A.
B.
C.
D.
2 and 3 only
1 and 3 only
2 and 4 only
1 and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 252
Due to the expanded role of internal audit in the organization, the chief audit executive (CAE) of a
construction company decides to employ the services of an outsourced audit service provider to augment
the internal audit staff. What does the CAE need to consider in determining whether the outsourced audit
service provider possesses the necessary knowledge, skills and other competencies to perform an audit
engagement?
A. Specific matters expected to be covered in the engagement communications.
B. The financial interest that the external service provider may have in the organization.
C. The extent of other ongoing services the external service provider may be performing for the
organization.
D. The reputation of the external service provider.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 253
Which of the following would be an appropriate role of the internal audit function?
A.
B.
C.
D.
Determine the consequences for ethics violations.
Be responsible for the management of a whistle blowing hotline.
Establish the ethics policies for the organization.
Evaluate the effectiveness of the organization's ethics-related activities.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 254
Which of the following is a preventive control strategy against fraud?
A.
B.
C.
D.
Performing a surprise audit.
Maintaining a whistleblower hotline.
Implementing control self-assessment.
Performing background checks on employees.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 255
An internal auditor is reviewing purchases made through the organization's corporate credit card program.
Which of the following statements best describes a root cause of a deficiency?
A.
B.
C.
D.
A personal computer was purchased from a non-approved vendor.
Company policy limits card use to $500 per transaction.
A control to detect split purchases has not been activated in the credit card system.
Sample testing found 10% non-compliance with the organization's business travel policy.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 256
According to the International Professional Practices Framework, which of the following should be excluded
from a final communication for a performance audit engagement?
A.
B.
C.
D.
Recommendations and conclusions.
The internal auditor's unbiased opinion.
Timely and relevant information.
Legal opinions related to illegal acts.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 257
In response to an audit finding, senior management informed the auditor that the issue would be
investigated and resolved when time permitted. According to the International Professional Practices
Framework, this action was not acceptable because:
A. The appropriate level of management was not involved in the review and resolution of the issue.
B. Responses should include sufficient information to evaluate the adequacy and timeliness of corrective
action.
C. The board had not reviewed management's responses to the engagement observations and
recommendations.
D. Other departments should have been contacted to determine if they shared responsibility for corrective
action.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 258
Which of the following tasks is typically performed in the analysis phase of a benchmarking consulting
engagement?
A.
B.
C.
D.
Identifying business capabilities.
Developing data collection tools.
Determining benchmarked process attributes.
Determining sample size.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 259
Which of the following should be included in the scope of an audit of a third-party contractor?
1. Budgets and financial forecasts for the project.
2. Contractor's information and control systems.
3. Contractor's financial position.
4. Progress of the project and costs incurred.
A.
B.
C.
D.
1 and 4 only
1, 2, and 3 only
2, 3, and 4 only
1, 2, 3, and 4
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 260
Which of the following controls in a computerized consumer loan system of a major bank would be the least
effective in detecting a fraudulent loan?
A.
B.
C.
D.
All log-in accounts become inaccessible after three incorrect password attempts.
Loan approvals over a pre-determined limit must have management approval.
Customer information is matched to payment data prior to funds disbursement.
System controls prevent supervisors from delegating their approval authority during vacation periods.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 261
According to the International Professional Practices Framework, the responsibility for establishing and
maintaining a system to monitor the disposition of results communicated to management falls upon:
A.
B.
C.
D.
Compliance officer.
Chief audit executive.
Senior management.
Risk manager.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 262
Controls are implemented to:
A.
B.
C.
D.
Eliminate risk and reduce the potential for loss.
Mitigate risk and eliminate the potential for loss.
Mitigate risk and reduce the potential for loss.
Eliminate risk and eliminate potential for loss.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 263
According to the Standards, which of the following should be the basis for scheduling follow-up of
engagement recommendations?
A. The follow-up manual procedures.
B. The internal audit charter.
C. The agreement made between internal auditors and management.
D. The risks and exposures involved.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 264
Which of the following would be a legitimate action for the internal auditor to take when monitoring audit
engagement results?
1. Disregard a certain risk because management and the board accepted the risk in the past.
2. Abdicate the responsibility for a particular risk because it is not part of the audit plan.
3. Obtain agreement from senior management that unresolved audit issues will be reported to the board.
Request corrective action from management in writing.
A.
B.
C.
D.
1 and 3 only
2 and 3 only
3 and 4 only
1, 2, and 4 only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 265
Which of the following statements is not true about the oversight and review of working papers by the chief
audit executive (CAE)?
A. The CAE has ultimate responsibility for reviewing working papers and remains accountable for the
achievement of objectives and the quality of work.
B. The need for CAE review depends on the proficiency and experience of the internal auditor and the
complexity of the task.
C. The CAE is responsible for all significant professional judgments made during the audit process and
should therefore personally review working papers to ensure conclusions were professionally arrived at.
D. The CAE, although having overall responsibility for reviewing work completed, can delegate such task to
appropriately experienced internal audit staff.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 266
The chief audit executive (CAE) notes that management has adopted the option of not taking action on an
audit issue involving a sizeable risk which has been accepted in the past. Which would be an appropriate
action by the CAE?
A.
B.
C.
D.
Close the issue by noting that follow-up will be completed as part of the next engagement.
Discuss the matter with management to determine a resolution.
Accept management's decision as the same risk has been accepted in the past.
Report the situation to the board for immediate resolution.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 267
Which of the following is a preventive control for fraud?
http://www.gratisexam.com/
A.
B.
C.
D.
Determining if the number of manually prepared disbursement checks is high.
Reconciling the purchase orders with the requisitions.
Verifying that new vendors appear on the vendor pre-approved list.
Conducting an inventory count of the warehouse.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 268
The chief audit executive (CAE) decided that based on management's oral response, the action taken on
an audit observation for a minor improvement in the client's process is sufficient and no further follow- up is
necessary. Which of the following would be the best statement regarding the action of the CAE?
A. The CAE action is not acceptable, as a follow-up audit is needed to ensure that action is really taken by
management.
B. The CAE action is not acceptable, as follow-up on the issue is critical until a written response is
obtained from management.
C. The CAE action is acceptable as long as the follow-up is sufficient when weighed against the relative
importance of the recommendation.
D. The CAE action is acceptable as long as the issue has been escalated to the board to get their position
on the issue.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 269
Which two of the following considerations must an internal auditor take into account while planning an audit
of an accounting system/application that has been in use for the last five years? · The level and manner of
linkages between the business' mission, objectives, and structure and the accounting system/application.
· Presence or absence of computerized and manual controls that address risks. · Identification of risks at
the application level, e.g. availability and security of the system. · Testing of the system/application for bugs
and errors.
A. 1 and 3 only
B. 2 and 3 only
C. 2 and 4 only
D. 3 and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 270
The following audit observation was included in the final audit report:
"Our review concluded that bank reconciliation statements for March and April did not show evidence of
supervisory review. We recommend strict compliance with the controller's manual, which requires the
department head to place their initials on the reconciliation statements to document their review."
Which of the following attributes are missing from the above audit observation?
1. Criteria.
2. Condition.
3. Cause.
4. Effect.
A.
B.
C.
D.
1 and 4 only
2 and 3 only
1, 3, and 4 only
3 and 4 only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 271
If the chief audit executive believes that senior management has accepted a level of residual risk that is
unacceptable to the organization, they should:
A.
B.
C.
D.
Accept the decision of senior management as they are ultimately responsible for risk management.
Report the concern directly to the board.
Discuss the concern with management and if not resolved, escalate it to the board.
Disclose the issue in the audit report when auditing the area where the risk was identified.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 272
During an engagement the internal auditors reported that the organization was paying suppliers without
receiving the merchandise. Management responded that it would immediately establish the use of receiving
reports. As part of the follow-up activity, which of the following procedures would be the most appropriate in
determining that management action was implemented?
A.
B.
C.
D.
Ask management if the new policy related to the receiving reports is in place.
Select a sample of receiving reports and determine if payments were made.
Interview warehouse employees to ascertain adherence to new policy.
Select a sample of payments and determine if a receiving report exists.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
appropriate answer.
QUESTION 273
According to the Standards, which of the following is an attribute when applied to the observations and
recommendations contained in the audit report?
A.
B.
C.
D.
Client accomplishments.
Effect.
Supportive information.
Scope statements.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
answer is confirmed.
QUESTION 274
An internal auditor was assigned to conduct an inventory control and stock room area engagement. During
the audit, the auditor observed that there were some items that have a shelf life expiration date requirement
based on a certificate of conformance received with the product. The certificates of conformance are kept
on file in the inventory area office and the expiration date is verified at the time the item is taken from stock.
The auditor reviewed the items in the stock room and also on the production floor for the expiration dates to
see if there was any expired product. All items with a shelf life requirement were found to be within the
expiration date requirement. Which of the following recommendations would be appropriate?
A. Take no action, because all the items were within the expiration date requirement, and no corrective
action is needed.
B. Permit production staff the access to files where the certificates of conformity are kept, so they can
choose the items with the closest expiration date.
C. Determine the cost of inventory for the items that have a shelf life and apply a new policy regarding
inventory levels to be maintained (i.e., minimums, maximums, reorder points etc.).
D. Add to the product label a "use by date" line, enter the expiration at the time of receipt, and perform
periodic inventory checks.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
answer is complete.
QUESTION 275
In addition to the internal auditor, which of the following parties should be present at an exit or closing
conference?
1. Audit committee members.
2. The external auditor.
3. The management responsible for the areas covered by the engagement.
4. The chief executive officer.
A.
B.
C.
D.
2 only
3 only
3 and 4 only
1, 3, and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
well defined answer.
QUESTION 276
Reviewing internal audit report drafts with clients is:
1. Required according to the Standards.
2. A form of courtesy.
3. Ethically mandated.
4. A form of validation.
A.
B.
C.
D.
1 and 2 only
2 and 3 only
2 and 4 only
3 and 4 only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 277
Which of the following is an advantage to using the questionnaire approach when conducting risk and
control self assessments?
A.
B.
C.
D.
Responses can easily be quantified and analyzed.
Follow-up for clarification is efficient.
It is educational for participants.
It allows for in-depth probing of issues.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 278
Which of the following documents should the chief audit executive review and approve?
1. Workpaper retention policy.
2. Audit committee meeting minutes.
3. Internal audit handbook.
4. Quarterly financial statements.
A.
B.
C.
D.
1 and 2 only
1 and 3 only
2 and 4 only
1, 3, and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 279
Which of the following topics must the internal audit staff discuss with management during the exit
conference?
1. Issues identified during the audit.
2. Evaluation criteria used to select controls for testing.
3. Staff who were interviewed during the audit.
4. The reporting process for the draft and final report.
A.
B.
C.
D.
1 and 3 only
1 and 4 only
2 and 3 only
2 and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 280
A manufacturing organization is considering a merger with a similar firm, and requests that the chief audit
executive (CAE) perform a due diligence audit. During the preliminary survey, the CAE notes that inventory
management is a high risk area. In consultation with the external auditors and legal advisors, the CAE
learns that they share those concerns. Which of the following is the CAE's best course of action?
A. Perform an independent audit of the merging firm's inventory management practices to verify the
concerns and to provide relevant and reliable results to management for their consideration and action.
B. Advise management that internal audit, external audit, and legal advisors all have concerns about
inventory management and, given the high materiality of inventory, management should not proceed
with the merger.
C. Coordinate a review of inventory management with external auditors and legal advisors and ensure
each group focuses on their area of expertise to ascertain the extent of the problems, if any.
D. Coordinate with the merging firm's internal audit department to better understand the inventory
management function and whether the concerns are well-founded.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 281
The chief audit executive (CAE) manages a large internal audit activity (IAA) reporting functionally to the
audit committee and administratively to the chief risk officer. During the CAE's recent unplanned medical
leave, several internal audit reports were completed and waiting for CAE approval, however, no formal
delegation of authority was in place to anticipate this situation. In order to preserve the independence of the
IAA, which of the following would be the most appropriate individual to review and approve these reports
during the CAE's absence?
A.
B.
C.
D.
External auditor.
Chief risk officer.
Engagement lead auditor.
Audit committee chair.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 282
During the audit of a large decentralized supply chain function, the chief audit executive (CAE) receives
serious allegations of fraud concerning the vice president responsible for this function. The CAE engages a
third party to provide forensic audit services and lead the investigation portion of the engagement. As part
of this team, which of the following would be an appropriate role for the investigator?
1. Authenticate the original approval signatures on contracts.
2. Interview personnel to understand the supply chain processes.
3. Provide certified copies of relevant original documents for the audit file.
4. Identify variances in pixels on original electronic documents.
A.
B.
C.
D.
1 and 2 only
1 and 4 only
2 and 3 only
3 and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 283
The chief audit executive (CAE) of a new organization is in the process of determining the manner in which
audit reports will be distributed and to whom. According to the Standards, which of the following is the most
appropriate course of action for the CAE to take to develop this distribution process?
A. The process should be determined in meetings with the external auditor and senior management to
ensure alignment with external reporting.
B. The CAE should meet with senior management for their input, but finalize the distribution of all reports
with the board.
C. The CAE should independently implement the report distribution, using best judgment to ensure that all
relevant stakeholders are informed.
D. The CAE should request that senior management and the board meet to determine the most
appropriate reporting method.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 284
An organization has acquired a new line of business. None of the organization's internal auditors have the
required expertise to perform an internal audit of the new business line; therefore, the chief audit executive
(CAE) has contracted the services of an external audit firm to perform the engagement. The CAE has
assigned a member of the internal audit team to assist the external team with the engagement. According
to the Standards, which of the following statements is true regarding supervision of the engagement?
A.
B.
C.
D.
The CAE may rely upon the external firm's auditor in charge to supervise the engagement.
The external firm's auditor in charge must defer to the judgment of the CAE for any disputes.
The CAE is not responsible for the quality of an audit performed by an external firm.
The CAE should not assign an inexperienced staff member to assist with the engagement.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 285
An organization does not have a formal risk management function. According to the Standards, which of
the following are conditions where the internal audit activity (IAA) may provide risk management consulting?
1. There is a clear strategy and timeline to migrate risk management responsibility back to management.
2. The IAA has the final approval on any risk management decisions.
3. The IAA does not give objective assurance on any part of the risk management framework for which it is
responsible.
4. The nature of services provided to the organization is documented in the internal audit charter.
A.
B.
C.
D.
1, 2, and 3 only
1, 2, and 4 only
1, 3, and 4 only
2, 3, and 4 only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 286
Which of the following statements regarding the use of external contracted services by the chief audit
executive (CAE) is false?
A.
B.
C.
D.
The CAE's responsibility is not impaired by engaging an external expert.
The external expert could have a prior relationship with the audit client.
The audit report should not disclose the use of contracted services.
The expert should be directed by the objectives and scope of work.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 287
The internal auditor is asked to conduct an investigation involving a suspected fraud. According to the
Standards, which of the following statements regarding the investigation process is false?
A. The auditor should use anonymous surveys of coworkers to assess the character and behavior of the
suspect.
B. The auditor must give consideration to the risk of unidentified co-conspirators whether indications exist
or not.
C. The auditor should not limit the collection of information by prejudging its relevance to the investigation.
D. The auditor must consider the risk that audit procedures may inadvertently violate the rights of the
suspect.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 288
According to the Standards, which of the following control strategies would be the most effective in helping
to prevent fraud?
A. Have employees annually sign a code of conduct requiring that they report any known violations.
B. Implement a whistleblower hotline where individuals can make anonymous phone calls to report
fraudulent activities.
C. Provide periodic fraud awareness training to employees and test their understanding of the training
through online surveys.
D. Conduct routine employee surveys to solicit their knowledge of fraud and unethical behavior within the
organization.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 289
An internal auditor is conducting an assessment of the organization's fraud controls. Which of the following
would not be considered a preventive control?
1. Daily report that identifies unsuccessful system log-in attempts.
2. Weekly management communication with tips on identifying possible fraud.
3. E-mail alert sent to management for checks issued over $100,000.00.
4. New hire training to explain fraud and employee misconduct.
A.
B.
C.
D.
1 and 2 only
1 and 3 only
2 and 4 only
3 and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 290
Which of the following is the least relevant when preparing the internal audit activity's annual engagement
plan?
A.
B.
C.
D.
Senior management's requests for internal audit engagements.
A rotation of internal audit engagements selected on a time basis.
The organization's current risk priority and exposure.
Coordination with the audit plans of the external auditor.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 291
Which of the following statements is true?
A. If management chooses not to take action on internal audit's assurance engagement observation, the
chief audit executive (CAE) has a responsibility to propose an action plan to the board.
B. Internal audit's responsibility for an assurance engagement observation ends when management
implements changes to remediate the observation.
C. When management decides to accept the risk of not taking action on an assurance observation, the
(CAE) is responsible for judging whether or not that decision is prudent.
D. An assurance engagement observation is considered remediated when management's corrective action
plan is approved by the board.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 292
An audit engagement objective at a manufacturer is to determine the quality of raw materials purchased.
Which of the following actions would best enable an internal auditor to satisfy this objective?
A.
B.
C.
D.
Analyze the provision for sales allowances.
Analyze the percentage of scrap incurred during production.
Research the rationale for customer returns.
Evaluate the volume and characteristics of products rejected during processing.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 293
Which of the following statements is true regarding the communication of audit engagement observations?
A. Criteria, condition, cause, and effect must be communicated for material observations only
B. Criteria, condition, cause, and effect must be communicated for material observations and significant
deficiencies only
C. Criteria, condition, cause, and effect must be communicated for all engagement observations.
D. Criteria, condition, cause, and effect do not need to be communicated for insignificant observations with
adquate compensating key controls.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 294
Which of the following situations justifies the release of an interim report to management and the board?
· The internal auditor is convinced that the audit observations require immediate attention. · The internal
auditor would like to communicate a change in engagement scope for the activity under review.
· The internal auditor notes that the engagement may extend over a longer time period. · The audit
supervisor believes that issuing interim reports eases supervisory review and controls over working papers.
A.
B.
C.
D.
1 and 3 only
2 and 3 only
1, 2, and 3 only
2, 3, and 4 only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 295
The chief audit executive of a large publicly held bank is using a risk based approach to update the annual
audit plan. Which of the following sources of information will have the least impact on the plan?
A.
B.
C.
D.
The 12 month forecast of commercial property values.
Recent changes to the bank's strategic plan.
Regulatory changes impacting capitalization for all publicly traded banks.
Continuous changes in the prime lending rate set by the country's central bank.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 296
According to IIA guidance,when performing a compliance audit of data security standards for a large ecommerce retailer, which of the following would represent the least likely area of risk exposure?
A.
B.
C.
D.
Operational risks.
Change or configuration risks.
Access risks.
Physical security risks.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 297
An internal auditor for a large telecommunications organization identified potential risk factors related to a
planned billing system conversion. Which of the following risk factors would present the least potential
exposure to the organization?
A.
B.
C.
D.
Critical customer support functions are not available for a short period.
Invoice generation disruptions due to required maintenance.
Inaccurate billing of telephone calls due to database error.
End user criticism and lack of support for the new system.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 298
While reviewing the draft report of an audit engagement, the chief audit executive (CAE) is not in
agreement with management's acceptance of the potential risk exposure resulting from an observed key
control weakness. Which of the following actions by the CAE would be appropriate for addressing this
concern?
·
·
·
·
Meet with the auditor-in-charge.
Discuss with senior management.
Monitor the result of the accepted risk.
Report the matter to the board.
A.
B.
C.
D.
1, 2, and 3 only
1, 2, and 4 only
1, 3, and 4 only
2, 3, and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 299
Which of the following statements is correct regarding the use of a program evaluation and review
technique (PERT) model?
· It makes use of a probability model to arrive at a realistic estimate of time necessary for completion of the
audit engagement.
· It requires that activities are performed in sequence such that each task is completed before the
commencement of the next activity.
· It remains fixed once completed to act as a baseline for measuring the performance of the audit staff
following completion of the engagement.
· It begins with the auditor-in-charge identifying the overall scope and then breaking down the audit
engagement into identifiable activity units.
A.
B.
C.
D.
1 and 3 only
1 and 4 only
2 and 3 only
2 and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 300
According to IIA guidance, which of the following are benefits to the internal audit activity when conducting
an assurance mapping exercise?
A.
B.
C.
D.
Identification of gaps in risk coverage, and minimization of duplicate assurance efforts.
Identification of gaps in risk coverage, and consolidation of risk reporting efforts.
Resolution of identified testing errors, and miminization of duplicate assurance efforts.
Resolution of identified testing errors, and consolidation of risk reporting efforts.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 301
The chief audit executive (CAE) of a large retail operation believes that senior management has accepted a
level of risk that exceeds the organization's current risk tolerance with respect to a major expansion. The
CAE plans to meet with senior management to discuss these concerns. According to IIA guidance, which of
the following would be an appropriate course of action in preparation for this meeting?
· Understand management's basis for the decision.
· Advise the board of the concern and upcoming meeting. · Ascertain which members of management have
accepted the risk. · Determine if management has the authority to accept the risk.
A.
B.
C.
D.
1 and 2 only
1 and 4 only
2 and 3 only
3 and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 302
During the quarterly review of the internal audit activity's performance, the chief audit executive (CAE) notes
that actual engagement hours consistently exceed the budget. Which of the following strategies would most
likely help the CAE address this problem? · The budget should consider time spent on similar
engagements. · The budget should consider the proficiency of the assigned auditors. · The budget estimate
should provide for unexpected delays. · The budget should be specific as to time for each work assignment.
A.
B.
C.
D.
1 and 2 only
1 and 4 only
2 and 3 only
3 and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 303
According to IIA guidance, which of the following actions might place the independence of the internal audit
function in jeopardy?
A.
B.
C.
D.
Having no active role or involvement in the risk management process.
Auditing the risk management process for reasonableness.
Coordinating and managing the risk management process.
Participating with management in identifying and evaluating risks.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 304
According to IIA guidance, which of the following would not be a consideration for the internal audit activity
(IAA) when determining the need to follow-up on recommendations?
A. Degree of effort and cost needed to correct the reported condition.
B. Complexity of the corrective action.
C. Impact that may result should the corrective action fail.
D. Amount of resources required to conduct the follow-up activities.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 305
Which of the following is an appropriate responsibility for the internal audit activity with regard to the
organization's risk management program?
A.
B.
C.
D.
Identifying and managing risks in line with the entity's risk appetite.
Ensuring that a proper and effective risk management process exists.
Attaining an adequate understanding of the entity's key mitigation strategies.
Identifying and ensuring that appropriate controls exist to mitigate risks.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 306
Which of the following is a detective control for managing the risk of fraud?
A.
B.
C.
D.
Awareness of prior incidents of fraud.
Contractor non-disclosure agreements.
Verification of currency exchange rates.
Receipts for employee expenses.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 307
Which of the following is a justifiable reason for omitting advance client notice when planning an audit
engagement?
A. Advance notice may result in management making corrections to reduce the number of potential
deficiencies.
B. Previous management action plans addressing prior internal audit recommendations remain
incomplete.
C. The engagement includes audit assurance procedures such as sensitive or restricted asset
verifications.
D. The audit engagement has already been communicated and approved through the annual audit plan.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 308
According to IIA guidance, organizations have the most influence on which element of fraud?
A.
B.
C.
D.
Opportunity.
Rationalization.
Pressure.
Incentives.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 309
The external auditor has identified a number of production process control deficiencies involving several
departments. As a result, senior management has asked the internal audit activity to complete internal
control training for all related staff. According to IIA guidance, which of the following would be the most
appropriate course of action for the chief audit executive to follow?
A.
B.
C.
D.
Refuse to accept the consulting engagement because it would be a violation of independence.
Collaborate with the external auditor to ensure the most efficient use of resources.
Accept the engagement but hire an external training specialist to provide the necessary expertise.
Accept the engagement even if the audit engagement staff was previously responsible for operational
areas being trained.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 310
Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?
A. To gain access to a wider variety of skills, competencies and best practices.
B. To complement existing expertise with a required skill and competency for a particular audit
engagement.
C. To focus on and strengthen core audit competencies.
D. To provide the organization with appropriate contingency planning for the internal audit function.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 311
Which of the following statements about internal audit's follow-up process is true?
A. The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure quality
performance.
B. The actions of external auditors and other external assurance providers is not encompassed by internal
audit's follow-up process.
C. Internal auditors have responsibility for determining if management and the board have implemented
the recommended action or otherwise accepted the risk.
D. The follow-up process must be complete and documented in the working papers in order to conclude
the engagement.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 312
A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of
the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the
delivery of the aircraft had fallen substantially behind schedule while the training had already been
completed. If half of the aircraft under contract have been delivered, which of the following should the
internal auditor expect to be accounted for in the general ledger?
A. Training costs allocated to the number of aircraft delivered, and the cost of actual production hours
completed to date.
B. All completed training costs, and the cost of actual production hours completed to date.
C. Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.
D. All completed training costs, and 50% of the contracted production costs.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 313
An internal auditor determines that certain information from the engagement results is not appropriate for
disclosure to all report recipients because it is privileged. In this situation, which of the following actions
would be most appropriate?
A.
B.
C.
D.
Disclose the information in a separate report.
Distribute the information in a confidential report to the board only
Distribute the reports through the use of blind copies.
Exclude the results from the report and verbally report the conditions to senior management and the
board.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 314
For which of the following fraud engagement activities would it be most appropriate to involve a forensic
auditor?
A.
B.
C.
D.
Independently evaluating conflicts of interests.
Assessing contracts for relevant terms and conditions.
Performing statistical analysis for data anomalies.
Preparing evidentiary documentation.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 315
According to IIA guidance,which of the following is true about the supervising internal auditor's review
notes?
· They are discussed with management prior to finalizing the audit. · They may be discarded after working
papers are amended as appropriate. · They are created by the auditor to support her fieldwork in case of
questions. · They are not required to support observations issued in the audit report.
A.
B.
C.
D.
1 and 3 only
1 and 4 only
2 and 3 only
2 and 4 only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 316
During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal
funds from the organization. Which of the following best describes this condition?
A.
B.
C.
D.
Scheme.
Opportunity.
Rationalization.
Pressure.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 317
According to IIA guidance, which of the following are appropriate actions for the chief audit executive
regarding management's response to audit recommendations?
A. Evaluate and verify management's response, and determine the need and scope for additional work.
B. Evaluate and verify management's response, and establish timelines for corrective action by
management.
C. Oversee the corrective actions undertaken by management, and determine the need and scope for
additional work.
D. Oversee the corrective actions undertaken by management, and establish timelines for corrective action
by management.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 318
According to the Standards, which of the following is leastimportant in determining the adequacy of an
annual audit plan?
A.
B.
C.
D.
Sufficiency.
Appropriateness.
Effective deployment.
Cost effectiveness.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 319
The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal
audit departments located around the world, is reviewing responsibilities for engagement reports. According
to IIA guidance, which of the following statements is true?
A. The CAE is required to review, approve, and sign every engagement report.
B. The CAE is required to review, approve, and sign all regulatory compliance engagement reports only
C. The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but
should review the reports after they are issued.
D. The internal audit charter must identify authorized signers of engagement reports.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 320
The internal audit activity (IAA) wants to measure its performance related to the quality of audit
recommendations. Which of the following client survey questions would best help the IAA meet this
objective?
A.
B.
C.
D.
Were audit findings relevant and useful to management?
Does the audit report format present issues clearly and concisely?
Does the IAA work with a high degree of professionalism and objectivity?
Were the findings reported in a timely manner?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 321
When forming an opinion on the adequacy of management's systems of internal control, which of the
following findings would provide the most reliable assurance to the chief audit executive? · During an audit
of the hiring process in a law firm, it was discovered that potential employees' credentials were not always
confirmed sufficiently. This process remained unchanged at the following audit.
· During an audit of the accounts payable department, auditors calculated that two percent of accounts
were paid past due. This condition persisted at a follow up audit. · During an audit of the vehicle fleet of a
rental agency, it was determined that at any given time, eight percent of the vehicles were not operational.
During the next audit, this figure had increased. · During an audit of the cash handling process in a casino,
internal audit discovered control deficiencies in the transfer process between the slot machines and the
cash counting area. It was corrected immediately.
A. 1 and 3 only
B. 1 and 4 only
C. 2 and 3 only
D. 2 and 4 only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 322
An internal auditor and engagement client are deadlocked over the auditor's differing opinion with
management on the adequacy of access controls for a major system. Which of the following strategies
would be the most helpful in resolving this dispute?
A.
B.
C.
D.
Conduct a joint brainstorming session with management.
Ask the chief audit executive to mediate.
Disclose the client's differing opinion in the final report.
Escalate the issue to senior management for a decision.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 323
When setting the scope for the identification and assessment of key risks and controls in a process, which
of the following would be the least appropriate approach?
A. Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives
are considered.
B. Develop the scope of the audit to include controls that are necessary to manage risk associated with a
critical business objective.
C. Specify that the auditors need to assess only key controls, but may include an assessment of non-key
controls if there is value to the business in providing such assurance.
D. Ensure the audit includes an assessment of manual and automated controls to determine whether
business risks are effectively managed.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 324
According to IIA guidance, which of the following is true when the internal audit activity is asked to
investigate potential ethics violations in a foreign subsidiary?
A. Communication of any internal ethics violations to external parties may occur with appropriate
safeguards.
B. Cultural impacts are less critical where the organization practices uniform polices around the globe.
C. Cross-cultural differences should always be handled by the staff of the same cultural background.
D. Local law enforcement should be involved as they are more familiar with the applicable local laws.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 325
The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the
internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate
strategies to maximize the value of the current IAA resources? · The annual audit plan should include
audits that are consistent with the skills of the IAA. · Audits of high-risk areas of the organization should be
conducted by internal audit staff. · External resources may be hired to provide subject-matter expertise but
should be supervised. · Auditors should develop their skills by being assigned to complex audits for learning
opportunities.
A.
B.
C.
D.
1 and 2 only
1 and 4 only
2 and 3 only
3 and 4 only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 326
It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the
following items to submit to either the board or the chief executive officer (CEO) for approval. According to
IIA guidance, which of the following items should be submitted only to the CEO?
A.
B.
C.
D.
The internal audit risk assessment and audit plan for the next fiscal year.
The internal audit budget and resource plan for the coming fiscal year.
A request for an increase of the CAE's salary for the next fiscal year.
The evaluation and compensation of the internal audit team.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 327
An internal control questionnaire would be most appropriate in which of the following situations?
A.
B.
C.
D.
Testing controls where operating procedures vary.
Testing controls in decentralized offices.
Testing controls in high risk areas.
Testing controls in areas with high control failure rates.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 328
According to IIA guidance, which of the following statements is true regarding the authority of the chief audit
executive (CAE) to release previous audit reports to outside parties?
A. The CAE can release prior internal audit reports with the approval of the board and senior management.
B. The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.
C. The CAE can only release prior information outside the organization when mandated by legal or
statutory requirements.
D. The CAE can release prior information provided it is as originally published and distributed within the
organization.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 329
An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group.
Which of the following is the most appropriate role that she should assume when facilitating the workshop?
A.
B.
C.
D.
Express an opinion on the participants' inputs and conclusions as the assessment progresses.
Provide appropriate techniques and guidelines on how the exercise should be undertaken.
Evaluate and report on all issues that may be uncovered during the exercise.
Screen and vet participants so that the most appropriate candidates are selected to participate in the
exercise.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 330
An audit identified a number of weaknesses in the configuration of a critical client/server system. Although
some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will
require between 6 and 18 months for completion. Consequently, management has developed a detailed
action plan, with anticipated completion dates, for addressing the weaknesses. What is the most
appropriate course of action for the chief audit executive to take?
A. Assess the status of corrective action during a follow-up audit engagement after the action plan has
been completed.
B. Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages,
and denials of service.
C. Reassign information systems auditors to assist in implementing management's action plan.
D. Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and
deliverables.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 331
Which of the following is not an outcome of control self-assessment?
A. Informal, soft controls are omitted, and greater focus is placed on hard controls.
B. The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and
continuous improvement.
C. Internal auditors become involved in and knowledgeable about the self-assessment process.
D. Nonaudit employees become experienced in assessing controls and associating control processes with
managing risks.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 332
A code of business conduct should include which of the following to increase its deterrent effect?
1. Appropriate descriptions of penalties for misconduct.
2. A notification that code of conduct violations may lead to criminal prosecution.
3. A description of violations that injure the interests of the employer.
4. A list of employees covered by the code of conduct.
A.
B.
C.
D.
1 and 2
1 and 3
2 and 4
3 and 4
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 333
New environmental regulations require the board to certify that the organization's reported pollutant
emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over
the organization's compliance with the environmental regulations. Which of the following groups or
individuals is most important for the CAE to consult to determine the scope of the audit?
A.
B.
C.
D.
The audit committee of the board.
The environmental, health, and safety manager.
The organization's external environmental lawyers.
The organization's insurance department.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 334
The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk
management process. Which of the following activities is appropriate for IAA to perform without
safeguards?
A.
B.
C.
D.
Coach management in responding to risks.
Develop risk management strategies for board approval.
Facilitate identification and evaluation of risks.
Evaluate risk management processes.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 335
According to IIA guidance, which of the following statements are true regarding the internal audit plan?
1. The audit plan is based on an assessment of risks to the organization.
2. The audit plan is designed to determine the effectiveness of the organization's risk management
process.
3. The audit plan is developed by senior management of the organization.
4. The audit plan is aligned with the organization's goals.
A.
B.
C.
D.
1 and 2 only
3 and 4 only
1, 2, and 4
1, 3, and 4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 336
An internal auditor is assessing the organization's risk management framework. Which of the following
formulas should he use to calculate the residual risk?
A.
B.
C.
D.
A. Option A
B. Option B
C. Option C
D. Option D
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 337
Which of the following statements is false regarding roles and responsibilities pertaining to risk
management and control?
A. Senior management is charged with overseeing the establishment risk management and control
processes.
B. The chief audit executive is responsible for overseeing the evaluation risk management and control
processes.
C. Operating managers are responsible for assessing risks and controls in their departments.
D. Internal auditors provide assurance about risk management and control process effectiveness.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 338
Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.
A.
B.
C.
D.
1 and 3 only
2 and 4 only
1, 3, and 4 only
1, 2, 3, and 4
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 339
Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward
contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from
individual purchases of jet fuel, which of the following details does the internal auditor need to validate?
1. The hedge documentation designating the hedge.
2. The spot exchange rate on the transaction date.
3. The terms of the forward contract.
4. The amount of fuel purchased.
http://www.gratisexam.com/
A.
B.
C.
D.
1 and 2
1 and 4
2 and 3
3 and 4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 340
Which of the following statements describes an engagement planning best practice?
A. It is best to determine planning activities on a case-by-case basis because they can vary widely from
engagement to engagement.
B. If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures
during the planning phase.
C. The engagement plan includes the expected distribution of the audit results, which should be kept
confidential until the audit report is final.
D. Engagement planning activities include setting engagement objectives that align with audit client's
business objectives.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 341
Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an
assurance engagement?
A.
B.
C.
D.
To help develop process maps.
To determine segregation of duties.
To identify residual risks.
To test the adequacy of controls.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 342
After the team member who specialized in fraud investigations left the internal audit team, the chief audit
executive decided to outsource fraud investigations to a third party service provider on an as needed basis.
Which of the following is most likely to be a disadvantage of this outsourcing decision?
A.
B.
C.
D.
Cost.
Independence.
Familiarity.
Flexibility.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 343
Which of the following is an effective approach for internal auditors to take to improve collaboration with
audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope
accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the
approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be
conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before
publishing the report.
A. 1 and 2 only
B. 1 and 4 only
C. 2 and 3 only
D. 3 and 4 only
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 344
According to IIA guidance, which of the following is true regarding the exit conference for an internal audit
engagement?
A. A primary purpose of the exit conference is to provide for the timely communication of observations that
call for immediate management action.
B. Both the chief audit executive and the chief executive over the activity or function reviewed must attend
the exit conference to validate the findings.
C. The exit conference provides only anticipated results for inclusion in the final audit communication.
D. During the exit conference, the performance of the internal auditors who executed the engagement is
reviewed.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 345
Which of the following components should be included in an audit finding?
1. The scope of the audit.
2. The standard(s) used by the auditor to make the evaluation.
3. The engagement's objectives.
4. The factual evidence that the internal auditor found in the course of the examination.
A.
B.
C.
D.
1 and 2
1 and 3 only
2 and 4
1, 3, and 4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 346
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to
review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement
on each report. According to IIA guidance, which of the following opinions would receive the lowest review
priority?
1. Graded positive opinion.
2. Negative assurance opinion.
3. Limited assurance opinion.
4. Third-party opinion.
A. 1 and 3
B. 1 and 4
C. 2 and 3
D. 2 and 4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 347
After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit
team concluded that no key controls were compromised. However, some opportunities for improvement
were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to
report these results?
A. The CAE should send the final report to operational and senior management and the audit committee.
B. The CAE should send the final report to operational management only, as there is no need to
communicate this information to higher levels.
C. The CAE should notify operational and senior management that the audit engagement was completed
with no significant findings to report.
D. The CAE should send the final report to operational management and notify senior management and
the audit committee that no significant findings were identified.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 348
While conducting an audit of a third party's Web-based payment processor, an internal auditor discovers
that a programming error allows customers to create multiple accounts for a single mailing address.
Management agrees to correct the program and notify customers with multiple accounts that the accounts
will be consolidated. Which of the following actions should the auditor take?
1. Schedule a follow-up review to verify that the program was corrected and the accounts were
consolidated.
2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts
were consolidated.
4. Submit management's plan of action to the external auditors for additional review.
A.
B.
C.
D.
1 and 2
1 and 4
2 and 3
3 and 4
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 349
An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of
interest between the chief operating officer and a significant supplier of IT software development services.
Which of the following actions is most appropriate for the internal auditor to take?
A.
B.
C.
D.
Inform the audit supervisor.
Investigate the potential conflict of interest.
Inform the external auditors of the potential conflict of interest.
Disregard the potential conflict, because it is outside the scope of the audit assignment.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 350
A large retail organization, which sells most of its products online, experiences a computer hacking incident.
The chief IT officer immediately investigates the incident and concludes that the attempt was not
successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor.
Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as
a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the
chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internetbased sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.
A.
B.
C.
D.
1 and 2
1 and 3
2 and 4
3 and 4
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 351
During an assurance engagement, an internal auditor noted that the time staff spent accessing customer
information in large Excel spreadsheets could be reduced significantly through the use of macros. The
auditor would like to train staff on how to use the macros. Which of the following is the most appropriate
course of action for the internal auditor to take?
A. The auditor must not perform the training, because any task to improve the business process could
impact audit independence.
B. The auditor must create a new, separate consulting engagement with the business process owner prior
to performing the improvement task.
C. The auditor should get permission to extend the current engagement, and with the process owner's
approval, perform the improvement task.
D. The auditor may proceed with the improvement task without obtaining formal approval, because the
task is voluntary and not time-intensive.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 352
According to IIA guidance, which of the following strategies would add the least value to the achievement of
the internal audit activity's (IAA's) objectives?
A. Align organizational activities to internal audit activities and measure according to the approved IAA
performance measures.
B. Establish a periodic review of monitoring and reporting processes to help ensure relevant IAA reporting.
C. Use the results of IAA engagement and advisory reporting to guide current and future internal audit
activities.
D. Establish a format and frequency for IAA reporting that is appropriate and aligns with the organization's
governance structure.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 353
According to IIA guidance, which of the following statements best justifies a chief audit executive's request
for external consultants to complement internal audit activity (IAA) resources?
A.
B.
C.
D.
The organization's audit universe is extensive and diverse.
There has been an increase in unanticipated requests for advisory work.
Previous work provided by the external service provider has been of great quality and value.
A recent benchmarking study found that using external service providers is a common practice of
similarly-sized IAAs in other organizations.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 354
The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the
Standards through a quality assurance review. According to the Standards, which of the following are
acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA.
4. Arrange for reciprocal peer review with another CAE.
A.
B.
C.
D.
1 and 2
2 and 4
1, 2, and 3
2, 3, and 4
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 355
A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk
management processes. Which of the following people should prioritize risks to be used for the audit plan?
A. Operational management, because they are responsible for the day-to-day management of the
operational risks.
B. The CRO, because he is responsible for coordinating and project managing risk activities based on his
specialized skills and knowledge.
C. The chief audit executive, although he is not accountable for risk management in the organization.
D. The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed
tolerance limits set by the board.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 356
Which of the following actions are appropriate for the chief audit executive to perform when identifying audit
resource requirements?
1. Consider employees from other operational areas as audit resources, to provide additional audit
coverage in the organization.
2. Approach an external service provider to conduct internal audits on certain areas of the organization, due
to a lack of skills in the organization.
3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to
limited IT audit skills among the audit staff.
4. Communicate to senior management a summary report on the status and adequacy of audit resources.
A.
B.
C.
D.
1 and 3 only
2 and 4 only
1, 2, and 4
2, 3, and 4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 357
The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for
process managers and staff to identify opportunities for improving productivity and reducing defects. Which
of the following is the most likely reason the CRO chose the workshop approach?
A.
B.
C.
D.
It minimizes the amount of time spent and cost incurred to gather the necessary information.
Responses can be confidential, thus encouraging participants to be candid expressing their concerns.
Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.
Workshop participants have an opportunity to learn while contributing ideas toward the objectives.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 358
Which of the following is the primary purpose of financial statement audit engagements?
A. To assess the efficiency and effectiveness of the accounting department.
B. To evaluate organizational and departmental structures, including assessments of process flows related
to financial matters.
C. To provide a review of routine financial reports, including analyses of selected accounts for compliance
with generally accepted accounting principles.
D. To provide an analysis of business process controls in the accounting department, including tests of
compliance with internal policies and procedures.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 359
An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of
the finance department, despite previous audit recommendations. Which of the following recommendations
is the most appropriate to address this concern?
A.
B.
C.
D.
Recommend additional segregation-of-duty reviews.
Recommend appropriate awareness training for all finance department staff.
Recommend rotating finance staff in this area.
Recommend that management address these concerns immediately.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 360
Which of the following has the greatest effect on the efficiency of an audit?
A.
B.
C.
D.
The complexity of deficiency findings.
The adequacy of preliminary survey information.
The organization and content of workpapers.
The method and amount of supporting detail used for the audit report.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 361
Which of the following is least likely to help ensure that risk is considered in a work program?
A.
B.
C.
D.
Risks are discussed with audit client.
All available information from the risk-based plan is used.
Client efforts to affect risk management are considered.
Prior risk assessments are considered.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 362
An internal auditor is conducting an assessment of the purchasing department. She has worked the full
amount of hours budgeted for the engagement; however, the audit objectives are not yet complete.
According to IIA guidance, which of the following are appropriate options available to the chief audit
executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement.
3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.
A.
B.
C.
D.
1, 2, and 3
1, 2, and 4
1, 3, and 4
2, 3, and 4
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 363
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks
to audit team members for an engagement?
A.
B.
C.
D.
The amount of experience the auditors have conducting audits in the specific area of the organization.
The availability of the auditors in relation to the availability of key client staff.
Whether the budgeted hours are sufficient to complete the audit within the current scope.
Whether outside resources will be needed, and their availability.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 364
An organization's internal audit plan includes a recurring assurance review of the human resources (HR)
department. Which of the following statements is true regarding preliminary communication between the
auditor in charge (AIC) and the HR department?
1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.
2. The AIC should notify HR management before the planning stage begins.
3. The AIC should schedule formal status meetings with HR management at the start of the engagement.
4. The AIC should finalize the scope of the engagement before communicating with HR management.
A.
B.
C.
D.
1 and 3
1 and 4
2 and 3
2 and 4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 365
The final internal audit report should be distributed to which of the following individuals?
A.
B.
C.
D.
Audit client management only
Executive management only
Audit client management, executive management, and others approved by the chief audit executive.
Audit client management, executive management, and any those who request a copy.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 366
According to IIA guidance, which of the following individuals should receive the final audit report on a
compliance engagement for the organization's cash disbursements process?
A.
B.
C.
D.
The accounts payable supervisor, accounts payable manager, and controller.
The accounts payable manager, purchasing manager, and receiving manager.
The accounts payable supervisor, controller, and treasurer.
The accounts payable manager, chief financial officer, and audit committee.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 367
If observed during fieldwork by an internal auditor, which of the following activities is least important to
communicate formally to the chief audit executive?
A.
B.
C.
D.
Acts that may endanger the health or safety of individuals.
Acts that favor one party to the detriment of another.
Acts that damage or have an adverse effect on the environment.
Acts that conceal inappropriate activities in the organization.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 368
An internal auditor submitted a report containing recommendations for management to enhance internal
controls related to investments. To follow up, which of the following is the most appropriate action for the
internal auditor to take?
A.
B.
C.
D.
Observe corrective measures.
Seek a management assurance declaration.
Follow up during the next scheduled audit.
Conduct appropriate testing to verify management responses.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 369
Which of the following would most likely cause an internal auditor to consider adding fraud work steps to
the audit program?
A.
B.
C.
D.
Improper segregation of duties.
Incentives and bonus programs.
An employee's reported concerns.
Lack of an ethics policy.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 370
Which of the following recommendations made by the internal audit activity (IAA) is most likely to help
prevent fraud?
A. A review of password policy compliance found that employees frequently use the same password more
than once during a year. The IAA recommends that the access control software reject any password
used more than once during a 12-month period.
B. A review of internal service-level agreement compliance in financial services found that requests for
information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services
unit be eliminated for its ineffectiveness.
C. A vacation policy compliance review found that employees frequently leave on vacation before their
leave applications are signed by their manager. The IAA recommends that the manager attend to the
leave applications in a more timely fashion.
D. A review of customer service-level agreements found that orders to several customers are frequently
delivered late. The IAA recommends that the organization extend the expected delivery time advertised
on its website.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 371
An organization's board would like to establish a formal risk management function and has asked the chief
audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles
should the CAE not undertake?
A.
B.
C.
D.
Manage and coordinate risk management processes.
Audit risk management processes.
Become involved in risk oversight committees, monitoring activities, and status reporting.
Accept management's responsibility for risk management without board approval.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 372
When creating the internal audit plan, the chief audit executive should prioritize engagements based
primarily on which of the following?
A.
B.
C.
D.
The last available risk assessment.
Requests from senior management and the board.
The longest interval since the last examination of each audit universe item.
The auditable areas required by regulatory agencies.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 373
Which of the following conditions are necessary for successful change management?
1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.
A.
B.
C.
D.
1 and 2
1 and 3
2 and 3
2 and 4
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 374
A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She
would like to consider the organization's attitude toward risk and the degree of difficulty in achieving
objectives. Which of the following resources should the CAE consult?
A.
B.
C.
D.
The corporate risk register.
The strategic plan.
Internal and external audit reports.
The board's meeting records.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 375
When establishing a quality assurance and improvement program, the chief audit executive should ensure
the program is designed to accomplish which of the following objectives?
1. Add value.
2. Improve operations.
3. Provide assurance that the internal audit activity conforms with the Standards.
4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.
A. 1 only
B. 1 and 2 only
C. 1 and 3 only
D. 1, 2, 3, and 4
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 376
Which of the following best illustrates the primary focus of a risk-based approach to control selfassessment?
A.
B.
C.
D.
To evaluate controls regarding the computer security of an oil refinery.
To examine the processes involved in exploring, developing, and operating a gold mine.
To assess the likelihood and impact of events associated with operating a finished goods warehouse.
To link a financial institution's business objectives to a work unit responsible for the associated risk.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 377
Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit
objectives would be most important to prevent fraud?
A.
B.
C.
D.
Verify that amounts are correct.
Verify that payments are on time.
Verify that recipients are valid employees.
Verify that benefits deductions are accurate.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 378
Which of the following statements is false regarding audit criteria?
A.
B.
C.
D.
Audit criteria should be consistent across audit assignments.
Audit criteria should represent reasonable standards against which to assess existing conditions.
Audit criteria should provide flexibility but allow identification of nonadherence.
Audit criteria should equate to good or acceptable management practices.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 379
An audit client responded to recommendations from a recent consulting engagement. The client indicated
that several recommended process improvements would not be implemented. Which of the following
actions should the internal audit activity take in response?
A. Escalate the unresolved issues to the board, because they could pose significant risk exposures to the
organization.
B. Confirm the decision with management and document this decision in the audit file.
C. Document the issue in the audit file and follow up until the issues are resolved.
D. Initiate an assurance engagement on the unresolved issues.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 380
Which of the following is the most important concept to be included in a consulting engagement
agreement?
A. Define the duties and responsibilities needed from management to perform the engagement.
B. Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of
the review.
C. Clarify that matters discovered during the engagement may also be reported to senior management and
the audit committee.
D. Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are
implemented adequately.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 381
An employee in the sales department completes a purchase requisition and forwards it to the purchaser.
The purchaser places competitive bids and orders the requested items using approved purchase orders.
When the employee receives the ordered items, she forwards the packing slips to the accounts payable
department. The invoice for the ordered items is sent directly to the sales department, and an
administrative assistant in the sales department forwards the invoices to the accounts payable department
for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts
process?
A.
B.
C.
D.
Verify that approvals of purchasing documents comply with the authority matrix.
Observe whether the purchase orders are sequentially numbered.
Examine whether the sales department supervisor approves invoices for payment.
Determine whether the accounts payable department reconciles all purchasing documents prior to
payment.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 382
According to IIA guidance, which of the following are the most important objectives for helping to ensure the
appropriate completion of an engagement?
1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.
2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.
3. Provide structured learning opportunities for engagement auditors when possible.
4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.
A.
B.
C.
D.
1, 2, and 3
1, 2, and 4
1, 3, and 4
2, 3, and 4
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 383
When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are
most important for the chief audit executive to consider for the effective use of audit resources?
1. The competency and qualifications of the audit staff for specific assignments.
2. The effectiveness of IAA staff performance measures.
3. The number of training hours received by staff auditors compared to the budget.
4. The geographical dispersion of audit staff across the organization.
A.
B.
C.
D.
1 and 3
1 and 4
2 and 3
2 and 4
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 384
When developing the scope of an audit engagement, which of the following would the internal auditor
typically not need to consider?
A.
B.
C.
D.
The need and availability of automated support.
The potential impact of key risks.
The expected outcomes and deliverables.
The operational and geographic boundaries.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 385
Which of the following situations would justify the removal of a finding from the final audit report?
A.
B.
C.
D.
Management disagrees with the report findings and conclusions in their responses.
Management has already satisfactorily completed the recommended corrective action.
Management has provided additional information that contradicts the findings.
Management believes that the finding is insignificant and unfairly included in the report.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 386
According to IIA guidance, which of the following activities is most likely to enhance stakeholders'
perception of the value the internal audit activity (IAA) adds to the organization?
1. The IAA uses computer-assisted audit techniques and IT applications.
2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.
3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.
4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.
A.
B.
C.
D.
1 and 2
1 and 3
2 and 4
3 and 4
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 387
A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal
auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe
further when reviewing incidents that have the appearance of misbehavior?
A.
B.
C.
D.
Integrity.
Flexibility.
Initiative.
Curiosity.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 388
According to IIA guidance, which of the following procedures would be least effective in managing the risk
of payroll fraud?
A.
B.
C.
D.
The employee's name listed on organization's payroll is compared to the personnel records.
Payroll time sheets are reviewed and approved by the timekeeper before processing.
Employee access to the payroll database is deactivated immediately upon termination.
Changes to payroll are validated by the personnel department before being processed.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 389
During an assurance engagement, an internal auditor discovered that a sales manager approved numerous
sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit
supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA
guidance, which of the following would be the most appropriate next step?
A. The audit supervisor should include the new contracts in the finding for the final audit report.
B. The audit supervisor should communicate the finding to the supervisor of the sales manager through an
interim report.
C. The audit supervisor should remind the sales manager of his authority limit for the contracts under
negotiation.
D. The auditor should not reference the new contracts, because they are not yet signed and therefore
cannot be included in the final report.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 390
An internal auditor wants to determine whether employees are complying with the information security
policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a
sample of 90 desks and found eight that contained sensitive information. How should this observation be
reported, if the organization tolerates 4 percent noncompliance?
A. The matter does not need to be reported, because the noncompliant findings fall within the acceptable
tolerance limit.
B. The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the
information security manager.
C. The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate
corrective action, as opposed to reporting.
D. The incidents of noncompliance exceed the tolerance level and should be included in the final
engagement report.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 391
Which of the following is the primary reason the chief audit executive should consider the organization's
strategic plans when developing the annual audit plan?
A. Strategic plans reflect the organization's business objectives and overall attitude toward risk.
B. Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal
audit activity resources.
C. Strategic plans are likely to show areas of weak financial controls.
D. The strategic plan is a relatively stable document on which to base audit planning.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 392
An organization has a health and safety division that conducts audits to meet regulatory requirements. The
chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate
role for the chief audit executive (CAE) with regard to the organization's health and safety program?
A. The CAE has no role to play, because the chief health and safety officer reports to a senior executive.
B. The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an
understanding of whether risks related to health and safety are managed properly.
C. The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is
the appropriate regulatory oversight body.
D. The CAE should hire an independent external specialist to conduct an annual assessment and provide
assurance over the effectiveness of the health and safety program and the reliability of its reports.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 393
Which of the following factors should a chief audit executive consider when determining the audit universe?
1. Components of the organization's strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.
A.
B.
C.
D.
1 and 2 only
2 and 4 only
1, 2, and 4
2, 3, and 4
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 394
Which of the following evaluation criteria would be the most useful to help the chief audit executive
determine whether an external service provider possesses the knowledge, skills, and other competencies
needed to perform a review?
A. The financial interest the service provider may have in the organization.
B. The relationship the service provider may have had with the organization or the activities being
reviewed.
C. Compensation or other incentives that may be applicable to the service provider.
D. The service provider's experience in the type of work being considered.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 395
Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's
board?
1. Intervening during an audit involving ethical wrongdoing.
2. Discussing periodic reports of ethical breaches.
3. Authorizing an investigation of an unsafe product.
4. Negotiating a settlement of an employee claim for personal damages.
A.
B.
C.
D.
1 and 2
1 and 4
2 and 3
3 and 4
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 396
According to IIA guidance, which of the following is true regarding audit supervision?
1. Supervision should be performed throughout the planning, examination, evaluation, communication, and
follow-up stages of the audit engagement.
2. Supervision should extend to training, time reporting, and expense control, as well as administrative
matters.
3. Supervision should include review of engagement workpapers, with documented evidence of the review.
A.
B.
C.
D.
1 and 2 only
1 and 3 only
2 and 3 only
1, 2, and 3
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 397
Which of the following best describes the four components of a balanced scorecard?
A.
B.
C.
D.
Customers, innovation, growth, and internal processes.
Business objectives, critical success factors, innovation, and growth.
Customers, support, critical success factors, and learning.
Financial measures, learning and growth, customers, and internal processes.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 398
Which of the following is not a direct benefit of control self-assessment (CSA)?
A.
B.
C.
D.
CSA allows management to have input into the audit plan.
CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.
CSA can improve the control environment.
CSA increases control consciousness.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 399
An internal auditor is conducting a financial audit. Which of the following audit procedures is most
appropriate when existing internal controls are weak?
A.
B.
C.
D.
Analytical procedures.
Detail testing.
Test of design.
Test of control.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 400
A draft internal audit report that cites deficient conditions generally should be reviewed with which of the
following groups?
1. The client manager and her superior.
2. Anyone who may object to the report's validity.
3. Anyone required to take action.
4. The same individuals who receive the final report.
A.
B.
C.
D.
1 only
1 and 2 only
1, 2, and 3
1, 2, and 4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 401
Which of the following statements is true pertaining to interviewing a fraud suspect?
1. Information gathered can be subjective as well as objective to be useful.
2. The primary objective is to obtain a voluntary written confession.
3. The interviewer is likely to begin the interview with open-ended questions.
4. Video recordings always should be used to provide the highest quality evidence.
A.
B.
C.
D.
1 only
4 only
1 and 3
2 and 4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 402
According to IIA guidance, which of the following statements is false regarding a review of the controls in
place to prevent fraud?
A.
B.
C.
D.
The review should focus on the efficiency of the controls in place to prevent fraud.
The scope of the review does not need to include all operating areas of the organization.
The cost of the control should be compared to the benefit of mitigating the related risk.
The review should assess whether the internal controls can be circumvented.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 403
According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit
executive with respect to the final audit report?
1. Coordinate post-engagement conferences to discuss the final audit report with management.
2. Include management's responses in the final audit report.
3. Review and approve the final audit report.
4. Determine who will receive the final audit report.
A.
B.
C.
D.
1 and 2
1 and 4
2 and 3
3 and 4
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 404
According to IIA guidance, which of the following factors should the auditor in charge consider when
determining the resource requirements for an audit engagement?
A. The number, experience, and availability of audit staff as well as the nature, complexity, and time
constraints of the engagement.
B. The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.
C. The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate
with external auditors.
D. The appropriateness and sufficiency of resources as well as the nature, complexity, and time
constraints of the engagement.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 405
According to IIA guidance, which of the following is least likely to be a key financial control in an
organization's accounts payable process?
A. Require the approval of additions and changes to the vendor master listing, where the inherent risk of
false vendors is high.
B. Monitor amounts paid each period and compare them to the budget to identify potential issues.
C. Compare employee addresses to vendor addresses to identify potential employee fraud.
D. Monitor customer quality complaints compared to the prior period to identify vendor issues.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 406
Which of the following is an appropriate role for the internal audit activity with regard to the organization's
risk management program?
A.
B.
C.
D.
Identify and manage risks in line with the organization's risk appetite.
Ensure that a proper and effective risk management process exists.
Attain an adequate understanding of the organization's key risk mitigation strategies.
Identify and ensure that appropriate controls exist to mitigate risks.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 407
Which of the following would not be a typical activity for the chief audit executive to perform following an
audit engagement?
A.
B.
C.
D.
Report follow-up activities to senior management.
Implement follow-up procedures to evaluate residual risk.
Determine the costs of implementing the recommendations.
Evaluate the extent of improvements.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 408
During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are
still not performed regularly by the AR staff, a recommendation that was made following a previous audit.
Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial
reporting function and AR report to the controller, who is responsible for implementing action plans. Which
of the following supports the internal auditor's decision to combine both observations into one reported
finding?
A.
B.
C.
D.
The observation was made during the same audit, and the action plan has a common owner.
The observation relates to the same control activity within a common process.
The observation has a common control, and it was noted in a prior audit.
The observation has a common process, and the action plan for the observation has a common owner.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 409
A chief audit executive (CAE) received a detailed internal report of senior management's internal control
assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance
over management's assertions?
A. Assert whether the described and reported control processes and systems exist.
B. Assess whether senior management adequately supports and promotes the internal control culture
described in the report.
C. Evaluate the completeness of the report and management's responses to identified deficiencies.
D. Determine whether management's operating style and the philosophy described in the report reflect the
effective functioning of internal controls.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 410
Which of the followings statements describes a best practice regarding assurance engagement
communication activities?
A. All assurance engagement observations should be communicated to the audit committee.
B. All assurance engagement observations should be included in the main section of the engagement
communication.
C. During the "communicate" phase of an assurance engagement, it is best to define the methods and
timing of engagement communications.
D. A detailed escalation process should be developed during the planning stage of an assurance
engagement.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 411
Which of the following would be a red flag that indicates the possibility of inventory fraud?
A. The controller has assumed responsibility for approving all payments to certain vendors.
II. The controller has continuously delayed installation of a new accounts payable system, despite a
corporate directive to implement it.
III. Sales commissions are not consistent with the organization's increased levels of sales.
IV. Payments to certain vendors are supported by copies of receiving memos, rather than originals.
B. I and II only
C. II and III only
D. I, II, and IV only
E. I, III, and IV only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 412
During an operational audit of a chain of pizza delivery stores, an auditor determined that cold pizzas were
causing customer dissatisfaction. A review of oven calibration records for the last six months revealed that
adjustments were made on over 40 percent of the ovens. Based on this, the auditor:
A. Has enough evidence to conclude that improperly functioning ovens are the cause.
B. Needs to conduct further inquiries and reviews to determine the impact of the oven variations on the
pizza temperature.
http://www.gratisexam.com/
C. Has enough evidence to recommend the replacement of some of the ovens.
D. Must search for another cause since approximately 60 percent of the ovens did not require adjustment.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 413
When assessing the risk associated with an activity, an internal auditor should:
A.
B.
C.
D.
Determine how the risk should best be managed.
Provide assurance on the management of the risk.
Modify the risk management process based on risk exposures.
Design controls to mitigate the identified risks.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 414
Which of the following procedures would provide the best evidence of the effectiveness of a credit- granting
function?
A.
B.
C.
D.
Observe the process.
Review the trend in receivables write-offs.
Ask the credit manager about the effectiveness of the function.
Check for evidence of credit approval on a sample of customer orders.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 415
What would be used to determine the collectability of accounts receivable balances?
A.
B.
C.
D.
The file of related shipping documents.
Negative accounts receivable confirmations.
Positive accounts receivable confirmations.
An aged accounts receivable listing.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 416
Which of the following would provide the best evidence of compliance with an airline's standard of having
aircraft refueled and cleaned within a specified time of arrival at an airport?
A.
B.
C.
D.
Vendor fuel invoices that have been reconciled to inventory records.
Time cards completed by aircraft cleaning and fueling crews.
Observation of selected aircraft while they are being refueled and cleaned.
Comparison of the standard hourly labor costs for cleaning and fueling personnel with actual labor
charges.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 417
A company's policy requires that all customers be treated in a fair and consistent manner. Which of the
following audit procedures would provide the most persuasive evidence that the policy was followed?
A.
B.
C.
D.
Compare the aging of outstanding receivables due from each customer.
Compare credit reports with annual sales for a sample of customers.
Compare the ratio of outstanding receivables to the authorized credit limit for each customer.
Compare the sales discounts offered to each customer.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 418
An auditor plans to analyze customer satisfaction, including. (1) customer complaints recorded by the
customer service department during the last three months; (2) merchandise returned in the last three
months; and (3) responses to a survey of customers who made purchases in the last three months. Which
of the following statements regarding this audit approach is correct?
A. Although useful, such an analysis does not address any risk factors.
B. The survey would not consider customers who did not make purchases in the last three months.
C. Steps 1 and 2 of the analysis are not necessary or cost-effective if the customer survey is
comprehensive.
D. Analysis of three months' activity would not evaluate customer satisfaction.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 419
Company A has a formal comprehensive corporate code of ethics while company B does not.
Which of the following statements regarding the existence of the code of ethics in company A can be
logically inferred?
A. Company A exhibits a higher standard of ethical behavior than does company B.
II. Company A has established objective criteria by which an employee's actions can be evaluated.
III. The absence of a formal corporate code of ethics in company B would prevent a successful audit of
ethical behavior in that company.
B. II only
C. III only
D. I and II only
E. II and III only
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 420
Which of the following files, when compared with billing records, would provide the best source of
information for determining if all goods shipped are billed to customers?
A.
B.
C.
D.
Pre-numbered customer invoices.
Accounts receivable transactions.
Pre-numbered shipping documents.
Customer purchase orders.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 421
Which of the following is the best problem-solving technique to use when analyzing performance and cost?
A.
B.
C.
D.
Value analysis.
Attribute listing.
Brainstorming.
Component analysis.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 422
The following is an excerpt from an audit engagement workpaper:
Objective. To determine if the computer system is correctly recording all accounts receivable transactions.
Procedures: Judgmental selection of a sample of all accounts receivable balances greater than $50,000 for
positive confirmation of balances.
Conclusion: Based on the results of testing wherein all but three confirmations were returned, the accounts
receivable balance is fairly presented in all material respects.
Which of the following is true regarding the workpaper?
A.
B.
C.
D.
It is not appropriate to judgmentally select a sample when testing accounts receivable.
A conclusion should be reached only for the results of overall testing, not for individual procedures.
The audit procedures used are not consistent with the audit objective.
The format of the workpaper does not conform to the standard format for workpapers.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 423
Which of the following trends found on financial reports would most likely indicate a possible problem?
A.
B.
C.
D.
A material decrease in the receivables turnover.
A material increase in inventory turnover.
A material increase in daily sales compared to total outstanding receivables.
A material increase in the acid-test ratio.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 424
Which of the following situations would best support the decision of a chief audit executive (CAE) to defer
follow-up activity at a branch office until the next audit engagement?
A.
B.
C.
D.
An audit of the branch office is routinely scheduled every three years.
On-site follow-up of a remote branch may not be feasible due to travel costs.
Branch office management states that correction of the audit issue may take longer than expected.
The CAE and management agree that the corrective action taken to date is sufficient.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 425
When conducting research, which of the following is most important?
A.
B.
C.
D.
Using computer databases or the Internet to find all relevant sources.
Providing documentation of the reference sources.
Presenting only those facts that support the conclusion.
Presenting all contrary views to balance the opinion.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 426
Productivity statistics are provided quarterly to a company's board of directors. An auditor checked the
ratios and other statistics in the four most recent reports. The auditor used scratch paper and copies of the
board reports to verify the accuracy of computations and compared the data used in the computations with
supporting documents. The auditor wrote a note describing this work for the workpapers and then
discarded the scratch paper and report copies. The auditor's note stated.
"The ratios and other statistics in the quarterly board reports were checked for the last four quarters, and
appropriate supporting documents were examined. All amounts appear to be appropriate."
In this situation:
A.
B.
C.
D.
Four quarters is not a large enough sample on which to base a conclusion.
The auditor's workpapers are not sufficient to facilitate an efficient review of the auditor's work.
The auditor should have included the scratch paper in the workpapers.
The auditor should have considered whether the information in the board report was compiled
efficiently.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 427
What does the following scatter gram suggest?
A.
B.
C.
D.
Sales revenue is related to training costs.
The training program is not effective.
Increases in training costs consistently increase sales revenue.
One data point is incorrectly plotted.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 428
New credit policies have been implemented in an automated order-entry system to improve the collection of
receivables. Sales management has compiled several examples that show decreased sales and delayed
order entry, and contends that these examples are a direct result of the new credit-policy constraints. Sales
management's data and information provide.
A. Feedback control data.
B. Irrelevant and argumentative information.
C. Evidence that the new credit policies do not meet the stated corporate objective to improve collections.
D. A statistically valid conclusion about the impact of the new credit policies on customer goodwill.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 429
If an organization's chief audit executive wants to implement continuous auditing, what is the appropriate
order in which key steps should be undertaken?
A. Identify business applications that require access.
II. Implement steps to continuously assess risks and controls.
III. Define objectives of continuous auditing.
IV. Manage and report results.
B. III, I, IV, II.
C. II, I, III, IV.
D. III, I, II, IV.
E. II, III, I, IV.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 430
Which of the following is an example of the verification of internal documentary evidence?
A.
B.
C.
D.
Reviewing a carrier's bill of lading.
Reconciling a vendor's month-end statement.
Vouching a copy of a sales invoice to receivables.
Recalculating a customer's purchase order.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 431
In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor
should:
A. Tell the employee a piece of information obtained from a coworker in a previous interview.
B. Put sensitive questions at the beginning of a questionnaire to ensure that they are answered.
C. Explain that the auditor's reputation for integrity, which is vital to the auditor's business success, would
be seriously damaged if confidentiality were breached.
D. Point out that management has given the auditor full authority to conduct this interview.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 432
During a routine audit of a customer service hotline, an internal auditor noticed that an unusually high
number of customer complaints pertained to payments not being applied to the customers' accounts.
Which of the following would most likely be the reason for the high volume of complaints?
A.
B.
C.
D.
An ineffective customer service department.
Poor controls in the invoice approval processes.
Check tampering by an employee.
Submission of fraudulent expense reports.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 433
An audit of management's quality program includes testing the accuracy of the cost-of-quality reports
provided to management. Which of the following internal control objectives is the focus of this testing?
A.
B.
C.
D.
To ensure compliance with policies, plans, procedures, laws, and regulations.
To ensure the accomplishment of established objectives and goals for operations or programs.
To ensure the reliability and integrity of information.
To ensure the economical and efficient use of resources.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 434
When internal auditors provide consulting services, the scope of the engagement is primarily determined
by:
A.
B.
C.
D.
Internal auditing standards.
The audit engagement team.
The engagement client.
The internal audit activity's charter.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 435
A manufacturing process could create hazardous waste at several production stages, from raw materials
handling to finished goods storage. If the objective of a pollution prevention audit engagement is to identify
opportunities for minimizing waste, in what order should the following opportunities be considered?
A. Recycling and reuse.
II. Elimination at the source.
III. Energy conservation.
B.
C.
D.
E.
IV. Recovery as a usable product Treatment.
V, II, IV, I, III.
IV, II, I, III, V.
I, III, IV, II, V.
III, IV, II, V, I.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 436
Direct staff as a percentage of total staff is an example of which of the following types of efficiency
measures?
A.
B.
C.
D.
Productivity ratio.
Productivity index.
Operating ratio.
Resource utilization rate.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 437
Which of the following data collection strategies systematically tests the effects of various factors on an
outcome?
A.
B.
C.
D.
Content analysis.
Sampling.
Evaluation synthesis.
Modeling.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 438
Which of the following audit procedures is most suitable for verifying that all sales transactions have been
recorded?
A.
B.
C.
D.
Observation.
Tracing.
Re-computation.
Vouching.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
answer is good.
QUESTION 439
Which of the following would be an appropriate and effective control self-assessment approach in an
organization with an authoritative culture?
A. Facilitated meeting
II. Survey
III. Management-produced analysis
B. I only
C. I and III only
D. II and III only
E. I, II, and III
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 440
In which of the following situations would it be most appropriate to employ the services of a forensic
specialist?
A.
B.
C.
D.
Detection of unauthorized changes to source documents.
Review for misapplication of general computer controls over accounts receivable.
Investigation of ghost employees in a large business.
Verification of fixed assets in a manufacturing company.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 441
The balanced scorecard approach differs from traditional performance measurement approaches because
it adds which of the following measures?
A. Financial measures.
II. Internal business process measures.
III. Client satisfaction measures.
IV. Innovation and learning measures.
B. I only
C. II and IV only
D. III and IV only
E. II, III, and IV only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 442
An auditor prepared a workpaper that consisted of a list of employee names and identification numbers as
well as the following statement:
"A statistical sample of 40 employee personnel files was selected to verify that they contain all documents
required by company policy 501 (copy attached). No exceptions were noted."
The auditor did not place any audit verification symbols on this workpaper. Which of the following changes
would most improve the auditor's workpaper?
A.
B.
C.
D.
Use of audit verification symbols to show that each file was examined.
Removal of the employee names to protect their confidentiality.
Justification for the sample size.
Listing of the actual documents examined for each employee.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 443
During an interview with a manager in a company's claims department, an auditor noted that the manager
became nervous and changed the subject whenever the auditor raised questions about certain types of
claims. The manager's answers were consistent with company policies and procedures. When
documenting the interview, the auditor should:
A. Document the manager's answers, noting the nature of the nonverbal communication.
B. Document the manager's answers but not the nonverbal communication because it is subjective and is
not corroborated.
C. Conclude that the nonverbal communication is persuasive and that sufficient evidence exists to begin a
fraud investigation.
D. Disregard the interview entirely because the verbal and nonverbal communications were contradictory.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 444
Which of the following is true of engagement recommendations?
A. Specific suggestions for implementation must be included.
II. The internal auditor's observations and conclusions may serve as the basis.
III. Actions to correct existing conditions or improve operations may be included.
IV. Approaches to correcting or enhancing performance may be suggested.
B. I only
C. III only
D. I, III, and IV only
E. II, III, and IV only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 445
Which of the following performance criteria would be most useful when measuring the performance of a
customer service desk?
A.
B.
C.
D.
The number of customer inquiries recorded per day.
The percentage of customer issues resolved within 24 hours.
The number of customer complaints recorded per day.
The percentage of total customers served per day.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 446
The efficiency of internal audit operations is best enhanced if workpaper standards:
A. Permit the extent of documentation to vary according to engagement objectives.
B. Require supervisors to initial and date each workpaper that they review.
C. Allow access to workpapers by external parties if approved by senior management or the audit
committee.
D. Mandate the workpaper retention period.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 447
According to the International Professional Practices Framework, which of the following statements is
correct regarding the communication of audit results?
A. Summary reports may be issued separately from or in conjunction with the final report.
II. Interim reports may be written or oral.
III. Detailed reports should always be issued to the audit committee.
IV. Interim reports should be used to communicate information which requires immediate attention.
B. I and III only
C. II and IV only
D. I, II, and IV only
E. I, II, III, and IV.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 448
The chief audit executive (CAE) determined that based on management's oral response, the action taken
regarding an audit observation was sufficient when weighted against the relative importance of the audit
recommendation. Which of the following is the most appropriate step for the internal auditor to take next?
A.
B.
C.
D.
Initiate a follow-up audit to ensure that action has really been taken.
Follow-up with management until a written response is obtained.
Escalate the issue to the board and get their position on the issue.
Note in the permanent file that follow-up needs to be performed as part of the next engagement.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 449
The most effective way for internal auditors to enhance the reliability of computerized financial and
operating information is by:
A.
B.
C.
D.
Determining if controls over record keeping and reporting are adequate and effective.
Reviewing data provided by information systems to test compliance with external requirements.
Determining if information systems provide management with timely information.
Determining if information systems provide complete information.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 450
Which of the following situations might allow an employee to steal checks sent to an organization and
subsequently cash them?
A.
B.
C.
D.
Checks are not restrictively endorsed when received.
Only one signature is required on the organization's checks.
One employee handles both accounts receivable and purchase orders.
One employee handles both cash deposits and accounts payable.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 451
An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance
department of the organization. Investment decisions, including the use of hedging strategies and financial
derivatives, use data and financial models which run on the LAN. The LAN is also used to download data
from the mainframe to assist in decisions. Which of the following should be considered outside the scope of
this security audit engagement?
A. Investigation of the physical security over access to the components of the LAN.
B. The ability of the LAN application to identify data items at the field or record level and implement user
access security at that level.
C. Interviews with users to determine their assessment of the level of security in the system and the
vulnerability of the system to compromise.
D. The level of security of other LANs in the company which also utilize sensitive data.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 452
An organization's internal auditors are reviewing production costs at a gas-powered electrical generating
plant. They identify a serious problem with the accuracy of carbon dioxide emissions reported to the
environmental regulatory agency, due to computer errors. The auditors should immediately report the
concern to:
A.
B.
C.
D.
The regulatory agency.
Plant management.
A plant health and safety officer.
The risk management function.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 453
Which of the following would be an appropriate improvement to controls over large quantities of
consumable material that are charged to expense when placed in bins which are accessible to production
workers?
A.
B.
C.
D.
Relocate bins to the inventory warehouse.
Require management to compare the cost of consumable items used to the budget.
Lock the bins during normal working hours.
None of the above actions are needed for items of minor cost and size.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 454
Which of the following is a weakness that is inherent in the use of the test data method to test internal
controls in a computer-based accounting system?
A. The auditor must test many transactions with the same condition in order to achieve assurance that the
condition is being detected.
B. Conditions that were not specifically considered by the auditor may go untested.
C. The approach requires the creation of "dummy companies," possibly destroying or altering actual
company data in the process.
D. Inclusion of atypical data in the test data may cause errors to be noted on the exception report.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 455
Which of the following would be most helpful to a governmental auditor searching for the existence of
multiple welfare claims that were filed under different names but used the same address?
A. Tagging and tracing.
B. Generalized audit software.
C. Integrated test facility.
D. Spreadsheet analysis.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 456
As part of an operational audit, an auditor compared records of current inventory with usage during the prior
two-year period and determined that the spare parts inventory was excessive. What step should the auditor
perform first?
A.
B.
C.
D.
Determine the effects of a stock-out on the organization's profitability.
Determine whether a clear policy exists for setting inventory limits.
Determine who approved the purchase orders for the spare parts.
Determine whether purchases were properly recorded.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 457
A performance audit engagement typically involves:
A. Review of financial statement information, including the appropriateness of various accounting
treatments.
B. Tests of compliance with policies, procedures, laws, and regulations.
C. Appraisal of the environment and comparison against established criteria.
D. Evaluation of organizational and departmental structures, including assessments of process flows.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 458
The scope of a business process review primarily involves:
A. Appraising the environment and comparing against established criteria.
B. Assessing the organization's system of internal controls.
C. Reviewing routine financial information and assessing the appropriateness of various accounting
treatments.
D. Evaluating organizational and departmental structures, including assessments of transaction flows.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 459
An audit identified a number of weaknesses in the configuration of a critical client/server system. Although
some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will
require between six and 18 months for completion. Consequently, management has developed a detailed
action plan, with anticipated completion dates, for addressing the weaknesses. Which of the following is the
most appropriate course of action for the chief audit executive to take?
A. Assess the adequacy of the action plan and monitor key dates and deliverables.
B. Schedule a follow-up audit engagement to assess the status of corrective action.
C. Reassign information systems auditors to assist the information technology department in correcting the
weaknesses.
D. Evaluate statistics related to unplanned system outages, unauthorized access attempts, and denials of
service to assess the effectiveness of corrections.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 460
An internal auditor found that the cost of some material installed on capital projects had been transferred to
the inventory account because the capital budget had been exceeded. Which of the following would be an
appropriate technique for the auditor to use to determine the extent of the problem?
A. Identify variances between amounts capitalized each month and the capital budget.
B. Analyze a sample of capital transactions each quarter to detect instances in which installed material was
transferred to inventory.
C. Review all journal entries that transferred costs from capital to inventory accounts.
D. Compare inventory receipts with debits to the inventory account and investigate discrepancies.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 461
When conducting audit follow-up of a finding related to cash management routines, an internal auditor
would expect to find that all of the following changes have occurred except:
A.
B.
C.
D.
The steps being taken are resolving the condition disclosed by the finding.
Inherent risk has been eliminated as a result of resolution of the condition.
Controls have been implemented to deter or detect a recurrence of the finding.
Benefits have accrued to the entity as a result of resolving the condition.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 462
Which of the following represents appropriate evidence of supervisory review of engagement workpapers?
A. A supervisor's initials on each workpaper.
II. An engagement workpaper review checklist.
III. A memorandum specifying the nature, extent, and results of the supervisory review of workpapers.
B.
C.
D.
E.
IV. Performance appraisals that assess the quality of workpapers prepared by auditors.
II and IV only
I, II, and III only
I, III, and IV only
I, II, III, and IV.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 463
Recommendations should be included in the audit report in order to:
A.
B.
C.
D.
Provide management with options for addressing audit findings.
Ensure that audit findings are resolved in the manner suggested by the auditor.
Minimize the amount of time required to correct audit findings.
Ensure that audit findings are addressed by management.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 464
Which of the following is not relevant when developing recommendations for inclusion in audit reports?
A.
B.
C.
D.
Feasibility.
Cost of implementation.
Underlying causes.
Timing of follow-up.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 465
As a result of a recent discovery of false information on employment applications, an internal auditor has
reviewed hiring procedures. Which of the following represents a weakness in the control system?
A. Applicants are not required to have their signed applications legally authenticated.
II. Applicants' educational information is not validated with the educational institution before employment
is offered.
III. Information related to applicants' long-term work history is not validated before employment is
offered.
B. III only
C. I and II only
D. II and III only
E. I, II, and III
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 466
An auditor is scheduled to audit payroll controls for a company which has recently outsourced its processing
to an information service bureau. What action should the auditor take, considering the outsourcing
decision?
A.
B.
C.
D.
Review the controls over payroll in both the company and the service bureau.
Review only the company's controls over data sent to and received from the service bureau.
Review only the controls over payments to the service bureau based on the contract.
Cancel the engagement because the processing is being performed outside of the organization.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 467
An internal auditor is reviewing a new automated human resources system. The system contains a table of
pay rates which are matched to the employee job classifications. The best control to ensure that the table is
updated correctly for only valid pay changes would be to:
A. Limit access to the data table to management and line supervisors who have the authority to determine
pay rates.
B. Require a supervisor in the department, who does not have the ability to change the table, to compare
the changes to a signed management authorization.
C. Ensure that adequate edit and reasonableness checks are built into the automated system.
D. Require that all pay changes be signed by the employee to verify that the change goes to a bona fide
employee.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 468
What is the most important risk in determining the validity of construction delay claims?
A.
B.
C.
D.
Contractor claims may be submitted prior to completion of the work.
Contractor claims may include costs considered in the fixed-price portion of the work.
Contractor claims may include subcontractor estimates of balances due to the subcontractor.
Contractor claims may be understated.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 469
During an audit of a branch bank, an internal auditor learned that a series of system failures had resulted in
a four-day delay in processing customers' scheduled payroll direct deposits. The first failure was that of a
disk drive, followed by software and other minor failures. Which of the following controls should the auditor
recommend to avoid similar delays in processing?
A.
B.
C.
D.
Contingency planning.
Redundancy checks.
Process monitoring.
Preventive maintenance.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 470
An auditor analyzed a payroll system's data files for unusual activity, such as excessive overtime hours,
unusual fluctuations in pay rates, and excessive vacation time. The application controls being verified by
this analysis are:
A.
B.
C.
D.
Edit and validation controls.
Rejected and suspense item controls.
Controls over update access to the database.
Programmed balancing controls.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 471
During the development of a purchasing system, an auditor reviewed the payment authorization program.
Which of the following actions should the auditor recommend for a situation in which the quantity invoiced is
greater than the quantity received?
A.
B.
C.
D.
Issue an exception report.
Pay the amount billed and adjust the inventory account for the difference.
Return the invoice to the vendor for correction.
Authorize payment of the full invoice, but maintain an open purchase order record for the missing
goods.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 472
As part of an operational audit of the shipping department, an auditor selected a sample of 45 daily shipping
logs from the department's files. On 44 of the days, the log contained a sufficient number of shipments to
meet the department's daily quota. Based on this test, the auditor concluded that the shipping department
was effective at meeting its quotas. Which of the following is true about the auditor's conclusion?
A.
B.
C.
D.
The number of items selected for testing is inadequate to justify the conclusion.
The shipping department is effective in meeting its responsibilities.
This conclusion would negate any need to perform tests of efficiency.
None of the above.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 473
An internal audit activity implemented an integrated test facility to test payroll processing. The auditors
identified the key controls and processing steps built into the computer program and developed test data to
test them. The auditors submitted test transactions throughout the year and did not find any differences in
their test results. The auditors can conclude that:
A. The system is properly capturing the hours worked by employees during the year and the hours have
been properly submitted to payroll and processed correctly.
B. All employees were correctly paid during the year and their pay was correctly computed.
C. The computer application and its control procedures were processing payroll transactions correctly
during the past year.
D. All of the above.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 474
A code of ethics within the internal auditing profession is necessary in order to:
A.
B.
C.
D.
Reduce the likelihood that members of the profession will be sued for substandard work.
Ensure that all members of the profession perform at approximately the same level of competence.
Provide guidance to internal auditors in their service to others.
Require members of the profession to exhibit loyalty in all matters pertaining to the affairs of their
organization.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 475
Which of the following is used to identify and prioritize critical business applications to determine those that
must be restored and the order of restoration in the event that a disaster impairs information systems
processing?
A.
B.
C.
D.
Contingent facility contract analysis.
System backup analysis.
Vendor supply agreement analysis.
Risk analysis.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 476
In forming a team to investigate an organization's potential adoption of an activity-based costing system, the
best reason to include an internal auditor on the team would be the auditor's knowledge of:
A.
B.
C.
D.
Activities and cost drivers.
Information processing procedures.
Current product cost structures.
Internal control alternatives.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 477
Given the scarcity of internal audit resources, a chief audit executive (CAE) decided not to schedule a
follow-up of audit recommendations when developing engagement work schedules. Does the CAE's
decision violate the Standards?
A. No, because the Standards do not specify whether follow-up is needed.
B. No, because when there is evidence of sufficient motivation by the client, there is no need for follow-up
action.
C. Yes, because scarcity of resources is not a sufficient reason to omit follow-up action.
D. Yes, because the Standards require the auditors to determine whether the client has appropriately
implemented all of the auditor's recommendations.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 478
An auditor for a major retail company suspects that inventory fraud is occurring at three stores which have
high costs of goods sold. Which of the following audit activities would provide the most persuasive evidence
that fraud is occurring?
A. Use an integrated test facility (ITF) to compare individual sales transactions with test transactions
submitted through the ITF and investigate all differences.
B. Interview the three individual store managers to determine if their explanations about the observed
differences are the same, and then compare their explanations to that of the section manager.
C. Schedule a surprise inventory audit to include a physical inventory and investigate areas of inventory
shrinkage.
D. Select a sample of individual store prices and compare them with the sales entered on the cash register
for the same items.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 479
Which of the following procedures would be most helpful in providing additional evidence when an auditor
suspects that an unidentified employee is submitting and approving invoices for payment?
A. Use generalized audit software to identify invoices from vendors with post office box numbers or other
unusual features. Select a sample of those invoices and trace to supporting documents such as
receiving reports.
B. Select a sample of payments made during the year and investigate each one for approval.
C. Select a sample of receiving reports representative of the period under investigation and trace to
approved payment. Note any items not properly processed.
D. Select a sample of invoices paid during the past month and trace them to appropriate vendor accounts.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 480
Insurance companies often receive electronic hospitalization claims directly from hospitals. Which of the
following control procedures would be most effective in detecting fraud in such an environment?
A. Use integrated test facilities to test the accuracy of processing in a manner that is transparent to data
processing.
B. Develop monitoring programs to identify unusual types of claims or an unusual number of claims by
demographic class for investigation by the claims department.
C. Use generalized audit software to match the claimant identification number with a master list of valid
policyholders.
D. Develop batch controls over all items received from a particular hospital and process those claims in
batches.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 481
A film company determined that income level impacts the number of films that people watch per month, as
shown by the graph below:
The graph indicates that:
A. A richer person always sees more films than a poorer person.
B. The number of films seen per month is a linear function of income level.
C. A 20 percent pay increase is more likely to increase film viewing at lower income levels than at higher
income levels.
D. A 20 percent pay increase is likely to increase film viewing by a constant amount regardless of income
level.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 482
Which of the following will be an appropriate course of action when an auditor disagrees with a client about
a well-documented audit finding?
A. Include both the audit finding and the client's position in the audit report.
B. Defer reporting the item and plan to perform more detailed work during the next audit.
C. Change the finding so that it is acceptable to the client.
D. Address the issue with senior management and the board for resolution prior to issuing the final report.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 483
A governmental auditor was assigned to determine reasons why the students in one region scored
significantly higher on education evaluation tests than did the students in another region. Previous research
showed that there is a direct correlation between public financial support and student results. Which of the
following is most likely to explain the difference in the regional results?
A. The more successful region spends 30 percent more money on education than does the other region.
B. A higher percentage of the general tax fund is spent on education in the more successful region than in
the other region.
C. The more successful region spends more money per student on education than does the other region.
D. The more successful region has increased educational spending by an average of 10 percent each year
for the last three years, whereas the other region's increase averaged only three percent.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 484
Which of the following would constitute a violation of the IIA Code of Ethics?
A. An internal auditor, who has recently joined the organization, has accepted an assignment to audit the
electronics manufacturing division. The auditor previously served as senior auditor for the external audit
of that division and has audited many electronics companies during the past two years.
B. An internal auditor has accepted an assignment to audit the warehousing function six months from now.
The auditor has no expertise in that area but has signed up for courses in warehousing that will be
completed before the assignment begins.
C. An internal auditor has no ambitions for promotion and has not engaged in training or other professional
development activities during the last three years. The auditor's performance assessments indicate
consistent quality of work.
D. An internal auditor discovered an internal financial fraud during the year, and the financial statements
were adjusted to properly reflect the loss associated with the fraud. The auditor discussed the fraud with
the external auditor during the external auditor's review of the working papers detailing the incident.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 485
In advance of a preliminary survey, a chief audit executive sends a memorandum and questionnaire to the
supervisors of the department to be audited. What is the most likely result of that procedure?
A. It creates apprehension about the audit engagement.
B. It involves the engagement client's supervisory personnel in the audit.
C. It is an uneconomical approach to obtaining information.
D. It is only useful for audits of distant locations.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 486
Which of the following would be the least desirable criteria against which to judge current operations of an
organization's treasury function?
A.
B.
C.
D.
The operations of the treasury function as documented during the last audit engagement.
Company policies and procedures delegating authority and assigning responsibilities.
Finance textbook illustrations of generally accepted good treasury function practices.
Codification of best practices of the treasury function in relevant industries.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
rectified answer.
QUESTION 487
An internal auditor compared the number of human resources professionals per employee with industry
standards. This comparison would assist the auditor in evaluating which of the following areas?
A.
B.
C.
D.
Sufficiency of controls over payroll rate increases.
Current level of performance of the human resources department.
Adequacy of controls over hiring new employees.
Degree of compliance with human resources policies.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.gratisexam.com/
QUESTION 488
During an audit of a contract for computer security, a governmental auditor finds that a contractor has
developed a system that could be the most advanced in the industry. If it seems that the contractor is
charging the government for developmental cost of a system that might be sold to other organizations, what
is the auditor's best course of action?
A. Estimate the cost to develop the advanced security system and inform the contractor that it will be a
disallowed cost.
B. Exclude the observation from the engagement final communication because the contract was vague
and the level of security is clearly acceptable.
C. Estimate the added cost, report it to management, and suggest that management meet with its lawyers
and the contractor to resolve differences.
D. Compare the cost of the security program with previous costs incurred by governmental operations and
inform the contractor that the difference will be a disallowed cost.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 489
An internal auditor noticed that employees with responsibilities for cash collection had recently issued an
unusually large number of credit memos, indicating that the original charges had been made to the wrong
customer accounts. From a control standpoint, the auditor would be concerned with the possibility that:
A.
B.
C.
D.
The organization is selling a large number of defective items.
Employees in this function are concealing a theft of cash collected from customers.
Credit memos are not being submitted on a timely basis.
The credit department has not been properly screening customers and, as a result, a large portion of
the accounts receivable may not be collectible.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
answer is upgraded.
QUESTION 490
After becoming aware of control weaknesses indicating that a fraud could have been committed, which of
the following actions should an internal auditor take next?
A.
B.
C.
D.
Issue a written report identifying the control weaknesses.
Perform tests directed toward the identification of other fraud indicators.
Notify external auditors of the suspicion that fraud has been committed.
Recommend that a fraud investigation be conducted involving internal auditors, lawyers, investigators,
security personnel, and other specialists, as appropriate.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
exact answer.
QUESTION 491
Audit supervision includes approval of the engagement report in order to ensure that:
A.
B.
C.
D.
The client's objectives are met.
Senior management supports the report's conclusions.
Report style and grammar are appropriate.
Report findings are substantiated.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
appropriate.
QUESTION 492
An auditor decides to perform an inventory turnover analysis for both raw materials inventory and finished
goods inventory. The analysis would be potentially useful in:
A. Identifying products for which management has not been attuned to changes in market demand.
II. Identifying potential problems in purchasing activities.
III. Identifying obsolete inventory.
B. III only
C. I and II only
D. II and III only
E. I, II, and III
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 493
An internal auditor provided the following statement about division A's performance during the month:
"Because supplies of raw material X were scarce, division A's profits declined by 15 percent."
Which of the following can be validly concluded from the auditor's statement?
A. Division A's production level declined by 15 percent.
II. Division A could have sold more products than it produced.
III. Division A usually sells all of the products that it produces.
B. I only
C. II only
D. III only
E. I and II only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 494
During an audit of executive travel, an auditor noted that the president's travel expense reimbursements
were approved by an executive secretary who reported to the president. The organization's reimbursement
policy requires all travel expense reimbursements to be approved by the traveler's supervisor, but it does
not address the president's reimbursements. Which of the following represents the auditor's best
recommendation in this situation?
A. The organization's reimbursement policy should be amended to grant the president's executive
secretary the authority to approve the president's travel expense reimbursements.
B. The approval policy for executive travel should be considered at the next meeting of the audit committee
of the board of directors.
C. The president's travel expense reimbursements should be reviewed and approved by the chief financial
officer.
D. The president's noncompliance should be considered immaterial.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 495
Which of the following, if observed, would not indicate the need to extend the search for other indicators of
fraud in a purchasing department?
A. The standard of living of one of the purchasing agents has increased.
B. The internal control structure has significant weaknesses.
C. The purchasing agents have convinced management to adopt a policy of paying vendors on a more
timely basis in order to avoid incurring penalty charges.
D. The cost of goods procured seems to be excessive in comparison with previous years.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 496
Which of the following does not represent a difficulty in using red flags as fraud indicators?
A.
B.
C.
D.
Many common red flags are also associated with situations where no fraud exists.
Some red flags are difficult to quantify or to evaluate.
Red flag information is only gathered in extraordinary circumstances.
The red flags literature is not well enough established to have a positive impact on auditing.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 497
Which of the following might alert an auditor to the possibility of fraud in a division?
A. The division is not scheduled for an external audit this year.
II. Sales have increased by 10 percent.
III. A significant portion of management's compensation is directly tied to reported net income of the
division.
B. I only
C. III only
D. I and II only
E. I, II, and III
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 498
The most common motivation for management fraud is the existence of:
A. Vices, such as a gambling habit.
B. Job dissatisfaction.
C. Financial pressures on the organization.
D. The challenge of committing the perfect crime.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 499
Which of the following conditions is the strongest indicator of possible fraud?
A. An assistant treasurer who refuses to take vacations.
B. Independent reconciliations of subsidiary to general ledgers that are not always completed on a timely
basis.
C. A condition of excess manufacturing waste material.
D. A manager who is often over budget at the end of a reporting period.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 500
Which sampling plan requires no additional sampling once the first error is found?
A.
B.
C.
D.
Stratified sampling.
Attributes sampling.
Stop-or-go sampling.
Discovery sampling.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
applicable.
QUESTION 501
After partially completing an internal control review of the accounts payable department, an auditor
suspects that some type of fraud has occurred. To ascertain whether the fraud is present, the best
sampling approach would be to usE.
A. Simple random sampling to select a sample of vouchers processed by the department during the past
year.
B. Probability-proportional-to-size sampling to select a sample of vouchers processed by the department
during the past year.
C. Discovery sampling to select a sample of vouchers processed by the department during the past year.
D. Judgmental sampling to select a sample of vouchers processed by clerks who were identified by the
department manager as acting suspiciously.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 502
Which of the following processes real-transaction data through auditor-developed test programs?
A.
B.
C.
D.
Generalized audit software.
Tracing.
Parallel simul-ation.
Mapping.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 503
Which of the following would provide the best audit evidence regarding the effectiveness of an applied
research department?
A. Develop a cost-per-product analysis for products developed over the past five years.
B. Develop a report on revenue generated by or cost savings directly attributable to newly developed
products.
C. Compare research as a percentage of revenue between this company and all major competitors in the
same industry.
D. Compare the number of this year's new product developments to the number of new product
developments for the past five years.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
confirmed answer.
QUESTION 504
A retail company uses a computer program that matches electronic vendor invoices with the applicable
purchase orders and receiving information, which are also maintained electronically.
If an invoice does not match the other items within predefined ranges, a report is generated and sent to the
accounts payable department for further investigation. All of the applicable documents are electronically
marked, cross-referenced, and retained in open files. Both an integrated test facility and a systems control
audit review file (SCARF) have been included in the system.
An auditor wants to determine the extent to which items are not matched at year end and to investigate the
potential causes of the unmatched items. Which of the following audit procedures would be most effective
in determining the items to investigate?
A. Use generalized audit software to read the electronically marked unmatched items.
B. Use generalized audit software to read the purchase orders and trace to applicable receiving and
vendor invoice files.
C. Use the SCARF to identify unusual items. Select an attributes sample and trace to the underlying
documentation.
D. Submit test data to identify attributes of unmatched items. Follow up by investigating the identified
attributes.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
valuable answer.
QUESTION 505
An auditor receives anonymous information that fraud is occurring in the operation being audited, but no
details are given as to the type of fraud or the individuals involved. There are several areas in which fraud
could occur. The auditor should:
A. Identify the area that has the greatest volume of transactions and design a sampling plan for
substantive testing.
B. Apply analytical procedures to areas that might be impacted by possible fraudulent activities.
C. Interview employees to identify areas where the fraud could be occurring.
D. Plan detailed tests of the areas that have the highest dollar amount of transactions.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
I agree with the answer.
QUESTION 506
A company has recently incurred significant cost overruns on one of its construction projects. Management
suspects that these overruns were caused by the contractor improperly accounting for costs related to
contract change orders. Which of the following procedures would be appropriate for testing this suspicion?
A. Verify that the contractor has not charged change orders with costs that have already been billed to the
original contract.
II. Determine if the contractor has billed for original contract work that was canceled as a result of
change orders.
III. Verify that the change orders were properly approved by management.
B. I only
C. III only
D. I and II only
E. I and III only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 507
An internal audit activity is participating in the due diligence work for an acquisition that a company is
considering. One engagement objective is to determine if the acquisition's accounts payable contain all
outstanding liabilities. Which of the following audit procedures would not be relevant for this objective?
A. Examine supporting documentation of subsequent (after-period) cash disbursements and verify period
of liability.
B. Send confirmations, including zero-balance accounts, to vendors with whom the company normally
does business.
C. Select a sample of accounts payable from the accounts payable list and verify the supporting receiving
reports, purchase orders, and invoices.
D. Trace receiving reports issued before the period end to the related vendor invoices and accounts
payable list.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
answer is complete.
QUESTION 508
Which of the following audit steps would be most effective to review proper recording of and accountability
over physical assets?
A. Physically inspect all assets on the organization's property.
II. Select a sample department and physically inspect assets in the department.
III. Select a sample from the organization's records of physical assets and physically locate each asset.
IV. Identify assets at a sample of locations and trace to the organization's records.
B. I only
C. I and IV only
D. II and III only
E. III and IV only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.gratisexam.com/