IIA-CIA-Part2 Internal Audit Engagement Questions and Answers
An internal auditor wants to compare performance information from one quarter to another. Which analytics procedure would the auditor use?
When forming an opinion on the adequacy of management ' s systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?
• During an audit of the hiring process in a law firm, it was discovered that potential employees ' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.
• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.
• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.
• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.
The objective of an internal audit engagement is to evaluate the organization ' s ethics program. Which of the following should be included in the scope of the engagement?
Which of the following should be described in the recognition element of a typical internal audit repot?
An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?
In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?
An internal auditor is planning an engagement at a financial institution. Toe engagement objective is to identify whether loans were granted in accordance with the organization ' s policies. When of the following approaches would provide the auditor with the best information?
An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement.
3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.
According to IIA guidance, which of the following statements best justifies a chief audit executive ' s request for external consultants to complement internal audit activity (IAA) resources?
An internal audit function described scenarios of fraud indicators and fraud-related key words. The objective is for this data to serve as an input into algorithms that will forecast potentially fraudulent behavior and prevent the execution of flagged transactions. Which of the following analytic methods is the internal audit function most likely developing?
Which of the following computerized audit tools or techniques should be used if the internal auditor wants to extract specific files and records in the database?
Which of the following audit steps would an internal auditor most likely be questioned on?
A chief audit executive (CAE) is trying to balance the internal audit activity ' s needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?
An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the
bank heading, logo, or address. Which of the following statements is true regarding this situation?
The board has asked the internal audit activity (IAA) to be involved in the organization ' s enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?
Where should internal auditor focus their attention when identify and assessing key risks during the planning stage of an assurance engagement?
Which of the following is essential for ensuring that the internal audit activity ' s findings and recommendations receive adequate consideration?
An internal auditor collected several employee testimonials Which of the following is the best action for the internal auditor to take before drawing a conclusion?
An internal auditor plans to conduct a walk-through to evaluate the control design of a process. Which of the following techniques is the auditor most likely to use?
Which of the following situations is most critical for the chief audit executive to report to the board?
Which of the following engagement supervision activities should be performed first?
A chief audit executive (CAE) determined that management chose to accept a high-level risk that may be unacceptable lo the organization. Which is the best course of action for the CAE to Follow?
Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding Which of the following is a reason to use narrative memoranda?
A team of internal auditors is assigned to audit the employee relations process in an organization, which includes employee conduct and disciplinary hearings. Which of the following audit approaches would provide the auditors with the best evidence to determine the degree to which disciplinary decisions are complying with documented policy?
An internal auditor is tasked with evaluating the adequacy of the organization ' s inventory fraud controls. What is the most relevant information that the auditor can obtain from the documentation of cyclic counting for this purpose?
After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?
Management has taken immediate action to address an observation received during an audit of the organization ' s manufacturing process Which of the following is true regarding the validity of the observation closure?
Which of the following would help the internal audit activity assess compliance with the organization ' s standard operating procedures for bank deposits during a preliminary survey?
A large investment organization hired a chief risk officer (CRO) to be responsible for the organization ' s risk management processes. Which of the following people should prioritize risks to be used for the audit plan?
The internal audit activity is currently working on several engagements, including a consulting engagement on the management process in the human resources department. Which of the following actions should the chief audit executive take to most efficiently and effectively ensure the quality of the engagement?
What type of audit engagement would be the most appropriate to determine how an organization could be more profitable in the long term?
Which of the following represents the best method for confirming that vendor invoices were for authorized purchases?
An internal auditor discovered fraud while performing an audit of an organization ' s procurement process. Which of the following describes the greatest benefit of using forensic auditing techniques in this scenario?
Which of the following components should be included in an audit finding?
1. The scope of the audit.
2. The standard(s) used by the auditor to make the evaluation.
3. The engagement ' s objectives.
4. The factual evidence that the internal auditor found in the course of the examination.
An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large organization?
According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?
An internal auditor wants to obtain management ' s evaluation of the organizational risk culture. Because there are more than 30 geographically dispersed managers, one-to-one interviews are not possible. Which of the following is the most efficient option for the auditor to adopt?
Which of the following is one of the five attributes that internal auditors include when documenting a deficiency?
Which of the following offers the best explanation of why the auditor in charge would assign a junior auditor to complete a complex part of the audit engagement?
Which of the following is the most appropriate reason for a chief audit executive to conduct an external assessment more frequently than five years?
According to IIA guidance, which of the following provides additional insight into errors, problems, missed opportunities, or noncompliance to improve the effectiveness and efficiency of an organization ' s control process?
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
An internal auditor selects a sample of paid invoices and matches them to receiving reports. What is the most likely purpose for this procedure?
A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan ' '
Which of the following risk assessment approaches involves gathering data from work team representing different levels of an organisation?
According to IIA guidance which of the following best describes reliable information?
Internal control questionnaires are used to achieve which of the following objectives?
An internal auditor wants to assess the completeness of sales invoices issued by the organization over a period of time Providing that at the necessary data and analytics software is which of the following types of analyse would be appropriate to satisfy the auditor ' s objective?
An internal auditor believes that the internal audit activity ' s independence is impaired Which of the following actions should the internal auditor take first?
Acceding to IIA guidance, which of the following statements is true regarding the risk assessment process performed by the internal audit activity?
Which of the following internal audit activity staffing models has the disadvantage that auditors are always new and in training?
Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?
What is the primary objective of an engagement supervisor ' s review of key activities performed during the engagement?
A technology organization is developing an artificial intelligence (AI) program for use on its social media platform. The AI program is meant to help content creators with images and posts that will acquire followers more efficiently. The internal audit function is planning an engagement of the AI program development. Which of the following should be considered a significant, immediate, and inherent risk?
An internal auditor reviewed the tender documents for the procurement of manufacturing equipment and observed the following:
Tender technical specifications were compliant with internal policies.
The sole assessment criterion of the tender was economic feasibility.
All bids were submitted to a designated software and could not be opened before the submission deadline.
The winner was approved by senior management.
The winner was selected based on which bidder offered the newest technology.
Which of the following is the most appropriate conclusion?
Which of the following statements best describes the difference between risk appetite and risk tolerance?
Which of the following represents a ratio that measures short-term debt-paying ability?
Which of the following are advantages of flowcharts over internal control questionnaires ' '
1 Flowcharts reduce the need to test whether employees are observing internal control processes
2 Flowcharts provide a visual depiction of the processes in the area under review 3. Flowcharts identify and prioritize internal control design weaknesses.
4 Flowcharts highlight the control points to help internal auditors evaluate control design
According to IIA guidance, which of the following typically serves as the basis for an engagement work program?
Which procedure should an internal auditor perform to determine the audit objective?
Which of the following items, included in the preliminary audit communication would be most useful for management to formulate action plans in response to audit recommendations?
While reviewing the workpapers and draft report from an audit engagement, the chief audit executive (CAE) found that an Important compensating control had not been considered adequately by the audit team when it reported a major control weakness Therefore, the CAE returned the documentation to the auditor in charge for correction Based on this Information, which of the following sections of the workpapers most likely would require changes?
1.Effect of the control weakness.
2.Cause of the control weakness
3.Conclusion on the control weakness.
4.Recommendation for the control weakness.
An internal auditor is testing the success of the IT support department in meeting the service levels guaranteed to small, medium and large customers. The customer ' s size classification is based on its annual expenditures with the organization and the nature and extent of services it receives. Which of the following sampling techniques would be the most suitable to select customers for this test?
According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?
An internal auditor is conducting an assurance engagement. One engagement objective is to evaluate the project manager’s effectiveness at controlling project costs. Which of the following audit tests should be included in the engagement program?
According to IIA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?
Prior to performing testing an internal auditor has determined that a primary process control failed due to design weakness. Which of the following actions should the auditor perform next?
Which of the following constitutes supervisory activity undertaken during the planning phase of an assurance engagement?
An organization has a mature control environment but limited internal audit resources Given this scenario, on which of the following should the internal auditors focus their testing?
An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?
Which of the following attribute sampling methods would be most appropriate to use to measure the total misstatement posted to an accounts payable ledger?
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?
1. Graded positive opinion.
2. Negative assurance opinion.
3. Limited assurance opinion.
4. Third-party opinion.
The chief audit executive of an international organization is planning an audit of the treasury function located at the organization ' s headquarters. The current internal audit team at headquarters lacks expertise in the area of financial markets which is needed tor the engagement When of the following would be the most approbate solution considering the time constraint?
Which of the following would be the most helpful to a chief audit executive when developing a talent management strategy?
Which of the following statements is true regarding different competitive strategies?
When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?
According to IIA guidance, which of the following statements is true regarding engagement planning?
A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?
According to Maslow ' s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement^
According to IIA guidance, which of the following statements about analytical procedures is true?
An engagement supervisor reviewed a staff internal auditor ' s documentation and noted that several edits should be made. The internal audit activity uses an electronic workpaper database and does not maintain paper files for its system of record. A system error prevents the engagement supervisor from adding her electronic signature to any workpaper in the database Given this situation which is the most appropriate response to provide evidence of supervisory review?
Applying ISO 31000; which of the following is part of the external context for risk management?
Which of the following is an advantage of an internal audit activity coordinating with a management-defined risk universe?
During audit engagement planning, an internal auditor is determining the best approach for leveraging computer-assisted audit techniques (CAATs). Which of the following approaches maximizes the use of CAATs and why?
The final engagement communication contains the following observation:
The internal auditor discovered that three of the 10 contracts reviewed failed to meet the organization ' s competitive bidding requirements Management explained that senior management deemed these purchases to be critical and awarded them as sole-source. "
Which of the following components is missing in the documentation of the observation?
According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?
An organization must maintain a current ratio of at least 1.2 to comply with debt covenants. Its current ratio is now 0.9. Which year-end transaction can increase the current ratio?
An internal auditor was reviewing the procurement department ' s tender documentation for completeness He documented all discrepancies but the procurement manager disagreed with his findings Upon further review, the internal auditor noted that all discrepancies had been corrected in the tender database. Which of the following courses of action would have prevented this situation?
An internal auditor is examining the organization ' s internal control processes. Which of the following would the auditor do to test the reliability of a customer database1?
When addressing the excessive overtime being paid lo employees in an organization ' s customer service call center, which of the following would be most relevant for the internal auditor to use?
1 Confirmation.
2. Trend analysis.
3 External benchmarking
4. Internal benchmarking
During an engagement in one of the subsidiaries of an organization, an internal auditor noted the following in the workpapers:
" As a subsidiary of a multinational organization in this particular country, the entity is required to register annually with the
respective ministry. However, the subsidiary did not submit the required documentation for registration during the prior year. Failure
to comply with internal and external regulations could lead to penalties or fines from the respective authorities. It is recommended
that the management of the subsidiary ensures compliance with the relevant legislation. As a recoverable action, management
should register the subsidiary in the current year as soon as possible. "
What part of this narrative represents a condition of the observation made by auditors in the final report?
The internal audit activity has adopted the balanced scorecard approach to assess its performance According to MA guidance which of the following is a key performance indicator relevant to the audit client?
An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.
Which of the following techniques will help the audit team achieve this sampling objective?
When using cost-volume-profit analysis, which of the following will increase operating income once the break-even point has been reached?
Which of the following methodologies consists of the internal auditor holding individual meetings with different people, asking them the same questions, and aggregating the results?
Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
An internal auditor is preparing for an auditor of newly implemented software that is used by 3,000 employees in South America and Europe. What would be the best way for the auditor to gather relevant feedback?
A manager has allowed a subordinate employee to have greater control and responsibility over the tasks that he performs This is an example of which of the following?
According to IIA guidance, which of the following statements regarding the internal audit charter is true?
Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?
Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?
A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline ' s pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?
For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?
In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?
Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?
Which of the following is one of the differences between probability-proportional-to-size (PPS) and attribute sampling?
According to IIA guidance,which of the following is true about the supervising internal auditor ' s review notes?
• They are discussed with management prior to finalizing the audit.
• They may be discarded after working papers are amended as appropriate.
• They are created by the auditor to support her fieldwork in case of questions.
• They are not required to support observations issued in the audit report.
In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization ' s management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?
Considering the five-attribute approach to documenting deficiencies in an area under review which of the following answers the question. " What should be in place?’’
According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?
While reviewing engagement workpapers prepared by an internal audit team, the engagement supervisor identifies instances where there is no direct connection between certain workpapers and the engagement objectives. How should the engagement supervisor respond?
While conducting a review of the logistics department the internal audit team identified a crucial control weakness. The chief audit executive (CAE) decided to prepare an audit memorandum for management of the logistics department followed by an informal meeting What is the most likely reason the CAE decided to prepare the audit memorandum?
A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components ' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?
Which of the following is the primary engagement responsibility of an entry-level internal auditor?
Which is the most appropriate evaluation criterion regarding the quality of audit engagement workpapers?
According to IIA guidance, organizations have the most influence on which element of fraud?
When is an organic organizational structure likely to be more successful than a mechanistic organizational structure?
Which of the following statements is true regarding the final assurance engagement report issued to management?
An internal auditor determined that the organization ' s accounting system was designed to reject duplicate invoices if they were issued with identical invoice numbers. However, if an invoice number was changed by at least one digit, the system would accept the duplicate invoice as new. Which of the following would be the most appropriate criteria to refer to in the audit observation?
Which of the following should an internal auditor document to support an assurance engagement’s conclusions?
When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?
During which phase of the contracting process are contracts drafted for a proposed business activity’
A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy Which of the following is the most appropriate idea to include?
Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?
Which of the following approaches would best help an internal auditor determine whether a retailer database of 100,000 customers has nay duplicate accounts?
Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?
A multinational organization has multiple divisions that sell their products internally to other divisions When selling internally, which of the following transfer prices would lead to the best decisions for the organization?
An organization ' s health-care insurance costs have been rising approximately 10 percent per year for several years Which of the following analytical review procedures would best evaluate the reasonableness of the increase in health-care costs?
The internal audit function is in the fieldwork stage of the annual staff performance appraisal assurance engagement. A new auditor is hired and added to the engagement team. The auditor reviews the engagement work program with another member of the team and suggests improvements to make the fieldwork easier to complete. What action should be taken next?
Some lime after the final audit report was issued, the engagement supervisor teamed that several internal control deficiencies were not remedied, despite management ' s previous agreement to remedy them According to IIA guidance, which of the following is the most appropriate response ' 5
Which of the following activities Is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?
Two internal auditors are conducting an audit engagement concerning derivatives. The auditors meet with the organization ' s head of accounting. The head of accounting later complains to the chief audit executive (CAE) that it took hours for the auditors to understand basic derivatives concepts and how derivatives are typically recorded in bookkeeping. What should the CAE have considered more thoroughly?
Which of the following is true regarding the monitoring of internal audit activities?
According to IIA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?
According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?
Which of the following is the most appropriate objective for establishing a professional development plan for the internal audit activity?
An internal auditor is performing testing to gather evidence regarding an organization ' s inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is The auditor ' s concern best describes which of the following risks?
A newly appointed chief audit executive (CAE) started analyzing the organization ' s policies in an attempt to customize them to address internal audit specifics. Which of the following organizationwide practices is most likely to be acceptable to the CAE?
According to IIA guidance which of the following statements is true regarding the annual audit plan?
Which of the following represents a ratio that measures short term debt-paying ability?
Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?
Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?
An internal audit activity plans its engagements based on an organization-wide risk assessment. According to IIA guidance, which of the following statements is true regarding the required frequency of the risk assessment?
According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?
During an audit, the chief audit executive reviews and approves changes to the audit program. Which of the following describes this activity?
Which of the following internal control attributes should internal auditors consider testing during a review of the board of directors?
The internal auditor and her supervisor are in dispute about a risk that was not tested during an audit of the procurement function. Which of the following tools would best support the auditor ' s decision not to test the risk?
An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for
testing. Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?
An internal auditor used a risk and control matrix to prepare a work program for testing a software release. During the engagement planning stage, he tested the design of
the release procedure as a key control and concluded that the control was not designed well. During the performance stage, he tested the operation of this control and
concluded that it was implemented as designed. Which of the following statements is true regarding this scenario?
Which of the following conditions are necessary for successful change management?
1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.
During an audit of the accounts payable process, an internal auditor was assigned to confirm the quantity of goods received on receiving documents to invoices for those goods and subsequent postings in the accounting system. Which of the following procedures would be most appropriate for this test?
During follow-up, the chief audit executive (CAE) is having a discussion with management about the internal audit team ' s recommendations related to a significant issue Management accepted the issue but took no remedial action What is the next step for the CAE?
An internal auditor completed a consulting engagement covering a recent advertising campaign. The audit client asked the auditor to forward a copy of the report to one of the three advertising agencies used by the organization. According to IIA guidance, which of the following statements is true regarding this request?
An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?
Which of the following is one of the five basic tnanoal statement assertions when an internal auditor evaluates controls over financial reporting?
The chief audit executive (CAE) for a manufacturing company included in this year s audit plan a review of the company ' s laboratory, using an experienced external service provider. The audit plan was approved by the audit committee without any changes At the time of engaging the external service provider, the CAE also secured the approval from the CEO. Who is responsible for ensuring that the conclusions reached for this exercise are adequately supported7
While planning for an accounts payable audit an internal auditor performs an entity level controls analysis. Which of the following statements is true regarding me approach used by the auditor?
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate
option for the chief audit executive?
The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?
An internal auditor finds inconsistencies in a risk area that needs immediate attention. Which of the following actions is most appropriate for the auditor?
An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?
Which of the following would most likely be found in an organization that uses a decentralized organizational structure?
Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?
The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?
An engagement work program o of greatest value to audit management when which of the following is true?
Senior management requested that the internal audit activity perform a consulting project to assist in making a decision on a new software system. Which of the following would be used to determine the engagement objectives?
A chief audit executive assigns a team of three internal auditors to carry out an audit engagement to ascertain adherence to the requirements of the procurement policy. Which of the following should be included in the scope of this engagement?
New environmental regulations require the board to certify that the organization ' s reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization ' s compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?
Which phase of an audit engagement is typically the most effective time for an internal auditor to develop a risk and control matrix?
Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address this risks highlighted by the Internal audit Which of the following Is the most appropriate action to address the outstanding audit recommendation?
Which of the following statements is true regarding the chief audit executive ' s (CAT$) responsibilities after completing an assurance or consulting engagement?
Which of the following is essential for ensuring that the internal audit activity’s findings and recommendations receive adequate consideration?
When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?
1. Add value.
2. Improve operations.
3. Provide assurance that the internal audit activity conforms with the Standards.
4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.
An organization experiencing staff shortages wants to contract a temporary employee to assist with work in the accounting office. Which of the following controls should be in place to ensure the temporary employee performs the assigned work before payment is issued?
During the planning stage of an assurance engagement, an internal auditor has been assigned to prepare a risk matrix. Which of the following should the internal auditor consider when attempting to identify process-level risks?
An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization ' s board under which of the tollowing circumstances ' ?
1. In the opinion of the CAE the level of residual risk assumed by senior management is too high
2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales
3. The cost of modifying the sales system to include a preventive control is less than S100.000
Which of the following approaches to understanding business processes is conducted from a broad organizational perspective and has the greatest risk of overlooking processes that are ultimately critical?
Which of the following describes (he primary reason why a preliminary risk assessment is conducted during engagement planning?
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
An internal audit team leader is having difficulties completing the planning phase of an assurance engagement because the business unit lacks a system of internal controls. Which of the following is the most appropriate course of action for the internal audit team leader?
An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization ' s health and safety program?
An internal auditor s examination of accounts receivable generates the following results:
What is the projected misstatement for the population if ratio estimation is used?
Which of the following factors should a chief audit executive consider when determining the audit universe?
1. Components of the organization ' s strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.
An internal audit intends to create a risk and control matrix to better understand the organization ' s complex manufacturing process. With which of the following approaches would the auditor most likely start?
When auditing an organization ' s purchasing function, which of the following appropriately matches an engagement objective and the resulting audit procedure?
Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?
In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?
To effectively communicate the acceptance of risk in an organization a chief audit executive must first consider which of the following?
An internal auditor is performing a review of an organization ' s vendor for any possible conflicts of interest. Which of the following would provide the greatest assistance to the auditor in meeting this objective?
The organization’s internal audit charter was last updated six years ago to update the charter, which of the following actions is most appropriate for the chief audit executive to take?
According to IIA guidance, which of the following is based on the results of a preliminary assessment of risks relevant to the area under review?
A chief audit executive (CAE) identifies that the internal audit activity lacks a necessary skill to perform a management request for a consulting engagement. According to IIA guidance, which of the following Is the most appropriate action the CAE should take regarding the request?
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
An internal auditor developed a list of internal and external risk considerations across the organization ' s processes, developed a scale to assess each risk and allocated the relative importance of each risk. When of the following approaches did the auditor take?
An internal auditor receives a document displaying all the steps of a process and the path taken as transactions flow between each step of the process How is the internal auditor most likely to use This document during the engagement?
Which of the following is the most appropriate approach for the internal audit activity to follow up on management action plans?
Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?
The head of customer service asked the chief audit executive (CAE) whether eternal auditors could assist her staff with conducting a risk self-assessment in the customer service department. The CAE promised to meet with customer service managers analyze relevant business processes, and come up with a proposal. Who is most likely to be the final approver of the engagement objectives and scope?
An organization has a mature control environment but limited internal audit resources. Given this scenario, on which of the following should the internal auditors focus their testing?
According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?
An internal auditor has discovered that duplicate payments were made to one vendor Management has recouped the duplicate payments as a corrective action Which of the following describes managements action in this case?
What would be the effect if an organization paid one of its liabilities twice during the year, in error?
The chief audit executive (CAE) is developing a workpaper preparation policy for a new internal audit activity. The CAE wants to ensure that all workpapers relate directly to the engagement objectives. Which of the following statements should be included in the policy specifically to address this concern?
An internal auditor completes a series of engagement steps and is ready to turn in the workpapers for the engagement supervisor’s review. The auditor has additional, separate notes about the engagement and is unsure what to do with them. The workpapers are complete and contain sufficient information to support the engagement work. What should the auditor do with the additional notes, according to IIA guidance?
According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?
A corporate merger decision prompts the chief audit executive (CAE) to propose interm changes to the existing annual audit plan to account for emerging risks Which of the following Is the most appropriate action for the CAE to take regarding the changes made to the audit plan?
Which of The following best justifies an internal auditor ' s decision to issue a preliminary audit report?
Which of the following statements about including consulting engagements in the annual internal audit plan is true?
An internal auditor examined a nostatistical sample of open accounts receivable balances and discovered that 10 out of 60 exceeded the approved unseated credit limit threshold defined by the organization ' s policy What should the auditor document in the workpapers?