Spring Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65
marks4sure logo
A chief audit executive (CAE) is reviewing the internal audit activity ' s performance and is concerned that the average number of revisions to findings is steadily rising, making it increasingly difficult to trace the finding to the supporting evidence and workpapers. According to MA guidance, which of the following elements of the internal audit activity ' s quality assurance and improvement program would provide the CAE with the most helpful insight into the cause of this problem?
Which of the following would be considered a violation of The IIA ' s mandatory guidance on independence?
Which of the following is a product-oriented definition of a business rather than a market-oriented definition of a business?
Which of the following distinguishes the added-value negotiation method from traditional negotiating methods?
A headquarters-based internal auditor has been sent to a major overseas subsidiary to conduct various engagements. Initially, the internal auditor spends time to become familiar with local customs and organization ' s practices while embarking on the first engagement. Which of the following competencies does the internal auditor exercise?
During an audit, the client questions the internal audit activity ' s authority to perform procedures over fraud allegations. According to HA guidance, which of the following would provide the most relevant support to respond to the client ' s concerns?
Which of the following actions would be characterized as a preventive control to safeguard inventory from the risk of theft?
1. Locking doors and physically securing inventory items.
2. Independently observing the receipt of materials.
3. Conducting monthly inventory counts.
4. Requiring the use of employee ID badges at all times.
Which of the following factors have the greatest influence on the independence of the internal audit activity?
According to IIA guidance, which of the following statements is true regarding the reporting of results from an external quality assessment of the internal audit activity?
Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit?
1. Acceptance of CAATs findings by entity management.
2. Computer knowledge and expertise of the auditor.
3. Time constraints.
4. Level of audit risk.
Which of the following statements accurately describes one of the characteristics that distinguishes a multinational company from a domestic company?
According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization ' s network and data?
Which of the following options is the most cost-effective and efficient way for internal auditors to keep current with the latest developments in the internal audit profession?
A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.
Which of the following controls is correctly classified?
1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.
2. Defensive driver training is an example of a directive control.
3. The installation of tracking devices in delivery vehicles is an example of a corrective control.
4. Providing a vehicle driver handbook is an example of a detective control.
Which of the following is a requirement for an assurance engagement that may not be for a consulting engagement?
According to IIA guidance, which of the following scenarios demonstrates an internal auditor exercising due professional care?
When auditing investments, the auditor identified instruments with which he was unfamiliar. He decided not to select that type of investment in his sample, as he did not have the knowledge needed to A. perform a proper assessment.
B. An auditor was reviewing inventory counts conducted by the warehouse staff. One truck containing an immaterial amount of inventory was off-site and wasn ' t verified by the auditor.
C. An auditor visited a plant that produces a significant portion of the organization ' s inventory. The day he arrived, the plant manager was out sick, so the auditor issued the report without interviewing the manager.
D. An auditor in charge needed to have testing completed by the end of the month, but was behind schedule. He identified a junior auditor to conduct the work for him on a complex area of the organization.
Which of the following statements best describes the frameworks set forth by the International Standards Organization?
Which of the following does not provide operational assurance that a computer system is operating properly?
When an organization is choosing a new external auditor, which of the following is the most appropriate role for the chief audit executive to undertake?
Which of the following is a major advantage of decentralized organizations, compared to centralized organizations?
Internal auditors must exercise due professional care by considering which of the following?
1. Cost of assurance in relation to potential benefits.
2. Adequacy and effectiveness of governance, risk management, and control processes.
3. Management ' s competency level in the area being evaluated.
4. Probability of significant errors, fraud, or noncompliance.
Sometimes, internal audit staff may partner with operating managers to rank risks. Which of the following outcomes may be the most beneficial aspects of this strategy?
1. Reappraising risks levels.
2. Providing accurate information to management.
3. Marketing the internal audit activity.
4. Planning safeguards for assets in high-risk areas.
Which of the following is true regarding the use of a formal risk management framework?
1. It facilitates a methodical approach to risk mitigation.
2. It defines and standardizes the terminology used in risk communication.
3. It establishes the risk tolerance levels to be accommodated in the strategy.
4. It facilitates the alignment of risk mitigation strategies with management priorities.
Faced with a complex, highly technical construction audit engagement, the chief audit executive (CAE) considered complementing the current internal audit resources by engaging the services of a civil engineer.
Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?
1. Professional certification, license, or other recognition of the engineer ' s competence in the relevant discipline.
2. Experience of the engineer in the type of work being considered.
3. Compensation or other incentives that the engineer may receive.
4. The extent of other ongoing services that the engineer may be performing for the organization.
The security department uncovered what appears to be a complex fraud in the accounting department. The CEO has requested the internal audit activity to investigate the fraud. If the internal audit staff lacks the expertise to conduct the investigation, how should the chief audit executive proceed?
According to The MA Global Internal Audit Competency Framework, which of the following areas of training would best assist the internal audit activity in improving its use of tools and techniques?
Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor ' s most appropriate next step?
An internal audit charter, approved by the board, restricts the internal audit activity to providing assurance only on the reliability of financial information and the effectiveness of internal accounting controls. Which of the following statements is true regarding the extent to which the external auditor may rely on the internal audit activity ' s work?
An auditor identifies three errors in the sample of 25 entries selected for review (a 12 percent error rate). Based on this result, the auditor assumes that approximately 59 of the total population of 492 entries are incorrect. To reach this assumption, the auditor has used a technique known as which of the following?
An organization decides to take no action on one of its financial risks because the cost of implementing the control outweighs the value of the asset being protected. Which of the following best describes this risk strategy?
An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use?
Forty-five percent of an organization ' s customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates $1.25 million customer payments due during the contract period.
Which of the following represents the organization ' s residual risk for online customer payments due?
According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?
An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?
Which of the following conditions are necessary for successful change management?
1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.
According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?
The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?
Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?
1. The hedge documentation designating the hedge.
2. The spot exchange rate on the transaction date.
3. The terms of the forward contract.
4. The amount of fuel purchased.
A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization ' s payroll function, which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?
The manager for an organization ' s accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?
An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. Which of the following is an example of risk reduction?
An internal auditor uses a predefined macro provided in a popular spreadsheet application to verify the present value of the organization ' s investments. Which of the following is the most appropriate course of action regarding the auditor ' s use of this functionality?
Which of the following are generally recognized as essential elements of a corporate social responsibility program?
According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?
1. Coordinate post-engagement conferences to discuss the final audit report with management.
2. Include management ' s responses in the final audit report.
3. Review and approve the final audit report.
4. Determine who will receive the final audit report.
An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?
Which of the following factors should a chief audit executive consider when determining the audit universe?
1. Components of the organization ' s strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.
Which of the followings statements describes a best practice regarding assurance engagement communication activities?
An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement.
3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.
An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?
According to IIA guidance,which of the following is true about the supervising internal auditor ' s review notes?
• They are discussed with management prior to finalizing the audit.
• They may be discarded after working papers are amended as appropriate.
• They are created by the auditor to support her fieldwork in case of questions.
• They are not required to support observations issued in the audit report.
A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline ' s pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?
When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?
1. The competency and qualifications of the audit staff for specific assignments.
2. The effectiveness of IAA staff performance measures.
3. The number of training hours received by staff auditors compared to the budget.
4. The geographical dispersion of audit staff across the organization.
Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?
Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity ' s responsibility with regard to assessing an organization ' s privacy framework?
Which of the following items should the chief audit executive disclose to senior management regarding the results of the internal audit activity ' s quality assessments?
When creating the internal audit plan, the chief audit executive should prioritize engagements based primarily on which of the following?
According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management ' s response to audit recommendations?
Which of the following is most likely to enhance an internal auditor ' s objectivity?
The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?
According to the COSO enterprise risk management framework, which of the following best describes the activity that helps ensure risk responses are carried out effectively?
When auditing the award of a major contract, which of the following should an internal auditor suspect as a red flag for a bidding fraud scheme?
1. Subsequent change orders increase requirements for low-bid items.
2. Material contract requirements are different on the actual contract than on the request for bids.
3. A high percentage of employees are charged to indirect accounts.
4. Losing bidders are hired as subcontractors.
Which of the following techniques would provide the most compelling evidence that a safety hazard exists within a manufacturing facility?
Click the Exhibit.
Internal auditors are asked to keep track of how many hours per day they spend planning the audit, conducting the engagement, and writing the audit report. The data for two days has been collected as follows:
Day 1
Day 2
Planning the audit
2 hours
3 hours
Conducting the engagement
1 hour
1 hour
Writing the audit report
2 hours
4 hours
Which of the following graphs depicts the data accurately?
According to the International Professional Practices Framework, which of the following are allowable activities for an internal auditor?
1. Advocating the establishment of a risk management function.
2. Identifying and evaluating significant risk exposures during audit engagements.
3. Developing a risk response for the organization if there is no chief risk officer.
4. Benchmarking risk management activities with other organizations.
5. Documenting risk mitigation strategies and techniques.
According to MA guidance, which of the following best describes an adequate management (audit) trail application control for the general ledger?
According to MA guidance on IT which of the following best describes a but recovery and restore processes have not been defined?
An organization decided to install a motion detection system in its warehouse to protect against after-hours theft. According to the COSO enterprise risk management framework, which of the following best describes this risk management strategy?
According to MA guidance on IT. which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?
According to IIA guidance, which of the following is a primary component of a network security strategy?
When initiating international ventures, an organization should consider cultural dimensions in order to prevent misunderstandings. Which of the following does not represent a recognized cultural dimension in a work environment?
Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users?
A software that translates hypertext markup language (HTML) documents and allows a user to view a remote web page is called:
Refer to the exhibit.
Presented below are partial year-end financial statement data (000 omitted from dollar amounts) for companies A and B:
If company A has a quick ratio of 2:1, then it has an accounts receivable balance of:
An internal auditor is reviewing physical and environmental controls for an IT organization. Which control activity should not be part of this review?
Which of the following are typical responsibilities for operational management within a risk management program?
1. Implementing corrective actions to address process deficiencies.
2. Identifying shifts in the organization ' s risk management environment.
3. Providing guidance and training on risk management processes.
4. Assessing the impact of mitigation strategies and activities.
A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software.
Copy 1 was solely for backup purposes.
Copy 2 was for use by another member of the department.
In terms of software licenses and copyright law, which of the following is correct?
If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?
An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization ' s health and safety program?
An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?
An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?
Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?
According to IIA guidance, organizations have the most influence on which element of fraud?
Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?
• The annual audit plan should include audits that are consistent with the skills of the IAA.
• Audits of high-risk areas of the organization should be conducted by internal audit staff.
• External resources may be hired to provide subject-matter expertise but should be supervised.
• Auditors should develop their skills by being assigned to complex audits for learning opportunities.
According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?
An internal audit activity is using the auditing-by-element approach to audit the organization ' s controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?
Which of the following behaviors could represent a significant ethical risk if exhibited by an organization ' s board?
An internal auditor and engagement client are deadlocked over the auditor ' s differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
According to IIA guidance, which of the following should be formally documented in the internal audit charter?
According to the HA Code of Ethics, which of the following statements best describes the principle of competency?
During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?
A chief audit executive (CAE) received a detailed internal report of senior management ' s internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management ' s assertions?
An organization ' s internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?
1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.
2. The AIC should notify HR management before the planning stage begins.
3. The AIC should schedule formal status meetings with HR management at the start of the engagement.
4. The AIC should finalize the scope of the engagement before communicating with HR management.
Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.
The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?
Which of the following is least likely to help ensure that risk is considered in a work program?
An organization ' s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?
Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?
When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?
A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?
1. The client manager and her superior.
2. Anyone who may object to the report’s validity.
3. Anyone required to take action.
4. The same individuals who receive the final report.
According to IIA guidance, which of the following statements are true regarding the internal audit plan?
1. The audit plan is based on an assessment of risks to the organization.
2. The audit plan is designed to determine the effectiveness of the organization ' s risk management process.
3. The audit plan is developed by senior management of the organization.
4. The audit plan is aligned with the organization ' s goals.
Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?
A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization ' s attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?
Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?
According to IIA guidance, which of the following activities is most likely to enhance stakeholders ' perception of the value the internal audit activity (IAA) adds to the organization?
1. The IAA uses computer-assisted audit techniques and IT applications.
2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.
3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.
4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.
Which of the following situations would justify the removal of a finding from the final audit report?
Which of the following best describes the four components of a balanced scorecard?
The final internal audit report should be distributed to which of the following individuals?
The board has asked the internal audit activity (IAA) to be involved in the organization ' s enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?
Which of the following is the primary purpose of financial statement audit engagements?
When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?
An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?
After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?
Which of the following components should be included in an audit finding?
1. The scope of the audit.
2. The standard(s) used by the auditor to make the evaluation.
3. The engagement ' s objectives.
4. The factual evidence that the internal auditor found in the course of the examination.
An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank ' s IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?
When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?
1. Add value.
2. Improve operations.
3. Provide assurance that the internal audit activity conforms with the Standards.
4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.
According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?
Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?
1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.
2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.
3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.
4. Communicate to senior management a summary report on the status and adequacy of audit resources.
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?
1. Graded positive opinion.
2. Negative assurance opinion.
3. Limited assurance opinion.
4. Third-party opinion.
When forming an opinion on the adequacy of management ' s systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?
• During an audit of the hiring process in a law firm, it was discovered that potential employees ' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.
• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.
• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.
• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.
Which of the following responsibilities would fall under the role of the chief audit executive, rather than internal audit staff or the audit manager?
During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?
While auditing an organization ' s credit approval process, an internal auditor learns that the organization has made a large loan to another auditor ' s relative. Which course of action should the auditor take?
Management is developing and implementing a risk and control framework for use throughout the organization. Which of the following elements should be included in the organization ' s control framework?
1. Appropriate levels of authority and responsibility.
2. Supervision of staff and appropriate review of work.
3. The seniority of management in the organization.
4. The ability to trace each transaction to an accountable and responsible individual.
According to IIA guidance, which of the following are macro-level audit activities performed for an assurance engagement of the purchasing department?
1. Obtain and review all purchasing-related audit reports issued within the past year.
2. Meet with the quality assurance group to discuss its previous reports of any purchasing-related findings.
3. Review a memo written by the purchasing manager that outlines ongoing problems with the purchasing software.
4. Request a copy of the report from a purchasing audit conducted last year by an external service provider.
During an audit engagement, the internal auditor discussed a risk mitigation recommendation with the manager of the area under review. The manager disagreed with the risk assessment and recommendation. The two failed to come up with an alternative solution, and the auditor decided to proceed with including the original recommendation in the engagement report. Which of the following is especially important in dealing with this type of situation?
According to IIA guidance, which of the following external groups is most likely to represent a liability risk, based on activities associated with the organization ' s corporate social responsibility program?
The internal audit activity is planning a procurement audit and needs to obtain a thorough understanding of the subcontracting process, which can involve multiple individuals in multiple countries.
Which of the following internal audit tools would be most effective to document the process and the key controls?
Which of the following should an organization consider when developing strategic objectives for its business processes?
1. Contribution to the success of the organization.
2. Reliability of operational information.
3. Behaviors and actions expected of employees.
4. How inputs combine with outputs to generate activities.
Import quotas that limit the quantities of goods that a domestic subsidiary can buy from its foreign parent company represent which type of barrier to the parent company?
Which of the following statements is in accordance with COBIT?
1. Pervasive controls are general while detailed controls are specific.
2. Application controls are a subset of pervasive controls.
3. Implementation of software is a type of pervasive control.
4. Disaster recovery planning is a type of detailed control.
According to MA guidance, which of the following would indicate poor change management control?
1. Low change success rate
2. Occasional planned outages
3. Low number of emergency changes.
4. Instances of unauthorized changes
When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?
The board has requested that the internal audit activity be involved in all phases of the organization ' s outsourcing of its network management. During which of the following stages is the internal auditor most likely to verify that the organization ' s right-to-audit clause is drafted effectively?
Which of the following examples demonstrates that the internal audit activity uses descriptive analytics in its engagements?
In creating a risk-based plan, which of the following best describes a top-down approach to understanding business processes?
Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?
1. The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2. The IAA must assess whether the IT governance of the organization supports the organization’s strategies and objectives.
3. The IAA may assess whether the IT governance of the organization supports the organization’s strategies and objectives.
4. The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization’s strategies and objectives.
When granting third parties temporary access to an entity ' s computer systems, which of the following is the most effective control?
A brand manager in a consumer food products organization suspected that several days of the point-of-sale data on the spreadsheet from one grocery chain were missing. The best approach for detecting missing rows in spreadsheet data would be to:
Which of the following statements is false regarding the internal audit approach when a set of standards other than The IIA ' s Standards is applicable to a specific engagement?
The percentage of sales method, rather than the percentage of receivables method, would be used to estimate uncollectible accounts if an organization seeks to:
An internal auditor discovered that several unauthorized modifications were made to the production version of an organization ' s accounting application. Which of the following best describes this deficiency?
As it relates to the data analytics process, which of the following best describes the purpose of an internal auditor who cleaned and normalized data?
Operational management in the IT department has introduced performance evaluation policies that are linked to employees achieving continuing education hours. This activity is designed to prevent which of the following conditions?
Which of the following statements is true regarding the roles and responsibilities associated with a corporate social responsibility (CSR) program?
According to IIA guidance, which of the following would be a primary reason for an internal auditor to test the organization ' s IT contingency plan?
A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:
An organization has started allowing employees to use their personal smart devices to accept vendor payments. What should the organization ' s bring-your-own-device (BYOD) policy include to specifically address security and privacy required by the Payment Card Data Security Standard (PCI DSS)?
Which type of bond sells at a discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?
Within an enterprise, IT governance relates to the:
1. Alignment between the enterprise ' s IT long term plan and the organization ' s objectives.
2. Organizational structures of the company that are designed to ensure that IT supports the organization ' s strategies and objectives.
3. Operational plans established to support the IT strategies and objectives.
4. Role of the company ' s leadership in ensuring IT supports the organization ' s strategies and objectives.
Which of the following are appropriate functions for an IT steering committee?
1. Assess the technical adequacy of standards for systems design and programming.
2. Continually monitor of the adequacy and accuracy of software and hardware in use.
3. Assess the effects of new technology on the organization`s IT operations.
4. Provide broad oversight of implementation, training, and operation of new systems.
Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:
Activity Level -
Maintenance Cost
Month
Patient Days
Incurred
January
5,600
$7,900
February
7,100
$8,500
March
5,000
$7,400
April
6,500
$8,200
May
7,300
$9,100
June
8,000
$9,800
If the cost of maintenance is expressed in an equation, what is the independent variable for this data?
Which of the following statements regarding program change management is not correct?
An organization has a complex systems infrastructure consisting of multiple internally developed, off the shelf, and purchased but significantly customized applications. Some of these applications share databases or process data that is used by another stand-alone application, and interfaces have been written to move data between these applications as needed through batch processing Which of the following situations presents the greatest risk exposure given this environment?
What is the most significant potential problem introduced by just-in-time inventory systems?
Which of the following stages of group development is associated with accepting team responsibilities?
According to IIA guidance, which of the following statements is true regarding analytical procedures?
According to IIA guidance, which of the following steps are most important for an internal auditor to perform when evaluating an organization ' s social and environmental impact on the local community?
Determine whether previous incidents have been reported, managed, and resolved.
Determine whether a business contingency plan exists.
Determine the extent of transparency in reporting.
Determine whether a cost/benefit analysis was performed for all related projects.
Which of the following statements is true regarding reversing entries in an accounting cycled
Which of the following describes the free trade zone in an e-commerce environment?
An internal auditor is trying to assess control risk and the effectiveness of an organization ' s internal controls. Which of the following audit procedures would not provide assurance to the auditor on this matter?
TESTED 02 May 2026