An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization's health and safety program?
Considering the five-attribute approach to documenting deficiencies in an area under review which of the following answers the question. "What should be in place?’’
The board of directors expressed concerns about potential external risks that could impact the organization s ability to meet its annual objectives and goals The board requested consulting services from the internal audit activity to gain insight regarding the external risks Which of the following engagement objectives would be appropriate to fulfill this request?
Which of the following manual audit approaches describes testing the validity of a document by following it backward to a previously prepared record?
A healthcare organization's chief audit executive (CAE) noted that the organization's IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization's chief information officer (ClO) does not agree with the audit team's recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?
According to IIA guidance, which of the following activities is most likely to enhance stakeholders' perception of the value the internal audit activity (IAA) adds to the organization?
1. The IAA uses computer-assisted audit techniques and IT applications.
2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.
3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.
4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.
The internal auditor and her supervisor are in dispute about a risk that was not tested during an audit of the procurement function. Which of the following tools would best support the auditor's decision not to test the risk?
The internal audit activity has adopted the balanced scorecard approach to assess its performance According to MA guidance which of the following is a key performance indicator relevant to the audit client?
Which of the following statements regarding the risk management process' support of the internal audit activity is true?
Prior to performing testing an internal auditor has determined that a primary process control failed due to design weakness. Which of the following actions should the auditor perform next?
Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.
An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?
An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement.
3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.
Which of the following statements is true regarding internal control questionnaires?
A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?
After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?
When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?
1. The competency and qualifications of the audit staff for specific assignments.
2. The effectiveness of IAA staff performance measures.
3. The number of training hours received by staff auditors compared to the budget.
4. The geographical dispersion of audit staff across the organization.
An internal auditor is asked to review a recently completed renovation to a retail outlet. Which of the following would provide the most reliable evidence that the completed work conformed to the plan?
Which of the following is least likely to help ensure that risk is considered in a work program?
An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person Which of the following risks most appropriately describes this situation?
When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?
An internal auditor is planning to audit the organization's payroll function, which was recently outsourced. Which of the following is the most appropriate first step for the auditor?
An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?
When auditing an organization's cash-handling activates which of the following is the most reliable form of testimonial evidence an internal auditor can obtain?
The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA.
4. Arrange for reciprocal peer review with another CAE.
An organization buys crude oil on the open market and refines it into a high-quality gasoline. The price of crude oil is extremely volatile. Which of the following is the most appropriate risk management technique to protect the organization against these price fluctuations?
A code of business conduct should include which of the following to increase its deterrent effect?
1. Appropriate descriptions of penalties for misconduct.
2. A notification that code of conduct violations may lead to criminal prosecution.
3. A description of violations that injure the interests of the employer.
4. A list of employees covered by the code of conduct.
An internal auditor is preparing for an auditor of newly implemented software that is used by 3,000 employees in South America and Europe. What would be the best way for the auditor to gather relevant feedback?
According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?
1. Coordinate post-engagement conferences to discuss the final audit report with management.
2. Include management's responses in the final audit report.
3. Review and approve the final audit report.
4. Determine who will receive the final audit report.
Which of the following is an appropriate role for the internal audit activity with regard to the organization's risk management program?
When forming an opinion on the adequacy of management's systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?
• During an audit of the hiring process in a law firm, it was discovered that potential employees' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.
• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.
• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.
• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.
Which of the following statements accurately describes the Standards requirement for ret internal audit records?
A chief audit executive's report to the board showed a significant trend of recent aud4s going over planned budgeted hours. Which of the following factors could cause this trend?
According to IIA guidance, which of the following statements are true regarding the internal audit plan?
1. The audit plan is based on an assessment of risks to the organization.
2. The audit plan is designed to determine the effectiveness of the organization's risk management process.
3. The audit plan is developed by senior management of the organization.
4. The audit plan is aligned with the organization's goals.
An internal auditor wants to identity potential ghost employees in the organization's payroll system The auditor extracts the following data
- Human resources data with employees' names addresses employment conditions and identification codes
- Payroll data
- Logs from entrance systems
With this data, which of the following types of ghost employees will the auditor be able to identify?
When estimating the impact of an inherent risk, which of the following should internal auditors consider?
Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?
1. The hedge documentation designating the hedge.
2. The spot exchange rate on the transaction date.
3. The terms of the forward contract.
4. The amount of fuel purchased.
The chief audit executive can illustrate the value of the internal audit activity by reporting which of the following to the board?
According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?
An internal control questionnaire would be most appropriate in which of the following situations?
The chief audit executive (CAE) determined that the internal audit activity lacks the resources needed to complete the internal audit plan Which of the following would be the most appropriate action tor the CAE to take?
An internal auditor is preparing an internal control questionnaire for the procurement department as part of a preliminary survey. Which of the following would provide the best source of information for questions?
An internal auditor is planning a consuming engagement and the objective is to identify opportunities to improve the efficiency of the organization’s procurement process. The auditor is preparing to conduct a preliminary survey of the area. Which of the following approaches would be most useful to obtain relevant information to support the engagement objective?
The final engagement communication contains the following observation:
The internal auditor discovered that three of the 10 contracts reviewed failed to meet the organization's competitive bidding requirements Management explained that senior management deemed these purchases to be critical and awarded them as sole-source."
Which of the following components is missing in the documentation of the observation?
According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?
Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?
According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?
Which of the following statements is true regarding the audit objective for an assurance engagement?