When presenting an observation m writing which or the Mowing is usually true regarding the level of detail provided?
1. The description of the observation in the final audit report contains more detail then the description m the engagement workpapers
2. The description of the observation m the engagement workpapers contains more detail than the descriptor n a preliminary observation document
3. A preliminary observation document contains more detail than tie observation description in the final audit report
4. A preliminary observation document contains more detail than tie observation description in the engagement workpapers
Besides a chief audit executive's professional experience what determines the frequency and approach to assessing residual risk?
Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?
In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization's management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?
An examination of the accounts payable function evidenced multiple findings with respect to segregation of duties. After management's response and action plan are received and documented in the final report, which of the following is most appropriate?
Which of the following internal audit activities is performed in the design evaluation phase?
During a review of data privacy an internal auditor is tasked with testing management's identification and prioritization of critical data collected by the organization. Which of the following steps would accomplish this objective?
According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?
According to IIA guidance, when of the Mowing statements is true regarding an engagement supervisor's use of review notes?
Which of the following statements about internal audit's follow-up process is true?
Which of the following is the most appropriate approach for the internal audit activity to follow up on management action plans?
The following is a list of major findings in the executive summary report for an audit of the contract management process
- Noncompliance with contract provisions requiring vendors to obtain insurance policies with indemnity value of not less than $1 million
- Compliance with contract obligations and deliverables is not monitored
- No contract agreement with five vendors providing core services
Which of the following is an appropriate conclusion that can be drawn from these findings?
According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?
Which of the following engagement techniques would be best to meet the objective of denting a personal conflict -of -interest situation affecting an organization’s procurement function?
Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?
When estimating the impact of an inherent risk, which of the following should internal auditors consider?
Which of the following audit steps would an internal auditor perform when reviewing cash disbursements to satisfy IIA guidance on due professional care?
What information would be most useful to an internal auditor who is attempting to identify specific processes to include in the scope of an assurance engagement?
Which of the following factors would be the most critical in determining which engagements should be included in the annual internal audit plan?
The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?
Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
An internal auditor is asked to perform an assurance engagement in the organization's newly acquired subsidiary When developing the objectives tor the engagement which ot the following statements describes the most important items that the auditor needs to consider?
An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for
testing. Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?
While conducting a review of the logistics department the internal audit team identified a crucial control weakness. The chief audit executive (CAE) decided to prepare an audit memorandum for management of the logistics department followed by an informal meeting What is the most likely reason the CAE decided to prepare the audit memorandum?
An internal auditor is planning a consuming engagement and the objective is to identify opportunities to improve the efficiency of the organization’s procurement process. The auditor is preparing to conduct a preliminary survey of the area. Which of the following approaches would be most useful to obtain relevant information to support the engagement objective?
An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?
An internal auditor has suspicions that the management of a department splits me number of planned purchases to avoid the approval process required for larger purchases. Which of the following would be the most efficient technique to help the auditor identify the seventy of this malpractice?
Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?
During a previous audit engagement, an internal auditor recommended that management implement a whistleblowing process. During follow-up, the auditor discovered that the process has been outsourced. Which of the following is the most appropriate response for the internal auditor?
When creating the internal audit plan, the chief audit executive should prioritize engagements based primarily on which of the following?
Which of the following should be the focus of the effect section of the preliminary observations document?
Which of the following statements is true regarding the audit objective for an assurance engagement?
The head of customer service asked the chief audit executive (CAE) whether internal auditors could assist her staff with conducting a risk self-assessment in the customer service department The CAE promised to meet with customer service managers analyze relevant business processes and come up with a proposal Who is most likely to be the final approver of the engagement objectives and scope?
Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?
Which of the following would offer the strongest evidence to support the internal auditor's conclusion that a product is in stock, as stated in the accounting records?
Which of the following should be described in the recognition element of a typical internal audit repot?
According to IIA guidance, which of the following is a limitation of a heat map?
An internal auditor selects a sample of paid invoices and matches them to receiving reports. What is the most likely purpose for this procedure?
As part of internal audit's assistance with an annual external audit, the internal auditors are required to do a preliminary analytical review of an bank account balances. This involves verifying the current year end balances as web as comparing the current year end balances with previous year end balances to highlight significant changes. Which of the following is the most reliable source for verification of the current year end bank balances?
For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?
According to IIA guidance, which of the following statements are true regarding the internal audit plan?
1. The audit plan is based on an assessment of risks to the organization.
2. The audit plan is designed to determine the effectiveness of the organization's risk management process.
3. The audit plan is developed by senior management of the organization.
4. The audit plan is aligned with the organization's goals.
Upon the completion of an audit engagement an audit manager performs a review of a staff auditor's workpapers. Which of the following actions by the manager is the most appropriate this review''
The internal audit manager has been delegated the task of preparing the annual internal audit plan for the forthcoming fiscal year. All engagements should be appropriately categorized and presented to the chief audit executive for review. Which of the following would most likely be classified as a consulting engagement?
An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?
Which of the following risk assessment approaches involves gathering data from work team representing different levels of an organisation?
During the review of an organization's retail fraud deterrence program, an employee mentions that an expensive fraud surveillance information system is rarely used. The internal auditor concludes that additional staff are required to properly utilize the system to its full potential. According to IIA guidance, which criteria for evidence is most lacking to reach this conclusion?
According to HA guidance on IT, which of the following actions would be performed as part of the "Define IT Universe" stage of the IT audit plan development process?
Which of the following represents the best method for confirming that vendor invoices were for authorized purchases?
As part of the preliminary survey, an internal auditor sent an internal control questionnaire to the accounts payable function Based on the questionnaire responses, the auditor determines that there is no established procedure for adding and approving new vendors. What would the auditor do next?
According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?
Management has taken immediate action to address an observation received during an audit of the organization's manufacturing process Which of the following is true regarding the validity of the observation closure?
A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?
The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA.
4. Arrange for reciprocal peer review with another CAE.
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?
1. Graded positive opinion.
2. Negative assurance opinion.
3. Limited assurance opinion.
4. Third-party opinion.
To which of the following aspects should the chief audit executive give the most consideration while communicating an identified unacceptable risk to management?
Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?
Which of the following is one of the differences between probability-proportional-to-size (PPS) and attribute sampling?
Which of the following actions is the most appropriate response for an internal auditor to take when a significant risk is identified during a consulting engagement?
Which of the following is an appropriate documentation of proper engagement supervision?
Which of the following would be the most helpful to a chief audit executive when developing a talent management strategy?
Senior management requested that the internal audit activity perform a consulting project to assist in making a decision on a new software system. Which of the following would be used to determine the engagement objectives?
An internal auditor wants to identity potential ghost employees in the organization's payroll system The auditor extracts the following data
- Human resources data with employees' names addresses employment conditions and identification codes
- Payroll data
- Logs from entrance systems
With this data, which of the following types of ghost employees will the auditor be able to identify?
A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.
Which of the following is the primary reason a chief audit executive should network with an organization’s executives?
Which of the following computerized audit tools or techniques should be used if the internal auditor wants to extract specific files and records in the database?
The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?
When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?
1. The competency and qualifications of the audit staff for specific assignments.
2. The effectiveness of IAA staff performance measures.
3. The number of training hours received by staff auditors compared to the budget.
4. The geographical dispersion of audit staff across the organization.
To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?
An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?
According to IIA guidance which of the following statements is true regarding the annual audit plan?
An internal auditor is using attributes sampling to test internal controls. Under which of the following circumstances would the auditor increase the original sample size to estimate error occurrence at a given precision and confidence level?
Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?
1. The hedge documentation designating the hedge.
2. The spot exchange rate on the transaction date.
3. The terms of the forward contract.
4. The amount of fuel purchased.
Which of the following approaches would best help an internal auditor determine whether a retailer database of 100,000 customers has nay duplicate accounts?
At a construction company, an internal auditor is planning an audit of the company's process for designing and building grid connections The process involves customers making payments m three parts
• The first payment of 10% after approval of the customer s application
• The second payment of 70% prior to construction
• The third payment of 20% after construction is complete
Which of the following key controls should the auditor test to ensure that the company is not taking any unwanted credit risks?
During audit engagement planning, an internal auditor is determining the best approach for leveraging computer-assisted audit techniques (CAATs). Which of the following approaches maximizes the use of CAATs and why?
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?
Senior management is challenging regulatory fines that were assessed to the organization due to questionable business practices. Their actions and the fines could have an adverse effect on the organization's ability to continue business. How would the chief audit executive respond?
How do internal auditors generally determine the priority of the areas within the engagement scope?
Which of The following best justifies an internal auditor's decision to issue a preliminary audit report?
Which of the following statement is consistent with IIA guidance the use of mentoring for internal auditors?
Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?
In which of the following situations would an internal control questionnaire best suit the internal auditor's purpose?
An organization recently acquired a subsidiary in a new industry, and management asked the chief audit executive (CAE) to perform a comprehensive audit of the subsidiary prior to recommencing operations The CAE is unsure her team has the necessary skills and knowledge to accept the engagement According to IIAguidance, which of the following responses by the CAE would be most appropriate?
The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?
During follow-up. the internal auditor discovered that operational management did not implement effective actions to address a significant control breach If the issue is left unresolved it may result in regulatory sanctions and damage the organization's reputation What is the most appropriate next step for the chief audit executive to lake?
When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?
According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?
When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?
1. Add value.
2. Improve operations.
3. Provide assurance that the internal audit activity conforms with the Standards.
4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.
An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization's board under which of the tollowing circumstances'?
1. In the opinion of the CAE the level of residual risk assumed by senior management is too high
2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales
3. The cost of modifying the sales system to include a preventive control is less than S100.000
According to IIA guidance, how should an internal auditor apply any relevant information obtained from an internal consulting engagement during a related internal audit engagement?
An internal auditor plans to conduct a walk-through to evaluate the control design of a process. Which of the following techniques is the auditor most likely to use?
According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?
1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.
2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.
3. Provide structured learning opportunities for engagement auditors when possible.
4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.
It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?
An internal audit activity plans its engagements based on an organization-wide risk assessment. According to IIA guidance, which of the following statements is true regarding the required frequency of the risk assessment?
When auditing an organization's cash-handling activates which of the following is the most reliable form of testimonial evidence an internal auditor can obtain?
In an organization with a large internal audit activity that has several audit teams performing engagements simultaneously which of the following tasks is an engagement supervisor most likely to perform during the planning phase of a new engagement?
Management testimony of improper segregation of duties in the cash receipt process can be considered which of the following?
During an internal audit engagement, which of the following is true regarding the decision to use statistical sampling or nonstatistical sampling?
A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?
1. The client manager and her superior.
2. Anyone who may object to the report’s validity.
3. Anyone required to take action.
4. The same individuals who receive the final report.
Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?
Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?
An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement.
3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.
Which of the following internal control attributes should internal auditors consider testing during a review of the board of directors?
An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.
Which of the following techniques will help the audit team achieve this sampling objective?
Which of The following best describes a risk that is deemed "unacceptable" to the organization?
An internal auditor wants to compare performance information from one quarter to another. Which analytics procedure would the auditor use?
Which of the following is an inherent risk of issuing an opinion on the overall effectiveness of internal control?
During an audit of suspense accounts the internal auditor found that there were no written policies on how suspense accounts should be treated. The auditor also found that suspense account balances were cleared once per week, not daily. Which of the following is the most appropriate first response by the auditor?
An internal auditor using the five-attribute approach to document deficiencies in a warehouse shipping process. Which of the following attributes will be included in the workpapers?
Which of the following statements about including consulting engagements in the annual internal audit plan is true?
According to IIA guidance, which of re following actions should the internal auditor take immediately after having considered fraud scenarios and identified and prioritized fraud risks?
Which of the following describes (he primary reason why a preliminary risk assessment is conducted during engagement planning?
Which of the following engagement supervision activities should be performed first?
Which of the following is the primary reason for internal auditors to conduct interim communications with management of the area under review?
An internal auditor is performing a review of an organization's vendor for any possible conflicts of interest. Which of the following would provide the greatest assistance to the auditor in meeting this objective?
Which method of examining entity-level controls involves gathering information from work groups that represent different levels in an organization?
A senior IT auditor is performing an audit of inventory valuation. The auditor misinterprets the sampling results. Which of the following best describes this situation?
The chief audit executive of an international organization is planning an audit of the treasury function located at the organization's headquarters. The current internal audit team at headquarters lacks expertise in the area of financial markets which is needed tor the engagement When of the following would be the most approbate solution considering the time constraint?
The internal audit activity needs to review the information security function but does not have the IT expertise needed for the engagement. Which of the following actions should the chief audit executive take to ensure the internal audit activity conforms with the Standards?
While reviewing the workpapers and draft report from an audit engagement, the chief audit executive (CAE) found that an important compensating control had not been considered adequately by the audit team when it reported a major control weakness. Therefore, the CAE returned the documentation to the auditor in charge for correction. Based on this information, which of the following sections of the workpapers most likely would require changes?
Effect of the control weakness.
Cause of the control weakness.
Conclusion on the control weakness.
Recommendation for the control weakness.
An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?
Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?
1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.
2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.
3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.
4. Communicate to senior management a summary report on the status and adequacy of audit resources.
According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?
An organization's internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?
1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.
2. The AIC should notify HR management before the planning stage begins.
3. The AIC should schedule formal status meetings with HR management at the start of the engagement.
4. The AIC should finalize the scope of the engagement before communicating with HR management.
An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?
The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?
• The annual audit plan should include audits that are consistent with the skills of the IAA.
• Audits of high-risk areas of the organization should be conducted by internal audit staff.
• External resources may be hired to provide subject-matter expertise but should be supervised.
• Auditors should develop their skills by being assigned to complex audits for learning opportunities.
An audit observation states the following:
"Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history"
Which of the following components are missing in the observation?
Acceding to IIA guidance, which of the following statements is true regarding the risk assessment process performed by the internal audit activity?
During follow-up, the chief audit executive (CAE) is having a discussion with management about the internal audit team's recommendations related to a significant issue Management accepted the issue but took no remedial action What is the next step for the CAE?
Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?
An internal audit activity is planning its first audit of IT shared services. Which of the following controls would typically be evaluated first?
When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate
option for the chief audit executive?
Which of the following is the advantage of using internal control questionnaires (ICQs) as part of a preliminary survey for an engagement?