Summer Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

IIA-CIA-Part2 Internal Audit Engagement Questions and Answers

Questions 4

Which of the following statistical sampling approaches is the most appropriate for testing a population for fraud?

Options:

A.

Discovery sampling.

B.

Stop-or-go sampling.

C.

Haphazard sampling.

D.

Stratified attribute sampling.

Buy Now
Questions 5

An internal auditor is performing an assessment in a vehicle brake manufacturing company. The auditor learned that the product quality test conditions are aligned with the company’s written test procedures. However, the test conditions are not similar to conditions experienced by vehicles in the real world. Documentation shows that a significant percentage of products fail the quality tests. Products that fail the tests are discarded. Which perspective is appropriate?

Options:

A.

The tests are acceptable since they are good enough to detect quality problems and failure products are not sent to the market.

B.

Despite a significant rejection percentage, the test conditions are not useful because they are not similar to real world conditions. The significance of the finding is reduced because tests are performed in accordance with written procedures.

C.

The quality tests must be run in similar conditions as vehicles experience in the real world. This is a major finding since there is a risk to life considering the type of product being evaluated.

D.

Despite the risk of an accident, the severity of the finding can be reduced because the company discards the failed products. Due to this, the likelihood of occurrence is low.

Buy Now
Questions 6

Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?

1. The hedge documentation designating the hedge.

2. The spot exchange rate on the transaction date.

3. The terms of the forward contract.

4. The amount of fuel purchased.

Options:

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Buy Now
Questions 7

In which of the following ways can the internal audit activity new engagement opportunities?

Options:

A.

By defining activities by business processes.

B.

By looking external factors such as product complaints.

C.

By looking at activities by businesses cost centers.

D.

By defining activities by the organization chart.

Buy Now
Questions 8

According to IIA guidance, which of the following steps should precede the development of audit engagement objectives?

Options:

A.

Identification of controls.

B.

Scope establishment.

C.

Risk assessment.

D.

Review of resources.

Buy Now
Questions 9

Which informal ion- gathering method would be most efficient for an internal auditor to determine whether specified control procedures are in place?

Options:

A.

Interviews

B.

Observations

C.

Reperformance

D.

Internal control questionnaires

Buy Now
Questions 10

An internal auditor s examination of accounts receivable generates the following results:

IIA-CIA-Part2 Question 10

What is the projected misstatement for the population if ratio estimation is used?

Options:

A.

$84,000

B.

$238,095

C.

$700,000

D.

$2100.000

Buy Now
Questions 11

An internal auditor wants to determine whether the key risks identified by management in the risk register are reflective of the key risks in the industry. Which of the following techniques would the auditor apply to achieve this goal?

Options:

A.

Perform benchmarking

B.

Perform a trend analysis

C.

Perform a ratio analysis

D.

Perform observation to gather evidence

Buy Now
Questions 12

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

Options:

A.

To prepare for testing the effectiveness of controls.

B.

To plan for evaluating potential losses.

C.

To prepare a sampling plan for the engagement.

D.

To evaluate the design of controls.

Buy Now
Questions 13

Upon completing a follow-up audit engagement, the chief audit executive (CAE) noted that management has not implemented any mitigation measures to address the high

risks that were reported in the initial audit report. What initial step must the CAE take to address this situation?

Options:

A.

Communicate the issue to senior management.

B.

Discuss the issue with members of management responsible for the risk area.

C.

Report the situation to the external auditors.

D.

Escalate the issue to the board.

Buy Now
Questions 14

Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?

Options:

A.

Comparing the current ratio of the subsidiary with the current ratio of another company for the same period

B.

Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods

C.

Comparing the sales of the subsidiary with the sales of another subsidiary for the last two periods.

D.

Comparing the sales of the subsidiary with the budgeted figures for the last two periods

Buy Now
Questions 15

Which of the following is true of matrix organizations?

Options:

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various functions.

C.

Authority, responsibility, and accountability of the units involved may vary based on the projects life, or the organization ' s culture.

D.

it is best suited for firms with scattered locations or for multi-line, large-scale firms.

Buy Now
Questions 16

Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large organization?

Options:

A.

The internal assessment results should be discussed once every five years

B.

The rating conclusions and the impact from results of the external assessment should be explained

C.

The results of the external assessment should be discussed every seven years.

D.

The qualifications and independence of the internal assessment team should be discussed

Buy Now
Questions 17

In which of the following situations has an internal audit of obtained physical evidence?

Options:

A.

An internal auditor made purchases from several of the organization ' s retail outlets to evaluate customer service

B.

An internal auditor interviewed various employees regarding health and safety issues and recorded their answers

C.

An internal auditor obtained the current quarterly financial report and computed changes in deb-to-equity ratio

D.

An internal auditor received a signed confirmation regarding the terms of a transaction from an independent attorney

Buy Now
Questions 18

Besides a chief audit executive ' s professional experience what determines the frequency and approach to assessing residual risk?

Options:

A.

The frequency of executing the internal audit engagements

B.

The frequency of changes in the organization environment

C.

The expectations set by the board and senior management

D.

The expectations set by operating management and senior management

Buy Now
Questions 19

Which of the following internal audit activity staffing models has the disadvantage that auditors are always new and in training?

Options:

A.

Career model

B.

Center of competence model.

C.

Rotational model.

D.

Hybrid model

Buy Now
Questions 20

During a review of the organization ' s waste management processes, the internal auditor discovered that wastewater is being disposed of inappropriately. The auditor ' s recommendations, suggested to mitigate the risk of regulatory sanctions and reputational damages, were accepted and timelines for implementation were agreed. However, during the internal audit activity ' s periodic follow-up exercise, management indicated that the recommendation was too expensive to implement and the current disposal method has been cost-effective. What should the chief audit executive do in this case?

Options:

A.

Nothing, as the internal audit activity has fulfilled its responsibility of providing recommendations to mitigate the risks to which the organization is exposed.

B.

Contact the regulatory agency responsible for monitoring such matters in order to convince management to implement the recommendations.

C.

Convene a meeting with senior management and discuss the issue and the potential impact it may have on the organization.

D.

Highlight the current exposure to the external auditors so they too can highlight the issue and further pressure management to address the concern.

Buy Now
Questions 21

During engagement planning, which party provides the most accurate and up-to-date description of how organizational processes and key controls operate?

Options:

A.

The management responsible for the activity under review

B.

The individuals who perform the daily tasks and functions of the activity under review

C.

The external auditors since they understand the key controls behind the financial statements

D.

The board of directors since they provide overall oversight for the organization

Buy Now
Questions 22

During the planning stage of an assurance engagement, an internal auditor has been assigned to prepare a risk matrix. Which of the following should the internal auditor consider when attempting to identify process-level risks?

Options:

A.

Possible tests

B.

Possible scenarios

C.

Possible controls

D.

Possible samples

Buy Now
Questions 23

An internal auditor was reviewing the procurement department ' s tender documentation for completeness He documented all discrepancies but the procurement manager disagreed with his findings Upon further review, the internal auditor noted that all discrepancies had been corrected in the tender database. Which of the following courses of action would have prevented this situation?

Options:

A.

The auditor should have ensured the preservation of audit evidence by taking screenshots or extracting tender documents

B.

The auditor should have extracted a list of logs and identified any actions that were executed in the database during the audit

C.

The auditor should have instructed procurement workers that changes to the database during the course of the audit were strictly forbidden

D.

The internal auditor should have created a more thorough work program, which would address audit criteria and potential causes in more detail

Buy Now
Questions 24

Which of the following best describes the internal audit activity ' s responsibility within a risk and control framework?

Options:

A.

The internal audit activity constitutes the first line of defense in effective risk management.

B.

The internal audit activity provides direction regarding internal controls implementation.

C.

The internal audit activity verifies that management has met its responsibility for implementing effective controls.

D.

The internal audit activity implements the internal control framework and advises management regarding best practices

Buy Now
Questions 25

Which of the following statements about including consulting engagements in the annual internal audit plan is true?

Options:

A.

All requests for consulting engagements must be included in the annual internal audit plan

B.

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

Buy Now
Questions 26

A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?

1. Graded positive opinion.

2. Negative assurance opinion.

3. Limited assurance opinion.

4. Third-party opinion.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Buy Now
Questions 27

Which of the following engagements is likely to be most appropriate for an organization that is planning an acquisition?

Options:

A.

A performance engagement.

B.

A system security engagement.

C.

A due diligence engagement.

D.

A compliance engagement.

Buy Now
Questions 28

Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?

Options:

A.

To gain access to a wider variety of skills, competencies and best practices.

B.

To complement existing expertise with a required skill and competency for a particular audit engagement.

C.

To focus on and strengthen core audit competencies.

D.

To provide the organization with appropriate contingency planning for the internal audit function.

Buy Now
Questions 29

Which of the following is the most appropriate objective for establishing a professional development plan for the internal audit activity?

Options:

A.

A plan that focuses on furthering the independence of the internal audit activity.

B.

A plan that ensures internal auditors collectively possess expertise in various fields to avoid outsourcing.

C.

A plan based on individual preferences and proposals, which helps internal auditors achieve greater success.

D.

A plan that focuses on filling gaps in the current skills needed to complete audit objectives.

Buy Now
Questions 30

An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?

Options:

A.

Names and work titles of employees

B.

Description of responsibilities of business units.

C.

Average fuel consumption data of vehicles

D.

Location and route data of vehicles

Buy Now
Questions 31

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

Options:

A.

Recommend additional segregation-of-duty reviews.

B.

Recommend appropriate awareness training for all finance department staff.

C.

Recommend rotating finance staff in this area.

D.

Recommend that management address these concerns immediately.

Buy Now
Questions 32

An internal auditor observed that sales staff are able to modify or cancel an order in the system prior to shipping She wonders whether they can also modify orders after shipping. Which of the following types of controls should she examine?

Options:

A.

Batch controls.

B.

Application controls

C.

General IT controls.

D.

Logical access controls

Buy Now
Questions 33

According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?

Options:

A.

Enable training and development of staff, identify engagement objectives, and assign responsibilities to individual auditors.

B.

Identify engagement objectives, assign responsibilities to individual auditors, and approve the engagement program.

C.

Assign responsibilities to individual auditors, approve the engagement program, and enable training and development of staff.

D.

Approve the engagement program, enable training and development of staff, and identify engagement objectives

Buy Now
Questions 34

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

Options:

A.

To prepare for testing the effectiveness of controls

B.

To plan for evaluating potential losses

C.

To prepare a sampling plan for the engagement

D.

To evaluate the design of controls

Buy Now
Questions 35

An engagement work program o of greatest value to audit management when which of the following is true?

Options:

A.

The work program provides more detailed support for the audit report

B.

The work program helps determined the required amount of audit resources

C.

The work program helps ensure tie achievement of the engagement objectives

D.

The work program assists the auditor n developing and managing audit tests

Buy Now
Questions 36

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

Options:

A.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

B.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

C.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

D.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Buy Now
Questions 37

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

Options:

A.

Inform senior management that the branch manager deeded to cancel the committed action plan without any previous communication

B.

Discuss the issue with the board which has ultimate responsibility to resolve the risk

C.

Have another discussion with the branch manager attempt to change his view, and encourage him to movement the recommendations

D.

Document the branch manager ' s decision to accept the risk otherwise, no other speak: course of action is required.

Buy Now
Questions 38

Which of the following situations would justify the removal of a finding from the final audit report?

Options:

A.

Management disagrees with the report findings and conclusions in their responses.

B.

Management has already satisfactorily completed the recommended corrective action.

C.

Management has provided additional information that contradicts the findings.

D.

Management believes that the finding is insignificant and unfairly included in the report.

Buy Now
Questions 39

An internal auditor is starting the fieldwork of an assurance engagement. The auditor will conduct a walkthrough of selected controls with control owners. What should be the primary objective of this walkthrough?

Options:

A.

Collect the policies and procedures relevant to the audited area

B.

Understand the financial results published for the period under review

C.

Assess the design of the internal controls in place

D.

Define the objectives of the assurance engagement

Buy Now
Questions 40

An internal auditor accessed accounts payable records and extracted data related to fuel purchased tor the organization ' s vehicles As a first step, she sorted the data by vehicle and used spreadsheet functions to identify all instances of refueling on the same or sequential dates She then performed other tests Based on the auditor ' s actions which of the following is most likely the objective of this engagement1?

Options:

A.

To identify whether fuel was purchased for work-related purposes

B.

To estimate future fuel costs for the organization ' s fleet of vehicles

C.

To determine trends in average fuel consumption by vehicle

D.

To determine whether the organization is paying more than the industry average for fuel

Buy Now
Questions 41

Which of the following statements best demonstrates application of due professional care during an assurance engagement?

Options:

A.

The engagement detected irregularities and noncompliance instances.

B.

The engagement supervisor had no significant comments in the supervisory review.

C.

The audit procedures were systematically planned: executed, and documented.

D.

The engagement objectives were designed to assist the engagement client

Buy Now
Questions 42

A healthcare organization ' s chief audit executive (CAE) noted that the organization ' s IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization ' s chief information officer (ClO) does not agree with the audit team ' s recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?

Options:

A.

Write a risk acceptance memo for the CIO to sign acknowledging the observation and indicating a willingness to accept the risk.

B.

Provide an example of the attestation form that vendors must use. Then, recommend that the IT team require vendors to submit the attestation form on a regular basis.

C.

Escalate the issue to the audit committee, as the CIO is unwilling to implement the recommended action plan.

D.

Escalate the issue to the CAE to assess whether the ClO ' s reasoning is acceptable.

Buy Now
Questions 43

An electric utility provider measures working time spent on processing grid connection applications, response time for electricity outages, and the call center queuing time. Which of the following criteria would better suit a customer-oriented provider for measurement?

Options:

A.

Past performance

B.

Legal obligations

C.

Board-approved budget

D.

Stakeholder expectations

Buy Now
Questions 44

In the following risk control map risks have been categorized based on the level of significance and the associated level of control. Which of the following statements is true regarding Risk C?

IIA-CIA-Part2 Question 44

Options:

A.

The level of control is appropriate given the level of risk

B.

The level of control is excessive given the level of risk

C.

The level of control is inadequate given the level of risk

D.

There is not enough of information to determine whether the controls are appropriate or not

Buy Now
Questions 45

During follow-up, the chief audit executive (CAE) is having a discussion with management about the internal audit team ' s recommendations related to a significant issue Management accepted the issue but took no remedial action What is the next step for the CAE?

Options:

A.

The CAE should reassess and validate the risk tolerance policy

B.

The CAE should escalate the issue to senior management .

C.

The CAE should reiterate the internal audit team ' s recommendations to management .

D.

The CAE should grant management more time to implement the recommendation and check the status of the issue during the next scheduled follow-up.

Buy Now
Questions 46

Considering the five-attribute approach to documenting deficiencies in an area under review which of the following answers the question. " What should be in place?’’

Options:

A.

Action plan

B.

Recommendation

C.

Condition

D.

Criteria

Buy Now
Questions 47

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a charitable contribution from the organization. Which of the following methods would best help meet this objective?

Options:

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee ' s final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions.

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities.

Buy Now
Questions 48

An organization recently acquired a subsidiary in a new industry, and management asked the chief audit executive (CAE) to perform a comprehensive audit of the subsidiary prior to recommencing operations The CAE is unsure her team has the necessary skills and knowledge to accept the engagement According to IIAguidance, which of the following responses by the CAE would be most appropriate?

Options:

A.

The CAE should accept the engagement and ensure that an explanation of the expertise limitations is included in the final audit report.

B.

The CAE should ask management to hire an external expert who is familiar with the industry to perform an independent audit for management

C.

The CAE should accept the engagement and hire an external expert to assist the audit team with the audit of the subsidiary

D.

The CAE should recommend postponing the engagement until the internal audit team is able to develop sufficient knowledge of the new industry

Buy Now
Questions 49

Which of the following would most likely prompt special notification from the chief audit executive to same management?

Options:

A.

Operational management has decried to weigh an audit issue against the organization ' s risk tolerance

B.

A controls inaccurate operation has materially impacted the accuracy of the poor year ' s financial statements

C.

Occurrences of asset misappropriation have been identified as a result of an ineffective operational control design

D.

The controls that management performed to confirm compliance with health and safety standards were not systematically documented

Buy Now
Questions 50

Which of the following methods is most closely associated to year over year trends?

Options:

A.

Horizontal analysts

B.

Vertical analysis.

C.

Common-size analysis.

D.

Ratio analysis.

Buy Now
Questions 51

An internal auditor is preparing an internal control questionnaire for the procurement department as part of a preliminary survey. Which of the following would provide the best source of information for questions?

Options:

A.

A relevant procurement law or regulation.

B.

A list of the company ' s vendors.

C.

A review of a sample of tenders during the audited period.

D.

A summary of the company ' s expenditures and their categories.

Buy Now
Questions 52

An organization ' s chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?

Options:

A.

It allows the internal audit function to provide more subjective conclusions that would help the organization meet its goals and objectives.

B.

It allows the internal audit function to perform the appropriate engagements that minimize audit fatigue within the organization.

C.

It allows the internal audit function to focus more attention on ensuring that solutions and risks adhere to defined regulations.

D.

It allows the internal audit function to obtain more resources to perform more engagements of departments within the organization.

Buy Now
Questions 53

An organization ' s healthcare insurance costs have been rising approximately 10 percent per year for several years. Which of the following analytical review procedures would best evaluate the reasonableness of the increase in healthcare costs?

Options:

A.

Develop a comparison of the costs incurred with similar costs incurred by other organizations.

B.

Obtain the government index of healthcare costs for the comparable period of time and compare the rate of increase with that of the cost per employee incurred by the organization.

C.

Obtain a bid from another healthcare administrator to provide the same administrative services as the current healthcare administrator.

D.

Review all claims and compare with appropriate procedures to ensure that overpayments have not occurred.

Buy Now
Questions 54

Which of the following statements is true regarding partnership liquidation?

Options:

A.

Operations can continue after the liquidation, if all partners agree.

B.

Partnership liquidation ends both the legal and economic life of an entity

C.

Partnership liquidation occurs when there is capital deficiency.

D.

When a partnership Is liquidated, each partner pays creditors from cash received

Buy Now
Questions 55

In which of the following situations would it be most appropriate for an internal audit function to issue an interim report or memo?

Options:

A.

A scheduled audit observed that several agreed improvements from the previous audit were still being implemented.

B.

A planned inventory count at the production plant revealed a material variance.

C.

An employee shared concerns of suspected fraud but did not provide evidence.

D.

An auditor responsible for the fieldwork has carried out only half of the planned audit procedures and has no observations so far.

Buy Now
Questions 56

What is the primary purpose of issuing a preliminary communication to management of the area under review?

Options:

A.

To build good relations with management

B.

To help management develop more responsive and timely action plans

C.

To formally report medium- and high-risk observations in writing

D.

To improve the internal audit key performance indicators

Buy Now
Questions 57

The internal audit activity is currently working on several engagements, including a consulting engagement on the management process in the human resources department. Which of the following actions should the chief audit executive take to most efficiently and effectively ensure the quality of the engagement?

Options:

A.

Assign an experienced manager to monitor the whole engagement process.

B.

Employ fieldwork peer review to enhance the work quality.

C.

Require internal auditors to follow a standardized work program.

D.

Personally supervise the engagement.

Buy Now
Questions 58

Which of the following is the advantage of using internal control questionnaires (ICQs) as part of a preliminary survey for an engagement?

Options:

A.

ICQs provide testimonial evidence.

B.

ICQs are efficient.

C.

ICQs provide tangible evidence to be quantified.

D.

ICQs put observations into perspective.

Buy Now
Questions 59

Which of the following is an advantage of nonstatistical sampling over statistical sampling?

Options:

A.

Nonstatistical sampling provides more objective recommendations for management.

B.

Nonstatistical sampling provides an opportunity to select the minimum sample size required to satisfy the objectives of the audit tests.

C.

Nonstatistical sampling provides for the use of subjective judgment in determining the sample size.

D.

Nonstatistical sampling permits the auditor to specify a level of reliability and the desired degree of precision.

Buy Now
Questions 60

The chief audit executive (CAE) determined that the internal audit activity lacks the resources needed to complete the internal audit plan Which of the following would be the most appropriate action tor the CAE to take?

Options:

A.

Use guest auditors from within the organization, and leverage their experience by assigning them to lead engagements m areas where they previously worked

B.

Outsource some of the audits to the organization s external auditor who is already familiar with the organization

C.

Invite nonauditors to join the internal audit activity for a two-year rotational position, and assign them to join audit teams that are reviewing areas where they have no previous management responsibility

D.

Recruit recent college graduates and employ them as audit interns with an aim to offer permanent employment

Buy Now
Questions 61

Which of the following is one of the advantages of organizing the risk universe by processes?

Options:

A.

Interfaces between organizational units are captured during audits by processes

B.

Audits by processes are less time-consuming

C.

During audits by processes, managers are more open at interviews

D.

The advantage of audits by processes is true completeness

Buy Now
Questions 62

Which of the following best describes the four components of a balanced scorecard?

Options:

A.

Customers, innovation, growth, and internal processes.

B.

Business objectives, critical success factors, innovation, and growth.

C.

Customers, support, critical success factors, and learning.

D.

Financial measures, learning and growth, customers, and internal processes.

Buy Now
Questions 63

A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline ' s pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?

Options:

A.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

B.

All completed training costs, and the cost of actual production hours completed to date.

C.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

D.

All completed training costs, and 50% of the contracted production costs.

Buy Now
Questions 64

Which of the following would most likely form part of the engagement scope?

Options:

A.

Potential legislation on privacy topics will be employed as a compliance target O Wire transfers that exceeded $10,000 in the last 12 months will be analyzed.

B.

Both random and judgmental samplings will be used during the engagement

C.

The probability of significant errors will be considered via risk assessment.

Buy Now
Questions 65

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?

Options:

A.

The review notes may be cleared from the final documentation once the engagement supervisors concerns have been addressed

B.

Management of the area under review must address the engagement supervisors review notes before the audit report can be finalized.

C.

The chief audit executive must initial or sign the engagement supervisors review notes to provide evidence of appropriate engagement supervision.

D.

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program

Buy Now
Questions 66

An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income Which of the following terms would the investor most likely label this investment in her portfolio?

Options:

A.

A star.

B.

A cash cow.

C.

A question mark.

D.

A dog

Buy Now
Questions 67

During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?

Options:

A.

The audit supervisor should include the new contracts in the finding for the final audit report.

B.

The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.

C.

The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.

D.

The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.

Buy Now
Questions 68

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

Options:

A.

Determine process outputs

B.

Determine process inputs.

C.

Determine process activities.

D.

Determine process goals

Buy Now
Questions 69

Which type of engagement would be the most appropriate to assess the maturity and rigor of the organizationwide risk management process of a target entity that

management is considering acquiring?

Options:

A.

A due diligence engagement.

B.

An operational audit engagement.

C.

A feasibility study engagement.

D.

A risk and control self-assessment engagement.

Buy Now
Questions 70

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

Options:

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Buy Now
Questions 71

To effectively communicate the acceptance of risk in an organization a chief audit executive must first consider which of the following?

Options:

A.

The organization ' s view on risk tolerance

B.

The organization ' s principal risk events.

C.

The organization ' s risk response strategies

D.

The organization ' s major control activities

Buy Now
Questions 72

Which of the following technologies will best reduce human processing errors and enable seamless exchange of business transactions among business partners?

Options:

A.

Enterprise resource planning

B.

Material requirements planning

C.

Electronic data interchange

D.

Customer relationship management

Buy Now
Questions 73

Which of the following statements is true regarding internal controls?

Options:

A.

For assurance engagements internal auditors should plan to assess the effectiveness of all entity-level controls

B.

Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.

C.

During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review to prevent tipping off probable audit lasts

D.

Reviewing process maps and flowcharts is an appropriate method for the internal a auditor to identify all key risks and controls during engagement planning

Buy Now
Questions 74

In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?

Options:

A.

The auditor wants to receive mid-level management insight on how to improve hiring practices

B.

The auditor wants to obtain information on whether adherence to approval matrices is actually taking place in different maintenance units.

C.

The auditor wants to gain assurance that inventory counts are conducted in accordance with established procedures.

D.

The auditor wants to assess whether different subsidiaries apply centrally established procurement rules in the same manner

Buy Now
Questions 75

According to IIA guidance, organizations have the most influence on which element of fraud?

Options:

A.

Opportunity.

B.

Rationalization.

C.

Pressure.

D.

Incentives.

Buy Now
Questions 76

While conducting a review of the logistics department the internal audit team identified a crucial control weakness. The chief audit executive (CAE) decided to prepare an audit memorandum for management of the logistics department followed by an informal meeting What is the most likely reason the CAE decided to prepare the audit memorandum?

Options:

A.

To report up-to-date audit progress to management

B.

To ensure that the internal audit team and the CAE are aligned with regard to the identified weakness

C.

To allow management to address the identified weakness timely

D.

To obtain management ' s agreement with regard to the identified weakness

Buy Now
Questions 77

According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

Options:

A.

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B.

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

C.

The exit conference provides only anticipated results for inclusion in the final audit communication.

D.

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

Buy Now
Questions 78

An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person Which of the following risks most appropriately describes this situation?

Options:

A.

Nonsampling risk

B.

Sampling risk

C.

Inherent risk

D.

Due diligence risk

Buy Now
Questions 79

For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?

Options:

A.

Independently evaluating conflicts of interests.

B.

Assessing contracts for relevant terms and conditions.

C.

Performing statistical analysis for data anomalies.

D.

Preparing evidentiary documentation.

Buy Now
Questions 80

An internal auditor finds inconsistencies in a risk area that needs immediate attention. Which of the following actions is most appropriate for the auditor?

Options:

A.

Prepare an action plan to address the inconsistencies

B.

Contact regulatory agencies to report the inconsistencies and recommended corrective actions

C.

Assess the risk of the inconsistencies against the organization ' s mission

D.

Issue an interim report to senior management

Buy Now
Questions 81

A customer has supplied personal information to a bank to facilitate opening an account. The bank is part of a larger group of companies with core businesses including general insurance, life insurance, and investment products. Considering that the customer has closed his only account with the bank and the statutory data retention period has elapsed, which of the following actions by the bank is most likely to align with appropriate data privacy principles?

Options:

A.

The bank destroys all records containing a customer ' s personal information without informing the customer.

B.

Based on an assessment of likely products of interest to the customer, the bank shares the customer’s personal information with other companies within the group and informs the customer.

C.

The bank retains customer information to facilitate easier verification of personal information in the event that the customer returns to reopen his account. The customer is not informed.

D.

The customer ' s personal information is used for market research by an external company and the customer is informed prior to publishing the results of the market research.

Buy Now
Questions 82

During follow-up. the internal auditor discovered that operational management did not implement effective actions to address a significant control breach If the issue is left unresolved it may result in regulatory sanctions and damage the organization ' s reputation What is the most appropriate next step for the chief audit executive to lake?

Options:

A.

Report the matter to the board

B.

Implement the recommended control to address the exposure

C.

Discuss the matter with senior management

D.

Ask the regulatory agency to persuade management to address the issue

Buy Now
Questions 83

The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?

Options:

A.

The CAE is required to review, approve, and sign every engagement report.

B.

The CAE is required to review, approve, and sign all regulatory compliance engagement reports only

C.

The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.

D.

The internal audit charter must identify authorized signers of engagement reports.

Buy Now
Questions 84

Which of the following is essential for ensuring that the internal audit activity ' s findings and recommendations receive adequate consideration?

Options:

A.

Reporting results of audits with recommendations to management.

B.

Providing formal follow-up procedures to ensure that management complies with an action plan or accepted risk of not taking action.

C.

Reporting quarterly to management that the audit plan is focused on higher exposures of risk.

D.

Discussing audit findings with independent auditors.

Buy Now
Questions 85

An internal auditor is assigned to validate calculations on the organization ' s billing application. As part of the test, the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?

Options:

A.

Generalized audit software.

B.

Utility software.

C.

Integrated test facilities.

D.

Audit expert systems.

Buy Now
Questions 86

The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program ' s activities. What is the appropriate next step?

Options:

A.

Conclude whether the ESG program ' s activities are meeting the established goals

B.

Communicate the results of the assessment to senior management

C.

Develop recommendations based on the results of the assessment

D.

Perform testing on the activities selected based on the assessment

Buy Now
Questions 87

A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan. Which of the following approaches would be most beneficial to help the CAE obtain details of the internal audit activity ' s collective knowledge, skills, and other competencies?

Options:

A.

Review or establish a documented skills assessment of the internal audit staff and gather information from post-audit surveys.

B.

Obtain from the human resources department the job descriptions and position requirements for all internal audit staff.

C.

Conduct an objective written test of the internal audit staff to assess their knowledge and skills related to core internal audit competencies.

D.

Request the internal audit staff to submit a document that summarizes their most recent performance appraisals and post audit reviews.

Buy Now
Questions 88

Which of the following is the most important concept to be included in a consulting engagement agreement?

Options:

A.

Define the duties and responsibilities needed from management to perform the engagement.

B.

Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of the review.

C.

Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee.

D.

Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.

Buy Now
Questions 89

Which of the following statements is true pertaining to interviewing a fraud suspect?

1. Information gathered can be subjective as well as objective to be useful.

2. The primary objective is to obtain a voluntary written confession.

3. The interviewer is likely to begin the interview with open-ended questions.

4. Video recordings always should be used to provide the highest quality evidence.

Options:

A.

1 only

B.

4 only

C.

1 and 3

D.

2 and 4

Buy Now
Questions 90

Organizations that adopt just-in-time purchasing systems often experience which of the following?

Options:

A.

A slight increase in carrying costs.

B.

A greater need for inspection of goods as the goods arrive

C.

A greater need for linkage with a vendors computerized order entry system.

D.

An Increase in the number of suitable suppliers

Buy Now
Questions 91

An internal auditor observes a double payment transaction on a supplier invoice during an accounts payable engagement. Which of the following steps would be the most effective in helping the auditor determine whether fraud exists?

Options:

A.

Switch the existing assurance engagement into a fraud investigation engagement

B.

Extend the audit scope and perform additional testing of controls on other related areas

C.

Review the poor year ' s transaction volume and amounts paid compared to the poor year ' s budget

D.

Perform data analytics on the supplier ' s information, invoiced amounts, and payments performed

Buy Now
Questions 92

What would be the effect if an organization paid one of its liabilities twice during the year, in error?

Options:

A.

Assets, liabilities, and owners ' equity would be understated.

B.

Assets, net income, and owners’ equity would be unaffected

C.

Assets and liabilities would be understated.

D.

Assets, net income, and owners’ equity would be understated, but liabilities would be overstated

Buy Now
Questions 93

According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?

Options:

A.

Enable training and development of staff, identify engagement objectives, and assign responsibilities to individual auditors.

B.

Identify engagement objectives, assign responsibilities to individual auditors, and approve the engagement program.

C.

Assign responsibilities to individual auditors, approve the engagement program, and enable training and development of staff.

D.

Approve the engagement program, enable training and development of staff, and identify engagement objectives.

Buy Now
Questions 94

An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?

Options:

A.

Observe corrective measures.

B.

Seek a management assurance declaration.

C.

Follow up during the next scheduled audit.

D.

Conduct appropriate testing to verify management responses.

Buy Now
Questions 95

A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with managements decision, which of the following is the most appropriate next step for the CAE to take?

Options:

A.

The CAE must discuss the matter with senior management

B.

The CAE must discuss the matter with key shareholders.

C.

The CAE must discuss the matter with legal counsel.

D.

The CAE must discuss the matter with the board

Buy Now
Questions 96

In order to obtain background information on an assigned audit of data center operations an internal auditor administers control questionnaires to select individuals who have primary responsibilities within the process. Which of the following is a drawback of this approach?

Options:

A.

It will be difficult to quantify the information obtained through this approach

B.

This approach does not help the auditor learn about the existence of controls

C.

It takes the auditor a long time to assess the relevant controls using this approach

D.

Information on control functionality is limited

Buy Now
Questions 97

A manufacturing organization specializes in the production of evaporated milk and breakfast cereals. The manufacturing processes create significant loss in the form of waste and byproducts. The provision for normal production loss is known to senior management, but little action is taken when abnormal production losses occur. The organization sells its production byproducts to fish farmers at a reduced price. The byproducts are a widely recognized and used product in the fish farming industry. The organization has a policy that also allows its employees to purchase the byproducts at a negligible price. Based on the above, which of the following risks should the internal audit function consider when planning an engagement of the production process?

Options:

A.

The production team may be incentivized to increase production losses.

B.

The production team may work overtime and be overworked.

C.

Increased misappropriation of finished products.

D.

Risk that the finished product quality may be impaired.

Buy Now
Questions 98

An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.

Which of the following techniques will help the audit team achieve this sampling objective?

Options:

A.

Systematic sampling.

B.

Stratified sampling.

C.

Stop-or-go sampling

D.

Discovery sampling.

Buy Now
Questions 99

While conducting an engagement in the procurement department, the internal auditor noticed that the department head’s travel reports showed minor travel expenses, and there were no charges for hotels, meals, or transportation However, the auditor knew that the department head frequently traveled worldwide to meet with suppliers and visit their production sites. Which of the following would be the most appropriate next step for the auditor?

Options:

A.

The auditor should make a note of the issue for follow-up when employee travel expenses are audited.

B.

The auditor should analyze trends and changes among the organization ' s suppliers over the past few years.

C.

The auditor should investigate whether there are any special arrangements regarding senior management travel.

D.

The auditor should analyze the list of destinations the department head visited to estimate typical costs

Buy Now
Questions 100

Which of the following internal audit activities is performed in the design evaluation phase?

Options:

A.

The internal auditor reviews prior audits and workpapers.

B.

The internal auditor identifies the controls over segregation of duties.

C.

The internal auditor checks a process for completeness.

D.

The internal auditor communicates the audit results to management.

Buy Now
Questions 101

A bank uses customer departmentalization to categorize its departments. Which of the following groups best exemplifies this method of categorization?

Options:

A.

Community, institutional, and agricultural banking

B.

Mortgages, credit cards, and savings.

C.

South, southwest and east.

D.

Teller, manager, and IT specialist

Buy Now
Questions 102

Which of the following statements best describes the difference between risk appetite and risk tolerance?

Options:

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization ' s general attitude toward risk.

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management

C.

Risk appetite refers to an organization’s general level of acceptance, while risk tolerance is a more specific and subordinate concept

D.

There is no significant difference between the two terms

Buy Now
Questions 103

If there is a significant error or omission in the final audit report that was communicated to management, which of the following is the key action for the internal audit activity?

Options:

A.

Communicate the corrected information to the manager of the audited department.

B.

There should be a follow-up audit to address the error or omission.

C.

The auditor should update the scope of the audit to include the omission.

D.

The corrected communication should be redistributed to the original recipients.

Buy Now
Questions 104

An internal auditor at an electricity provider analyzes data sets related to customers’ household electricity usage, including payments, consumption, profiles, etc. The objective is to assess the completeness of the invoicing process. Which of the following would be the best approach to fulfill this purpose?

Options:

A.

Conduct a trend analysis of customers ' payment history and flag those with the most inconsistent payments and debts

B.

Conduct a ratio analysis by calculating the relationship between sums paid in local currency and volume of electricity billed in megawatt hours

C.

Conduct an analysis of clients’ electricity consumption patterns within a specified period and identify consumption spikes

D.

Conduct a comparison to identify deviations between electricity amounts billed to customers and information regarding actual consumption

Buy Now
Questions 105

Which of the following statements is true regarding the management-by-objectives method?

Options:

A.

Management by objectives is most helpful in organizations that have rapid changes

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

C.

Management by objectives helps organizations to keep employees motivated.

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Buy Now
Questions 106

Which of the following processes does the board manage to ensure adequate governance?

Options:

A.

Establish and measure performance objectives for the internal audit activity

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization

D.

Develop strategies to mitigate the risks to achieving the organization ' s objectives

Buy Now
Questions 107

An internal auditor is performing a review of an organization ' s vendor for any possible conflicts of interest. Which of the following would provide the greatest assistance to the auditor in meeting this objective?

Options:

A.

Vendor contracts.

B.

Employee master list.

C.

Payment records.

D.

Purchasing policy.

Buy Now
Questions 108

Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?

Options:

A.

The amount of experience the auditors have conducting audits in the specific area of the organization.

B.

The availability of the auditors in relation to the availability of key client staff.

C.

Whether the budgeted hours are sufficient to complete the audit within the current scope.

D.

Whether outside resources will be needed, and their availability.

Buy Now
Questions 109

According to IIA guidance, which of the following is a limitation of a heat map?

Options:

A.

Impact cannot be represented on a heat map unless it is quantified in financial terms

B.

Impact and likelihood at times cannot be differentiated as to which is more important.

C.

A heat map cannot be used unless a risk and control matrix has been developed.

D.

Qualitative factors cannot be incorporated into a heat map

Buy Now
Questions 110

When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

Options:

A.

Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.

B.

Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.

C.

Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.

D.

Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Buy Now
Questions 111

According to the theory of constraints, which of the following is most influenced by various bottlenecks the organization encounters?

Options:

A.

Manufacturing.

B.

Profitability.

C.

Overheads.

D.

Quality.

Buy Now
Questions 112

Which of the following statements is true regarding internal auditors and other assurance providers?

Options:

A.

Assurance providers who report to management and/or are part of management cannot provide control self-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers.

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit hours.

D.

internal auditors can rely on the work of other assurance providers only if the other assurance providers report directly to the board

Buy Now
Questions 113

An internal auditor is analyzing sates records and is concerned whether a transaction is recorded in the coned period. The accounting manager explains that the external auditor approved the records and produces an email from the external audit team leader. How should tie internal auditor respond?

Options:

A.

Ask the external auditor to review the same transaction again as an independent third party

B.

Consult account accounting principles, standards, and relevant guidelines in regard to timing of the entry

C.

Interview the chief financial officer and obtain her opinion on how the transactions should be recorded

D.

Compare the recording of this transaction to now similar ones were executed last year

Buy Now
Questions 114

An organization ' s finance manager plans to implement a state-of-the-art management system to better manage the organization ' s receivables. The finance manager consulted the chief audit executive (CAE) and asked for her assistance in determining whether the organization is able to accommodate this system. How would the CAE proceed to determine the objectives of this engagement

Options:

A.

Ask the CEO to determine the scope and objectives of the engagement

B.

Request that the board disclose its concerns over governance for inclusion in the engagement

C.

Discuss the concerns with the finance manager and work together to agree on the engagement objectives

D.

Review previous audit reports from the area and develop engagement objectives to address the area ' s key risks and controls

Buy Now
Questions 115

An internal auditor discovered that equipment used to monitor air quality was not maintained according to the established maintenance schedule. If the issue is not addressed, the equipment may not provide accurate information on pollutant levels, which could result in regulatory sanctions and reputational damage. The auditor discussed the issue with both the manager in charge and the CEO, who explained that they understand the risk, but it has become too expensive to maintain the equipment as scheduled. In this situation, what should the chief audit executive do?

Options:

A.

Add value to the organization by taking initiative and implementing corrective actions to mitigate the identified risks.

B.

Communicate to the board the current situation, including the risk exposure to the organization.

C.

Discuss the matter with external auditors and request that they persuade management to address the issue.

D.

Contact the regulatory agency and inform them of the risk exposure.

Buy Now
Questions 116

Which of the following is the primary reason the chief audit executive should consider the organization ' s strategic plans when developing the annual audit plan?

Options:

A.

Strategic plans reflect the organization ' s business objectives and overall attitude toward risk.

B.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.

Strategic plans are likely to show areas of weak financial controls.

D.

The strategic plan is a relatively stable document on which to base audit planning.

Buy Now
Questions 117

An engagement team is being assembled to audit of one of the organization ' s vendors Which of the following statements best applies to this scenario?

Options:

A.

The engagement team should include internal auditors who have expertise in investigating vendor fraud

B.

The engagement team should be composed of certified accountants who are proficient In financial statement analysis and local accounting principles

C.

To preserve independence and objectivity, an auditor who worked for the vendor two years prior may not participate on the engagement team

D.

The engagement team may include an auditor who lacks knowledge of the industry in which the vendor operates

Buy Now
Questions 118

While performing fieldwork for an assurance engagement, a member of the internal audit team identified a key control that was not identified during the planning phase of the engagement Which of the following actions by the internal auditor would be most appropriate?

Options:

A.

Promptly adjust the audit work program to include tests that address the newly identified control and notify the other audit team members of the change

B.

Proceed with the current audit work program because the engagement scope has already been finalized but plan to address the newly identified control as part of the follow up engagement

C.

Adjust the audit work program to account for the new control, but only with approval from the engagement supervisor

D.

Discuss the control with management of the area under review and seek their approval prior to including the control in the current audit engagement

Buy Now
Questions 119

During the filework phase of an assurance engagement the internal auditor decides that she wants to adjust the audit work program. Which of the following is the most appropriate next step for the auditor to take9

Options:

A.

Request additional information needed from management of the area under review.

B.

Obtain approval from the engagement supervisor

C.

Obtain the required resources, including IT. to complete the work

D.

Discuss the change in scope with management of the area under review.

Buy Now
Questions 120

An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization ' s health and safety program?

Options:

A.

The CAE has no role to play, because the chief health and safety officer reports to a senior executive.

B.

The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.

C.

The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.

D.

The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.

Buy Now
Questions 121

The chief audit executive of an international organization is planning an audit of the treasury function located at the organization ' s headquarters. The current internal audit team at headquarters lacks expertise in the area of financial markets which is needed tor the engagement When of the following would be the most approbate solution considering the time constraint?

Options:

A.

Outsource the engagement 10 tie organization ' s external auditor who has expertise in the area of financial markets

B.

Hire additional internal auditors who have expertise in the area of financial markets.

C.

Invite a guest auditor from one of the organization ' s affiliates who has expertise m the area of financial markets.

D.

Limit the scope of the engagement to the knowledge and skills possessed by the internal audit team.

Buy Now
Questions 122

According to IIA guidance, which of the following is based on the results of a preliminary assessment of risks relevant to the area under review?

Options:

A.

Audit findings

B.

Audit resources

C.

Audit objectives

D.

Audit plan

Buy Now
Questions 123

An internal auditor is assessing the organization ' s risk management framework. Which of the following formulas should he use to calculate the residual risk?

A) IIA-CIA-Part2 Question 123

B)IIA-CIA-Part2 Question 123

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 124

Which of the following is most likely to impair the organizational independence of the internal audit activity?

Options:

A.

The chief audit executive (CAE) reports administratively to the chief financial officer

B.

The CAE oversees the effectiveness of the organization’s risk management function.

C.

The CAE reports functionally to the CEO.

D.

The CAE managed the finance department for the past five years.

Buy Now
Questions 125

When estimating the impact of an inherent risk, which of the following should internal auditors consider?

Options:

A.

The probability and frequency of occurrence

B.

Financial and nonfinancial factors related to the risk

C.

The number of risks identified on the heat map

D.

The residual risk following implementation of appropriate controls

Buy Now
Questions 126

Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?

Options:

A.

A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.

B.

A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.

C.

A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.

D.

A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.

Buy Now
Questions 127

Which of the following statements is true regarding internal controls?

Options:

A.

For assurance engagements, internal auditors should plan to assess the effectiveness of all entity-level controls.

B.

Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.

C.

During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review, to prevent tipping off probable audit tests.

D.

Reviewing process maps and flowcharts is an appropriate method for the internal auditor to identify all key risks and controls during engagement planning.

Buy Now
Questions 128

Which of the following statements is true regarding different competitive strategies?

Options:

A.

An organization that adopts a cost leadership competitive strategy generally maintains standard operating procedures to ensure efficiency.

B.

An organization that adopts a differentiation strategy generally maintains a targeted strategic approach to its operations.

C.

An organization that adopts a focus strategy is known for taking the lead in technological advancement.

D.

An organization that adopts a cost leadership strategy is known for cherishing employees who think creatively and emphasize uniqueness.

Buy Now
Questions 129

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

Options:

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.

The self-assessment results were validated by a qualified external review team three years prior.

D.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Buy Now
Questions 130

Which of the following statements about internal audit ' s follow-up process is true?

Options:

A.

The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure quality performance.

B.

The actions of external auditors and other external assurance providers is not encompassed by internal audit ' s follow-up process.

C.

Internal auditors have responsibility for determining if management and the board have implemented the recommended action or otherwise accepted the risk.

D.

The follow-up process must be complete and documented in the working papers in order to conclude the engagement.

Buy Now
Questions 131

What is a control implication for an organization that adopts a flat structure?

Options:

A.

Mid-level employees are urged to innovate.

B.

Available time for supervision is limited.

C.

There are many hierarchical levels.

D.

The organizational structure is dispersed vertically.

Buy Now
Questions 132

Which of the following measures immediate short-term liquidity?

Options:

A.

Current ratio

B.

Profit margin

C.

Quick ratio

D.

Times interest earned

Buy Now
Questions 133

According to IIA guidance, when of the Mowing statements is true regarding an engagement supervisor ' s use of review notes?

Options:

A.

The engagement supervisor ' s review notes should be retained m the final documental or even after they are addressed.

B.

The engagement supervisor ' s review notes cannot be used as evidence of engagement supervision

C.

The engagement supervisor ' s review notes could be cleared from all final documentation after they are addressed

D.

The engagement supervisor ' s review notes must be maintained in a checklist separate from tie final documentation

Buy Now
Questions 134

According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?

Options:

A.

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

B.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

C.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

D.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

Buy Now
Questions 135

In an organization with a large internal audit activity that has several audit teams performing engagements simultaneously which of the following tasks is an engagement supervisor most likely to perform during the planning phase of a new engagement?

Options:

A.

Establish a means for resolving any professional judgment differences over ethical issues that may arise during the engagement.

B.

Approve the engagement work program to ensure the program is designed to achieve the engagement objectives

C.

Evaluate whether the testing and results support the engagement results and conclusion

D.

Review the sample testing results for exceptions.

Buy Now
Questions 136

An internal audit activity is planning its first audit of IT shared services. Which of the following controls would typically be evaluated first?

Options:

A.

Entity-level controls

B.

Application controls

C.

General controls.

D.

Transaction controls

Buy Now
Questions 137

Which of the following statements is true regarding corporate social responsibility (CSR)?

Options:

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan

B.

Despite significant corporate resources spent on CSR reporting, investors generally do not rely on CSR information.

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary.

D.

Typically, operating management does not have a major role to play based on the public nature of reporting

Buy Now
Questions 138

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

Options:

A.

increased access to the organization ' s employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization ' s key business processes.

D.

increased access to the organization ' s software and proprietary data.

Buy Now
Questions 139

Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?

Options:

A.

Improper segregation of duties.

B.

Incentives and bonus programs.

C.

An employee ' s reported concerns.

D.

Lack of an ethics policy.

Buy Now
Questions 140

Which of the following would be most useful for an internal auditor to obtain during the preliminary survey of an engagement on internal controls over user access management?

Options:

A.

The policy for granting, modifying, and deleting user access to ensure processing requirements are clearly articulated.

B.

A sample of change request forms to verify whether the forms bear the required approval for the user access change.

C.

User access reports that were reviewed by management to ensure that access rights are appropriate for employee roles.

D.

A current listing of system users and an employee listing to determine whether system users are active employees of the organization.

Buy Now
Questions 141

Which of the following performance measures is considered a lagging indicator to the largest degree?

Options:

A.

Return on investment

B.

Customer retention

C.

Employee satisfaction

D.

Cost of research and development

Buy Now
Questions 142

The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?

• The annual audit plan should include audits that are consistent with the skills of the IAA.

• Audits of high-risk areas of the organization should be conducted by internal audit staff.

• External resources may be hired to provide subject-matter expertise but should be supervised.

• Auditors should develop their skills by being assigned to complex audits for learning opportunities.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Buy Now
Questions 143

To which of the following aspects should the chief audit executive give the most consideration while communicating an identified unacceptable risk to management?

Options:

A.

The organization’s attitude to hierarchy.

B.

The organization ' s whistleblowing strategy.

C.

The organization’s ongoing risk monitoring process.

D.

The organization’s risk management policy.

Buy Now
Questions 144

Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?

Options:

A.

Verify that amounts are correct.

B.

Verify that payments are on time.

C.

Verify that recipients are valid employees.

D.

Verify that benefits deductions are accurate.

Buy Now
Questions 145

A chief audit executive (CAE) reviews the supervision of an internal audit engagement Which of the following would most likely assure the CAE that the engagement had adequate supervision?

Options:

A.

The engagement supervisor has an open door pokey for audit team members to discuss concerns

B.

The supervisor reviews weekly progress reports from the audit team members

C.

The supervisor reviews and initials internal audit workpapers for the engagement

D.

The supervisor meets periodically with management in the reviewed area to get feedback during the engagement.

Buy Now
Questions 146

Which of the following statements regarding the risk management process ' support of the internal audit activity is true?

Options:

A.

The risk management process can provide more extensive internal audit services to the organization if it does not have an internal audit department

B.

The risk management process supports internal audit by evaluating whether critical controls are adequate and effective.

C.

The risk management process can determine whether all significant risks have been identified and are being treated.

D.

The risk management process establishes an organization-specific documented risk management framework.

Buy Now
Questions 147

According to Maslow ' s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement^

Options:

A.

Esteem by colleagues.

B.

Self-fulfillment.

C.

Sense of belonging in the organization

D.

Job security.

Buy Now
Questions 148

The following is a list of major findings in the executive summary report for an audit of the contract management process

- Noncompliance with contract provisions requiring vendors to obtain insurance policies with indemnity value of not less than $1 million

- Compliance with contract obligations and deliverables is not monitored

- No contract agreement with five vendors providing core services

Which of the following is an appropriate conclusion that can be drawn from these findings?

Options:

A.

These are weaknesses resulting from a lack of a documented contracting policy

B.

Substandard service delivery by vendors may not be detected

C.

Management should expedite actions to rectify the observations identified

D.

The internal controls guiding contract management are not operating effectively

Buy Now
Questions 149

An organization has a mature control environment but limited internal audit resources Given this scenario, on which of the following should the internal auditors focus their testing?

Options:

A.

Detective compensating controls

B.

Preventive compensating controls

C.

Detective Key controls

D.

Preventive key controls

Buy Now
Questions 150

An internal auditor is conducting an assurance engagement. One engagement objective is to evaluate the project manager’s effectiveness at controlling project costs. Which of the following audit tests should be included in the engagement program?

Options:

A.

Prepare a bank reconciliation statement for all the bank accounts of the organization

B.

Track a sample of project payments from accounts payable to concluded agreements and authorization rights

C.

Validate the accuracy of assumptions and inputs used for calculations in the project’s feasibility model

D.

Investigate whether the budget of the project was approved timely as required by internal policies

Buy Now
Questions 151

Two internal auditors are conducting an audit engagement concerning derivatives. The auditors meet with the organization ' s head of accounting. The head of accounting later complains to the chief audit executive (CAE) that it took hours for the auditors to understand basic derivatives concepts and how derivatives are typically recorded in bookkeeping. What should the CAE have considered more thoroughly?

Options:

A.

The engagement objectives.

B.

The head of accounting’s schedule availability.

C.

The auditors ' qualifications.

D.

The details of the audit test plan.

Buy Now
Questions 152

The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?

Options:

A.

Judgmental sampling

B.

Random sampling

C.

Discovery sampling

D.

Statistical sampling

Buy Now
Questions 153

Which of the following is an appropriate activity when supervising engagements?

Options:

A.

During engagement planning, the audit work program should be discussed between auditors and the engagement supervisor with the supervisor approving the work program.

B.

During fieldwork, scope changes made to the work program are at the auditor ' s discretion and should be supported adequately in the workpapers.

C.

Engagement supervision is most critical to the fieldwork and reporting phases of the audit, as this is where the majority of the work takes place.

D.

A degree of high supervision to no supervision may be provided to an auditor depending on his level of competence and the complexity of the engagement.

Buy Now
Questions 154

Which of the following statements about assurance maps is correct?

Options:

A.

An assurance map is used by the chief audit executive to coordinate assurance activities with other internal and external assurance providers

B.

An assurance map is a picture of all assurance engagements performed by the internal audit activity across the organization

C.

An assurance map is used by the engagement supervisor to coordinate the roles of various internal audit team members assigned to assurance engagements

D.

An assurance map lists the procedures and testing activities performed by an internal audit team during an assurance engagement

Buy Now
Questions 155

Which of the following would help the internal audit activity assess compliance with the organization ' s standard operating procedures for bank deposits during a preliminary survey?

Options:

A.

Issue an internal control questionnaire to select branch customers.

B.

Issue an internal control questionnaire to the president of the organization.

C.

Issue an internal control questionnaire to the director of bank operations.

D.

Issue an internal control questionnaire to select branch managers.

Buy Now
Questions 156

What is the best course of action for a chief audit executive if an internal auditor identifies in the early stage of an audit that some employees have inappropriate access to a key system?

Options:

A.

Contact the audit committee chair to discuss the finding

B.

Obtain verbal assurance from management that the inappropriate access will be removed

C.

Issue an interim audit report so that management can implement action plans

D.

Ask the auditor to create a ticket with the IT help desk requesting to revoke the inappropriate access

Buy Now
Questions 157

Which of the following statements is true regarding engagement planning?

Options:

A.

The engagement objectives are the boundaries for the engagement, which outline what will be included in the review

B.

The risk-based objectives of the engagement can be determined once the scope of the engagement has been formed

C.

For a consulting engagement, planning typically occurs after the engagement objectives and scope have already been determined

D.

For an assurance engagement, once the scope is established and testing has begun, the scope cannot be modified.

Buy Now
Questions 158

Which of the following is an example of a properly supervised engagement?

Options:

A.

Auditors are asked to keep a daily record of their activity for review by the auditor in charge following the engagement.

B.

The senior internal auditor requires each auditor to review and initial colleagues’ workpapers for completeness and format

C.

A new internal auditor is accompanied by an experienced auditor during a highly sensitive fraud investigation.

D.

The auditor in charge provides reasonable assurance that engagement objectives were met

Buy Now
Questions 159

Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?

Options:

A.

Proposing fine item recommendation lot the annual financial budget of the accounting department

B.

Making recommendations regarding financial approval authority limits for the operations department

C.

Validating whether employees are following established policies and procedures in the procurement department

D.

Generating expense report metrics for employees in the finance department

Buy Now
Questions 160

According to HA guidance, which of the following is the Key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?

Options:

A.

Review the organizational structure, management roles and responsibilities and operating procedures

B.

Evaluate management ' s risk assessment and the internal audit activity ' s risk assessment

C.

Assess process How and control documents used to meet regulatory requirements

D.

Review meeting notes from discussions involving management of the area to be reviewed.

Buy Now
Questions 161

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

Options:

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment.

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms.

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with internal policy.

Buy Now
Questions 162

An internal auditor discovered a control weakness that needs to be communicated to management. Which of the following is the best method for first communicating the weakness?

Options:

A.

Draft report, to be reviewed by management just prior to final report issuance.

B.

Preliminary observation document, discussed during the engagement.

C.

Final report, after review by audit management.

D.

Verbal communication during the engagement, followed by the final report issuance.

Buy Now
Questions 163

An internal audit activity plans its engagements based on an organization-wide risk assessment. According to IIA guidance, which of the following statements is true regarding the required frequency of the risk assessment?

Options:

A.

The risk assessment must be performed at least quarterly.

B.

The risk assessment must be performed at least annually.

C.

The risk assessment must be performed at least once every five years, in alignment with the internal audit activity ' s quality assurance and improvement program.

D.

There is no specific requirement; a risk assessment should be performed as needed to account for changes in the business environment.

Buy Now
Questions 164

According to IIA guidance, which of the following statements best justifies a chief audit executive ' s request for external consultants to complement internal audit activity (IAA) resources?

Options:

A.

The organization ' s audit universe is extensive and diverse.

B.

There has been an increase in unanticipated requests for advisory work.

C.

Previous work provided by the external service provider has been of great quality and value.

D.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

Buy Now
Questions 165

What is the primary purpose of creating a preliminary draft audit report?

Options:

A.

To save time during final report writing

B.

To meet the Standards requirement for developing a draft report prior to issuing a final report

C.

To use as a tool for communicating with management of the area under review.

D.

To require that management implements solutions to issues identified during the engagement

Buy Now
Questions 166

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

Options:

A.

Senior management is charged with overseeing the establishment risk management and control processes.

B.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.

Operating managers are responsible for assessing risks and controls in their departments.

D.

Internal auditors provide assurance about risk management and control process effectiveness.

Buy Now
Questions 167

A team of internal auditors is assigned to audit the employee relations process in an organization, which includes employee conduct and disciplinary hearings. Which of the following audit approaches would provide the auditors with the best evidence to determine the degree to which disciplinary decisions are complying with documented policy?

Options:

A.

Review a random sample of concluded disciplinary reports to assess how the policy was applied in each case.

B.

Interview a sample of impacted employees for their opinions on the clarity and fairness of the policy.

C.

Observe several disciplinary hearings to determine whether they are in compliance with the policy.

D.

Conduct an interview to assess the disciplinary hearing chairman’s understanding of the policy and its appropriate use.

Buy Now
Questions 168

A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components ' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?

Options:

A.

A risk assessment

B.

An operational audit

C.

A third-party audit

D.

A fraud investigation

Buy Now
Questions 169

Which of the following engagement techniques would be best to meet the objective of denting a personal conflict -of -interest situation affecting an organization’s procurement function?

Options:

A.

Inquiry

B.

Analytical review

C.

Observation

D.

Inspection of documents

Buy Now
Questions 170

An internal auditor using the five-attribute approach to document deficiencies in a warehouse shipping process. Which of the following attributes will be included in the workpapers?

Options:

A.

Risk, impact likelihood existing control, recommendation

B.

Condition, cause, effect, recommendation

C.

Condition, cause effect test result

D.

Risk, impact test result recommendation

Buy Now
Questions 171

Which of the following would best prevent phishing attacks on an organization?

Options:

A.

An intrusion detection system

B.

Use of firewalls

C.

Regular security awareness training

D.

Application hardening

Buy Now
Questions 172

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

Options:

A.

Increased access to the organization’s employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization ' s key business processes.

D.

Increased access to the organization’s software and proprietary data.

Buy Now
Questions 173

An internal auditor is assessing whether a vendor onboarding procedure is being followed in all business units. The procedure has been centrally designed and depicts activities and validations that must be performed at every step. Which of the following is the most suitable way to compile an internal control questionnaire?

Options:

A.

Develop statements that are based on the procedure requirements and ask respondents to select yes or no responses

B.

Develop open questions that inquire about the appropriateness and efficacy of the procedure

C.

Develop closed questions asking managers to describe the onboarding process in detail

D.

Develop multiple response questions where a respondent has to identify one correct answer out of four

Buy Now
Questions 174

According to the International Professional Practices Framework, which of the following is an appropriate reason for issuing an interim report?

To keep management informed of audit progress when audit engagements extend over a long period of time.

To provide an alternative to a final report for limited-scope audit engagements.

To communicate a change in engagement scope for the activity under review.

Options:

A.

1 and 2 only.

B.

1 and 3 only.

C.

2 and 3 only.

D.

1, 2, and 3.

Buy Now
Questions 175

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

Options:

A.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

B.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

C.

The auditor should get permission to extend the current engagement, and with the process owner ' s approval, perform the improvement task.

D.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Buy Now
Questions 176

Which of the following statements is true regarding the chief audit executive ' s (CAT$) responsibilities after completing an assurance or consulting engagement?

Options:

A.

The CAE must establish a follow-up process tor both assurance and consulting engagements to monitor that management actions have been effectively implemented to address observations

B.

The CAE must communicate the results of assurance and consulting engagements lo whoever can ensure that the results are given due consideration.

C.

The CAE must acknowledge satisfactory performance when communicating the results of assurance and consulting engagements

D.

The CAE may delegate the responsibility for communicating the results of consulting engagements although this responsibility cannot be delegated for assurance engagements

Buy Now
Questions 177

According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?

Options:

A.

Degree of effort and cost needed to correct the reported condition.

B.

Complexity of the corrective action.

C.

Impact that may result should the corrective action fail.

D.

Amount of resources required to conduct the follow-up activities.

Buy Now
Questions 178

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

Options:

A.

Determine process outputs.

B.

Determine process inputs.

C.

Determine process activities.

D.

Determine process goals.

Buy Now
Questions 179

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Buy Now
Questions 180

Senior management wants assurance that third-party contractors are following procedures as agreed with the organization. Which type of audit would be most appropriate

to achieve this objective?

Options:

A.

A compliance audit.

B.

A due diligence audit.

C.

A financial audit.

D.

An external audit.

Buy Now
Questions 181

What is the primary objective of an engagement supervisor ' s review of key activities performed during the engagement?

Options:

A.

To ensure that the engagement is completed on time and within budget

B.

To ensure that all work performed meets acceptable quality standards

C.

To ensure that management has provided suitable responses to all observations

D.

To ensure that management is satisfied with the progress of the engagement

Buy Now
Questions 182

Which of the following statements is true regarding managements use of judgement to design, implement, and conduct internal control?

Options:

A.

The use of judgment enhances managements ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.

introducing judgment generally diminishes managements ability to make good decisions about internal control

C.

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

Buy Now
Questions 183

When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?

Options:

A.

The overall adequacy of the internal audit activity ' s resources

B.

The availability of guest auditors for the engagement

C.

The number of internal auditors used for the previous review of the same area.

D.

The available resources with the specific skill set required

Buy Now
Questions 184

The objective of an internal audit engagement is to evaluate the organization ' s ethics program. Which of the following should be included in the scope of the engagement?

Options:

A.

Organizational strategic plan

B.

Established investigation protocols

C.

Operational budget of the organization

D.

Remuneration of ethics officers

Buy Now
Questions 185

An internal auditor is conducting an assurance engagement in the procurement area. The auditor follows a checklist of tasks prepared for the engagement. During the process, the auditor notices some deviations from the procurement procedure requirements. However, these deviations are not directly linked to and do not prevent the auditor from completing the checklist tasks. So, the auditor does not investigate these deviations further. Which checklist drawback most likely applies to this situation?

Options:

A.

Over-reliance and a false sense of security

B.

Limited flexibility

C.

Inability to keep the checklist up to date

D.

Standardization and a systematic approach

Buy Now
Questions 186

An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization ' s board under which of the tollowing circumstances ' ?

1. In the opinion of the CAE the level of residual risk assumed by senior management is too high

2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales

3. The cost of modifying the sales system to include a preventive control is less than S100.000

Options:

A.

1 only

B.

3 only

C.

1 and 3 only

D.

1, 2, and3

Buy Now
Questions 187

When me internal audit activity does not have sufficient time to complete its usual root cause analysis which c4 the following is most appropriate?

Options:

A.

The chief audit executive may recommend that management conduct further work to identify the root cause and address the issue

B.

Internal auditors should finish the engagement without conducting the root cause analysis and draft the audit report, though the report would not be considered complete until the analysis is concluded

C.

internal auditors must adjust their future engagement schedule to ensure that the root cause analysis is always performed before the engagement is concluded

D.

Internal auditors should Instead perform a Pareto rule analysis

Buy Now
Questions 188

Which of the following is true about surveys?

Options:

A.

A survey with open-ended questions is weaker than a structured interview

B.

A survey with closed-ended questions can produce quantifiable evidence

C.

A survey ' s participants are likely to volunteer information that was not specifically requested

D.

A survey, like inspections and confirmations are best used to test the operating effectiveness of controls

Buy Now
Questions 189

Where should internal auditor focus their attention when identify and assessing key risks during the planning stage of an assurance engagement?

Options:

A.

Sampling risk.

B.

Audit risk.

C.

Residual risk.

D.

Inherent risk

Buy Now
Questions 190

During the planning phase of an assurance engagement, the internal audit engagement team identifies and evaluates the inherent fraud risks within the procurement function. What should be the engagement team’s next step?

Options:

A.

Identify and map existing controls to their relevant inherent fraud risks

B.

Detect fraudulent activities in the activity under review for the audited period

C.

Select the appetite level for each inherent fraud risk

D.

Evaluate and respond to residual fraud risks that need to be mitigated

Buy Now
Questions 191

Which of the following is an example of internal benchmarking?

Options:

A.

Book value per common share ratio is lower than that of the prior year.

B.

Staff turnover ratio is higher than the comparable organization in the same industry.

C.

Utilities expense of the sales unit is higher than that of the customer service unit.

D.

Sales are significantly higher than the industry’s average for five years.

Buy Now
Questions 192

During an audit of the accounts payable process, an internal auditor was assigned to confirm the quantity of goods received on receiving documents to invoices for those goods and subsequent postings in the accounting system. Which of the following procedures would be most appropriate for this test?

Options:

A.

Independent confirmation

B.

Tracing

C.

Vouching

D.

Reperformance

Buy Now
Questions 193

A manager has allowed a subordinate employee to have greater control and responsibility over the tasks that he performs This is an example of which of the following?

Options:

A.

Job enlargement

B.

Job enrichment

C.

Horizontal loading of the job.

D.

Job rotation.

Buy Now
Questions 194

During a consulting engagement an internal auditor wants to determine whether all principal stakeholders are involved in a project. Which tool should the auditor use?

Options:

A.

RACI (responsible, accountable, consult and inform) chart

B.

Flowchart

C.

SWOT{strengths. weaknesses opportunities, and threats) analysis

D.

Workflow analysis

Buy Now
Questions 195

During an operational audit of the cash receipts process, internal auditors uncovered many red flags related to possible misappropriation of cash and other cash-flow problems indicative of potential employee fraud. Which of the following statements is true regarding the follow-up investigative audit?

Options:

A.

The audit team that conducted the operational audit must also conduct the investigative audit.

B.

The investigative audit must be conducted by an independent third-party service provider.

C.

To preserve objectivity, auditors who participated on the initial operational audit engagement team must not partake in the investigative audit.

D.

The investigative audit engagement team must include at least one auditor who possesses fraud-related skills and competencies.

Buy Now
Questions 196

Which of the following is the most important determinant of the objectives and scope of assurance engagements?

Options:

A.

The organizational chart, business objectives and policies and procedures of the area to be reviewed.

B.

The most recent risk assessment conducted by management of the area to be reviewed.

C.

The requests of operational and senior management throughout the organization.

D.

The preliminary risk assessment performed by internal auditors planning the engagement

Buy Now
Questions 197

Which of the following best demonstrates internal auditors performing their work with proficiency?

Options:

A.

internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA ' s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Buy Now
Questions 198

Which of the following statements is true regarding internal control questionnaires (ICQs)?

Options:

A.

ICQs are most useful in more organic, decentralized organizations with specialized departmental or regional characteristics.

B.

An ICQ can be used effectively either by sending it in advance for management of the area under review to complete or by testing each procedure and recording the results.

C.

An ICQ is not an efficient tool, as it can only inquire about controls and it does not test them.

D.

ICQs are also known as checklist audits and encourage management of the area under review to answer " no " or " yes " more accurately.

Buy Now
Questions 199

An internal auditor wants to assess whether the organization ' s governing body was involved in strategic decisions for the use of social media. What could provide the most relevant evidence?

Options:

A.

The board ' s meeting minutes

B.

The executive committee’s social media budget report

C.

The organization’s marketing plan

D.

The organization’s procedures manual for daily social media management

Buy Now
Questions 200

The final engagement communication contains the following observation:

The internal auditor discovered that three of the 10 contracts reviewed failed to meet the organization ' s competitive bidding requirements Management explained that senior management deemed these purchases to be critical and awarded them as sole-source. "

Which of the following components is missing in the documentation of the observation?

Options:

A.

Criteria.

B.

Effect

C.

Condition

D.

Cause

Buy Now
Questions 201

Which of the following is a true statement regarding the use of flowcharts as an audit tool?

Options:

A.

Flowcharts are typically not well suited to support information provided by a risk and control matrix.

B.

Flowcharts are preferred to narratives, as they can provide much greater detail on the design and operation of a process.

C.

Flowcharts are best applied to linear process flows but cannot address all risks related to the process.

D.

Flowcharts describe process steps but cannot provide the level of detail needed to adequately assess the design of the process.

Buy Now
Questions 202

Which of the following should be included in a company ' s year-end inventory valuation?

Options:

A.

Company goods that were sold during the year, free on board shipping point, that have been shipped but not yet received by the customer

B.

Goods purchased by the company, free on board destination, that have not yet been received.

C.

Goods on consignment, which the company is trying to sell for its customers.

D.

Company goods for sale on consignment at a consignment shop

Buy Now
Questions 203

Which of the following statements is true regarding an organization’s inventory valuation?

Options:

A.

The valuation will be incorrect if the inventory includes goods in transit shipped free on board (FOB) destination to another organization.

B.

The valuation will be correct if the inventory includes goods received on consignment from another organization.

C.

The valuation will be incorrect if the inventory includes goods in transit shipped FOB shipping point from another organization.

D.

The valuation will be correct if the inventory includes goods sent on consignment to another organization

Buy Now
Questions 204

The internal audit manager has been delegated the task of preparing the annual internal audit plan for the forthcoming fiscal year. All engagements should be appropriately categorized and presented to the chief audit executive for review. Which of the following would most likely be classified as a consulting engagement?

Options:

A.

Evaluating procurement department process effectiveness.

B.

Helping in the design of the risk management program.

C.

Assessing financial reporting control adequacy.

D.

Reviewing environmental, social, and governance reporting compliance.

Buy Now
Questions 205

During the planning phase of an assurance engagement, an internal auditor seeks to gam an understanding of now when the area under review is accomplishing its objectives When of the

Following information-gathering techniques is the auditor most likely to use?

Options:

A.

A review of the key performance indicators of me area under review.

B.

A walkthrough of the key processes of the area under review.

C.

An interview with the manager regarding the area ' s business plan.

D.

A review of previous audit and follow- up results of the area under review

Buy Now
Questions 206

An internal auditor of a construction organization found that completed inspection results, required by the organization ' s policy, were missing from the computer system. Which of the following, if included in the audit report, would demonstrate that the auditor performed a root cause analysis of this observation?

Options:

A.

Some inspection results were missing from the computer system.

B.

The results of lengthy inspections were more likely to be omitted from the computer system.

C.

Flaws in the computer system prevented employees from saving their inspection results.

D.

Employees did not ensure that inspection results were completed in the computer system.

Buy Now
Questions 207

An internal auditor is planning an engagement at a financial institution. Toe engagement objective is to identify whether loans were granted in accordance with the organization ' s policies. When of the following approaches would provide the auditor with the best information?

Options:

A.

Randomly select 30 cases of loans and verify whether they were repaid timely and in full

B.

Randomly select 30 cases of loans and validate them against applicable underwriting guidelines

C.

Randomly select 30 employees to complete a survey regarding whether policies and standards are followed

D.

Randomly select several months obtain ageing reports for these months and compare them with the poor year

Buy Now
Questions 208

According to the Standards, which of the following is true regarding the auditor ' s inclusion of management ' s satisfactory performance in the final audit report?

Options:

A.

Acknowledgement of satisfactory performance is encouraged but not required.

B.

There are no standards to address the inclusion of satisfactory performance.

C.

Satisfactory performance should only be acknowledged with the advice of corporate counsel.

D.

Auditors must include satisfactory performance with the approval of the board.

Buy Now
Questions 209

When forming an opinion on the adequacy of management ' s systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?

• During an audit of the hiring process in a law firm, it was discovered that potential employees ' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.

• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.

• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.

• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Buy Now
Questions 210

An internal auditor is performing testing to gather evidence regarding an organization ' s inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is The auditor ' s concern best describes which of the following risks?

Options:

A.

Incorrect rejection risk.

B.

Incorrect acceptance risk.

C.

Tolerable misstatement risk

D.

Anticipated misstatement risk

Buy Now
Questions 211

The internal audit team judgmentally selected 60 of the 600 employee timesheets that were processed during the previous month to determine whether supervisors were properly approving timesheets in accordance with the organization ' s policies. The internal audit team found three exceptions. Based on the audit test, which of the following is most appropriate for the internal audit team to conclude?

Options:

A.

The internal control is operating with 95% effectiveness

B.

There is 90% probability that the internal control is operating as designed

C.

The internal control is not designed appropriately

D.

5% of the selected timesheets were not properly approved

Buy Now
Questions 212

Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?

1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.

2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.

3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.

4. Communicate to senior management a summary report on the status and adequacy of audit resources.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 4

D.

2, 3, and 4

Buy Now
Questions 213

Which of the following is the primary reason to develop an audit work program?

Options:

A.

To alert operational management to the types of audit tests that will likely be performed.

B.

To help the engagement team understand which tasks have to be performed and how.

C.

To assist with communicating all relevant audit findings, conclusions, and recommendations to operational management.

D.

To facilitate the supervision of the audit engagement and enable the chief audit executive to provide relevant feedback.

Buy Now
Questions 214

How do internal auditors generally determine the priority of the areas within the engagement scope?

Options:

A.

By calculating the period of time when the area was last audited try internal auditors

B.

By totaling the monetary value of the processes within the organization in the scope of the engagement

C.

By counting the number of red flags indicating the potential fraudulent activities within the area.

D.

By estimating the likelihood of a risks occurring and the potential impact of that risk on the organization

Buy Now
Questions 215

According to IIA guidance, which of the following statements about analytical procedures is true?

Options:

A.

Analytical procedures compare information against expectations

B.

Analytical procedures begin after the engagements planning phase.

C.

Analytical procedures provide internal auditors with explainable results.

D.

Analytical procedures are computer-assisted audit techniques

Buy Now
Questions 216

An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?

Options:

A.

Inform the audit supervisor.

B.

Investigate the potential conflict of interest.

C.

Inform the external auditors of the potential conflict of interest.

D.

Disregard the potential conflict, because it is outside the scope of the audit assignment.

Buy Now
Questions 217

When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?

1. The competency and qualifications of the audit staff for specific assignments.

2. The effectiveness of IAA staff performance measures.

3. The number of training hours received by staff auditors compared to the budget.

4. The geographical dispersion of audit staff across the organization.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Buy Now
Questions 218

Senior management requested that the internal audit activity perform a consulting project to assist in making a decision on a new software system. Which of the following would be used to determine the engagement objectives?

Options:

A.

An assessment of risks to the business objectives

B.

An understanding of the engagement client ' s expectations

C.

The probability of significant errors fraud or noncompliance

D.

Criteria previously established by the board

Buy Now
Questions 219

An organization invests excess short-term cash in trading securities Which of the following actions should an internal auditor take to test the valuation of those securities ' *

Options:

A.

Use the equity method to recalculate the investment carrying value

B.

Confirm the securities held by the broker.

C.

Perform a calculation of premium or discount amortization.

D.

Compare the carrying value with current market quotations

Buy Now
Questions 220

During the review of an organization ' s retail fraud deterrence program, an employee mentions that an expensive fraud surveillance information system is rarely used. The internal auditor concludes that additional staff are required to properly utilize the system to its full potential. According to IIA guidance, which criteria for evidence is most lacking to reach this conclusion?

Options:

A.

Sufficiency.

B.

Reliability.

C.

Relevancy.

D.

Usefulness.

Buy Now
Questions 221

An internal auditor is planning to audit the organization ' s payroll function, which was recently outsourced. Which of the following is the most appropriate first step for the auditor?

Options:

A.

Review management ' s organ nationwide risk assessment

B.

Understand the objectives and strategies of the new arrangement

C.

Revise the scope of the audit engagement

D.

Form objectives for the audit engagement

Buy Now
Questions 222

The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?

Options:

A.

The scope of the engagement, the estimated time frame, and the names of the auditors.

B.

The estimated time frame, the names of the auditors, and the resources and travel budget.

C.

The names of the auditors, the resources and travel budget, and the scope of the engagement.

D.

The resources and travel budget, the scope of the engagement, and the estimated time frame.

Buy Now
Questions 223

A financial services organization ' s CEO requests that the internal audit function carry out fraud scenario testing over the supplier payment process. The engagement supervisor intends to identify these scenarios using a technique that motivates the sharing of ideas. Which of the following provides the internal audit function with this information?

Options:

A.

Fraud risk matrix

B.

Benchmarking

C.

Brainstorming

D.

Walkthroughs

Buy Now
Questions 224

Which of the following statements is true regarding a drawback of using internal control questionnaires (ICQs)?

Options:

A.

When internal auditors need to cover many control procedures using ICQs is generally less efficient than conducting observations and inspections

B.

It is generally difficult for internal auditors lo compile appropriate ICQs for business activities that are governed by standardized operating procedures

C.

ICQs are inadequate to provide effective assurance on how organizational processes are executed in practice.

D.

It is generally difficult for internal auditors to process completed questionnaires, because ICQs frequently elicit detailed comments and long answers from management

Buy Now
Exam Code: IIA-CIA-Part2
Exam Name: Internal Audit Engagement
Last Update: Jul 6, 2026
Questions: 747

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now IIA-CIA-Part2 testing engine

PDF (Q&A)

$31.5  $104.99
buy now IIA-CIA-Part2 pdf
dumpsmate guaranteed to pass

24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 06 Jul 2026