CIA Part 1 Second Test
Which of the following situations allows for the most objectivity on the part of an internal auditor? A. Assessing testing procedures in a new computer system. B. Performing a risk assessment of a new financial instrument. C. Drawing conclusions from a sample of financial transactions. D. Comparing current environmental activities against legislation.
D
Which of the following would be most relevant regarding the internal control environment? A. Assessing controls over computerized applications. B. Documenting the organizational structure. C. Comparing and validating internal performance with external benchmarking. D. Maintaining and reviewing detailed financial records.
B
Which of the following risk assessment tools would best facilitate the matching of controls to risks? A. Control matrix. B. Internal control questionnaire. C. Control flowchart. D. Program evaluation and review technique (PERT) analysis.
a
A code of business conduct provides? A. A fraud avoidance plan that does not explicitly describe punishments for violations. B. A passive method of fraud deterrence. C. A program to anonymously report irregularities to authorities. D. An alternative to "tone at the top" programs.
b
A manufacturer uses a materials requirements planning (MRP) system to track inventory, orders, and raw materials requirements. What condition should an auditor search for in the MRP database if a preliminary assessment indicated that inventory is understated? A. Item cost set at zero. II.Negative quantities on hand. III.Order quantity exceeding requirements. IV.Inventory lead times exceeding delivery schedule. B. I and II only C. I and IV only D. II and IV only E. III and IV only
A
Which of the following would not be a factor for senior management to consider when determining the internal audit activity's role in an organization's risk management process? A. The extent to which the internal audit activity is outsourced. B. The maturity level of risk management practices in the organization. C. The competency of the internal auditors in risk management. D. The nature of the business and the environment in which the organization operates.
a
During an audit engagement, an internal auditor finds that management is not complying with previous commitments made to the external auditors. However, the auditor determines management's actions to be justified due to significant changes in the business. The best course of action for the auditor to take would be to: A. Proceed with the audit engagement and assess the changes actually implemented by management. B. Inform the external auditors and seek their guidance. C. Inform the external auditors and remove the associated work from the internal audit scope. D. Compare the recommended changes against the changes made by management and advise management which action to take.
A
In a manufacturing organization, all sales prices are determined centrally and are electronically sent to the distribution centers to update their sales price tables. Any pricing deviations must be approved by central headquarters. To determine how this process is functioning, an internal auditor should: A. Document the flow of sales price information, and determine how the table is accessed and updated. B. Develop a flowchart of the sales order process to determine how orders are taken and priced. C. Identify who approves the shipment of goods and how the goods are priced. D. Obtain a copy of the existing flowchart for the computer program to determine how price data are accessed.
A
Inadequate risk assessment would have the strongest negative impact in which of the following phases of an audit engagement? A. Determining the scope. B. Reviewing internal controls. C. Testing. D. Evaluating findings.
A
Internal auditors can benefit from a strong relationship with the external auditors because external auditors can: A. Provide internal auditors with an independent and knowledgeable viewpoint. B. Concur with the internal auditors' reports and thus improve the quality of assurance provided to management. C. Increase the effectiveness of internal control sampling techniques. D. Assist the internal auditor by providing information obtained from similar audits with other clients.
A
The chief audit executive's responsibility regarding control processes includes: A. Assisting senior management and the audit committee in the development of an annual assessment about internal control. B. Overseeing the establishment of internal control processes. C. Maintaining the organization's governance processes. D. Ensuring that the internal audit activity assesses all control processes annually.
A
The internal audit activity's role in the risk assessment and management processes of an organization is determined by the: A. Board of directors. B. Chief audit executive. C. Risk management department. D. External auditors.
A
To assure that the technical proficiency of internal auditors is appropriate for the audit engagements to be performed, a chief audit executive should: A. Consider the scope of work and level of responsibility when establishing criteria for education and experience in filling internal auditing positions. B. Ensure that each newly hired auditor is qualified in all of the disciplines needed to accomplish the department's audit mission. C. Oversee a training program that matches the actual training provided with the interests of individual auditors. D. Require all of the audit staff to pursue a minimum number of continuing professional education hours each year.
A
When reviewing management reports to the board of directors, the internal audit activity should: A. Evaluate the process used to prepare the management reports. B. Maintain supporting documentation for the management reports. C. Tie all financial numbers in the reports to the general ledger. D. Compare to prior-period reports for consistency.
A
Which of the following best contributes to the effectiveness of the internal audit activity in an organization? A. Appropriate terms of internal audit scope and responsibility in the charter. B. Appropriate compliance coverage in the annual audit plan. C. Regular review of the audit charter by management. D. Assurance of internal audit objectivity by the board.
A
Which of the following represents the most effective governance structure? A. Operating Executive Internal Management Management Auditing Responsibility for risk Oversight role Advisory role II. Oversight role Responsibility for risk Advisory role III. Responsibility for risk Advisory role Oversight role IV. Oversight role Advisory role Responsibility for risk B. I Only C. II D. III E. IV
A
Which of the following statements is correct regarding risk analysis? A. The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis. B. The highest risk assessment should always be assigned to the area with the largest potential loss. C. The highest risk assessment should always be assigned to the area with the highest probability of occurrence. D. Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.
A
Which of the following would be the least desirable criteria against which to judge current operations of a company's treasury function? A. The operations of the treasury function as documented during the last audit engagement. B. Company policies and procedures delegating authority and assigning responsibilities. C. Finance textbook illustrations of generally accepted good treasury function practices. D. Codification of best practices of the treasury function in relevant industries.
A
In an assurance engagement of treasury operations, an internal auditor is required to consider all of the following issues except: A. The audit committee has requested assurance on the treasury department's compliance with a new policy on the use of financial instruments. B. Treasury management has not instituted any risk management policies. C. Due to the recent sale of a division, the amount of cash and marketable securities managed by the treasury department has increased by 350 percent. D. The external auditors have indicated some difficulties in obtaining account confirmations.
D
In order to save time, an audit manager no longer required that a standard internal control questionnaire be completed for each audit engagement. Does this represent a violation of the Standards? A. Yes, because internal control should be evaluated on every engagement and the internal control questionnaire is the mandated approach to evaluate controls. B. Yes, because internal control should be evaluated on every engagement and the internal control questionnaire is the most efficient method to do so. C. No, because auditors may omit necessary procedures if there is a time constraint, based on audit judgment. D. No, because auditors are not required to complete internal control questionnaires on every engagement.
D
Internal auditors exercise judgment about the type and amount of information to be collected. The primary purpose of this judgment is to: A. Eliminate the risk of drawing incorrect conclusions. B. Minimize the cost of the audit engagement. C. Comply with the Standards. D. Provide a sound basis for audit observations and recommendations.
D
It would be appropriate for an internal audit activity to use consultants with expertise in health- care benefits when the internal audit activity is: A. Conducting an audit of the organization's estimate of its liability for post retirement benefits, which include health care benefits. II. Comparing the cost of the organization's health care program with that of other programs offered in the industry. III. Training its staff to conduct an audit of health care costs in a major division of the organization. B. I only C. I and III only D. II and III only E. I, II, and III.
D
Overall audit efficiency is enhanced between the internal and external audit functions when: A. Internal audit coverage is reduced to avoid potential conflicts of interest. B. Audits of the same department are conducted at different times. C. The internal audit department reviews functions or departments prior to the external audit. D. External audit scope is reduced based on the internal audit department's activities.
D
Regarding an organization's decision to retain an external audit firm, the chief audit executive (CAE) should: A. Work with the organization's chief financial officer to evaluate the external auditor's performance and together make the decision. B. Not be involved in this decision process as it would compromise the CAE's objectivity. C. Evaluate the external auditor's performance and retain the external auditor if quality and cost criteria are met. D. Assist the audit committee by facilitating the development of an appropriate evaluation process.
D
The chairperson of an organization's audit committee has obtained a risk management report that identifies significant industry concerns that impact the organization. The chairperson has asked the chief audit executive (CAE) to review these concerns and advise if they are relevant to the organization. How should the CAE respond? A. Accept the engagement but communicate only with the audit committee to protect the confidentiality of the request. B. Decline the engagement because it is outside of the scope of the internal audit charter. C. Decline the engagement because it impairs the internal audit activity's independence. D. Accept the engagement but inform senior management of the request.
D
To enhance the independence of both the internal and external audit functions, audit committees should be composed of: A. A rotating subcommittee of the board of directors or its equivalent. B. A combination of external members of the board of directors and company officers. C. Members from all important constituencies, specifically including representatives from banking, labor, regulatory agencies, shareholders, and officers. D. Only external members of the board of directors or other similar oversight committees.
D
Using the internal audit department to coordinate regulatory examiners' efforts is beneficial to the organization because internal auditors can: A. Influence regulatory interpretation of law to better match corporate practice. B. Recommend changes to the scope of the regulatory examiners' review. C. Perform fieldwork for the regulatory examiners and thus shorten the regulatory examiners' review. D. Supply evidence of adequate compliance testing through internal audit workpapers and reports.
D
Which is the least effective form of risk management? A. Systems-based preventive control. B. People-based preventive control. C. Systems-based detective control. D. People-based detective control.
D
Which of the following actions would be considered a violation of the Standards? A. Drafts of engagement communications were reviewed with the audit client to obtain input. The client's comments were considered when developing the engagement final communication. II.An auditor participated as part of a development team to review the control procedures to be incorporated into a major computer application under development. III.Given limited resources, the chief audit executive performed a risk analysis to determine which functions to audit. B. II only C. I and III only D. I, II, and III. E. None of the above.
D
Which of the following internal control weaknesses would an auditor most likely detect while reviewing a flowchart that depicts the purchasing function of an organization? A. Purchasing policies have not been updated. B. The organization is not taking advantage of quantity discounts available from its suppliers. C. Payments for goods received have not been authorized at the appropriate level. D. Payments to suppliers are made before goods are received.
D
Which of the following is a benefit from reduced testing during a particular phase of an audit engagement? A. The size of the internal audit activity can be reduced. B. There is less concern about assessing inherent risk. C. The level of planned audit risk is lowered. D. Additional audit hours are available for pursuing other engagement objectives.
D
Which of the following should be incorporated in a risk management policy? A. Boundaries and limit structures. II.Requirements for reporting risk. III.Risk authorities. B. I and II only C. I and III only D. II and III only E. I, II, and III.
D
Which of the following would be the most useful in developing an annual audit plan? A. General purpose audit software. B. Voting software and hardware. C. Flowcharting and data capture software. D. Risk assessment software.
D
Which of the following would provide the most reliable information on the risk associated with an auditable activity? A. Event scenarios with regression analysis. B. Past audit findings and instances of management failures. C. Consequences and economic predictability of loss. D. Management assessment and corroboration by the internal audit activity.
D
If an engagement client's operating standards are vague and thus subject to interpretation, the auditor should: A. Seek agreement with the client as to the standards to be used to measure operating performance. B. Determine best practices in the area and use them as the standard. C. Interpret the standards in their strictest sense because standards are otherwise only minimum measures of acceptance. D. Omit any comments on standards and the client's performance in relationship to those standards, because such an analysis would be meaningless.
a
Management has requested that an internal auditor serve as member of a task force that will review current receivables practices and make recommendations to improve processes. Which of the following is the most appropriate response by the internal auditor? A. Accept the assignment provided that such consulting services are defined in the charter. B. Decline the assignment because participation on task forces will impair the auditor's objectivity in future audit engagements. C. Accept the assignment if the auditor believes that it will not impair objectivity in future audit engagements. D. Do not accept the assignment because the assignment is not part of an approved audit plan.
a
Organizations that use a highly structured command-and-control management approach are at greater risk of: A. Delayed response due to the inability to reach consensus among decision makers. B. Negative consequences that result from lower-level staff's unwillingness to confront errors by superiors. C. Erosion of staff morale due to perceptions of ineffective leadership. D. Waste and abuse of organizational resources resulting from management override of controls.
B
The audit process used by the internal audit activity of a large wholesale clothing company does not include an engagement letter or project approval document. The most serious consequence of this deficiency in the process is that the: A. Audit schedule may not be optimal from the engagement client's perspective. B. Audit objectives may not be understood by management of the area being audited. C. Audit resources may not be sufficient. D. Audit plan priority may have changed.
B
To promote a positive image within an organization, a chief audit executive (CAE) adjusted the audit plan to focus on assurance engagements that highlighted potential costs to be saved. Negative observations were to be omitted from engagement final communications. Which action taken by the CAE would be considered a violation of the Standards? A. The focus of the audit function was changed without modifying the audit charter or notifying the audit committee. II.Negative observations were omitted from the engagement final communications. III.Cost savings and recommendations were highlighted in the engagement final communications. B. II only C. I and II only D. I and III only E. I, II, and III.
B
Which of the following best describes the most important criteria when assigning responsibility for specific tasks required in an audit engagement? A. Auditors must be given assignments based primarily upon their years of experience. B. All auditors assigned an audit task must have the knowledge and skills necessary to complete the task satisfactorily. C. Tasks must be assigned to the audit team member who is most qualified to perform them. D. All audit team members must have the skills necessary to satisfactorily complete any task that will be required in the audit engagement.
B
Which of the following is a role of the board of directors in the governance process? A. Conduct periodic assessments of the organization's governance systems. B. Obtain assurance concerning the effectiveness of the organization's governance systems. C. Implement an effective system of internal controls to support the organization's governance systems. D. Review and approve operational goals and objectives.
B
Which of the following is not true with regard to the internal audit charter? A. It defines the authorities and responsibilities of the internal audit activity. B. It specifies the minimum resources needed for the internal audit activity. C. It provides a basis for evaluating the internal audit activity. D. It should be approved by senior management and the board.
B
Which of the following steps would not be included in a program of selecting and developing human resources for an internal audit department? A. Scheduling periodic meetings with individual auditors, during which the chief audit executive provides counsel regarding each auditor's performance and professional career development. B. Establishing an internal review team to assess the auditors' and audit department's compliance with standards, level of audit effectiveness, and compliance with departmental policy. C. Developing specific job descriptions for audit staff, audit managers, and other auditing positions. D. Establishing in-house training programs and requiring continuing education for audit staff.
B
Which source of audit evidence would provide the least value in flowcharting an organization's purchasing process? A. An interview with the purchasing supervisor. B. A review of a sample of purchase orders which were completed during the last month. C. A review of the purchasing policies and procedures manual. D. A walk-through of the process with a member of the purchasing staff.
B
In order to provide the most useful information for an organization's risk management decisions, which of the following should be assessed? A. Risk levels for future events based on the degree of uncertainty of those events and their cost of mitigation. B. Inherent and control risks and their impact on the extent of financial misstatements. C. Risk levels of current and future events, their effect on the achievement of the organization's objectives, and their underlying causes. D. Risk levels of current and future events, their impact on the organization's mission, and the potential for the elimination of existing risk factors.
C
In publicly held companies, management often requires the internal audit activity's involvement with quarterly financial statements that are made public and used internally. Which of the following is generally not a reason for such involvement? A. Management may be concerned about its reputation in the financial markets. B. Management may be concerned about potential penalties that could occur if quarterly financial statements are misstated. C. The Standards state that internal auditors should be involved with reviewing quarterly financial statements. D. Management may perceive that having quarterly financial information examined by the internal auditors enhances its value for internal decision making.
C
The primary objective of risk-based auditing is to assess the: A. Economy of controls. B. Compliance with controls. C. Adequacy of controls. D. Efficiency of controls.
C
The primary reason that a bank would maintain a separate compliance function is to: A. Better manage perceived high risks. B. Strengthen controls over the bank's investments. C. Ensure the independence of line and senior management. D. Better respond to shareholder expectations.
C
To identify those components of a telecommunications system that present the greatest risk, an internal auditor should first: A. Review the open systems interconnect network model. B. Identify the network operating costs. C. Determine the business purpose of the network. D. Map the network software and hardware products into their respective layers.
C
Which of the following is not an appropriate control related to sales in a manufacturing company? A. Customers' orders are recorded promptly. B. Goods shipped are matched with valid customer orders. C. Goods returned are inspected for damage by the sales department and then entered into inventory. D. Credit department approval is required for credit sales transactions.
C
Which of the following represents the correct order of the risk management process? A. Resource allocation, risk management metrics, risk assessment, post-mortem analysis, effective communication. B. Risk management metrics, resource allocation, risk assessment, effective communication, post-mortem analysis. C. Risk assessment, resource allocation, risk governance and reporting, post-mortem analysis, feedback. D. Resource allocation, risk monitoring, risk assessment, feedback, post-mortem analysis.
C
Which of the following best describes how the increased use of computerization may impact an auditor's assessment of the risk of fraud? A. Access to assets may be available to information systems personnel as well as to computer users. B. Computer controls are generally less effective than human review. C. Overrides of key controls may require less collaboration. D. Audit trails are less effective.
a
Which of the following describes a control weakness? A. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor. B. Pre-numbered blank purchase orders are secured within the purchasing department. C. Normal operational purchases fall in the range from $500 to $1, 000 with two signatures required for purchases over $1, 000. D. The purchasing agent invests in a publicly traded mutual fund that lists the stock of one of the company's suppliers in its portfolio.
a
Which of the following best describes the underlying premise of the COSO enterprise risk management framework? A. Management should set objectives before assessing risk. B. Every entity exists to provide value for its stakeholders. C. Policies are established to ensure that risk responses are performed effectively. D. Enterprise risk management can minimize the impact and likelihood of unanticipated events.
b
Which of the following is an example of sharing risk? A. An organization redesigned a business process to change the risk pattern. B. An organization outsourced a portion of its services to a third-party service provider. C. An organization sold an unprofitable business unit to its competitor. D. In order to spread total risk, an organization used multiple vendors for critical materials.
b
Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function? A. Observe the process. B. Review the trend in receivables write-offs. C. Ask the credit manager about the effectiveness of the function. D. Check for evidence of credit approval on a sample of customer orders.
b
A charitable organization provides substantial grants for important medical research. Assuming marginal controls are in place, which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk? A. Senior executives are using company travel and entertainment funds for activities that might be considered questionable. B. Purchases of office supplies are made from fictitious vendors. C. Grants are made to organizations associated with senior executives. D. A payroll clerk has added a fictitious employee.
c
A manufacturing firm uses hazardous materials in the production of its products. An audit of the firm's processes related to hazardous materials should include. A. Recommending an environmental management system as part of policies and procedures. II. Verifying the existence of tracking records for these materials from creation to destruction. III. Using consultants to avoid self-incrimination of the firm in the event illegalities were detected in an environmental audit. IV. Evaluating the cost provided for in an environmental liability accrual account. B. II only C. III and IV only D. I, II, and IV only E. I, III, and IV only
c
After several years in the engineering department, an engineer was transferred to the internal audit department. One month later, the new auditor was assigned to an assurance engagement for the engineering department. When the auditor's former engineering supervisor suggested a change in the sample selection method, the auditor consulted with the audit supervisor. They determined that the suggested method would not be as representative and that the original selection method should be used. In this situation, the auditor: A. Maintained an independent mental attitude and is therefore objective. B. Has subordinated professional judgment, and objectivity is therefore impaired. C. Does not have objectivity since the auditor recently transferred from the engineering department. D. Does not have independent organizational status since the auditor recently transferred from the engineering department.
c
An auditor is using audit software to check inventory accuracy. Which of the following would be an indicator of poor input edit controls? A. Negative quantities on hand. B. Total dollar values of zero for some parts. C. Alpha characters in the field for order lead time. D. Reorder levels set too high.
c
To determine if a new computer system is improving the use of a manufacturer's limited facilities in serving the largest number of customers, an auditor should compare. A. The number of reworked orders and their costs before and after system installation. B. Inventory and materials handling costs before and after system installation. C. The number of orders filled and their cycle times before and after system installation. D. The number of reworked orders and orders filled before and after system installation.
c
When internal auditors perform consulting services that add value and improve an organization's operations, these services: A. Impair the internal auditors' objectivity with respect to an assurance service involving the same engagement client. B. Would preclude the achievement of assurance from the consulting engagement. C. Should be consistent with the internal audit activity's empowerment reflected in the charter. D. Impose no responsibility to communicate information other than to the engagement client.
c
Which of the following characteristics could indicate high risk? A. Management decisions are made by a committee of mid to higher level management personnel. B. The company is not in a rapidly growing industry. C. The company's profitability is lower than the industry norm. D. Management turnover has been very low.
c
Which of the following corporate travel policies is least likely to be cost-effective? A. Negotiating corporate agreements with hotels, airlines, and car rental firms. B. Tracking credits for canceled airline reservations. C. Selecting the least expensive airline travel available, without regard to total travel time and distance. D. Traveling to facilities in tourist areas during the off-season when possible.
c
Which of the following is an appropriate consideration by the auditor when preparing an engagement program for a human resource audit? A. State the work steps in the form of questions. B. Use standard audit program for HR from previous years. C. Include in the audit program certain audit tests requested by audit client. D. Defer preparation of the audit program after the field work.
c
Which of the following measurements could an auditor use in an audit of the efficiency of a motor vehicle inspection facility? A. The total number of cars approved. B. The ratio of cars rejected to total cars inspected. C. The number of cars inspected per inspection agent. D. The average amount of fees collected per cashier.
c
Which of the following would be a violation of the IIA Code of Ethics? A. Reporting information that could be damaging to the organization, at the request of a court of law. B. Including an issue in the final audit report after management has resolved the issue. C. Participating in an audit engagement for which the auditor does not have the necessary experience or training. D. Accepting a gift that is a commercial advertisement available to the public.
c
executive should: A. Demonstrate willingness to include in engagement final communications all matters believed to be important. B. Require all auditors to sign statements attesting to their independent mental attitudes and honest belief in their work product. C. Carefully assign personnel to individual audit engagements and require auditors to disclose all conflicts of interest. D. Appraise each auditor's performance on each audit assignment.
c
An auditor for a large wholesaler is evaluating the controls over the approval and oversight of credit sales. Which of the following procedures would be a control weakness? A. The credit department is responsible for approving shipments to all customers. B. The finance committee of the board of directors periodically reviews credit standards. C. Customers who fail to meet credit requirements must pay cash for shipments upon delivery. D. The sales department is responsible for determining the credit ratings of customers.
d
Which of the following statements regarding segregation of duties is true? A. When evaluating an organization's policy on segregation of duties, employee competence does not need to be considered. B. An organizational chart provides an accurate definition of segregation of duties. C. A restrictive segregation-of-duties policy can help improve an organization's communication. D. Policies on segregation of duties in information systems must recognize the difference between logical and physical access to assets.
d
At the beginning of fieldwork in an audit of investments, an internal auditor noted that the interest rate had declined significantly since the engagement work program was created. The auditor should: A. Proceed with the existing program since this was the original scope of work that was approved. B. Modify the audit program and proceed with the engagement. C. Consult with management to verify the interest rate change and proceed with the engagement. D. Determine the effect of the interest rate change and whether the program should be modified.
D
During an audit of financial contracts, an auditor learns that a relative has a substantial loan with the organization. The auditor should: A. Exclude the relative's information from the audited work and proceed with the audit engagement. B. Proceed with the audit engagement but disclose in the engagement final communication that the relative is a customer. C. Immediately withdraw from the audit engagement. D. Notify management and the chief audit executive (CAE) and have the CAE determine whether the auditor should continue with the audit engagement.
D
In advance of a preliminary survey, a chief audit executive sends a memorandum and questionnaire to the supervisors of the department to be audited. What is the most likely result of that procedure? A. It creates apprehension about the audit engagement. B. It involves the engagement client's supervisory personnel in the audit. C. It is an uneconomical approach to obtaining information. D. It is only useful for audits of distant locations.
B
Senior management at a financial institution has received allegations of fraud at its derivatives trading desk and has asked the internal audit activity to investigate and issue a report concerning the allegations. The internal audit activity has not yet developed sufficient proficiency regarding derivatives trading to conduct a thorough fraud investigation in this area. Which of the following courses of action should the chief audit executive (CAE) take to comply with the Standards? A. Engage the former head of the institution's derivatives trading desk to perform the investigation and submit a report with supporting documentation to the CAE. B. Request that senior management allow a delay of the fraud investigation until the internal audit activity's on-staff certified fraud examiner is able to obtain the appropriate training regarding the analysis of derivatives trading. C. Request that senior management exclude the internal audit activity from the investigation completely and instead contract with an external certified fraud examiner with derivatives experience to perform all aspects of the investigation and subsequent reporting. D. Contract with an external certified fraud examiner with derivatives experience to perform the investigation and subsequent reporting, with the chief audit executive approving the scope of the investigation and evaluating the adequacy of the work performed
d
Two individuals are being considered for an audit team that is to perform a highly technical review. Which of the following situations would preclude selection of the individual for the audit due to an objectivity concern? A. Person A is a member of the internal audit staff and has the required technical skills. Person A participated in a controls review of the system to be audited when it was being developed. II. Person B is a technical specialist who understands the audit area but is not a member of the internal audit staff. Although person B has personal credibility in the information systems department to be audited, person B works for another department in the organization. B. I only C. II only D. Both I and II. E. Neither I nor II.
d
Which of the following audit activities is within the scope of assurance activities as stated in the International Professional Practices Framework? A. Review a make-or-buy decision and report a recommendation to management for approval. B. Participate in negotiations for a corporate acquisition. C. Assess financing alternatives for a new generator. D. Perform an evaluation of management's planning process.
d
Which of the following components influences the risk consciousness of an organization's people and is the basis for all other components of enterprise risk management? A. Objective setting. B. Information and Communication. C. Risk Assessment. D. Internal Environment.
d
Which of the following is not a benefit of using information technology in solving audit problems? A. It helps reduce audit risk. B. It improves the timeliness of the audit engagement. C. It increases audit opportunities. D. It improves the auditor's judgment.
d
An audit of the quality control department is being planned. Which of the following would least likely be used in the preparation of a preliminary survey questionnaire? A. An analysis of quality control documents. B. The permanent audit file. C. The prior audit report. D. Management's charter for the quality control department.
A
An objective for an audit of a medical research corporation is to evaluate management's controls to ensure that timely reports are submitted to sponsors of contracted research projects. In planning the audit to achieve this objective, the auditor should begin by: A. Reviewing policies and procedures. B. Interviewing a group of research managers. C. Observing report preparation in a number of laboratories. D. Sending a questionnaire to a sample of research sponsors.
A
In developing an appropriate work program for an audit engagement, the most important factor for an audit supervisor to consider is the: A. Availability of records and data. B. Potential impact of risks. C. Capabilities of audit personnel. D. Time required to complete the engagement.
B
In order to exercise due professional care as defined in the International Professional Practices Framework, an internal auditor should: A. Consider the probability of significant noncompliance in each audit engagement. II.Perform assurance procedures with sufficient care to ensure that all risks are identified. III.Weigh the cost of assurance against the benefits. B. I and II only C. I and III only D. II and III only E. I, II, and III.
B
A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store? A. On a rainy day, total sales are greater than expected when compared to the cost of ingredients used. B. On a sunny day, total sales are less than expected when compared to the cost of ingredients used. C. Both total sales and cost of ingredients used are greater than expected. D. Both total sales and cost of ingredients used are less than expected.
B
Auditors 1, 2, and 3 work out of various offices. Each must be assigned to one, and only one, of three audit locations (A, B, or C). The cost of sending each auditor to each location is listed below: Audit Locations Auditor 1 A B C Auditor 2 $200 $300 $400 Auditor 3 $400 $300 $600 Auditor 4 $200 $200 $500 The minimum cost with which this assignment can be accomplished is: A. $800 B. $900 C. $1, 000 D. $1, 100
B
A chief audit executive (CAE) for a specialty retailer is asked by management to review the controls in place to manage their electronic funds transfer process. The internal audit activity has no experience with similar engagements. What is the most appropriate course of action for the CAE to take? A. Plan the engagement and begin fieldwork using existing staff. B. Attempt to discourage management from the request. C. Hire an outside consulting firm to assist with the engagement. D. Defer the audit until current staff can be appropriately trained.
C
Due to urgent requests from management, a busy internal audit activity finds that it can no longer meet all of its commitments contained in the annual audit plan. The best course of action for the chief audit executive to take would be to: A. Continue with the plan and seek opportunities to adjust priorities and reallocate resources. B. Advise senior management and request that they reconsider these additional requests using more rigorous risk assessment and prioritization factors. C. Advise the board and senior management and request a reassessment of the plan. D. Advise the board immediately and seek their support for additional resources to meet the needs of the plan.
C
During a review of data center physical security and environmental controls, an auditor should ensure that: A. Visitors are accompanied by authorized personnel at all times. II.Only developers and operators have access to the data center. III.Fire suppression equipment is tested periodically. IV.Fire and water detectors have been installed. B. I and III only C. II and IV only D. I, III, and IV only E. II, III, and IV only
C
Fraud is most frequently detected by: A. Following up on tips from employees or citizens. B. Following up on analytical review of high-risk areas. C. Performing periodic reconciliations over cash and other assets. D. Performing unannounced audits or reviews of programs or departments.
a
An internal auditor plans to use an analytical review to verify the correctness of various operating expenses in a division. The use of an analytical review as a verification technique would not be a preferred approach if. A. The auditor notes strong indicators of a specific fraud involving this account. B. The company has relatively stable operations which have not changed much over the past year. C. The auditor would like to identify large, unusual, or non-recurring transactions during the year. D. The operating expenses vary in relation to other operating expenses, but not in relation to revenue.
a
Which of the following would be most effective in determining if the percentage of medication orders containing errors improved after a hospital installed a computerized medication-tracking system? A. Compare the proportion of erroneous medication orders before and after system installation for similar periods. B. Compare the number of errors before and after system installation for similar periods. C. Compare, after adjusting for the number of patients, the proportion of erroneous medication orders before and after system installation. D. Compare, after adjusting for the number of patients, the number of errors before and after system installation for similar periods.
a
Which of the following would be the best source of information for a chief audit executive to use in planning future audit staff requirements? A. Discussions of audit needs with executive management and the audit committee. B. Review of audit staff education and training records. C. Review of audit staff size and composition of similar-sized companies in the same industry. D. Interviews with existing audit staff.
a
An audit to test the system of controls over the purchase, distribution, and use of radioactive material is being conducted at a company's plants. The process is well documented, and employees in the safety department are very familiar with the department's procedures. Since the purchasing and facilities departments are involved in the process, the auditor is considering reviewing their radioactive material handling procedures as well. The auditor should: A. Have confidence in the rigorous and detailed safety department procedures, since that department has the main responsibility for radiation safety, and should not use audit time to review other departments. B. Adjust the engagement schedule and budget, if needed, and interview the appropriate individuals in the purchasing and facilities departments to ascertain whether additional controls exist that complement those identified within the safety department. C. Test the controls identified within the safety department; if results are unfavorable, the auditor should consider whether to involve the other departments. D. Defer questions regarding purchasing, facilities, and other departments until audit projects can be scheduled for those departments.
b
An auditor plans to analyze customer satisfaction, including. (1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct? A. Although useful, such an analysis does not address any risk factors. B. The survey would not consider customers who did not make purchases in the last three months. C. Steps 1 and 2 of the analysis are not necessary or cost-effective if the customer survey is comprehensive. D. Analysis of three months' activity would not evaluate customer satisfaction.
b
An employee who recently transferred into the internal audit activity has been assigned to audit the accounts payable system. Which function, if previously performed by the auditor, would represent a conflict of interest? A. Monitoring the allowance for doubtful accounts. B. Writing procedures for the handling of duplicate payments. C. Signing timekeeping cards for subordinates. D. Reviewing shipping documents for accuracy.
b
During a payroll audit of a large organization, an auditor noted that the assistant personnel director is responsible for many aspects of the computerized payroll system, including adding new employees in the system; entering direct-deposit information for employees; approving and entering all payroll changes; and providing training for system users. After discussions with the director of personnel, the auditor concluded that the director was not comfortable dealing with information technology issues and felt obliged to support all actions taken by the assistant director. The auditor should: A. Continue to follow the engagement program because the engagement scope and objectives have already been discussed with management. B. Review the engagement program to ensure testing of direct deposits to employee bank accounts is adequately covered. C. Recommend to the chief audit executive that a fraud investigation be started. D. Test a sample of payroll changes to ensure that they were approved by the assistant director before being processed.
b
If earnings on financial statements for internal use only have been manipulated in the past, an internal auditor is likely to focus on which of the following? A. The proper accrual of payables at the end of the interim period. B. The timing of revenue recognition and the valuation of inventories. C. Whether accounting estimates are reasonable given past actual results. D. Whether there have been changes in accounting principles that materially affect the financial statements.
b
The chief audit executive should periodically report the internal audit activity's purpose, authority, responsibility, and performance, as well as significant risk exposures and control issues, to which of the following? A. Board of directors. II. Senior management. III. Shareholders. IV. External auditors. B. II only C. I and II only D. I, II, and III only E. I, III, and IV only
b
An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement? A. Investigation of the physical security over access to the components of the LAN. B. The ability of the LAN application to identify data items at the field or record level and implement user access security at that level. C. Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise. D. The level of security of other LANs in the company which also utilize sensitive data.
d
An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information. In order to test whether data currently within the automated system are correct, an auditor should: A. Use test data and determine whether all the data entered are captured correctly in the updated database. B. Select a sample of data to be entered for a few days and trace the data to the updated database to determine the correctness of the updates. C. Use generalized audit software to provide a printout of all employees with invalid job descriptions. Investigate the causes of the problems. D. Use generalized audit software to select a sample of employees from the database. Verify the data fields.
d
An organization's accounts payable function improved its internal controls significantly after it received an unsatisfactory audit report. When planning a follow-up audit of the function, what level of detection risk should be expected if the audit and sampling procedures used are unchanged from the prior audit? A. Detection risk is lower because control risk is lower. B. Detection risk is lower because control risk is higher. C. Detection risk is higher because control risk is lower. D. Detection risk is unchanged although control risk is lower.
d