CIA Test Bank I

Which of the following activities undertaken by the internal auditor might be in conflict with the standard of independence? a. Risk management consultant. b. Product development team leader. c. Ethics advocate. d. External audit liaison.

b. Correct. In some circumstances, such as a product development team, the role of team leader or member may conflict with the independence attribute of the internal audit activity. The auditor can participate as a consultant to the team but should not participate as a team leader. a. Incorrect. This does not conflict with the independence of the internal audit activity. c. Incorrect. To improve the ethical climate, the internal auditor should assume the role of ethics advocate, which therefore does not conflict with the independence of the internal audit activity. d. Incorrect. This does not conflict with the independence of the internal audit activity as the internal and external audit functions both share information and work collaboratively outside of the influence of management.

Which of the following is not a role of the internal audit activity in best practice governance activities? a. Support the board in enterprise-wide risk assessment. b. Ensure the timely implementation of audit recommendations. c. Monitor compliance with the corporate code of conduct. d. Discuss areas of significant risks.

b. Correct. It is the role of management to ensure the timely implementation of the audit recommendations. The internal audit activity is responsible for the development of a timely procedure to monitor the disposition of the audit recommendations. The internal audit activity works with senior management and the audit committee to ensure that audit recommendations receive appropriate attention. a. Incorrect. The internal audit activity performs this role. The board and management are responsible for the identification of an appropriate risk model and methodology. c. Incorrect. The internal audit activity should monitor compliance with the corporate code of conduct set by the board and management. d. Incorrect. The internal audit activity is responsible for discussing significant financial, technical, and operational risks and exposures and the plans to minimize such risks.

When faced with an imposed scope limitation, a chief audit executive should: a. Delay the engagement until the scope limitation is removed. b. Communicate the potential effects of the scope limitation to the audit committee of the board of directors. c. Increase the frequency of auditing the activity in question. d. Assign more experienced personnel to the engagement.

b. Correct. Practice Advisory 1130-1.3 states that a scope limitation and its potential effects should be communicated to the audit committee of the board of directors. a. Incorrect. The engagement may be conducted under a scope limitation. c. Incorrect. A scope limitation would not necessarily cause the need for more frequent audit engagements. d. Incorrect. A scope limitation would not necessarily cause the need for more experienced personnel.

In which of the following situations would an auditor potentially lack objectivity? a. An auditor reviews the procedures for a new electronic data interchange connection to a major customer before it is implemented. b. A former purchasing assistant performs a review of internal controls over purchasing four months after being transferred to the internal audit activity. c. An auditor recommends standards of control and performance measures for a contract with a service organization for the processing of payroll and employee benefits. d. A payroll accounting employee assists an auditor in verifying the physical inventory of small motors.

b. Correct. Practice Advisory 1130.A1-1.3 states that persons transferred to the internal audit activity should not be assigned to audit those activities that they previously performed until a reasonable period of time (at least one year) has elapsed. a. Incorrect. Practice Advisory 1130.A1-1.4 states that the internal auditor's objectivity is not adversely affected when the auditor reviews procedures before they are implemented. c. Incorrect. Practice Advisory 1130.A1-1.4 states that the internal auditor's objectivity is not adversely affected when the auditor recommends standards of control for systems before they are implemented. d. Incorrect. Use of staff from other areas to assist the internal auditor does not impair objectivity, especially when the staff is from outside the area being audited.

Who has primary responsibility for providing information to the audit committee on the professional and organizational benefits of coordinating internal audit assurance and consulting activities with other assurance and consulting activities? a. The external auditor. b. The chief audit executive. c. The chief executive officer. d. Each assurance and consulting function.

b. Correct. Practice Advisory 2060-2.5 recommends that the chief audit executive provide the audit committee with information on the coordination with and oversight of other control and monitoring functions. a. Incorrect. The responsibility for ensuring that the internal audit activity's professional and organizational responsibilities maximize the benefits that can be achieved from coordination with other assurance consulting activities lies with the chief audit executive, according to Practice Advisory 2050-1.3. Comments on this should always form part of any activity reports by the chief audit executive to the audit committee. c. Incorrect. The chief executive officer would not normally be responsible for planning, work, and coordination related to internal audit assurance and consulting engagements or coordination with other assurance and consulting activities. d. Incorrect. Not all other assurance and consulting activities are organizationally responsible to the audit committee for their work, and they may not have the opportunity to report information directly to the audit committee.

Which of the following would minimize defects in finished goods caused by poor quality raw materials? a. Documented procedures for the proper handling of work-in-process inventory. b. Required material specifications for all purchases. c. Timely follow-up on all unfavorable usage variances. d. Determination of the amount of spoilage at the end of the manufacturing process

b. Correct. Specifications for materials purchased provide an objective means of determining that the materials meet the minimum quality level required for production. a. Incorrect. This would not ensure that raw materials are of sufficient quality. c. Incorrect. This would only help ensure that raw materials are used in the proper quantities. d. Incorrect. This would only permit proper determination of spoilage after raw materials have been used in production.

The most important reason for the chief audit executive to ensure that the internal audit department has adequate and sufficient resources is to: a. Ensure that the function is adequately protected from outsourcing. b. Demonstrate sufficient capability to meet the audit plan requirements. c. Establish credibility with the audit committee and management. d. Fulfill the need for effective succession planning.

b. Correct. Standard 2030 requires that resources be adequate and sufficient. a. Incorrect. The decision to outsource the internal audit function is not primarily based on existing resources. c. Incorrect. The amount of resources is not a significant factor in establishing credibility. d. Incorrect. Succession planning is not related to the amount of audit resources.

Which of the following is not true with regard to the internal audit charter? a. It defines the authorities and responsibilities for the internal audit activity. b. It specifies the minimum resources needed for the internal audit activity. c. It provides a basis for evaluating the internal audit activity. d. It should be approved by senior management and the board.

b. Correct. The internal audit manual and annual audit plan help in determining the resource requirements. The internal audit charter defines the necessary authorities and responsibilities, role and responsibility of the internal audit activity and acts as a benchmark for evaluating the audit function and should be approved by senior management and by the board.

During an assessment of the risk associated with sales contracts and related commissions, which of the following factors would most likely result in an expansion of the engagement scope? a. An increase in product sales, along with an increase in commissions. b. An increase in sales returns, along with an increase in commissions. c. A decrease in sales commissions, along with a decrease in product sales. d. A decrease in sales returns, along with an increase in product sales.

b. Correct. These trends may indicate inflated sales figures. a. Incorrect. These trends would not result in scope expansion, because they are compatible. c. Incorrect. These trends would not result in scope expansion, because they are compatible. d. Incorrect. These trends would not result in scope expansion, because they are compatible

Which of the following is an appropriate statement of an audit engagement objective? a. To observe the physical inventory count. b. To determine whether inventory stocks are sufficient to meet projected sales. c. To search for the existence of obsolete inventory by computing inventory turnover by product line. d. To include information about stockouts in the engagement final communication.

b. Correct. This is something the audit engagement is to accomplish. It is also specific since it ties the inventory balance to the criterion of meeting projected customer needs. a. Incorrect. This specifies part of an engagement program step. c. Incorrect. This is an engagement program step. d. Incorrect. This is a specification for the engagement final communication.

In deciding whether to schedule the purchasing or the personnel department for an audit engagement, which of the following would be the least important factor? a. There have been major changes in operations in one of the departments. b. The audit staff has recently added an individual with expertise in one of the areas. c. There are more opportunities to achieve operating benefits in one of the departments than in the other. d. The potential for loss is significantly greater in one department than in the other.

b. Correct. While auditor skills should be considered in the planning process, audit needs - not auditor skill availability - should drive engagement work schedules in a risk-based audit plan. a. Incorrect. This is an important factor according to Practice Advisory 2010-1.4. c. Incorrect. This is an important factor according to Practice Advisory 2010-1.4. d. Incorrect. This is an important factor according to Practice Advisory 2010-1.4.

Management and the board of directors are responsible for following up on observations and recommendations made by the external auditors. What role, if any, should the internal audit activity have in this process? a. The internal audit activity should have no role in this process in order to ensure independence. b. The internal audit activity should only become involved if the chief audit executive has sufficient evidence that the follow-up is not occurring. c. The internal audit activity should establish a monitoring process to review the adequacy and effectiveness of management's follow-up actions. d. The internal audit activity should become involved only if specifically requested by management or the board of directors.

c. Correct. A chief audit executive should establish a follow-up process to monitor the adequacy, effectiveness, and timeliness of actions taken by management on reported engagement observations and recommendations, including those made by the external auditors and others.

During a review of contracts, a chief audit executive (CAE) suspects that a supplier was given an unfair advantage in bidding on a contract. After learning that the chief executive officer (CEO) of the company is a member of the supplier's board of directors, how should the CAE proceed? a. Submit a draft report to senior management, excluding the CEO. b. Contact the organization's external auditors for assistance. c. Obtain supporting documentation and present the finding to the chairperson of the audit committee. d. Immediately notify the board of directors.

c. Correct. A draft of the proposed report on fraud or conflict-of-interest situations should be submitted to the chairman of the audit committee as a next step in light of the CEO's position in the company. a. Incorrect. The chief executive officer (CEO) is a member of senior management. Other members of senior management may receive a final report that has been reviewed and approved by legal counsel. b. Incorrect. External auditors should not be contacted. External auditors may be given a final report that has been reviewed and approved by legal counsel. d. Incorrect. Supporting documentation would be necessary before informing the audit committee or the board.

An internal auditor plans to conduct an audit of the adequacy of controls over investments in new financial instruments. Which of the following would not be required as part of such an engagement? a. Determine if policies exist which describe the risks the treasurer may take and the types of instruments in which the treasurer may make investments. b. Determine the extent of management oversight over investments in sophisticated instruments. c. Determine whether the treasurer is getting higher or lower rates of return on investments than are treasurers in comparable organizations. d. Determine the nature of controls established by the treasurer to monitor the risks in the investments.

c. Correct. Although this might be informational, there is no need to develop a comparison of investment returns with other organizations. Indeed, some financial investment scandals show that such comparisons can be highly misleading because high returns were due to taking on a high level of risk. Also, this is not a test of the adequacy of the controls. a. Incorrect. Since new financial instruments are very risky, the first step of such an engagement should be to determine the nature of policies established for the investments. b. Incorrect. Oversight by a management committee is an important control. Therefore, the auditor should determine the nature of the oversight set up to monitor and authorize such investments. d. Incorrect. A fundamental control concept over cash-like assets is that someone establishes a mechanism to monitor the risks.

As part of a company-sponsored award program, an internal auditor was offered an award of significant monetary value by a division in recognition of the cost savings that resulted from the auditor's recommendations. According to the Professional Practices Framework, what is the most appropriate action for the auditor to take? a. Accept the gift since the engagement is already concluded and the report issued. b. Accept the award under the condition that any proceeds go to charity. c. Inform audit management and ask for direction on whether to accept the gift. d. Decline the gift and advise the division manager's superior.

c. Correct. Audit management should be consulted for guidance. a. Incorrect. Audit management should always be informed concerning any such offers. b. Incorrect. Audit management should always be informed concerning any such offers. d. Incorrect. This could erode the audit function's relationship with the division in question. Audit management should first be informed and consulted for guidance.

To ensure that due professional care has been taken at all times during an engagement, the internal auditor should always: a. Ensure that all financial information related to the audit is included in the audit plan and examined for nonconformance or irregularities. b. Ensure that all audit tests are fully documented. c. Consider the possibility of nonconformance or irregularities at all times during an engagement. d. Communicate any noncompliance or irregularity discovered during an engagement promptly to the audit committee.

c. Correct. Considering the possibility of nonconformance or material irregularities at all times during an engagement is the only way of demonstrating that due professional care has been taken in an internal audit assignment, according to Practice Advisory 1220-1.2. a. Incorrect. The automatic inclusion of financial information in an audit does not guarantee that due professional care has been achieved for the audit as a whole. b. Incorrect. Keeping detailed working papers does not ensure that due professional care has been taken during the tests. d. Incorrect. Due professional care does not require that all instances of noncompliance or irregularity be reported to the audit committee.

To improve audit efficiency, internal auditors can rely upon the work of external auditors that is: a. Performed after the internal audit engagement. b. Primarily concerned with operational objectives and activities. c. Coordinated with internal audit activity. d. Conducted in accordance with the IIA Code of Ethics.

c. Correct. Coordinating internal and external audit work helps to prevent duplication in coverage, thereby improving internal audit efficiency. a. Incorrect. This may lead to duplication in audit coverage. b. Incorrect. Internal auditing encompasses both financial and operational objectives and activities. Therefore, internal audit coverage could also be provided by external audit work which included primarily financial objectives and activities. d. Incorrect. External audit work is conducted in accordance with Generally Accepted Auditing Standards.

An organization's management perceives the need to make significant changes. Which of the following factors is management least likely to be able to change? a. The organization's members. b. The organization's structure. c. The organization's environment. d. The organization's technology.

c. Correct. Environment is often determined by external forces, outside the direct control of the organization. a. Incorrect. Management is able to change the organization's members. b. Incorrect. Management is able to change the organization's structure. d. Incorrect. Management is able to change the organization's technology.

A chief audit executive plans to make changes that may be perceived negatively by the audit staff. The best way to reduce resistance would be to: a. Develop the new approach fully before presenting it to the audit staff. b. Ask the chief executive officer (CEO) to approve the changes and have the CEO attend the departmental staff meeting when they are presented. c. Approach the staff with the general idea and involve them in the development of the changes. d. Get the internal audit activity's clients to support the changes.

c. Correct. Involving the staff in the change from the beginning will reduce their resistance to change. a. Incorrect. Developing the plan then presenting it to the audit staff would not help reduce their resistance to change. b. Incorrect. Involving the CEO will not necessarily reduce the audit staff's resistance to change. d. Incorrect. Involving the internal audit activity's clients will not necessarily reduce the audit staff's resistance to change.

When a risk assessment process has been used to construct an audit engagement schedule, which of the following should receive attention first? a. The external auditors have requested assistance for their upcoming annual audit. b. A new accounts payable system is currently undergoing testing by the information technology department. c. Management has requested an investigation of possible lapping in receivables. d. The existing accounts payable system has not been audited over the past year.

c. Correct. Management's request to investigate a possible fraud in the accounts receivable unit must take precedence over the other entities. a. Incorrect. External audit requests to assist with fieldwork should be subordinate to fraud investigations. b. Incorrect. Since the new system is not yet in production, this can wait. d. Incorrect. A management request involving a fraud should take priority over a system that has not been audited over the past year.

All of the following would be part of a factory's control system to prevent release of waste water that does not meet discharge standards except: a. Performing chemical analysis of the water, prior to discharge, for components specified in the permit. b. Specifying (by policy, training, and advisory signs) which substances may be disposed of via sinks and floor drains within the factory. c. Periodically flushing sinks and floor drains with a large volume of clean water to ensure pollutants are sufficiently diluted. d. Establishing a preventive maintenance program for the factory's pretreatment system.

c. Correct. Periodic dilution may not always prevent the release of pollutants which exceed the discharge limits. a, b, d. Incorrect. Each of these individual controls, and probably others as well, help management achieve its objective of preventing the release of waste water that does not meet permit limits or other conditions. These three controls each approach the risk in different ways. Analytical results are the criteria for the decision to discharge; keeping pollutants out of the waste water will help reduce concentrations and the degree of pretreatment needed; and equipment breakdown is less likely to occur if a preventive maintenance program is in place.

A control likely to prevent purchasing agents from favoring specific suppliers is: a. Requiring management's review of a monthly report of the totals spent by each buyer. b. Requiring buyers to adhere to detailed material specifications. c. Rotating buyer assignments periodically. d. Monitoring the number of orders placed by each buyer.

c. Correct. Periodic rotation of buyer assignments will limit the opportunity for any buyer to show favoritism to a particular supplier. a. Incorrect. Total dollars committed would not detect favoritism shown to individual vendors. b. Incorrect. Detailed material specifications will not prevent buyer favoritism in placing orders. d. Incorrect. The number of orders placed is not relevant to preventing favoritism.

A chief audit executive (CAE) for a very small internal audit department has just received a request from management to perform an audit of an extremely complex area in which the CAE and the department have no expertise. The nature of the audit engagement is within the scope of internal audit activities. Management has expressed a desire to have the engagement conducted in the very near future because of the high level of risk involved. Which of the following responses by the CAE would be in violation of the Standards? a. Discuss with management the possibility of outsourcing the audit of this complex area. b. Add an outside consultant to the audit staff to assist in the performance of the audit engagement. c. Accept the audit engagement and begin immediately, since it is a high-risk area. d. Discuss the timeline of the audit engagement with management to determine if sufficient time exists in which to develop appropriate expertise.

c. Correct. Planning and executing the audit engagement without the appropriate background and skills would be in violation of Attribute Standard 1210. Attribute Standard 1210 requires that the internal audit department provide assurance that the technical proficiency and educational background of internal auditors are appropriate for the audits to be performed. The auditors do not have such expertise. a. Incorrect. Outsourcing would be an appropriate response when auditors do not possess the needed background or skills and cannot develop such skills in a timely fashion. b. Incorrect. Adding a consultant would be an appropriate response when auditors do not possess the needed background or skills and cannot develop such skills in a timely fashion. d. Incorrect. Determining whether there is sufficient time and ability to develop such skills would be an appropriate response. Internal auditors should be committed to life-long learning, and thus it would not be unreasonable to have them expand their knowledge and skill set.

The internal audit activity of a large corporation has established its operating plan and budget for the coming year. The operating plan is restricted to the following categories: a prioritized listing of all engagements, staffing, a detailed expense budget, and the commencement date of each engagement. Which of the following best describes the major deficiency of this operating plan? a. Requests by management for special projects are not considered. b. Opportunities to achieve operating benefits are ignored. c. Measurability criteria and targeted dates of completion are not provided. d. Knowledge, skills, and disciplines required to perform work are ignored.

c. Correct. Practice Advisory 2010-1.2 states that the goals of the internal audit activity, as stated in specific operating plans and budgets, should include measurement criteria and targeted dates of accomplishment. a. Incorrect. This factor would be considered in prioritizing the engagements. b. Incorrect. By reviewing staffing, prioritization of engagements, and expenses, operating benefits can be achieved. d. Incorrect. Staffing for each engagement would include this consideration.

Which of the following is not a responsibility of the chief audit executive? a. To communicate the internal audit activity's plans and resource requirements to senior management and the board for review and approval. b. To coordinate with other internal and external providers of audit and consulting services to ensure proper coverage and minimize duplication. c. To oversee the establishment, administration, and assessment of the organization's system of risk management processes. d. To follow up on whether appropriate management actions have been taken on significant reported risks.

c. Correct. Practice Advisory 2120.A1-1 states that this is the role of senior management, not the CAE. a. Incorrect. This is a responsibility of the chief audit executive (CAE), according to Standard 2020. b. Incorrect. This is a responsibility of the CAE, according to Standard 2050. d. Incorrect. This is a responsibility of the CAE, according to Standard 2500.

What is residual risk? a. Impact of risk. b. Risk that is under control. c. Risk that is not managed. d. Underlying risk in the environment.

c. Correct. Residual risk is that risk left over after all controls and risk management techniques have been applied. a. Incorrect. The impact of risk is its consequence. b. Incorrect. Risk that is under control is managed risk. d. Incorrect. The underlying risk is the absolute risk.

The internal audit activity has recently experienced the departure of two internal auditors who cannot be immediately replaced due to budget constraints. Which of the following is the least desirable option for efficiently completing future engagements, given this reduction in resources? v a. Using self-assessment questionnaires to address audit objectives. b. Employing information technology in audit planning, sampling, and documentation. c. Eliminating consulting engagements from the engagement work schedule. d. Filling vacancies with personnel from operating departments that are not being audited.

c. Correct. The audit schedule should only be reduced as a last resort once all other viable alternatives have been explored, including the request for additional resources. a. Incorrect. Self-assessment questionnaires are a means of efficiently addressing the objectives of certain internal audits. b. Incorrect. Use of technology is an appropriate means of achieving efficiencies in audit execution. d. Incorrect. Using operating personnel with internal audit interest and corporate experience is an appropriate way to enhance internal audit resources.

An auditor, experienced in air-quality issues, discovered a significant lack of knowledge about legal requirements for controlling air emissions while interviewing the manager of the environmental, health, and safety (EHS) department. The auditor should: a. Alter the scope of the engagement to focus on activities associated with air emissions. b. Share extensive personal knowledge with the EHS manager. c. Take note of the weakness and direct additional questions to determine the potential effect of the lack of knowledge. d. Report potential violations in this area to the appropriate regulatory agency.

c. Correct. The auditor should ensure that the fieldwork is designed to identify potential instances of noncompliance and, in the closing conference, should recommend additional training for the EHS manager. a. Incorrect. It is important to maintain a broad scope and not reduce scope prematurely. b. Incorrect. While the auditor may be able to contribute to the environmental, health, and safety (EHS) manager's knowledge of pertinent air-quality matters, it is much more important during this phase of the engagement to learn what the manager does. d. Incorrect. It is not appropriate for an auditor to report violations or potential violations to regulatory agencies. Such matters are the responsibility of company counsel.

The control that would most likely ensure that payroll checks are written only for authorized amounts is to: a. Conduct periodic floor verification of employees on the payroll. b. Require the return of undelivered checks to the cashier. c. Require supervisory approval of employee time cards. d. Periodically witness the distribution of payroll checks.

c. Correct. The employee's supervisor would be in the best position to ensure payment of the proper amount. a. Incorrect. Employees may be properly included on payroll, but the amounts paid may be unauthorized. b. Incorrect. Undelivered checks provide no evidence regarding the validity of the amounts. d. Incorrect. Witnessing a payroll distribution would not assure that amounts paid are authorized.

An auditor, nearly finished with an engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive but performs no further follow-up. The auditor's actions would: a. Be in violation of the IIA Code of Ethics for withholding meaningful information. b. Be in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud. c. Not be in violation of either the IIA Code of Ethics or Standards. d. Both a and b.

c. Correct. There is no violation of either the Code of Ethics or the Standards. See answers "a" and "b". a. Incorrect. The auditor is not withholding information because the information has been forwarded to the chief audit executive. The information may be useful in a subsequent engagement in the marketing area. b. Incorrect. The auditor has documented a red flag that may be important in a subsequent engagement. This does not violate the Standards. d. Incorrect. See answers "a" and "b".

During a meeting of an internal audit project team, two members of the team disagree, and one accuses the other of trying to advance personal interests over the interests of the audit. The audit manager should: a. Discipline both auditors after the meeting for their lack of professional conduct. b. Continue the meeting but speak to the accusing auditor later regarding the inappropriate conduct. c. Meet with both auditors after the meeting to resolve the conflict and the inappropriate behavior. d. Stop the meeting and refer the matter to the entire team for discussion.

c. Correct. This allows both parties to discuss and resolve their differences under the supervision of the audit manager. a. Incorrect. The manager has not dealt with the behavior and has missed the opportunity for coaching and conflict resolution with both staff members. b. Incorrect. Although one auditor has behaved improperly, both auditors allowed the situation to occur and both should be involved in its resolution to protect team morale and effectiveness. d. Incorrect. This is not a matter for the entire team to address. The team may be advised after the resolution but should not be involved in a disciplinary action by the manager.

Which of the following represents the best risk assessment technique? a. Assessment of the risk levels for future events based on the extent of uncertainty of those events and their impact on achievement of long-term organizational goals. b. Assessment of inherent and control risks and their impact on the extent of financial misstatements. c. Assessment of the risk levels of current and future events, their effect on achievement of the organization's objectives, and their underlying causes. d. Assessment of the risk levels of current and future events, their impact on the organization's mission, and the potential for elimination of existing or possible risk factors.

c. Correct. This is the best response, as it takes a comprehensive approach to risk management; it not only considers the event and the impact, but also the causes. a. Incorrect. This is not the best technique, as it takes only a two-pronged approach to risk management (that is, event and impact). b. Incorrect. This is not the best technique, as it does not take a comprehensive approach to risk management. d. Incorrect. This option again takes a two-pronged approach and also talks about elimination of risks instead of mitigation of risks.

Which of the following best describes an internal auditor's purpose in reviewing the organization's existing risk management, control, and governance processes? a. To help determine the nature, timing, and extent of tests necessary to achieve engagement objectives. b. To ensure that weaknesses in the internal control system are corrected. c. To provide reasonable assurance that the processes will enable the organization's objectives and goals to be met efficiently and economically. d. To determine whether the processes ensure that the accounting records are correct and that financial statements are fairly stated.

c. Correct. This is the purpose stated in Practice Advisory 2100-1.1. a. Incorrect. This is a purpose of audit planning. b. Incorrect. Correcting control weaknesses is a function of management, not of the internal auditor. d. Incorrect. This is a basic objective from a financial accounting and auditing perspective, but is not broad enough to cover the internal auditor's entire purpose for review.

Enterprise risk management: a. Guarantees achievement of organizational objectives. b. Requires establishment of risk and control activities by internal auditors. c. Involves the identification of events with negative impacts on organizational objectives. d. Includes selection of the best risk response for the organization.

c. Correct. This option falls within the framework of risk management. a. Incorrect. Risk management processes cannot totally guarantee achievement of objectives. b. Incorrect. Involvement of internal auditors in establishing control activities would impair their independence and objectivity. d. Incorrect. Enterprise risk management is concerned not with selecting the best risk response, but with selecting the risk response that falls within the enterprise's risk appetite. It is also not selected by the audit committee but by the management team.

A chief audit executive is reviewing the following enterprise-wide risk map: Risk A - Critical; Remote Risk B - Critical; Possible Risk C - Minor; Possible Risk D - Major; Likely Which of the following is the correct prioritization of risks, considering limited resources in the internal audit activity? a. Risk B, Risk C, Risk A, Risk D. b. Risk A, Risk B, Risk C, Risk D. c. Risk D, Risk B, Risk C, Risk A. d. Risk B, Risk C, Risk D, Risk A.

c. Correct. This order ranks the risk by a combination of probability and impact. a. Incorrect. Risk D would take precedence over risk A, as it has a higher probability of occurring despite the lower impact. b. Incorrect. This is the opposite of the correct order. d. Incorrect. Risk D should be rated higher than risk C, due to probability and impact.

In assessing organizational risk in a manufacturing environment, which of the following would have the most long-range impact on the organization? a. Production scheduling. b. Inventory policy. c. Product quality. d. Advertising budget.

c. Correct. This would be a long-range planning topic because it affects market positioning. a. Incorrect. This would seldom have a long-range impact. b. Incorrect. This would rarely be a long-range concern. d. Incorrect. This is certainly a concern, but has less long-range impact than product quality

A chief audit executive (CAE) has been requested by the audit committee to conduct an engagement at a chemical factory as soon as possible. The engagement will include reviews of health, safety, and environmental (HSE) management and processes. The CAE knows that the internal audit activity does not possess the HSE knowledge necessary to conduct such an engagement. The CAE should: a. Begin the engagement and incorporate HSE training into next year's planning to prepare for a follow-up engagement. b. Suggest to the audit committee that the factory's own HSE staff conduct the engagement. c. Seek permission from the audit committee to obtain appropriate support from an HSE professional. d. Defer the engagement and tell the audit committee that it will take several months to train internal audit staff for such an engagement.

c. Correct. When a CAE recognizes that the internal audit activity does not possess the necessary knowledge and skills for a planned or requested engagement, the audit committee should be requested to approve the use of appropriate independent resources, according to Practice Advisory 1210.A1-1.1. a. Incorrect. The chief audit executive (CAE) should not begin the audit without notifying the audit committee of the knowledge issue and attempting to resolve it. b. Incorrect. This would not provide the audit committee with an independent review of the HSE management and processes. d. Incorrect. This delay may have serious consequences because of the nature of the HSE issues involved.

According to the Professional Practices Framework, the independence of the internal audit activity is achieved through: a. Staffing and supervision. b. Continuing professional development and due professional care. c. Human relations and communications. d. Organizational status and objectivity.

d. Correct. According to Practice Advisory 1100-1.1, organizational status and objectivity permit members of the internal audit activity to render the impartial and unbiased judgments essential to the proper conduct of engagements. a. Incorrect. Staffing and supervision relate to the professional proficiency of the internal audit activity. b. Incorrect. Continuing professional development and due professional care relate to the professional proficiency of the internal auditor. c. Incorrect. Human relations and communications relate to the professional proficiency of the internal auditor.

Which of the following procedures should be performed as part of a preliminary review in an audit of a bank's investing and lending activities? a. Review reports of audits performed by regulatory and outside auditors since the last internal audit engagement. b. Interview management to identify changes made in policies regarding investments or loans. c. Review minutes of the board of directors' meetings to identify changes in policies affecting investments and loans. d. All of the above.

d. Correct. All of the procedures should be performed. See Practice Advisory 2210.A1-1, which describes a preliminary review.

Many organizations use electronic funds transfer to pay their suppliers instead of issuing checks. Regarding the risks associated with issuing checks, which of the following risk management techniques does this represent? a. Controlling. b. Accepting. c. Transferring. d. Avoiding.

d. Correct. By eliminating checks, the organization avoids all risk associated with them. a. Incorrect. Eliminating checks does not represent an ongoing control b. Incorrect. Eliminating checks avoids instead of accepts the associated risk c. Incorrect. Risk is not transferred to anyone else; it is eliminated

The function of internal auditing, as related to internal financial reports, would be to: a. Ensure compliance with reporting procedures. b. Review the expenditure items and match each item with the expenses incurred. c. Determine if there are any employees expending funds without authorization. d. Identify inadequate controls that increase the likelihood of unauthorized expenditures.

d. Correct. Internal auditors are responsible for identifying inadequate controls, for appraising managerial effectiveness, and for pinpointing common risks. a. Incorrect. The Standards do not require internal auditors to ensure compliance with reporting procedures. b. Incorrect. There is no expected match of funds flows with expense items in a single time period. c. Incorrect. This would be a function of the personnel and/or finance departments.

Using the internal audit department to coordinate regulatory examiners' efforts is beneficial to the organization because internal auditors can: a. Influence the regulatory examiners' interpretation of law to match corporate practice. b. Recommend changes in scope to limit bias by the regulatory examiners. c. Perform fieldwork for the regulatory examiners and thus reduce the amount of time regulatory examiners are on-site. d. Supply evidence of adequate compliance testing through internal audit workpapers and reports.

d. Correct. Internal auditors have immediate access to workpapers and reports, which can supply evidence of compliance testing to the regulatory examiners. a. Incorrect. Internal auditors should not attempt to influence regulators' interpretations of law. b. Incorrect. Internal auditors should not attempt to influence the scope of work of the regulatory examiners. This would be unethical and a violation of the IIA Code of Ethics. c. Incorrect. Internal auditors should not perform fieldwork for regulatory examiners.

Determining that engagement objectives have been met is ultimately the responsibility of the: a. Internal auditor. b. Audit committee. c. Internal audit supervisor. d. Chief audit executive.

d. Correct. Per Practice Advisory 2340-1, the chief audit executive is responsible for supervision, including determining that engagement objectives are being met. a. Incorrect. The internal auditor may be responsible if assigned to this engagement, but does not have ultimate responsibility. b. Incorrect. The audit committee is responsible for ensuring that the objectives of the annual audit plan are met, but is not responsible for each audit engagement's objectives. c. Incorrect. The internal audit supervisor may be responsible if assigned to this engagement, but does not have ultimate responsibility

An internal auditor assigned to audit a vendor's compliance with product quality standards is the brother of the vendor's controller. The auditor should: a. Accept the assignment, but avoid contact with the controller during fieldwork. b. Accept the assignment, but disclose the relationship in the engagement final communication. c. Notify the vendor of the potential conflict of interest. d. Notify the chief audit executive of the potential conflict of interest.

d. Correct. Practice Advisory 1130-1.1 states that internal auditors should report to the chief audit executive any situations in which a conflict of interest or bias is present or may reasonably be inferred. a. Incorrect. Even if the auditor avoided contact with the controller, there would still be the appearance of conflict of interest. b. Incorrect. Situations of potential conflict of interest or bias should be avoided, not merely disclosed. c. Incorrect. Conflicts of interest should be reported to the chief audit executive, not the vendor or engagement client.

Which of the following best describes a preliminary survey? a. A standardized questionnaire used to obtain an understanding of management objectives. b. A statistical sample to review key employee attitudes, skills, and knowledge. c. A walk-through of the financial control system to identify risks and the controls that can address those risks. d. A process used to become familiar with activities and risks in order to identify areas for engagement emphasis.

d. Correct. Practice Advisory 2210.A1-1.2 states: "If appropriate, a survey should be conducted to become familiar with the activities, risks, and controls, to identify areas for engagement emphasis, and to invite comments and suggestions from engagement clients...." a. Incorrect. This may be used, but it is only one means in fulfilling the objective of a preliminary survey. Answer "d" is the most complete. b. Incorrect. See answer "a". c. Incorrect. See answer "a".

Assessments of the independence of an organization's external auditors should: a. Be carried out only when the external auditor is appointed. b. Not include any participation by the internal audit activity. c. Include the internal audit activity only when the external auditor is appointed. d. Include the internal audit activity at the time of appointment and regularly thereafter.

d. Correct. See answers "a" and "b". a. Incorrect. This assessment should be carried out at least annually. b. Incorrect. The board may request the chief audit executive (CAE) to participate in assessing the performance of the external auditors, and this may include assessment of independence. c. Incorrect. See answers "a" and "b".

Which of the following is part of an internal audit activity's quality assurance program, rather than being included as part of other responsibilities of the chief audit executive (CAE)? a. The CAE provides information about and access to internal audit workpapers to the external auditors to enable them to understand and determine the degree to which they may rely on the internal auditors' work. b. Management approves a formal charter establishing the purpose, authority, and responsibility of the internal audit activity. c. Each individual internal auditor's performance is appraised at least annually. d. Supervision of an internal auditor's work is performed throughout each audit engagement.

d. Correct. Supervision is one method of ongoing review, which is part of the internal assessment aspect of quality assurance (Practice Advisory 1311-1.1). a. Incorrect. This statement relates to the responsibility of the chief audit executive (CAE) to coordinate with external auditors (Performance Standard 2050 and related Practice Advisory 2050-1). b. Incorrect. A CAE's responsibility to seek approval of a charter which establishes authority, purpose, and responsibility (Attribute Standard 1000 and related Practice Advisory 1000-1) is not part of a quality assurance program. c. Incorrect. Individual performance appraisals are part of a CAE's responsibility toward personnel management and development (Performance Standard 2030 and related Practice Advisory 2030-1).

Which of the following statements regarding corporate governance is not correct? a. Corporate control mechanisms include internal and external mechanisms. b. The compensation scheme for management is part of the corporate control mechanisms. c. The dilution of shareholders' wealth resulting from employee stock options or employee stock bonuses is an accounting issue rather than a corporate governance issue. d. The internal auditor of a company has more responsibility than the board for the company's corporate governance.

d. Correct. The board is ultimately responsible for the company's corporate governance, not the internal auditors. a. Incorrect. Corporate control mechanisms do include internal and external mechanisms. b. Incorrect. Management's compensation scheme is part of corporate control mechanisms. c. Incorrect. The dilution of shareholder's wealth resulting from employee stock options or employee stock bonuses is an accounting issue rather than a corporate governance issue.

The function of the chief risk officer (CRO) is most effective when the CRO: a. Manages risk as a member of senior management. b. Shares the management of risk with line management. c. Shares the management of risk with the chief audit executive. d. Monitors risk as part of the enterprise risk management team.

d. Correct. The chief risk officer is most effective when supported by a specific team with the necessary expertise and experience related to organizational risk. a. Incorrect. Senior management has an oversight role in risk management. b. Incorrect. The risk knowledge at the line level would be specific only to that area of the organization. c. Incorrect. The chief audit executive (CAE) does not have the responsibility for managing risk.

Audit committees are most likely to participate in the approval of: a. Audit staff promotions and salary increases. b. The internal audit report observations and recommendations. c. Audit work schedules. d. The appointment of the chief audit executive.

d. Correct. The independence of the internal audit activity is enhanced when the audit committee participates in naming the chief audit executive. a. Incorrect. The company's chief audit executive is responsible for staff promotions. b. Incorrect. The company's chief audit executive is responsible for approving internal audit reports. c. Incorrect. This is a part of the internal audit activity's planning function.

Which of the following goals sets risk management strategies at the optimum level? a. Minimize costs. b. Maximize market share. c. Minimize losses. d. Maximize shareholder value.

d. Correct. This is a comprehensive approach and will relate to risk management strategies across the enterprise. a. Incorrect. This is not a comprehensive approach to risk management. b. Incorrect. See answer "a". c. Incorrect. See answer "a".

In an assurance engagement of treasury operations, an internal auditor is required to consider all of the following issues except: a. The audit committee has requested assurance on the treasury department's compliance with a new policy on use of financial instruments. b. Treasury management has not instituted any risk management policies. c. Due to the recent sale of a division, the amount of cash and marketable securities managed by the treasury department has increased by 350 percent. d. The external auditors have indicated some difficulties in obtaining account confirmations.

d. Correct. This is the responsibility of the external auditors and should not change what should be considered by the internal auditor. a. Incorrect. Standard 1220.A1 states that the auditor should consider the extent of work needed to achieve the engagement's objectives. This is a specific engagement objective. b. Incorrect. Standard 1220.A1 states that the auditor should consider the adequacy and effectiveness of risk management processes. c. Incorrect. Standard 1220.A1 states that the auditor should consider significance and materiality of matters to which assurance procedures are applied. This is a significant increase.

Use the following information to answer questions 29 through 30. During the planning phase, a chief audit executive (CAE) is evaluating four audit engagements based on the following factors: the engagement's ability to reduce risk to the organization, the engagement's ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parenthesis: Audit 1: Risk Reduction - High Cost Savings - Medium Changes - Low Audit 2 RR - High CS - Low Changes - High Audit 3 RR - Low CS - High Changes - Medium Audit 4 RR - Medium Cost Savings - Medium Changes - High 29. Which audit engagements should the CAE pursue if all factors are weighed equally? a. 1 and 2 only. b. 1 and 3 only. c. 2 and 4 only. d. 3 and 4 only. 30. If the organization has asked the CAE to consider the cost savings factor to be twice as important as any other factor, which engagements should the CAE pursue? a. 1 and 2 only. b. 1 and 3 only. c. 2 and 4 only. d. 3 and 4 only.

29. c. Correct. Engagements 2 and 4 have the highest overall points. a. Incorrect. The total points are less than those of engagements 2 and 4. b. Incorrect. Total points are less than the other choices. d. Incorrect. To perform engagements 3 and 4 would mean to bypass engagement 2, which ranks highest in overall points along with engagement 4. 30. d. Correct. This has the highest total points, and the engagements have medium and high potentials for cost savings. a. Incorrect. This choice involves the least total points. b. Incorrect. The total points are less than for engagements 3 and 4. c. Incorrect. The total points are less than for engagements 3 and 4. d. Correct. This has the highest total points, and the engagements have medium and high potentials for cost savings.

Use the following information to answer questions 29 through 30. During the planning phase, a chief audit executive (CAE) is evaluating four audit engagements based on the following factors: the engagement's ability to reduce risk to the organization, the engagement's ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parenthesis: Audit 1: Risk Reduction - High, Cost Savings - Medium, Changes - Low Audit 2 RR - High, CS - Low, Changes - High Audit 3 RR - Low, CS - High, Changes - Medium Audit 4 RR - Medium, CS - Medium, Changes - High 29. Which audit engagements should the CAE pursue if all factors are weighed equally? a. 1 and 2 only. b. 1 and 3 only. c. 2 and 4 only. d. 3 and 4 only. 30. If the organization has asked the CAE to consider the cost savings factor to be twice as important as any other factor, which engagements should the CAE pursue? a. 1 and 2 only. b. 1 and 3 only. c. 2 and 4 only. d. 3 and 4 only.

29. c. Correct. Engagements 2 and 4 have the highest2 overall points. a. Incorrect. The total points are less than those of engagements 2 and 4. b. Incorrect. Total points are less than the other choices. d. Incorrect. To perform engagements 3 and 4 would mean to bypass engagement 2, which ranks highest in overall points along with engagement 4. 30. d. Correct. This has the highest total points, and the engagements have medium and high potentials for cost savings. a. Incorrect. This choice involves the least total points. b. Incorrect. The total points are less than for engagements 3 and 4. c. Incorrect. The total points are less than for engagements 3 and 4.

Use the following information to answer questions 61 through 62. The marketing department for a major retailer assigns separate product managers for each product line. Product managers are responsible for ordering products and determining retail pricing. Each product manager's purchasing budget is set by the marketing manager. Products are delivered to a central distribution center where goods are segregated for distribution to the company's 52 department stores. Because receipts are recorded at the distribution center, the company does not maintain a receiving function at each store. Product managers are evaluated on a combination of sales and gross profit generated from their product lines. Many products are seasonal and individual store managers can require that seasonal products be removed to make space for the next season's products. 61. Which of the following is a control deficiency in this situation? a. The store manager can require items to be removed, thus affecting the potential performance evaluation of individual product managers. b. The product manager negotiates the purchase price and sets the selling price. c. Evaluating product managers by total gross profit generated by product line will lead to dysfunctional behavior. d. There is no receiving function located at individual stores. 62. Requests for purchases beyond those initially budgeted must be approved by the marketing manager. This procedure: I. Should provide for the most efficient allocation of scarce organizational resources. II. Is a detective control procedure. III. Is unnecessary because each product manager is evaluated on profit generated. a. I only. b. III only. c. II and III only. d. I, II, and III.

61. d. Correct. There is the possibility that goods could be diverted from the distribution center and not delivered to the appropriate retail store. a. Incorrect. Goods are seasonal and store space is limited. This is a constraint that is consistent with maximizing revenue and profitability for the organization. b. Incorrect. The product manager is evaluated based on sales and gross profit; thus, there is no conflict with performing both of these duties. c. Incorrect. Evaluating the product managers on gross profit and budgeted sales attaches responsibility to the manager. 62. A. I. Correct. The organization has two scarce resources to allocate: (a) its purchasing budget (constrained by financing ability) and (b) space available in retail stores. Thus, there is a need for a mechanism to allocate these two scarce resources to maximize the overall return to the organization. This is the proper mechanism. II. Incorrect. This is a preventive control, not a detective control. III. Incorrect. The gross profit evaluation is effective in evaluating the manager but does not address the two major constraints identified in statement I.

Use the following information to answer questions 87 through 88. The manager of a production line has the authority to order and receive replacement parts for all machinery that require periodic maintenance. The internal auditor received an anonymous tip that the manager ordered substantially more parts than were necessary from a family member in the parts supply business. The unneeded parts were never delivered. Instead, the manager processed receiving documents and charged the parts to machinery maintenance accounts. The payments for the undelivered parts were sent to the supplier, and the money was divided between the manager and the family member. 87. Which of the following internal controls would have most likely prevented this fraud from occurring? a. Establishing predefined spending levels for all vendors during the bidding process. b. Segregating the receiving function from the authorization of parts purchases. c. Comparing the bill of lading for replacement parts to the approved purchase order. d. Using the company's inventory system to match quantities requested with quantities received. 88. Which of the following tests would best assist the auditor in deciding whether to investigate this anonymous tip further? a. Comparison of the current quarter's maintenance expense with prior-period activity. b. Physical inventory testing of replacement parts for existence and valuation. c. Analysis of repair parts charged to maintenance to review the reasonableness of the number of items replaced. d. Review of a test sample of parts invoices for proper authorization and receipt.

87. b. Correct. Additional authorization would be the most likely choice in preventing the fraud. a. Incorrect. Predefined spending levels would probably already include the fraudulent amounts and would only limit the size of the fraud. c. Incorrect. The bill of lading would agree with the purchase order. The quantity received (verified by a third party) should be compared to both the bill of lading and the purchase order. d. Incorrect. The computer matching would only verify the fraudulent paperwork. 88. c. Correct. An analysis of repair parts charged to maintenance would quantify the excessive number of items and detect that abuse may be occurring. a. Incorrect. The current quarter's expense would equal the prior period's activity unless the manager just started this fraud. The auditor has no information on how long this might have been occurring. b. Incorrect. Physical testing would not locate nonexistent parts that have already been charged to maintenance. d. Incorrect. Lack of segregation of duties allowed the fraud to occur. The manager was authorized to process both the purchase and receipt, so the test would only verify the fraudulent paperwork.

A company maintains production data on personal computers, connected by a local area network (LAN), and uses the data to generate automatic purchases via electronic data interchange. Purchases are made from authorized vendors based on production plans for the next month and on an authorized materials requirements plan (MRP) which identifies the parts needed for each unit of production. 94. The production line has experienced shutdowns because needed production parts were not on hand. Which of the following audit procedures would best identify the cause of the parts shortages? a. Determine if access controls are sufficient to restrict the input of incorrect data into the production database. b. Use generalized audit software to develop a complete list of the parts shortages that caused each of the production shutdowns, and analyze this data. c. Select a random sample of parts on hand per the personal computer databases and compare with actual parts on hand. d. Select a random sample of production information for selected days and trace input into the production database maintained on the LAN. 95. Which of the following audit procedures would be most effective in determining if purchasing requirements have been updated for changes in production techniques? a. Recalculate parts needed based on current production estimates and the MRP for the revised production techniques. Compare these needs with purchase orders generated from the system for the same period. b. Develop test data to input into the LAN and compare purchase orders generated from test data with purchase orders generated from production data. c. Use generalized audit software to develop a report of excess inventory. Compare the inventory with current production volume. d. Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate.

94. b. Correct. This procedure would establish the cause of the problem. a. Incorrect. Access controls are tangential to the issue. Authorized, but incorrect data, could also be the problem. c. Incorrect. This would provide useful information, but it is not as comprehensive as answer "b". Further, answer "b" provides more information on the cause. d. Incorrect. This tests only one source of the data inaccuracy (that is, the input of production data); other sources of potential error are ignored. 95. b. Correct. This procedure would establish the cause of the problem. a. Incorrect. Access controls are tangential to the issue. Authorized, but incorrect data, could also be the problem. c. Incorrect. This would provide useful information, but it is not as comprehensive as answer "b". Further, answer "b" provides more information on the cause. d. Incorrect. This tests only one source of the data inaccuracy (that is, the input of production data); other sources of potential error are ignored.

Which of the following statements is correct regarding corporate compensation systems and related bonuses? I. A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control. II. Compensation systems are not part of an organization's control system and should not be reported as such. III. An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses. a. I only. b. II only. c. III only. d. II and III only.

A. I only I. Correct. Compensation systems influence behavior and should be considered an integral part of an organization's control structure. Thus, it should be considered as an important part of the control structure over derivatives trading. II. Incorrect. Compensation systems are part of the organization's control systems. III. Incorrect. Audits of the compensation systems can be combined with an audit over other functions that impact corporate bonuses.

Company A has a formal corporate code of ethics while company B does not. The code of ethics covers such things as purchase agreements and relationships with vendors as well as many other issues to guide individual behavior within the company. Which of the following statements can be logically inferred? I. Company A exhibits a higher standard of ethical behavior than does company B. II. Company A has established objective criteria by which an employee's actions can be evaluated. III. The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company. a. II only. b. III only. c. I and II only. d. II and III only.

A. II only I. Incorrect. The existence of a corporate code of ethics, by itself, does not ensure higher standards of ethical behavior. It must be complemented by follow-up policies and monitoring activities to ensure adherence to the code. II. Correct. A formalized corporate code of ethics presents objective criteria by which actions can be evaluated and would thus serve as criteria against which activities could be evaluated. III. Incorrect. Standards which would influence individual actions can occur in other places than the corporate code of ethics. For example, there may be defined policies regarding purchasing activities that may serve the same purpose as a code of ethics. These policies also serve as criteria against which activities may be evaluated.

To promote a positive image within an organization, a chief audit executive (CAE) planned to conduct assurance engagements that highlighted potential costs to be saved. Negative observations were to be omitted from engagement final communications. Which action taken by the CAE would be considered a violation of the Standards? I. The focus of the audit engagements was changed without modifying the charter or consulting the audit committee. II. Negative observations were omitted from the engagement final communications. III. Cost savings recommendations were highlighted in the engagement final communications. a. I only. b. I and II only. c. I and III only. d. II and III only.

B. I, II. Correct. The chief audit executive (CAE) dramatically changed the nature of the audit function without consulting the audit committee or modifying the internal audit charter. Attribute Standard 1000 states that the purpose, authority, and responsibility of the internal audit activity should be formally defined in a charter, consistent with the Standards, and approved by the board. Performance Standard 2400 requires that internal auditors communicate the engagement results. Performance Standard 2420 states that communications should be accurate, objective, clear, concise, constructive, complete, and timely. Practice Advisory 2420-1 states that complete communications are lacking nothing that is essential to the target audience and include all significant and relevant information and observations to support recommendations and conclusions . III. Incorrect. Highlighting potential cost savings is appropriate for an engagement final communication.

Which of the following activities are designed to provide feedback on the effectiveness of an internal audit function? I. Proper supervision. II. Proper training. III. Internal assessments. IV. External assessments. a. I, II, and III only. b. I, II, and IV only. c. I, III, and IV only. d. II, III, and IV only.

C. I, III, IV I. Correct. Quality assurance programs are designed to provide feedback on the effectiveness of an internal audit function. A quality assurance program should include supervision, which provides day-to-day feedback. II. Incorrect. Proper training is important but it does not provide feedback. III. Correct. A quality assurance program should include internal assessments. IV. Correct. A quality assurance program should include external assessments

A chief audit executive (CAE) uses a risk assessment model to establish the annual audit plan. Which of the following would be an appropriate action by the CAE? I. Maintain ongoing dialogue with management and the audit committee. II. Ensure that the schedule of audit priorities remains unchanged. III. Employ only quantitative methods to determine risk weightings. IV. Revise the risk assessment and audit priorities as warranted. a. III only. b. I and II only. c. I and IV only. d. III and IV only.

C. I, IV. Correct. It is a best practice for risk assessment to be a dynamic process, changing over time and as new information, business strategies, and risks are identified. Ongoing consultation with members of management and the audit committee is a way for the internal audit activity to obtain such information and stay attuned to organizational developments that may impact existing audit priorities. In order to accommodate such emerging priorities, the work schedule may need to be altered. II. Incorrect. Audit schedules will likely change regularly to meet the needs of the organization, particularly if based on an effective risk assessment process. III. Incorrect. The weighting of risk is both a quantitative and a qualitative (judgment) exercise.

Which of the following comments is correct regarding the assessment of risk associated with two projects that are competing for limited audit resources? I. Activities that are requested by the audit committee should always be considered higher risk than those requested by management. II. Activities with higher dollar budgets should always be considered higher risk than those with lower dollar budgets. III. Risk should always be measured by the potential dollar or adverse exposure to the organization. a. I only. b. II only. c. III only. d. I and III only.

C. III. Correct. Practice Advisory 2010-2 advises that the degree or materiality of exposure is an important component of risk. I. Incorrect. Requests from management and the audit committee should both be considered by the internal audit activity. Although an audit committee request is important, it is not always more important, nor does it always imply higher risk. II. Incorrect. Risk is measured by the potential exposure to the organization. The size of the departmental budget is an important determinant, but is not a sufficient determinant.

The internal audit activity should contribute to the organization's governance process by evaluating the processes through which: I. Ethics and values are promoted. II. Effective organizational performance management and accountability are ensured. III. Risk and control information is communicated. IV. Activities of the external and internal auditors and management are coordinated. a. I only. b. IV only. c. II and III only. d. I, II, III, and IV.

D. I, II, III, IV I. Correct. Evaluating whether ethics and values are promoted would contribute to corporate governance, according to Standard 2130. II. Correct. Evaluating the effectiveness of organizational performance management and accountability would contribute to corporate governance, according to Standard 2130. III. Correct. Evaluating how risk and control information is communicated would contribute to corporate governance, according to Standard 2130. IV. Correct. Evaluating the coordination of the external and internal auditors and management would contribute to corporate governance, according to Standard 2130.

The Standards require that internal auditors possess which of the following skills? I. Internal auditors should understand human relations and be skilled in dealing with people. II. Internal auditors should be able to recognize and evaluate the materiality and significance of deviations from good business practices. III. Internal auditors should be experts on subjects such as economics, commercial law, taxation, finance, and information technology. IV. Internal auditors should be skilled in oral and written communication. a. II only. b. I and III only. c. III and IV only. d. I, II, and IV only.

D. I, II, IV. Correct. Internal auditors are expected to be able to recognize good business practices, understand human relations, and be skilled in oral and written communications. III. Incorrect. Internal auditors are not expected to be experts in a wide variety of fields related to their audit responsibilities.

Which of the following observations by an auditor is most likely to indicate the existence of control weaknesses over safeguarding of assets? I. A service department's location is not well suited to allow adequate service to other units. II. Employees hired for sensitive positions are not subjected to background checks. III. Managers do not have access to reports that profile overall performance in relation to other benchmarked organizations. IV. Management has not taken corrective action to resolve past engagement observations related to inventory controls. a. I and II only. b. I and IV only. c. II and III only. d. II and IV only.

D. II and IV II. Correct. This is a symptom of weak controls for safeguarding of assets. IV. Correct. Management's failure to take corrective action on past engagement observations, which related to safeguarding of assets, is a weakness related to safeguarding of assets. I. Incorrect. This is a symptom of weak controls for achieving organizational goals and objectives, but not for safeguarding of assets. III. Incorrect. This is a symptom of weak controls for achieving organizational goals and objectives, but not for safeguarding of assets.

Audit engagement programs testing internal controls should: a. Be tailored for the audit of each operation. b. Be generalized to fit all situations without regard to departmental lines. c. Be generalized so as to be usable at various international locations of an organization. d. Reduce costly duplication of effort by ensuring that every aspect of an operation is examined.

a. Correct. A tailored program will be more relevant to an operation than will a generalized program. b. Incorrect. A generalized program cannot take into account variations resulting from changing circumstances and varied conditions. c. Incorrect. A generalized program cannot take into account variations in circumstances and conditions. d. Incorrect. Every aspect of an operation need not be examined — only those likely to conceal problems and difficulties.

An auditor has been assigned to analyze the effectiveness of a set of rehabilitation programs. The programs have been in operation for ten years and have not been evaluated. The organization providing the program data asserts that the data are incomplete. The auditor should: a. Perform the analysis anyway, assessing the effects of the incomplete data, but disclaim any assertion regarding data reliability. b. Trace a randomly chosen set of records to source files to assess the accuracy and completeness of the data provided. c. Not perform the analysis. d. Postpone the analysis until data are complete.

a. Correct. After ten years, the program's effectiveness needs to be assessed. If the auditor assesses the effects of the incompleteness of the data as the auditor evaluates it and disclaims the reliability, the auditor will provide readers with some assessment of effectiveness without misleading readers about the interpretability of the data. b. Incorrect. The organization has already asserted that the data are incomplete. This step would be redundant. c. Incorrect. Many times auditors need to work with imperfect data. A program that has continued for ten years needs assessment. As long as the auditor assesses the effects of the incomplete data and disclaims the reliability of the data clearly in the report, the analysis may prove useful without being misleading. d. Incorrect. See answer "c".

Which of the following actions would be a violation of auditor independence? a. Continuing on an audit assignment at a division for which the auditor will soon be responsible as the result of a promotion. b. Reducing the scope of an engagement due to budget restrictions. c. Participating on a task force which recommends standards of control for a new distribution system. d. Reviewing a purchasing agent's contract drafts prior to their execution.

a. Correct. An auditor who has been promoted to an operating department should not continue on an audit of that department. According to Practice Advisory 1130-1.1, the chief audit executive should reassign auditors if a conflict of interest or bias may be reasonably inferred. b. Incorrect. Budget restrictions do not constitute a violation of an auditor's independence. c. Incorrect. Practice Advisory 1130.A1-1.4 states that an auditor may recommend standards of control for new systems. However, designing, installing, or operating such systems might impair objectivity. d. Incorrect. An auditor may review contracts prior to their execution.

Which of the following is the best reason for the chief audit executive to consider the strategic plan in developing the annual audit plan? a. To ensure that the internal audit plan supports the overall business objectives. b. To ensure that the internal audit plan will be approved by senior management. c. To make recommendations to improve the strategic plan. d. To emphasize the importance of the internal audit function.

a. Correct. Considering the strategic plan in the development of the internal audit plan will ensure that the audit objectives support the overall business objectives stated in the strategic plan. b. Incorrect. This action may make the internal audit plan fit better with the strategic plan but may not have an effect on management's approval. c. Incorrect. Although the chief audit executive (CAE) may make recommendations to improve the strategic plan, this is not the primary purpose of the CAE reviewing the plan. d. Incorrect. Although the importance of the internal audit function may be increased by such action, this is not the primary reason for the action.

If an auditor's preliminary evaluation of internal controls results in an observation that controls may be inadequate, the next step would be to: a. Expand audit work prior to the preparation of an engagement final communication. b. Prepare a flowchart depicting the internal control system. c. Note an exception in the engagement final communication if losses have occurred. d. Implement the desired controls.

a. Correct. If the preliminary evaluation indicates control problems, the auditor usually decides to perform some expanded testing. b. Incorrect. If a flowchart were necessary, the auditor would have prepared one during the preliminary evaluation. c. Incorrect. The auditor is not ready to make a report until more work has been performed. d. Incorrect. Auditors do not implement controls; that is a function of management.

In a well-developed management environment, the internal audit activity would: a. Report the results of an audit engagement to line management as well as to senior management. b. Conduct initial audits of new computer systems after they have begun operating. c. Interface primarily with senior management, minimizing interactions with line managers who are the subjects of internal audit work. d. Focus primarily on asset management and report results to the audit committee.

a. Correct. In a well-developed management system, the internal auditing function is used to provide a more direct benefit to line operations by providing feedback to operating management as well as to senior management. b. Incorrect. Emphasis should be placed on the audits of proposed products and systems. These early examinations could be used to determine the feasibility and/or desirability of changes before these changes are implemented. c. Incorrect. The role of the internal auditor involves interfacing with management at the operating level as well as at the senior level. d. Incorrect. Asset management would not be a primary focus of the internal audit activity.

Appropriate internal control for a multinational corporation's branch office that has a monetary transfer unit requires that: a. The individual who initiates wire transfers not reconcile the bank statement. b. The branch manager receive all wire transfers. c. Foreign currency rates be computed separately by two different employees. d. Corporate management approve the hiring of monetary transfer unit employees.

a. Correct. Independent reconciliation of bank accounts is necessary for good internal control. b. Incorrect. This is not an important internal control consideration. c. Incorrect. Foreign currency translation rates are not computed, but instead verified. Having two employees in the same department perform the same task will not significantly enhance internal control. d. Incorrect. This is not an important internal control consideration

Which of the following fraudulent entries is most likely to be made to conceal the theft of an asset? a. Debit expenses, and credit the asset. b. Debit the asset, and credit another asset account. c. Debit revenue, and credit the asset. d. Debit another asset account, and credit the asset.

a. Correct. Most fraud perpetrators would attempt to conceal their theft by charging it against an expense account. b. Incorrect. Debiting the stolen asset account would be going in the wrong direction to conceal an asset theft. c. Incorrect. An entry decreasing revenue would be unusual and would stand out. d. Incorrect. This entry would not permanently conceal the fraud. It would simply shift the unreconcilible balance to another asset account.

Which of the following represents the best governance structure? Operating Executive Internal Management Management Auditing Operating management, Executive Management, Internal Auditing a. Responsibility for risk, Oversight Role, Advisory Role b. Oversight role, Responsibility for risk, advisory role c. Responsibility for risk, Advisory role, oversight role d. Over sight role, advisory role, responsibility for risk

a. Correct. Operating management is responsible for risk management, executive management is responsible for oversight, and internal auditors serve in the capacity of oversight and advisory roles. b. Incorrect. Operating management performs the implementation role in risk management. c. Incorrect. Internal auditors are generally involved in the assurance and advisory role. d. Incorrect. Operating management is not involved in the oversight role.

The primary reason that a bank would maintain a separate compliance function is to: a. Better manage perceived high risks. b. Strengthen controls over the bank's investments. c. Ensure the independence of line and senior management. d. Better respond to shareholder expectations.

a. Correct. Organizations such as brokers, banks, and insurance companies may view risks as sufficiently critical to warrant continuous oversight and monitoring. b. Incorrect. A separate compliance function may have recommendations to help strengthen controls but this is not their primary purpose. c. Incorrect. Management is not independent as risk management is their direct responsibility. d. Incorrect. This will help respond to shareholder needs, but it is not the primary reason for establishing the compliance function.

The requirement that purchases be made from suppliers on an approved vendor list is an example of a: a. Preventive control. b. Detective control. c. Corrective control. d. Monitoring control.

a. Correct. Preventive controls are actions taken prior to the occurrence of transactions with the intent of stopping errors from occurring. Use of an approved vendor list is a control to prevent the use of unacceptable suppliers. b. Incorrect. A detective control is a control that identifies errors after they have occurred. c. Incorrect. Corrective controls correct the problems identified by detective controls. d. Incorrect. Monitoring controls are designed to ensure the quality of the control system's performance over time.

If a department outside of the internal audit activity is responsible for reviewing a function or process, the internal auditors should: a. Consider the work of the other department when assessing the function or process. b. Ignore the work of the other department and proceed with an independent audit. c. Reduce the scope of the audit since the work has already been performed by the other department. d. Yield the responsibility for assessing the function or process to the other department.

a. Correct. Review and testing of the other department's procedures may reduce necessary audit coverage of the function or process. b. Incorrect. Concentrating on the function or process might lead to a duplication of efforts. c. Incorrect. The internal auditor can not rely on the work of others without verifying the results. d. Incorrect. The internal audit activity's overall responsibility for assessing the function or process is not affected by the other department's coverage.

If the annual audit plan does not allow for adequate review of compliance with all material regulations affecting the company, the internal audit activity should: a. Ensure that the board of directors and senior management are aware of the limitation. b. Include a memo with the audit planning file listing the reasons for the lack of coverage. c. Document that regulations not included will be reviewed in the subsequent year. d. Decrease the scope of operational and financial audits to make additional audit time available.

a. Correct. Senior management and the board of directors should be informed of the implications of gaps in audit coverage, including the review of compliance with applicable laws and regulations. b. Incorrect. The knowledge of incomplete audit coverage should not be known only to the internal audit activity. c. Incorrect. Compliance with material regulations may need to be reviewed on an annual basis. d. Incorrect. Audit coverage in other areas should not be automatically reduced. The internal audit activity may require additional resources to provide adequate coverage of risks.

Which of the following controls would prevent the ordering of quantities in excess of an organization's needs? a. Review of all purchase requisitions by a supervisor in the user department prior to submitting them to the purchasing department. b. Automatic reorder by the purchasing department when low inventory level is indicated by the system. c. A policy requiring review of the purchase order before receiving a new shipment. d. A policy requiring agreement of the receiving report and packing slip before storage of new receipts.

a. Correct. Supervisory review at the originating department level is one means of control over the number of items ordered. b. Incorrect. This procedure could lead to purchases of excess material because it does not consider future plans. c. Incorrect. This is a control for the risk of accepting unordered goods. d. Incorrect. This is a control for the risk of receiving an amount other than that ordered.

Which engagement-planning tool is general in nature and is used to ensure adequate audit coverage over time? a. The long-range schedule. b. The engagement program. c. The audit activity's budget. d. The audit activity's charter.

a. Correct. The long-range schedule provides evidence of coverage of key functions at planned intervals. b. Incorrect. The engagement program is limited in scope to a particular project. c. Incorrect. The audit activity's budget may be used to justify the number of audit personnel, but it is not used to ensure adequate audit coverage over time. d. Incorrect. The audit activity's charter is not an engagement-planning tool.

Which of the following factors would be considered the least important in deciding whether existing internal audit resources should be moved from an ongoing compliance audit engagement to a division audit engagement requested by management? a. A financial audit of the division performed by the external auditor a year ago. b. The potential for fraud associated with the ongoing engagement. c. An increase in the level of expenditures experienced by the division for the past year. d. The potential for significant regulatory fines associated with the ongoing engagement.

a. Correct. The results of a financial audit engagement would be the least relevant factor in prioritizing the auditors' tasks. b. Incorrect. Fraud is one of the major factors to be considered in analyzing risk and identifying audit activities. c. Incorrect. The increase in expenditures provides a benchmark for potential exposure or loss to the organization. d. Incorrect. Fines imposed by regulatory agencies could represent a significant risk.

To minimize potential financial losses associated with physical assets, the assets should be insured in an amount that is: a. Supported by periodic appraisals. b. Determined by the board of directors. c. Automatically adjusted by an economic indicator such as the consumer price index. d. Equal to the book value of the individual assets

a. Correct. The types and amounts of insurance should be supported by periodic appraisals. b. Incorrect. The determination of insurance coverage is not a function of the board of directors. c. Incorrect. The consumer price index generally does not provide an appropriate adjustment factor for fixed assets. d. Incorrect. Book values may not reflect the replacement or real value of an asset.

An organization is changing to a quality assurance program that incorporates quality throughout the process. This is very different from its years of dependence on quality control at the end of the process. This type of change is a: a. Cultural change. b. Product change. c. Structural change. d. Organizational change.

a. Correct. This is a cultural change because it involves a change in attitudes and mindset. b. Incorrect. Product change is change in a product's physical attributes and usefulness to customers. c. Incorrect. There is no change to systems and structures here. d. Incorrect. This is not an organizational change since it involves only quality assurance.

A chief audit executive would most likely use risk assessment for audit planning because it provides: a. A systematic process for assessing and integrating professional judgment about probable adverse conditions. b. A listing of potentially adverse effects on the organization. c. A list of auditable activities in the organization. d. The probability that an event or action may adversely affect the organization.

a. Correct. This is an appropriate rationale. b. Incorrect. Such a listing might convince the chief audit executive of the need for risk assessment but is not provided by the process. c. Incorrect. This is used in the risk assessment process but is not the rationale for using risk assessment. d. Incorrect. This is one definition of risk.

Which statement most accurately describes how criteria are established for use by internal auditors in determining whether goals and objectives have been accomplished? a. Management is responsible for establishing the criteria. b. Internal auditors should use professional standards or government regulations to establish the criteria. c. The industry in which a company operates establishes criteria for each member company through benchmarks and best practices for that industry. d. Appropriate accounting or auditing standards, including international standards, should be used as the criteria.

a. Correct. This is supported by Implementation Standard 2120.A4. b. Incorrect. In instances where management has not established the criteria, or if, in the auditor's opinion, the established criteria are judged less than adequate, the auditor should work with management to develop appropriate evaluation criteria. c. Incorrect. These are sources of information which will assist management in establishing goals and objective, relevant, meaningful criteria. d. Incorrect. Accounting or auditing standards would not be appropriate for this purpose.

If a department's operating standards are vague and thus subject to interpretation, an auditor should: a. Seek agreement with the departmental manager as to the criteria needed to measure operating performance. b. Determine best practices in the area and use them as the standard. c. Interpret the standards in their strictest sense because standards are otherwise only minimum measures of acceptance. d. Omit any comments on standards and the department's performance in relationship to those standards, because such an analysis would be inappropriate.

a. Correct. This is what is required by the Standards (Implementation Standard 2120.A4 and related Practice Advisory 2120.A4-1). b. Incorrect. The auditor should seek to understand the operating standards as they are applied to the organization. Also, best practices may produce overly high standards. c. Incorrect. The Standards state that if internal auditors must interpret standards, they should seek agreement with the engagement client. d. Incorrect. The auditor should first seek to gain an understanding with the departmental manager on the appropriate standards.

During a preliminary survey, an auditor found that several accounts payable vouchers for major suppliers required adjustments for duplicate payment of prior invoices. This would indicate: a. A need for additional testing to determine related controls and the current exposure to duplicate payments made to suppliers. b. The possibility of unrecorded liabilities for the amount of the overpayments. c. Insufficient controls in the receiving area to ensure timely notice to the accounts payable area that goods have been received and inspected. d. The existence of a sophisticated accounts payable system that correlates overpayments to open invoices and therefore requires no further audit concern.

a. Correct. This preliminary survey information should prompt the auditor to identify the magnitude of such duplicate payments. b. Incorrect. Unrecorded liabilities would not result. c. Incorrect. The existence of duplicate payments is not related to a problem in the receiving area. d. Incorrect. Duplicate payments are not overpayments; they are exceptions and should be handled as such

As a means of controlling projects and avoiding time-budget overruns, decisions to revise time budgets for an audit engagement should normally be made: a. Immediately after completing the preliminary survey. b. When a significant deficiency has been substantiated. c. When inexperienced audit staff members are assigned to an engagement. d. Immediately after expanding tests to establish reliability of observations.

a. Correct. Time budgets should be appraised for revision after the preliminary survey and preparation of the engagement program. b. Incorrect. When a deficiency has been substantiated, no further audit work is required. c. Incorrect. The assignment of inexperienced staff should have no effect on the time budget. d. Incorrect. Expanded tests should have no effect on the time budget; the budget would have already been expanded as necessary.

In selecting an instructional strategy for developing internal audit staff, a chief audit executive should begin by reviewing: a. Organizational objectives. b. Learning content. c. Learners' readiness. d. Budget constraints.

a. Correct. Without objectives, there is no direction to achieve the strategy. b. Incorrect. Without objective setting, content cannot be outlined. c. Incorrect. Learners' readiness should be considered after determining objectives. d. Incorrect. Budget constraints should be considered later in the process.

An adequate system of internal controls is most likely to detect an irregularity perpetrated by a: a. Group of employees in collusion. b. Single employee. c. Group of managers in collusion. d. Single manager.

b. Correct. A good system of internal controls is likely to expose an irregularity if it is perpetrated by one employee, without the aid of others. a. Incorrect. A group has a better chance of successfully perpetrating an irregularity than does an individual employee. c. Incorrect. Management can often override controls, singularly or in groups. d. Incorrect. Management can often override controls, singularly or in groups.

A standardized internal audit engagement program would not be appropriate for which of the following situations? a. A stable operating environment undergoing only minimal changes. b. A complex or changing operating environment. c. Multiple branches with similar operations. d. Subsequent inventory audit engagements performed at the same location.

b. Correct. A standardized engagement program would not be appropriate for a complex or changing operating environment because the engagement objectives and related work steps may no longer have relevance. a. Incorrect. A standardized engagement program would be appropriate for use in a minimally changing operating environment. c. Incorrect. A standardized engagement program could be used to audit multiple branches with similar operations. d. Incorrect. A standardized engagement program would be acceptable for conducting subsequent inventory audit engagements at the same location.

Divisional management stated that a recent gross margin increase was due to increased efficiency in manufacturing operations. Which of the following audit procedures would be most relevant to that assertion? a. Obtain a physical count of inventory. b. Select a sample of products, then compare costs-per-unit this year to those of last year, test cost buildups, and analyze standard cost variances. c. Take a physical inventory of equipment to determine if there were significant changes. d. Select a sample of finished goods inventory and trace raw materials cost back to purchase prices in order to determine the accuracy of the recorded raw materials price.

b. Correct. An analysis of operations would be relevant in determining the efficiency of operations. a. Incorrect. This procedure would be useful only to determine if the cause was due to overstated inventory. c. Incorrect. Changes in equipment may signal an improvement in efficiency, but this approach would not be as relevant as that in answer "b". d. Incorrect. This procedure would be relevant in determining the correctness of raw materials purchases, but would not provide any evidence regarding the efficiency of operations.

A CIA, working as the director of purchasing, signs a contract to procure a large order from the supplier with the best price, quality, and performance. Shortly after signing the contract, the supplier presents the CIA with a gift of significant monetary value. Which of the following statements regarding the acceptance of the gift is correct? a. Acceptance of the gift would be prohibited only if it were non-customary. b. Acceptance of the gift would violate the IIA Code of Ethics and would be prohibited for a CIA. c. Since the CIA is not acting as an internal auditor, acceptance of the gift would be governed only by the organization's code of conduct. d. Since the contract was signed before the gift was offered, acceptance of the gift would not violate either the IIA Code of Ethics or the organization's code of conduct.

b. Correct. As long as an individual is a Certified Internal Auditor, he or she should be guided by the profession's Code of Ethics in addition to the organization's code of conduct. Rule of Conduct 2.2 of the IIA Code of Ethics would preclude such a gift because it could be presumed to have influenced the individual's decision. a. Incorrect. Acceptance of the gift could easily be presumed to have impaired independence and thus would not be acceptable. c. Incorrect. See answer "b". d. Incorrect. See answer "b". Further, there is not sufficient information given to judge possible violations of the organization's code of conduct. However, the action could easily be perceived as a kickback.

When assessing the risk associated with an activity, an internal auditor should: a. Determine how the risk should best be managed. b. Provide assurance on the management of the risk. c. Update the risk management process based on risk exposures. d. Design controls to mitigate the identified risks.

b. Correct. Assurance services involve the internal auditor's objective assessment of a. Incorrect. Determining how unacceptable risk should be managed is the role of management. management's risk management activities and the degree to which they are effective. c. Incorrect. Designing and updating the risk management process is the role of management. d. Incorrect. Designing controls would impair the internal auditor's independence.

Of the following reasons for employees to resist a major change in organizational processes, which is least likely? a. Threat of loss of jobs. b. Required attendance at training classes. c. Breakup of existing work groups. d. Imposition of new processes by senior management without prior discussion.

b. Correct. Employee training programs facilitate performing jobs in a new or different way. a. Incorrect. Real or imagined loss of jobs is a common reason for employees to resist any change. c. Incorrect. Members of work groups often exert peer pressure on one another to resist change, especially if social relationships are changed. d. Incorrect. Lack of communication and discussion of the need for change threatens the status quo.

The activity of trading futures with the objective of reducing or controlling risk is called: a. Insuring. b. Hedging. c. Short-selling. d. Factoring.

b. Correct. Hedging is the use of future contracts to limit risk exposure on exchange rates. a. Incorrect. Insuring is a risk management activity. c. Incorrect. Short-selling refers to the sales of commodities or shares of stocks. d. Incorrect. Factoring applies to discounting of accounts receivable.