Exam 2 Questions from Back of the Book
Which of the following is not something all levels of employees should do? a. Understand their role within the internal control framework. b. Have a basic understanding of fraud and be aware of the red flags. c. Report suspicions of incidences of fraud. d. Investigate suspicious activities that they believe may be fraudulent.
d. Investigate suspicious activities that they believe may be fraudulent.
Which of the following is not likely to be a step during a consulting engagement? a. Understanding the objectives of a process. b. Assessing the risks in a process. c. Flowcharting the key steps in a process. d. Expressing a conclusion on the design adequacy and operating effectiveness of a process.
d. Expressing a conclusion on the design adequacy and operating effectiveness of a process.
The Cressey Fraud Triangle does not include, as one of its vertices: a. Pressure. b. Opportunity. c. Rationalization. d. Fraudster personality.
d. Fraudster personality.
Which of the following is not a typical "rationalization" of a fraud perpetrator? a. It's in the organization's best interest. b. The company owes me because I'm underpaid. c. I want to get back at my boss (revenge). d. I'm smarter than the rest of them.
d. I'm smarter than the rest of them.
According to the IPPF, internal auditors should possess which of the following skills? I.Internal auditors should understand human relations and be skilled in dealing with people. II.Internal auditors should be able to recognize and evaluate the materiality and significance of deviations from good business practices. III. Internal auditors should be experts on subjects such as economics, commercial law, taxation, finance, and IT. IV. Internal auditors should be skilled in oral and written communication. a. II only. b. I and III only. c. III and IV only. d. I, II, and IV only.
d. I, II, and IV only.
Which is NOT a benefit of user-developed applications (UDAs)? a. Quick to develop and use. b. Readily available and at a low cost. c. More configurable and flexible. d. Easy to control access to.
d. Easy to control access to.
Which of the following would not be considered a first line of defense in the Three Lines of Defense model? a. A divisional controller conducts a peer review of compliance with financial control standards. b. An accounts payable clerk reviews supporting documents before processing an invoice for payment. c. An accounting supervisor conducts a monthly review to ensure all reconciliations were completed properly. d. A production line worker inspects finished goods to ensure the company's quality standards are met.
a. A divisional controller conducts a peer review of compliance with financial control standards.
Which of the following is an example of misappropriation of assets? a. A small amount of petty cash is stolen. b. A journal entry is modified to improve reported financial results. c. A foreign official is bribed by the chief operating officer (COO) to facilitate approval of a new product. d. A duplicate bill is sent to a customer in hopes that they will pay it twice.
a. A small amount of petty cash is stolen.
Senior management has requested that the internal audit function perform an operational review of the telephone marketing operations of a major division and recommend procedures and policies for improving management control over the operation. The internal audit function should: a. Accept the audit engagement because independence would not be impaired. b. Accept the engagement, but indicate to management that recommending controls would impair audit independence so that management knows that future audits of the area would be impaired. c. Not accept the engagement because internal audit functions are presumed to have expertise on accounting controls, not marketing controls. d. Not accept the engagement because recommending controls would impair future objectivity of the department regarding this client.
a. Accept the audit engagement because independence would not be impaired.
Which of the following would be considered a first line of defense in the Three Lines of Defense model? a. An accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date. b. A divisional compliance and ethics officer conducting a review of employee training records to ensure that all marketing and sales staff have completed the required FCPA training. c. The external audit team observes the counting of inventory on December 31. d. An internal audit team conducting an engagement to provide assurance on the company's Sarbanes-Oxley compliance with internal controls over financial reporting.
a. An accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date.
What is the difference between a blended engagement and a consulting engagement? a. Blended engagements include components of both assurance and consulting services. b. Blended engagements take advantage of statistical sampling. c. A blended engagement always focuses on assurance services versus a balance of assurance and consulting services. d. A blended engagement uses external auditors versus a consulting engagement, which uses internal auditors.
a. Blended engagements include components of both assurance and consulting services.
Which of the following best describes an auditor's responsibility after noting some indicators of fraud? a. Expand activities to determine whether an investigation is warranted. b. Report the possibility of fraud to senior management and ask how to proceed. c. Consult with external legal counsel to determine the course of action to be taken. d. Report the matter to the audit committee and request funding for outside specialists to help investigate the possible fraud.
a. Expand activities to determine whether an investigation is warranted.
Which of the following are typically governance responsibilities of senior management? I. Delegating its tolerance levels to risk managers. II. Monitoring day-to-day performance of specific risk management activities. III. Establishing a governance committee of the board. IV. Ensuring that sufficient information is gathered to support reporting to the board. a. I and IV. b. II and III. c. I, II, and IV. d. I, II, III, and IV.
a. I and IV.
Organizational independence exists if the CAE reports <List A> to some other organizational level than the CEO or similar head of the organization as long as the internal audit activity <List B> without interference: a. List A: administratively; List B: controls the scope and performance of work and reporting of results. b. List A: administratively; List B: approved the internal audit budget and risk-based internal audit plan. c. List A: functionally; List B: controls the scope and performance of work and reporting of results. d. List A: functionally; List B: approves the internal audit budget and risk-based internal audit plan.
a. List A: administratively; List B: controls the scope and performance of work and reporting of results.
The requirement that purchases be made from suppliers on an approved vendor list is an example of a: a. Preventive control. b. Detective control. c. Compensating control. d. Monitoring control.
a. Preventive control.
Which of the following best exemplifies a control activity referred to as independent verification? a. Reconciliation of bank accounts by someone who does not handle cash or record cash transactions. b. Identification badges and security codes used to restrict entry to the production facility. c. Accounting records and documents that provide a trail of sales and cash receipt transactions. d. Separating the physical custody of inventory from inventory accounting.
a. Reconciliation of bank accounts by someone who does not handle cash or record cash transactions.
14. Which of the following represents the best governance structure?Operating Management Executive Management Internal Auditing a. Responsibility for risk Oversight role Advisory role b. Oversight role Responsibility for risk Advisory role c. Responsibility for risk Advisory role Oversight role d. Oversight role Advisory role Responsibility for risk
a. Responsibility for risk Oversight role Advisory role
The purpose of logical security controls is to: a. Restrict access to data. b. Limit access to hardware. c. Record processing results. d. Ensure complete and accurate processing of data.
a. Restrict access to data
According to research in personality psychology, the three "dark triad personalities" do not mention: a. Sociopaths. b. Psychopaths. c. Narcissists. d. Machiavellians.
a. Sociopaths.
Appropriate internal control for a multinational corporation's branch office that has a department responsible for the transfer of money requires that: a. The individual who initiates wire transfers does not reconcile the bank statement. b. The branch manager must receive all wire transfers. c. Foreign currency rates must be computed separately by two different employees. d. Corporate management approves the hiring of employees in this department.
a. The individual who initiates wire transfers does not reconcile the bank statement.
The 17 principles in the updated COSO 2013 Internal Control - Integrated Framework include one devoted specifically to addressing fraud risk: a. True. b. False.
a. True.
Which of the following would be considered a second line of defense in the Three Lines of Defense model? a. An accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date. b. A divisional compliance and ethics officer conducting a review of employee training records to ensure that all marketing and sales staff have completed the required FCPA training. c. A shift supervisor inspecting a sample of finished goods to ensure quality standards are met. d. An internal audit team conducting an engagement to provide assurance on the company's Sarbanes-Oxley compliance with internal controls over financial reporting.
b. A divisional compliance and ethics officer conducting a review of employee training records to ensure that all marketing and sales staff have completed the required FCPA training.
Senior management of an organization has requested that the internal audit function help educate employees about internal control concepts. This work is an example of: a. An assurance engagement. b. A training consulting engagement. c. A facilitative consulting engagement. d. An advisory consulting engagement.
b. A training consulting engagement.
The possibility of someone maliciously shutting down an information system is most directly an element of: a. Availability risk. b. Access risk. c. Confidentiality risk. d. Deployment risk.
b. Access risk.
In which of the following scenarios do consulting services provided by the internal audit function prove to be most beneficial? a. An organization that is completely stable and has very little change. b. An organization that has frequent, significant change. c. An organization that wants to reduce the level of change in the organization. d. An organization that has a lot of standards and procedures already in place and does not want to change them.
b. An organization that has frequent, significant change.
Which of the following best illustrates the use of EDI? a. Purchasing merchandise from a company's internet site. b. Computerized placement of a purchase order from a customer to its supplier. c. Transfer of data from a desktop computer to a database server. d. Withdrawing cash from an ATM.
b. Computerized placement of a purchase order from a customer to its supplier.
An organization that manufactures and sells computers is trying to boost sales between now and the end of the year. It decides to offer its sales representatives a bonus based on the number of units they deliver to customers before the end of the year. The price of all computers is determined by the vice president of sales and cannot be changed by sales representatives. Which of the following presents the greatest reason a sales representative may commit fraud with this incentive program? a. Sales representative may sell units that have a lower margin than other units. b. Customers have the right to return a laptop for up to 90 days after purchase. c. The units delivered may be defective. d. The customers may not pay for the computers timely.d. The customers may not pay for the computers timely.
b. Customers have the right to return a laptop for up to 90 days after purchase.
The chief operating officer (COO) has requested that the internal audit function advise her regarding a new incentive plan being developed for sales representatives. Which of the following tasks should the CAE decline with respect to providing advice to the COO? a. Researching and benchmarking incentive plans provided by other companies in the industry. b. Determining the appropriate bonus formula for inclusion in the plan. c. Recommending monitoring procedures so that appropriate amounts are paid under the plan. d. Determining how to best document the support for amounts paid to provide a sufficient audit trail.
b. Determining the appropriate bonus formula for inclusion in the plan.
When conducting a consulting engagement to improve the efficiency and quality of a production process, the audit team is faced with a scope limitation because several months of the production data have been lost or are incomplete. Faced with this scope limitation, the CAE should: a. Resign from the consulting engagement and conduct an audit to determine why several months of data are not available. b. Discuss the problem with the customer and together evaluate whether the engagement should be continued. c. Increase the frequency of auditing the activity in question. d. Communicate the potential effects of the scope limitation to the audit committee.
b. Discuss the problem with the customer and together evaluate whether the engagement should be continued.
When conducting a consulting engagement to improve the efficiency of a production process, the internal audit team is faced with a scope limitation because several months of the production data has been lost or is incomplete. Faced with this scope limitation, the CAE should: a. Halt the consulting engagement and conduct a separate assurance engagement to determine why the data was not available. b. Discuss the problem with the customer and together evaluate whether the engagement should be continued. c. Complete the analysis without the data, but include a scope limitation in the engagement report. d. Report the scope limitation to the independent outside auditors.
b. Discuss the problem with the customer and together evaluate whether the engagement should be continued.
Which of the following areas of culture presents the greatest challenge for internal audit functions who want to become trusted advisors? a. Receiving approval to include consulting services in the internal audit charter. b. Educating all areas on the internal audit function's role in performing consultative internal audit services. c. Internal audit staff are trained to perform assurance engagements only. d. Movement to a more controlled environment for the corporate enterprise.
b. Educating all areas on the internal audit function's role in performing consultative internal audit services.
3. What types of business events tend to drive new legislation and guidance? a. Economic downturns b. Fraud or other corporate wrongdoing. c. Elections or other political changes. d. Economic growth.
b. Fraud or other corporate wrongdoing.
Which of the following is the best source of IT audit guidance within the IPPF? a. Control Objectives for Information and Related Technologies (COBIT). b. GTAG .c. National Institute of Standards and Technology (NIST). d. ITIL.
b. GTAG.
2. COSO's Internal Control Framework consists of five internal control components and 17 principles for achieving effective internal control. Which of the following is/are (a) principle(s)? I. The organization demonstrates a commitment to integrity and ethical values. II.Monitoring activities. III. A level of assurance that is supported by generally accepted auditing procedures and judgments. IV. A body of guiding principles that form a template against which organizations can evaluate a multitude of business practices.V. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. a. II only. b. I and V only. c. II and IV only. d. I, II, III, IV, and V.
b. I and V only.
A payroll clerk increased the hourly pay rate of a friend and shared the resulting overpayment with the friend. Which of the following controls would have best served to prevent this fraud? a. Requiring that all changes to pay records be recorded on a standard form. b. Limiting the ability to make changes in payroll system personnel information to authorized HR department supervisors. c. Periodically reconciling pay rates per personnel records with those of the payroll system. d. Monitoring payroll costs by department supervisors monthly.
b. Limiting the ability to make changes in payroll system personnel information to authorized HR department supervisors.
Which of the following is true about new and emerging technologies? a. New technologies have security login controls built into them. b. New technologies take time for the users to transition and adapt to the new technology, so training is critical. c. New technologies always come from large multinational companies. d. New technologies have the best controls embedded in them.
b. New technologies take time for the users to transition and adapt to the new technology, so training is critical.
Which of the following activities undertaken by the internal auditor might be in conflict with the standard of independence? a. Risk management consultant. b. Product development team leader. c. Ethics advocate. d. External audit liaison.
b. Product development team leader.
13. When assessing the risk associated with an activity, an internal auditor should: a. Determine how the risk should best be managed. b. Provide assurance on the management of the risk. c. Update the risk management process based on risk exposures. d. Design controls to mitigate the identified risks.
b. Provide assurance on the management of the risk.
Who is responsible for establishing the strategic objectives of an organization? a. The board of directors. b. Senior management. c. Consensus among all levels of management. d. The board and senior management jointly.
b. Senior management.
Who is ultimately responsible for identifying new or emerging key risk areas that should be covered by the organization's governance process? a. The board of directors. b. Senior management. c. Risk owners. d. The internal audit function.
b. Senior management.
15. An adequate system of internal controls is most likely to detect an irregularity perpetrated by a: a. Group of employees in collusion. b. Single employee. c. Group of managers in collusion. d. Single manager.
b. Single employee.
An effective system of internal controls is most likely to detect a fraud perpetrated by a: a. Group of employees in collusion. b. Single employee. c. Group of managers in collusion. d. Single manager.
b. Single employee.
Who is ultimately responsible for determining that the objectives for an internal audit engagement have been met? a. The individual internal audit staff member. b. The CAE. c. The audit committee. d. The internal audit engagement supervisor.
b. The CAE.
Predication is a technical term that refers to: a. The ability of internal auditors to predict fraud successfully. b. The ability of a fraud examiner to commence an investigation if a form of evidence exists that fraud has occurred. c. The activities of fraud perpetrators in concealing their tracks so that fraud is covered up and may not be discovered. d. Management's analysis of fraud risks so they can put in place effective anti-fraud programs and controls.
b. The ability of a fraud examiner to commence an investigation if a form of evidence exists that fraud has occurred.
From an organization's standpoint, because internal auditors are seen to be "internal control experts," they also are: a. Fraud risk management process owners, and hence, the first and most important line of defense against fraudulent financial reporting or asset misappropriation. b. The best resource for audit committees, management, and others to consult in-house when setting up anti-fraud programs and controls, even if they may not have any fraud investigation experience. c. The best candidates to lead an investigation of a fraud incident involving the potential violation of laws and regulations. d. The primary decision-maker in terms of determining punishment or other consequences for fraud perpetrators.
b. The best resource for audit committees, management, and others to consult in-house when setting up anti-fraud programs and controls, even if they may not have any fraud investigation experience.
Which of the following is not a responsibility of the CAE? a. To communicate the internal audit function's plans and resource requirements to senior management and the board for review and approval. b. To oversee the establishment, administration, and assessment of the organization's system of internal controls and risk management processes. c. To follow up on whether appropriate management actions have been taken on significant issues cited in internal audit reports. d. To establish a risk-based plan to accomplish the objectives of the internal audit function consistent with the organization's goals.
b. To oversee the establishment, administration, and assessment of the organization's system of internal controls and risk management processes.
An internet firewall is designed to provide protection against: a. Computer viruses. b. Unauthorized access from outsiders. c. Lightning strikes and power surges. d. Arson.
b. Unauthorized access from outsiders.
Which of the following best describes internal audit workpapers for consulting engagements? a. Workpapers are not required for consulting engagements. b. Workpaper requirements for consulting engagements are similar to assurance engagements but typically have less documentation. c. Consulting engagements typically require more documentation than assurance engagements. d. Workpapers for consulting engagements do not require a review by internal audit management.
b. Workpaper requirements for consulting engagements are similar to assurance engagements but typically have less documentation.
Which of the following types of companies would most likely need the strongest anti-fraud controls? a. A manufacturer of popular athletic shoes. b. A grocery store. c. A bank. d. An internet-based electronics retailer.
c. A bank.
The audit committee has requested that the internal audit function assist with the annual risk assessment process. What type of consulting engagement does this assistance represent? a. An assurance engagement. b. A training consulting engagement. c. A facilitative consulting engagement. d. An advisory consulting engagement.
c. A facilitative consulting engagement.
How should an organization handle an anonymous accusation from an employee that a supervisor in the organization has manipulated time reports? a. Assign a staff internal auditor to review all time reports for the past six months in the supervisor's area. b. Make a record of the accusation but do nothing, as anonymous accusations are typically not true. c. Assess the facts provided by the anonymous party against pre- established criteria to determine whether a formal investigation is warranted. d. Turn the issue over to the HR department because this type of anonymous accusation is usually just a human resource issue.
c. Assess the facts provided by the anonymous party against pre- established criteria to determine whether a formal investigation is warranted.
The internal audit function's responsibilities with respect to fraud are limited to: a. The organization's operational and compliance activities only because financial reporting matters are the responsibility of the independent outside auditor. b. Monitoring any calls received through the organization's whistleblower hotline but not necessarily conducting a follow-up investigation. c. Being aware of fraud indicators, including those relating to financial reporting fraud, but not necessarily possessing the expertise of a fraud investigation specialist. d. Ensuring that all employees have received adequate fraud awareness training.
c. Being aware of fraud indicators, including those relating to financial reporting fraud, but not necessarily possessing the expertise of a fraud investigation specialist.
Per IIA Standards, internal audit functions must establish: a. Internal quality assurance and improvement program assessments. b. External quality assurance and improvement program assessments. c. Both internal and external quality assurance and improvement program assessments. d. Neither internal nor external quality assurance and improvement program assessments.
c. Both internal and external quality assurance and improvement program assessments.
Which of the following statements regarding an internal audit function's continuous auditing responsibilities is/are true? I. The internal audit function is responsible for assessing the effectiveness of management's continuous monitoring activities. II. In areas of the organization in which management has implemented effective monitoring activities, the internal audit function can conduct less stringent continuous assessments of risks and controls. a. Only statement I is true. b. Only statement II is true. c. Both statements I and II are true. d. Neither statement I nor statement II is true.
c. Both statements I and II are true.
An internal auditor plans to conduct an audit of the adequacy of controls over investments in new financial instruments. Which of the following would not be required as part of such an engagement? a. Determine whether policies exist that describe the risks the treasurer may take and the types of instruments in which the treasurer may invest. b. Determine the extent of management oversight over investments in sophisticated instruments. c. Determine whether the treasurer is getting higher or lower rates of return on investments than treasurers in comparable organizations. d. Determine the nature of monitoring activities related to the investment portfolio.
c. Determine whether the treasurer is getting higher or lower rates of return on investments than treasurers in comparable organizations.
A financial services organization is planning on staffing a complex consulting engagement that involves the consolidation of two large banking organizations, including changing many of the processes. Which of the following skills is the least important skill for auditors to possess in assisting in the review of target processes? a. Ability to quickly develop relationships. b. Specific business-related skills related to the processes being reengineered. c. Experience in performing testing of controls. d. Unstructured problem-solving skills.
c. Experience in performing testing of controls.
Which of the following activities are designed to provide feedback on the effectiveness of an internal audit activity? I. Proper supervision. II. Proper training. III. Internal assessments. IV. External assessments. a. I, II, and III only. b. I, II, and IV only. c. I, III, and IV only. d. All of these.
c. I, III, and IV only.
Which of the following is not one of the top 10 technology risks facing organizations? a. Cybersecurity b. Use of older technology. c. IT governance. d. Mobile computing.
c. IT governance.
3. ABC utility company sells electricity to residential customers and is a member of an industry association that provides guidance to electric utilities, lobbies on behalf of the industry, and facilitates sharing among its members. From ABC's perspective, what type of stakeholder is this industry association? a. Directly involved in the operation of the company. b. Interested in the success of the company. c. Influences the company. d. Not a stakeholder.
c. Influences the company.
Reasonable assurance, as it pertains to internal control, means that: a. The objectives of internal control vary depending on the method of data processing used. b. A well-designed system of internal controls will prevent or detect all errors and fraud. c. Inherent limitations of internal control preclude a system of internal control from providing absolute assurance that objectives will be achieved. d. Management cannot override controls, and employees cannot circumvent controls through collusion.
c. Inherent limitations of internal control preclude a system of internal control from providing absolute assurance that objectives will be achieved.
What fraud schemes were reported to be most common in the ACFE's 2016 Report to the Nations? a. Corruption. b. Fraudulent billing. c. Misappropriation of assets by employees. d. Inappropriately reporting revenues in published financial results.
c. Misappropriation of assets by employees
The software that manages the interconnectivity of the system hardware devices is the: a. Application software. b. Utility software. c. Operating system software. d. Database management system software.
c. Operating system software.
11. The risk assessment component of internal control involves the: a. Independent outside auditor's assessment of residual risk. b. Internal audit function's assessment of control deficiencies. c. Organization's identification and analysis of the risks that threaten the achievement of its objectives. d. Organization's monitoring of financial information for potential material misstatements.
c. Organization's identification and analysis of the risks that threaten the achievement of its objectives.
The internal audit function should not: a. Assess the organization's governance and risk management processes. b. Provide advice about how to improve the organization's governance and risk management processes. c. Oversee the organization's governance and risk management processes. d. Coordinate its governance and risk management-related activities with those of the independent outside auditor.
c. Oversee the organization's governance and risk management processes.
Companies in industries that are heavily regulated may be subject to audits by the regulator's auditors. While not specifically covered in the Three Lines of Defense model, such auditors would most likely be considered: a. Part of the first line of defense. b. Part of the second line of defense. c. Part of the third line of defense. d. Not a line of defense.
c. Part of the third line of defense.
Requiring a user ID and password would be an example of what type of control? a. Detective. b. Corrective. c. Preventative. d. Reactive.
c. Preventative.
Which of the following is not an appropriate governance role for an organization's board of directors? a. Evaluating and approving strategic objectives. b. Influencing the organization's risk-taking philosophy. c. Providing assurance directly to third parties that the organization's governance processes are effective. d. Establishing broad boundaries of conduct, outside of which the organization should not operate.
c. Providing assurance directly to third parties that the organization's governance processes are effective.
The control that would most likely ensure that payroll checks are written only for authorized amounts is to: a. Conduct periodic floor verification of employees on the payroll. b. Require the return of undelivered checks to the cashier. c. Require supervisory approval of employee time cards. d. Periodically witness the distribution of payroll checks.
c. Require supervisory approval of employee time cards.
The Standards requires the CAE to share information and coordinate activities with other internal and external providers of assurance services. With regard to the independent outside auditor, which of the following would not be an appropriate way for the CAE to meet this requirement? a. Holding a meeting between the CAE and the independent outside audit firm's partner to discuss the upcoming audit of the financial statements. b. Providing the independent outside auditor with access to the working papers for an audit of third-party contractors. c. Requiring the independent outside auditor to have the CAE's approval of their annual audit plan for conducting the financial statement audit. d. Requesting that the internal audit function receive a copy of the independent outside auditor's management letter.
c. Requiring the independent outside auditor to have the CAE's approval of their annual audit plan for conducting the financial statement audit.
It would be appropriate for the internal audit function to perform which of the following: a. Design controls for a process. b. Develop a new whistleblower policy. c. Review a new IT application before implementation. d. Lead a process reengineering project.
c. Review a new IT application before implementation.
Which of the following would be a typical consulting engagement activity performed by the internal audit function? a. Testing compliance with accounts payable policies and procedures. b. Determining the scope of an engagement to test IT application controls. c. Reviewing and commenting on a draft of a new ethics policy created by the company. d. Testing the design adequacy of controls over the termination of employees.
c. Reviewing and commenting on a draft of a new ethics policy created by the company.
What is residual risk? a. Impact of risk. b. Risk that is under control. c. Risk that is not managed. d. Underlying risk in the environment.
c. Risk that is not managed.
Who has primary responsibility for the monitoring component of internal control? a. The organization's independent outside auditor. b. The organization's internal audit function. c. The organization's management. d. The organization's board of directors.
c. The organization's management.
Which of the following best describes continuous auditing? a. Development of computer-assisted audit techniques (CAATs). b. Oversight of continuous monitoring. c. The use of continuous risk assessment, continuous controls assessment, and assessment of continuous monitoring. d. The ability of internal auditors to continually perform auditing steps.
c. The use of continuous risk assessment, continuous controls assessment, and assessment of continuous monitoring.
Which of the following is the best reason for the CAE to consider the organization's strategic plan in developing the annual internal audit plan? a. To emphasize the importance of the internal audit function to the organization. b. To make recommendations to improve the strategic plan. c. To ensure that the internal audit plan supports the overall business objectives. d. To provide assurance that the strategic plan is consistent with the organization's values.
c. To ensure that the internal audit plan supports the overall business objectives.
Which of the following best describes an internal auditor's purpose in reviewing the organization's existing governance, risk management, and control processes? a. To help determine the nature, timing, and extent of tests necessary to achieve engagement objectives. b. To ensure that weaknesses in the internal control system are corrected. c. To provide reasonable assurance that the processes will enable the organization's objectives and goals to be met efficiently and economically. d. To determine whether the processes ensure that the accounting records are correct and that financial statements are fairly stated.
c. To provide reasonable assurance that the processes will enable the organization's objectives and goals to be met efficiently and economically.
If a sales transaction record was rejected during input because the customer account number entered was not listed in the customer master file, the error was most likely detected by a: a. Completeness check. b. Limit check. c. Validity check. d. Reasonableness check.
c. Validity check.
The Standards requires policies and procedures to guide the internal audit staff. Which of the following statements is false with respect to this requirement? a. A small internal audit function may be managed informally through close supervision and written memos. b. Formal administrative and technical audit manuals may not be needed by all internal audit functions. c. The CAE should establish the function's policies and procedures. d. All internal audit functions should have a detailed policies and procedures manual.
d. All internal audit functions should have a detailed policies and procedures manual.
Which of the following is not an example of a fraud prevention program element? a. Background investigations of new employees. b. Exit interviews of departing employees. c. Establishing authority limits related to purchasing commitments. d. Analyzing cash disbursements to determine whether any duplicate payments have been made.
d. Analyzing cash disbursements to determine whether any duplicate payments have been made.
14. Determining that engagement objectives have been met is ultimately the responsibility of the: a. Internal auditor. b. Audit committee. c. Internal audit supervisor. d. CAE.
d. CAE.
An organization's IT governance committee has several important responsibilities. Which of the following is not normally such a responsibility? a. Aligning investments in IT with business strategies. b. Overseeing changes to IT systems. c. Monitoring IT security procedures d. Designing IT application-based controls.
d. Designing IT application-based controls.
When discussing integration of IT into audit engagements, which of the following is the most desirable integration of IT into specific engagements? a. Developing and integrating testing of IT controls into process-level audits. b. Developing and performing computer audit software steps into process-level audits. c. Auditing controls around the computer to make sure the computer controls are working effectively. d. Developing and performing computer audit software steps into the process-level audits along with testing of IT controls.b
d. Developing and performing computer audit software steps into the process-level audits along with testing of IT controls.
Which of the following is not a role of the internal audit function in best practice governance activities? a. Support the board in enterprise wide risk assessment. b. Ensure the timely implementation of audit recommendations. c. Monitor compliance with the corporate code of conduct. d. Discuss areas of significant risks.
d. Discuss areas of significant risks.
Which auditor will be the most successful in being perceived as a "Trusted Advisor"? a. One who audits using a checklist. b. One who best uses audit sampling techniques. c. One who ensures 100 percent compliance with all policies, procedures, and rules. d. One who collaborates with management to reach a consensus on the best solution to balance controls and efficient processes.
d. One who collaborates with management to reach a consensus on the best solution to balance controls and efficient processes.
According to the IPPF, the independence of the internal audit activity is achieved through: a. Staffing and supervision. b. Continuing professional development and due professional care. c. Human relations and communications. d. Organizational status and objectivity.
d. Organizational status and objectivity.
Which of the following is not a required consideration regarding proficiency and due professional care when choosing to perform a consulting engagement? a. Availability of adequate skills and resources to conduct the engagement. b. Needs and expectations of the engagement customer. c. Cost of the engagement relative to the potential benefits. d. Potential impact on the independent outside auditor's financial statement audit.
d. Potential impact on the independent outside auditor's financial statement audit.
Internal auditors are working to become trusted advisors to management on risk management techniques. Which of the following would be the best way for internal audit to demonstrate they are truly a trusted advisor? a. Providing testing of key controls. b. Assisting management in developing procedures for accounts payable. c. Performing a post-implementation review after a system has been installed. d. Providing guidance and audit resources to develop an enterprise risk management process for the organization.
d. Providing guidance and audit resources to develop an enterprise risk management process for the organization.
Audit committees are most likely to participate in the approval of: a. Audit staff promotions and salary increases. b. The internal audit report observations and recommendations. c. Audit work schedules. d. The appointment of the CAE.
d. The appointment of the CAE.
Which of the following statements regarding corporate governance is not correct? a. Corporate control mechanisms include internal and external mechanisms. b. The compensation scheme for management is part of the corporate control mechanisms. c. The dilution of shareholders' wealth resulting from employee stock options or employee stock bonuses is an accounting issue rather than a corporate governance issue. d. The internal audit function of a company has more responsibility than the board for the company's corporate governance.
d. The internal audit function of a company has more responsibility than the board for the company's corporate governance.