CIA Exam Part 2 Practice Questions
When forming an opinion on the adequacy of management's systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive? During an audit of the hiring process in a law firm, it was discovered that potential employees' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit. · During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit. During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased. During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.
1 an 4 1 is included because although the process has not changed, you do not know the results of testing in the current year.
A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take? 1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any. 2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident. 3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internetbased sales process and key controls. 4. Include the incident in the next quarterly report to the audit committee.
1 and 2
During the quarterly review of the internal audit activity's performance, the chief audit executive (CAE) notes that actual engagement hours consistently exceed the budget. Which of the following strategies would most likely help the CAE address this problem? · The budget should consider time spent on similar engagements. · The budget should consider the proficiency of the assigned auditors. · The budget estimate should provide for unexpected delays. · T The budget should be specific as to time for each work assignment
1 and 4 2 does not address the issue because it is assumed that at the beginning of the engagement, and therefore this should be accounted for with planning the budget 3 is not a great strategy because it would not get to the root cause of the variance between budgeted and actual numbers
Which of the following statements is correct regarding the use of a program evaluation and review technique (PERT) model? 1 It makes use of a probability model to arrive at a realistic estimate of time necessary for completion of the audit engagement. 2 It requires that activities are performed in sequence such that each task is completed before the commencement of the next activity. 3 It remains fixed once completed to act as a baseline for measuring the performance of the audit staff following completion of the engagement. 4 It begins with the auditor-in-charge identifying the overall scope and then breaking down the audit engagement into identifiable activity units.
1 and 4: the PERT model is used to identify the time it takes to finish a particular task or activity. PERT accomplishes this task by using a probability model to arrive at a realistic estimate of time necessary. It is another tool similar to a Gnatt chart. 2 is not included because PERT is a project management tool and makes it easier for project managers to handle subsegments simultaneously 3. PERT is a flexible model, and is not likely used to measure performance of the audit staff since it is primarily a project management tool
The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources? · The annual audit plan should include audits that are consistent with the skills of the IAA. · Audits of high-risk areas of the organization should be conducted by internal audit staff. · External resources may be hired to provide subject-matter expertise but should be supervised. · Auditors should develop their skills by being assigned to complex audits for learning opportunities.
3 and 4
The most effective way for internal auditors to enhance the reliability of computerized financial and operating information is by: A. Determining if controls over record keeping and reporting are adequate and effective. B. Reviewing data provided by information systems to test compliance with external requirements. C. Determining if information systems provide management with timely information. D. Determining if information systems provide complete information.
A
When approving the final engagement report, which of the following is most critical? A. Opinions are adequately supported. B. Conclusions are reached for all objectives. C. Report is distributed to appropriate parties. D. Report is clear and concise.
A
When creating the internal audit plan, the chief audit executive should prioritize engagements based primarily on which of the following? A. The last available risk assessment. B. Requests from senior management and the board. C. The longest interval since the last examination of each audit universe item. D. The auditable areas required by regulatory agencies.
A
When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach? A. Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered. B. Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective. C. Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance. D. Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.
A
Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan? A. Strategic plans reflect the organization's business objectives and overall attitude toward risk. B. Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources. C. Strategic plans are likely to show areas of weak financial controls. D. The strategic plan is a relatively stable document on which to base audit planning
A
Which of the following would not include recommendations for process improvements? A. Due diligence engagement. B. Forensic investigation. C. Internal audit engagement. D. Consulting engagement.
A
Why would a company maintain a compensating cash balance? To pay for banking services To take advantage of bargain purchase opportunities that may arise To make routine payments and collections To provide a reserve in case of unforeseen fluctuations in cash flows
A
Which of the following statements is false regarding audit criteria? A. Audit criteria should be consistent across audit assignments. B. Audit criteria should represent reasonable standards against which to assess existing conditions. C. Audit criteria should provide flexibility but allow identification of nonadherence. D. Audit criteria should equate to good or acceptable management practices.
A B is wrong because Audit Criteria is defined as a standard expected to be met by the org. Therefore, current exisiting conditions should evaluated based on the criteria, and not the other way around
Which of the following would be a red flag that indicates the possibility of inventory fraud? A. The controller has assumed responsibility for approving all payments to certain vendors. II. The controller has continuously delayed installation of a new accounts payable system, despite a corporate directive to implement it. III. Sales commissions are not consistent with the organization's increased levels of sales. IV. Payments to certain vendors are supported by copies of receiving memos, rather than originals.
A,B, and D
Inadequate Risk Assessment would have the strongest negative impact in which phase A. determining the scope B. Reviewing internal Controls C. Testing D. Evaluating Findings
A. A Scope is primarily dependent on the risk assessment and objectives to that the auditors can write effective procedures. All other answers occur after the scope has been written. A bad scope will result in not knowing what controls to review, what to test, and how to evaluate findings
Which of the following factors would increase the confidence level in a variables sampling plan? I A Larger Sample Size II A Stratified Sample III A larger Standard deviation A) I and II B) I and III C) II and III D) I, II, and III
A. The confidence level has no effect on the standard deviation. The confidence level only relates to the sample size. As such, an increase in the confidence level increases the sample size, regardless if it is stratified or not. B, C.D include the Standard deviation
New environmental regulations require the board to certify that the organization's reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization's compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit? A. The audit committee of the board. B. The environmental, health, and safety manager. C. The organization's external environmental lawyers. D. The organization's insurance department.
B
What is the most important risk in determining the validity of construction delay claims? A. Contractor claims may be submitted prior to completion of the work. B. Contractor claims may include costs considered in the fixed-price portion of the work. C. Contractor claims may include subcontractor estimates of balances due to the subcontractor . D. Contractor claims may be understated.
B
When assessing the risk associated with an activity, an internal auditor should: A. Determine how the risk should best be managed. B. Provide assurance on the management of the risk. C. Modify the risk management process based on risk exposures. D. Design controls to mitigate the identified risks.
B
Which of the following has the greatest effect on the efficiency of an audit? A. The complexity of deficiency findings. B. The adequacy of preliminary survey information. C. The organization and content of workpapers. D. The method and amount of supporting detail used for the audit report.
B
While preparing the annual audit plan, the newly assigned chief audit executive (CAE) learns that the organization has not yet implemented a risk framework. Which of the following would be the most appropriate action for the CAE to take regarding potential engagements? A. Prioritize the engagements that were not done in previous years and schedule them for the upcoming year. B. Consult with senior management and the board and make adjustments regarding risk. C. Review all outstanding recommendations from prior audit engagements and focus on them in the upcoming year. D. Use the previous three-year audit plan to extrapolate potential engagements for the upcoming year's schedule of engagement.
B
Which of the following best describes the most important criteria when assigning responsibility for specific tasks required in an audit engagement? A. Auditors must be given assignments based primarily upon their years of experience. B. All auditors assigned an audit task must have the knowledge and skills necessary to complete the task satisfactorily. C. Tasks must be assigned to the audit team member who is most qualified to perform them. D. All audit team members must have the skills necessary to satisfactorily complete any task that will be required in the audit engagement.
B- This answer is correct because of the phrase "all auditors assigned". D is incorrect because of the phrase "complete any task that will be required in the audit engagement". This is only partially correct- the correct phrase is that all members assigned to a task must pocess the skills necessary
In evaluating validity of different types of audit evidence, which of the following conclusions is not correct? A. Recomputation, though highly valid, is limited in usefulness due to its limited scope B. The validity of documentary evidence is independent of the effectiveness of the control system in which it was created C. Internally created documentary evidence is considered less valid than externally created documentary evidence D. The validity of confirmations varies directly with the independence of the party receiving the confirmation
B. A valid document is a reflection of the control system in place. A valid document indicates an effective control system A is wrong because Recomputation does have a limited scope C in wrong because internally generated documents are less reliable than external ones D is wrong becuase confirmation is only valid if the party receiving the confirmation is independant of the person providing the confirmation
According to IIA guidance, which of the following is the least appropriate role for the internal audit activity in the organization's risk management program? A. Conducting full investigations of suspected fraud. B. Monitoring the organization's whistle-blower hotline. C. Assessing the risk of fraudulent activity in the organization . D. Providing ethics training sessions to organization staff
C
According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement? A. A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action. B. Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings. C. The exit conference provides only anticipated results for inclusion in the final audit communication. D. During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.C
C
According to the International Professional Practices Framework, which of the following is correct regarding conducting and reporting follow-up activities by the internal audit activity (IAA)? A. Due to management changes, the IAA is advised by management that no further work will be done. Further follow-up work is not required as management has accepted the related risk. B. A newly appointed auditor immediately proceeds to conduct follow-up testing based on previous work performed for the engagement and then reports the results to the chief audit executive (CAE). C. Management has stopped implementing several key recommendations citing a growing disagreement with their effectiveness. The auditor communicates the situation to the CAE who then escalates the matter to senior management. D. In situations where the identified risk may have a significant impact to the business and senior management has accepted the risk, it is not necessary for the CAE to inform the board of the decision.
C
According to the International Professional Practices Framework, which of the following would not be considered when performing an initial risk assessment in engagement planning? A. The reliability of management's assessment of risk. B. Management's process for monitoring, reporting, and resolving risk issues. C. Management's methodology for defining risk criteria. D. Risks in related activities relevant to the activity under review.
C
An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process? A. Verify that approvals of purchasing documents comply with the authority matrix. B. Observe whether the purchase orders are sequentially numbered. C. Examine whether the sales department supervisor approves invoices for payment. D. Determine whether the accounts payable department reconciles all purchasing documents prior to payment.
C
During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take? A. The auditor must not perform the training, because any task to improve the business process could impact audit independence. B. The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task. C. The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task. D. The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.
C
The final internal audit report should be distributed to which of the following individuals? A. Audit client management only B. Executive management only C. Audit client management, executive management, and others approved by the chief audit executive. D. Audit client management, executive management, and any those who request a copy.
C
The internal audit activity of an organization obtained approval to add a senior auditor to its staff. The chief audit executive, audit manager, and audit supervisor each will interview the candidates. According to the Standards, which of the following best explains the involvement of management in the interview process? A. Provides audit management with the opportunity to communicate expectations regarding ethical behavior standards. B. Enables audit management to outline its quality assurance and improvement program with the senior auditor. C. Assists audit management in planning by more effectively allocating the senior auditor to appropriate audits. D. Allows audit management to explain the criteria that will be used to evaluate the senior auditor
C
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement? A. The amount of experience the auditors have conducting audits in the specific area of the organization. B. The availability of the auditors in relation to the availability of key client staff. C. Whether the budgeted hours are sufficient to complete the audit within the current scope. D. Whether outside resources will be needed, and their availability.
C
Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement? A. Advance notice may result in management making corrections to reduce the number of potential deficiencies. B. Previous management action plans addressing prior internal audit recommendations remain incomplete. C. The engagement includes audit assurance procedures such as sensitive or restricted asset verifications. D. The audit engagement has already been communicated and approved through the annual audit plan.
C
Which of the following is the most important concept to be included in a consulting engagement agreement? A. Define the duties and responsibilities needed from management to perform the engagement. B. Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of the review. C. Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee. D. Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.
C
Which of the following is true regarding roles and responsibilities in risk management processes? A. Setting strategic direction resides with senior management. B. Ownership of risks resides with the board. C. Acceptance of residual risk resides with executive management level. D. Identifying, assessing, mitigating and monitoring activities on a continuous basis rests with the internal audit activity.
C
Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement? A. Report follow-up activities to senior management. B. Implement follow-up procedures to evaluate residual risk. C. Determine the costs of implementing the recommendations. D. Evaluate the extent of improvements.
C
Why should internal auditors develop a strong relationship with the external auditors? A. External auditors offer an additional layer of approval to internal auditors' reports. B. External auditors can help improve the effectiveness of internal control sampling techniques. C. External auditors can offer an independent and knowledgeable viewpoint. D. External auditors can share information gained from work with similar clients.
C
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program? A. Identifying and managing risks in line with the entity's risk appetite. B. Ensuring that a proper and effective risk management process exists. C. Attaining an adequate understanding of the entity's key mitigation strategies. D. Identifying and ensuring that appropriate controls exist to mitigate risks.
C A, B, and D are all management responsibility
Which of the following situations would justify the removal of a finding from the final audit report? A. Management disagrees with the report findings and conclusions in their responses. B. Management has already satisfactorily completed the recommended corrective action. C. Management has provided additional information that contradicts the findings. D. Management believes that the finding is insignificant and unfairly included in the report.
C B is incorrect because
When determining the nature, timing, and extent of follow up, the chief audit executive considers all of the following factors except: A. Significance of the reported observation or reccomendation, degree of effort, and cost needed to correctthe reported conditon B. Impact that may result should the corrective action fail C. Authority or responsibility of the person required to take corrective action D. Complexity of the corrective action and time period involved
C- You care about the person responsible when thinking about the COMMUNICATION, not the Nature, extent and timing of the follow up B is a factor when you think about the nature, extent, and timing
A Client Satisfaction survey for the internal audit engagement should be asked to assess which of the following factors I Audit team's knowledge of the audited area II Usefulness of audit results III quality of management of the internal audit activity IV Clarity of the scope and objectives of the audit engagement A. I and II only B. II and IV only C. I, II, and IV only D. I III, and IV only
C. A survey would ask questions regarding the quality of management of the internal audit activity is due to the business not knowing what the criteria for managemnet is. All other answers are applicable for a survey
In reviewing the appropriateness of the minimum quantity level of inventory established by a department, an auditor would be least likely to consider A. Stockout Costs B. Seasonal Variations in forecasting inventory demand C. Optimal Order sixes determined by an economic order quantity model D The potential for obsolesence of inventory items
C. EOQ, although a useful tool, does not concern itself with the minimum quantity, and would be the least likely thing to consider when evaluating the appropriateness of minimum quantity level
According to the Standards, which of the following best describes what must be agreed upon to establish an understanding with clients prior to starting a consulting engagement? A. The engagement objectives, access to clients records, and expectations. B. The engagement objectives, scope, and time frame to complete the engagement. C. The engagement scope, opportunities for making significant improvements, and client expectations. D. The engagement objectives, scope, respective responsibilities, and other client expectations
D
According to the Standards, which of the following would have the least direct interest in the draft report of a compliance review of the purchasing function? A. Purchasing staff. B. Purchasing manager. C. Director of finance. D. Audit committee
D
For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor? A. Independently evaluating conflicts of interests. B. Assessing contracts for relevant terms and conditions. C. Performing statistical analysis for data anomalies. D. Preparing evidentiary documentation
D
The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards? A. Coach management in responding to risks. B. Develop risk management strategies for board approval. C. Facilitate identification and evaluation of risks. D. Evaluate risk management processes.
D
At the conclusion of the audit, a report was issued to the tresurer, CFO, President, and the Board. A follow up review was performed. The Auditor shold provide the follow up report to which of the following I Treasurer II CFO III President IV Board A. I and II B III and V C III anf IV D All of the above
D. All of the above. those that receive the report should be provided with the additional follow up
Which of the following represents appropriate evidence of supervisory review of engagement workpapers? I A supervisor's initials of each workpaper II An engagement workpaper review checklist III A memo specifying the nature extent, and results of the supervisory review of workpapers IV Performance appraisals that assess the quality of workpapers prepared by auditors
I , II, and III
Which of the following tests must an IA perform to ensure EDI transactions are received and translated accurately I Computerized tests to assess Transaction reasonableness and validity II Review of log books to ensure that transactions are logged upon receipt III Edit checks to identify unusual Transactions IV Verification of limitations on the authourity of users to initiate specific EDI transactions
I, II, and III IV does not test accuracy, rather it tests a control I is what i believe to be the primary test II is a substantive procedure that tests the occurance of the transaction III Edit checks are defined as a test that checks data to ensure validity and is used to verify data before being processed. Under this lens, an argument can be made that this procedure can be used to gain reasonable assurance that transactions are accurate. Edit Checks also test completeness and accuracy
According to IIA guidance, organizations have the most influence on which element of fraud? A. Opportunity. B. Rationalization. C. Pressure. D. Incentives
A
According to IIA guidance, which of the following are acceptable strategies for an internal audit activity (IAA) to establish or build relationships? A. Assist executives with their administrative and governance responsibilities, and encourage all IAA members to develop relationships with the organization's executives. B. Assist executives with their administrative and governance responsibilities, and ensure that all communications with the board are formal audit reports or preset agendas. C. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and encourage all IAA members to develop relationships with the organization's executives. D. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and ensure that all communications with the board are formal audit reports or preset agendas.
A
According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations? A. Evaluate and verify management's response, and determine the need and scope for additional work. B. Evaluate and verify management's response, and establish timelines for corrective action by management. C. Oversee the corrective actions undertaken by management, and determine the need and scope for additional work. D. Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.
A
According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization's cash disbursements process? A. The accounts payable supervisor, accounts payable manager, and controller. B. The accounts payable manager, purchasing manager, and receiving manager. C. The accounts payable supervisor, controller, and treasurer. D. The accounts payable manager, chief financial officer, and audit committee.
A
According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary? A. Communication of any internal ethics violations to external parties may occur with appropriate safeguards. B. Cultural impacts are less critical where the organization practices uniform polices around the globe. C. Cross-cultural differences should always be handled by the staff of the same cultural background. D. Local law enforcement should be involved as they are more familiar with the applicable local laws.
A
According to IIA guidance, which of the following should be considered when creating policies and procedures for the internal audit activity (IAA)? A. Number of auditors, complexity of audit activities, and structure of the IAA. B. Number of auditors, complexity of audit activities, and audit staff skills and competencies. C. Number of auditors, structure of the IAA, and audit staff skills and competencies. D. Complexity of audit activities, structure of the IAA, and audit staff skills and competencies.
A
An auditor analyzed a payroll system's data files for unusual activity, such as excessive overtime hours, unusual fluctuations in pay rates, and excessive vacation time. The application controls being verified by this analysis are: A. Edit and validation controls . B. Rejected and suspense item controls. C. Controls over update access to the database . D. Programmed balancing controls.
A
An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute? A. Conduct a joint brainstorming session with management. B. Ask the chief audit executive to mediate. C. Disclose the client's differing opinion in the final report. D. Escalate the issue to senior management for a decision.
A
During the development of a purchasing system, an auditor reviewed the payment authorization program. Which of the following actions should the auditor recommend for a situation in which the quantity invoiced is greater than the quantity received? A. Issue an exception report. B. Pay the amount billed and adjust the inventory account for the difference. C. Return the invoice to the vendor for correction. D. Authorize payment of the full invoice, but maintain an open purchase order record for the missing goods.
A
In which of the following situations would it be most appropriate to employ the services of a forensic specialist? A. Detection of unauthorized changes to source documents. B. Review for misapplication of general computer controls over accounts receivable. C. Investigation of ghost employees in a large business. D. Verification of fixed assets in a manufacturing company
A
The chief audit executive (CAE) notes during review of the final report of an assurance engagement that management has decided to accept the risks of two significant exposures identified by the audit. Which of the following actions by the CAE would be least prudent in these circumstances? A. Implement follow-up procedures to monitor the potential impact of those risks. B. Review the working papers and conclusions as to the perceived residual risk. C. Meet with senior management to consider their reasoning for the decision. D. Meet with the auditor-in-charge to review the conclusions.
A
The efficiency of internal audit operations is best enhanced if workpaper standards: A. Permit the extent of documentation to vary according to engagement objectives. B. Require supervisors to initial and date each workpaper that they review. C. Allow access to workpapers by external parties if approved by senior management or the audit committee. D. Mandate the workpaper retention period
A
According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud? A. The employee's name listed on organization's payroll is compared to the personnel records . B. Payroll time sheets are reviewed and approved by the timekeeper before processing. C. Employee access to the payroll database is deactivated immediately upon termination. D. Changes to payroll are validated by the personnel department before being processed.
B
According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties? A. The CAE can release prior internal audit reports with the approval of the board and senior management. B. The CAE can employ judgment and release prior audit results as they deem appropriate and necessary. C. The CAE can only release prior information outside the organization when mandated by legal or statutory requirements. D. The CAE can release prior information provided it is as originally published and distributed within the organization.
B
According to IIA guidance, which of the following strategies would be the least effective in helping a chief audit executive build a stronger relationship with the board? A. Consider formality and tone of communications to ensure they are appropriate. B. Minimize instances of ad hoc communications with board members. C. Consider the possible repercussions created by commentary on deficiencies. D. Avoid making presumptuous comments without sufficient facts.
B
An auditor plans to analyze customer satisfaction, including. (1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct? A. Although useful, such an analysis does not address any risk factors. B. The survey would not consider customers who did not make purchases in the last three months. C. Steps 1 and 2 of the analysis are not necessary or cost-effective if the customer survey is comprehensive. D. Analysis of three months' activity would not evaluate customer satisfaction.
B
Which of the following techniques could be used to evaluate the effectiveness of changes to the operation of a computer help line A. Benchmarking B. baseline requirements C. Walk Through D. Quality Circles
B. Baseline requirements is a snapshot in time that represents an approved set of requirements that been committed to a specific product release. Based on this definition, this is the most likely answer A is incorrect because there is no external thing to compare the help line to C. A walkthrough could help evaluate the effectiveness of controls, but it should be combined with reperformance in order to be effective D. Quality Circles is defined as a group of workers who the same or similar work. As such, this is not a valid answer since it does not talk about the process
Which of the following actions has the least influence on the chief audit executive's development of an audit plan? A. Input from senior management and the board. B. An evaluation of the complexity of each audit engagement. C. Changes in the organizations structure or budget. D. An assessment of risk and exposures affecting the organization.
B. Complexity of an engagement will not influence the audit plan
When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider? A. The need and availability of automated support. B. The potential impact of key risks. B C. The expected outcomes and deliverables. D. The operational and geographic boundaries.
B. Potential impact of key risks is considered in the planning phase of the aduit
A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an internal auditor look for as an indicator of employee theft of food from a specific store? A. On a rainy day, total sales are greater than expected when compared to the cost of ingredients used. B. On a sunny day, total sales are less than expected when compared to the cost of ingredients used. C. Both total sales and cost of ingredients used are greater than expected. D. Both total sales and cost of ingredients used are less than expected.
B: Assume COGS is consistent, based on the model, a sunny day would produce an increase in sales, and therefore COGS would go up. However, we see that Sales are down, and therefore COGS should go down, but the answer implies that COGS stayed the same. This means that the risk is that theft is possible cause A is wrong because the risk here is that there is a fictitious sale and not theft of inventory C & D are irrelevant since the question clearly states that in the model that rainy days are included in the model
A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions? A. Assert whether the described and reported control processes and systems exist. B. Assess whether senior management adequately supports and promotes the internal control culture described in the report. C. Evaluate the completeness of the report and management's responses to identified deficiencies. D. Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.
C
A performance audit engagement typically involves: A. Review of financial statement information, including the appropriateness of various accounting treatments. B. Tests of compliance with policies, procedures, laws, and regulations. C. Appraisal of the environment and comparison against established criteria. D. Evaluation of organizational and departmental structures, including assessments of process flows.
C
What is the responsibility of the internal auditor once a fraud investigation has been concluded? A. Ascertain the extent to which fraud has been perpetrated B. Notify the appropriate regualtory Agency C. Determine if controls need to be implemented or strengthened to reduce future vulnerability D. Implement controls to prevent future occurrences
C is the most complete answer A. is wrong because based on the question, you are at the conclusion of the engagement, and enough testing has been done. B. You have no information whether if the fraud occurred or not; therefore, this is inappropriate D is wrong becuase internal auditors do not implement controls
What type of analysis is performed when an auditor tests for unusual variations in information by comparing the number of employees working at a factory site with the direct cost of production each month over a period of one year? A. Trend Analysis B. Ratio Analysis C. Regression Analysis D. Horizontal Analysis
C. Regression Analysis is defined as a statistical process between a dependent variable and independent variables. Based on the question, this one will most likely be performed A is wrong because trend analysis attempts to spot actionable patterns and not see the relationship between data B is wrong because ration analysis is geared toward liquidity and is more toward financial statements C is wrong because horizontal analysis is another name for trend analysis (fun fact)
The most effective method of reporting engagement results to management and stimulating action is to A. Deliver a lecture on the engagement results B. Limit verbal commentary and present a series of slides that graphically depict the engagement results C. Use slides to support a discussion of major points D. Distribute copies of the repot, ask participants to read the report, and ask for questions
C. is correct because it is the most broad and gives the most best practices B is incorrect because of the phrase "limit verbal commentary". This is not necessarily true
During a routine audit of a customer service hotline, an internal auditor noticed that an unusually high number of customer complaints pertained to payments not being applied to the customers' accounts. Which of the following would most likely be the reason for the high volume of complaints? A. An ineffective customer service department. B. Poor controls in the invoice approval processes. C. Check tampering by an employee. D. Submission of fraudulent expense reports.
C: If payments are not being applied, a possible reason is that an EE is pocketing the payments and leaving the customer account open A is incorrect because it does specifically address thr reason for the customer complaints B is incorrect because invoice approval is not the reason for payments not being applied D is incorrect customers are not apart of the company
In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should: A. Tell the employee a piece of information obtained from a coworker in a previous interview. B. Put sensitive questions at the beginning of a questionnaire to ensure that they are answered. C. Explain that the auditor's reputation for integrity, which is vital to the auditor's business success, would be seriously damaged if confidentiality were breached. D. Point out that management has given the auditor full authority to conduct this interview.
C: This answer will give the interviewer confidence and that the internal auditor can be trusted A is incorrect because you should not share information to another EE, especially if the information is proprietary B is just not a good answer and there is no reason for questions to be in a certain order D Might intimidate the interviewer and therefore no useful information will probably not be obtained
A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior? A. Integrity. B. Flexibility. C. Initiative. D. Curiosity.
D
A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger? A. Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date. B. All completed training costs, and the cost of actual production hours completed to date. C. Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs. D. All completed training costs, and 50% of the contracted production costs.
D
According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement? A. The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement. B. The appropriateness and sufficiency of resources and the ability to coordinate with external auditors. C. The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors. D. The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.
D
According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations? A. Degree of effort and cost needed to correct the reported condition. B. Complexity of the corrective action. C. Impact that may result should the corrective action fail. D. Amount of resources required to conduct the follow-up activities.
D
An internal auditor compares real-time gasoline production data to corresponding final gasoline production reports and finds minor but consistent daily discrepancies. If the auditor is concerned about theft, which of the following next steps is most consistent with IIA guidance? A. Reconcile online data and the final production reports to gasoline sales reports. B. Contact security personnel as evidence suggests gasoline is being stolen from production premises. C. Confront the production manager and ask her to explain the differences between real-time and reported data. D. Review the processes used to collect the production data and to compile the final production reports
D
An internal auditor has been assigned to perform a quality audit on a manufacturing plant. Which course of action should the auditor perform first? A. Compare the planned outputs with the actual outputs. B. Ascertain the costs of materials purchased. C. Evaluate the plant's ability to meet production quotas. D. Review the levels of scrap and rework.
D
An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take? A. Observe corrective measures. B. Seek a management assurance declaration. C. Follow up during the next scheduled audit. D. Conduct appropriate testing to verify management responses.
D
The chief audit executive (CAE) determined that based on management's oral response, the action taken regarding an audit observation was sufficient when weighted against the relative importance of the audit recommendation. Which of the following is the most appropriate step for the internal auditor to take next? A. Initiate a follow-up audit to ensure that action has really been taken. B. Follow-up with management until a written response is obtained. C. Escalate the issue to the board and get their position on the issue. D. Note in the permanent file that follow-up needs to be performed as part of the next engagement.
D
The chief audit executive established an internal audit activity (IAA) performance standard requiring all audit reports to be issued within 48 hours of the exit meeting with the client. Which of the following describes an exit meeting strategy that would best help the IAA meet this performance standard? A. The objective of the exit meeting is to reach agreement on audit observations. B. The objective of the exit meeting is to solicit action plans for audit observations. C. The objective of the exit meeting is to confirm final details of fieldwork. D. The objective of the exit meeting is to confirm understanding of audit results
D
The scope of a business process review primarily involves: A. Appraising the environment and comparing against established criteria. B. Assessing the organization's system of internal controls. C. Reviewing routine financial information and assessing the appropriateness of various accounting treatments. D. Evaluating organizational and departmental structures, including assessments of transaction flows.
D
Which of the following is not a primary reason for outsourcing a portion of the internal audit activity? A. To gain access to a wider variety of skills, competencies and best practices. B. To complement existing expertise with a required skill and competency for a particular audit engagement. C. To focus on and strengthen core audit competencies. D. To provide the organization with appropriate contingency planning for the internal audit function
D
Which of the following is not relevant when developing recommendations for inclusion in audit reports? A. Feasibility. B. Cost of implementation. C. Underlying causes. D. Timing of follow-up.
D
Which of the following is not true regarding the management of internal audit resources? A. A minimum level of information technology knowledge is necessary. B. The adequacy of internal audit resources is ultimately a board responsibility. C. Resources include external service providers and computer-assisted audit techniques. D. Skills availability must be aligned with financial constraints.
D
Which of the following statements describes an engagement planning best practice? A. It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement. B. If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase. C. The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final. D. Engagement planning activities include setting engagement objectives that align with audit client's business objectives.
D
Which of the followings statements describes a best practice regarding assurance engagement communication activities? A. All assurance engagement observations should be communicated to the audit committee. B. All assurance engagement observations should be included in the main section of the engagement communication. C. During the "communicate" phase of an assurance engagement, it is best to define the methods and timing of engagement communications. D. A detailed escalation process should be developed during the planning stage of an assurance engagement.
D
While performing a follow-up of a concern about equipment-inventory tracking, which course of action is not necessary for the auditor to take? A. Ensure that the steps being taken resolve the condition disclosed by the initial finding. B. Ensure that controls have been implemented to prevent the issue from occurring again. C. Ensure that the entity has begun to experience benefits as a result of resolving the issue. D. Ensure that the inherent risk has been eliminated as a result of resolving the issue.
D
Which of the following is the first step in the process where auditors and clients work together to evaluate the client's system of internal control A. Assess Risks B. Develop Questionaires C. Identify and assess controls D. Identify Objectives
D. Identifying Objectives is always the first thing you do, along with strategy A is incorrect because you cannot assess risk if you do not know what objectives you are trying to achieve B is incorrect because you would not know what to base the questionnaire off of without objectives and risks C Will not be able to identify controls without knowing the objectives or the risk
Which of the following is least likely to help ensure that risk is considered in a work program? A. Risks are discussed with audit client. B. All available information from the risk-based plan is used. C. Client efforts to affect risk management are considered. D. Prior risk assessments are considered.
D. Prior year is the least useful
n which of the following cases is it appropriate for an audit report to not contain management's response either within the report or as an attachment? A. Management's response to an audit report is generally not a requirement. B. Internal controls were found to be properly designed and operating effectively although operations are deemed inefficient. C. There was insufficient time to obtain management's response during the draft reporting process. D. An internal audit report contains no observations.
D. Remember that Observations is another word for finding. If the audit report contains no findings, than management would not have a response A is incorrect because management response is required if there is a finding.
What is most appropriate when conducting an interview during the course of a fraud investigation? A. Schedule the interview well in advance B. Explain the detailed purpose to the interview C. Assume the Interviewer is guilty D. Have a witness present
D. This is the best answer of the choices provided. A is wrong because, based on the question, the interview is ongoing, this might be the best answer when preparing/scheduling an interview C is wrong because you do not know if the individual is guilty B is wrong because you do not want the interviewee to be guarded when you ask questions.
The Best reason for the increased use of oral reports to supplement written reports is A. Reduce the amount of testing required to support audit findings B. Can be delivered in an informal manner without prep C. Can be prepared using a flexible format and reduce the information included in the written report D. Permit auditors to counter arguments and provide additional information that the audience may require
D. This is the most flexible answer and the one that makes sense based on the other answers A is incorrect because Oral reporting does not affect the amount of testing B is wrong because an IA should always be prepared C is wrong because although it can be flexible, it will not reduce the information included in the written report. Should be consistent
Which of the following is an advantage of an interim report I An interim report provides timely feedback to the audit engagement client II An interim Report Provides a mechanism for communicating information on red flags promptly while they are being investigated III An interim report provides an opportunity for auditor follwo up of findings before the engagement is completed IV An interim Report increases the probability that corrective action will be initiated more quickly
I, IIi, and IV The issue with II is the phrase " Communicating information on red flags promptly while they are being investigated" In the real world
In a review of EDI application using a third party provider, the auditor should do which or all of the following I Ensure encryption keys meet ISO standards II Determine if an independent review of the service provider has been conducted III Verify only public switched data networks are used by the serice provider IV Verify that the service providers contract includes necessary clauses, such as the right to audit
II and IV- the common theme for this is that these are in the skillset of the internal auditor III is incorrect because, based on the information, this is too specific of a question in regards to EDI that the third party controls I is incorrect because ISO standards may not be important for our organization and therefore not a criteria the IA should be concerned about
