Exact2Pass
An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?
An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?
Which of the following conditions are necessary for successful change management?
1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.
Which of the following statements describes an engagement planning best practice?
According to IIA guidance, which of the following activities is most likely to enhance stakeholders' perception of the value the internal audit activity (IAA) adds to the organization?
1. The IAA uses computer-assisted audit techniques and IT applications.
2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.
3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.
4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.
Which of the following statements is true pertaining to interviewing a fraud suspect?
1. Information gathered can be subjective as well as objective to be useful.
2. The primary objective is to obtain a voluntary written confession.
3. The interviewer is likely to begin the interview with open-ended questions.
4. Video recordings always should be used to provide the highest quality evidence.
During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?
When creating the internal audit plan, the chief audit executive should prioritize engagements based primarily on which of the following?
Which of the following has the greatest effect on the efficiency of an audit?
According to IIA guidance, which of the following statements are true regarding the internal audit plan?
1. The audit plan is based on an assessment of risks to the organization.
2. The audit plan is designed to determine the effectiveness of the organization's risk management process.
3. The audit plan is developed by senior management of the organization.
4. The audit plan is aligned with the organization's goals.
An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?
A) 
B)
C) 
D) 
Which of the following components should be included in an audit finding?
1. The scope of the audit.
2. The standard(s) used by the auditor to make the evaluation.
3. The engagement's objectives.
4. The factual evidence that the internal auditor found in the course of the examination.
An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?
Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?
The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?
A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?
According to IIA guidance,which of the following is true about the supervising internal auditor's review notes?
• They are discussed with management prior to finalizing the audit.
• They may be discarded after working papers are amended as appropriate.
• They are created by the auditor to support her fieldwork in case of questions.
• They are not required to support observations issued in the audit report.
It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?
For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?
During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?
Which of the followings statements describes a best practice regarding assurance engagement communication activities?
Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?
Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?
Which of the following best describes the four components of a balanced scorecard?
Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?
1. The hedge documentation designating the hedge.
2. The spot exchange rate on the transaction date.
3. The terms of the forward contract.
4. The amount of fuel purchased.
Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.
A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?
According to IIA guidance, which of the following statements is true regarding periodic internal assessments of the internal audit activity?
During an audit engagement, the internal auditor discussed a risk mitigation recommendation with the manager of the area under review. The manager disagreed with the risk assessment and recommendation. The two failed to come up with an alternative solution, and the auditor decided to proceed with including the original recommendation in the engagement report. Which of the following is especially important in dealing with this type of situation?
Which of the following statements is true about The IIA Global Internal Audit Competency Framework?
An auditor in charge was reviewing the workpapers submitted by a newly hired internal auditor. She noted that the new auditor's analytical work did not include any rating or quantification of the risk assessment results, and she returned the workpapers for correction. Which section of the workpapers will the new auditor need to modify?
Which of the following scenarios best illustrates the principle of due professional care?
Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?
Which of the following best demonstrates the authority of the internal audit activity?
Which of the following best ensures the independence of the internal audit activity?
1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis.
2. The audit committee reviews the performance of the chief audit executive (CAE) periodically.
3. The internal audit charter requires the CAE to report functionally to the audit committee.
According to IIA guidance, which of the following is an area in which the internal auditor should be proficient?
Forty-five percent of an organization's customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates $1.25 million customer payments due during the contract period.
Which of the following represents the organization's residual risk for online customer payments due?
An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. Which of the following is an example of risk reduction?
An internal audit charter, approved by the board, restricts the internal audit activity to providing assurance only on the reliability of financial information and the effectiveness of internal accounting controls. Which of the following statements is true regarding the extent to which the external auditor may rely on the internal audit activity's work?
A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.
Which of the following controls is correctly classified?
1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.
2. Defensive driver training is an example of a directive control.
3. The installation of tracking devices in delivery vehicles is an example of a corrective control.
4. Providing a vehicle driver handbook is an example of a detective control.
As a matter of policy, the chief audit executive routinely rotates internal audit staff assignments and periodically interviews the staff to discuss the potential for conflicts of interest. These actions help fulfill which of the following internal audit mandates?
According to The MA Code of Ethics, which of the following is one of the rules of conduct for objectivity?
According to COSO, which of the following describes a principle related to the control environment?
Which of the following options is the most cost-effective and efficient way for internal auditors to keep current with the latest developments in the internal audit profession?
An organization is facing a financial downturn and needs to impose major budget reductions to all departments. According to MA guidance, which of the following actions is most appropriate for the board to take to evaluate the potential impact on the internal audit activity?
According to IIA guidance, which of the following should be included in the internal audit charter?
According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization's social responsibility program is effective?
A credit card company detects potential errors in credit card numbers by checking whether all entered numbers contain the correct amount of digits. This is an example of which of the following IT controls?
Which of the following is most likely to enhance an internal auditor's objectivity?
A government agency maintains a system of internal control, according to the COSO model, and has made a change to its employee performance reviews and rewards program. This change relates to which of the following components of COSO's internal control framework?
The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently. Which common characteristics of fraud will the practice and policy most likely reduce?
According to IIA guidance, which of the following statements is true regarding the reporting of results from an external quality assessment of the internal audit activity?
According to the COSO internal control framework, which of the following best describes the use of continuous auditing programs by the internal audit activity?
The manager for an organization's accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?
Management is developing and implementing a risk and control framework for use throughout the organization. Which of the following elements should be included in the organization's control framework?
1. Appropriate levels of authority and responsibility.
2. Supervision of staff and appropriate review of work.
3. The seniority of management in the organization.
4. The ability to trace each transaction to an accountable and responsible individual.
Which of the following is the most effective control to prevent unauthorized entrance of a former employee of the organization?
Which of the following IT controls includes protection for mainframe computers and workstations?
During an audit of the organization's annual financial statements, the internal auditor notes that the current cost of goods sold percentage is substantially higher than in prior years. Which of the following is the most likely explanation for this increase?
Which of the following statements is false regarding the internal audit approach when a set of standards other than The IIA's Standards is applicable to a specific engagement?
According to Porter's model of competitive strategy, which of the following is a generic strategy?
1. Differentiation.
2. Competitive advantage.
3. Focused differentiation.
4. Cost focus.
According to IIA guidance, which of the following steps are most important for an internal auditor to perform when evaluating an organization's social and environmental impact on the local community?
In which type of business environment are price cutting strategies and franchising strategies most appropriate?
Which of the following distinguishes the added-value negotiation method from traditional negotiating methods?
Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?
The percentage of sales method, rather than the percentage of receivables method, would be used to estimate uncollectible accounts if an organization seeks to:
A large hospital has an existing contract with a vendor in another country to provide software support and maintenance of the hospital's patient records information system. From the hospital management's perspective, which of the following controls would be most effective to address privacy risks related to this outsourcing arrangement^
Operational management in the IT department has introduced performance evaluation policies that are linked to employees achieving continuing education hours. This activity is designed to prevent which of the following conditions?
The economic order quantity for inventory is higher for an organization that has:
What kind of strategy would be most effective for an organization to adopt in order to implement a unique advertising campaign for selling identical product lines across all of its markets?
Which of the following statements is true regarding reversing entries in an accounting cycled
Which of the following methods, if used in conjunction with electronic data interchange (EDI), will improve the organization's cash management program, reduce transaction data input time and errors, and allow the organization to negotiate discounts with EDI vendors based on prompt payment?
If a bank's activities are categorized under such departments as community banking, institutional banking, and agricultural banking, what kind of departmentalization is being utilized?
Which of the following are appropriate reasons for internal auditors to document processes as part of an audit engagement?
1. To determine areas of primary concern.
2. To establish a standard format for process mapping.
3. To define areas of responsibility within the organization.
4. To assess the performance of employees.
Multinational organizations generally spend more time and effort to identify and evaluate:
The balanced scorecard approach differs from traditional performance measurement approaches because it adds which of the following measures?
1. Financial measures
2. Internal business process measures.
3. Client satisfaction measures
4. Innovation and learning measures
If a just-in-time purchasing system is successful in reducing the total inventory costs of a manufacturing company, which of the following combinations of cost changes would be most likely to occur?
According to MA guidance on IT. which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?
When attempting to devise creative solutions to problems, team members initially should do which of the following?
Which of the following application controls checks the integrity of data entered into a business application?
An organization has started allowing employees to use their personal smart devices to accept vendor payments. What should the organization's bring-your-own-device (BYOD) policy include to specifically address security and privacy required by the Payment Card Data Security Standard (PCI DSS)?
In an organization where enterprise risk management practices are mature, which of the following is a core internal audit role?