Which of following is not one of the three components of the internal auditing value proposition:
independence
assurance
insight
objectivity
Independence
Which of the following is not a key components of the definition of internal auditing
Answers:
Helping the organization accomplish its objectives.
Installing and managing effective accounting internal controls.
Evaluating and improving the effectiveness o
Selected Answer:
Installing and managing effective accounting internal controls.
What is the most accurate term for the procedures used by the board to oversee activities performed to achieve organizational objectives?
Governance
Control
Risk Management
Monitoring
Governance
Is the following definition of Governance true or false? Governance is the process conducted by the board of directors to authorize, direct, and oversee management toward the achievement of the organization's objectives.
True
Which of the following activities is outside the scope of internal auditing?
Evaluating risk exposure regarding compliance with policies, procedures, and contracts.
Safeguarding of assets.
Evaluating risk exposures regarding compliance with laws and regul
Safeguarding of assets.
The purpose of the internal audit activity's evaluation of the effectiveness of existing risk management processes is to determine that
Management has planned and designed so as to provide reasonable assurance of the achieving objectives.
Management direc
Management has planned and designed so as to provide reasonable assurance of the achieving objectives.
Which of the following goals sets risk management strategies at the optimum level?
Minimize costs
Maximize market share
Minimize losses
Maximize shareholder value
Maximize shareholder value
Is the following definition of Assurance true or false? Assurance is subjective examination of evidence for the purpose of providing an independent assessment on risk management, control, or governance processes for the organization.
False
Which one is not the internal auditor's assurance responsibility to achieve organizations strategy, operational, financial, and compliance objectives
Assurance on Governance
Assurance on Risk
Assurance on Financial Statements
Assurance on Controls
Assurance on Financial Statements
Which one of the following is not a part of business objectives of COSO 2004
Strategic Objectives
Operations Objectives
Enforcing Objectives
Compliance Objectives
Enforcing Objectives
Which of the following is NOT an appropriate governance role for an organization's board of directors?
a.
Influencing the organization's risk-taking philosophy
b.
Evaluating and approving strategic objectives
c.
Providing assurance directly to third parti
c.
Providing assurance directly to third parties that the organization's governance processes are effective
The internal audit activity should assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives except.
a.
Promoting appropriate ethics and values within the organization
b.
Ensuring pr
Selected Answer:
b.
Ensuring proper implementation of controls
Governance is ultimately the responsibility of the board. The first of the board's responsibility is to identify the key stakeholders of an organization. A stakeholder is any party with a direct or indirect interest in an organization's activities and out
Shareholders/investors
Because the various stakeholders will likely have different expectations, the outcomes each type of stakeholder deems unacceptable will vary as well. The board may need to consider the following types of outcomes except:
Financial
Ethical
Operational
Stra
Ethical
The risk committee in an organization is responsible for determining that all key risks are identified, linked to risk management activities, and assigned to risk owners.
True
The responsibilities of the risk owners include the following except:
Evaluating whether the risk management activities are designed adequately to manage the related risks within the tolerable levels specified by the senior management.
Assessing the ongoi
Ensuring effective organizational performance management and accountability.
A series of business and related auditing failures led to the passage of the Sarbanes-Oxley Act (2002).
True
According to Title III-Corporate Responsibility, each member of the audit committee shall be a member of the board of directors and be independent. To be considered as independent, the committee member shall not accept any consulting, advisory, or other c
True
According to Title III of SOX Act of 2002, the SEC requires that the principal executive officer or officers and the principal financial officer or officers (the signing officers) are responsible for establishing and maintaining internal controls; have de
True
According to Title 404 of SOX 2002, SEC requires each annual report to contain an internal control report, which shall (a) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for fi
False
When assessing the risk associated with an activity, an internal auditor should
A.
Determine how the risk should best be managed.
B.
Provide assurance on the management of the risk
C.
Update the risk management process based on risk exposures.
D.
Design c
B.
Provide assurance on the management of the risk
The primary reason that a bank would maintain a separate compliance function is to
A.
Better manage perceived high risk.
B.
Strengthen control over the bank's investments.
C.
Ensure the independence of line and senior management.
D.
Better respond to shar
A.
Better manage perceived high risk.
Enterprise risk management
A.
Guarantees achievement of organizational objectives.
B.
Requires establishment of risk and control activities by internal auditors.
C.
Involves the identification of events with negative impacts on organizational objectives.
C.
Involves the identification of events with negative impacts on organizational objectives.
Which of the following represents the best statement of responsibilities for risk management?
Management/Internal Auditor/Board
A. Responsibility for risk/Oversight role/ Advisory role
B. Oversight role/Responsibility for risk/ Advisory role
C. Responsibi
C
The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. With respect to evaluating the adequacy of risk management processes, internal auditors most likely should
A.
Recognize that organi
B.
Determine that the key objectives of risk management processes are being met.
Which of the following is not a responsibility of the Chief Audit Executive?
A.
To communicate the internal audit activity's plans and resource requirements to senior management and the board for review and approval.
B.
To coordinate with other internal a
C.
To oversee the establishment, administration, and assessment of the organization's system of risk management processes.
Components of enterprise risk management (ERM) are integrated with the management process. Which of the following correctly states four of the eight components of ERM according to COSO's framework?
A.
Event identification, risk assessment, control activit
A.
Event identification, risk assessment, control activities, and objective setting.
Which risk response reflects a change from acceptance to sharing?
A.
An insurance policy on a manufacturing plant was not renewed.
B.
Management purchased insurance on previously uninsured property.
C.
Management sold a manufacturing plant.
D.
After emplo
B.
Management purchased insurance on previously uninsured property.
Which one of the following is not a part of ISO 31000 framework.
A.
Understand the organization and its context.
B.
Delegate accountability and authority.
C.
Allocate the necessary resources.
D.
Assess the risk.
D.
Assess the risk.
Which one of the following is not a part of ISO 3100 Process
A.
Establish the context, which focuses on understanding and agreeing on both the external and internal factors that will influence risk.
B.
Treat the risk.
C.
Monitor risk.
D.
Explicitly addres
D.
Explicitly address uncertainty.
A primary purpose of establishing a code of conduct within a professional organization is to
A.
Reduce the likelihood that members of the profession will be sued for substandard work.
B.
Ensure that all members of the profession perform at approximately t
C.
Promote an ethical culture among professionals who serve others.
The IIA's Code of Ethics requires internal auditors to perform their work with
A.
Honesty, diligence, and responsibility.
B.
Timeliness, sobriety, and clarity.
C.
Knowledge, skills, and competence.
D.
Punctuality, objectivity, and responsibility.
A.
Honesty, diligence, and responsibility.
The Standards consists of three types of Standards. Which Standards apply to the characteristics of providers of internal auditing services?
A.
Implementation Standards.
B.
Performance Standards.
C.
Attribute Standards.
D.
Independence Standards.
C.
Attribute Standards.
Which Standards expand upon the other categories of Standards?
A.
Performance Standards.
B.
Attribute Standards.
C.
Implementation Standards.
D.
All of the choices are correct.
C.
Implementation Standards.
The purpose of the internal audit activity can be best described as
A.
Adding value to the organization.
B.
Providing additional assurance regarding fair presentation of financial statements.
C.
Expressing an opinion on the adequate design and functioning
A.
Adding value to the organization.
The chief audit executive (CAE) has been appointed to a committee to evaluate the appointment of the external auditors. The engagement partner for the external accounting firm wants the CAE to join her for a week of hunting at her private lodge. The CAE s
B.
Refuse on the grounds of conflict of interest.
Which of the following permissible under The IIA's Code of Ethics?
A.
Disclosing confidential, engagement-related information that is potentially damaging to the organization in response to a court order.
B.
Using engagement-related information in a decis
A.
Disclosing confidential, engagement-related information that is potentially damaging to the organization in response to a court order.
The board of an organization has charged the chief audit executive (CAE) with upgrading the internal audit activity. The CAE's first task is to develop a charter. What item should be included in the statement of objectives?
A.
Report all engagement result
C.
Evaluate the adequacy and effectiveness of the organization's controls.
Due professional care implies reasonable care and competence, not infallibility or extraordinary performance. Thus, which of the following is unnecessary?
A.
The conduct of examinations and verifications to a reasonable extent.
B.
The conduct of extensive
B.
The conduct of extensive examinations.
Following an external assessment of the internal audit activity, who is (are) responsible for communicating the results to the board?
A.
Internal auditors.
B.
Audit committee.
C.
Chief audit executive.
D.
External auditors.
Selected Answer:
C.
Chief audit executive.
Which of the following is not a business process?
Strategic planning.
Review and write-off of delinquent loans
Safeguarding of assets.
Remittance of payroll taxes to the respective tax authorities.
Safeguarding of assets.
Which of the following symbols represents a process in a process map?
Rectangle.
Diamond.
Arrow.
Oval.
Rectangle
The key objectives of a process can be determined by getting answers to the following questions except:
Why does the process exist?
How does this process contribute to the success of the organization's strategy?
What accomplishments tend to get employees
What accomplishments tend to get employees involved in the process recognized by management or internal customers?
A business process is simply the set of connected activities linked with each other for the purpose of achieving an objective.
True
While Management and support processes do vary between organizations, they generally are necessary across all industries and support, but do not directly create, the value embedded in the organization's objectives.
True
According to COSO (Committee of Sponsoring Organization of the Treadway Commission) ERM objectives, the potential business risks are broken down into the following four categories: Strategic Risks, Operations Risks, Compliance Risks, and Reporting Risks.
Capital availability.
A major upgrade to an important information system would most likely represent a high:
External risk factor.
Internal risk factor.
Other risk factor.
Likelihood of future systems problems.
Internal risk factor.
After business risks have been identified, they should be assessed in terms of their inherent:
Impact and likelihood.
Likelihood and probability.
Significance and severity.
Significance and control effectiveness.
Impact and likelihood.
Following are some of the steps used in determining the critical risk factors and processes to take actions as internal auditors under the Business Risk Assessment Approach using COSO Framework except.
Identify business risks using the Basic Business Risk
Assign a score on a scale of 1-3 to each risk factor.
Following are some of the steps used in determining the risk factors and processes to audit or manage as internal auditors under the Risk Factor Approach for assessing business risks except.
Identify risk factors using the Basic Business Risk Model.
Estab
Use the Risk Assessment Model to determine the impact and likelihood of each risk factor.
The requirement that purchases be made from suppliers on an approved vendor list is an example of a:
Preventive control.
Detective control.
Compensating control.
Monitoring control.
Preventive control.
An effective system of internal controls is most likely to detect a fraud perpetrated by a:
Group of employees in collusion.
Single employee.
Group of managers in collusion.
Single manager.
Single employee.
Appropriate internal control for a multinational corporation's branch office that has a department responsible for the transfer of money requires that:
The individual who initiates wire transfers does not reconcile the bank statement.
The branch manager m
The individual who initiates wire transfers does not reconcile the bank statement.
The policies and procedures helping to ensure that management directives are executed and actions are taken to address risks to achievements of objectives describes
Risk assessment.
Control environment.
Control activities
Monitoring.
Control activities
An organization's directors, management, external auditors, and internal auditors all play important roles in creating a proper control environment. Senior management is primarily responsible for
Establishing a proper organizational culture and specifying
Establishing a proper organizational culture and specifying a system of internal control.
Which of the following represents the complete set of internal control components according to COSO framework:
Operations, Reporting, Risk assessment, Control activities, and Monitoring activities.
Reporting, Control environment, Risk assessment, Control
Control environment, Risk assessment, Control activities, Information & Communication, and Monitoring activities.
Proper segregation of functional responsibilities in an effective system of internal control calls for separation of the functions of
Authorization, execution, and payment.
Authorization, recording, and custody.
Custody, execution, and reporting.
Authoriz
Authorization, recording, and custody.
According to the PCAOB, who is responsible for the reliability of the internal controls over financial reporting process of an entity?
The entity's CEO and/or CFO.
The entity's board of directors.
An internal auditor.
The external auditor.
The entity's CEO and/or CFO.
Process level control is an activity that operates within a specific process for the purpose of achieving process-level objectives. Which of the following is not an example of the process level control.
Reconciliation of key accounts.
Process employee sup
Authorizations.
In the interest of reliable financial reporting, management makes assertions regarding the recognition, measurement, presentation, and disclosure of accounts, transactions, events included in the entity's financial statements. Which of the following is no
Classification
The Internet firewall is designed to provide protection against:
Computer viruses.
Unauthorized access from outsiders.
Lightning strikes and power surges.
Arson.
Unauthorized access from outsiders.
Which of the following best illustrates the use of EDI?
Purchasing merchandise from a company's Internet site.
Computerized placement of a purchase order from a customer to its supplier.
Transfer of data from a desktop computer to a database server.
Withd
Computerized placement of a purchase order from a customer to its supplier.
Which of the following issues would be of most concern to an auditor relating to an organization's Internet security policy?
Auditor documentation.
System efficiency.
Data integrity.
Rejected and suspense item controls.
Data integrity.
Passwords for personal computer software programs are designed to prevent
Inaccurate processing of data.
Unauthorized access to the computer.
Incomplete updating of data files.
Unauthorized use of the software.
Unauthorized use of the software.
The best preventive measure against a computer virus is to
Compare software in use with authorized versions of the software.
Executive virus exterminator programs periodically on the system.
Allow only authorized software from known sources to be used on
Allow only authorized software from known sources to be used on the system.
The reliability and integrity of all critical information of an organization, regardless of the media is which the information is stored, is the responsibility of
Shareholders.
IT department.
Management
All employees
Management
Which of the following is part of the board's role in protecting against privacy threats?
Established a privacy framework.
Identifying the information gathered by the organization that is deemed personal or private.
Identifying the methods used to collect
Established a privacy framework.
Which of the following is considered to be a server in a local area network (LAN)?
The cabling that physically interconnects the nodes of the LAN.
A device that stores program and data files for users of the LAN.
A device that connects the LAN to other ne
A device that stores program and data files for users of the LAN.
Change control typically includes procedures for separate libraries for production programs and for test versions of programs. The reason for this practice is to
Promote efficiency of system development.
Segregate incompatible duties.
Facilitate user inpu
Segregate incompatible duties.
A systems development approach used to quickly produce a model of user interfaces, user interactions with the system, and process logic is called
Neural Networking.
Prototyping.
Reengineering.
Application generation.
Prototyping
Which of the following is not a typical "rationalization" of a fraud perpetrator?
A. It's in the organization's best interest.
B. The company owes me because I'm underpaid.
C. I want to get back at my boss (revenge).
D. I'm smarter than the rest of them.
D. I'm smarter than the rest of them.
Which of the following is not something all levels of employees should do?
Answers:
A. Understand their role within the internal control framework.
B. Have a basic understanding of fraud and be aware of the red flags.
C. Report suspicions of incidences of
Selected Answer:
D.
Investigate suspicious activities that they believe may be fraudulent.
In the course of their work, internal auditors must be alert for fraud and other forms of white-collar crime. The important characteristic that distinguishes fraud from other varieties of white-collar crime is that?
A. Fraud is characterized by deceit, co
Selected Answer:
A.
Fraud is characterized by deceit, concealment, or violation of trust.
In an organization with a separate division that is primarily responsible for the prevention of fraud, the internal audit activity is responsible for?
Answers:
Examining and evaluating the adequacy and effectiveness of that division's actions taken to pre
Selected Answer:
Examining and evaluating the adequacy and effectiveness of that division's actions taken to prevent fraud.
Which of the following statements is (are) true regarding the prevention of fraud?
I. The primary means of preventing fraud is through internal control established and maintained by management.
II. Internal auditors are responsible for assisting in the pr
Selected Answer:
I, II, and III.
Internal auditors have a responsibility for helping to deter fraud. Which of the following best describes how this responsibility is usually met?
Answers:
By coordinating with security personnel and law enforcement agencies in the investigation of possibl
Selected Answer:
By evaluating the adequacy and effectiveness of controls in light of the potential exposure or risk.
An internal auditor who suspects fraud should?
Answers:
Determine that a loss has been incurred.
Interview those who have been involved in the control of assets.
Identify the employees who could be implicated in the case.
Recommend an investigation if app
Selected Answer:
Recommend an investigation if appropriate.
Red flags are conditions that indicate a higher likelihood of fraud. Which of the following is not considered a red flag?
Answers:
Management has delegated the authority to make purchases under a certain value to subordinates.
An individual has held the s
Selected Answer:
Management has delegated the authority to make purchases under a certain value to subordinates.
Which of the following policies is most likely to result in an environment conductive to the occurrence of fraud?
Answers:
Budget preparation input by the employees who are responsible for meeting the budget.
Unreasonable sales and production goals.
The d
Unreasonable sales and production goals.
The following are facts about a subsidiary?
1.The subsidiary has been in business for several years and enjoyed good profit margins although the general economy was in a recession, which affected competitors.
The working capital ratio has declined from a
Consider 1.,2.,3., and 4. As warning signals of fraud.
Senior management has requested that the internal audit function perform an operational review of the telephone marketing operations of a major division and recommend procedures and policies for improving management control over the operation. The interna
Selected Answer:
A.
Accept the audit engagement because independence would not be impaired.
Which of the following is not a responsibility of the CAE?
Answers:
A.To communicate the internal audit function's plans and resource requirements to senior management and board for review and approval.
B.To oversee the establishment, administration, and
Selected Answer:
B.
To oversee the establishment, administration, and assessment of the organization's system of internal controls and risk management processes.
The purpose of the internal audit activity's evaluation of the effectiveness of existing risk management processes is to determine that?
Answers:
A. Management has planned and designed so as to provide reasonable assurance of achieving objectives.
B. Mana
B.
Management directs processes so as to provide reasonable assurance of achieving objectives.
What is the most accurate term for the procedures used by the board to oversee activities performed to achieve organizational objectives?
Answers:
A. Governance.
B. Control.
C. Risk management.
D. Monitoring.
Selected Answer:
A.
Governance.
Who has primary responsibility for providing information to the board on the professional and organizational benefits of coordinating internal audit activities with those of other providers of similar services?
Answers:
A. The external auditor.
B. The chi
Selected Answer:
B.
The chief audit executive.
To improve their efficiency, internal auditors may rely upon the work of external auditors if it is?
Answers:
A. Performed after the internal auditing work.
B. Primarily concerned with operational objectives and activities.
C. Coordinated with internal au
Selected Answer:
C.
Coordinated with internal auditing work.
If an organization has no formal risk management processes, the chief audit executive should?
Answers:
A. Establish risk management processes based on industry norms.
B. Formulate hypothetical results of possible consequences resulting from risks not bein
Selected Answer:
D.
Formally discuss with the directors their obligations for risk management processes.
The chief audit executive should develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. All of the following are included in a quality program ex
Selected Answer:
A.
Annual appraisals of individual internal auditors' performance.
As a part of a quality program, internal assessment teams most likely will examine which of the following to evaluate the quality of engagement planning and documentation for individual engagements?
Answers:
A. Written engagement work programs.
B. Project
Selected Answer:
A.
Written engagement work programs.
An external assessment of an internal audit activity contains an expressed opinion. The opinion applies?
A. Only to the internal audit activity's conformance with the Standards.
B. Only to the effectiveness of the internal auditing coverage.
C. Only to th
Selected Answer:
D.
To the entire spectrum of assurance and consulting work.
Your audit objective is to determine the purchases of office supplies have been properly authorized. If purchases of office supplies are made through the purchasing department, which of the following procedures is most appropriate?
Answers:
A. Vouch purch
Selected Answer:
A.
Vouch purchase orders to approve purchase requisitions.
An internal auditor is concerned that fraud, in the form of payments to fictitious vendors, may exist. Company purchasers, responsible for purchases of specific product lines, have been granted the authority to approve expenditures up to $10,000. Which of
Selected Answer:
C.
List all major Vendors by product lines. Select a sample of major vendors and examine supporting documentation for goods or services received.
An internal auditor's working papers should support the observations, conclusions, and recommendations to be communicated. One of the purposes of this requirement is to?
A. Provide support for the internal audit activity's financial budge.
B. Facilitate q
B.
Facilitate quality assurance reviews.
The internal auditor prepares working papers primarily for the benefit of?
Answers:
A. The external auditor.
B. The internal audit activity.
C. The engagement client.
D. Senior management.
Selected Answer:
B.
The internal audit activity.
Engagement working papers are indexed by means of reference numbers. The primary purpose of indexing is to?
A. Permit cross-referencing and simplify supervisory review.
B. Support the final engagement communication.
C. Eliminate the need for follow-up rev
Selected Answer:
A.
Permit cross-referencing and simplify supervisory review.
Which of the following conditions constitutes inappropriate working-paper preparation?
A. All forms and directives used by the engagement client are included in the working papers.
B. Flowcharts are included in the working papers.
C. Engagement observatio
Selected Answer:
A.
All forms and directives used by the engagement client are included in the working papers.
Engagement information is usually considered relevant when it is?
Answers:
A. Derived through valid statistical sampling.
B. Objective and unbiased.
C. Factual, adequate, and convincing.
D. Consistent with the engagement objectives.
Selected Answer:
D.
Consistent with the engagement objectives.
Reliable information is?
Answers:
A. Supportive of the engagement observations and consistent with the engagement objectives.
B. Helpful in assisting the organization in meeting prescribed goals.
C.Factual, adequate, and convincing so that a prudent perso
Selected Answer:
D.
Competent and the best attainable through the use of appropriate engagement techniques.
In an operational audit, the internal auditors discovered an increase in absenteeism. Accordingly, the chief audit executive decided to identify information about workforce morale. To achieve this engagement objective, the internal auditors must understan
Selected Answer:
C.
Reliable information may be obtained about morale factors such as job satisfaction.
What characteristic of information is satisfied by an original signed document?
Answers:
A. Sufficiency.
B. Reliability
C. Relevance.
D. Usefulness.
Selected Answer:
B.
Reliability
The primary reason for an internal auditor to use statistical sampling rather than nonstatistical sampling is to:
Answers:
A.Allow the auditor to quantify, and therefore control, the risk of making an incorrect decision based on sample evidence.
B. Obtain
Selected Answer:
A.
Allow the auditor to quantify, and therefore control, the risk of making an incorrect decision based on sample evidence.
For which of the following would an internal auditor most likely use attribute sampling?
Answers:
A. Determining whether the year-end inventory balance is overstated.
B. Selecting fixed asset additions to inspect.
C. Choosing inventory items to test count
Selected Answer:
D.
Inspecting employee timecards for proper approval.
The achieved upper deviation limit is 7 percent and the risk of assessing control risk too low is 5 percent. How should the internal auditor interpret this attribute sampling outcome?
Answers:
A. There is a 7 percent chance that the deviation rate in the
Selected Answer:
C.
There is a 5 percent chance that the deviation rate in the population exceeds 7 percent.
If all other factors specified in a PPS sampling plan remain constant, changing the specified tolerable misstatement from $200,000 to $100,000 and changing the specified risk of incorrect acceptance from 10 percent to 5 percent would cause the required sa
Selected Answer:
A.
Increase.
In a sampling application, the group of items about which the auditor wants to estimate some characteristic is called the?
Answers:
A. Population.
B. Attribute of interest.
C. Sample.
D. Sampling unit.
Selected Answer:
A.
Population.
The variability of a population, as measured by the standard deviation, is the?
Answers:
A. Extent to which the individual values of the items in the population are spread about the mean.
B. Degree of asymmetry of a distribution.
C. Tendency of the means
Selected Answer:
A.
Extent to which the individual values of the items in the population are spread about the mean.
To project the frequency of shipments to wrong addresses, an internal auditor chose a random sample from the busiest month of each of the four quarters of the most recent year. The underlying concept of statistical sampling did the auditor violate?
Answer
Selected Answer:
B.
Failing to give each item in the population an equal chance of selection.
When planning an attribute sampling application, the difference between the expected error rate and the maximum tolerable error rate is the planned?
Answers:
A. Precision.
B. Reliability.
C. Dispersion.
D. Skewness.
Selected Answer:
A.
Precision.
An internal auditor is planning to use attribute sampling to test the effectiveness of a specific internal control related to approvals for cash disbursements. In attribute sampling, decreasing the estimated occurrence rate from 5% to 4% while keeping all
Selected Answer:
B.
Smaller.
If all other sample size planning factors were exactly the same in attribute sampling, changing the confidence level from 95% to 90% and changing the desired precision from 2% to 5% would result in a revised sample size that would be?
Answers:
A. Larger.
Selected Answer:
B.
Smaller.
While planning an assurance engagement, the internal auditor obtains knowledge about the auditee's operations to, among other things?
Answers:
A. Develop an attitude of professional skepticism concerning management's assertions.
B. Make constructive sugge
Selected Answer:
D.
Develop an understanding of the auditee's objectives, risks, and controls.
Internal auditors may provide consulting services that add value and improve an organization's operations. The performance of these services?
Answers:
A. Impairs internal auditors' objectivity with respect to an assurance service involving the same engage
Selected Answer:
C.
Should be consistent with the internal audit activity's empowerment reflected in the charter.
Comprehensive risk assessment involves analysis of both causes and effects. Which of the following statements concerning the analysis of causes and effects is false?
Answers:
A.Analyzing the causes and effects of a particular risk should only be performed
Selected Answer:
A.
Analyzing the causes and effects of a particular risk should only be performed after the internal auditor has first obtained evidence that a problem has occurred.
Internal auditors should design the scope of work in a consulting engagement to ensure that all of the following will be maintained except?
Answers:
A. Independence.
B. Integrity.
C. Credibility.
D. Professionalism.
Selected Answer:
A.
Independence.
Which of the following statements best describes an internal audit function's responsibility for assurance engagement follow-up activities?
Answers:
A.The internal audit function should determine that corrective action has been taken and is achieving the
Selected Answer:
A.
The internal audit function should determine that corrective action has been taken and is achieving the desired results, or that the senior management has assumed the risk associated with not taking corrective action on reported observ
During an operational engagement, the internal auditors compare the current staffing of a department with established industry standards to?
Answers:
A. Identify bogus employees on the department's payroll.
B.Assess the current performance of the departme
Selected Answer:
B.
Assess the current performance of the department and make appropriate recommendations for improvement.
Which of the following statement does not illustrate the concept of inherent business risk?
Answers:
A. Cash is more susceptible to theft than an inventory of sheet metal.
B.A broken lock on a security gate allows employees to access a restricted area tha
Selected Answer:
B.
A broken lock on a security gate allows employees to access a restricted area that they are not authorized to enter.
An internal auditor is conducting an audit of environmental protection and alarm devices. Which is the most significant objective of such an assignment? To determine whether?
Answers:
A. The devices are installed and operating properly.
B. The costs of th
Selected Answer:
A.
The devices are installed and operating properly.
The chief executive officer wants to know whether the purchasing function is properly meeting its charge to "purchase the right materials at the right time in the right quantities." Which of the following types of engagements addresses this request?
Answe
Selected Answer:
B.
An operational engagement relating to the purchasing function.
An operational engagement communication that concerns the scrap disposal function in a manufacturer should address?
Answers:
A.The efficiency and effectiveness of the scrap disposal function and include any observations requiring corrective action.
B. Whe
Selected Answer:
A.
The efficiency and effectiveness of the scrap disposal function and include any observations requiring corrective action.