Crack4sure Logo
3 Months Free Update
3 Months Free Update
3 Months Free Update
According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?
Which of the following items should the chief audit executive disclose to senior management regarding the results of the internal audit activity's quality assessments?
An internal auditor uses a predefined macro provided in a popular spreadsheet application to verify the present value of the organization's investments. Which of the following is the most appropriate course of action regarding the auditor's use of this functionality?
Which of the following is the primary purpose of financial statement audit engagements?
An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?
According to the COSO internal control framework, which of the following best describes the use of continuous auditing programs by the internal audit activity?
According to IIA guidance, which of the following statements about working papers is false?
Which of the following IT controls includes protection for mainframe computers and workstations?
All of the following are true with regard to the first-in, first-out inventory valuation method except:
Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?
An organization's account for office supplies on hand had a balance of S9,000 at the end of year one. During year two. the organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11,500 in office supplies on hand. Based on this information, what would be recorded in the adjusting entry at the end of year two?
The cost to enter a foreign market would be highest in which of the following methods of global expansion?
Which of the following activities most significantly increases the risk that a bank will make poor-quality loans to its customers?
Which of the following is a strategy that organizations can use to stimulate innovation?
1. Source from the most advanced suppliers.
2. Establish employee programs that reward initiative.
3. Identify best practice competitors as motivators.
4. Ensure that performance targets are always achieved.
A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization's payroll function, which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?
An internal auditor is conducting an assessment of the organization's fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?
1. The organization uses an automated authority approval matrix to control payments.
2. The organization has a whistleblower hotline that is available to employees.
3. Annually, every manager completes a comprehensive fraud assessment of his or her department.
4. Annually, the organization reviews and communicates the code of expected behavior.
An assurance mapping exercise helps an organization do which of the following?
1. Provide assurance to stakeholders that risks are managed and reported, and regulatory and legal obligations are met.
2. Fulfill best practices in the industry.
3. Identify and address any gaps in the risk management process.
4. Identify fraud.
An organization is facing a financial downturn and needs to impose major budget reductions to all departments. According to MA guidance, which of the following actions is most appropriate for the board to take to evaluate the potential impact on the internal audit activity?
According to IIA guidance, which of the following statements is true when an internal auditor performs consulting services that improve an organization's operations?
According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization's social responsibility program is effective?
An internal auditor was asked to review an equal equity partnership In one sampled transaction Partner A transferred equipment into the partnership with a self-declared value of $10,000 and Partner B contributed equipment with a self-declared value of $15 000 The capital accounts of each partner were subsequently credited with S12,500. Which of the following statements is true regarding this transaction?
According to COSO, which of the following is not considered one of the components of an organization's internal environment?
According to IIA guidance, which of the following scenarios demonstrates an internal auditor exercising due professional care?
When auditing investments, the auditor identified instruments with which he was unfamiliar. He decided not to select that type of investment in his sample, as he did not have the knowledge needed to A. perform a proper assessment.
B. An auditor was reviewing inventory counts conducted by the warehouse staff. One truck containing an immaterial amount of inventory was off-site and wasn't verified by the auditor.
C. An auditor visited a plant that produces a significant portion of the organization's inventory. The day he arrived, the plant manager was out sick, so the auditor issued the report without interviewing the manager.
D. An auditor in charge needed to have testing completed by the end of the month, but was behind schedule. He identified a junior auditor to conduct the work for him on a complex area of the organization.
What should the internal auditor's role be in assessing the organization's ethical climate?
Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?
According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?
Which of the following statements is true pertaining to interviewing a fraud suspect?
1. Information gathered can be subjective as well as objective to be useful.
2. The primary objective is to obtain a voluntary written confession.
3. The interviewer is likely to begin the interview with open-ended questions.
4. Video recordings always should be used to provide the highest quality evidence.
According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?
Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?
Which of the following statements about slack time and milestones are true?
1. Slack time represents the amount of time a task may be delayed without delaying the entire project.
2. A milestone is a moment in time that marks the completion of the project's major deliverables.
3. Slack time allows the project manager to move resources from one task to another to ensure that the project is finished on time.
4. A milestone requires resource allocation and needs time to be completed.
Which of the following professional development approaches would offer internal auditors the most opportunities to broaden their engagement experiences?
According to The IIA's Code of Ethics, which of the following actions violates the principle of confidentiality?
An organization has instituted a bring-your-own-device (BYOD) work environment Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?
Which of the following is the best approach to overcome entry barriers into a new business?
An organization produces two products, X and Y. The materials used for the production of both products are limited to 500 kilograms (kg) per month. All other resources are unlimited and their costs are fixed. Individual product details are as follows:
Product X
Product Y
Selling price per unit
$10
$13
Materials per unit (at $1/kg)
2 kg
6 kg
Monthly demand
100 units
120 units
In order to maximize profit, how much of product Y should the organization produce each month?
Which of the following best describes an objective for an audit of an environmental management system?
During which phase of disaster recovery planning should an organization identify the business units, assets, and systems that are critical to continuing an acceptable level of operations?
If a just-in-time purchasing system is successful in reducing the total inventory costs of a manufacturing company, which of the following combinations of cost changes would be most likely to occur?
Which of the following control techniques would minimize the risk of interception during transmission in an electronic data interchange system?
1. Encryption.
2. Traffic padding.
3. Edit checks.
4. Structured data format.
An organization uses a database management system (DBMS) as a repository for data. The DBMS, in turn, supports a number of end-user developed applications which were created using fourth-generation programming languages. Some of the applications update the database. Which of the following is the most important control related to the integrity of the data in the database?
Which of the following is the first step an internal audit activity should undertake when executing a data analytics process'?
The market price is the most appropriate transfer price to be charged by one department to another in the same organization for a service provided when:
Which of the following IT strategies is most effective for responding to competitive pressures created by the marketplace?
Which of the following statements are true regarding the use of heat maps as risk assessment tools?
1. They focus primarily on known risks, limiting the ability to identify new risks.
2. They rely heavily on objective assessments and related risk tolerances.
3. They are too complex to provide an easily understandable view of key risks.
4. They are helpful but limited in value in a rapidly changing environment.
Which of the following examples demonstrates that the internal audit activity uses descriptive analytics in its engagements?
Which of the following statements is true regarding the capital budgeting procedure known as discounted payback period?
According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?
An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. Which of the following statements about a common risk language is true?
Which of the following types of social responsibilities is voluntary and guided purely by the organization's desire to make social contributions?
Which of the following is considered a violation of The IIA's Code of Ethics?
A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annua snowfall for the coming winter. Which of the following best describes this type of risk?
The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?
Which of the following best describes the four components of a balanced scorecard?
While conducting an audit of a third party's Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?
1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
4. Submit management's plan of action to the external auditors for additional review.
Which of the following has the greatest effect on the efficiency of an audit?
Which of the following statements is true regarding cost-volume-profit analysis?
According to IIA guidance, which of the following corporate social responsibility (CSR) activities is appropriate for the internal audit activity to perform?
An organization is considering mirroring the customer data for one regional center at another center. A disadvantage of such an arrangement would be:
Which of the following is a role of the board of directors in the governance process?
Which of the following is a detective control for managing the risk of fraud?
According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?
Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?
1. Graded positive opinion.
2. Negative assurance opinion.
3. Limited assurance opinion.
4. Third-party opinion.
An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?
According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?
Which of the following describes a key characteristic related to effective organizational communication?
An internal auditor is reviewing the accounts receivable when she discovers account balances more than three years old. The auditor was previously supervising the area during this time, and she subsequently advises the chief audit executive (CAE) of a potential conflict.
Which of the following is the most appropriate course of action for the CAE to take?
According to IIA guidance, which of the following should be included in the internal audit charter?
When auditing the award of a major contract, which of the following should an internal auditor suspect as a red flag for a bidding fraud scheme?
1. Subsequent change orders increase requirements for low-bid items.
2. Material contract requirements are different on the actual contract than on the request for bids.
3. A high percentage of employees are charged to indirect accounts.
4. Losing bidders are hired as subcontractors.
An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?
An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank's IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?
What is the primary benefit to the internal audit activity for undertaking an internal quality assessment?
According to the COSO enterprise risk management framework, which of the following best describes the activity that helps ensure risk responses are carried out effectively?
Which of the following is most likely to enhance an internal auditor's objectivity?
To fill a critical vacancy, an internal auditor is assigned temporarily to a nonaudit role in the purchasing department, where she worked previously before joining the internal audit activity. According to IIA guidance, which of the following statements is true regarding these circumstances?
The internal audit activity is planning a procurement audit and needs to obtain a thorough understanding of the subcontracting process, which can involve multiple individuals in multiple countries.
Which of the following internal audit tools would be most effective to document the process and the key controls?
Forty-five percent of an organization's customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates $1.25 million customer payments due during the contract period.
Which of the following represents the organization's residual risk for online customer payments due?
When developing the organization's first risk universe, which of the following would the chief audit executive be least likely to consider?
Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance?
1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2. The internal audit activity must assess whether the IT governance of the organization supports the organization's strategies and objectives.
3. The internal audit activity may assess whether the IT governance of the organization supports the organization's strategies and objectives.
4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's strategies and objectives.
Which of the following statements is true regarding the relationship between an individual’s average tax rate and marginal tax rate?
Where complex problems need to be addressed, which of the following communication networks would be most appropriate?
Which of the following is classified as a product cost using the variable costing method?
1. Direct labor costs
2. Insurance on a factory.
3. Manufacturing supplies.
4. Packaging and shipping costs
Which of the following factors is considered a disadvantage of vertical integration?
Which of the following is most important for an internal auditor to check with regard to the database version?
Which of the following describes the free trade zone in an e-commerce environment?
A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system. Which of the following is most likely the cause of the difficulty?
In mergers and acquisitions, which of the following is an example of a horizontal combination?
Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users?
What kind of strategy would be most effective for an organization to adopt in order to implement a unique advertising campaign for selling identical product lines across all of its markets?
Which of the following would best prevent unauthorized external changes to an organization's data?
An internal auditor is reviewing physical and environmental controls for an IT organization. Which control activity should not be part of this review?
Refer to the exhibit.
Presented below are partial year-end financial statement data (000 omitted from dollar amounts) for companies A and B:
If company A has a quick ratio of 2:1, then it has an accounts receivable balance of:
Division A produces a product with a variable cost of $5 per unit and an allocated fixed cost of S3 per unit The market price of the product is S15 plus 20 percent selling cost. Division B currently purchases this product from an external supplier but is going to purchase it from division A for S18 Which of the following methods of transfer pricing is being used?
Which of the following COSO internal control framework components encompasses establishing structures, reporting lines, authorities, and responsibilities?
Which of the following is an example of a physical security control that should be in place at an organization's data center?
The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?
A large hospital has an existing contract with a vendor in another country to provide software support and maintenance of the hospital's patient records information system. From the hospital management's perspective, which of the following controls would be most effective to address privacy risks related to this outsourcing arrangement^
Which of the following conditions could lead an organization to enter into a new business through internal development rather than through acquisition?
A multinational organization involved in online business has planned to set up a help desk service. Which of the following best describes the role performed by the help desk?
During an audit of the organization's annual financial statements, the internal auditor notes that the current cost of goods sold percentage is substantially higher than in prior years. Which of the following is the most likely explanation for this increase?
An internal auditor performed a review of IT outsourcing and found that the service provider was failing to meet the terms of the service level agreement. Which of the following approaches is most appropriate to address this concern?
According to MA guidance, which of the following would indicate poor change management control?
1. Low change success rate
2. Occasional planned outages
3. Low number of emergency changes.
4. Instances of unauthorized changes
Which of the following is an example of a nonfinancial internal failure quality cost?
In which of the following plans is an employee most likely to find guidance on action and performance standards?
Which of the following authentication controls combines what a user knows with the unique characteristics of the user respectively?
According to the ISO 14001 standard, which of the following is not included in the requirements for a quality management system?
Which of the following is true regarding an organization's relationship with external stakeholders?
Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.
Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization's health and safety program?
According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?
The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?
Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?
A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?
A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?
1. The client manager and her superior.
2. Anyone who may object to the report’s validity.
3. Anyone required to take action.
4. The same individuals who receive the final report.
Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?
1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.
2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.
3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.
4. Communicate to senior management a summary report on the status and adequacy of audit resources.
According to IIA guidance, which of the following statements are true regarding the internal audit plan?
1. The audit plan is based on an assessment of risks to the organization.
2. The audit plan is designed to determine the effectiveness of the organization's risk management process.
3. The audit plan is developed by senior management of the organization.
4. The audit plan is aligned with the organization's goals.
It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?
When forming an opinion on the adequacy of management's systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?
• During an audit of the hiring process in a law firm, it was discovered that potential employees' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.
• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.
• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.
• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?
Which of the following conditions are necessary for successful change management?
1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.
A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?
Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?
1. The hedge documentation designating the hedge.
2. The spot exchange rate on the transaction date.
3. The terms of the forward contract.
4. The amount of fuel purchased.
An auditor identifies three errors in the sample of 25 entries selected for review (a 12 percent error rate). Based on this result, the auditor assumes that approximately 59 of the total population of 492 entries are incorrect. To reach this assumption, the auditor has used a technique known as which of the following?
According to IIA guidance, which of the following is an area in which the internal auditor should be proficient?
According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?
A furniture manufacturer has installed a new fire sprinkler system at its central warehouse and canceled the existing fire insurance policy on that property. What change of risk response strategy does this course of action most likely reflect?
An internal audit team is performing an audit of workplace accident claims.
Which of the following actions by the audit team best demonstrates due professional care?
Faced with a complex, highly technical construction audit engagement, the chief audit executive (CAE) considered complementing the current internal audit resources by engaging the services of a civil engineer.
Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?
1. Professional certification, license, or other recognition of the engineer's competence in the relevant discipline.
2. Experience of the engineer in the type of work being considered.
3. Compensation or other incentives that the engineer may receive.
4. The extent of other ongoing services that the engineer may be performing for the organization.
Which of the following is true regarding the use of a formal risk management framework?
1. It facilitates a methodical approach to risk mitigation.
2. It defines and standardizes the terminology used in risk communication.
3. It establishes the risk tolerance levels to be accommodated in the strategy.
4. It facilitates the alignment of risk mitigation strategies with management priorities.
Which of the following control methods is effective in reducing the risk of purchasing-scheme fraud?
1. Periodically reviewing the vendor list for unusual vendors and addresses.
2. Segregating duties for amount purchasing, receiving, shipping, and accounting.
3. Validating sequential integrity of purchase orders.
4. Verifying the validity of invoices with post office box addresses.
An auditor in charge was reviewing the workpapers submitted by a newly hired internal auditor. She noted that the new auditor's analytical work did not include any rating or quantification of the risk assessment results, and she returned the workpapers for correction. Which section of the workpapers will the new auditor need to modify?
Which of the following controls could an internal auditor reasonably conclude is effective by observing the physical controls of a large server room?
While preparing for an audit of senior management expenses, the chief audit executive (CAE) learns that management is unable to locate a number of original expense claims to support the related disbursements. She decides to defer the engagement until they can be located. Which of the following principles likely guided the CAE's decision?
Which of the following control activities is the most effective to ensure users' levels of access are appropriate for their current roles?
An internal auditor who is carrying out an engagement to review controls related to corporate tax reporting must possess which of the following competencies?
1. Proficiency in analyzing key IT risks and controls.
2. The ability to recognize significant deviations from good business practices.
3. Knowledge of key indicators of fraud in tax reporting.
4. The ability to recognize the existence of problems related to tax accounting.
The manager for an organization's accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?
Which of the following responsibilities would fall under the role of the chief audit executive, rather than internal audit staff or the audit manager?
Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?
According to The MA Global Internal Audit Competency Framework, which of the following areas of training would best assist the internal audit activity in improving its use of tools and techniques?
An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use?
An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?
1. The competency and qualifications of the audit staff for specific assignments.
2. The effectiveness of IAA staff performance measures.
3. The number of training hours received by staff auditors compared to the budget.
4. The geographical dispersion of audit staff across the organization.
The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA.
4. Arrange for reciprocal peer review with another CAE.
Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?
An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?
A) 
B)
C) 
D) 
An internal control questionnaire would be most appropriate in which of the following situations?
Which of the following statements describes an engagement planning best practice?
An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?
A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?
Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's board?
1. Intervening during an audit involving ethical wrongdoing.
2. Discussing periodic reports of ethical breaches.
3. Authorizing an investigation of an unsafe product.
4. Negotiating a settlement of an employee claim for personal damages.
An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?
Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?
According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?
The final internal audit report should be distributed to which of the following individuals?
A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.
According to IIA guidance, organizations have the most influence on which element of fraud?
The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?
During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?
Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?
The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?
TESTED 14 Sep 2025