Summer Special Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

Practice Free IIA-CIA-Part1 Internal Audit Fundamentals Exam Questions Answers With Explanation

We at Crack4sure are committed to giving students who are preparing for the IIA IIA-CIA-Part1 Exam the most current and reliable questions . To help people study, we've made some of our Internal Audit Fundamentals exam materials available for free to everyone. You can take the Free IIA-CIA-Part1 Practice Test as many times as you want. The answers to the practice questions are given, and each answer is explained.

Question # 6

According to IIA guidance, which of the following statements is true regarding due professional care?

A.

Internal auditors must exercise due professional care to Insure that all significant risks will be identified,

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist,

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost.

Question # 7

Which of the following should be considered in developing a risk and control model for use in an engagement?

A.

The risk and control model should be globally accepted by the profession.

B.

The risk and control model should be strictly adhered to in performing the engagement.

C.

The risk and control model should be tailored to the organization that will be the subject of the engagement.

D.

The risk and control model should be developed individually by the auditor for use on individual audit projects within the planned engagement.

Question # 8

Which of the following statements represents the most appropriate correlation between an organization ' s risk maturity and the internal audit activity’s consulting role in risk management processes?

A.

When an organization has a high level of risk maturity the internal audit activity is less likely to provide consulting services related to risk management

B.

When an organization has a low level of risk maturity, the internal audit activity is less likely to provide consulting services related to risk management

C.

When an organization has a high level of risk maturity the internal audit activity is more likely to provide consulting services related to risk management

D.

There is typically no correlation between an organization’s risk maturity and the extent to which the internal audit activity’s consulting role in risk management processes

Question # 9

In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?

A.

The CAE would need to procure external services to deliver the internal audit assurance program.

B.

There is no expertise within the internal audit team for detecting and investigating fraud.

C.

There is no expertise within the internal audit team for auditing an IT engagement.

D.

There is no available expertise on the internal audit team to perform a consulting engagement

Question # 10

A significant number of employees expressed concerns of a hostile work environment within a large manufacturing plant, which is in contrast to the organization ' s stated culture of tolerance and open communication. Which of the following approaches would be most effective for an internal auditor to assess whether the organization supports a culture of tolerance and open communication?

A.

Assess plant employees ' social media activity for specific messages related to tolerance and open communication

B.

Compare plant employees’ compensation and benefits with those at similar sized organizations that have a stated culture of tolerance and open communication.

C.

Evaluate organization policies and procedures for references related to encouraging tolerance and open communication.

D.

Conduct a meeting with all plant employees and management to discuss tolerance and open communication

Question # 11

According to NA guidance, which of the following conditions would enhance the independence of the internal audit activity?

A.

The organizational culture rewards critical and objective thinking.

B.

The quality of work performed by the internal audit activity is periodically reviewed,

C.

The organization establishes effective governing body oversight,

D.

Audit assignments are rotated among internal audit staff

Question # 12

An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles of the MA Code of Ethics did she display?

A.

Confidentiality.

B.

Independence.

C.

Competency.

D.

Objectivity

Question # 13

Which of the following statements is true regarding reporting results of the quality assurance and improvement program to senior management and the board?

A.

Internal assessments must be reported to the board at least every five years

B.

If supported by assessment results, reporting provides assurance that internal auditors demonstrate conformance with the Code of Ethics

C.

Following the reporting the board must give the internal audit activity five years to correct any deviations

D.

A report, including the results of both internal and external assessments must be provided to the board annually

Question # 14

Which of the following is the best example of a risk appetite statement concerning an investment portfolio?

A.

We will request CEO approval for investments greater than S20 million and board approval for investments greater than $50 million.

B.

We will hedge 95 percent of our U S. currency exposure and 100 percent of our European currency exposure.

C.

We have a moderate tolerance for investment earnings volatility with a target value at risk of S50 million.

D.

We will report to the risk committee all credit losses greater than S10 million and all market value losses greater than S20 million.

Question # 15

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments. The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International! Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.

The self-assessment results were validated by a qualified external review team three years prior.

D.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Question # 16

In a small company with a small budget, the board and senior management asked the chief audit executive (CAE) to develop specific controls prompted by a new regulatory requirement affecting a specific process. The CAE was also directed to report functionally to senior management. An audit engagement on this process was already set in the internal audit plan. Which of the following represents an impairment to the internal audit activity ' s independence?

A.

The development of controls by the CAE.

B.

The audit engagement regarding this process.

C.

The functional reporting of the CAE to senior management.

D.

The small budget.

Question # 17

Which of the following techniques should an internal auditor use in order to conduct an effective interview?

A.

Use technical language to establish credibility with the employee being interviewed

B.

Avoid straightforward questions to make the person being interviewed think before answering

C.

Prepare the next question while the interviewee is responding to demonstrate preparedness

D.

Appear confident but not arrogant during the interview to show professionalism

Question # 18

Nine months ago, an employee who was responsible for collections in the accounts receivables department joined the internal audit team. There is an accounts receivables assurance audit scheduled as part of this year ' s approved audit plan, which will include a review of the collections unit. With the knowledge and experience of this individual in the area, which of the following is the best approach for the chief audit executive (CAE) to take?

A.

Have the auditor formerly with the collections unit assist with planning and documenting the audit field work.

B.

Have the auditor formerly with the collections unit not participate on the audit team.

C.

Have the auditor formerly with the collections unit conduct the fieldwork and ensure it is reviewed by the CAE.

D.

Have the auditor formerly with the collections unit review all fieldwork done to ensure that there was adequate coverage.

Question # 19

An organization ' s board has approved an expansion plan into a new market. The board acknowledged that if the expansion is not successful, the organization would encounter large monetary losses consisting of legal fees, research and development costs, rent expenses, and labor fees. Which of the following has the board approved?

A.

The risk response.

B.

The risk tolerance.

C.

The residual risk.

D.

The inherent risk.

Question # 20

According to IIA guidance, which of the following statements is true regarding reporting the results of the quality assurance and improvement program?

A.

Results of internal assessments need to be reported to the board at least once every five years.

B.

The external assessor must present the findings from the external assessment to senior management and the board upon completion.

C.

Deficiencies within the internal audit activity must be reported to the board as soon as they are noted.

D.

Results of ongoing monitoring of the internal audit activity ' s performance must be reported to senior management and the board at least annually

Question # 21

The board of a newly established organization was discussing the contents of the draft internal audit charter One board member suggested adding to the charter an obligation for the internal audit activity to develop controls in business procedures. The board member explained that the new organization needs professional-level developers, internal auditors have the necessary skills and competencies, and the internal audit activity is well positioned to assume this responsibility. Which of the following would be a potential concern if the board member’s suggestion is adopted?

A.

Due professional care.

B.

Internal audit objectivity.

C.

Risk management assurance.

D.

Professional development.

Question # 22

The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigate. Which of the following would most likely be the next step?

A.

Ask internal auditors to gather all relevant information evidence

B.

Identify and interview witnesses first potential suspects later.

C.

Conduct a fraud risk assessment to the most vulnerable areas.

D.

Determine me competencies needed and assess whatever team members have a conflict of interest.

Question # 23

An internal auditor creates a professional development plan to obtain more experience in the organization ' s environmental, social, and corporate governance initiatives. Which of the following would the auditor include in the plan to support these objectives?

A.

A plan to study for and obtain a certification in nonprofit management.

B.

A deadline within the individual development plan to meet the overall engagement objectives.

C.

A plan to perform a variety of engagements to develop general skills that could be used to assess environmental, social, and governance initiatives.

D.

A request to attend the organization ' s committee meeting that is focused on strategic community awareness.

Question # 24

Which of the following parties would be responsible for ongoing monitoring of the organization ' s corporate social responsibility activities to reduce its carbon footprint?

A.

Chief audit executive

B.

Facility operation manager

C.

Public relations manager

D.

Regulatory agency

Question # 25

During the audit of taxation processes in the organization internal auditors have verified that all employees of the finance department received training on taxation guidelines. The training is mandatory and is automatically assigned via email invitation to all new employees in the department. Which type of controls have the auditors tested?

A.

Directive

B.

Preventive

C.

Detective

D.

Automatic

Question # 26

The same internal auditor has audited the regional purchasing department annually for the last three years. The audits have shown several significant control deficiencies that have not been corrected by management. New management is in charge of this regional purchasing department, and it is time to audit the department again. What concerns should be considered prior to assigning the audit to the same auditor?

A.

Intimidation threats may compromise the auditor ' s objectivity due to multiple negative audit reports completed by the auditor.

B.

The auditor has reviewed the department annually for the last three years, leading to familiarity, which can impact the internal audit activity ' s independence.

C.

A negative cognitive bias may be in place that affects the employee ' s objectivity due to the recent audits with uncorrected control deficiencies.

D.

The auditor may have formed a cultural bias, as the department under review is in the auditor ' s geographic area.

Question # 27

Which of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system.

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed in the last year.

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistleblower hotline.

Question # 28

Which of the following statements is true regarding internal controls?

A.

Strategic objectives are prerequisites to establishing internal controls.

B.

Internal controls eliminate process breakdowns caused by human errors.

C.

Well-established internal controls cannot be overridden.

D.

Robust internal controls ensure business success.

Question # 29

In which of the following ways could stakeholders be engaged in corporate social responsibility efforts?

A.

Investigation of health and safety incidents.

B.

Auditing of controls and management systems.

C.

Communication of disclosures and external reporting,

D.

Involvement in focus groups and complaint management

Question # 30

At what point in time can an organization conclude that the established organizational governance framework was correctly implemented?

A.

When the internal auditor conducts observations and fieldwork.

B.

When management completes the risk assessment.

C.

When the internal auditor evaluation shows its soundness.

D.

When the organization ' s goals and objectives are met.

Question # 31

Which of the following would be considered an indicator that an organization ' s ethics program is not yet well developed?

A.

Disciplinary actions for ethics compliance violations are reviewed by the internal audit activity for consistency.

B.

Communication of ethics compliance expectations is the responsibility of employees ' direct managers.

C.

The organization ' s code of ethics and related compliance policy are reviewed annually for potential updates.

D.

The board of directors reviews ethics oversight metrics for violations and compliance.

Question # 32

Which of the following statements is true regarding how the scope of a consulting engagement should be established?

A.

The engagement client should be able to determine the scope to be applied to the engagement

B.

The internal auditor should establish a scope that does not impair her objectivity

C.

Any attempts by the engagement client to limit the scope should be considered a scope limitation

D.

The scope should include reviewing the effectiveness of the internal control environment

Question # 33

Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large

organization?

A.

The internal assessment results should be discussed once every five years,

B.

The rating conclusions and the impact from results of the external assessment should be explained,

C.

The results of the external assessment should be discussed every seven years,

D.

The qualifications and independence of the internal assessment team should be discussed

Question # 34

Which of the following specifications in an internal audit charter is the most important factor in the internal audit activity’s independence?

A.

Description of internal audit activity ' s responsibilities

B.

Definition of internal auditing

C.

Statement of internal audit activity ' s authority

D.

Description of internal audit activity ' s reporting structure

Question # 35

Which of the following situations would cause the greatest concern regarding impairment of internal audit objectivity?

A.

The eternal auditor reviewed the audit clients proposed procedures and standards of control and offered suggested improvements at the client’s request.

B.

The internal auditor performed nonaudit work for the audit client which was communicated to senior management and the board before the engagement was performed and restated in the audit report

C.

internal auditors accepted limited access to the audit client ' s systems and records m accordance with the scope of the engagement

D.

The internal auditor used his in-depth knowledge of systems development to assist the audit client m designing a new operational system with robust controls.

Question # 36

Which of the following actions is a chief audit executive most likely to take in order to identify gaps in the internal audit activity’s knowledge, skills, and competencies?

A.

Complete a skills assessment of the internal audit activity based on. The IIA Global Internal Audit Competency Framework.

B.

Develop a competency assessment tool for the internal audit activity based on The IIA Global Internal Audit Competency Framework.

C.

Incorporate the basic criteria for competency of the internal audit activity into the job descriptions of potential internal auditors,

D.

Develop an internal audit activity plan for training internal auditors to perform required assurance and consulting activities.

Question # 37

Which of the following would best describe a control implemented to detect cash register disbursement fraud in a large retail store?

A.

Separate the duties of processing and authorizing refunds on merchandise

B.

Post signs in the register area prompting customers to ask for and examine their sales receipts

C.

Periodically count the cash in the register and compare it to the expected amount

D.

Use cash registers with internal tapes that are tamper proof and that require a manager to process voids or refunds

Question # 38

Which of the following most accurately describes corporate social responsibility at an organization?

A.

An organizational locus on improving the overall environment, even it is to the detriment of the local community.

B.

A philosophy driven by employees that flows up to senior management and the board of directors.

C.

An overall commitment of the organization to improve the quality of life for not only the employees but the community at large.

D.

A policy of ensuring that the organization is socially responsible, even if it leads to unprofitability due to increased costs.

Question # 39

Which of the following describes the most appropriate match between a potential temporary guest auditor candidate and an upcoming audit assignment?

A.

A purchasing manager with two years of prior audit experience in public practice to lead a contracts management audit

B.

A communications officer who worked in the marketing department during the last six months to conduct a customer loyalty program audit

C.

A manager of social responsibility who has a nursing background to participate m a health and safety audit for the corporate office and plant facilities

D.

An accounting manager who discovered and reported fraud committed by a payables clerk to conduct a performance audit of accounts payable

Question # 40

The chief audit executive (CAE) annually develops a budget and resource plan and submits it to the board for approval. This action best fulfills which of the following responsibilities of the CAE?

A.

The responsibility to maintain organizational independence.

B.

The responsibility to perform engagements with due professional care.

C.

The responsibility to communicate corrective action plans to the board.

D.

The responsibility to define the purpose of the internal audit activity.

Question # 41

Which of the following would show appropriate disclosure of nonconformance with the Standards?

A.

The chief audit executive (CAE) documented in the personnel file a critical conflict of interest involving an internal auditor on an upcoming contracting engagement.

B.

The CAE discussed with the board an issue regarding the internal audit activity performing an IT engagement without proper skills and knowledge.

C.

The CAE met with the peer review team to discuss an internal auditor ' s failure to meet the annual requirements for continuing professional education.

D.

The CAE revealed to operational managers that he failed to appropriately consider risks while he was developing the audit plan.

Question # 42

Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?

A.

Appoint the chief audit executive as a member of the board.

B.

Adopt written policies and procedures for the internal audit activity, approved by the board.

C.

Ensure the chief audit executive reports administratively to the audit committee.

D.

Establish the internal audit activity’s position within the organization in an audit charter.

Question # 43

According to IIA guidance, which of the following best demonstrates due professional care?

A.

Staffing audit engagements with internal auditors who possess professional designations.

B.

Relying on prior audit work to save planning time and costs.

C.

Performing assurance procedures to guarantee all significant risks are identified.

D.

Assessing the cost of assurance in relation to the potential benefits.

Question # 44

Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?

A.

Determine the organization’s overall risk appetite.

B.

Establish a governance committee.

C.

Delegate authority to members of senior management.

D.

Identify key stakeholders and their expectations

Question # 45

The largest risks facing an organization should be mitigated by which type of controls?

A.

Entity-level

B.

Activity-level

C.

Transaction-level

D.

Process-level

Question # 46

According to IIA guidance which of the following correctly describes the standard risk treatments outlined in the process element approach of the framework for risk management?

A.

Risk avoidance risk sharing application of controls, risk application.

B.

Risk avoidance risk identification application of controls risk acceptance.

C.

Risk identification risk assessment risk avoidance risk monitoring

D.

Risk identification risk assessment application of controls risk acceptance

Question # 47

According to IIA guidance, which of the following conditions would enhance the independence of the internal audit activity?

A.

The organizational culture rewards critical and objective thinking.

B.

The quality of work performed by the internal audit activity is periodically reviewed.

C.

The organization establishes effective governing body oversight.

D.

Audit assignments are rotated among internal audit staff.

Question # 48

Which of the following most accurately describes the role of the board when it comes to organizational governance?

A.

Responsibility for outcome of the process.

B.

Responsibility to be involved in management of the organization.

C.

Responsibility to determine who is accountable for outcomes.

D.

Responsibility to identify risks in the organization’s business environment

Question # 49

Which of the following fraud prevention measures is most likely to trigger undesired adverse behavior if improperly designed?

A.

Disclosure of outside business activities

B.

Ethics training programs

C.

Compensation programs

D.

Exit interviews

Question # 50

Which of the following would decrease or be reduced if an organization establishes and implements excessive internal controls?

A.

Production cycle time.

B.

Activities that add no value.

C.

Staff productivity.

D.

Complexity of operations.

Question # 51

An internal auditor performed a risk assessment and concluded that the controls over access privileges to a bank account were appropriate. Later, the auditor learned that a contractor was using a shared password provided by an authorized user of the account. Which of the following statements best describes the auditor ' s application of due professional care?

A.

Due professional care was exercised, despite the auditor’s failure to identify the significant risk.

B.

Due professional care was not exercised because the auditor failed to identify all the significant risks during the risk assessment.

C.

Due professional care was not exercised because the residual risk from the possibility of authorized users sharing their passwords was not considered.

D.

Due professional care was not exercised because the auditor failed to conduct interviews to obtain testimonial evidence of possible password sharing

Question # 52

What is the primary purpose of The IIA ' s Code of Ethics?

A.

Communicate specific activities appropriate to the performance of internal auditing.

B.

Promote ethical culture within corporations and other business organizations.

C.

Establish mandatory standards of competence for the practice of internal auditing.

D.

Establish principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing.

Question # 53

According to IIA guidance, which of the following is the most accurate statement regarding the internal audit charter?

A.

The IIA ' s Code of Ethics must exist outside of the charter to maintain independence.

B.

The charter must be approved by both senior management and the board.

C.

The nature of consulting services does not need to be defined in the internal audit charter.

D.

The charter provides a framework for performing a broad range of value-added audit services.

Question # 54

Which of the following should be part of the internal audit activity ' s duties?

A.

Actively reporting to the governing body.

B.

Providing risk management frameworks.

C.

Assisting management in developing processes and controls to manage risks and issues.

D.

Identifying and mitigating significant risks to the organization.

Question # 55

Which of the following best describes a consulting engagement rather than an assurance engagement?

A.

Bank internal auditors review an activity checklist to determine that the loan officer followed proper procedures.

B.

The chief financial officer asks for the internal auditor ' s opinion regarding whether the new accounting pronouncements were properly and comprehensively adopted.

C.

An internal auditor is assigned to assess whether a proposed new initiative to convert a customer service system would be cost-effective.

D.

Senior management asks the internal audit activity to review compliance with customer data security regulations.

Question # 56

A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?

A.

The annual audit plan.

B.

The audit report.

C.

The annual risk assessment.

D.

The audit charter.

Question # 57

Senior management has requested that the internal audit activity review and amend policies where necessary when auditing the purchasing department. To which of the following would the chief audit executive most likely give primary consideration when responding to this request?

A.

Auditor competency.

B.

Internal audit independence.

C.

Auditor objectivity.

D.

Engagement scope.

Question # 58

Which of the following should catch the internal auditor ' s attention as a potential red flag for fraud?

A.

The accounting unit keeps detailed records and preserves supporting documentation in excess of company requirements

B.

One of the subsidiaries has more bank accounts than any other comparable subsidiary

C.

The same external audit firm has been with the company for three years without rotation

D.

The arithmetic median tenure of employees working at production facilities is 15 years

Question # 59

Recently an organization’s internal audit activity discovered ghost employees who receive payments Senior management decides to strengthen the internal control measures to address this Which of the following is considered an effective control to mitigate payments to ghost employees?

A.

Staff transfers are reviewed by the recruiting manager and approved by the head of human resources

B.

New staff requisition forms are authorized by operational management and acknowledged by the head of human resources

C.

Staff salary payments and accounting records are approved by the head of accounting and acknowledged by the head of human resources

D.

The staff salary payment list is reviewed by the head of payroll and endorsed by the head of human resources

Question # 60

Due to extreme liquid fuel price fluctuations, management decided to designate a specific price below which liquid fuel shall not be sold to customers, but instead shall be pumped into storage tanks. Which of the following risk responses has management selected?

A.

Risk reduction.

B.

Risk transfer.

C.

Risk acceptance.

D.

Risk avoidance.

Question # 61

If an internal auditor suspects fraud during an engagement which of the following is expected of the auditor?

A.

Evaluate the suspected activities to determine whether a forma! investigation is warranted,

B.

Immediately inform senior management and the board of the suspected fraud.

C.

Ascertain the level of resources needed to formally investigate the fraud, and proceed with the investigation if resources permit,

D.

Include in the engagement documentation all possible effects and the potential impact of the fraud to the organization

Question # 62

In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?

A.

The effectiveness of process-level and transaction-level controls.

B.

Conflicts of interest within the organizational structure of the senior management.

C.

The alignment of management decisions with the level of risk the organization is willing to accept.

D.

The actions of upper management in response to the internal audit activity ' s reporting

Question # 63

Which of the following should play a leading role in overseeing ihe ethical atmosphere of an organization?

A.

Internal audit activity.

B.

Operating management.

C.

Senior management.

D.

Board of directors.

Question # 64

Which of the following tools would be most useful to an internal auditor performing an assessment of the effectiveness of the organization ' s risk responses?

A.

Heat map.

B.

Risk and control matrix.

C.

Risk register.

D.

Process map.

Question # 65

Which of the following practices is generally most effective to protect internal audit objectivity?

A.

Ensuring regular documentation of auditor skills and experience in the workpapers.

B.

Basing performance evaluations heavily on customer satisfaction surveys.

C.

Prohibiting auditors from accepting gifts from audit clients or potential clients.

D.

Ensuring that auditors have a balance of both operational and internal audit responsibilities.

Question # 66

During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as he are earning a significantly higher salary. The auditor noted the names and amounts of each, and he planned to prepare a request to the chief audit executive for a salary increase based on this information. Which of the following IIA Code of Ethics principles was violated in this scenario?

A.

Competency.

B.

Objectivity,

C.

Integrity.

D.

Confidentiality

Question # 67

An experienced internal auditor is planning an assurance engagement of the organization ' s sales activities. During process walkthroughs and interviews, many sales representatives expressed concerns about management ' s escalating demands to meet the organization ' s sales goals. According to the MA guidance, which of the following is the best application of due professional care in planning the engagement?

A.

Disregard the complaints because the information isn ' t reliable and isn ' t sufficient to support engagement conclusions and results.

B.

Consider the significance of the risks related to the complaints and develop appropriate assurance procedures in work programs.

C.

Disregard the complaints because using them would violate the confidentiality principle.

D.

Discuss management ' s needs and expectations related to including the complaints in the audit scope.

Question # 68

An audit engagement required that an internal auditor, using available tools, test a transaction population for a period The auditor decided to test a sample of transactions rather than the full population.

Results of the audit were reported as satisfactory to management. Subsequent to the audit report, fraud was discovered in the area audited and was found to include transactions that were in the relevant transaction population not tested by the auditor. The auditor later disclosed that he decided to test a sample because it was representative of the population and facilitated quicker testing. Which of the following skills below, if improved, would most likely have prevented this situation?

A.

Objectivity

B.

Critical thinking.

C.

Empathy.

D.

Communication

Question # 69

Which of the following scenarios would most likely impair the independence of an internal audit activity?

A.

A relative of an internal audit team member works m a department being reviewed

B.

The internal audit budget is reduced by management requiring the removal of all lT-related engagements from the audit plan

C.

An audit manager removes a finding from the draft report due to disagreements with the chief financial officer

D.

The operating effectiveness of a control is reported as ' satisfactory. " because no concerns were identified during planning

Question # 70

According to HA guidance, which of the following is true regarding independence and objectivity for small internal audit activities?

A.

The chief audit executive (CAE) may consider including a disclaimer on independence in audit reports.

B.

The CAE may consider greater involvement of those with suitable knowledge of audit practice.

C.

Conformance with this Standard is not dependent upon the size of the internal audit activity.

D.

Due to the small size of the internal audit activity, having an external assessment once every seven years is acceptable.

Question # 71

Which of the following is an example of an impairment to an internal auditor ' s independence?

A.

An internal auditor delays reporting material financial statement audit findings until after his parents sell all of their stock in the company

B.

Following the restructuring of the organization, the internal audit activity now reports functionally to the chief financial officer

C.

A new member of the internal audit activity, who was the accounts payable supervisor for two years, is asked to consult on the implementation of a new accounts payable system

D.

Believing there must be errors in a given balance sheet account the internal auditor decides to expand his testing

Question # 72

According to IIA guidance, which of the following is true of the internal audit activity’s quality assurance and improvement program?

1 Monitoring the internal audit activity’s performance must be ongoing

2 All aspects of the internal audit activity should be evaluated

3 The requirement for external assessments can be satisfied through self-assessments that are validated by an independent external party

4 The review of assurance services should be the primary focus

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2 and 3

D.

1 3 and 4

Question # 73

An internal auditor is providing consulting services on an area he was responsible for three years ago. Part of the consulting scope covers a review of a performance measuring system that the auditor helped to develop. What is the best course of action for the auditor to take concerning the consulting service?

A.

Accept the consulting services only after receiving approval to do so from the board.

B.

Accept the consulting services. The objectivity won ' t be impaired if it has been more than a year since he last worked in the area under review.

C.

Refrain from providing the consulting service because he was responsible for that area and his objectivity will be impaired,

D.

Disclose the potential impairment to the customer before accepting the consulting engagement

Question # 74

Which of the following approaches will internal audit utilize when developing a set of performance standards to measure an organization’s risk management process against?

A.

Key principles approach

B.

Process elements approach

C.

Holistic approach

D.

Maturity model approach

Question # 75

Which of the following statements is true regarding intangible assets?

A.

The amortization period of an intangible asset cannot exceed 20 years.

B.

The cost intangible assets with indefinite lives should be amortized.

C.

Intangible assets are categorized as having either a limited life or an indefinite life.

D.

Companies should record intangible assets at fair market value

Question # 76

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls?

A.

Mitigating risks affecting achievement of organizational objectives.

B.

Enabling opportunities affecting achievement of organizational objectives.

C.

Analyzing and advising regarding costs versus benefits of control activities,

D.

Attesting to fairness of financial statements.

Question # 77

In which of the following situations would the organizational independence of an internal audit activity be impaired?

A.

The chief audit executive reports administratively to the CEO.

B.

Scope limitations are imposed on internal audits.

C.

The internal audit activity provides assurance services for an activity for which the engagement supervisor had responsibility within the previous year.

D.

The compensation committee of the board approves the remuneration of the chief audit executive.

Question # 78

What is the main difference between a consulting engagement versus an assurance engagement?

A.

The nature of services provided are defined in the internal audit charter.

B.

Internal auditors must maintain objectivity while performing their work.

C.

The objectives and scope of the engagement typically are directed by management.

D.

Internal auditors may assume management responsibilities.

Question # 79

Which of the following statements is true regarding occupational fraud?

A.

An employee who diverts the organization ' s purchases for personal use is demonstrating asset misappropriation

B.

An employee who intentionally omits negative information in the financial statement disclosures is demonstrating an example of corruption

C.

An employee who made an error in estimating losses may have committed fraud even if the error was not intentional

D.

An employee who creates a denial of service in the organization’s computer systems is committing asset misappropriation

Question # 80

Which of the following is part of a fraud detection program?

A.

Whistleblower hotline.

B.

Authority limits.

C.

Background investigations

D.

Evaluation of compensation programs.

Question # 81

Which of the following would be a preventive control for helping to manage fraud in an organization?

A.

Reviews of reports to determine which issued payments lack evidence of supervisory review.

B.

A monthly review of new vendors performed by management for reasonableness.

C.

Bank reconciliations performed on a monthly basis by the accounting department.

D.

A code of conduct and whistleblower policy that must be signed by all employees annually.

Question # 82

According to IIA guidance, a new internal auditor is expected to possess which of the following competencies?

A.

Technical industry-specific expertise.

B.

Expertise in cybersecurity, an area of increasing risk.

C.

Knowledge of IT risks and controls.

D.

Knowledge of forensic accounting.

Question # 83

An organization ' s fraud policies and procedures dictate that the internal audit activity does not have primary responsibility for conducting fraud investigations and should, in fact, refrain from involvement in investigations. Which of the following activities would be considered acceptable for internal auditors to perform of this organization?

A.

Evaluate the effectiveness of fraud investigations

B.

Oversee and monitor senior management s approach to manage fraud risks

C.

Set the tone for fraud risk management within an organization

D.

Evaluate whether the financial statements are free of material misstatement due to fraud

Question # 84

Which of the following activities aligns with The IIA ' s Core Principles for the Professional Practice of Internal Auditing?

A.

The chief audit executive reports to senior management for compensation decisions and communications of audit results to the board

B.

Final reports from consulting engagements show the summary of findings, and the internal auditor’s advice is clearly distinct and separate from management ' s decisions

C.

Internal auditors rotate through operations and management positions then perform audit engagements on these areas to ensure timely application of their knowledge

D.

Due to limited resources, internal auditors prioritize assurance on internal controls and risk management and exclude evaluating governance processes, which are deemed outside of their core responsibilities

Question # 85

Which of the following is an area that an organization would most likely include as part of its corporate social responsibility reporting?

A.

The profitability impact of its products in developing markets.

B.

The amount of political donations to local government races.

C.

The number of complaints related to traffic from its new factory.

D.

The compensation packages awarded to senior management.

Question # 86

An internal auditor is performing testing to gather evidence regarding an organization’s inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is. The auditor ' s concern best describes which of the following risks?

A.

incorrect rejection risk

B.

Incorrect acceptance risk.

C.

Tolerable misstatement risk.

D.

Anticipated misstatement risk

Question # 87

Once an organization ' s risks are identified, what would be the next step to ensure resources are properly allocated to manage those risks?

A.

Risk responses must be selected.

B.

Risks must be assessed.

C.

The risk universe must be established.

D.

Risk responses must be aligned.

Question # 88

What is the primary purpose of The IIA ' s Code of Ethics?

A.

Communicate specific activities appropriate to the performance of internal auditing

B.

Promote ethical culture within corporations and other business organizations

C.

Establish mandatory standards of competence for the practice of internal auditing

D.

Establish principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing

Question # 89

Which of the following situations undermines the independence of the internal audit activity?

A.

The internal audit activity is responsible for the company ' s risk management function, and its head manager reports to the chief audit executive.

B.

A senior member of the internal audit activity once worked in the corporate finance department.

C.

The organization’s CEO reviews the internal audit activity’s annual budget per the organization’s policies and procedures.

D.

The internal audit activity often uses management ' s risk profile to build its own risk profile for annual planning.

Question # 90

Which of the following best demonstrates that an internal auditor is applying due professional care when planning an assurance engagement?

A.

Assessing the risk of noncompliance with laws and regulations

B.

Following the policies as prescribed by the internal audit manual.

C.

Advising management of the area under review on how to mitigate internal control risks.

D.

Conducting the engagement on the presupposition that fraud exists.

Question # 91

Which of the following would be included in quality assurance and improvement program (QAIP) reporting?

A.

Descriptions of standardized work practices.

B.

Outcomes of internal audit key performance indicators.

C.

Conformance of individual engagements with the Standards,

D.

Annual summaries of consulting and audit engagements.

Question # 92

Considering the concepts of organization wide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?

A.

Transaction-level control.

B.

Management-oversight control.

C.

Governance control.

D.

Process-level control.

Question # 93

Which of the following actions should an organization take to detect an emerging risk of potential fraud?

A.

Adopt reward and recognition programs that promote good behaviors

B.

Undertake background checks for new employees as part of the hiring process

C.

Establish an anonymous platform for reporting suspected unethical behaviors

D.

Institute periodic educational training on expected ethical behaviors

Question # 94

Which of the following accurately describes the concept of inherent risk?

A.

Risk factors that exist when controls are in place and operating effectively

B.

Internal risk factors assuming no controls are in place

C.

Risk factors that cannot be mitigated because they are innate to a process

D.

Combination of internal and external risk factors in their pure state assuming no controls are in place

Question # 95

Upon completion of an external quality assessment, which of the following would the chief audit executive be required to report to the board?

A.

The total time spent to accomplish the external assessment

B.

The detailed evaluation results of the external assessment

C.

The competency and independence of the external assessment team

D.

The timetable and schedule of the next external assessment

Question # 96

Which of the following describes an ongoing monitoring activity that could be performed as part of an internal assessment for a quality assurance and improvement program (QAIP)?

A.

Planning and supervising engagements

B.

Evaluating the quality of supervision

C.

Identifying opportunities for improvement m internal audit ' s processes and procedures

D.

Determining if the objectives of QAIP are current

Question # 97

Which of the following processes does the board manage to ensure adequate governance?

A.

Establish and measure performance objectives for the internal audit activity.

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization.

D.

Develop strategies to mitigate the risks to achieving the organization’s objectives

Question # 98

According to MA guidance, which of the following is true with regard to the internal audit charter?

1. It specifies the minimum resources needed for assurance engagements.

2. It requires final approval from senior management.

3. It defines the internal audit activity ' s authority and responsibilities.

4. It describes the expectations for communicating the results of a quality assurance and Improvement program.

A.

1 and 4 only.

B.

3 and 4 only.

C.

1.2. and 4.

D.

2. 3. and 4.

Question # 99

Which of the following statements is true regarding management ' s use of judgement to design, implement, and conduct internal control?

A.

The use of judgment enhances management ' s ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.

Introducing judgment generally diminishes management ' s ability to make good decisions about internal control.

C.

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

Question # 100

According to IIA guidance, which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

A.

Internal assessments rely solely on the review of completed audit engagements for demonstrated performance

B.

The chief audit executive is responsible for assessing the suitability and competence of an external assessor.

C.

QAIP results must first be discussed with the board and approval obtained for distribution to senior management

D.

At the board ' s discretion, the frequency of external assessments can exceed the five-year guideline

Question # 101

An internal auditor is assessing the effectiveness of the organization ' s risk management practices She checks to see whether risk management is an intégrai part of decision making and whether risk management is transparent, responsive to change and addresses uncertainty. According to HA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?

A.

Maturity model approach

B.

Process element approach

C.

Key principles approach

D.

Key performance indicators approach.

Question # 102

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

A.

Leadership.

B.

Documentation.

C.

Analysis.

D.

Reporting.

Question # 103

During a procurement process audit the internal audit activity undertakes a fraud risk assessment and considers a range of possible fraud scenarios within the process. Which of the following scenarios constitutes a pressure to commit fraud?

A.

An employee believes his poor compensation package justifies engaging in unethical behavior.

B.

The head of the department is the only signatory to purchase orders issued to third party contractors.

C.

Some employees strongly believe monetary gifts from vendors is a means of saving for life after employment.

D.

One of the employees was found to have an obsession with expensive jewelry

Question # 104

Senior management asks the chief audit executive to review the organization ' s compliance with recently introduced legislation on international transfer pricing. The review requires an internal auditor who thoroughly understands the legislation and pricing methods. The internal audit activity does not have an auditor with those skills. Which of the following is the most appropriate course of action?

A.

Outsource the engagement to an external audit firm that has appropriate skills.

B.

Recruit a lawyer with knowledge of the legislation to the audit team and ask the new auditor to perform the engagement.

C.

Decline to perform the engagement, as the internal audit activity does not have the appropriate skill set.

D.

Carry out the engagement using existing internal audit staff to help them gain the appropriate experience.

Question # 105

Which of the following controls would best mitigate the risk of fraud in the bidding process?

A.

Have a bidding committee open the tender bids.

B.

Restrict the time to submit tender bids.

C.

Keep minutes of pre-bid meetings.

D.

Allow the higher tenders to rebid.

Question # 106

To assure that the technical proficiency of internal auditors is appropriate for the audit engagements to be performed, a chief audit executive should:

A.

Consider the scope of work and level of responsibility when establishing criteria for education and experience in filling internal audit positions.

B.

Ensure that each newly hired auditor is qualified in all of the disciplines needed to accomplish the department’s audit mission.

C.

Oversee a training program that matches the actual training provided with the interests of individual auditors.

D.

Require all of the audit staff to pursue a minimum number of continuing professional education hours each year

Question # 107

Following a quality assurance review of a small internal audit activity, the external reviewer and the chief audit executive (CAE) cannot agree on the importance of several deficiencies noted during the review. Which of the following would be the most appropriate next step for the reviewer to take?

A.

Remove the areas of disagreement from the scope of the engagement and seek informal compromises with the CAE.

B.

Issue the report to senior management, noting the deficiencies for immediate resolution.

C.

Issue the report, noting the deficiencies with comments that address the areas of disagreement.

D.

Request arbitration from the audit committee to resolve discrepancies prior to issuing the final report

Question # 108

The head of human resources notified the internal audit activity that a key account manager was fired because he did not register a large number of contracts with clients As a result the organization was unaware of its duties and would suffer some financial loss Which of the following should be expected from a competent internal auditor who is analyzing this situation?

A.

The ability to apply forensic methods to obtain legally admissible evidence

B.

The ability to conduct admission-seeking interviews with potential suspects

C.

The ability to evaluate whether such attributes as intent and personal gain were present

D.

The ability to retrieve concealed or deleted information from the former employee ' s laptop

Question # 109

Which of the following is an example of a risk reduction strategy?

A.

Outsourcing the payroll function.

B.

Absorbing the cost of losses.

C.

Insuring fixed assets.

D.

Installing cameras around the plant

Question # 110

After the draft engagement report is issued, the manager of the area that was reviewed is informally interviewed by the engagement supervisor regarding the audit experience. Which of the following is most likely the purpose for this interview?

A.

Such an interview is performed when there is a need to dismiss an internal auditor

B.

Feedback from the manager will contribute to the audit team ' s professional development

C.

The manager ' s opinion will be used to form the final audit assessment and report rating.

D.

The manager will provide insights into the audited industry ' s trends

Question # 111

During a monthly internal audit staff meeting, the chief audit executive (CAE) decided to reinforce the importance of internal audit staff being objective in their work. Which of the following examples would be most appropriate for the CAE to include as part of the meeting presentation?

A.

Statistical sampling techniques should always be used to pull unbiased sampling for testing.

B.

Fieldwork completed by internal auditors should be appropriately reviewed.

C.

Internal auditors should avoid using the lunch room simultaneously with audit clients.

D.

During the audit review period, there should be no nonaudit dialogues with the audit client.

Question # 112

Which of the following situations would best indicate to the chief audit executive that one of the audit team members is struggling with application of due professional care?

A.

The engagement supervisor requests that an auditor carry out improvements to workpapers to address numerous problems: evidence is missing, references are incorrect, and conclusions are superfluous

B.

Audit work was completed m accordance with the established goals; however, a material misstatement was later uncovered in the audited area by another assurance provider.

C.

According to the audit report, several control failures occurred due to irresponsible behavior of local management, who was consequently deprived of bonuses and wrote a negative feedback to the auditor

D.

The delivery of audit results was several weeks late because the internal auditor had to spend additional time trying to understand the nature of certain transactions with derivation.

Question # 113

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

A.

Residual.

B.

Net.

C.

Inherent.

D.

Accepted.

Question # 114

A global manufacturing company has three regional offices. The chief audit executive (CAE) is concerned about the cost of an upcoming external quality assessment of the internal audit activity. The last external assessment was performed six years ago. Recently, the internal audit staff at one of the regional offices performed an internal assessment. To ensure conformance with the Standards, what is the most appropriate action for the CAE to take?

A.

Request from the audit committee an additional budget and an extension so that the external assessment could be performed next year.

B.

Review the results of the internal assessment, identify weaknesses, and implement improvements at the remaining offices.

C.

Request the regional office that performed the internal assessment to perform an assessment of the remaining offices.

D.

Request that an external assessor validate the results of the internal assessment and review the remaining offices.

Question # 115

Wi ch of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed the last year

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistieblower hotline.

Question # 116

A newly hired chief audit executive is reviewing available documentation to provide evidence of conformance with the standard for continuing professional development. Which of the following documents is the most reliable source for this purpose?

A.

The organization ' s training policy.

B.

A list of auditors who requested to attend the next audit conference.

C.

Self-assessments against an internally developed audit benchmark

D.

In house training manual

Question # 117

Which should the internal auditor first consider when assessing fraud risks during an engagement?

A.

Compare the organizations fraud strategies with the industry ' s strategies.

B.

Review any related prior fraud investigations.

C.

Investigate any related fraud allegations.

D.

Communicate any suspicious fraud activities to management.

Question # 118

Which of the following is an example of a risk avoidance strategy?

A.

Hedging against exchange rate variations.

B.

Limiting access to an organization’s data center.

C.

Selling a nonstrategic business unit.

D.

Outsourcing a high-risk activity

Question # 119

During an assurance engagement, an internal auditor identified that a developer of the organization ' s enterprise resource planning (ERP) system had intentionally modified the production code to commit a fraudulent transaction. Which control activity should be implemented to prevent such issues in the future?

A.

Segregate duties between code development and migrating changes into production.

B.

Conduct fraud training for the IT team responsible for the ERP system.

C.

Penalize the developer who committed the fraud by terminating employment.

D.

Restrict developers ' access to the ERP system ' s test environment.

Question # 120

Senior management purchased surveillance cameras and installed them over a door that provides entry to an area where according to a recent internal audit report, hazardous materials exist and there is a high risk of explosion Which type of control was implemented in this situation?

A.

A corrective control

B.

A detective control

C.

A preventive control

D.

A directive control

Question # 121

With regard to organizational governance assurance, which of the following is an appropriate role for the internal audit activity ' ?

A.

Assess compliance with the organization ' s code of conduct

B.

Oversee the governance and risk management processes

C.

Initiate new organizational control processes

D.

Provide advice on organizational governance activities

Question # 122

A new chief audit executive realized that the internal audit charter has not been updated in five years and only includes the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, and the Standards. What mandatory component is missing?

A.

Statement of Independence.

B.

Operating Procedures of Internal Auditing.

C.

Definition of Internal Auditing.

D.

Attestation of Quality Assurance.

Question # 123

An organization is testing a new IT system for digital data storage and security. The internal audit activity has been asked to evaluate the system in a consulting engagement. Although several internal auditors on staff are qualified to perform basic assessments of IT systems, none are familiar with the new system. Which of the following is a legitimate response to the prospective client?

1. Decline the engagement.

2. Proceed with the engagement, performing only those parts of the engagement that the internal auditors are qualified to perform.

3. Accept the engagement and develop the additional competencies in-house prior to the engagement ' s starting date.

4. Make arrangements to obtain assistance from a competent IT auditing expert.

A.

1 and 4 only.

B.

2 and 3 only.

C.

1. 2, and 3 only.

D.

1, 3, and 4 only.

Question # 124

An internal auditor in a newly established internal audit activity identifies many control weaknesses and raises a number of high-priority recommendations in her first few audit engagements. The internal auditor is concerned that there seems to be a poor understanding by management of risk and control. Which of the following is the most likely reason for this?

A.

Poor performance by individual operational managers in the areas audited.

B.

Unrealistic expectations by the internal audit activity on the quality of risk management and control.

C.

A lack of an effective organizational framework for risk management and control.

D.

A failure by the internal audit activity to identify and manage the organization ' s risks.

Question # 125

Which of the following is an example of impairment to internal auditor independence or objectivity ' ?

A.

Assurance engagements for functions over which the chief audit executive (CAE) has responsibility are overseen by a party outside the internal audit activity

B.

Internal auditors provide consulting services relating to operations for which they had previous responsibilities

C.

Internal auditors provide consulting services relating to operations for which they have current responsibilities

D.

Consulting engagements for functions over which the CAE has responsibility are overseen by a party outside the internal audit activity

Question # 126

Operational management in the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?

A.

Knowledge/skills gap,

B.

Monitoring gap.

C.

Accountability/reward failure,

D.

Communication failure.

Question # 127

Which of the following statements is true regarding consulting and assurance engagements performed by the internal audit activity ' ?

A.

For both assurance and consulting engagements, the auditor must independently and objectively select the criteria for evaluation

B.

For a consulting engagement, internal auditors and management jointly agree on the adequate criteria needed to evaluate governance, risk management, and controls. This is not true of assurance engagements

C.

Engagement planning and fieldwork are similar for both types of engagements (there are no major differences) although the reporting process is different depending on which service is provided

D.

For a consulting engagement objectives must address governance risk management and control processes to the extent agreed upon with the client. This is not true of assurance engagements

Question # 128

Which of the following is the best way for an internal auditor to demonstrate due professional care?

A.

Conduct an audit to the same extent that another prudent auditor would under similar circumstances

B.

Seek feedback from the engagement supervisor during the engagement

C.

Execute internal audit work in such a manner as to provide absolute assurance of compliance

D.

Request and receive client feedback surveys during the engagement

Question # 129

An audit client who was unsatisfied with the audit report rating called the chief audit executive (CAE) and complained that the internal auditor who performed the audit was biased because his spouse, who worked in the area under review, was on a list of employees to be terminated. Which of the following measures would be most appropriate to prevent this situation from arising?

A.

Initiating an internal investigation to clarify whether a biased judgment took place.

B.

Requiring the internal auditors to disclose any potential conflicts of interest.

C.

Requiring that the audit client disclose any potential conflicts of interest with the auditor.

D.

Requiring human resources manager to submit all future job applicants ' data in order to identify relatives of auditors.

Question # 130

As a result of a high-profile processing error, respective business unit managers are implementing new controls. The internal audit team was asked for their advice regarding the controls. The objective of this consulting engagement would be determined by which of the following?

A.

The organization ' s board of directors.

B.

The chief audit executive.

C.

The business unit manager and the engagement supervisor.

D.

The compliance manager and the business unit manager.

Question # 131

According to IIA guidance, which of the following most appropriately justifies the CEO’s decision that the internal audit activity shall be responsible for risk management and investigation at a multinational organization?

A.

The recommendation of the parent office external auditors.

B.

The provisions of the internal audit charter

C.

The authority of the CEO.

D.

The level of proficiency of the chief audit executive

Question # 132

Which of the following is true about a system of internal control?

A.

Internal control should be updated at least annually.

B.

Technology does not change the internal control landscape.

C.

Strategy should fit the system of internal control.

D.

Articulating measurable objectives is part of internal control.

Question # 133

Which of the following is the best example of an ongoing independent monitoring activity?

A.

Management quality assurance activities

B.

Internal audit fraud prevention and detection activities

C.

Management and supervisory activities

D.

External audit quality assurance activities

Question # 134

Which of the following is an example of corruption?

A.

Recognizing revenue up front rather than over a contract’s life to inflate revenue for the current period

B.

Requesting reimbursement for overstated travel and entertainment expense amount

C.

Misstating realized foreign currency transaction gains or losses

D.

Demanding payment from a vendor for decisions made in the vendor’s favor

Question # 135

Which of the following best describes the type of risk that an adequately designed and effectively operating system of internal controls should mitigate?

A.

Net.

B.

Controllable.

C.

inherent,

D.

Residual.

Question # 136

Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?

A.

Accommodation.

B.

Reaction.

C.

Defense.

D.

Proaction.

Question # 137

Which of the following is a way to demonstrate an individual internal auditor ' s competency through continuing professional development?

A.

Create different training budgets for each of the internal auditors

B.

Define average training hours per auditor as a team performance measure

C.

Analyze internal audit client survey feedback following audits

D.

Review training records for all internal auditors

Question # 138

Which of the following best demonstrates the authority of the internal audit activity?

A.

Suggesting alternatives to decision makers.

B.

Improving the integrity of information.

C.

Determining the scope of internal audit services

D.

Achieving engagement objectives.

Question # 139

According to IIA guidance, which of the following activities is appropriate for an internal auditor to perform with regard to the organization ' s corporate social responsibility (CSR) program?

1. Determine whether the organization has adequate controls to achieve its CSR objectives.

2. Facilitate a management self-assessment of CSR controls and results.

3. Consult on the project design and implementation for the CSR program.

4. Exclude CSR-related external risks that are beyond the control of the organization.

A.

1 and 2 only.

B.

1, 2 and 3 only.

C.

2, 3, and 4 only.

D.

3 and 4 only.

Question # 140

Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?

A.

Describe data analytics and the application of data analytics methods in internal auditing.

B.

Apply data analytics methods in internal auditing.

C.

Evaluate the use of data analytics in an internal audit.

D.

Understand the definition of data analytics only.

Question # 141

A new internal audit activity is considering the adoption of a risk and control framework. Which of the following is the most appropriate consideration during this process?

A.

The framework should not be developed by the internal audit activity

B.

The framework should apply to individual projects rather than the organization as a whole

C.

The framework should always be tailored to the organization

D.

The framework should require fewer resources to implement

Question # 142

When the chief audit executive Is responsible for risk management in an organization, which of the following parties is responsible for overseeing the internal audit activity ' s assurance over risk management?

A.

The chief audit executive.

B.

A member of the compliance function.

C.

A party outside of the internal audit activity.

D.

A member of the risk management function.

Question # 143

Which of the following requests, if accepted by the internal audit activity, would impair its independence?

A.

A request to develop workshops on corporate governance for management.

B.

A request to act as liaison with external auditors.

C.

A request to determine appropriate risk management responses for management.

D.

A request to provide counseling services on ethical matters.

Question # 144

Which of the following is an example of an application control?

A.

Employees in the data center must always wear identification badges

B.

Operating system updates must be installed within 48 hours.

C.

A two stage authentication process must be used to access customer information

D.

System backup and recovery testing must be done monthly

Question # 145

Which of the following describes a primary responsibility for the internal audit activity in helping management maintain effective controls?

A.

Promoting continuous evaluation

B.

Promoting continuous monitoring

C.

Promoting continuous improvement

D.

Promoting continuous reporting

Question # 146

Which of the following would be a red flag for potential issues in the control environment?

A.

Segregation of duties during preparation of the financial statements

B.

Compensation structures that are based on commissions

C.

A low rate of turnover in key financial positions

D.

The presence of a whistleblower policy and fraud hotlinea

Question # 147

Which of the following is an example of the chief audit executive (CAE) demonstrating due professional care?

A.

The CAE relies on CAEs in other organizations to understand how due professional care should be executed in her internal audit activity

B.

The CAE meets with the board of directors on a quarterly basis to provide a status update.

C.

The CAE assesses the audit staff ' s knowledge and skills annually to determine whether additional resources are needed to fulfill the internal audit plan.

D.

The CAE provides absolute assurance to line management during each eternal audit engagement

Question # 148

Which of the following actions best demonstrates an internal auditor exercising due professional care?

A.

Testing an entire population, even when a sample would suffice

B.

Using technology and data analysis techniques for efficiency

C.

Enhancing knowledge, skills, and other competencies through professional development

D.

Establishing audit objectives, performing audit tests, and implementing missing controls

Question # 149

While auditing an organization ' s credit approval process, an internal auditor learns that the organization has made a large loan to another auditor ' s relative. Which course of action should the auditor take?

A.

Proceed with the audit engagement, but do not include the relative ' s information.

B.

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.

Disclose in the engagement final communication that the relative is a customer.

D.

Immediately withdraw from the audit engagement.

Question # 150

An internal audit of warehouse inventory revealed no material deficiencies. However, management later discovered fraud, which occurred during the period that was audited, and determined that a major control deficiency allowed the fraud to occur. Given management ' s discovery, which of the following statements is valid?

A.

The internal auditors violated the standard for due professional care because they did not detect the fraud, even though it occurred during the period that was reviewed.

B.

The internal auditors should have had sufficient knowledge of fraud to identify red flags indicating possible fraud.

C.

The internal auditors could not have detected the fraud due to collusion among employees in the inventory unit.

D.

The internal auditors are not responsible for considering fraud risk, which is a management responsibility.

Question # 151

Which of the following options describes the reason that conformance with The IIA ' s Code of Ethics is mandatory for internal auditors?

A.

Ethical compliance provides the basis for stakeholder confidence in the competence of the internal audit activity and of professional internal auditors.

B.

Ethical compliance is necessary for internal auditors and the internal audit activity to accept responsibility for providing g absolute assurance about the organization ' s risk management.

C.

Ethical compliance provides the basis for stakeholder trust and confidence in the validity of the profession of internal auditing and the internal audit activity ' s findings.

D.

The internal audit activity ' s ethical compliance sets the tone for the ethical compliance by the organization ' s board, management, and employees.

Question # 152

Which of the following is a typical characteristic of an organization ' s risk management framework?

A.

Risk tolerance may or may not align with risk appetite depending on whether the assessment is quantitative or qualitative

B.

Risk is assessed on both an inherent and a residual basis

C.

The framework addresses four organizational objective categories strategic, historical, operational, and investment

D.

External risks and internal opportunities are omitted from the risk assessment scope

Question # 153

Which of the following is true regarding internal audit role ' s in The IIA ' s Three Lines Model?

A.

As internal control is part of risk management, the internal audit role in risk management implies reduced emphasis on internal control.

B.

Internal audit can blur the distinction between the second and the third lines as long as value is added.

C.

Internal audit cannot rely on other assurance providers when opining on the effectiveness of risk management.

D.

Internal audit should be aligned with first- and second-line functions through effective communication, cooperation, and collaboration.

Question # 154

Management assessed the organization’s risk of expanding operations into a new, but volatile, region and began looking for a compatible local partner to manage sales and distribution. Which of the following best describes this risk management technique?

A.

Avoidance.

B.

Acceptance.

C.

Reduction.

D.

Sharing

Question # 155

Which of the following statements about internal audit consulting engagements is true?

A.

The primary purpose of a consulting engagement is to assess evidence and provide conclusions.

B.

The internal audit activity determines the nature and scope of work for the specific consulting engagement

C.

Internal auditors may provide consulting services relating to operations for which they had previous responsibilities.

D.

It is not appropriate to communicate control issues identified during consulting engagements to the board

Question # 156

An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment. According to the Standards, which of the following would the auditor include in the risk register?

A.

Management’s acceptance of inadequate controls for cybersecurity risk.

B.

Discussions with senior management relating to a new revenue stream.

C.

Mitigating controls implemented by the engagement supervisor

D.

Project manager planned hours versus time spent for all prior year projects

Question # 157

Which of the following would be the best choice for a continuing professional development requirement for a newly created internal audit activity?

A.

Require all internal auditors to create a training plan based on a competency self-assessment.

B.

Require internal auditors to complete all of their training through webinars, to increase efficiency and avoid traveling

C.

Require all internal auditors to become a member of The Institute of Internal Auditors.

D.

Require internal auditors to create a training plan based on their areas of interest

Question # 158

Which risk management activity would cause the internal auditor to assume a management responsibility?

A.

Assessing management ' s acceptance of risk.

B.

Reviewing a cybersecurity risk report issued by management.

C.

Developing a list of emerging risks for management.

D.

Prioritizing risks for management.

Question # 159

Which of the following best demonstrates internal auditors performing their work with proficiency?

A.

Internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA’s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Question # 160

Which of the following qualifies as an acceptable consulting service provided by the internal audit activity?

A.

Develop training and system rollout plans in response to the results of the change readiness assessment of a new sales distribution model

B.

Lead a risk self assessment session for laboratory managers to help identify inherent risks and provide recommendations on how to evaluate the risks

C.

Audit a third party cloud service provider to review the effectiveness of governance and management controls in providing secure services to its customers

D.

Conduct a post-implementation assessment of the enterprise resource planning system to determine whether project objectives were met and to identify opportunities to maximize potential benefits

Question # 161

Which documents would help a forensic auditor identify instances of collusion between an employee and vendor to defraud the organization?

A.

Email correspondence.

B.

Payment request forms.

C.

Vendor invoices.

D.

Bank statements.

Question # 162

Which of the following situations undermines the independence of the internal audit activity?

A.

The internal audit activity is responsible for the company ' s risk management function and its head manager reports to the chief audit executive

B.

A senior member of the internal audit activity once worked in the corporate finance department

C.

The organization ' s CEO reviews the internal audit activity ' s annual budget per the organization’s policies and procedures

D.

The internal audit activity often uses management ' s risk profile to build its own risk profile for annual planning

Question # 163

Which of the following is an indicator that an organization ' s risk management processes are effective?

A.

Departmental objectives are managed by department heads and are independent of the organization ' s mission.

B.

Organization wide mechanisms exist to enable the identification and assessment of all significant risks.

C.

Department heads have the autonomy to determine risk responses that fall outside of the organizations risk appetite

D.

Relevant risk information is captured and communicated primarily between management and the board

Question # 164

According to IIA guidance, which of the following statements regarding the internal audit charter is true?

A.

The nature of consulting services typically is not included in the charter.

B.

The chief audit executive must formally review the charter at least once a year

C.

The nature of assurances provided to parties outside of the organization typically is not included in the charter.

D.

The charter typically defines the internal audit activity ' s position within the organization.

Question # 165

Which of the following is most likely to result in the impairment of independence for the internal audit activity?

A.

The chief audit executive (CAE) has a dual reporting relationship within the organization.

B.

The CAE performs an audit of a functional area that is also under the CAE ' s oversight.

C.

The CAE has unrestricted access to information throughout the organization and to the board.

D.

The board is involved in decisions to hire or remove the CAE and in drafting and approving an internal audit charter.

Question # 166

Which of the following statements best represents the duo professional care that is required of internal auditor’s?

A.

Internal auditors should perform assurance procedures to ensure that all significant risks are identified.

B.

Internal auditor should not perform consulting engagements for operations for which they had previous responsibilities.

C.

Internal auditors should consider the cost of assurance in relation to the potential benefits.

D.

Internal auditors should device internal audit programs to confirm that the results are accurate.

Question # 167

Which of the following strategies for professional development best demonstrates an internal auditor’s competency ' ?

A.

Completed education credits

B.

Membership in professional organizations

C.

Subscriptions to sources of relevant professional information

D.

Professional development and training plans

Question # 168

The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?

A.

Request the internal audit activity to perform an ethics-related assurance engagement.

B.

Offer in-house ethics-related training seminars for employees to attend.

C.

Reaffirm the importance of the organization ' s code of ethics to all employees.

D.

Conduct an organizationwide employee survey on ethical practices

Question # 169

Which of the following strategies would be the most effective to share an organization ' s risk of losses through foreign currency transactions related to the accounts payable process?

A.

Using a hedging strategy.

B.

Implementing controls to follow up on deviations.

C.

Purchasing liability insurance.

D.

Purchasing foreign currency reserves.

Question # 170

Which of the following frauds is most likely to occur in the accounts payable function?

A.

Factitious vendors are entered into the system, possibly resulting in improper disbursements.

B.

Bad debt expense is intentionally omitted from the financial statements.

C.

Certain costs are capitalized, rather than expensed.

D.

A related party receives benefits not appropriate in an arm ' s-length transaction.

Question # 171

An investment advisory firm purchased professional liability insurance to offer protection from lawsuits brought by customers claiming they received poor or erroneous advice. Which of the following best describes this risk management technique?

A.

Mitigation.

B.

Acceptance

C.

Transfer.

D.

Avoidance

Question # 172

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation.

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

A.

1,2, and 3,

B.

1 2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4.

Question # 173

According to IIA guidance which of the following statements regarding ethics is true?

A.

Business ethics may vary within an organization with both domestic and foreign operations

B.

Business ethics are universal n nature and organizations across the world are expected to comply with smear standards

C.

A business ethics policy for an organization s established solely to direct me behavior and expectations of employees

D.

Business ethics of an organization must remain independent torn those of supplier’s customers and business partners

Question # 174

According to IIA guidance, which of the following is an appropriate role for the internal audit activity?

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management ' s behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Question # 175

According to IIA guidance, which of the following is the strongest indicator of deficiencies in the risk management process?

A.

The periodic evaluation of risk ratings is primarily dependent on subjective assessments.

B.

Separate evaluations of the risk management process were conducted, but the results were never integrated.

C.

Management ' s primary objective is minimizing changes to the structure and operation of the risk management process.

D.

Many aspects of the related enterprise risk management program are informal and undocumented.

Question # 176

What is the primary reason for establishing a continuing professional development program within an organization ' s internal audit activity?

A.

To ensure all internal audit responsibilities can be met

B.

To ensure all audit staff members are capable of performing a quality self-assessment.

C.

To ensure that each auditor maintains responsibility for his own professional development.

D.

To attract the best and most talented candidates in the profession

Question # 177

Prior to commencing a financial compliance engagement, the engagement supervisor reads the business plan for the finance department and meets informally with the director to learn more about any key issues. Which of the following competencies is the engagement supervisor demonstrating?

A.

The ability to inspire trust

B.

The ability to communicate effectively

C.

The ability to display courage

D.

The ability to understand the needs of stakeholders

Question # 178

The chief audit executive (CAE) of a new internal audit activity is creating an internal audit charter According to IIA guidance, which of the following terms is most likely to

be included in the charter?

A.

Senior management will be present whenever the CAE interacts with the board, to ensure effective communication among all three parties.

B.

Internal auditors will advise on the design of control policies and procedures in any area where the organization does not possess the requisite expertise,

C.

Internal auditors will demonstrate competence, concern, and the dedication expected of a professional,

D.

Internal auditors will receive performance-based compensation, including bonuses for reporting more than a stipulated number of observations.

Question # 179

An internal auditor at a multinational organization is reviewing the effectiveness of the organization ' s risk management framework. In this scenario, which of the following statements is true?

A.

The auditor should consider local cultures and customs in various regions when assessing control effectiveness.

B.

Regardless of their location, employees at all levels share responsibility for designing effective controls to mitigate risks.

C.

To achieve an effective internal control environment, the organization ' s risk management plan must be documented and communicated to all levels throughout each region.

D.

Setting clear objectives is a precondition to effectively identifying, assessing, and responding to the organization ' s risks.

Question # 180

According to IIA guidance, the nature and scope of assurance and consulting services to be offered must be clearly delineated in which of the following internal audit documents?

A.

The internal audit policies and procedures handbook.

B.

The internal audit charter.

C.

The internal audit mission statement.

D.

Each internal audit engagement letter.

Question # 181

Which of the following is an example of a detective control?

A.

Automatic shut-off valve.

B.

Auto-correct software functionality.

C.

Confirmation with suppliers and vendors.

D.

Safety instructions.

Question # 182

Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud.

C.

Interrogating a suspected fraudster

D.

Completing a process review to improve controls to prevent fraud

Question # 183

Which of the following statements is true regarding corporate social responsibility (CSR)?

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan,

B.

Despite significant corporate resources spent on CSR reporting, investors generally do not rely on CSR information.

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary.

D.

Typically, operating management does not have a major role to play based on the public nature of reporting

Question # 184

An organization ' s board recommends revising the internal audit charter by adding requirements regarding the hiring and compensation of the chief audit executive as well as information on approving the internal audit budget. Which of the following is the board most likely defining in the charter?

A.

Functional and administrative responsibilities of internal audit activity.

B.

Authority and objectivity of internal audit activity.

C.

Independence and objectivity of internal audit activity.

D.

Assurance and improvement of internal audit activity.

Question # 185

Which of the following controls would most likely prevent fraud related to the overpayment of vendors?

A.

Require supervisory review of all invoices and cash disbursements exceeding a stated threshold.

B.

Require the matching of a purchase order, receiving report, and invoice before payment.

C.

Require all checks to be signed by more than one person.

D.

Require all invoices to be paid within 30 days by check only.

Question # 186

Which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

A.

Internal assessments must be performed by the chief audit executive.

B.

An internal assessment must be performed at least once every five years.

C.

It Is permissible to share the results of the QAIP with the organization ' s external auditors.

D.

Results of ongoing monitoring must be validated annually by an independent external assessor.

Question # 187

In a retail organization, sales teams compete with each other to achieve and exceed sales targets. Each quarter, the members of the top sales team receive a bonus. In this environment, management should closely monitor for the emergence of which of the following potential risks?

A.

Risks related to employee turnover.

B.

Risks related to data manipulation.

C.

Risks related to employee competency.

D.

Risks related to not achieving sales targets.

Question # 188

At the beginning of an IT development project, key risks were identified and assessed, and risk owners were appointed. Six months later, the IT development team reported that the project is significantly over budget, it will not be completed on time, and key personnel had left the organization. Which of the following risk management practices should be improved for future projects?

A.

Risk response

B.

Risk assessment

C.

Risk monitoring

D.

Risk avoidance

Question # 189

Which of the following is a consulting service the internal audit activity can perform with respect to the organization ' s risk management?

A.

Delivering assurance on the risk management system

B.

Facilitating risk assessment workshops

C.

Evaluating principal risk reporting

D.

Deciding on the appropriate risk response

Question # 190

A chief audit executive (CAE) is concerned that the internal audit activity is not receiving adequate training and continuing education. Which of the following approaches should the CAE take?

A.

Implement a uniform professional development plan for the internal audit activity.

B.

Create a formal development agreement with each individual staff auditor.

C.

Require each internal auditor to obtain the same professional certifications.

D.

Require training and developmental activities that are sponsored by The HA.

Question # 191

Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?

A.

Fewer internal audits

B.

More effective interviews

C.

Automated risk management strategy tools

D.

Reduced assurance costs

Question # 192

A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?

A.

Low-level audit expertise

B.

Narrow industry experience

C.

MPotential conflict of interest

D.

Weak interpersonal skills

Question # 193

According to NA guidance which of the following should be documented in the internal audit chatter?

A.

The risk assessment process applied by the internal audit activity

B.

The organization ' s internal control framework used by the internal audit activity

C.

The nature of consulting services provided by the internal audit activity

D.

The performance evaluation process used by the internal audit activity

Question # 194

Which of the following statements best describes internal auditors ' role in fraud detection?

A.

Internal auditors ' roles are similar to those performed by loss prevention managers or fraud investigators.

B.

Internal auditors ' demonstration of adequate professional skepticism during an audit engagement is of paramount importance.

C.

Internal auditors should consider fraud risks in every assignment and demonstrate due care by detecting fraud instances.

D.

Internal auditors should possess a fraud-related body of knowledge, enabling them to carry out preventative and detective measures.

Question # 195

Which of the following fundamental principles of The IIA ' s Code of Ethics is best described as performing work honestly diligently and responsibly?

A.

Integrity

B.

Proficiency

C.

Due Professional Care

D.

Competency

Question # 196

Which of the following statements best describes how the internal audit activity obtains reasonable assurance that significant risks in the organization are identified and assessed?

A.

The internal auditors review the organization ' s strategic plan, business plan, and policies, and have discussions with the board and senior management.

B.

The internal auditors evaluate the adequacy and timeliness of management ' s reporting of risk management results.

C.

The internal auditors interview staff at various levels and determine whether the organization ' s objectives, significant risks, and risk appetite are articulated sufficiently.

D.

The internal auditors review recently completed risk assessments and related reports issued by senior management, external auditors, and other sources.

Question # 197

The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

A.

The internal audit charter does not identify which audit services are outsourced

B.

The internal audit charter has not been reviewed by the legal department

C.

The internal audit charter has not been approved by the board within the past year

D.

The internal audit charter does not describe the authority of the internal audit activity

Question # 198

Which statement accurately describes the authority of the internal audit activity as outlined in the audit charter?

A.

The chief audit executive (CAE) shall report directly to the board and administratively to the CEO.

B.

The CAE shall provide senior management and the board with performance updates quarterly.

C.

The internal audit team shall have full access to the organization ' s records, physical property, and personnel required to conduct audit engagements.

D.

The internal audit activity shall maintain a quality assurance and improvement program in conformance with the Standards.

Question # 199

According to IIA guidance, which of the following activities would typically be examined when using the maturity model approach for assessing an organization ' s risk management program?

A.

Monitor and review

B.

Performance measurement.

C.

Setting the context.

D.

Communication.

Question # 200

A technology company recently hired an entry-level internal auditor. To achieve conformance with the Standards, which of the following must the newly hired internal auditor possess?

A.

An understanding of fraud and fraud risk.

B.

IT audit expertise.

C.

Industry-specific knowledge

D.

At least one audit-related certification

Question # 201

An organization ' s operations management is aware of existing internal control deficiencies but they lack the competency to execute internal control measures. Which of the following actions if taken by the internal audit activity is appropriate to assist operating management in achieving continuous improvement on internal controls?

A.

Foster the importance of the control environment

B.

Provide training on controls and on self-monitoring processes

C.

Recommend installing an enterprisewide risk management system.

D.

Conduct more assurance assignments on high risk areas

Question # 202

Which of the following best describes the risk created when a manager bypasses organizational policies and procedures in order to meet an organization’s objective?

A.

Accountability/reward risk.

B.

Monitoring failure risk.

C.

Communication failure risk.

D.

Knowledge/skills risk

Question # 203

Which of the following actions by the internal audit activity requires disclosure to the board of nonconformance with the Standards?

A.

The internal audit activity did not complete an external assessment within the last seven years

B.

The internal audit activity performed an engagement with limited scope due to lack of knowledge

C.

The internal audit activity failed to consider risk when conducting a review of a department

D.

An internal auditor was assigned to an engagement m an area where she previously worked more than 10 years ago

Question # 204

The internal auditor obtained large volumes of transaction history data for accounts on which he suspected that some fraudulent transactions occurred. Which of the following actions best demonstrates due professional care by the internal auditor?

A.

The internal auditor carefully scrutinized the data by manually reviewing each transaction to ensure that all irregularities were identified.

B.

The internal auditor employed the use of data analytics tools to sort, analyze, and detect anomalies in the data

C.

The internal auditor started the data analysis process by selecting a random sample of transactions on which to perform further tests.

D.

The internal auditor requested that the branch supervisor assist in identifying fraudulent transactions, as he was most familiar with the accounts being audited.

Question # 205

With regard to the internal audit activity ' s quality assurance and improvement program, which of the following must be reported to the board?

A.

A statement of independence of the organization ' s internal auditors.

B.

Meeting minutes with the assessment team, if key risks were identified and discussed.

C.

Frequency of the quality assessments being performed.

D.

Summary of previous internal assessments undertaken.

Question # 206

What should the chief audit executive do when the internal audit activity is found to be in nonconformance with the Code of Ethics or the Standards?

A.

Assign competent staff to the area under audit to remediate the nonconformance.

B.

Determine how the deviation impacted the overall scope of the internal audit activity.

C.

Meet with the board to gam an understanding of the board ' s expectations.

D.

Communicate the matter to the board at the time of the next external assessment.

Question # 207

As part of a fraud investigation by regulators, a court order was issued to a bank. The court order requested the chief audit executive (CAE) to provide access to a number of audit reports and workpapers, some of which included customers ' confidential information such as transaction activity and other personal details. What is the appropriate response by the CAE?

A.

Reject the court order, citing a potential breach of customers ' confidentiality agreement

B.

Consult with legal counsel to determine what information to provide.

C.

Respond promptly and provide all that was requested by the court order.

D.

Seek permission from customers prior to sharing their information.

Question # 208

The chief audit executive of a large national retailer is reviewing the purpose and objectives of the organization ' s internal audit activity

Which of the following objectives is best aligned with The IIA ' s Mission of Internal Audit?

A.

To implement a quality assurance and improvement program

B.

To assess the effectiveness of internal controls over organizational assets

C.

To ensure internal auditors possess the competencies needed to perform their responsibilities

D.

To operate within the budget established by the board of directors

Question # 209

After the final audit report was issued, the engagement supervisor received an expensive gift from management recognizing her assistance in improving the business, if the gift is accepted, which of the following would be true?

A.

The engagement supervisor violated The IIA ' s Code of Ethics principle of integrity.

B.

The engagement supervisor violated The IIA ' s Code of Ethics principle of objectivity.

C.

The engagement supervisor violated The IIA’s Code of Ethics principle of confidentiality.

D.

The engagement supervisor did not violate any principles of The IIA’s Code of Ethics.

Question # 210

Which of the following should a general internal auditor be able to characterize as an IT-related risk?

A.

Computer servers are in a room that is accessible to all employees,

B.

An IT architect avoids taking vacations and sharing his workload with coworkers,

C.

Hours billed by IT developers exceed 24 hours daily.

D.

Audit logs are lacking in a system that processes personal data.

Question # 211

Which of the following statements is the most appropriate for a chief audit executive to include in the internal audit policy manual in order to promote objectivity?

A.

Internal auditors may conduct a financial effectiveness engagement in a business unit at any point after being transferred from that area.

B.

Internal auditors may conclude that a business unit ' s current control environment is adequate and effective if the review of the prior year ' s workpapers and audit report supports that conclusion.

C.

Internal auditors may conduct an engagement in a business unit at any point after providing a training workshop in that area.

D.

Internal auditors should limit the scope of an engagement if they become aware of a potential impairment of their objectivity in order to reduce the potential impact of the impairment on the engagement results.

Question # 212

An organization is implementing a new cybersecurity policy and has established a committee to ensure stakeholder alignment across the organization ' s infrastructure, network, and security teams. The head of the committee has asked the chief audit executive if the internal audit activity could play a role in these efforts. According to HA guidance, which of the following is the most appropriate response?

A.

It is not appropriate for the internal audit activity to play a role because its independence must be protected.

B.

The internal audit activity should not participate because there are no IT auditors on staff.

C.

The internal audit activity is knowledgeable about risk and therefore should prioritize the organization ' s responses and control activities for the committee.

D.

The internal audit activity may assist the committee and consult with management on the organization ' s responses and control activities.

Question # 213

Which of the following is a detective control strategy against fraud?

A.

Requiring employees to attend ethics training.

B.

Performing background checks on employees.

C.

Implementing a control self-assessment.

D.

Performing a surprise audit

Question # 214

Which type of engagement requires that the client agrees with the techniques used by the internal audit activity?

A.

A performance audit.

B.

A sensitive fraud investigation.

C.

A compliance audit

D.

A consulting service.

Question # 215

During fieldwork, an internal auditor located a significant internal control issue. Without identifying the origins of the issue, the auditor concluded the engagement and included the issue in the final audit report. To enhance audit quality, which of the following skills should the internal auditor improve?

A.

Business acumen.

B.

Critical thinking.

C.

Communication.

D.

Audit report writing.

Question # 216

Which of the following would be considered a primary control to reduce the risk associated with setting up duplicate vendors?

A.

Receipt of a signed and approved vendor setup form.

B.

Segregation of duties between setting up vendors and making vendor payments.

C.

System validation and edit checks on vendor identification number

D.

A vendor setup policy and procedure.

Question # 217

An organization employs ongoing monitoring and is considering implementing periodic evaluations to assess the continuing effectiveness of its risk management process. Which of the following statements Is true with regard to such periodic evaluations?

A.

Periodic evaluations are considered to be less objective than ongoing monitoring.

B.

Periodic evaluations can be more effective than ongoing monitoring.

C.

Periodic evaluation frequency may depend on the results of ongoing monitoring.

D.

Periodic evaluations frequently identify problems more quickly than ongoing monitoring.

Question # 218

Which of the following is true regarding the stakeholder theory of corporate social responsibility?

A.

An organization has a fiduciary duty to put shareholders ' needs first

B.

Customers ' needs are the primary responsibility of the organization

C.

Competitors are considered stakeholders of the organization

D.

Employees are the organization ' s best assets and primary responsibility

Question # 219

According to IIA guidance, which of the following statements regarding ethics is true?

A.

Business ethics may vary within an organization with both domestic and foreign operations.

B.

Business ethics are universal in nature and organizations across the world are expected to comply with similar standards.

C.

A business ethics policy for an organization is established solely to direct the behavior and expectations of employees.

D.

Business ethics of an organization must remain independent from those of suppliers, customers, and business partners.

Question # 220

To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?

A.

Require board oversight of the QAIP.

B.

Assess Standards conformance for each individual engagement.

C.

Conduct a self assessment at least once every five years.

D.

Report the results of the QAIP to senior management

IIA-CIA-Part1 PDF

$33

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

IIA-CIA-Part1 PDF + Testing Engine

$52.8

$175.99

3 Months Free Update

  • Exam Name: Internal Audit Fundamentals
  • Last Update: Jul 10, 2026
  • Questions and Answers: 735
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

IIA-CIA-Part1 Engine

$39.6

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included