NEW QUESTION 1
Which of the following is considered a violation of The IIA's Code of Ethics?

• A. An auditor conveys public information about an organization's financial condition.
• B. An auditor reports a manager's illegal activity to senior management, rather than reporting the incident to the appropriate external authority.
• C. An auditor receives allegations of fraud from a whistleblower and immediately reports the allegations to senior management.
• D. An auditor reports material deficiencies, despite the fact that management is already aware of the defects.

Answer: C

NEW QUESTION 2
A credit card company detects potential errors in credit card numbers by checking whether all entered numbers contain the correct amount of digits. This is an example of which of the following IT controls?

• A. Logic test.
• B. Check digits.
• C. Data integrity tests.
• D. Balancing control activities.

Answer: A

NEW QUESTION 3
The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?

• A. The CAE's work may be reviewed by any other experienced staff member within the IAA.
• B. The CAE's work should be reviewed by an individual with the appropriate background and knowledge.
• C. The CAE may self-review his work, provided he discloses this practice in the final report.
• D. The CAE should avoid performing engagements to ensure he is able to review all audit work objectively.

Answer: B

NEW QUESTION 4
Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

• A. Workshops.
• B. Surveys.
• C. Interviews.
• D. Observation.

Answer: B

NEW QUESTION 5
Which of the following scenarios best illustrates the principle of due professional care?

• A. An internal auditor evaluates the significant risks arising from a consulting engagement.
• B. An internal auditor declares that he would have a conflict of interest in providing planned audit support.
• C. An internal auditor has been given sufficient authority to access documents needed to make an appraisal of an issue.
• D. An internal auditor uses technology-based audit techniques to ensure that all significant risks are identified.

Answer: A

NEW QUESTION 6
A multinational organization has asked the internal audit activity to assist in setting up the organization's risk management system. The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

• A. Coordinate and facilitate risk workshops for management to attend.
• B. Establish the degree of risk appetite for management to accept.
• C. Set risk indicators and mitigation plans for management to implement.
• D. Determine the number of significant risks for management to report to the board.

Answer: D

NEW QUESTION 7
According to IIA guidance, which of the following should be formally documented in the internal audit charter?

• A. The internal audit activity's responsibility for imposing risk management processes.
• B. The internal audit activity's responsibility for the organization's governance framework.
• C. The nature of consulting services provided by the internal audit activity.
• D. The budgeting process for the internal audit activity.

Answer: C

NEW QUESTION 8
To fill a critical vacancy, an internal auditor is assigned temporarily to a nonaudit role in the purchasing department, where she worked previously before joining the internal audit activity. According to IIA guidance, which of the following statements is true regarding these circumstances?

• A. The chief audit executive (CAE) should review all work performed by the auditor during her temporary assignment to ensure no impairments.
• B. The CAE may conduct audits in the purchasing department during the auditor's temporary assignment.
• C. The auditor should obtain the CAE's approval as to the nature and scope of the duties she is permitted to perform during her temporary assignment.
• D. Any work performed by the auditor during her temporary assignment must conform to the internal audit charter.

Answer: C

NEW QUESTION 9
Which of the following control activities is the most effective to ensure users' levels of access are appropriate for their current roles?

• A. The human resources department generates a monthly list of terminated and transferred employees and requests IT to update the user access as required.
• B. Standardized user access profiles are developed and the appropriate access profiles are automatically assigned to new or transferred employees.
• C. System administrator rights are assigned to one user in each department who can update user access of terminated or transferred employees immediately.
• D. Department managers are required to perform periodic user access reviews of relevant systems and applications.

Answer: D

NEW QUESTION 10
According to IIA guidance, which of the following statements is true when an internal auditor performs consulting services that improve an organization's operations?

• A. The services must be aligned with those defined in the internal audit charter.
• B. The services must not be performed by the same internal auditor who performed assurance services, in order to maintain objectivity.
• C. The services may preclude assurance services from the consulting engagement.
• D. The services impose no responsibility to communicate information other than to the engagement client.

Answer: B

NEW QUESTION 11
According to The IIA's Code of Ethics, which of the following statements is true?

• A. When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value.
• B. When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity.
• C. When an internal auditor disagrees with the treatment received by workers in the organization's foreign subsidiary and alters the audit program to highlight the issue, he fails to demonstrate objectivity.
• D. When an internal auditor continues with an audit engagement, despite the audit client's claims that the work performed is unnecessary and redundant he fails to demonstrate competency.

Answer: C

NEW QUESTION 12
What is the additional advantage of facilitated workshops, in comparison with structured interviews, used when testing the effectiveness of entity-level controls?

• A. During facilitated workshops, people more openly say things to internal auditors than during private interviews.
• B. Internal auditors do not need other sources of information, as the data gathered during facilitated workshops is sufficient.
• C. Facilitated workshops create a synergy of discussion that can bring multiple perspectives to the same issue.
• D. The testimonial evidence obtained during facilitated workshops is generally considered more reliable.

Answer: C

NEW QUESTION 13
According to The IIA's Code of Ethics, which of the following is true?

• A. Confidentiality requires that auditors disclose all material facts known to them.
• B. Integrity requires that auditors perform internal audit services in accordance with the Standards.
• C. Objectivity requires that auditors perform their work with honesty, diligence, and responsibility.
• D. Confidentiality requires that auditors be prudent in the use and protection of client information.

Answer: D

NEW QUESTION 14
An organization invests its savings in a volatile stock with the potential for high gains rather than a mutual fund with a lower expected return and lower volatility. This best describes which of the following risk concepts?

• A. Risk identification.
• B. Risk appetite.
• C. Risk capacity.
• D. Risk tolerance.

Answer: D

NEW QUESTION 15
According to the COSO internal control framework, which of the following best describes the use of continuous auditing programs by the internal audit activity?

• A. Control environment.
• B. Control activities.
• C. Risk assessment.
• D. Monitoring.

Answer: D

NEW QUESTION 16
According to IIA guidance, which of the following should be included in the internal audit charter?

• A. The minimum resources and competencies needed for the internal audit activity.
• B. Identification of the organizational units where engagements are to be performed.
• C. Organizational relationships and reporting lines.
• D. Assigned responsibilities for designing and implementing controls.

Answer: C

NEW QUESTION 17
Which of the following is a detective control strategy against fraud?

• A. Requiring employees to attend ethics training.
• B. Performing background checks on employees.
• C. Implementing a control self-assessment.
• D. Performing a surprise audit.

Answer: D

NEW QUESTION 18
Which of the following combinations of conditions is most likely a red flag for fraud?

• A. The practice of surprise audits and the implementation of an employee support program.
• B. Hiring an employee with a prior fraud conviction and yearly management review.
• C. Occasional accounting department overrides and discontinuation of the anonymous fraud hotline due to infrequent use.
• D. A veteran employee in upper management experiencing financial difficulties and recently implemented enhanced controls.

Answer: C

NEW QUESTION 19
Which of the following best ensures the independence of the internal audit activity?
* 1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis.
* 2. The audit committee reviews the performance of the chief audit executive (CAE) periodically.
* 3. The internal audit charter requires the CAE to report functionally to the audit committee.

• A. 3 only
• B. 1 and 2 only
• C. 2 and 3 only
• D. 1, 2, and 3

Answer: C

NEW QUESTION 20
......