IIA IIA-CIA-Part2 Practice of Internal Auditing Exam Practice Test

The accounts payable supervisor, accounts payable manager, and controller.

The accounts payable manager, purchasing manager, and receiving manager.

The accounts payable supervisor, controller, and treasurer.

The accounts payable manager, chief financial officer, and audit committee.

The member and the internal auditor should opt for informal meetings even if it means that no formal documentation will be created.

The mentor relationship is usually not suitable for internal audit staff, as it does not leas to professional development.

The value of mentoring is derived primarily from the personal relationship between the two parties involved, and the mentor’s level of relevant experience should not be a key factor.

The mentor should be the internal auditor’s supervisor to ensure that the auditor performance is assessed in a relevant and meaningful context.

Create a tracking system for follow up

Ensure that follow-up activities are performed at least weekly.

Delegate follow-up activities to qualified administrative staff within the business unit

Ensure that follow-up activities are performed by the most senior auditor on staff

Condition-based recommendations

Cause-based recommendations

Effect-based recommendations

Root cause-based recommendations

A spaghetti map

A heat map.

A process map

An assurance map

When the CAE reports the audit outcome to senior management.

When the residual risk is identified before the engagement is complete.

Immediately, as residual risk should be communicated as soon as possible

When management of the area under review has resolved and mitigated the residual risk

Identifying and managing risks in line with the entity's risk appetite.

Ensuring that a proper and effective risk management process exists.

Attaining an adequate understanding of the entity's key mitigation strategies.

Identifying and ensuring that appropriate controls exist to mitigate risks.

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

Communication of any internal ethics violations to external parties may occur with appropriate safeguards.

Cultural impacts are less critical where the organization practices uniform polices around the globe.

Cross-cultural differences should always be handled by the staff of the same cultural background.

Local law enforcement should be involved as they are more familiar with the applicable local laws.

To ensure that the engagement is completed on time and within budget

To ensure that all work performed meets acceptable quality standards

To ensure that management has provided suitable responses to all observations

To ensure that management is satisfied with the progress of the engagement

Strategic sourcing

Loan staff arrangement

Flat organizational structure

Hierarchical organizational structure

Scheme.

Opportunity.

Rationalization.

Pressure.

The organization's audit universe is extensive and diverse.

There has been an increase in unanticipated requests for advisory work.

Previous work provided by the external service provider has been of great quality and value.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

The amount of experience the auditors have conducting audits in the specific area of the organization.

The availability of the auditors in relation to the availability of key client staff.

Whether the budgeted hours are sufficient to complete the audit within the current scope.

Whether outside resources will be needed, and their availability.

$84,000

$238,095

$700,000

$2100.000

Inform the audit supervisor.

Investigate the potential conflict of interest.

Inform the external auditors of the potential conflict of interest.

Disregard the potential conflict, because it is outside the scope of the audit assignment.

Assert whether the described and reported control processes and systems exist.

Assess whether senior management adequately supports and promotes the internal control culture described in the report.

Evaluate the completeness of the report and management's responses to identified deficiencies.

Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.

All requests for consulting engagements must be included in the annual internal audit plan

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

The organization's view on risk tolerance

The organization's principal risk events.

The organization's risk response strategies

The organization's major control activities

Gap analysis

Staff preferences

Maturity analysis

Extent of external audit coverage

Evaluating procurement department process effectiveness

Helping in the design of the risk management program

Assessing financial reporting control adequacy

Reviewing environmental, social, and governance reporting compliance

Compare the firm's financial performance with organizations in the same industry

Interview all managers involved in preparing the financial statements

Perform a bank reconciliation to confirm the cash balance in the financial statements.

Trace each financial transaction to the original supporting document

Use guest auditors from within the organization, and leverage their experience by assigning them to lead engagements m areas where they previously worked

Outsource some of the audits to the organization s external auditor who is already familiar with the organization

Invite nonauditors to join the internal audit activity for a two-year rotational position, and assign them to join audit teams that are reviewing areas where they have no previous management responsibility

Recruit recent college graduates and employ them as audit interns with an aim to offer permanent employment

Detective compensating controls

Preventive compensating controls

Detective Key controls

Preventive key controls

The CAE should reassess and validate the risk tolerance policy

The CAE should escalate the issue to senior management .

The CAE should reiterate the internal audit team's recommendations to management .

The CAE should grant management more time to implement the recommendation and check the status of the issue during the next scheduled follow-up.

The organizational chart, business objectives and policies and procedures of the area to be reviewed.

The most recent risk assessment conducted by management of the area to be reviewed.

The requests of operational and senior management throughout the organization.

The preliminary risk assessment performed by internal auditors planning the engagement

Operational management has decried to weigh an audit issue against the organization's risk tolerance

A controls inaccurate operation has materially impacted the accuracy of the poor year's financial statements

Occurrences of asset misappropriation have been identified as a result of an ineffective operational control design

The controls that management performed to confirm compliance with health and safety standards were not systematically documented

Operational management, because they are responsible for the day-to-day management of the operational risks.

The CRO, because he is responsible for coordinating and project managing risk activities based on his specialized skills and knowledge.

The chief audit executive, although he is not accountable for risk management in the organization.

The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed tolerance limits set by the board.

The CAE has no role to play, because the chief health and safety officer reports to a senior executive.

The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.

The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.

The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.

Communicate the workpaper review results to management of fie area under review to validate the final report

Update the final report in the file with any necessary corrections based on the workpaper review.

Discuss the workpaper review results with the staff auditor where appropriate as a leaning opportunity

Add the manager's review notes to the final documentation following the review

The engagement team should include internal auditors who have expertise in investigating vendor fraud

The engagement team should be composed of certified accountants who are proficient In financial statement analysis and local accounting principles

To preserve independence and objectivity, an auditor who worked for the vendor two years prior may not participate on the engagement team

The engagement team may include an auditor who lacks knowledge of the industry in which the vendor operates

A survey with open-ended questions is weaker than a structured interview

A survey with closed-ended questions can produce quantifiable evidence

A survey's participants are likely to volunteer information that was not specifically requested

A survey, like inspections and confirmations are best used to test the operating effectiveness of controls

A review of the key performance indicators of me area under review.

A walkthrough of the key processes of the area under review.

An interview with the manager regarding the area's business plan.

A review of previous audit and follow- up results of the area under review

The observation was made during the same audit, and the action plan has a common owner.

The observation relates to the same control activity within a common process.

The observation has a common control, and it was noted in a prior audit.

The observation has a common process, and the action plan for the observation has a common owner.

The overall performance resulting from the internal audit balanced scorecard

The number of outstanding and overdue management actions

The experience of the organization's internal auditors

The number of audits in the annual audit plan relative to similar organizations

An interview with the employee who performed the work

An analysis of purchasing and receiving documentation

Existence of a signed completion document accepting the work

A physical inspection of the retail outlet.

1 and 2 only

3 and 4 only

1, 2, and 4

1, 3, and 4

A relevant procurement law or regulation.

A list of the company's vendors.

A review of a sample of tenders during the audited period.

A summary of the company's expenditures and their categories.

Top-down approach

Process-Metrix approach

Risk-factor approach

Bottom up approach

The auditor compares information from one period with the same information from the poor period

The auditor compares new information to his general knowledge of the organization

The auditor compares information he collected with simmer information from another source

The auditor compares expected outcomes with actual results

The CAE is required to review, approve, and sign every engagement report.

The CAE is required to review, approve, and sign all regulatory compliance engagement reports only

The CAE may delegate responsibility for reviewing, approving and signing engagement reports, but should review the reports after they are issued.

The internal audit charter must identify authorized signers of engagement reports.

PPS sampling s used to reach conclusions regarding monetary amounts, attribute sampling is not.

PPS sampling is used to roach conclusions regarding rates of occurrence, attribute sampling is not.

PPS sampling a applied within the context of testing controls attribute sampling s not.

Attribute sampling is affected by the monetary book value of the population PPS sampling is not

The CAE must discuss the matter with senior management

The CAE must discuss the matter with key shareholders

The CAE must discuss the matter with legal counsel

The CAE must discuss the matter with the board

Refuse to accept the consulting engagement because it would be a violation of independence.

Collaborate with the external auditor to ensure the most efficient use of resources.

Accept the engagement but hire an external training specialist to provide the necessary expertise.

Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.

1 and 2

1 and 4

2 and 3

3 and 4

The probability and frequency of occurrence

Financial and nonfinancial factors related to the risk

The number of risks identified on the heat map

The residual risk following implementation of appropriate controls

Awareness of prior incidents of fraud.

Contractor non-disclosure agreements.

Verification of currency exchange rates.

Receipts for employee expenses.

The review should focus on the efficiency of the controls in place to prevent fraud.

The scope of the review does not need to include all operating areas of the organization.

The cost of the control should be compared to the benefit of mitigating the related risk.

The review should assess whether the internal controls can be circumvented.

1 and 3 only

1 and 4 only

2 and 3 only

2 and 4 only

The engagement supervisor must notify the chief audit executive (CAE) that the deficiencies have not been rectified

The engagement supervisor should rely on professional judgment as to whether the CAE should be informed, or the management action plan should be adjusted

The engagement supervisor should rely on his negotiation skills and issue an ultimatum to management to remedy the control deficiencies

Ensure that these deficiencies are captured in the documentation as high-priority areas to be reviewed during the next audit.

Assess management responses to key risk exposures

Analyze the costs and benefits of key controls

Evaluate the design adequacy of known controls

Conduct a walk-through of all related activates

Internal control questionnaires are useful m evaluating the effectiveness of standard operating procedures

internal control questionnaires provide reliable documents allowing internal auditors to cover many control procedures in little time

Internal control questionnaires can be used by internal auditors as an interview guide

Internal control questionnaires provide direct audit evidence which may need corroboration

Generalized audit software.

Utility software

integrated test facilities

Audit expert systems

Evaluate and verify management's response, and determine the need and scope for additional work.

Evaluate and verify management's response, and establish timelines for corrective action by management.

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.