Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Which of the following statements is true regarding assurance services provided to clients outside of the organization?

A.

Assurance services for outside clients are not covered under the internal audit charter.

B.

Assurance services for outside clients must be approved on a case-by-case basis by the board of directors.

C.

The nature of assurance services for outside clients should be defined in the internal audit charter.

D.

The nature of assurance services for outside clients is the same as for internal clients.

A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization's payroll function, which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?

A.

She may participate, but only after she has completed one year with the IAA.

B.

She may participate, because she did not previously work in the Human Resources Department.

C.

She may participate, but she must be supervised by the auditor in charge.

D.

She may participate for training purposes, to build her knowledge of the IAA.

Which of the following control activities is the most effective to ensure users' levels of access are appropriate for their current roles?

A.

The human resources department generates a monthly list of terminated and transferred employees and requests IT to update the user access as required.

B.

Standardized user access profiles are developed and the appropriate access profiles are automatically assigned to new or transferred employees.

C.

System administrator rights are assigned to one user in each department who can update user access of terminated or transferred employees immediately.

D.

Department managers are required to perform periodic user access reviews of relevant systems and applications.

Faced with a complex, highly technical construction audit engagement, the chief audit executive (CAE) considered complementing the current internal audit resources by engaging the services of a civil engineer.

Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?

1. Professional certification, license, or other recognition of the engineer's competence in the relevant discipline.

2. Experience of the engineer in the type of work being considered.

3. Compensation or other incentives that the engineer may receive.

4. The extent of other ongoing services that the engineer may be performing for the organization.

A.

1 and 4 only

B.

2 and 3 only

C.

3 and 4 only

D.

1, 2, and 4 only

An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank's IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?

A.

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

B.

Not allow the audit manager to hire the contractor, as it would be a conflict of interest.

C.

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

D.

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

Which of the following is true regarding the use of a formal risk management framework?

1. It facilitates a methodical approach to risk mitigation.

2. It defines and standardizes the terminology used in risk communication.

3. It establishes the risk tolerance levels to be accommodated in the strategy.

4. It facilitates the alignment of risk mitigation strategies with management priorities.

A.

1.2, and 3.

B.

1,2, and 4.

C.

1.3, and 4.

D.

2. 3, and 4.

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Which two of the following are preventive controls in a check disbursement process?

1. Daily reconciliation of the bank account used for check disbursements and prompt follow-up of un-reconciled items.

2. Segregation of the following duties: establishing new vendors, approving checks, and reconciling the bank account.

3. An activity report detailing who accesses the check disbursement system and the nature of any action taken in the system.

4. Evidence of strong access controls ensuring that authorized individuals have access only to the functions related to their responsibilities.

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

The manager for an organization's accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?

A.

An operations audit of the accounts payable department.

B.

A consulting engagement related to a new accounts payable optimization initiative.

C.

A review of the employees' sports club finances, which are overseen by the chief audit executive.

D.

An assurance review for a sales program on which she previously provided consultation.

According to The IIA's Code of Ethics, which of the following statements is true?

A.

When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value.

B.

When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity.

C.

When an internal auditor disagrees with the treatment received by workers in the organization's foreign subsidiary and alters the audit program to highlight the issue, he fails to demonstrate objectivity.

D.

When an internal auditor continues with an audit engagement, despite the audit client's claims that the work performed is unnecessary and redundant he fails to demonstrate competency.

What is the additional advantage of facilitated workshops, in comparison with structured interviews, used when testing the effectiveness of entity-level controls?

A.

During facilitated workshops, people more openly say things to internal auditors than during private interviews.

B.

Internal auditors do not need other sources of information, as the data gathered during facilitated workshops is sufficient.

C.

Facilitated workshops create a synergy of discussion that can bring multiple perspectives to the same issue.

D.

The testimonial evidence obtained during facilitated workshops is generally considered more reliable.

Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?

A.

Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions.

B.

The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff.

C.

Security cameras that monitor cash handling at the register are not functioning.

D.

The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff.

According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor's need for objectivity?

A.

An internal auditor assessed the effectiveness of controls over payroll software, which he had helped implement with a previous employer.

B.

An internal auditor participated in an audit of controls around absenteeism, despite providing some consultation on controls in this area earlier in the year.

C.

An internal auditor performed an assurance engagement for the effectiveness of accounts payable access controls, one of which he previously helped to design.

D.

An internal auditor, previously employed in the quality assurance operations area, performed a consulting engagement for the operations manager.

The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?

A.

The CAE's work may be reviewed by any other experienced staff member within the IAA.

B.

The CAE's work should be reviewed by an individual with the appropriate background and knowledge.

C.

The CAE may self-review his work, provided he discloses this practice in the final report.

D.

The CAE should avoid performing engagements to ensure he is able to review all audit work objectively.

An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. Which of the following is an example of risk reduction?

A.

Management sells the product division to a competitor.

B.

Management outsources the product division to a third party.

C.

Management allows the product division to remain unchanged.

D.

Management modifies the product division to minimize errors.