AUDIT Practice Exam 77 Questions with Verified Answers,100% CORRECT

AUDIT Practice Exam 77 Questions with Verified Answers The scope of internal auditing work encompasses a systematic, disciplined approach to evaluating and improving the adequacy and effectiveness of all the following processes except A. Governance. B. Financial statements. C. Control. D. Risk management - CORRECT ANSWER Financial Statements According to the Standards, an internal auditor's role with respect to operating objectives and goals includes: A. Approving the operating objectives or goals to be met. B. Determining whether underlying assumptions are appropriate. C. Developing and implementing control procedures. D. Accomplishing desired operating program results. - CORRECT ANSWER Determining whether underlying assumptions are appropriate Which of the following activities is outside the scope of internal auditing? A. Assessing an operating department's effectiveness in achieving stated organizational goals. B. Safeguarding assets C. Checking for compliance with laws and regulations D. Evaluating established objectives and goals - CORRECT ANSWER first round - B. third round - B Which of the following are required of the internal audit function per the Standards? A. Evaluate annually the effectiveness of the audit committee. B. Issue annually an overall opinion on the adequacy of the organization's system of internal controls. C. Obtain an annual representation from management acknowledging management's responsibility for the design and implementation of internal controls to prevent illegal acts. D. Assess whether the information technology governance of the organization sustains and supports the organization's strategies and objectives. - CORRECT ANSWER CORRECT C. Obtain an annual representation from management acknowledging management's responsibility for the design and implementation of internal controls to prevent illegal acts. Ref. Standard 1320 - Reporting on the Quality Assurance and Improvement Program "The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board." When assessing risk management processes, internal auditors consider researching and reviewing current developments, trends, and other appropriate sources of information to determine I. Risks that may affect the organization II. Exposures that may affect the organization III. Related control procedures to use A.I and II only B. II and III only C. III only D. I, II, and III - CORRECT ANSWER I, II, and III The proper organizational role of internal auditing is to A. Perform studies to assist in the attainment of more efficient operations. B. Serve as the investigative arm of the board. C. Assist the external auditor in order to reduce external audit fees. D. Serve as an independent, objective assurance and consulting activity that adds value to operations. - CORRECT ANSWER Serve as an independent, objective assurance and consulting activity that adds value to operations. Requiring two signatures on all checks written for more than $10,000 is an example of a: A. Preventive control. B. Monitoring control C. Detective control. D. Corrective control. - CORRECT ANSWER A. Preventative control All of the following are primary objectives of the overall management process except: A. Improving the effectiveness of governance, risk management, and control processes. B. Compliance with laws, regulations, ethical and business norms, and contracts. C. Identification of risk exposures and use of effective strategies to control them. D. Safeguarding of the organization's assets. - CORRECT ANSWER Improving the effectiveness of governance, risk management, and control processes. (This is a function of Internal Audit) The policies and procedures helping to ensure that management directives are executed and actions are taken to address risks to achievement of objectives describes A. Risk assessments B. Control environments C. Control activities D. Monitoring - CORRECT ANSWER Control activities Flowcharting would most likely be used in the evaluation of controls in: A. An application involving the joint efforts of both internal and external auditing. B. An internal audit department with limited experience in the evaluation of internal control systems. C. A simple but well documented system. D. A complex system - CORRECT ANSWER A simple but well documented system?? Who is ultimately responsible for identifying new or emerging key risk areas that should be covered by the organization's governance process? A. The board of directors B. Senior management C. Risk owners D. The internal audit function. - CORRECT ANSWER Senior Management Directors, management, external auditors, and internal auditors all play important roles in creating proper control processes. Senior management is primarily responsible for A. Establishing and maintaining an organizational culture. B. Reviewing the reliability and integrity of financial and operational information. C. Ensuring that external and internal auditors oversee the administration of the system of risk management and control processes. D. Implementing and monitoring controls designed by the board of directors. - CORRECT ANSWER Establishing and Maintaining organizational culture Which of the following describes a control weakness? A. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor. B. Pre-numbered blank purchase orders are secured within the purchasing department C. Normal operational purchases fall in the range from $500 to $1,000 with two signatures required for purchases over $1,000 D. The purchasing agent invests in a publicly traded mutual fund that lists the stock of one of the organization's suppliers in its portfolio. - CORRECT ANSWER Purchasing Procedures are well designed and are followed unless otherwise directed by the purchasing supervisor In the risk management process, management's view of the internal audit activity's role is likely to be determined by all of the following factors except A. Organizational culture B. Preferences of the independent auditor C. Ability of the internal audit staff D. Local conditions and customs of the country. - CORRECT ANSWER Preferences of the independent auditor Which if the following would constitute a violation of the Code of Ethics? A. Discussing your organization's data processing control system at a trade convention. B. Purchasing stock in a target after overhearing an organization executive discussing a possible acquisition. C. Deleting sensitive information from a report at the request of senior management. D. Investigating executive expense reports based on rumors of padding. - CORRECT ANSWER Purchasing stock in a target after overhearing an organization executive discussing a possible aquisition During the audit of one of its organization's nuclear power plants, an internal auditing team discovered serious instances of violations of safety procedures. The code of Ethics requires the audit team to: A. Present sufficient factual evidence without revealing confidential information that could be detrimental to their organization. B. Disclose all material evidence obtained by the audit team as of the date of the audit report. C. Report factual evidence gathered within established time and budget restraints. D. Reveal material facts known to the audit team that could distort the report if not disclosed. - CORRECT ANSWER Reveal material facts know to the audit team that could distort the report if not disclosed Internal audit activities may involve which of the following? A. Both assurance and consulting services. B. Consulting services. C. Neither assurance nor consulting services. D. Assurance services. - CORRECT ANSWER Both assurance and consulting activities In assessing organizational risk in a manufacturing firm, which of the following would have the most long-range impact on the organization? A. Advertising budget. B. Production scheduling. C. Product quality. D. Inventory policy. - CORRECT ANSWER Product quality A corporate policy is an example of a A. corrective control. B. directive control. C. preventive control. D. detective control. - CORRECT ANSWER Directive control Governance is a A. process. B. procedure. C. directive. D. method. - CORRECT ANSWER process. Control Devices may be Quantitative Qualitative A. Yes Yes B. Yes No C. No Yes D. No No - CORRECT ANSWER Yes and Yes Which of the following members of an organization has ultimate ownership responsibility of the ERM, provides leadership and direction to senior managers, and monitors the entity's overall risk activities in relation to its risk appetite? A. Chief risk officer B. Chief executive officer C. Internal auditors D. Chief financial officer. - CORRECT ANSWER Chief executive officer What action must the chief audit executive take when (s)he believes that senior management has accepted a level of residual risk that is unacceptable to the organization? A. Report the matter to the board for resolution B. Reported the matter to an external authority. C. Discuss the matter with external auditors. D. Discuss the matter with senior management. - CORRECT ANSWER Discuss the matter with senior management Internal auditing work encompasses all of the following processes except: A. Risk Management B. Control C. Financial Statements D. Governance - CORRECT ANSWER Financial Statements Which of the following is/are components of the Standards? I. Statements II. Interpretations III.The glossary A. I only. B. I and II. C. I and III. D. I, II, and III. - CORRECT ANSWER I,II, and III The purpose of the Standards (SPPIA) include all of the following except A. Guiding the ethical conduct of internal auditors. B. Stating basic principles that represent the practice of internal auditing as it should be. C. Establishing the basis for the measurement of internal audit performance. D. Fostering improved organizational processes and operations. - CORRECT ANSWER Guiding the ethical conduct of internal auditors Which of the following is the BEST reason for the chief audit executive (CAE) to consider the organization's strategic plan in developing the annual audit plan? A. To ensure that the internal audit plan supports the overall business objective. B. To ensure that the internal audit plan will be approved by senior management. C. To emphasize the importance of the internal audit function to the organization. D. To provide assurance that the strategic plan is consistent with the organization's values. - CORRECT ANSWER To ensure that the internal audit plan supports the overall business objective What is inherent risk? Risk that is under control. Risk that is not managed. Impact of risk. Underlying risk in the environment. - CORRECT ANSWER Underlying risk in the environment Which of the following are organizational responses to a risk? A. Avoidance, Mitigation, Sharing, Acceptance. B. Avoidance, Reduction, Ranking, Acceptance. C. Avoidance, Reduction, Sharing, Acceptance. D. Avoidance, Reduction, Mitigation, Acceptance. - CORRECT ANSWER Avoidance, reduction, sharing, acceptance In enterprise-wide risk management (ERM), the internal audit activity's core assurance roles include A. Coordinating ERM. B. Evaluating the reporting of key risks C. Championing establishment of ERM D. Implementing - CORRECT ANSWER Evaluating and Reporting of key risks A recent inventory shortage at XYZ Corp., and unaffiliated supplier, contributed to production failures at OPS Corp. in the current period. To avoid future production failures because of supplier inventory shortages, the most appropriate method is for OPS to A. Establish an inventory control framework at XYZ B. Increase the size of orders C. Produce the inventory items instead of purchasing from suppliers D. Inform XYZ about its risk appetite regarding supply failures. - CORRECT ANSWER Inform XYZ about its risk appetite regarding supply failures The actions taken to manage risk and increase the likelihood that established objectives and goals will be achieved are best described as A. Supervision. B. Quality assurance. C. Compliance. D. Control. - CORRECT ANSWER Control One of the purposes of the International Standards for the Professional Practice of Internal Auditing as stated in the introduction to the current version of the Standards is to A. Establish the independence of the internal audit activity and emphasize the objectivity of internal auditing. B. Establish the basis for evaluating internal auditing performance. C. Encourage the professionalization of internal auditing. D. Encourage external auditors to make more extensive use of the work of internal auditors. - CORRECT ANSWER Establish the basis for evaluating internal auditing performance According to the Standards, the independence of internal auditors is achieved through: Staffing and supervision Continuing education and due professional care Human relations and communications Organizational status and objectivity - CORRECT ANSWER Organizational status and objectivity Upon obtaining factual documentation of unethical business conduct by the vice president in charge of internal auditing, the chief audit executive should: Conduct an investigation to determine the extent of the vice president's involvement in the unethical acts. Confront the vice president with the fact before proceeding. Schedule an audit of the business function involved. Report the facts to the chief executive officer and the audit committee. - CORRECT ANSWER Report the facts to the chief executive officer and the audit committee Which of the following is NOT an appropriate governance role for an organization's board of directors? Establishing broad boundaries of conduct, outside of which the organization should not operate. Providing assurances directly to third parties that the organization's governance processes are effective. Evaluating and approving strategic objectives. Influencing the risk-taking philosophy. - CORRECT ANSWER Providing assurances directly to third parties that the organizations governance processes are effective Which of the following is most likely an internal audit role in a less structured governance process? Designing specific governance processes. Playing a consulting role in optimizing governance practices and structure. Providing advice about basic risks to the organization. Evaluating the effectiveness of specific governance processes. - CORRECT ANSWER Providing advice about basic risks to the organization Appropriate internal control for a multinational corporation's branch office that has a department responsible for the transfer of money requires that: A. The individual who initiates the wire transfers does not reconcile the bank statement. Foreign currency rates be computed separately by two different employees. The branch manager receives all wire transfers. Corporate management approves the hiring of monetary transfer unit employees. - CORRECT ANSWER The individual who initiates the wire transfers does not reconcile the bank statement The internal audit activity's scope of responsibilities includes Eliminating risk Managing Risk Evaluating Risk Controlling Risk. - CORRECT ANSWER Evaluating Risk Which of the following are organizational responses to a risk? A. Avoidance, Reduction, Ranking, Acceptance. B. Avoidance, Reduction, Sharing, Acceptance. C. Avoidance, Reduction, Mitigation, Acceptance. D. Avoidance, Mitigation, Sharing, Acceptance. - CORRECT ANSWER d Avoidance, reduction, sharing, acceptance Under what circumstances would an internal auditor be required to forfeit the CIA designation? Upon leaving the internal auditing profession. After action by The IIA's International Ethics Committee When found by the IIA's Board of Directors to be in violation of the Code of Ethics. Upon commission of a felony or other action resulting in serious criminal charges. - CORRECT ANSWER When found by the IIA's board of directors to be in violation of the code of ethics The proper organizational role of internal auditing is to Serve as an independent, objective assurance and consulting activity that adds value to operations. Perform studies to assist in the attainment of more efficient operations. Assist the external auditor in order to reduce external audit fees. Serve as the investigative arm of the board. - CORRECT ANSWER A In the Standards for the Professional Practice of Internal Auditing, the word shall means Deviations may be made if necessary if requested by management. Compliance is mandatory. Deviation from a requirements must be documented. Compliance is recommended - CORRECT ANSWER Compliance is mandatory Which of the following are elements included in the control environment? A. Organizational structure, management philosophy, and planning B. Integrity and ethical values,assignment of authority and human resource policies. C. Competence of personnel, backup facilities, laws, and regulations D. Risk assessment, assignment of responsibility, and human resource practices - CORRECT ANSWER Integrity and ethical values, assignment of authority, and human resource policies Which of the following is NOT an appropriate governance role for an organization's board of directors? A. Influencing the risk-taking philosophy. B. Establishing broad boundaries of conduct, outside of which the organization should not operate. C. Evaluating and approving strategic objectives. D. Providing assurances directly to third parties that the organization's governance processes are effective. - CORRECT ANSWER D One of the basic principles of internal control is segregation of duties. Which one of the following examples does NOT violate the segregation of duties? A. The treasurer has the authority to sign checks but gives the signature block to the assistant treasurer to run the check-signing machine. B. The warehouse clerk, who has the custodial responsibility over inventory in the warehouse, may authorize disposal of damaged goods. C. The sales manager has the responsibility to approve credit and the authority to write off accounts. D. The department time clerk is given the undistributed payroll checks to mail to absent employees. - CORRECT ANSWER a? round z - A Whether a deviation is an error or irregularity is determined by A. whether the process is manual or computerized. B. whether the individual involved is a manager. C. the intent of the individual(s) involved. D. the amount of the deviation. - CORRECT ANSWER c. the intent An auditor discovers some material inefficiencies in a purchasing function. The purchasing manager happens to be the auditor's next-door neighbor and best friend. In accordance with the Code of Ethics, the auditor should: A. Objectively include the facts of the case in the audit report. B. Not report the incident because of loyalty to the friend. C. Include the facts of the case in a special report submitted only to the friend D. Not report the friend unless the activity is illegal - CORRECT ANSWER A. One of the purposes of the Standards is to: A. Establish the certification criteria for a CIA. B. Specify the content of the internal auditing department's charter. C. Serve as a guide in determining the reliance that can be placed on the organization's system of internal control. D. Establish a basis for measuring and guiding internal audit reports - CORRECT ANSWER D. Establish a basis for measuring and guiding internal audit reports An internal auditor engages in the preparation of income tax returns during the tax season. For which of the following activities might the auditor most likely be in violation of the Code of Ethics? A. Writing a tax guide that is intended for publication and sale to the general public. B. Preparing the personal tax return, for a fee, for one of the organization's division managers without the consent of senior management. C. Teaching an evening tax seminar, for a fee, at a local university D. Preparing tax returns for elderly citizens, regardless of their associations, as a public service. - CORRECT ANSWER Preparing the personal tax return, for a fee, for one of the organizations division managers without consent of senior management Risks are assessed in terms of: A. impact and likelihood. B. events and likelihood. C. cost and possibility. D. impact and behavior. - CORRECT ANSWER impact and likelihood Which of the following statements is NOT true regarding the efficient and economical achievement of the organization's objectives and goals? A. Economical performance accomplishes objectives and goals with minimal use of resources with no regard to risk exposure. B. Efficient performance accomplishes objectives and goals in a timely manner. C. Economical performance accomplishes objectives and goals with minimal use of resources commensurate with the risk of exposure. D. Efficient performance accomplishes objectives and goals in an accurate economical manner. - CORRECT ANSWER A. What is residual risk? A. Risk that is not managed. B. Risk that is under control. C. Impact of risk. D. Underlying risk in the environment. - CORRECT ANSWER CORRECT A. Risk that is not managed. Management can best strengthen internal control over the custody of inventory stored in an off-site warehouse by implementing A. Reconciliations of transfer slips to/from the warehouse with inventory records B. Increases in insurance coverage C. Regular reconciliation of physical inventories to accounting records. D. Regular confirmation of the amount on hand with the custodian of the warehouse. - CORRECT ANSWER Regular reconciliation of physical inventories to accounting records Which of the following statements is NOT true about business objectives? A. Business objectives represent targets of performance. B. Establishing meaningful business objectives is a prerequisite to effective internal control. C. Establishing business objectives is a key component of the management process. D. Business objectives are management's means of employing resources and assigning responsibilities. - CORRECT ANSWER Business objectives are managements means of employing resources and assigning responsibilities During the audit of one of its organization's nuclear power plants, an internal auditing team discovered serious instances of violations of safety procedures. The code of Ethics requires the audit team to: A. Present sufficient factual evidence without reveling confidential information that could be detrimental to their organization. B. Disclose all material evidence obtained by the audit team as of the date of the audit report. C. Report factual evidence gathered within established time and budget restraints. D. Reveal material facts known to the audit team that could distort the report if not disclosed. - CORRECT ANSWER D. round x Ensuring effective organizational performance management and accountability is most directly the proper function of Control Governance Risk Management A quality assurance program. - CORRECT ANSWER Governance Risk is defined as: The possibility that an event will occur. The possibility that an event will occur and adversely affect the achievement of objectives. The magnitude of an adverse event. The possibility of dangerous activity. - CORRECT ANSWER B. round x The purpose of the Standards (SPPIA) include all of the following except Establishing the basis for the measurement of internal audit performance. Fostering improved organizational processes and operations. Guiding the ethical conduct of internal auditors. Stating basic principles that represent the practice of internal auditing as it should be. - CORRECT ANSWER Guiding the ethical conduct of internal auditors Which of the following actions by an auditor would violate the Code of Ethics? A. An audit of an activity managed by the auditor's spouse. B. A material financial investment in the organization. C. Use of an organization car. D. A significant ownership interest in a non-related business. - CORRECT ANSWER An audit of an activity managed by the auditor's spouse. The Standards requires that the CAE seek the approval of management and acceptance by the board of a formal written charter for the internal auditing department. The purpose of this charter is to: A. Protect the internal auditing department from undue outside influence. B. Establish the purpose, authority, and responsibility of the internal audit department C. Clearly define the relationship between internal and external auditing D. Establish the CAE's status as a staff executive. - CORRECT ANSWER Establish the purpose, authority, and responsibility of the internal audit department Of the techniques available to an auditor, which is the most valuable in providing a summary outline and overall description of the process of transactions in an information system? A. Test decks. B. Flowcharts. C. Transaction Retrievals. D. Software code comparions. - CORRECT ANSWER Flowcharts. Internal Auditors often flowchart a control system and reference the flowchart to create a narrative description of certain activities. This is an appropriate procedure to: A. Determine the ability of the activities to produce reliable information. B. Obtain the understanding necessary to test the effectiveness of the system. C. Determine if the system meets established management objectives. C. Document that the system meets international auditing standards. - CORRECT ANSWER Obtain the understanding necessary to test the effectiveness of the system In the Standards for the Professional Practice of Internal Auditing, the word must means A. Compliance is mandatory. B. Deviation from a requirements must be documented. C. Deviations may be made if necessary if requested by management. D. Compliance is recommended - CORRECT ANSWER compliance is mandatory As used by the internal auditing profession, the Standards refers to all of the following except: A. Criteria by which the operations of an internal audit department are evaluated and measured. B. Criteria which dictate the minimum level of ethical actions to be taken by internal auditors. C. Statements intended to represent the practice of internal auditing as it should be. D. Criteria that are applicable to all types of internal audit departments. - CORRECT ANSWER Criteria which dictate the minimum level of ethical actions to be taken by internal auditors In recent years, control self-assessment has become a valuable auditing tool, especially in terms of: A. Determining the accuracy and understandability of financial events as expressed in financial documents. B. Identifying workers who may have been involved in fraudulent activities. C. Uncovering problems in areas such as organizational morale and communication. D. Conducting employee performance appraisals. - CORRECT ANSWER Uncovering problems in areas such as organizational morale and communication The actions taken to manage risk and increase the likelihood that established objectives and goals will be achieved are best described as A. Quality assurance. B. Supervision. C. Compliance. D. Control. - CORRECT ANSWER control Which of the following best describes an internal auditor's purpose in reviewing the organization's existing risk management, control, and governance processes? A. To ensure that weaknesses in the internal control system are corrected. B. To help determine the nature, timing, and extent of tests necessary to achieve engagement objectives. C. To provide reasonable assurance that the processes will enable the organization's objectives and goals to be met efficiently and economically. D. To determine whether the processes ensure that the accounting records are correct and that financial statements are fairly stated. - CORRECT ANSWER To provide reasonable assurance that the processes will enable the organizations objectives and goals to be met efficiently and economically According to the Professional Practices Framework of the IIA, which pronouncements represent mandatory guidance for implementing the Standards? Practice Aids Practice Advisories Development Aids Performance Standards - CORRECT ANSWER Performance standards The best description of the purpose of internal auditing is that it: Furnishes members of the organization with information need to effectively discharge their responsibilities. Reviews the reliability and integrity of financial and operating information. Reviews the means of safeguarding assets and, as appropriate, verifies the existence of such assets. Appraises the economy and efficiency with which resources are employed. - CORRECT ANSWER Furnishes members of the organization with information needed to effectively discharge their responsibilities Which of the following is closely related to traditional risk management instead of ERM? Rapid response to opportunities Organization-level view of risk Emphasis on specific functions Achieving financial goals. - CORRECT ANSWER Emphasis on specific functions A casualty insurance policy is an example of a detective control. directive control. preventive control. corrective control. - CORRECT ANSWER round 0 - D Which of the following types of IPPF guidance require(s) an exposure to the various IIA national institutes prior to its issuance? I. A new Practice Advisory II. A new Standard III. A new Position Paper IV. A new Definition in the Standards glossary - CORRECT ANSWER 2, 3, 4 Which Standards apply to organizations and individuals performing specific types of internal auditing services? All of the above standards. Attribute Standards. Performance Standards. Implementation Standards. - CORRECT ANSWER Implementation A major reason for establishing an internal audit activity is to Safeguard resources entrusted to the organization. Ensure the reliability and integrity of financial and operational information. Evaluate and improve the effectiveness of control processes. Relieve overburdened management of the responsibility for establishing effective controls. - CORRECT ANSWER Evaluate and improve the effectiveness of the controls process Control tools do not include Reconciliations Checklists Sharing of duties Exception reports - CORRECT ANSWER d The work of the internal audit activity includes evaluating and contributing to the improvement of risk management systems. Risk is I. The negative effect of events certain to occur II. Measured in terms of impact III. Measured in terms of liklihood I only I and II only II and III only I, II, and III - CORRECT ANSWER d