Update CIA Exam Part 1 IIA-CIA-Part1 Exam Dumps Questions

test2022-10-14T06:34:56+00:00

CIA Exam Part 1 IIA-CIA-Part1 Exam Dumps Questions must be used to thoroughly prepare for the CIA Exam Part One: Essentials of Internal Auditing Exam. This material will assist you in determining the types of questions and topics that will be covered on the IIA-CIA-Part1 test. You will be able to pass the IIA-CIA-Part1 exam with flying colors if you use our practice questions and answers. FreeTestShare CIA Exam Part 1 IIA-CIA-Part1 Exam Dumps Questions includes real questions and answers, which have been corrected and updated to ensure that they are true and valid.

You can now use this free IIA-CIA-Part1 practice test to evaluate your preparation.

Page 1 of 12

1. An organization s board of directors has decided that the internal audit activity must have greater access to different pans of the organization in order to perform their assurance work effectively.

Which of !he following areas is the board seeking to improve by making this change?

Internal audit authority.

Internal audit reporting structure.

Internal audit independence and objectivity.

Internal audit interaction with the board

2. An internal auditor has suspicions that some fictitious vendors have been created in the organization's computer system.

Which of the following would be the best technique to detect this fraud?

Review for duplicate invoice numbers, duplicate dates, and duplicate amounts

Run checks to find matches between vendor and employee addresses

Check for recurring requests for refunds where invoices are paid twice

Review for unexplained increases in inventory

3. Which of the following best describes the risk contained in an initial public offering for a new stock?

Residual risk.

Net risk.

Inherent risk.

Underlying risk.

4. Which of the following activities best ensures that internal auditors grow professionally in alignment with current industry trends to meet the expectations of primary stakeholders?

Deploying self-assessments against a competency benchmark.

Acquiring memberships in professional organizations.

Developing professional succession plans.

Obtaining subscriptions to professional journals in their area of interest.

5. An internal auditor performed a risk assessment and concluded that the controls over access privileges to a bank account were appropriate. Later, the auditor learned that a contractor was using a shared password provided by an authorized user of the account.

Which of the following statements best describes the auditor's application of due professional care?

Due professional care was exercised, despite the auditor’s failure to identify the significant risk.

Due professional care was not exercised because the auditor failed to identify all the significant risks during the risk assessment.

Due professional care was not exercised because the residual risk from the possibility of authorized users sharing their passwords was not considered.

Due professional care was not exercised because the auditor failed to conduct interviews to obtain testimonial evidence of possible password sharing

6. In the COSO internal control framework, which of the following components serves as the foundation for the other components?

Control activities.

Control environment.

Risk assessment.

Monitoring

7. Which of the following specifications in an internal audit charter is the most important factor in the internal audit activity’s independence?

Description of internal audit activity's responsibilities

Definition of internal auditing

Statement of internal audit activity's authority

Description of internal audit activity's reporting structure

8. Which of the following best describes a purpose for the internal audit charter?

The internal audit charter authorizes the internal audit activity's reporting structure and clearly defines the roles of each internal auditor.

The internal audit charter defines the roles and responsibilities of the chief audit executive, board of directors, and senior management.

The internal audit charter authorizes access to records, personnel, and physical properties relevant to the performance of audit engagements.

The internal audit charter defines the criteria by which the internal audit activity's performance will be evaluated

9. According to the 11A Code of Ethics, which of the following is required with regard to communicating results?

The internal auditor should present material information to appropriate personnel within the organization without revealing confidential matters that could be detrimental to the organization.

The internal auditor should disclose all material information obtained by the date of the final engagement communication.

The internal auditor should obtain all material information within the established time and budget parameters.

The internal auditor should reveal material facts that could potentially distort the reporting of activities under review.

10. Which of the following best describes the internal audit activity's contribution to the implementation of the risk management framework?

Internal audit identifies key risk areas during assurance reviews and provides audit findings.

Internal audit assists with the prioritization of identified risks.

Internal audit participates in setting the risk appetite.

Internal audit takes part in the design of risk mitigation measures.

Page 2 of 12

11. When a plant manager from within the organization is hired as a rotational internal auditor within the internal audit activity which area should he most likely be trained for immediately?

Industry knowledge

Project management

Leadership skills

Risk assessments

12. Which of the following statements best illustrates why internal auditors assess soft controls?

Assessing soft controls are an effective method of assessing risk related to personnel.

Assessing soft controls, as opposed to hard controls, makes it easier to evaluate operating effectiveness.

Assessing soft controls can help internal auditors in undertaking root-cause analysis.

Assessing soft controls provides more objective information than assessing hard controls.

13. Which of the following is most likely to be considered a control weakness?

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

Purchase orders are typed by the purchasing department using prenumbered forms.

Buyers promptly update the official vendor listing as new supplier sources become known.

Department managers initiate purchase requests that must be approved by the plant superintendent.

14. According to IIA guidance, which of the following actions best demonstrates that due professional care has been considered by the internal audit activity when conducting a review of an organization's assets?

Determining whether any opportunity exists for senior executives to misappropriate property or funds

Planning and executing fieldwork In a complete and timely manner to identify all significant risks

Verifying whether the board of directors has implemented effective internal controls

Having senior management determine whether the degree of work planned is sufficient to meet engagement objectives

15. Which of the following activities best demonstrates an internal auditor’s commitment to developing professional competencies?

Requesting to be part of all engagements on the annual audit plan.

Attending a series of locally offered training courses.

Completing a skills assessment and development plan for targeted training needs,

Attending a webinar on how to use data analytics

16. The management team of an agricultural organization has prioritized corporate social responsibility (CSR) initiatives.

Which of the following would be considered a CSR activity'?

Offering a one-off donation to an environmental charity for its expansion efforts

Organizing organization volunteers to provide periodic plantation skill sharing to farmers

Providing special year-end monetary bonuses to the organization's employees at all levels

Arranging a free-of-charge picnic for all of the organization's employees and their family members

17. Which of the following statements represents the most appropriate correlation between an organization's risk maturity and the internal audit activity’s consulting role in risk management processes?

When an organization has a high level of risk maturity the internal audit activity is less likely to provide consulting services related to risk management

When an organization has a low level of risk maturity, the internal audit activity is less likely to provide consulting services related to risk management

When an organization has a high level of risk maturity the internal audit activity is more likely to provide consulting services related to risk management

There is typically no correlation between an organization’s risk maturity and the extent to which the internal audit activity’s consulting role in risk management processes

18. Which of the following is the best example of a risk appetite statement concerning an investment portfolio?

We will request CEO approval for investments greater than S20 million and board approval for investments greater than $50 million.

We will hedge 95 percent of our U

currency exposure and 100 percent of our European currency exposure.

We have a moderate tolerance for investment earnings volatility with a target value at risk of S50 million.

We will report to the risk committee all credit losses greater than S10 million and all market value losses greater than S20 million.

19. An automobile manufacturer will become one of the first in the industry to adopt a new inventory management software. Despite the system being new to the market, senior management believes that the benefits are great enough to offset the potential risks.

Which of the following aspects of risk management does senior management’s decision best illustrate?

Residual risk.

Inherent risk.

Risk tolerance.

Risk appetite.

20. Which of the following skills is most important for an internal auditor who facilitates control self-assessment workshops to possess?

Groupthink.

Collaboration skills.

Process analysis skills.

Project management skills.

Page 3 of 12

21. An internal auditor performed a consulting engagement last year which included assisting with management's design of controls over the procurement function.

How should the chief audit executive plan an assurance engagement on the adequacy of the internal control system in the procurement function in the current year?

Assign the engagement to another internal auditor on staff

Outsource the engagement to ensure independence

Harness the auditor's knowledge of the procurement function by assigning the engagement to the same internal auditor

Postpone the engagement to the following year to ensure enough time has passed since the controls were designed

22. The chief audit executive (CAE) of a new internal audit activity is creating an internal audit charter According to IIA guidance, which of the following terms is most likely to be included in the charter?

Senior management will be present whenever the CAE interacts with the board, to ensure effective communication among all three parties.

Internal auditors will advise on the design of control policies and procedures in any area where the organization does not possess the requisite expertise,

Internal auditors will demonstrate competence, concern, and the dedication expected of a professional,

Internal auditors will receive performance-based compensation, including bonuses for reporting more than a stipulated number of observations.

23. Which of the following best demonstrates conformance with the Standards regarding the internal audit activity's purpose authority, and responsibility?

Discussion and formal presentation of the internal audit charter to the board of directors

Certification by external auditors on the purpose, authority and responsibility of the internal audit activity

Approval of senior management that the internal audit activity is functioning as originally designed

Self-assessment of the internal audit activity completed by the chief audit executive

24. An organization's operations management is aware of existing internal control deficiencies but they lack the competency to execute internal control measures.

Which of the following actions if taken by the internal audit activity is appropriate to assist operating management in achieving continuous improvement on internal controls?

Foster the importance of the control environment

Provide training on controls and on self-monitoring processes

Recommend installing an enterprisewide risk management system.

Conduct more assurance assignments on high risk areas

25. Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).

Approve the annual budget and resource plan for the internal audit activity.

Assist the CAE with hiring objective and competent internal audit staff.

Encourage the CAE to communicate and coordinate with the external auditor.

26. It facilitates the alignment of risk mitigation strategies with management priorities.

1. 2. and 3.

1.2. and 4.

1.3. and 4.

2. 3, and 4.

27. An internal auditor was assigned to work in the procurement department for six months to gam m-depth knowledge about the procurement process.

Which of the following personnel development practices was applied in this situation?

Cosourcing

Inbound rotation

Guest auditor

Outbound rotation

28. Which of the following are considered root causes of fraud?

Rationalization and corruption

Corruption and opportunity

Opportunity and perceived need

Perceived need and weak internal controls

29. A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?

The annual audit plan.

The audit report.

The annual risk assessment.

The audit charter.

30. The internal audit activity was asked to conduct an investigation for potential fraud in the treasury department and subsequently contracted with a forensic accountant to join the team for the engagement.

Which of the following parties has the primary responsibility for resolving any fraud incidents found as a result of this investigation?

Chief audit executive.

Senior management.

The forensic accountant.

The legal department.

Page 4 of 12

31. Which of the following is the first step in the process of identifying relevant fraud risk factors?

Identifying preventive and detective controls

Gathering information about the organization’s business activities to gain an understanding of fraud risks

Engaging in strategic reasoning to anticipate the fraud scheme

The use of brainstorming, management interviews, analytical procedures and review of prior frauds.

32. An organization is implementing a new cybersecurity policy and has established a committee to ensure stakeholder alignment across the organization's infrastructure, network, and security teams. The head of the committee has asked the chief audit executive if the internal audit activity could play a role in these efforts.

According to HA guidance, which of the following is the most appropriate response?

It is not appropriate for the internal audit activity to play a role because its independence must be protected.

The internal audit activity should not participate because there are no IT auditors on staff.

The internal audit activity is knowledgeable about risk and therefore should prioritize the organization's responses and control activities for the committee.

The internal audit activity may assist the committee and consult with management on the organization's responses and control activities.

33. According to MA guidance, which of the following statements is true regarding an effective governance process?

It stipulates that risk needs to be considered when making strategic decisions.

It encourages strict segregation of the risk management and internal control processes.

It relies on effective risk management when establishing the organization's risk appetite.

It relies on the board to devise ways to communicate the effectiveness of internal controls.

34. During the closing meeting of a procurement audit, the business manager disagrees with the observation presented by the engagement supervisor and accuses the team of not understanding the procurement objectives The engagement supervisor blames the manager for impeding the audit.

What skillset should the chief audit executive utilize to manage this situation?

The ability to negotiate

The ability to use analytical tools

The ability to foresee issues

The ability to manage conflict

35. An internal auditor is finalizing an audit report on the effectiveness of the organization's overall system of internal control. Several audit tests were performed, and the only issue identified was that the CEO frequently asks employees to make exceptions or bypass the organization's standard written policies and procedures.

Which of the following conclusions is most appropriate for the auditor to report?

The auditor should indicate that the system of internal control is not effective.

The auditor should indicate that the system of internal control is generally effective, except for the minor issue identified.

The auditor should indicate that the system of internal control is effective.

The auditor cannot express a conclusive opinion in the audit report.

36. A business unit manager was impressed by the competence of the internal auditor who was conducting an assurance engagement in his area and the manager made the auditor an attractive job offer to begin after the audit was completed The auditor later told her auditor in charge that she was considering the offer.

Which of the following IIA Code of Ethics principles was most likely violated?

Integrity

Confidentiality

Objectivity

No violation was committed

37. The internal audit activity is responsible for which of the following actions related to an organization’s internal controls?

Mitigating risks affecting achievement of organizational objectives.

Enabling opportunities affecting achievement of organizational objectives.

Analyzing and advising regarding costs versus benefits of control activities,

Attesting to fairness of financial statements.

38. An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing ( Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations.

According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?

Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity has addressed all areas of nonconformance and the audit committee has been notified.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.

Indicate that the internal audit activity operates in partial conformance with the Standards t as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.

Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to ail parties who received the original reports.

39. Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?

Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions.

The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff.

Security cameras that monitor cash handling at the register are not functioning.

The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff

40. While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company's engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department.

What is the most appropriate course of action for the CAE to take?

Include the engineering department on the audit plan, use the available internal audit resources to conduct the review, and exclude procedures that cannot be adequately assessed.

Advise management to accept the assessed risk until the internal auditors are able to review the area adequately.

Recruit internal auditors with the required competencies and wait until they are employed before including this audit on the internal audit plan.

Proceed with a review of the engineering department but supplement the internal audit team with nonauditors from an external engineering company who have the required skills to assist

Page 5 of 12

41. According to IIA guidance, which of the following statements is true regarding ISO 31000?

The key principles approach checks whether each element of the risk management process is in place.

The framework is effective in addressing the organization's structure, size, and risk profile but not its culture objectives.

The end point for improving an organization s approach to risk management should be a gap analysis that evaluates any changes.

A combination of the three primary approaches to the framework generally yields the most information despite the complexity

42. An internal auditor is assessing fraud risks and creating a fraud risk matrix for a particular branch location.

Which of the following is most likely to be included in the matrix?

Risks and relevant mitigating controls.

Business processes and relevant fraud risks.

Fraud scenarios and relevant risks.

Opportunity, rationalization, and pressure to commit fraud.

43. Which of the following tools would be most useful to an internal auditor performing an assessment of the effectiveness of the organization's risk responses?

Heat map.

Risk and control matrix.

Risk register.

Process map.

44. Which of the following should an internal auditor take into consideration when making a judgement regarding whether management selected appropriate risk responses?

Significant risks

Risk capacity

Risk appetite

Risk tolerance

45. Which of the following statements best describes internal auditors' role in fraud detection?

Internal auditors' roles are similar to those performed by loss prevention managers or fraud investigators.

Internal auditors' demonstration of adequate professional skepticism during an audit engagement is of paramount importance.

Internal auditors should consider fraud risks in every assignment and demonstrate due care by detecting fraud instances.

Internal auditors should possess a fraud-related body of knowledge, enabling them to carry out preventative and detective measures.

46. According to IIA guidance, which of the following actions best demonstrates due professional care by an internal auditor when she discovers a number of fraud-related red flags during an audit engagement?

Conclude the engagement and inform management that fraud has occurred

Perform further testing to verify the existence of fraud.

Suspend the engagement and undertake a formal fraud investigation.

Notify the board of the possible fraud immediately

47. Which of the following statements best describes the difference between risk appetite and risk tolerance?

Risk appetite applies to specific objectives, while risk tolerance refers to an organization's general attitude toward risk,

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management.

Risk appetite refers to an organization's general level of acceptance, while risk tolerance is a more specific and subordinate concept.

There is no significant difference between the two terms.

48. Which of the following drivers of fraud is directly controllable by an organization?

Pressure

Rationalization

Opportunity

Incentive

49. Which of the following would the chief audit executive be required to disclose in the communication of quality assessment results to senior management and the board?

The cost and frequency of both internal and external assessments.

Any assumptions made by the assessment team

A potential conflict of interest of the assessment team.

The assessment team’s execution plan of relevant procedures.

50. Which of the following scenarios best illustrates the concept of due professional care?

After establishing engagement objectives and reviewing a process, the internal auditor assured process owners that all significant risk events were identified and tested using a systematic, disciplined approach.

After conducting an audit based upon a predefined scope and objective, the internal auditor guaranteed management that the system of internal controls in an audited area operates effectively.

As head of the internal audit activity, the chief audit executive reported functionally to the organization's board and administratively to senior management.

As head of the internal audit activity, the chief audit executive ensures that engagement supervisors conduct post-engagement staff meetings.

Page 6 of 12

51. Which of the following best describes the type of organizational culture known as adaptability culture'?

A results-oriented culture that values competitiveness and personal initiative

A culture that emerges in quick-response and high-risk decision-making environments

A culture that is characterized by low involvement with environmental and health issues

A culture that places high value on participation and meeting the needs of employees.

52. Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?

Determine the organization’s overall risk appetite.

Establish a governance committee.

Delegate authority to members of senior management.

Identify key stakeholders and their expectations

53. An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment.

According to the Standards, which of the following would the auditor include in the risk register?

Management’s acceptance of inadequate controls for cybersecurity risk.

Discussions with senior management relating to a new revenue stream.

Mitigating controls implemented by the engagement supervisor

Project manager planned hours versus time spent for all prior year projects

54. Which of the following is a consulting service the internal audit activity can perform with respect to the organization's risk management?

Delivering assurance on the risk management system

Facilitating risk assessment workshops

Evaluating principal risk reporting

Deciding on the appropriate risk response

55. According to MA guidance, which of the following is the strongest indicator of deficiencies in the risk management process?

The periodic evaluation of risk ratings is primarily dependent on subjective assessments.

Separate evaluations of the risk management process were conducted, but the results were never integrated.

Management's primary objective is minimizing changes to the structure and operation of the risk management process.

Many aspects of the related enterprise risk management program are informal and undocumented.

56. Which of the following types of fraud tests would be most effective if an internal auditor was looking for possible fictitious vendors?

Checking for invoice amounts that do not match that of the purchase order.

Searching for identical invoice numbers and payment amounts.

Running checks to uncover post office box addresses matching employee addresses.

Comparing prices across vendors to see whether one vendor is unreasonably high.

57. Which of the following is an example of corruption?

Recognizing revenue up front rather than over a contract’s life to inflate revenue for the current period

Requesting reimbursement for overstated travel and entertainment expense amount

Misstating realized foreign currency transaction gains or losses

Demanding payment from a vendor for decisions made in the vendor’s favor

58. Which of the following is an example of impairment to internal auditor independence or objectivity'?

Assurance engagements for functions over which the chief audit executive (CAE) has responsibility are overseen by a party outside the internal audit activity

Internal auditors provide consulting services relating to operations for which they had previous responsibilities

Internal auditors provide consulting services relating to operations for which they have current responsibilities

Consulting engagements for functions over which the CAE has responsibility are overseen by a party outside the internal audit activity

59. In an internal audit charter, which of the following statements regarding the chief audit executive (CAE) would be most directly related to describing the responsibilities of the internal audit activity*?

The CAE shall report functionally to the board and administratively to the chief financial officer

The CAE and the Internal audit activity shall have full access to any and all records and personnel of the organization that are relevant to audit engagements

The CAE and the internal audit activity shall be independent and objective in performing their work.

The CAE shall report periodically on the performance of the internal audit activity relative to its plan

60. Which of the following activities should the chief audit executive perform to ensure compliance with an organization's code of conduct?

Act as an advisor to the committee responsible for reviewing violations of the code.

Review and adjudicate all violations of the code of conduct.

Lead the committee responsible for the oversight of the code.

Implement a system of procedures to inform all employees of the code.

Page 7 of 12

61. An internal auditor discovered fraud while performing an audit of an organization’s procurement process.

Which of the following describes the greatest benefit of using forensic auditing techniques in this scenario?

Enhanced capability to prevent frauds from occurring.

Greater assurance that procurement frauds will be detected in a timely manner

Improved capability of evaluating fraud risks within the organization.

Greater understanding of fraud through better evidence collection

62. Which of the following indicates that internal audit independence may be compromised?

The internal auditor maintains a close personal relationship with operational management.

Material observations were intentionally left out of the audit report.

Internal auditors assigned to the audit engagement did not have the knowledge, skills, and competencies needed to perform their responsibilities.

An internal auditor failed to apply professional skepticism while performing audit tests in an area overseen by an experienced, reputable manager

63. According to IIA guidance, which of the following would the internal audit activity examine in order to evaluate the organization's governance process for strategic and operational decisions'?

The risk assessment process including interviews with senior management.

The organization’s mission and value statements, code of conduct, and whistleblowing policy

Board meeting minutes the board policy manual, and past audit reports

Staff compensation objective setting and the performance evaluation policy and process

64. Skimming involves stealing cash or assets from the organization and is normally concealed by adjusting the organization’s records.

4, Disbursement fraud occurs when a person causes the organization to issue a payment for fictitious goods or services.

1 and 3.

1 and 4.

2 and 3.

2 and 4.

65. Management is installing security cameras to identify unauthorized physical access to the organization's warehouse. This is an example of which of the following types of controls?

Detective controls.

Key controls.

Primary controls.

Preventive controls

66. In a small organization, management is unable to achieve adequate segregation of duties for its cash-handling procedures Therefore hidden surveillance cameras were installed to

monitor cash-handling activities Which of the following best describes this type of control?

Corrective control

Process-level control

Compensating control

Preventive control

67. Outsourcing a business activity is considered which of the following risk management techniques?

Sharing a risk.

Avoiding a risk.

Reducing a risk.

Mitigating a risk

68. Which of the following documents would promote objectivity within an organization's internal audit activity?

Internal audit charter.

Internal audit manual.

Audit committee charter

Human resources employee handbook.

69. Which of the following actions is the internal audit activity best positioned within the organization to perform?

Determine organizational risk tolerances

Monitor the organization's risk mitigations

Determine the likelihood and impact of risks

Advise the board on risk management issues

70. According to IIA guidance, which of the following should be formally documented in the internal audit charter?

The internal audit activity's responsibility for imposing risk management processes.

The internal audit activity's responsibility for the organization's governance framework.

The nature of consulting services provided by the internal audit activity.

The budgeting process for the internal audit activity.

Page 8 of 12

71. Which of the following best describes the internal audit activity’s responsibility within a risk and control framework?

The internal audit activity constitutes the first line of defense in effective risk management.

The internal audit activity provides direction regarding internal controls implementation.

The internal audit activity verifies that management has met its responsibility for implementing effective controls.

The internal audit activity implements the internal control framework and advises management regarding best practices.

72. During an assurance engagement, an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies.

Which of the following skills did the auditor demonstrate?

Internal audit management.

Conflict negotiation.

Critical thinking.

Persuasion and collaboration.

73. Senior management has requested that the internal audit activity review and amend policies where necessary when auditing the purchasing department.

To which of the following would the chief audit executive most likely give primary consideration when responding to this request?

Auditor competency.

Internal audit independence.

Auditor objectivity.

Engagement scope.

74. Senior management relies on the professional judgment of an internal auditor and uses outcomes of her audit work to make business decisions.

Which of the following personal qualities displayed by the internal auditor is most likely the foundation for this relationship?

Integrity

Negotiation skills.

Business acumen

Flexibility

75. Who is responsible for ensuring internal auditors’ continuing professional development?

Individual internal auditors.

Chief audit executive.

The board.

Engagement supervisors.

76. Following a quality assurance review of a small internal audit activity, the external reviewer and the chief audit executive (CAE) cannot agree on the importance of several deficiencies noted during the review.

Which of the following would be the most appropriate next step for the reviewer to take?

Remove the areas of disagreement from the scope of the engagement and seek informal compromises with the CA

Issue the report to senior management, noting the deficiencies for immediate resolution.

Issue the report, noting the deficiencies with comments that address the areas of disagreement.

Request arbitration from the audit committee to resolve discrepancies prior to issuing the final report

77. According to NA guidance, which of the following provides the best evidence of conformance with the Standards with respect to the proficiency required of the internal audit activity?

Discussions with the chief audit executive.

A listing of employee profiles and certifications.

Inquiry of external auditors.

Validation by human resources.

78. Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?

Accommodation.

Reaction.

Defense.

Proaction.

79. The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program.

Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

The internal audit charter does not identify which audit services are outsourced

The internal audit charter has not been reviewed by the legal department

The internal audit charter has not been approved by the board within the past year

The internal audit charter does not describe the authority of the internal audit activity

80. Which of the following would be considered an impairment to an internal auditor's objectivity when performing a review of the organization's procurement function'?

The internal auditor worked on the implementation of the accounting system within the organization before joining the internal audit activity last year

The internal auditor is part of a multidisciplinary team tasked to assist with a new project implementation checklist within the organization

The internal auditor worked as a sourcing specialist before joining the internal audit activity last year

The internal auditor participates in a cross-departmental team for information and data security within the organization

Page 9 of 12

81. Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?

Describe data analytics and the application of data analytics methods in internal auditing.

Apply data analytics methods in internal auditing.

Evaluate the use of data analytics in an internal audit.

Understand the definition of data analytics only.

82. Which of the following is an example of the chief audit executive (CAE) demonstrating due professional care?

The CAE relies on CAEs in other organizations to understand how due professional care should be executed in her internal audit activity

The CAE meets with the board of directors on a quarterly basis to provide a status update.

The CAE assesses the audit staff's knowledge and skills annually to determine whether additional resources are needed to fulfill the internal audit plan.

The CAE provides absolute assurance to line management during each eternal audit engagement

83. Which of the following scenarios is a characterize of an organization with a highly effective ethical culture?

An organization implements and communicates to staff a formal and comprehensive code of conduct, which is clear and understandable.

An organization waives reference and background checks when hiring for certain sensitive positions in order to not violate potential employees' rights to privacy.

An organization punishes senior management more harshly for ethics violations than it would for lower-level staff to send a message throughout the organization.

An organization conducts surveys of employees, suppliers, and customers once every five years to determine the slate of the ethical climate in the organization.

84. According to IIA guidance, which of the following statements is true regarding risk management in an organization?

The risk management function has the sole responsibility for identifying and managing risks in all departments

Risk management is a core responsibility of the internal audit activity

The internal audit activity should consider the organization’s maturity, structure, and the competitive environment to establish the organization’s risk appetite

The internal audit activity may use a risk management or control framework to assist in risk identification

85. The manager of the payroll department requested a review of the payroll process, but only wants the engagement to include processes related to approval of time worked.

What type of activity is this?

Financial assurance engagement.

Operational consulting engagement.

Compliance assurance engagement.

Risk management consulting engagement.

86. Which of the following is a way to demonstrate an individual internal auditor's competency through continuing professional development?

Create different training budgets for each of the internal auditors

Define average training hours per auditor as a team performance measure

Analyze internal audit client survey feedback following audits

Review training records for all internal auditors

87. Which of the following is a typical characteristic of an organization's risk management framework*?

Risk tolerance may or may not align with risk appetite depending on whether the assessment is quantitative or qualitative

Risk is assessed on both an inherent and a residual basis

The framework addresses four organizational objective categories strategic, historical, operational, and investment

External risks and internal opportunities are omitted from the risk assessment scope

88. Management assessed the organization’s risk of expanding operations into a new, but volatile, region and began looking for a compatible local partner to manage sales and distribution.

Which of the following best describes this risk management technique?

Avoidance.

Acceptance.

Reduction.

Sharing

89. An organization sells products through distributors. The organization's chief audit executive insists that the organization's code of conduct be applicable to their distributors as well.

Which of the following risks would this mitigate?

Business continuity

Market manipulation

intellectual property leakage

Reputational damage

90. Under which of the following circumstances should the final audit report include a disclosure of nonconformance with the Standards?

An external quality assessment of the internal audit activity is performed only once every five years.

The internal auditor provided negative assurance, because he found no evidence of misconduct.

The annual internal audit plan includes some consulting engagements that are based on opportunities rather than risks to the organization.

A new internal auditor moved into the internal audit activity from the payroll department and was immediately assigned to the payroll audit.

Page 10 of 12

91. Which of the following best demonstrates conformance with IIA standards related to continuing professional development?

Retaining evidence of training in the form of continuing education credits

Seeking guidance regarding internal audit best practices from The IIA

Retaining supervisory reviews conducted on the basis of the development plan

Giving consideration to certain areas of specialization as part of development planning

92. Which of the following statements is true regarding corporate social responsibility (CSR)?

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan,

Despite significant corporate resources spent on CSR reporting, investors generally do not rely on CSR information.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary.

Typically, operating management does not have a major role to play based on the public nature of reporting

93. Which of the following actions by an internal auditor would be the most relevant to determine the effectiveness of controls?

Participate in a fraud risk-assessment session as an in-house facilitator.

Send regular written updates to senior management on new control-related regulations.

Lead a seminar on internal controls and provide numerous examples to the audience.

Conduct a surprise inventory count at the raw materials warehouse.

94. A whistle blower notified internal audit of a conflict of interest between an organization's employee and a major supplier.

Which of the following steps should be undertaken first?

Interview the employee identified by the whistleblower.

Attain an understanding of the employee's role, responsibilities, and relationship with the supplier.

Notify senior management, the board, and the external auditor about the alleged fraud

Review all the orders issued to the supplier to investigate potential fraud.

95. What is the primary reason for establishing a continuing professional development program within an organization's internal audit activity?

To ensure all internal audit responsibilities can be met

To ensure all audit staff members are capable of performing a quality self-assessment.

To ensure that each auditor maintains responsibility for his own professional development.

To attract the best and most talented candidates in the profession

96. In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?

The CAE previously undertook a consulting assignment in that area to improve processes,

A couple of years ago, the CAE performed accounting functions for the payroll department.

Prior to becoming the CAE, the CAE was the payroll manager.

The assurance review was initiated following issues identified during a consulting assignment requested by management.

97. According to MA guidance, which of the following is the most accurate statement regarding the internal audit charter?

The IIA's Code of Ethics must exist outside of the charter to maintain independence.

The charter must be approved by both senior management and the board.

The nature of consulting services does not need to be defined in the Internal audit charter.

The charter provides a framework for performing a broad range of value-added audit services.

98. Identify and mitigate risks to help meet the CSR program objectives.

1,2, and 3.

1,2, and 4.

1, 3, and 4.

2, 3, and 4

99. Which of the following describes two duties that should not be performed by the same person?

Posting cash receipts and cash payments to the general ledger.

Posting bad debt write-offs and reconciling the accounts payable subsidiary ledger.

Distributing payroll checks and approving sales returns for credit.

Recording cash receipts and preparing bank reconciliations.

100. An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments. The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International! Standards for the Professional Practice of Internal Auditing (Standards).

Which of the following justifies inclusion of this clause in the reports?

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

The self-assessment results were validated by a qualified external review team three years prior.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Page 11 of 12

101. A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy.

Which of the following is the most appropriate idea to include?

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CS

The board is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported.

Management is responsible for ensuring that the organization’s CSR principles are communicated, understood, and integrated into decision-making processes.

Generally, CSR activities are limited to the management of the organization; thus, employees do not have a responsibility for ensuring the success of CSR objectives.

102. A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities.

According to IIA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees

Review the investigation and implement any improvements to the process.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

Determine why the fraud was not detected earlier and design controls to strengthen early detection.

103. The organization's chief audit executive (CAE) is planning an immediate assurance engagement following several product recalls. However, the internal audit staff does not have the required Knowledge and experience to adequately assess all the relevant processes and procedures.

According to 11A guidance, which of the following actions should the CAE take under these circumstances?

Use the current available resources to conduct the review and exclude those procedures that can't currently be performed.

Implement an accelerated training plan to provide the audit staff with the necessary skills and knowledge to conduct the engagement.

Encourage management to accept the assessed risk until the internal audit activity is able to adequately review the area.

Obtain assistance for the audit team from other internal assurance providers who possess the requisite expertise in the area.

104. It is important for the chief audit executive to consider the level of competence of the internal audit staff because their competence influences which of the following?

The cost-benefit relationship of planned audits.

Proficiency needed to carry out engagements.

Achievement of the objectives of internal control.

Quantity of the audits performed.

105. Which of the following statements is true regarding the disclosure of results of the quality assurance and improvement program?

If the results of both internal and external assessments support conformance with the Standards, the internal audit activity must communicate this to the board and senior management in writing.

If it has been in existence fewer than five years and has no documented external assessment, the internal audit activity may not indicate that it is operating in conformance with the Standards.

If nonconformance affects its ability to fulfill its professional responsibilities or stakeholder expectations, the internal audit activity should disclose nonconformance as well as its impact.

If an external assessment reflects an overall conclusion of nonconformance, the internal audit activity may continue to communicate that it conforms with the Standards if it discloses a remediation plan, including timeline with subsequent validation.

106. Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence.

Which of the following is the internal auditor's most appropriate next step?

Immediately notify management of the area under review and the other internal auditors involved in the engagement.

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.

Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.

107. A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter.

Which of the following best describes this type of risk?

Residual.

Net.

Inherent.

Accepted.

108. Which of the following statements is true regarding occupational fraud?

An employee who diverts the organization's purchases for personal use is demonstrating asset misappropriation

An employee who intentionally omits negative information in the financial statement disclosures is demonstrating an example of corruption

An employee who made an error in estimating losses may have committed fraud even if the error was not intentional

An employee who creates a denial of service in the organization’s computer systems is committing asset misappropriation

109. Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook.

Which of the following handbook policies has the greatest risk of compromising audit objectivity?

Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related.

Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization's operations.

Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board.

Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer.

110. Which of the following is a detective control strategy against fraud?

Requiring employees to attend ethics training.

Performing background checks on employees.

Implementing a control self-assessment.

Performing a surprise audit

Page 12 of 12

111. Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

Planning an engagement of the area in which fraud is suspected.

Employing audit tests to detect fraud.

Interrogating a suspected fraudster

Completing a process review to improve controls to prevent fraud

112. Which of the following best describes the risk created when a manager bypasses organizational policies and procedures in order to meet an organization’s objective?

Accountability/reward risk.

Monitoring failure risk.

Communication failure risk.

Knowledge/skills risk

113. Which of the following scenarios violates The IIA's standard regarding internal audit independence?

The chief audit executive (CAE) reports on the internal audit activity's day-to-day tasks and responsibilities to the CE

An assessment of the risk management function is reviewed by an outside consulting firm because the CAE is temporarily fulfilling the role of risk manager.

The CAE regularly meets with the organization's chief risk officer, who validates all reported audit findings and dictates which will be Included In the package to the audit committee.

The internal audit activity will experience staffing shortages for the next six months due to planned and unplanned leaves of absence; therefore the CAE proposed including fewer audits in the annual audit plan compared to the previous financial year.

114. Which of the following is the most appropriate reason for a chief audit executive to conduct an external assessment more frequently than five years?

Significant changes in the organization's accounting policies or procedures would warrant timely analysis and feedback.

More frequent external assessments can serve as an equivalent substitute for internal assessments.

The parent organization's internal audit activity agreed to perform biennial reciprocal external assessments to provide greater assurance at a reduced cost.

A change in senior management or internal audit leadership may change expectations and commitment to conformance.

115. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.

1 and 2 only.

2 and 3 only.

2 and 4 only.

3 and 4 only