Question 1

During an internal audit, an organization's processing department is found to have incidences of both duplicate invoices and notices from customers that purchased goods were not received. The department under review insists that some of these reports are false and that others were isolated oversights due to understaffing. Which of the following tests would best help the internal auditor detect fraudulent activity?

Accepted Answer

The answer of During an internal audit, an organization's processing...

Question 2

An internal audit manager of a furniture manufacturing organization is planning an audit of the procurement process for kiln-dried wood. The procurement department maintains six procurement officers to manage 24 different suppliers used by the organization. Which of the following controls would best mitigate the risk of employees receiving kickbacks from suppliers?

Accepted Answer

Rotating procurement officers' assignments helps prevent the development of close relationships with suppliers, reducing the risk of kickbacks.

Question 3

Which of the following statements is true regarding the use of non-statistical sampling in auditing control tests?

Accepted Answer

Non-statistical sample results must be projected to the population to make inferences about the entire population, even though the sampling risk is not quantified as precisely as in statistical sampling.

Question 4

While attending a conference, an internal auditor won an all-expense paid trip sponsored by a vendor of the internal auditor's organization. Which of the following actions are most appropriate for the auditor to take?

Accepted Answer

The auditor should consult with their supervisor and review the organization's ethics policy to ensure compliance with any rules regarding accepting gifts or prizes.

Question 5

According to IIA guidance, which of the following is the best example of a system application control?

Accepted Answer

An input control over data integrity is a system application control as it ensures the accuracy and completeness of data entered into a system.

Question 6

Which type of objectives can best be described as broad goals that promote the effective and efficient use of resources?

Accepted Answer

The answer of Which type of objectives can best be...

Question 7

During an internal audit, the internal auditor compares the employee turnover rate in the area being audited with the employee turnover rate in the organization as a whole. This is an example of which of the following analytical auditing procedures?

Accepted Answer

Benchmarking involves comparing specific metrics or processes to a standard or to similar metrics within the organization or industry, such as comparing turnover rates.

Question 8

Which of the following are components of the COSO enterprise risk management framework? 1. Objective setting. 2. External environment. 3. Data collection. 4. Control activities.

Accepted Answer

Objective setting and control activities are components of the COSO ERM framework. External environment and data collection are not specifically listed as components.

Question 9

Which of the following scenarios would represent the greatest threat to the authority of the internal audit activity (IAA)?

Accepted Answer

The answer of Which of the following scenarios would represent...

Question 10

After being terminated due to downsizing, an internal auditor finds a different job with an organization in the same industry. Which of the following actions would violate the IIA Code of Ethics?

Accepted Answer

The IIA Code of Ethics requires internal auditors to perform their duties with competence and due professional care. Proceeding with a task without the necessary knowledge or seeking assistance violates this principle.

Question 11

Which of the following actions indicates a lack of due professional care by an internal auditor performing an audit of a store's cash function?

Accepted Answer

The auditor should not assure that fraud is not present simply because internal controls are strong, as this does not eliminate the possibility of fraud. This indicates a lack of due professional care.

Question 12

Why are preventative controls generally preferred to detective controls?

Accepted Answer

Preventive controls are designed to stop errors or irregularities before they occur, reducing the need for corrective actions and promoting compliance from the outset.

Question 13

An organization has implemented a new automated payroll system that contains a table of pay rates that are matched to employee job classifications. Which control should an internal auditor suggest in order to ensure that the table is updated correctly, and is used only for valid pay changes?

Accepted Answer

The answer of An organization has implemented a new automated...

Question 14

An internal audit activity (IAA) provided assurance services for an activity it was responsible for during the preceding year. As a result, which IIA Code of Ethics principle is presumed to be impaired?

Accepted Answer

The principle of objectivity is presumed to be impaired because the internal audit activity is reviewing an area for which it was previously responsible, leading to a potential conflict of interest.

Question 15

According to the Standards, for how long should internal auditors who have previously performed or had management responsibility for an operation wait to become involved in future internal audit activity with that same operation?

Accepted Answer

Internal auditors should wait at least one year before becoming involved in auditing an operation where they previously had management responsibility, to ensure objectivity and independence.

Question 16

A computer system automatically locks a user's account after three unsuccessful attempts to log on. Which type of control does this scenario represent?

Accepted Answer

This scenario represents a preventive control because it is designed to prevent unauthorized access by locking the account after multiple failed login attempts.

Question 17

The chief audit executive (CAE) has been asked to manage the regulatory compliance function for the organization's retail store operations. Store operations are included in the annual audit plan. Which of the following strategies best fulfills the requirements of the Standards regarding these audits?

Accepted Answer

The Standards require independence and objectivity in audits. If the CAE manages the compliance function, using an external service provider for audits ensures independence and objectivity.

Question 18

Which of the following controls is not appropriate for sales in a manufacturing organization?

Accepted Answer

Sales department approval for credit sales transactions is not appropriate because credit approval should be handled by the credit department to ensure proper credit risk assessment and separation of duties.

Question 19

The results of an internal audit activity's (IAA) quality assurance and improvement program are favorable and an external assessment was completed within the last five years. Which of the following statements may the IAA use to describe its work?

Accepted Answer

The IAA can state that it "conforms with the International Standards for the Professional Practice of Internal Auditing" if it has undergone a successful external assessment within the last five years.

Question 20

When internal auditors are preparing workpapers for the testing stage of an engagement, which of the following guidelines should be observed? 1. Include copies of all client files that were reviewed for the audit. 2. Avoid the use of professional, industry-appropriate jargon and technical terms. 3. Indicate the original sources of all data and information used in the workpapers. 4. Leave blank space for cross-references to be completed during the post-audit process.

Accepted Answer

The answer of When internal auditors are preparing workpapers for...

Exam 3: The Internal Audit Activity Role in Governance, Risk, and Control