Weekend Certification Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

Free Practice Questions for the IIA CIA IIA-CIA-Part1 Exam (2026 Updated)

At Marks4sure, we are dedicated to providing IT professionals with the most accurate and reliable preparation materials for the IIA IIA-CIA-Part1 exam. To support your certification journey, we have made a selection of our premium 2026 CIA practice questions and answers available completely free. You can take this practice test as many times as you need. Every question includes a detailed, expertly verified explanation to ensure you fully grasp the core security concepts before test day.

Questions 4

Under which of the following circumstances should the final audit report include a disclosure of nonconformance with the Standards?

Options:

A.

An external quality assessment of the internal audit activity is performed only once every five years.

B.

The internal auditor provided negative assurance, because he found no evidence of misconduct.

C.

The annual internal audit plan includes some consulting engagements that are based on opportunities rather than risks to the organization.

D.

A new internal auditor moved into the internal audit activity from the payroll department and was immediately assigned to the payroll audit.

Buy Now
Questions 5

Which of the following best illustrates the principle of due professional care?

Options:

A.

The internal audit activity uses key performance indicators for all staff members after all audit engagements.

B.

The internal auditors provide assurance to third parties indicating that their work was properly supervised.

C.

The internal auditors demonstrate they have an understanding of engagement objectives and scope.

D.

The internal auditors are heavily involved in training and development to enhance their skills.

Buy Now
Questions 6

According to IIA guidance, a new internal auditor is expected to possess which of the following competencies?

Options:

A.

Technical industry-specific expertise.

B.

Expertise in cybersecurity, an area of increasing risk.

C.

Knowledge of IT risks and controls.

D.

Knowledge of forensic accounting.

Buy Now
Questions 7

Which of the following skills is critical for assessing corporate social responsibility through a self-assessment?

Options:

A.

Assessment skills

B.

Assurance skills

C.

Interviewing skills

D.

Facilitation skills

Buy Now
Questions 8

Which of the following scenarios best illustrates due professional care?

Options:

A.

An internal auditor who previously worked in the payroll department within the last year was intentionally excluded by the chief audit executive from the audit team assigned to a payroll audit

B.

While performing a payroll audit an auditor became skeptical about significant payments made to a manager. The auditor sought to determine whether these payments were reasonable through discussion with a manager in a different department in the organization

C.

The head of the payroll department being audited is a business partner of the engagement supervisor During the audit the engagement supervisor sought to maintain his objectivity by not participating in fieldwork

D.

An auditor assigned to a payroll audit was unable to reperform some complex payroll computations for a small number of employees The sum of these payments was below the materiality thresholds provided so the auditor did not perform further tests

Buy Now
Questions 9

An internal audit team was assigned to review the organization’s information security protocol After fieldwork was completed an internal auditor identified an error in the review of security access The error could affect the overall results of the engagement Which of the following is the most appropriate course of action for the internal auditor?

Options:

A.

Proceed with addressing the error and report any corrections to the engagement supervisor during the scheduled exit meeting

B.

Issue the audit report to senior management on schedule but include a disclaimer about the error

C.

Proceed with the scheduled closing of the engagement without consideration of the identified error

D.

Inform the engagement supervisor of the error and allow the supervisor to determine the appropriate action to take

Buy Now
Questions 10

Which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

Options:

A.

The QAIP scope includes assurance work performed by the internal audit activity but not consulting work.

B.

The QAIP verifies conformance with the Definition of Internal Auditing, Code of Ethics, and Standards.

C.

QAIP reports are for internal use primarily and typically are not shared with members outside of the internal audit activity.

D.

QAIPs make a distinction between fully outsourced internal audit activities and in-house internal audit teams, as a different set of criteria is applied for each.

Buy Now
Questions 11

Which of the following could increase risks to the organization’s control environment?

Options:

A.

Strong board of directors oversight.

B.

Incentive-based compensation structures.

C.

Lower than average employee turnover.

D.

Implementation of a fraud hotline.

Buy Now
Questions 12

During an assurance engagement an internal auditor discovered that risk limits risk limit were set for a new market expansion project Management of the area under review was eager to comply and submitted a potential risk limit value for the auditor ' s review and approval. Which of the following would be an appropriate course of action for the auditor to take?

Options:

A.

Review the submission and if no further remarks exist approve the risk limits

B.

Provide advice if needed and ask management of the area under review to forward to senior management and the board for approval

C.

Develop risk limit calculation criteria and ask management of the area under review to resubmit the values.

D.

Avoid providing any advice or review until the audit report is issued

Buy Now
Questions 13

The chief audit executive (CAE) has hired a new internal auditor who was immediately assigned to a procurement function audit. Because the new auditor ' s name is similar to that of the procurement manager, some staff members think the two are related, although they are not. Which of the following actions is most appropriate for the CAE to take?

Options:

A.

Take no action, as there is no impairment to independence.

B.

Remove the new internal auditor from the engagement team.

C.

Discuss the matter with the appropriate personnel to alleviate concerns.

D.

Closely supervise the new auditor and carefully review his work.

Buy Now
Questions 14

Which of the following is an appropriate roe fa the internal audit activity?

Options:

A.

Ensuring the organization ' s key risks are managed through appropriate controls.

B.

Assisting the organization in maintaining effective controls.

C.

implementing new controls to promote continuous improvement

D.

Validating control assessments performed by the external auditor.

Buy Now
Questions 15

Which of the following scenarios demonstrates an impairment to internal audit independence?

Options:

A.

The internal auditor s denied access to partner information from management of me area under review

B.

The internal auditor tarts to disclose a potential conflict of interest relationship with management of the area under review

C.

The internal auditor concludes that controls operate effectively, although he did not gather supporting evidence

D.

The internal auditor was assigned to an assurance review of an area for which he previously had responsibilities

Buy Now
Questions 16

Which of the following would be considered a primary control to reduce the risk associated with setting up duplicate vendors?

Options:

A.

Receipt of a signed and approved vendor setup form.

B.

Segregation of duties between setting up vendors and making vendor payments.

C.

System validation and edit checks on vendor identification number

D.

A vendor setup policy and procedure.

Buy Now
Questions 17

Which of the following statements is the most appropriate for a chief audit executive to include in the internal audit policy manual in order to promote objectivity?

Options:

A.

Internal auditors may conduct a financial effectiveness engagement in a business unit at any point after being transferred from that area.

B.

Internal auditors may conclude that a business unit ' s current control environment is adequate and effective if the review of the prior year ' s workpapers and audit report supports that conclusion.

C.

Internal auditors may conduct an engagement in a business unit at any point after providing a training workshop in that area.

D.

Internal auditors should limit the scope of an engagement if they become aware of a potential impairment of their objectivity in order to reduce the potential impact of the impairment on the engagement results.

Buy Now
Questions 18

An organization ' s fraud policies and procedures dictate that the internal audit activity does not have primary responsibility for conducting fraud investigations and should, in fact, refrain from involvement in investigations. Which of the following activities would be considered acceptable for internal auditors to perform of this organization?

Options:

A.

Evaluate the effectiveness of fraud investigations

B.

Oversee and monitor senior management s approach to manage fraud risks

C.

Set the tone for fraud risk management within an organization

D.

Evaluate whether the financial statements are free of material misstatement due to fraud

Buy Now
Questions 19

Which of the following is a detective control strategy against fraud?

Options:

A.

Requiring employees to attend ethics training.

B.

Performing background checks on employees.

C.

Implementing a control self-assessment.

D.

Performing a surprise audit

Buy Now
Questions 20

Which of the following best describes a consulting engagement rather an assurance engagement?

Options:

A.

Bank internal auditors review an activity checklist to determine that the loan officer followed proper procedures.

B.

The chief financial officer asks for the internal auditor ' s opinion regarding whether the new accounting pronouncements were properly and comprehensively adopted

C.

An internal auditor is assigned to assess whether a proposed new initiative to convert a customer service system would be cost effective.

D.

Senior management asks the internal audit activity to review compliance with customer data security regulations

Buy Now
Questions 21

Senior management has requested that the internal audit activity review and amend policies where necessary when auditing the purchasing department. To which of the following would the chief audit executive most likely give primary consideration when responding to this request?

Options:

A.

Auditor competency.

B.

Internal audit independence.

C.

Auditor objectivity.

D.

Engagement scope.

Buy Now
Questions 22

According to IIA guidance which of the following statements regarding ethics is true?

Options:

A.

Business ethics may vary within an organization with both domestic and foreign operations

B.

Business ethics are universal n nature and organizations across the world are expected to comply with smear standards

C.

A business ethics policy for an organization s established solely to direct me behavior and expectations of employees

D.

Business ethics of an organization must remain independent torn those of supplier’s customers and business partners

Buy Now
Questions 23

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation.

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

Options:

A.

1,2, and 3,

B.

1 2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4.

Buy Now
Questions 24

During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management ' s request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?

Options:

A.

Assurance services

B.

Blended services

C.

Consulting services

D.

Prohibited services

Buy Now
Questions 25

Due to extreme liquid fuel price fluctuations, management decided to designate a specific price below which liquid fuel shall not be sold to customers, but instead shall be pumped into storage tanks. Which of the following risk responses has management selected?

Options:

A.

Risk reduction.

B.

Risk transfer.

C.

Risk acceptance.

D.

Risk avoidance.

Buy Now
Questions 26

Which of the following accurately describes the concept of inherent risk?

Options:

A.

Risk factors that exist when controls are in place and operating effectively

B.

Internal risk factors assuming no controls are in place

C.

Risk factors that cannot be mitigated because they are innate to a process

D.

Combination of internal and external risk factors in their pure state assuming no controls are in place

Buy Now
Questions 27

At the beginning of an IT development project, key risks were identified and assessed, and risk owners were appointed. Six months later, the IT development team reported that the project is significantly over budget, it will not be completed on time, and key personnel had left the organization. Which of the following risk management practices should be improved for future projects?

Options:

A.

Risk response

B.

Risk assessment

C.

Risk monitoring

D.

Risk avoidance

Buy Now
Questions 28

The internal audit activity completed its analysis of sample transactions to determine occurrences of double billings According to If A guidance, which of the following best demonstrates that internal auditors exercised due professional care during the review?

Options:

A.

Internal auditors found no instances of double billing and concluded there were no significant risks in this area.

B.

Internal auditors documented the scope and methodology of the data testing.

C.

Internal auditors discussed with management how data is safeguarded.

D.

Internal auditors received formal performance feedback from the engagement supervisor.

Buy Now
Questions 29

Who is responsible for ensuring internal auditors’ continuing professional development?

Options:

A.

Individual internal auditors.

B.

Chief audit executive.

C.

The board.

D.

Engagement supervisors.

Buy Now
Questions 30

A technology company recently hired an entry-level internal auditor. To achieve conformance with the Standards, which of the following must the newly hired internal auditor possess?

Options:

A.

An understanding of fraud and fraud risk.

B.

IT audit expertise.

C.

Industry-specific knowledge

D.

At least one audit-related certification

Buy Now
Questions 31

Management assessed the organization’s risk of expanding operations into a new, but volatile, region and began looking for a compatible local partner to manage sales and distribution. Which of the following best describes this risk management technique?

Options:

A.

Avoidance.

B.

Acceptance.

C.

Reduction.

D.

Sharing

Buy Now
Questions 32

The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigator. Which of the following would most likely be the next step?

Options:

A.

Ask internal auditors to gather all relevant information and evidence.

B.

Identify and interview witnesses first and potential suspects later.

C.

Conduct a fraud risk assessment to identify the most vulnerable areas.

D.

Determine the competencies needed and assess whether team members have a conflict of Interest.

Buy Now
Questions 33

Which of the following statements would typically be included in the responsibility section of the internal audit charter?

Options:

A.

The internal audit activity will have free and unrestricted access to the chief executive officer, audit committee, and chairman of the board of directors.

B.

The internal audit activity shall develop a flexible audit plan, based on a risk assessment conducted at least annually and taking into consideration the risks or control concerns identified by management, and shall submit the plan to the board for approval.

C.

The chief audit executive shall obtain the necessary assistance of personnel in areas where audits are performed, as well as specialized services within or outside of the organization.

D.

The internal audit activity will not implement controls, develop procedures, install systems, prepare records, or engage in activities that may impair internal auditors’ judgments.

Buy Now
Questions 34

Which of the following conditions classifies an engagement as a consulting service provided by the internal audit activity?

Options:

A.

The internal auditor assigned to the engagement previously worked in the area under review and lacks objectivity.

B.

The internal audit engagement will involve providing an opinion on the effectiveness of controls.

C.

The internal auditor assigned to the engagement was specifically requested by management of the area under review.

D.

he internal audit engagement involves only two parties: the internal auditor and the engagement client.

Buy Now
Questions 35

Which of the following should a general internal auditor be able to characterize as an IT-related risk?

Options:

A.

Computer servers are in a room that is accessible to all employees,

B.

An IT architect avoids taking vacations and sharing his workload with coworkers,

C.

Hours billed by IT developers exceed 24 hours daily.

D.

Audit logs are lacking in a system that processes personal data.

Buy Now
Questions 36

Which of the following Code of Ethics principles specifically requires internal auditors to disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review?

Options:

A.

Confidentiality.

B.

Transparency.

C.

Integrity.

D.

Objectivity.

Buy Now
Questions 37

Why is it imperative for the chief audit executive to track and develop the educational qualifications of internal audit staff?

Options:

A.

To accurately conduct performance appraisals

B.

To ensure that staff complete required continuing professional education credits annually.

C.

To ensure that the resources needed to complete the audit plan are available.

D.

To satisfy the audit committee requirements.

Buy Now
Questions 38

Of all the common characteristics of frauds, which of the following can the organization influence the most?

Options:

A.

Pressure or incentive.

B.

Rationalization

C.

Opportunity

D.

Commitment.

Buy Now
Questions 39

Which type(s) of assessments in an internal audit activity’s quality assurance and improvement program requires ongoing monitoring to evaluate internal audit activity ' s efficiency and effectiveness?

Options:

A.

Neither internal nor external assessment

B.

internal assessment

C.

Both internal and external assessment

D.

External assessment

Buy Now
Questions 40

Which of the following is an indicator of ineffective third-party risk management?

Options:

A.

Sourcing of third parties does not follow public procurement law.

B.

Violations of service conditions trigger either fines or termination.

C.

Due diligence of third parties is conducted only after contract signing.

D.

The right-to-audit clause is limited by personal data protection regulations.

Buy Now
Questions 41

Tr» chiet audit executive (CAE) of large organization is preparing job descriptions to hire five new general internal audit staff, two new IT auditors and a senior auditer how is the CAE likely to describe IT requirements for me general internal audit statt positions?

Options:

A.

The candidate must be able to apply data analytics tolls methodologies

B.

The candidate must be able to evaluate IT governance and cybersecurity frameworks.

C.

The candidate must be able to understand IT-elated risk and general controls

D.

The candidate must be able to execute web servers, applications, and databases testing procedures.

Buy Now
Questions 42

Which of the followIng would permit an internal audit activity to use the statement " conducted m conformance with the International Standards for the Professional Practice of Internal Auditing m audit reports?

Options:

A.

The result of a quality assurance and improvement program confirm there are no material issues.

B.

Engagement workpapers are retained by the internet audit activity according to the retention and deletion policy.

C.

The internal audit activity receives positive feedback from the managers of the areas that were under review.

D.

internal auditors demonstrate proficiency by maintaining professional internal audit certifications

Buy Now
Questions 43

The board of a newly established organization was discussing the contents of the draft internal audit charter One board member suggested adding to the charter an obligation for the internal audit activity to develop controls in business procedures. The board member explained that the new organization needs professional-level developers, internal auditors have the necessary skills and competencies, and the internal audit activity is well positioned to assume this responsibility. Which of the following would be a potential concern if the board member’s suggestion is adopted?

Options:

A.

Due professional care.

B.

Internal audit objectivity.

C.

Risk management assurance.

D.

Professional development.

Buy Now
Questions 44

The level of authority for the internal audit activity is granted by which of the following?

Options:

A.

The chief audit executive.

B.

The internal audit charter.

C.

The International Professional Practices Framework.

D.

The IIA ' s Code of Ethics.

Buy Now
Questions 45

Which of the following best demonstrates that the internal audit activity is using due professional care?

Options:

A.

The internal audit activity reports directly to the board on the engagements it performs.

B.

Internal auditors undertake the necessary training to complete their audit work.

C.

The completion of engagements is based on the assumption that fraudulent activities may exist.

D.

Internal auditors consider the use of technology-based audit and other data analysts techniques

Buy Now
Questions 46

A third-party provider ' s questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization ' s risk management practices was most likely ineffective?

Options:

A.

The organization ensured that the third-party vendor provided the best pricing for the requested services.

B.

The organization conducted quality control reviews of provided services to ensure industry standards were met.

C.

The organization performed a due diligence review of all vendors during the bid review process.

D.

The organization planned to issue a resolution concerning the third-party provider ' s labor practices.

Buy Now
Questions 47

Which of the following would be considered a monitoring activity in organization wide risk management?

Options:

A.

Validate the results of management ' s self-assessment.

B.

Perform reviews of personnel.

C.

Maintain rigorous and comprehensive documentation.

D.

Obtain authorizations and signatures.

Buy Now
Questions 48

Who is held responsible for oversight of the organization ' s risk management framework?

Options:

A.

Operational management.

B.

Board of directors.

C.

Internal auditors.

D.

Head of risk management.

Buy Now
Questions 49

Which of the following is most important for an internal auditor to consider when developing an approach for an audit engagement in a foreign country?

Options:

A.

Currency exchange rates, as they relate to internal audit-related expenses.

B.

Differences in typical working hours, compared to other countries.

C.

The effects of subtle language nuances on translations.

D.

Accepted practices that may be illegal in other countries.

Buy Now
Questions 50

Which of the following would show appropriate disclosure of nonconformance with the Standards?

Options:

A.

The chief audit executive (CAE) documented in the personnel file a critical conflict of interest involving an internal auditor on an upcoming contracting engagement.

B.

The CAE discussed with the board an issue regarding the internal audit activity performing an IT engagement without proper skills and knowledge.

C.

The CAE met with the peer review team to discuss an internal auditor ' s failure to meet the annual requirements for continuing professional education.

D.

The CAE revealed to operational managers that he failed to appropriately consider risks while he was developing the audit plan.

Buy Now
Questions 51

An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing ( Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations.

According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?

Options:

A.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activityhas addressed all areas of nonconformance and the audit committee has been notified.

B.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.

C.

Indicate that the internal audit activity operates in partial conformance with the Standards t as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.

D.

Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to ail parties who received the original reports.

Buy Now
Questions 52

Which of the following statements best represents the duo professional care that is required of internal auditor’s?

Options:

A.

Internal auditors should perform assurance procedures to ensure that all significant risks are identified.

B.

Internal auditor should not perform consulting engagements for operations for which they had previous responsibilities.

C.

Internal auditors should consider the cost of assurance in relation to the potential benefits.

D.

Internal auditors should device internal audit programs to confirm that the results are accurate.

Buy Now
Questions 53

The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review. Which of the following would be the most appropriate approach?

Options:

A.

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

B.

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

C.

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures.

D.

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

Buy Now
Questions 54

Which of the following scenarios would most significantly restrict the areas where internal audit could perform assurance services?

Options:

A.

Regulators mandate specific audit engagements to be included in the audit plan.

B.

The internal audit activity reports functionally to the chief financial officer

C.

The internal audit activity reports administratively to the CEO and functionally to the audit committee.

D.

The internal audit activity reports administratively to the chief financial officer.

Buy Now
Questions 55

Which of the following are some of the requirements of the quality assurance and improvement program (QAIP)?

Options:

A.

The OAIP should be conducted at least once every three years, and must be performed by an external assessor.

B.

The OAIP should be conducted on an ongoing basis, and can be completed as a self-assessment,

C.

he QAIP should include both internal assessments performed by staff and external assessments performed by independent, objective individuals

D.

The OAIP should be performed with scoping limitations established by the board.

Buy Now
Questions 56

Which of the following statements is true regarding internal controls?

Options:

A.

Strategic objectives are prerequisites to establishing internal controls.

B.

Internal controls eliminate process breakdowns caused by human errors.

C.

Well-established internal controls cannot be overridden.

D.

Robust internal controls ensure business success.

Buy Now
Questions 57

Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?

Options:

A.

Fewer internal audits

B.

More effective interviews

C.

Automated risk management strategy tools

D.

Reduced assurance costs

Buy Now
Questions 58

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently.

Which common characteristics of fraud will the practice and policy most likely reduce?

Options:

A.

Pressure or incentive.

B.

Opportunity.

C.

Rationalization.

D.

Commitment.

Buy Now
Questions 59

According to IIA guidance, the nature and scope of assurance and consulting services to be offered must be clearly delineated in which of the following internal audit documents?

Options:

A.

The internal audit policies and procedures handbook.

B.

The internal audit charter.

C.

The internal audit mission statement.

D.

Each internal audit engagement letter.

Buy Now
Questions 60

The board requested the chief audit executive (CAE) to provide consulting services for a new systems implementation project Which of the following statements is true regarding this scenario?

Options:

A.

The CAE should avoid making decisions on risk responses within risk management processes.

B.

The CAE may only provide consulting and not assurance services in risk management processes

C.

The CAE may manage the project risks on behalf of management in this particular situation

D.

The CAE should avoid giving assurance on risk management processes in this particular situation

Buy Now
Questions 61

Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?

Options:

A.

Determine the organization’s overall risk appetite.

B.

Establish a governance committee.

C.

Delegate authority to members of senior management.

D.

Identify key stakeholders and their expectations

Buy Now
Questions 62

Which of the following is an advantage of using nongovernmental organization (NGO) members on an assurance team when auditing corporate social responsibility?

Options:

A.

Typically less time is needed to train the NGO members on the audit process.

B.

NGO members are often more unbiased and objective

C.

A report with a positive statement from an NGO member is deemed to be more credible. As opposed to auditors.

D.

NGO members are licensed to audit corporate social responsibility.

Buy Now
Questions 63

According to IIA guidance, which of the following activities are considered a core internal audit role with regard to enterprise risk management?

Reviewing the management of key risks.

Evaluating the reporting of key risks.

Evaluating risk management processes.

Consolidating the reporting of risks.

Options:

A.

1 and 4.

B.

2 and 4.

C.

2, 3, and 4.

D.

1, 2, and 3.

Buy Now
Questions 64

An audit engagement required that an internal auditor, using available tools, test a transaction population for a period The auditor decided to test a sample of transactions rather than the full population.

Results of the audit were reported as satisfactory to management. Subsequent to the audit report, fraud was discovered in the area audited and was found to include transactions that were in the relevant transaction population not tested by the auditor. The auditor later disclosed that he decided to test a sample because it was representative of the population and facilitated quicker testing. Which of the following skills below, if improved, would most likely have prevented this situation?

Options:

A.

Objectivity

B.

Critical thinking.

C.

Empathy.

D.

Communication

Buy Now
Questions 65

Which statement accurately describes the authority of the internal audit activity as outlined in the audit charter?

Options:

A.

The chief audit executive (CAE) shall report directly to the board and administratively to the CEO.

B.

The CAE shall provide senior management and the board with performance updates quarterly.

C.

The internal audit team shall have full access to the organization ' s records, physical property, and personnel required to conduct audit engagements.

D.

The internal audit activity shall maintain a quality assurance and improvement program in conformance with the Standards.

Buy Now
Questions 66

In addition to her internal audit activity responsibilities, the chief audit executive has been asked to oversee the organization ' s insurance function. Which of the following responses is most appropriate?

Options:

A.

Welcome the additional responsibility, as it represents an opportunity to gain more information for future audits.

B.

Revise the internal audit charter to include oversight of the insurance function, ensuring that all of her responsibilities are properly documented.

C.

Report the request to the board and recommend alternate processes to obtain assurance related to insurance activities.

D.

Promptly remove the organization ' s insurance function from the audit universe.

Buy Now
Questions 67

Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?

Options:

A.

Evaluating and suggesting improvements to the risk management process.

B.

Establishing the organization ' s risk appetite.

C.

Determining whether the risk attitude is aligned with shareholder interests.

D.

Ensuring an adequate risk management system is in place.

Buy Now
Questions 68

Which of the following situations undermines the independence of the internal audit activity?

Options:

A.

The internal audit activity is responsible for the company ' s risk management function and its head manager reports to the chief audit executive

B.

A senior member of the internal audit activity once worked in the corporate finance department

C.

The organization ' s CEO reviews the internal audit activity ' s annual budget per the organization’s policies and procedures

D.

The internal audit activity often uses management ' s risk profile to build its own risk profile for annual planning

Buy Now
Questions 69

According to MA guidance, which of the following gives the internal audit activity the authority to request supporting documentation for the invoices of a third-party service provider?

Options:

A.

The internal audit policy manual.

B.

The internal audit charter.

C.

The board of directors.

D.

The quality assurance and improvement program.

Buy Now
Questions 70

An internal auditor at a multinational organization is reviewing the effectiveness of the organization ' s risk management framework. In this scenario, which of the following statements is true?

Options:

A.

The auditor should consider local cultures and customs in various regions when assessing control effectiveness.

B.

Regardless of their location, employees at all levels share responsibility for designing effective controls to mitigate risks.

C.

To achieve an effective internal control environment, the organization ' s risk management plan must be documented and communicated to all levels throughout each region.

D.

Setting clear objectives is a precondition to effectively identifying, assessing, and responding to the organization ' s risks.

Buy Now
Questions 71

Which of the following statements is correct regarding disclosure of conformance or Standards?

Options:

A.

An internal audit activity that has been in existence fewer than five years cannot Indicate that it is operating in conformance with the Standards because it has not yet undergone an external assessment.

B.

Once an external assessment validates conformance with the Standards, the internal audit activity may continue to use the statement until the next external assessment.

C.

If it has been more than five years since the last external assessment was conducted, the Internal audit activity must cease indicating that it operates in conformance with the Standards.

D.

The chief audit executive must disclose every instance of noncompliance with the Code of Ethics or the Standards.

Buy Now
Questions 72

Which of the following best describes the internal audit activity ' s contribution to the implementation of the risk management framework?

Options:

A.

Internal audit identifies key risk areas during assurance reviews and provides audit findings.

B.

Internal audit assists with the prioritization of identified risks.

C.

Internal audit participates in setting the risk appetite.

D.

Internal audit takes part in the design of risk mitigation measures.

Buy Now
Questions 73

Which of the following is an area that an organization would most likely include as part of its corporate social responsibility reporting?

Options:

A.

The profitability impact of its products in developing markets.

B.

The amount of political donations to local government races.

C.

The number of complaints related to traffic from its new factory.

D.

The compensation packages awarded to senior management.

Buy Now
Questions 74

Which of the following would best preserve the organizational independence of the internal audit activity?

Options:

A.

The internal audit charter is approved by the chief audit executive (CAE).

B.

The CAE reports functionally to the CEO.

C.

The CAE ' s internal audit plan is endorsed by the board.

D.

The chief financial officer determines the appointment of the CAE.

Buy Now
Questions 75

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

Options:

A.

A monitoring process,

B.

A risk assessment process.

C.

A strategic objective-setting process.

D.

An information and communication process.

Buy Now
Questions 76

According to the Standards, which of the following demonstrates the proficiency of an internal auditor?

Options:

A.

Each internal auditor must hold one or more certifications in the area of fraud and seek out continuing professional development related to fraud detection and fraud investigation.

B.

Each internal auditor must have sufficient knowledge of IT risks and controls, and be able to evaluate the risk of fraud and the manner in which it is managed by the organization.

C.

Each internal auditor on the engagement team must possess the same level of knowledge, skills, and other competencies as other auditors on the engagement team.

D.

Each internal auditor must be paired, by the chief audit executive, with an individual who possesses the knowledge, skills, or other competencies required to complete the audit.

Buy Now
Questions 77

Which of the following describes two duties that should not be performed by the same person?

Options:

A.

Posting cash receipts and cash payments to the general ledger.

B.

Posting bad debt write-offs and reconciling the accounts payable subsidiary ledger.

C.

Distributing payroll checks and approving sales returns for credit.

D.

Recording cash receipts and preparing bank reconciliations.

Buy Now
Questions 78

Which of the following statements is true regarding corporate social responsibility (CSR)?

Options:

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan,

B.

Despite significant corporate resources spent on CSR reporting, investors generally do not rely on CSR information.

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary.

D.

Typically, operating management does not have a major role to play based on the public nature of reporting

Buy Now
Questions 79

Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large

organization?

Options:

A.

The internal assessment results should be discussed once every five years,

B.

The rating conclusions and the impact from results of the external assessment should be explained,

C.

The results of the external assessment should be discussed every seven years,

D.

The qualifications and independence of the internal assessment team should be discussed

Buy Now
Questions 80

According to IIA guidance, which of the following best demonstrates that the chief audit executive is properly reporting the results of the quality assurance and improvement program to senior management and the board?

Options:

A.

Providing a written conformance statement to both senior management and the board.

B.

Giving copies of both external and internal assessments to the board.

C.

Keeping files of reports of ongoing external assessment monitoring.

D.

Retaining copies of board meeting minutes showing that discussions of assessments took place.

Buy Now
Questions 81

Senior management relies on the professional judgment of an internal auditor and uses outcomes of her audit work to make business decisions Which of the following personal qualities displayed by the internal auditor is most likely the foundation for this relationship?

Options:

A.

Integrity

B.

Negotiation skills.

C.

Business acumen

D.

Flexibility

Buy Now
Questions 82

In the COSO internal control framework, which of the following components serves as the foundation for the other components?

Options:

A.

Control activities.

B.

Control environment.

C.

Risk assessment.

D.

Monitoring

Buy Now
Questions 83

In which of the following ways can a whistleblower hotline serve as a prevent

Options:

A.

active control? 3

B.

Third parties who operate the hotline ensure anonymity for whistle blowers. D Whistleblower tips help discover wrongdoings and violations of the code of conduct.Potential perpetrators of fraud know that their actions can be reported easily.

C.

Better investigation protocols are triggered by the whistleblower hotline.

Buy Now
Questions 84

An accounts payable clerk who has access to the vendor master file replaced the payment details of a legitimate vendor with those of a friend before processing the payment through the organization ' s cashier. Immediately afterward, he restored the original vendor information. Which of the following controls could have prevented this fraud?

Options:

A.

Approval of master file change requests by the accounts payable supervisor

B.

Comparison of the check register to original invoices.

C.

Segregation of duties between accounts payable and the cashier.

D.

Frequent issuance of account statements sent to the vendors.

Buy Now
Questions 85

With regard to governance, which of the following is a board-level responsibility rather than a management responsibility?

Options:

A.

Obtaining assurance on external financial, regulatory, and internal audits.

B.

Complying with laws, regulations, and codes.

C.

Assigning authority and responsibilities organization wide.

D.

Monitoring and measuring performance.

Buy Now
Questions 86

Which of the following best describes the type of risk that an adequately designed and effectively operating system of internal controls should mitigate?

Options:

A.

Net.

B.

Controllable.

C.

inherent,

D.

Residual.

Buy Now
Questions 87

According to HA guidance, which of the following is true regarding independence and objectivity for small internal audit activities?

Options:

A.

The chief audit executive (CAE) may consider including a disclaimer on independence in audit reports.

B.

The CAE may consider greater involvement of those with suitable knowledge of audit practice.

C.

Conformance with this Standard is not dependent upon the size of the internal audit activity.

D.

Due to the small size of the internal audit activity, having an external assessment once every seven years is acceptable.

Buy Now
Questions 88

Which of the following is part of a fraud detection program?

Options:

A.

Whistleblower hotline.

B.

Authority limits.

C.

Background investigations

D.

Evaluation of compensation programs.

Buy Now
Questions 89

Which of the following should the internal audit activity establish to ensure auditors develop the appropriate skills for conducting audits?

Options:

A.

An audit charter that includes the internal audit activity mission and vision

B.

A policy encouraging audit staff to earn certifications

C.

A quality assurance and improvement program to address audit risk areas

D.

An internal audit plan that links engagements to strategic objectives

Buy Now
Questions 90

As a result of a high-profile processing error, respective business unit managers are implementing new controls. The internal audit team was asked for their advice regarding the controls. The objective of this consulting engagement would be determined by which of the following?

Options:

A.

The organization ' s board of directors.

B.

The chief audit executive.

C.

The business unit manager and the engagement supervisor.

D.

The compliance manager and the business unit manager.

Buy Now
Questions 91

Which of the following parties would be responsible for ongoing monitoring of the organization ' s corporate social responsibility activities to reduce its carbon footprint?

Options:

A.

Chief audit executive

B.

Facility operation manager

C.

Public relations manager

D.

Regulatory agency

Buy Now
Questions 92

At the beginning of an IT development project key risks were identified and assessed and risk owners were appointed Six months later the IT development team reported that the project Is significantly over budget, it will not be completed on time and key personnel had left the organization. Which of the following risk management practices should be improved for future projects?

Options:

A.

Risk response.

B.

Risk assessment

C.

Risk monitoring.

D.

Risk avoidance.

Buy Now
Questions 93

Which of the following is a legitimate role for the internal audit activity in the organization ' s risk management process ' ?

Options:

A.

Championing the establishment of a risk management framework

B.

Creating and implementing new risk management processes

C.

Maintaining sole responsibility for risk management within the organization

D.

Setting the risk appetite of the organization

Buy Now
Questions 94

When dealing with various stakeholders which of the following is true regarding an internal auditor ' s responsibility to remain objective and independent?

Options:

A.

When deciding between conflicting reports of a control ' s performance from a control operator and the operator ' s manager the internal auditor should generally believe the manager

B.

Some audit issues may remain unremediated and unreported if management will accept recommendations that the internal auditor deems more important

C.

The internal auditor may initially disagree with management s acceptance of a risk, but reevaluate and agree with management’s judgment after further discussion

D.

When working on business unit audits it is sometimes sufficient for the internal auditor to report deficiencies only to the unit manager when remediation is not complex

Buy Now
Questions 95

Which of the following would most likely represent an objectivity impairment for an internal auditor?

Options:

A.

Providing fraud awareness training and disseminating information regarding the organization ' s fraud hotline.

B.

Performing consulting services after disclosing that the auditor had previous responsibilities in the area under review.

C.

Performing an assurance engagement related to the cash receipts process three years after transferring to the internal audit activity from accounts receivable.

D.

Performing a compliance audit on a vendor prior to disclosing that the vendor ' s office manager is the auditor’s brother.

Buy Now
Questions 96

The organization ' s internal audit charter was last updated six years ago. To update the charter, which of the following actions is most appropriate for the chief audit executive to take?

Options:

A.

Wait for the next external assessment and address all of the missing information in the charter based on the recommendations from the external assessment team.

B.

Perform a review of IIA guidance to become acquainted with the latest mandatory elements prior to updating the charter

C.

Use an internal audit charter template from another organization that operates within the same industry.

D.

Identify an individual within the internal audit activity who has in-depth knowledge of mandatory IIA guidance elements to address any gaps or areas of the current version of the charter that could be improved.

Buy Now
Questions 97

According to IIA guidance, which of the following actions best demonstrates due professional care by an internal auditor when she discovers a number of fraud-related red flags during an audit engagement?

Options:

A.

Conclude the engagement and inform management that fraud has occurred

B.

Perform further testing to verify the existence of fraud.

C.

Suspend the engagement and undertake a formal fraud investigation.

D.

Notify the board of the possible fraud immediately

Buy Now
Questions 98

A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to IIA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

Options:

A.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees

B.

Review the investigation and implement any improvements to the process.

C.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

D.

Determine why the fraud was not detected earlier and design controls to strengthen early detection.

Buy Now
Questions 99

In which of the following scenarios would the internal auditor’s objectivity be best protected?

Options:

A.

A former human resources manager conducts an effectiveness review of the appointment and termination process six months after transferring to the internal audit activity.

B.

An accounts payable clerk assists the internal auditors during an effectiveness review of the physical access controls to the server room.

C.

An internal auditor writes the system manual for a newly acquired payroll software application prior to conducting an effectiveness review of the system.

D.

An internal auditor conducts an effectiveness review of an organization ' s business continuity plan in which his son is a minority stockholder.

Buy Now
Questions 100

To assure that the technical proficiency of internal auditors is appropriate for the audit engagements to be performed, a chief audit executive should:

Options:

A.

Consider the scope of work and level of responsibility when establishing criteria for education and experience in filling internal audit positions.

B.

Ensure that each newly hired auditor is qualified in all of the disciplines needed to accomplish the department’s audit mission.

C.

Oversee a training program that matches the actual training provided with the interests of individual auditors.

D.

Require all of the audit staff to pursue a minimum number of continuing professional education hours each year

Buy Now
Questions 101

According to IIA guidance, which of the following best describes the chief audit executive s responsibility for confirming to the board the organizational independence of the internal audit activity ' ?

Options:

A.

The CAE must do this at least annually

B.

The CAE must do this at least once every five years

C.

The CAE must do this upon completion of each external quality assessment

D.

The CAE should do this periodically in conjunction with a review of the internal audit charter

Buy Now
Questions 102

The chief audit executive (CAE) annually develops a budget and resource plan and submits it to the board for approval. This action best fulfills which of the following responsibilities of the CAE?

Options:

A.

The responsibility to maintain organizational independence.

B.

The responsibility to perform engagements with due professional care.

C.

The responsibility to communicate corrective action plans to the board.

D.

The responsibility to define the purpose of the internal audit activity.

Buy Now
Questions 103

An internal auditor believes that a weakness exists in the control environment relating to the delegation of authority and responsibility within the management structure. Which of the following actions should the internal auditor first consider in this matter?

Options:

A.

Recommend a control change and obtain management support.

B.

Evaluate the potential Impact on related controls.

C.

Address the risk with senior management and the board.

D.

Develop and communicate the scope and evaluation criteria to be used by management.

Buy Now
Questions 104

Which of the following situations would cause the greatest concern regarding impairment of internal audit objectivity?

Options:

A.

The eternal auditor reviewed the audit clients proposed procedures and standards of control and offered suggested improvements at the client’s request.

B.

The internal auditor performed nonaudit work for the audit client which was communicated to senior management and the board before the engagement was performed and restated in the audit report

C.

internal auditors accepted limited access to the audit client ' s systems and records m accordance with the scope of the engagement

D.

The internal auditor used his in-depth knowledge of systems development to assist the audit client m designing a new operational system with robust controls.

Buy Now
Questions 105

Which of the following should be implemented to promote independence of the internal audit activity?

Options:

A.

Internal auditors do not review an area where they previously worked

B.

The internal audit charter is reviewed and updated annually

C.

The chief audit executive reports functionally to the board

D.

Management does not influence the consulting services provided by the internal audit activity

Buy Now
Questions 106

Which of the following best describes the approach the internal audit activity should take to assess and make appropriate recommendations to improve the organization?

Options:

A.

To evaluate an organization s governance processes for making strategic and operational decisions eternal auditors should review the organization s policies and processes related to staff compensation

B.

To determine how an organization provides oversight of its risk management and control activities internal auditors should review board meeting minutes and the board policy manual

C.

To assess how an organization promotes ethics and values both internally and among its external business partners, internal auditors should review the organization ' s related objectives programs and activities

D.

To evaluate how an organization ensures effective performance management and accountability internal auditors should review previously conducted risk assessments

Buy Now
Questions 107

An organization is in the process of hiring a new chief audit executive (CAE). Which of the following can the potential candidates expect to be a part of the recruiting process or in place when the CAE is hired?

Options:

A.

There are checks to determine the existence of any potential conflict of interest.

B.

The CAE reports functionally to the highest level of management, the CEO.

C.

The CAE’s compensation depends on the performance of the organizational departments.

D.

Hiring and termination of the CAE is dependent on the decision of senior executives.

Buy Now
Questions 108

The collaborating style for conflict resolution, where the parties promote assertiveness and work together to develop a mutually beneficial solution, is best used in which of the following situations?

Options:

A.

Parties are confident of the solution and are ready to defend it.

B.

There is a high level of trust among the parties.

C.

Resolution is time sensitive and a quick decision is necessary.

D.

The issue is more important to one patty than the others.

Buy Now
Questions 109

Which of the following would be considered an impairment to an internal auditor ' s objectivity when performing a review of the organization ' s procurement function ' ?

Options:

A.

The internal auditor worked on the implementation of the accounting system within the organization before joining the internal audit activity last year

B.

The internal auditor is part of a multidisciplinary team tasked to assist with a new project implementation checklist within the organization

C.

The internal auditor worked as a sourcing specialist before joining the internal audit activity last year

D.

The internal auditor participates in a cross-departmental team for information and data security within the organization

Buy Now
Questions 110

An organization ' s board has approved an expansion plan into a new market. The board acknowledged that if the expansion is not successful, the organization would encounter large monetary losses consisting of legal fees, research and development costs, rent expenses, and labor fees. Which of the following has the board approved?

Options:

A.

The risk response.

B.

The risk tolerance.

C.

The residual risk.

D.

The inherent risk.

Buy Now
Questions 111

Which of the following statements is true regarding organizational independence of the internal audit activity (IAA)?

Options:

A.

Reporting to a higher level within the organization reduces the potential scope of engagements that can be undertaken by the IAA.

B.

The benefit of the IAA ' s organizational independence is realized primarily via reduced costs for the external auditor.

C.

Independence is impaired when the scope of the IAA is subject to changes required by senior management.

D.

Inadequate organizational independence can result in the chief audit executive being able to fire staff without consulting the audit committee.

Buy Now
Questions 112

According to IIA guidance, which of the following would be the most appropriate to help a new internal auditor understand the nature and positioning of the internal audit activity within his organization?

Options:

A.

The internal audit charter.

B.

Examples of internal audit reports.

C.

The internal audit policy and procedures manual.

D.

The IIA’s International Professional Practices Framework.

Buy Now
Questions 113

Which of the following is most likely to be considered a control weakness?

Options:

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms.

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent.

Buy Now
Questions 114

What should the chief audit executive do when the internal audit activity is found to be in nonconformance with the Code of Ethics or the Standards?

Options:

A.

Assign competent staff to the area under audit to remediate the nonconformance.

B.

Determine how the deviation impacted the overall scope of the internal audit activity.

C.

Meet with the board to gam an understanding of the board ' s expectations.

D.

Communicate the matter to the board at the time of the next external assessment.

Buy Now
Questions 115

Which of the following is an example of an impairment to an internal auditor ' s independence?

Options:

A.

An internal auditor delays reporting material financial statement audit findings until after his parents sell all of their stock in the company

B.

Following the restructuring of the organization, the internal audit activity now reports functionally to the chief financial officer

C.

A new member of the internal audit activity, who was the accounts payable supervisor for two years, is asked to consult on the implementation of a new accounts payable system

D.

Believing there must be errors in a given balance sheet account the internal auditor decides to expand his testing

Buy Now
Questions 116

A large commercial bank was fined by regulators for fraudulent practices when employees, over a period of time, opened thousands of new accounts for existing clients without the clients ' consent. It was later found that employees were given unrealistic new account targets and were aggressively monitored by management on a daily basis.

Which of the following controls would have most likely reduced the likelihood of the fraudulent practice from occurring?

Options:

A.

An evaluation of the current performance and compensation program.

B.

The performance of background investigations on all existing employees.

C.

The availability of fraud training to all employees.

D.

The availability of an employee whistleblower hotline

Buy Now
Questions 117

What is the primary reason a chief audit executive should dedicate time and resources to support continuing professional development of internal audit staff?

Options:

A.

To ensure that internal audit staff maintains high overall job satisfaction.

B.

To ensure that internal audit staff acquired continuing professional education credits timely.

C.

To ensure that top risks are mitigated to an acceptance level.

D.

To ensure that internal audit staff have the competency to address high-priority risks.

Buy Now
Questions 118

While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company ' s engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?

Options:

A.

Include the engineering department on the audit plan, use the available internal audit resources to conduct the review, and exclude procedures that cannot be adequately assessed.

B.

Advise management to accept the assessed risk until the internal auditors are able to review the area adequately.

C.

Recruit internal auditors with the required competencies and wait until they are employed before including this audit on the internal audit plan.

D.

Proceed with a review of the engineering department but supplement the internal audit team with nonauditors from an external engineering company who have the required skills to assist

Buy Now
Questions 119

When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports?

1. Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.

2. Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management

reporting and the negative consequences of intentional misreporting.

3. Setting up a hotline for employees to report fraudulent behavior anonymously,

4. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.

Options:

A.

1 and 2 only.

B.

2 and 3 only.

C.

2 and 4 only.

D.

3 and 4 only

Buy Now
Questions 120

The internal audit activity conducted an organization wide risk assessment. One of the most significant risks identified is associated with the oil price market. The chief audit executive (CAE) is considering including in the annual audit plan an assessment of the effectiveness of oil price risk management. The manager responsible commented that the assessment was not needed, as market risks were regularly addressed by the financial risk committee. If the CAE decides to include this activity in the annual audit plan anyway, how should it be recorded?

Options:

A.

A consulting engagement independent of the financial risk committee ' s review.

B.

A risk assessment.

C.

An assurance engagement.

D.

A joint consulting engagement with input from the financial risk committee.

Buy Now
Questions 121

Which of the following should an internal auditor take into consideration when making a judgement regarding whether management selected appropriate risk responses?

Options:

A.

Significant risks

B.

Risk capacity

C.

Risk appetite

D.

Risk tolerance

Buy Now
Questions 122

Which of the following scenarios provides the most concerning red flag or indicator of possible fraud?

Options:

A.

An employee receives a bonus for perfect attendance

B.

During the past 18 months three chief financial officers have left the organization after having been promoted to the position

C.

The organization does not perform any due diligence research on third party service providers

D.

Three competitors are highly profitable but a fourth equal in size is approaching bankruptcy limits

Buy Now
Questions 123

According to IIA guidance which of the following statements is true regarding the internal audit charier?

Options:

A.

The charier should be revised and re-approved whenever a new chief audit executive (CAE) is appointed or at the request of the board

B.

The charier should be re-approved every five years, in conjunction with the external quality assessment

C.

The charier can be revised at the discretion of the CAE whenever 4 is determined that its content no longer supports the achievement of objectives

D.

The charier should be reviewed and resubmitted for board approval annually together with the audit plan

Buy Now
Questions 124

The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization ' s automobiles. However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization s production process?

Options:

A.

A general web-based training on auditing manufacturing processes.

B.

Self-study courses on the industry ' s production practices

C.

Industry publications that discuss production methods

D.

A virtual meeting with management that explains the production of automobiles

Buy Now
Questions 125

According to IIA guidance, which policy, established by the chief audit executive, would most likely ensure internal audits are conducted with due professional care?

Options:

A.

The initial review of workpapers should be conducted after the final engagement report is issued.

B.

Independent internal assessments of the internal audit activity should be performed by entry-level staff as part of on-the-job training.

C.

Internal audit staff should be informed regularly of changes to policies and procedures.

D.

Training documents should be destroyed at the end of the year to create space for the next year ' s training documents.

Buy Now
Questions 126

An internal audit team received the following feedback from operational management via a post-engagement survey " Management agrees with all audit findings However, the audit team did not consider our input on the best way to resolve the issues”

This feedback is an indication that the internal audit activity may need to improve which of the following interpersonal skills?

Options:

A.

Leadership

B.

Conflict management

C.

Communication

D.

Influence

Buy Now
Questions 127

Upon completion of an external assessment as part of the quality assurance and improvement program (QAIP), the chief audit executive (CAE) reported the results to senior management and the board The CAE included the following elements in the report

- Qualifications and independence of me external assessment team

- Conclusions of assessors

- Corrective action plans

How should the CAE improve the aforementioned approach to reporting the resets of QAIP?

Options:

A.

Senior management should be excluded from the reporting as the QAiP results must be communicated to re board only

B.

The report can be streamlined by removing unnecessary information such as the qualifications and me independence of external assessors

C.

The results must be snared with the external a auditors as well, so they can determine the extent to which they can rely on me work of the internal audit activity

D.

The report should indicate that the external assessment must be performed at least once every five years

Buy Now
Questions 128

Which of the following would the chief audit executive be required to disclose in the communication of quality assessment results to senior management and the board?

Options:

A.

The cost and frequency of both internal and external assessments.

B.

Any assumptions made by the assessment team

C.

A potential conflict of interest of the assessment team.

D.

The assessment team’s execution plan of relevant procedures.

Buy Now
Questions 129

Which of the following would most likely be classified as a consulting engagement?

Options:

A.

Examining the internal control effectiveness of the marketing department

B.

Assessing the adequacy of the IT system ' s business process design

C.

Facilitating a self assessment of the organizations business risk and control identification

D.

Reviewing the application controls in the human resources system

Buy Now
Questions 130

Which of the following is an example of a directive control?

Options:

A.

Segregation of duties.

B.

Exception reports.

C.

Training programs.

D.

Supervisory review.

Buy Now
Questions 131

Which of the following principles of The IIA ' s Code of Ethics implies that internal auditors should refrain from performing assurance services when there is an impairment to audit independence that has not been declared?

Options:

A.

Confidentiality.

B.

Objectivity.

C.

Integrity.

D.

Competency.

Buy Now
Questions 132

Which of the following survey questions would be most effective to identify ethics violations within the organization?

Options:

A.

Are the performance targets in your department realistic and attainable?

B.

Do your coworkers have the knowledge, skills, and training needed to perform their job duties?

C.

Does your supervisor comply with laws and regulations affecting the organization?

D.

Do you have sufficient resources, tools, and time to accomplish your work objectives?

Buy Now
Questions 133

During a quality assessment of the internal audit activity an auditor is assessing whether the independence of the internal audit activity is at risk of being compromised. According to IIA guidance, which of the following would provide the best source of evidence for such an assessment?

Options:

A.

An organizational chart showing the reporting line of the chief audit executive to the CEO

B.

The internal audit charter as endorsed by the organization’s governing body

C.

A review of the audit opinions issued from a sample of recent audit engagements

D.

An assessment of the scope of the audit work performed by the internal au < M activity

Buy Now
Questions 134

According to IIA guidance, which of the following statements regarding ethics is true?

Options:

A.

Business ethics may vary within an organization with both domestic and foreign operations.

B.

Business ethics are universal in nature and organizations across the world are expected to comply with similar standards.

C.

A business ethics policy for an organization is established solely to direct the behavior and expectations of employees.

D.

Business ethics of an organization must remain independent from those of suppliers, customers, and business partners.

Buy Now
Questions 135

After the draft engagement report is issued, the manager of the area that was reviewed is informally interviewed by the engagement supervisor regarding the audit experience. Which of the following is most likely the purpose for this interview?

Options:

A.

Such an interview is performed when there is a need to dismiss an internal auditor

B.

Feedback from the manager will contribute to the audit team ' s professional development

C.

The manager ' s opinion will be used to form the final audit assessment and report rating.

D.

The manager will provide insights into the audited industry ' s trends

Buy Now
Questions 136

According to NA guidance, which of the following provides the best evidence of conformance with the Standards with respect to the proficiency required of the internal audit activity?

Options:

A.

Discussions with the chief audit executive.

B.

A listing of employee profiles and certifications.

C.

Inquiry of external auditors.

D.

Validation by human resources.

Buy Now
Questions 137

Whch ol the following would show appropriate disclosure of nonconformance with the Standards?

Options:

A.

The chief audit executive (CAE) documented in the personal file a critical conflict of interest involving an internal audit on a upcoming contracting engagement.

B.

The CAE discussed with the board an issue regarding the internal activity performing an IT engagement without proper skills and knowledge.

C.

The CAE met with the peer review team to discuss an internal auditor’s failure to meet the annual requirements for continuing professional education.

D.

The CAE revealed to revealed to operational manager that he failed to appropriately consider risks while he was developing the audit plan.

Buy Now
Questions 138

Which of the following is a preventive control the organization could implement to mitigate fraudulent activity in the accounts payable department?

Options:

A.

Delivering fraud awareness training to employees in the department.

B.

Segregating duties between employees in the department.

C.

Requesting the internal audit activity perform an independent evaluation of fraud risk in the department.

D.

Requiring accounts payable employees to sign a code of conduct awareness confirmation.

Buy Now
Questions 139

According to IIA guidance, which of the following best describes expense reimbursement fraud?

Options:

A.

Theft of cash after it is recorded in the books

B.

Theft of cash before it is recorded in the books

C.

Theft of assets through fictitious or inflated invoices

D.

Theft of assets through false mileage travel logs and meal charges

Buy Now
Questions 140

Which of the following would best serve to deter unethical behavior and encourage internal auditors to be objective in their work?

Options:

A.

A requirement that internal auditors undergo objectivity training periodically

B.

Periodic communications reminding internal auditors of Standards requirements

C.

A review of the final audit report by the audit committee

D.

Ongoing monitoring and periodic internal quality assessments

Buy Now
Questions 141

A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?

Options:

A.

Low-level audit expertise

B.

Narrow industry experience

C.

MPotential conflict of interest

D.

Weak interpersonal skills

Buy Now
Questions 142

Which of the following is the primary benefit of an effective professional development program for internal auditors?

Options:

A.

An effective program may enhance internal auditors ' business acumen

B.

An effective program may ensure that HA Standards requirements are adhered to during audit engagements

C.

An effective program may ensure internal auditors ' effectiveness in setting the organization ' s nsk management process

D.

An effective program may clarify management ' s expectations of the auditors and their responsibilities to the organization

Buy Now
Questions 143

During the closing meeting of a procurement audit, the business manager disagrees with the observation presented by the engagement supervisor and accuses the team of not understanding the procurement objectives The engagement supervisor blames the manager for impeding the audit What skillset should the chief audit executive utilize to manage this situation?

Options:

A.

The ability to negotiate

B.

The ability to use analytical tools

C.

The ability to foresee issues

D.

The ability to manage conflict

Buy Now
Questions 144

Which of the following is an example of an application control?

Options:

A.

Employees in the data center must always wear identification badges

B.

Operating system updates must be installed within 48 hours.

C.

A two stage authentication process must be used to access customer information

D.

System backup and recovery testing must be done monthly

Buy Now
Questions 145

An organization has limited resources to spend on corporate social responsibility initiatives. Which is the most suitable approach to determine how these resources should be used?

Options:

A.

Support a mix of environmental economic and social initiatives to ensure a balanced approach is taken

B.

Survey employees and external stakeholders to see which causes are best suited to the organization.

C.

Select corporate social responsibility initiatives that support the overall strategic goals of the organization

D.

Conduct a financial analysis to determine where the most impact can be made with the budget available

Buy Now
Questions 146

Which of the following preventative controls would be most effective for organizations facing business disruptions and respective financial losses?

Options:

A.

Develop a business continuity plan for contingent situations,

B.

Insure the organization against financial losses.

C.

Rely on third-party cloud solution providers for the organization ' s systems.

D.

Hedge company assets via purchasing derivatives.

Buy Now
Questions 147

Which of the following best describes a purpose for the internal audit charter?

Options:

A.

The internal audit charter authorizes the internal audit activity ' s reporting structure and clearly defines the roles of each internal auditor.

B.

The internal audit charter defines the roles and responsibilities of the chief audit executive, board of directors, and senior management.

C.

The internal audit charter authorizes access to records, personnel, and physical properties relevant to the performance of audit engagements.

D.

The internal audit charter defines the criteria by which the internal audit activity ' s performance will be evaluated

Buy Now
Questions 148

A global organization established a new internal audit activity and the recently hired chief audit executive needs to develop an internal audit manual for internal auditors Among the following policies in the manual, which would facilitate internal auditors in upholding their objectivity?

Options:

A.

Internal auditors shall attend professional workshops to refresh internal audit norms and concepts

B.

Internal auditors ' performance is synchronized with satisfaction ratings given by audit clients

C.

Internal auditors take prior audit results into account when conducting current audit engagements

D.

Internal auditors observe the audit client’s expectations when scoping audit engagements

Buy Now
Questions 149

An organization is conducting a fraud risk assessment as part ol its risk management program. Which of the following steps is the organization most likely to perform first?

Options:

A.

Identify relevant fraud risk factors.

B.

Identify potential fraud schemes.

C.

Identify existing controls for preventing and detecting fraud.

D.

Identify red flags by conducting data analysis.

Buy Now
Questions 150

An internal auditor believes that the internal audit activity ' s independence is impaired. Which of the following actions should the internal auditor take first?

Options:

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Buy Now
Questions 151

According to MA guidance, which of the following is the most accurate statement regarding the internal audit charter?

Options:

A.

The IIA ' s Code of Ethics must exist outside of the charter to maintain independence.

B.

The charter must be approved by both senior management and the board.

C.

The nature of consulting services does not need to be defined in the Internal audit charter.

D.

The charter provides a framework for performing a broad range of value-added audit services.

Buy Now
Questions 152

The same internal auditor has audited the regional purchasing department annually for the last three years. The audits have shown several significant control deficiencies that have not been corrected by management. New management is in charge of this regional purchasing department, and it is time to audit the department again. What concerns should be considered prior to assigning the audit to the same auditor?

Options:

A.

Intimidation threats may compromise the auditor ' s objectivity due to multiple negative audit reports completed by the auditor.

B.

The auditor has reviewed the department annually for the last three years, leading to familiarity, which can impact the internal audit activity ' s independence.

C.

A negative cognitive bias may be in place that affects the employee ' s objectivity due to the recent audits with uncorrected control deficiencies.

D.

The auditor may have formed a cultural bias, as the department under review is in the auditor ' s geographic area.

Buy Now
Questions 153

When beginning an engagement to assess the effectiveness of the organization ' s newly revamped risk management processes, which of the following should internal auditors review first?

Options:

A.

Key risk disclosures in the annual report.

B.

Existing risk assessment and identification processes.

C.

Organizational strategy and business plans.

D.

Risk mitigation plans and risk responses.

Buy Now
Questions 154

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

Options:

A.

Residual.

B.

Net.

C.

Inherent.

D.

Accepted.

Buy Now
Questions 155

According to the IIA Code of Ethics, which of the following best describes the conduct of an internal auditor who demonstrates the principle of competency?

Options:

A.

The auditor is prudent in the use and protection of information acquired in the course of his work.

B.

The auditor does not accept anything that may impair or be presumed to impair his professional judgment.

C.

The auditor does not perform services in a particular area when he lacks skills in that area.

D.

The auditor performs work with honesty, diligence, and responsibility.

Buy Now
Questions 156

Anew internal auditor suspects fraud is taking place. Which action should the new auditor take?

Options:

A.

Collect relevant audit evidence and begin working with management of the area to investigate the fraud.

B.

Inform the chief audit executive and meet with the suspect to determine whether the person committed fraud.

C.

Document supporting information and recommend an investigation to the appropriate audit management.

D.

Evaluate existing controls and implement new procedures to mitigate the opportunity for fraud.

Buy Now
Questions 157

The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?

Options:

A.

Audits of risk management and compliance functions should be overseen by a competent external assurance provider

B.

Audits of risk management and compliance functions should be overseen by a senior audit manager within the internal audit activity other than the CAE

C.

Audits of risk management and compliance functions should be conducted by internal auditors under the supervision of management from both functions

D.

Audits of risk management and compliance functions should be earned out by a team of the most experienced auditors overseen by the CAE

Buy Now
Questions 158

According to IIA guidance, which of the following best demonstrates how the chief audit executive may ensure that due professional care is applied?

Options:

A.

Establish policies and procedures concerning the engagement process

B.

Develop a strategy for recruiting assigning, and training staff

C.

Outsource complex engagements to an external service provider

D.

Base the auditor evaluation process on the number of observations

Buy Now
Questions 159

What is expected of internal auditors in regards to due professional care?

Options:

A.

Auditors perform assurance services without regard to cost

B.

Auditors perform assurance services effectively to identify all risks

C.

Auditors perform assurance services needed to achieve the engagement ' s objectives

D.

Auditors perform assurance services to guarantee all significant risks will be addressed

Buy Now
Questions 160

If an internal auditor suspects fraud during an engagement which of the following is expected of the auditor?

Options:

A.

Evaluate the suspected activities to determine whether a forma! investigation is warranted,

B.

Immediately inform senior management and the board of the suspected fraud.

C.

Ascertain the level of resources needed to formally investigate the fraud, and proceed with the investigation if resources permit,

D.

Include in the engagement documentation all possible effects and the potential impact of the fraud to the organization

Buy Now
Questions 161

The organization ' s chief audit executive (CAE) is planning an immediate assurance engagement following several product recalls. However, the internal audit staff does not have the required Knowledge and experience to adequately assess all the relevant processes and procedures. According to 11A guidance, which of the following actions should the CAE take under these circumstances?

Options:

A.

Use the current available resources to conduct the review and exclude those procedures that can ' t currently be performed.

B.

Implement an accelerated training plan to provide the audit staff with the necessary skills and knowledge to conduct the engagement.

C.

Encourage management to accept the assessed risk until the internal audit activity is able to adequately review the area.

D.

Obtain assistance for the audit team from other internal assurance providers who possess the requisite expertise in the area.

Buy Now
Questions 162

An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles of the MA Code of Ethics did she display?

Options:

A.

Confidentiality.

B.

Independence.

C.

Competency.

D.

Objectivity

Buy Now
Questions 163

An external assessment was performed as part of the organization ' s quality assurance and improvement program. Which of the following conclusions confirms that the internal audit activity is in conformance with the Standards ' ?

Options:

A.

The chief audit executive is well qualified and has responsibilities over operational areas that the internal audit activity assesses.

B.

Periodic self-assessments are assigned to entry-level internal audit staff to support their continuing professional development.

C.

All audit workpapers are reviewed and signed by the engagement supervisor before the audit report is issued.

D.

Employees who rotate into the internal audit activity from other areas of the organization are assigned to audit areas where they previously worked, to take advantage of their operational expertise and experience.

Buy Now
Questions 164

What should be the first step for a newly hired chief audit executive to build and maintain the proficiency of the internal audit activity ' ?

Options:

A.

Incorporate the basic criteria of internal audit competency into job descriptions

B.

Complete a periodic skills assessment of the internal audit activity

C.

Develop a competency or skill assessment tool.

D.

Perform benchmarking with competitors to learn what other firms are doing related to this topic

Buy Now
Questions 165

Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?

Options:

A.

Reviewing journal entries for accuracy and completeness.

B.

Comparing the policies and procedures to regulatory collections guidance.

C.

Advising management on streamlining the recording of accounts receivable.

D.

Performing a walk-through of the debt collections process to determine whether proper segregation of duties exists

Buy Now
Questions 166

Which of the following is a greater consideration for internal auditors when they are performing a consulting engagement than when they are performing an assurance engagement ' ?

Options:

A.

The relative complexity of the engagement

B.

The cost of the engagement relative to its benefits

C.

The extent of work needed to achieve the engagement ' s objective

D.

The needs and expectations of the engagement client

Buy Now
Questions 167

In order for an internal auditor to assess the opportunity for fraud to occur in an organization, which of the following does the auditor first need to understand?

Options:

A.

Fraud prevention.

B.

Fraud detection.

C.

Corporate culture.

D.

Forensic analysis techniques.

Buy Now
Questions 168

While auditing an organization ' s credit approval process, an internal auditor learns that the organization has made a large loan to another auditor ' s relative. Which course of action should the auditor take?

Options:

A.

Proceed with the audit engagement, but do not include the relative ' s information.

B.

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.

Disclose in the engagement final communication that the relative is a customer.

D.

Immediately withdraw from the audit engagement.

Buy Now
Questions 169

According to IIA guidance, which of the following is most critical to ensuring that an organization ' s risk management program remains effective over time?

Options:

A.

Ensuring a fully executed assurance role for the internal audit activity.

B.

Conducting risk evaluations that include ranking the relative importance of each risk.

C.

Establishing a risk management function and appointing a chief risk officer.

D.

Conducting a combination of ongoing risk reviews and individual evaluations.

Buy Now
Questions 170

Which of the following best describes the differences between internal auditors and external auditors?

Options:

A.

External auditors are concerned about misstatements in the organization ' s financial statements, while internal auditors are concerned about fraudulent activities that could impact the organization’s financial statements

B.

External auditors are required to hold an accounting designation and are responsible for continuing their education, while internal auditors are required to hold an internal audit designation.

C.

External auditors focus on the accuracy and understandability of financial statements, while internal auditors help the organization accomplish its objectives by evaluating and improving the effectiveness of the control process.

D.

External auditors are not employees of the organization, while internal auditors are employees who have in-depth knowledge of the business, making their opinion more reliable to the board and senior management.

Buy Now
Questions 171

Which of the following strategies for professional development best demonstrates an internal auditor’s competency ' ?

Options:

A.

Completed education credits

B.

Membership in professional organizations

C.

Subscriptions to sources of relevant professional information

D.

Professional development and training plans

Buy Now
Questions 172

Which of the following organizations has reached the most mature level of corporate social responsibility?

Options:

A.

An organization that is able to provide goods and services society needs and thus maximizes profit to its owners.

B.

An organization that ensures compliance to legal frameworks of the countries in which it operates and sells its products.

C.

An organization that is willing to make contributions not mandated by law or economics and expects no payback.

D.

An organization that requires its decision makers to act with equity, fairness, and respect for the rights of individuals.

Buy Now
Questions 173

When a plant manager from within the organization is hired as a rotational internal auditor within the internal audit activity which area should he most likely be trained for immediately?

Options:

A.

Industry knowledge

B.

Project management

C.

Leadership skills

D.

Risk assessments

Buy Now
Questions 174

The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

Options:

A.

The internal audit charter does not identify which audit services are outsourced

B.

The internal audit charter has not been reviewed by the legal department

C.

The internal audit charter has not been approved by the board within the past year

D.

The internal audit charter does not describe the authority of the internal audit activity

Buy Now
Questions 175

Which of the following is a limitation of detective internal controls in fraud management?

Options:

A.

Implementation costs tend to be higher than the expected benefits.

B.

They tend to be easy for fraudsters to circumvent.

C.

They are not designed to improve efficiency of operations.

D.

They are not effective in preventing fraud.

Buy Now
Questions 176

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments. The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International! Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

Options:

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.

The self-assessment results were validated by a qualified external review team three years prior.

D.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Buy Now
Questions 177

The principle that " no action should be taken that may harm in some way the least fortunate people " is an expression of which of the following more general ethical principles?

Options:

A.

Utilitarian benefits.

B.

Personal virtues.

C.

Religious injunctions.

D.

Distributive justice.

Buy Now
Questions 178

In the context of an internal control framework, organizational structure and assignment of authority and responsibility is related to which of the following?

Options:

A.

Control activities.

B.

Information and communication.

C.

Risk assessment.

D.

Control environment.

Buy Now
Questions 179

According to IIA guidance, which of the following is required of an internal audit activity?

Options:

A.

The internal audit activity should refrain from conducting an assurance engagement for which it lacks the necessary competencies or skills

B.

The chief audit executive must decline a consulting engagement or obtain competent advice and assistance if internal auditors lack the necessary competencies or skills

C.

The audit committee should ensure that the internal audit activity continuously improves its knowledge and skills in order to fulfill its responsibilities

D.

In today ' s business climate which is dominated by technology and big data, it is imperative that each staff internal auditor has detailed knowledge about IT risks and technology-based audit techniques

Buy Now
Questions 180

Which of the following statements is true regarding management ' s use of judgement to design, implement, and conduct internal control?

Options:

A.

The use of judgment enhances management ' s ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.

Introducing judgment generally diminishes management ' s ability to make good decisions about internal control.

C.

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

Buy Now
Questions 181

Which of the following scenarios violates The IIA ' s standard regarding internal audit independence?

Options:

A.

The chief audit executive (CAE) reports on the internal audit activity ' s day-to-day tasks and responsibilities to the CEO.

B.

An assessment of the risk management function is reviewed by an outside consulting firm because the CAE is temporarily fulfilling the role of risk manager.

C.

The CAE regularly meets with the organization ' s chief risk officer, who validates all reported audit findings and dictates which will be Included In the package to the audit committee.

D.

The internal audit activity will experience staffing shortages for the next six months due to planned and unplanned leaves of absence; therefore the CAE proposed including fewer audits in the annual audit plan compared to the previous financial year.

Buy Now
Questions 182

An internal audit team analyzed the organization ' s value-at-risk model during an assurance engagement and suggested several useful improvements. Management was impressed by the internal audit team’s work and requested additional actions. Which of the following requested actions would impact internal audit independence most severely if fulfilled?

Options:

A.

Assess the effectiveness of the model at least semi-annually.

B.

Modify model inputs and suggest courses of action based on outcomes.

C.

Employ acquired experience to test other models used by the company.

D.

Validate whether model outputs serve the purpose stated by the model.

Buy Now
Questions 183

An internal auditor found that his organization did not make a disclosure that is required by law. However, the auditor decided not to raise an audit finding. Which of the following Code of Ethics principles was violated?

Options:

A.

Objectivity.

B.

Integrity.

C.

Proficiency.

D.

Confidentiality.

Buy Now
Questions 184

The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigate. Which of the following would most likely be the next step?

Options:

A.

Ask internal auditors to gather all relevant information evidence

B.

Identify and interview witnesses first potential suspects later.

C.

Conduct a fraud risk assessment to the most vulnerable areas.

D.

Determine me competencies needed and assess whatever team members have a conflict of interest.

Buy Now
Questions 185

Which of the following statements is true regarding the disclosure of results of the quality assurance and improvement program?

Options:

A.

If the results of both internal and external assessments support conformance with the Standards, the internal audit activity must communicate this to the board and senior management in writing.

B.

If it has been in existence fewer than five years and has no documented external assessment, the internal audit activity may not indicate that it is operating in conformance with the Standards.

C.

If nonconformance affects its ability to fulfill its professional responsibilities or stakeholder expectations, the internal audit activity should disclose nonconformance as well as its impact.

D.

If an external assessment reflects an overall conclusion of nonconformance, the internal audit activity may continue to communicate that it conforms with theStandards if it discloses a remediation plan, including timeline with subsequent validation.

Buy Now
Questions 186

At what point in time can an organization conclude that the established organizational governance framework was correctly implemented?

Options:

A.

When the internal auditor conducts observations and fieldwork.

B.

When management completes the risk assessment.

C.

When the internal auditor evaluation shows its soundness.

D.

When the organization ' s goals and objectives are met.

Buy Now
Questions 187

Which of the following best demonstrates organizational independence of the internal audit activity?

Options:

A.

The chief audit executive reports directly to the board

B.

Internal auditors may not disclose personal data of the audit client

C.

Internal auditors may not accept gifts from management of the area under review

D.

Internal auditors must observe the law and make required disclosures

Buy Now
Questions 188

Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?

Options:

A.

The risk of collusion between parties.

B.

The risk of falsified reconciliations.

C.

The risk of low-liquidity inventory.

D.

The risk of damages to the inventory.

Buy Now
Questions 189

Which of the following threatens internal audit objectivity ' ?

Options:

A.

Internal auditors are expected by senior management to identify a minimum of five major control weaknesses in each area audited

B.

Internal auditors are prevented from accessing information necessary to undertake their audit engagements

C.

The chief audit executive reports directly to the chief financial officer who previously led the internal audit activity

D.

The CEO requests the internal audit activity develop a charter that clearly delineates its purpose and responsibilities within the organization

Buy Now
Questions 190

According to IIA guidance, which of the following statements is true regarding mentoring programs designed to assist internal auditors with their professional development?

Options:

A.

The mentor must have a higher position in the organization than the mentee

B.

An auditor s supervisor is best positioned to serve as the auditor ' s mentor

C.

Meetings between a mentor and a mentee should be formal and well documented

D.

Auditors at the same level may be assigned different mentors and some auditors may have no mentor

Buy Now
Questions 191

Which of the following is the primary benefit of establishing a formal training program for the internal audit activity?

Options:

A.

It is useful to reinforce the independence of the internal audit activity.

B.

It is useful to guide internal auditors as they perform specific engagements.

C.

It is useful to maintain the skills and competencies of internal audit staff.

D.

It is useful to measure the effectiveness and maturity of the internal audit activity.

Buy Now
Questions 192

An internal auditor failed to identify transactions between the parent organization and a subsidiary. What is the most likely reason for the failure?

Options:

A.

The auditor misunderstood the audit objectives.

B.

The auditor lacked professional skepticism.

C.

The auditor ' s fieldwork was not properly supervised.

D.

The auditor lacked an understanding of the organization.

Buy Now
Questions 193

Wi ch of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

Options:

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed the last year

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistieblower hotline.

Buy Now
Questions 194

Which of the following qualifies as an acceptable consulting service provided by the internal audit activity?

Options:

A.

Develop training and system rollout plans in response to the results of the change readiness assessment of a new sales distribution model

B.

Lead a risk self assessment session for laboratory managers to help identify inherent risks and provide recommendations on how to evaluate the risks

C.

Audit a third party cloud service provider to review the effectiveness of governance and management controls in providing secure services to its customers

D.

Conduct a post-implementation assessment of the enterprise resource planning system to determine whether project objectives were met and to identify opportunities to maximize potential benefits

Buy Now
Questions 195

Which of the following items related to the quality assurance and improvement program should the chief audit executive report to the board?

Options:

A.

Ongoing monitoring results

B.

Periodic management assessment results

C.

Annual risk assessment results

D.

Internal auditors ' training evaluation results

Buy Now
Questions 196

Which of the following is an appropriate role for the internal audit activity?

Options:

A.

Ensuring the organization ' s key risks are managed through appropriate controls.

B.

Assisting the organization in maintaining effective controls.

C.

Implementing new controls to promote continuous improvement.

D.

Validating control assessments performed by the external auditor.

Buy Now
Questions 197

Which of the following statements best describes how the internal audit activity obtains reasonable assurance that significant risks in the organization are identified and assessed?

Options:

A.

The internal auditors review the organization ' s strategic plan, business plan, and policies, and have discussions with the board and senior management.

B.

The internal auditors evaluate the adequacy and timeliness of management ' s reporting of risk management results.

C.

The internal auditors interview staff at various levels and determine whether the organization ' s objectives, significant risks, and risk appetite are articulated sufficiently.

D.

The internal auditors review recently completed risk assessments and related reports issued by senior management, external auditors, and other sources.

Buy Now
Questions 198

Which of the following must be considered by the chief audit executive before writing the internal audit charter?

Options:

A.

Internal auditors ' level of competencies and skills.

B.

The manner in which the internal audit activity is viewed by the board.

C.

Evaluation of staff certifications and continued development.

D.

Effectiveness of the quality assurance and improvement program.

Buy Now
Questions 199

A chief audit executive (CAE) is concerned that the internal audit activity is not receiving adequate training and continuing education. Which of the following approaches should the CAE take?

Options:

A.

Implement a uniform professional development plan for the internal audit activity.

B.

Create a formal development agreement with each individual staff auditor.

C.

Require each internal auditor to obtain the same professional certifications.

D.

Require training and developmental activities that are sponsored by The HA.

Buy Now
Questions 200

An internal auditor notes that inventory counts are conducted on Mondays only and that all documentation is on paper as there are no computers in the underground warehouses. Also she notices that the person responsible for receiving the goods is the same one who distributes materials and spare parts Finally, she sees that spare parts are written off and taken by the heads of mining units to different underground locations to wait for their turn to be installed. Which of the described findings requires more consideration from a fraud risk perspective?

Options:

A.

The job responsibilities of the warehouse employee compromise segregation of duties

B.

Spare parts are written off before their actual usage and installation

C.

Warehouse management is conducted on paper and requires further investigation

D.

The inventory counts take place on specific days of the week for no apparent reason

Buy Now
Questions 201

Which of the following drivers of fraud is directly controllable by an organization?

Options:

A.

Pressure

B.

Rationalization

C.

Opportunity

D.

Incentive

Buy Now
Questions 202

Which of the following best demonstrates conformance with the Standards regarding the internal audit activity ' s purpose authority, and responsibility?

Options:

A.

Discussion and formal presentation of the internal audit charter to the board of directors

B.

Certification by external auditors on the purpose, authority and responsibility of the internal audit activity

C.

Approval of senior management that the internal audit activity is functioning as originally designed

D.

Self-assessment of the internal audit activity completed by the chief audit executive

Buy Now
Questions 203

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

Options:

A.

Leadership.

B.

Documentation.

C.

Analysis.

D.

Reporting.

Buy Now
Questions 204

The chief audit executive (CAE) decided to conduct a self-assessment with independent validation. Which of the following is the most likely reason the CAE selected this course of action?

Options:

A.

The audit committee requested the self assessment for quality assurance purposes

B.

The staff auditors have the necessary knowledge and experience to conduct the review

C.

The internal audit activity is relatively small in size and is due for an external assessment

D.

The internal audit activity is due for a self-assessment which is specifically required at least once every five years

Buy Now
Questions 205

According to IIA guidance, which of the following corporate social responsibility {CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

Options:

A.

1,2, and 3.

B.

1,2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4

Buy Now
Questions 206

Which of the following statements best represents the due professional care that is required of internal auditors?

Options:

A.

Internal auditors should perform assurance procedures to ensure that all significant risks are identified.

B.

Internal auditors should not perform consulting engagements for operations for which they had previous responsibilities.

C.

Internal auditors should consider the cost of assurance in relation to the potential benefits.

D.

Internal auditors should devise internal audit programs to confirm that the results are accurate.

Buy Now
Questions 207

A new internal auditor was recently recruited to the internal audit activity from the organization ' s finance department. What is likely to be the chief audit executive’s greatest concern regarding assigning the new auditor to upcoming audits in the finance department?

Options:

A.

The time it may take the new auditor to complete the assignment and report the findings to management.

B.

The qualifications of the new auditor and whether the auditor ' s business knowledge is relevant to the assignment.

C.

The potential for a conflict of interest to exist or appear to exist if the new auditor undertakes these assignments.

D.

The knowledge the new auditor may have of control weaknesses in the finance department.

Buy Now
Questions 208

Which of the following statements is true regarding reporting results of the quality assurance and improvement program to senior management and the board?

Options:

A.

Internal assessments must be reported to the board at least every five years

B.

If supported by assessment results, reporting provides assurance that internal auditors demonstrate conformance with the Code of Ethics

C.

Following the reporting the board must give the internal audit activity five years to correct any deviations

D.

A report, including the results of both internal and external assessments must be provided to the board annually

Buy Now
Questions 209

Which of the following skills is most important for an internal auditor who facilitates control self-assessment workshops to possess?

Options:

A.

Groupthink.

B.

Collaboration skills.

C.

Process analysis skills.

D.

Project management skills.

Buy Now
Questions 210

Which of the following is the best way for internal auditors to demonstrate their proficiency to effectively carry out their professional responsibilities?

Options:

A.

Volunteer for audit engagements in areas or industries in which the auditor is unfamiliar

B.

Sign an annual attestation indicating that the auditor has all required competencies to perform her job effectively.

C.

Obtain appropriate professional certifications or other designations.

D.

Disclose potential impairments to independence or objectivity prior to performing an audit engagement.

Buy Now
Questions 211

Which of the following situations undermines the independence of the internal audit activity?

Options:

A.

The internal audit activity is responsible for the company ' s risk management function, and its head manager reports to the chief audit executive.

B.

A senior member of the internal audit activity once worked in the corporate finance department.

C.

The organization’s CEO reviews the internal audit activity’s annual budget per the organization’s policies and procedures.

D.

The internal audit activity often uses management ' s risk profile to build its own risk profile for annual planning.

Buy Now
Questions 212

Which of the following would be the most effective in helping to detect fraud?

Options:

A.

Code of conduct.

B.

Exit interviews.

C.

Fraud awareness training

D.

Employee promotion policy.

Buy Now
Questions 213

During an audit of a foreign subsidiary an internal audit team discovered that products were sold to a prohibited country due to sanctions. What is the best course of action for the internal audit team?

Options:

A.

Include the facts m the engagement communications

B.

Inform me external auditors of the violation.

C.

Report the violation to the government regulators

D.

Consult with the legal department

Buy Now
Questions 214

Senior management and the board have expressed concerns about the length of engagements and whether their outcome aligns with the organization ' s strategies and objectives. Which of the following actions, if taken by the chief audit executive, could address these concerns?

Options:

A.

Communicating to internal audit staff instructions for completing engagements within shorter time periods.

B.

Requesting additional funding from the board to train internal audit staff on time and resource management.

C.

Implementing the use of agile auditing during engagements to meet expectations.

D.

Encouraging internal audit staff to participate in workshops to further develop their understanding of the organization ' s strategies.

Buy Now
Questions 215

Which of the following describes the internal audit activity ' s most appropriate role in an organization ' s risk management process?

Options:

A.

Reporting to the board on management ' s assessment of current risks

B.

Establishing a risk management policy and framework for the organization

C.

Assigning responsibility for identifying and managing significant risks

D.

Developing key controls to mitigate risks across the organization

Buy Now
Questions 216

Which of the following is the most effective way for internal auditors to determine whether ethical values are followed throughout the organization?

Options:

A.

Review the organization ' s ethical value structure and reporting procedures.

B.

Review what the organization considers to be ethical behavior, such as the employee code of conduct.

C.

Review employee survey responses and follow up on those that suggest weaknesses in the ethical climate.

D.

Review the organization ' s records to ensure all employees have signed statements that they will follow ethical practices.

Buy Now
Questions 217

Which of the following is an indicator that the organization s risk management process is effective?

Options:

A.

The organization s risk appetite mission, and objectives are dearly outlined.

B.

The organization s risk management practices are assessed as mature.

C.

The organization has adopted risk management frameworks and global models.

D.

The organization s significant risks are identified and adequately assessed

Buy Now
Questions 218

An internal auditor extended the scope of testing for a disbursements engagement following a fraud risk assessment Despite the investment of additional audit resources no significant issues were found Unfortunately a major payment fraud was discovered several

months later According to IIA guidance which of the following statements is true regarding the internal auditor ' s application of due professional care?

Options:

A.

Due professional care was not applied because no additional work should have been performed unless there was actual evidence of fraud

B.

Due professional care was not applied because the extended scope resulted in no issues being identified, while fraud actually existed

C.

Due professional care was applied as the internal auditor modified the scope based on reasonable judgment, despite the additional cost of resources

D.

Due professional care was applied as the cost of audit resources should not be a determining factor in the degree of testing undertaken

Buy Now
Questions 219

Which of the following is the best example of a computer forensic audit activity?

Options:

A.

An internal auditor compared vendor addresses to employee home addresses.

B.

An internal auditor used analytical software to trace all disbursements processed on weekends.

C.

An internal auditor tried to circumvent the logical access controls of the purchasing system.

D.

An internal auditor recovered emails of an employee who was suspected of fraudulent activities

Buy Now
Questions 220

Which of the following controls would be most useful to prevent an employee from using the organization ' s funds for inappropriate expenditures and falsifying financial records to conceal the fraud?

Options:

A.

Segregating duties in the payroll processes.

B.

Confirming receipt of goods or services.

C.

Performing background checks on newly hired employees.

D.

Requiring management approval for expenses.

Buy Now
Exam Code: IIA-CIA-Part1
Exam Name: Internal Audit Fundamentals
Last Update: Jul 18, 2026
Questions: 735

PDF + Testing Engine

$64.99   $185.69

Testing Engine

$49.99   $142.83

PDF (Q&A)

$54.99   $157.11