Summer Certification Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

Free Practice Questions for the IIA CIA IIA-CIA-Part1 Exam (2026 Updated)

At Marks4sure, we are dedicated to providing IT professionals with the most accurate and reliable preparation materials for the IIA IIA-CIA-Part1 exam. To support your certification journey, we have made a selection of our premium 2026 CIA practice questions and answers available completely free. You can take this practice test as many times as you need. Every question includes a detailed, expertly verified explanation to ensure you fully grasp the core security concepts before test day.

Questions 4

The level of authority for the internal audit activity is granted by which of the following?

Options:

A.

The chief audit executive.

B.

The internal audit charter.

C.

The International Professional Practices Framework.

D.

The IIA ' s Code of Ethics.

Buy Now
Questions 5

Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?

Options:

A.

Accommodation.

B.

Reaction.

C.

Defense.

D.

Proaction.

Buy Now
Questions 6

The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement?

Options:

A.

The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.

B.

The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.

C.

The assigned internal auditor must not assume management responsibilities while performing the engagement

D.

The assigned internal auditor must maintain objectivity while performing the engagement.

Buy Now
Questions 7

Which of the following statements best describes the difference between risk appetite and risk tolerance?

Options:

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization ' s general attitude toward risk,

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management.

C.

Risk appetite refers to an organization ' s general level of acceptance, while risk tolerance is a more specific and subordinate concept.

D.

There is no significant difference between the two terms.

Buy Now
Questions 8

Which of the following activities aligns with The IIA ' s Core Principles for the Professional Practice of Internal Auditing?

Options:

A.

The chief audit executive reports to senior management for compensation decisions and communications of audit results to the board

B.

Final reports from consulting engagements show the summary of findings, and the internal auditor’s advice is clearly distinct and separate from management ' s decisions

C.

Internal auditors rotate through operations and management positions then perform audit engagements on these areas to ensure timely application of their knowledge

D.

Due to limited resources, internal auditors prioritize assurance on internal controls and risk management and exclude evaluating governance processes, which are deemed outside of their core responsibilities

Buy Now
Questions 9

Which of the following factors are commonly assessed to determine the magnitude of risk events?

Options:

A.

Tolerance and appetite

B.

Inherent and residual risk

C.

Cost and benefit

D.

Impact and likelihood

Buy Now
Questions 10

The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?

Options:

A.

Request the internal audit activity to perform an ethics-related assurance engagement.

B.

Offer in-house ethics-related training seminars for employees to attend.

C.

Reaffirm the importance of the organization ' s code of ethics to all employees.

D.

Conduct an organizationwide employee survey on ethical practices

Buy Now
Questions 11

Which of the following is a detective control?

Options:

A.

An organization requires certain employees who occupy sensitive positions to sign attestation to the code of conduct on an annual basis.

B.

A compliance specialist carries out quarterly reviews of an organization ' s compliance with regulatory requirements.

C.

A front desk officer in an organization requires that visitors are identified by the host before access is granted.

D.

An internal audit activity deploys audit management policies and procedures for team members.

Buy Now
Questions 12

An automobile manufacturer will become one of the first in the industry to adopt a new inventory management software. Despite the system being new to the market, senior management believes that the benefits are great enough to offset the potential risks. Which of the following aspects of risk management does senior management’s decision best illustrate?

Options:

A.

Residual risk.

B.

Inherent risk.

C.

Risk tolerance.

D.

Risk appetite.

Buy Now
Questions 13

An internal auditor has completed an assurance engagement Which of the following is most likely true regarding the engagement?

Options:

A.

During audit planning, the auditor provided the client with the scope of the engagement for their agreement

B.

The results of the engagement were included in a written report that was issued to the client who requested the engagement

C.

During audit planning, the auditor determined that the engagement scope would include a review of the security and privacy of payroll records

D.

The client requested the review of a new payroll system in order to improve the security of the system

Buy Now
Questions 14

During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company ' s expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?

Options:

A.

Skills in evaluating the risk of fraud.

B.

Knowledge of key IT risks and controls

C.

Soft skills such as communication and negotiation.

D.

Knowledge and understanding of the company ' s expenses policy

Buy Now
Questions 15

An internal auditor believes that a weakness exists in the control environment relating to the delegation of authority and responsibility within the management structure. Which of the following actions should the internal auditor first consider in this matter?

Options:

A.

Recommend a control change and obtain management support

B.

Evaluate the potential impact on related controls

C.

Address the risk with senior management and the board

D.

Develop and communicate the scope and evaluation criteria to be used by management

Buy Now
Questions 16

According to the Standards, in today ' s technology and business environments, how much computer and information systems-related knowledge and skills must an internal auditor have to be effective in fulfilling his job responsibilities?

Options:

A.

Auditors must have an IT specialty in at least one of their organization ' s key information technology systems.

B.

Auditors must be proficient in data analysis and computer assisted audit techniques for their organization.

C.

Auditors must understand their organization ' s integrated test facilities and generalized audit software.

D.

Auditors must understand their organization ' s IT governance, risk, and control processes.

Buy Now
Questions 17

Which of the following strategies for professional development best demonstrates an internal auditor’s competency ' ?

Options:

A.

Completed education credits

B.

Membership in professional organizations

C.

Subscriptions to sources of relevant professional information

D.

Professional development and training plans

Buy Now
Questions 18

Which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

Options:

A.

Internal assessments must be performed by the chief audit executive.

B.

An internal assessment must be performed at least once every five years.

C.

It Is permissible to share the results of the QAIP with the organization ' s external auditors.

D.

Results of ongoing monitoring must be validated annually by an independent external assessor.

Buy Now
Questions 19

An organization ' s board recommends revising the internal audit charter by adding requirements regarding the hiring and compensation of the chief audit executive as well as information on approving the internal audit budget. Which of the following is the board most likely defining in the charter?

Options:

A.

Functional and administrative responsibilities of internal audit activity.

B.

Authority and objectivity of internal audit activity.

C.

Independence and objectivity of internal audit activity.

D.

Assurance and improvement of internal audit activity.

Buy Now
Questions 20

To assure that the technical proficiency of internal auditors is appropriate for the audit engagements to be performed, a chief audit executive should:

Options:

A.

Consider the scope of work and level of responsibility when establishing criteria for education and experience in filling internal audit positions.

B.

Ensure that each newly hired auditor is qualified in all of the disciplines needed to accomplish the department’s audit mission.

C.

Oversee a training program that matches the actual training provided with the interests of individual auditors.

D.

Require all of the audit staff to pursue a minimum number of continuing professional education hours each year

Buy Now
Questions 21

Which of the following describes the internal audit activity ' s most appropriate role in an organization ' s risk management process?

Options:

A.

Reporting to the board on management ' s assessment of current risks

B.

Establishing a risk management policy and framework for the organization

C.

Assigning responsibility for identifying and managing significant risks

D.

Developing key controls to mitigate risks across the organization

Buy Now
Questions 22

Which of the following statements is true regarding the quality assurance and improvement program (QAIP)?

Options:

A.

Reporting on the QAIP to the board should occur at least once every five years

B.

The responsibility for the selection of an external assessor rests with the board

C.

The qualifications of the assessors must be communicated to the board

D.

The reporting of outcomes of the QAIP can be delegated to senior audit staff

Buy Now
Questions 23

According to IIA guidance, which of the following best demonstrates that the chief audit executive is properly reporting the results of the quality assurance and improvement program to senior management and the board?

Options:

A.

Providing a written conformance statement to both senior management and the board.

B.

Giving copies of both external and internal assessments to the board.

C.

Keeping files of reports of ongoing external assessment monitoring.

D.

Retaining copies of board meeting minutes showing that discussions of assessments took place.

Buy Now
Questions 24

There is a growing perception that employees generally evade their responsibilities. What impact will an internal auditor most likely see during an engagement?

Options:

A.

Supervisors are likely to reduce their level of supervision and increase span of control.

B.

Employees are likely to be supervised closely and given little freedom.

C.

Peer employees are likely to trust one another, but distrust management.

D.

Employees are likely to join forces to accomplish their duties as teams.

Buy Now
Questions 25

Which of the following statements is true regarding organizational independence of the internal audit activity (IAA)?

Options:

A.

Reporting to a higher level within the organization reduces the potential scope of engagements that can be undertaken by the IAA.

B.

The benefit of the IAA ' s organizational independence is realized primarily via reduced costs for the external auditor.

C.

Independence is impaired when the scope of the IAA is subject to changes required by senior management.

D.

Inadequate organizational independence can result in the chief audit executive being able to fire staff without consulting the audit committee.

Buy Now
Questions 26

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

Options:

A.

A monitoring process,

B.

A risk assessment process.

C.

A strategic objective-setting process.

D.

An information and communication process.

Buy Now
Questions 27

An internal auditor assessed that the risk of steel theft at a plant is high. In response, the plant ' s management introduced a number of controls, including fences around the facility, a metal detector at the entrance, and monthly steel inventory counts. If the controls operate as intended, which of the following outcomes would the internal auditor hope to see?

Options:

A.

The inherent risk will be mitigated to a level lower than the residual risk.

B.

The inherent risk will be reduced to an acceptable level.

C.

The residual risk will be reduced to an acceptable level.

D.

The residual risk will be eliminated

Buy Now
Questions 28

During an assurance engagement an internal auditor discovered that risk limits risk limit were set for a new market expansion project Management of the area under review was eager to comply and submitted a potential risk limit value for the auditor ' s review and approval. Which of the following would be an appropriate course of action for the auditor to take?

Options:

A.

Review the submission and if no further remarks exist approve the risk limits

B.

Provide advice if needed and ask management of the area under review to forward to senior management and the board for approval

C.

Develop risk limit calculation criteria and ask management of the area under review to resubmit the values.

D.

Avoid providing any advice or review until the audit report is issued

Buy Now
Questions 29

Which of the following best demonstrates the board of directors ' governance over internal control?

Options:

A.

The board bears direct responsibility for developing and implementing the internal control system.

B.

The majority of board members are experienced and qualified members of the organization ' s executive management team.

C.

The board may be assisted by an audit committee, chaired by the chief audit executive.

D.

The board is responsible for succession planning for the CEO and other key members of the executive management team.

Buy Now
Questions 30

The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?

Options:

A.

Audits of risk management and compliance functions should be overseen by a competent external assurance provider

B.

Audits of risk management and compliance functions should be overseen by a senior audit manager within the internal audit activity other than the CAE

C.

Audits of risk management and compliance functions should be conducted by internal auditors under the supervision of management from both functions

D.

Audits of risk management and compliance functions should be earned out by a team of the most experienced auditors overseen by the CAE

Buy Now
Questions 31

In which of the following ways could stakeholders be engaged in corporate social responsibility efforts?

Options:

A.

Investigation of health and safety incidents.

B.

Auditing of controls and management systems.

C.

Communication of disclosures and external reporting,

D.

Involvement in focus groups and complaint management

Buy Now
Questions 32

Which of the following actions should an organization take to detect an emerging risk of potential fraud?

Options:

A.

Adopt reward and recognition programs that promote good behaviors

B.

Undertake background checks for new employees as part of the hiring process

C.

Establish an anonymous platform for reporting suspected unethical behaviors

D.

Institute periodic educational training on expected ethical behaviors

Buy Now
Questions 33

An investment advisory firm purchased professional liability insurance to offer protection from lawsuits brought by customers claiming they received poor or erroneous advice. Which of the following best describes this risk management technique?

Options:

A.

Mitigation.

B.

Acceptance

C.

Transfer.

D.

Avoidance

Buy Now
Questions 34

Which action by senior management indicates to the internal auditor that there may be fraudulent activities occurring within the organization?

Options:

A.

Setting unrealistic targets for staff to achieve

B.

Granting external audit firms access to staff and records.

C.

Automating some processes and allowing others to be performed manually

D.

Enforcing a zero-tolerance policy for misconduct

Buy Now
Questions 35

According to The IIA’s Code of Ethics, which of the following statements is true?

Options:

A.

When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value.

B.

When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity.

C.

When an internal auditor disagrees with the treatment received by workers in the organization’s foreign subsidiary and alters the audit program to highlight the issue, the fails to demonstrate objectivity.

D.

When an internal auditor continues with an audit engagement, despite the audit client’s claims that the work performed is unnecessary and redundant, he fails to demonstrate competency.

Buy Now
Questions 36

According to IIA guidance, which of the following statements is true regarding internal auditors ' knowledge, skills and other competencies?

Options:

A.

The chief audit executive (CAE) must obtain competent advice and assistance if the internal audit activity lacks the knowledge, skills, or other competencies needed to complete the audit engagement

B.

Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization and should have the expertise of a fraud investigator

C.

Internal auditors need to have basic knowledge of key IT risks and controls and available technology-based audit techniques in order to perform their assigned work

D.

The CAE must refuse a consulting engagement if the internal audit activity lacks the knowledge, skills, or other competencies needed to perform all or part of the engagement

Buy Now
Questions 37

An external assessment of an organization ' s internal audit activity was last completed four years ago Which of the following options would be acceptable this year if the internal audit activity is to fulfill the requirements of the Standards?

Options:

A.

The internal audit activity conducts a self-assessment that is validated by a qualified and experienced internal auditor and then schedules a qualified, independent external assessor

B.

The board nominates an independent individual from senior management in the organization to conduct an assessment of the internal audit activity

C.

An external auditor conducts an audit of the organization which includes information about the internal audit activity

D.

The chief audit executive schedules a self-assessment and the board approves the results

Buy Now
Questions 38

The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions The CAE was an accounting manager for the organization six months ago How should she respond to the request?

Options:

A.

Decline, if it is consulting engagement because she recently worked in the organization s accounting department

B.

Accept, 11 is an assurance engagement, as she has been out of the department long enough to not impair objectivity.

C.

Inform the accounting department mat me engagement can take place m the future once she has been removed from accounting for a longer period of time.

D.

Accept, it is a consulting engagement with agreed-upon scope and services to be provided by me internal audit activity.

Buy Now
Questions 39

An electrician visits a client to assess the scope of work. After the visit, the sales office compiles and sends the client a proposal based on the electrician ' s estimation and approved price list. The internal auditor notices that in the last six months, the number of cancelled proposals has increased substantially. Which of the following is a fraud risk scenario that the auditor should consider in this situation?

Options:

A.

Some electricians may be offering clients opportunities for reduced fees if they pay with cash.

B.

There is a new competitor in the area who offers better prices.

C.

Sales representatives may be manipulating the proposals to include additional costs.

D.

An unauthorized person may be modifying client data and cancelling the proposals.

Buy Now
Questions 40

Which of the following best demonstrates organizational independence of the internal audit activity?

Options:

A.

The chief audit executive reports directly to the board

B.

Internal auditors may not disclose personal data of the audit client

C.

Internal auditors may not accept gifts from management of the area under review

D.

Internal auditors must observe the law and make required disclosures

Buy Now
Questions 41

An internal audit activity is performing a governance engagement. Which of the following would provide the best evidence for an internal auditor when evaluating the organization’s culture?

Options:

A.

Personnel and customer surveys, actual reports, and due diligence results regarding third-party governance practices.

B.

Details on mandatory reporting to third parties, disclosure committee charter and responsibilities, and the internal communication system.

C.

Succession plans, development programs, and job descriptions with responsibilities and authorities.

D.

Ethics and integrity policy; structured interviews with employees; and established and communicated values, mission, and vision.

Buy Now
Questions 42

An organization established 20 years ago has had its internal audit activity in place for the last three years. Which of the following would allow the internal audit activity to accurately state that it is in conformance with the Standards ' ?

Options:

A.

Documented assessment was performed by the audit committee and confirmed conformance.

B.

Internal and external assessments are performed annually, and nonconformance results are reported to the board.

C.

The independent and objective judgement of the chief audit executive confirmed conformance with the Standards.

D.

Documented internal assessments are performed periodically and confirm conformance.

Buy Now
Questions 43

An internal auditor is assessing the effectiveness of the organization ' s risk management practices She checks to see whether risk management is an intégrai part of decision making and whether risk management is transparent, responsive to change and addresses uncertainty. According to HA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?

Options:

A.

Maturity model approach

B.

Process element approach

C.

Key principles approach

D.

Key performance indicators approach.

Buy Now
Questions 44

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

A description of their job responsibilities,

Options:

A.

A non-disclosure agreement.

B.

An annual declaration of commitment to

C.

The IIA s Code of Ethics.

D.

The internal audit charter.

Buy Now
Questions 45

A subsidiary of the organization was preparing for an initial public offering (IPO). Af the request of the audit committee, the chief audit executive (CAE) and all senior audit staff were actively involved in the process by helping collect and validate financial data, conducting assessments, and participating in meetings with IPO advisors. Six months later, it became obvious that the IPO had to be canceled. Newly appointed audit committee members requested an assurance engagement that v/ould assess the IPO preparation process. Which of the following would be the best course of action for the chief audit executive (CAE) to take?

Options:

A.

The decision to involve auditors in the IPO was made by former audit committee members; therefore, the CAE is not responsible and can proceed with the new assignment.

B.

The CAE should reject the assignment, as such engagements are beyond the scope of auditors who are usually not familiar with root cause analysis methodology.

C.

The engagement should be undertaken by audit assistants and other junior staff members who were not involved in the IPO process.

D.

The CAE should disclose objectivity limitations to the audit committee and suggest alternatives, such as outsourcing the engagement.

Buy Now
Questions 46

In its five years of existence, an internal audit activity conducted a single internal assessment of its quality assurance and improvement program (QAIP). The results of that assessment showed that the internal audit activity did not conform with the Standards. Prior to this, an external assessment of the internal audit activity ' s QAIP was conducted, which reported that the internal audit activity was in conformance with the Standards. Considering the two assessments, what would be the internal audit activity ' s current state of conformance with the Standards?

Options:

A.

Conformance with the Standards.

B.

Nonconformance with the Standards

C.

Unable to determine conformance with the Standards.

D.

Partial conformance with the Standards

Buy Now
Questions 47

During an assurance engagement internal auditors interview operational management to gather and evaluate information. Which approach is most important for internal auditors to be able to listen effectively to interviewees in the given situation?

Options:

A.

Make an audio recording of the interview

B.

Interrupt with questions during unclear statements

C.

Express interest by asking follow-up questions

D.

Avoid periods of silence

Buy Now
Questions 48

According to IIA guidance, which of the following is most critical to ensuring that an organization ' s risk management program remains effective over time?

Options:

A.

Ensuring a fully executed assurance role for the internal audit activity.

B.

Conducting risk evaluations that include ranking the relative importance of each risk.

C.

Establishing a risk management function and appointing a chief risk officer.

D.

Conducting a combination of ongoing risk reviews and individual evaluations.

Buy Now
Questions 49

During a procurement process audit the internal audit activity undertakes a fraud risk assessment and considers a range of possible fraud scenarios within the process. Which of the following scenarios constitutes a pressure to commit fraud?

Options:

A.

An employee believes his poor compensation package justifies engaging in unethical behavior.

B.

The head of the department is the only signatory to purchase orders issued to third party contractors.

C.

Some employees strongly believe monetary gifts from vendors is a means of saving for life after employment.

D.

One of the employees was found to have an obsession with expensive jewelry

Buy Now
Questions 50

Which of the following best describes the internal audit activity’s responsibility within a risk and control framework?

Options:

A.

The internal audit activity constitutes the first line of defense in effective risk management.

B.

The internal audit activity provides direction regarding internal controls implementation.

C.

The internal audit activity verifies that management has met its responsibility for implementing effective controls.

D.

The internal audit activity implements the internal control framework and advises management regarding best practices.

Buy Now
Questions 51

According to IIA guidance, which of the following corporate social responsibility {CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

Options:

A.

1,2, and 3.

B.

1,2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4

Buy Now
Questions 52

A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?

Options:

A.

The annual audit plan.

B.

The audit report.

C.

The annual risk assessment.

D.

The audit charter.

Buy Now
Questions 53

Which of the following statements is the most appropriate example of the internal audit activity exercising due professional care during an audit of the payroll department?

Options:

A.

Internal auditors ensure that the work program is appropriately designed in order to identify all of the risks surrounding the payroll process.

B.

Internal auditors determine whether the policies, procedures, and practices of the payroll department are operating in accordance with relevant laws.

C.

Internal auditors verify whether the board of directors has implemented effective internal controls over the processes used by the payroll department.

D.

Internal auditors ask the organization ' s risk manager to determine whether the degree of work planned is sufficient to determine whether payroll payments were complete and accurate.

Buy Now
Questions 54

Which of the following describes the most appropriate match between a potential temporary guest auditor candidate and an upcoming audit assignment?

Options:

A.

A purchasing manager with two years of prior audit experience in public practice to lead a contracts management audit

B.

A communications officer who worked in the marketing department during the last six months to conduct a customer loyalty program audit

C.

A manager of social responsibility who has a nursing background to participate m a health and safety audit for the corporate office and plant facilities

D.

An accounting manager who discovered and reported fraud committed by a payables clerk to conduct a performance audit of accounts payable

Buy Now
Questions 55

According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?

1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.

2. Ability to provide relevant advice and recommendations to management and the board.

3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.

4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.

Options:

A.

1 and 4 only.

B.

1, 2, and 3 only.

C.

1, 2, and 4 only.

D.

2, 3. and 4 only

Buy Now
Questions 56

According to IIA guidance, which of the following would be included in an internal audit charter to help establish the authority of the internal audit activity?

Options:

A.

Outline expectations for communicating the results of all aspects of the internal audit activity.

B.

Declare the internal audit activity’s accountability for safeguarding assets and confidentiality.

C.

Document the chief audit executive’s (CAE ' s) reporting line

D.

Document agreement between the CAE and the individual to whom the CAE reports

Buy Now
Questions 57

A newly hired chief audit executive is reviewing available documentation to provide evidence of conformance with the standard for continuing professional development. Which of the following documents is the most reliable source for this purpose?

Options:

A.

The organization ' s training policy.

B.

A list of auditors who requested to attend the next audit conference.

C.

Self-assessments against an internally developed audit benchmark

D.

In house training manual

Buy Now
Questions 58

Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?

Options:

A.

Fewer internal audits

B.

More effective interviews

C.

Automated risk management strategy tools

D.

Reduced assurance costs

Buy Now
Questions 59

Which of the following is an example of an entity-level control pertaining to the finance area of an organization ' ?

Options:

A.

Key account reconciliation such as bank reconciliation

B.

Segregation of duties between posting and reviewing journal entnes

C.

A signing authority matrix for spending approvals

D.

The establishment of a finance and audit committee

Buy Now
Questions 60

Which of the following is an appropriate role for the internal audit activity?

Options:

A.

Ensuring the organization ' s key risks are managed through appropriate controls.

B.

Assisting the organization in maintaining effective controls.

C.

Implementing new controls to promote continuous improvement.

D.

Validating control assessments performed by the external auditor.

Buy Now
Questions 61

Which of the following would be considered an impairment to an internal auditor ' s objectivity when performing a review of the organization ' s procurement function ' ?

Options:

A.

The internal auditor worked on the implementation of the accounting system within the organization before joining the internal audit activity last year

B.

The internal auditor is part of a multidisciplinary team tasked to assist with a new project implementation checklist within the organization

C.

The internal auditor worked as a sourcing specialist before joining the internal audit activity last year

D.

The internal auditor participates in a cross-departmental team for information and data security within the organization

Buy Now
Questions 62

Which of the following situations undermines the independence of the internal audit activity?

Options:

A.

The internal audit activity is responsible for the company ' s risk management function and its head manager reports to the chief audit executive

B.

A senior member of the internal audit activity once worked in the corporate finance department

C.

The organization ' s CEO reviews the internal audit activity ' s annual budget per the organization’s policies and procedures

D.

The internal audit activity often uses management ' s risk profile to build its own risk profile for annual planning

Buy Now
Questions 63

Which of the following would best preserve the organizational independence of the internal audit activity?

Options:

A.

The internal audit charter is approved by the chief audit executive (CAE).

B.

The CAE reports functionally to the CEO.

C.

The CAE ' s internal audit plan is endorsed by the board.

D.

The chief financial officer determines the appointment of the CAE.

Buy Now
Questions 64

Which of the following would be the best choice for a continuing professional development requirement for a newly created internal audit activity?

Options:

A.

Require all internal auditors to create a training plan based on a competency self-assessment.

B.

Require internal auditors to complete all of their training through webinars, to increase efficiency and avoid traveling

C.

Require all internal auditors to become a member of The Institute of Internal Auditors.

D.

Require internal auditors to create a training plan based on their areas of interest

Buy Now
Questions 65

An internal audit of an organization ' s disbursement department revealed that multiple payments were made to legitimate vendors bearing fraudulent banking information belonging lo employees in the department. These vendors were initially set up with accurate banking information but were subsequently modified by disbursement officers with access to the vendor management system. Which of the following controls would have likely prevented the fraudulent modification of vendors ' banking information?

Options:

A.

Management periodically reviews and verifies the information in the vendor master Tile.

B.

Management ' s approval is required for update to vendors ' banking information.

C.

Management randomly audits a sample of payments to verify the accuracy of vendors ' banking information.

D.

Management ' s approval is required before payments can be processed.

Buy Now
Questions 66

During an assurance engagement, an internal auditor identified that a developer of the organization ' s enterprise resource planning (ERP) system had intentionally modified the production code to commit a fraudulent transaction. Which control activity should be implemented to prevent such issues in the future?

Options:

A.

Segregate duties between code development and migrating changes into production.

B.

Conduct fraud training for the IT team responsible for the ERP system.

C.

Penalize the developer who committed the fraud by terminating employment.

D.

Restrict developers ' access to the ERP system ' s test environment.

Buy Now
Questions 67

According to NA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?

Options:

A.

Developing policies and procedures for the internal audit activity.

B.

Ensuring the internal audit activity is not found fallible during audit engagements.

C.

Undertaking all engagements that management requests of the internal audit activity.

D.

Ensuring the internal audit activity reports functionally to the board of directors.

Buy Now
Questions 68

Which of the following scenarios demonstrates nonconformance with the Standards?

Options:

A.

An internal auditor failed to expand the engagement and include managements preferences when determining the scope of an upcoming assurance engagement.

B.

An internal audit activity lacks the skills need to perform a high-risk security engagement included on the annual audit plan.

C.

A chief audit executive fated to perform a risk assessment prior to preparing the audit plan

D.

An internal audit activity has existed for two years and has not undergone external quality assessment

Buy Now
Questions 69

Which of the following should be part of the internal audit activity ' s duties?

Options:

A.

Actively reporting to the governing body.

B.

Providing risk management frameworks.

C.

Assisting management in developing processes and controls to manage risks and issues.

D.

Identifying and mitigating significant risks to the organization.

Buy Now
Questions 70

Which of the following would provide the best support for internal auditors to meet their continuing professional development requirements?

Options:

A.

Access to online internal audit and business skills courses.

B.

Records of self-assessment reports completed by the internal audit staff.

C.

Cosourcing arrangements with external providers on specific engagements.

D.

Performance reviews comparing internal auditors ' achievements against specified goals.

Buy Now
Questions 71

Which of the following scenarios best demonstrates the application of internal audit proficiency?

Options:

A.

Management requests that the internal audit activity review and provide feedback on its strategic plans for a merger, but the chief audit executive (CAE) declines the engagement due to the team ' s lack of experience with mergers.

B.

A CAE reassigns auditors from other audits to perform testing on all of the fixed asset additions for a period, including amounts below the materiality level stated by external auditors.

C.

Due to the routine and recurring nature of bank branch audits, an audit manager often excludes detailed planning at the beginning of the audit and immediately performs fieldwork.

D.

During fieldwork, an auditor observed a lack of segregation of duties over cash management. The auditor reported this observation to his supervisor, who decided that the area should be examined in a subsequent audit.

Buy Now
Questions 72

Which of the following is most likely to result in the impairment of independence for the internal audit activity?

Options:

A.

The chief audit executive (CAE) has a dual reporting relationship within the organization.

B.

The CAE performs an audit of a functional area that is also under the CAE ' s oversight.

C.

The CAE has unrestricted access to information throughout the organization and to the board.

D.

The board is involved in decisions to hire or remove the CAE and in drafting and approving an internal audit charter.

Buy Now
Questions 73

Which of the following is the best way for an internal auditor to demonstrate due professional care?

Options:

A.

Conduct an audit to the same extent that another prudent auditor would under similar circumstances

B.

Seek feedback from the engagement supervisor during the engagement

C.

Execute internal audit work in such a manner as to provide absolute assurance of compliance

D.

Request and receive client feedback surveys during the engagement

Buy Now
Questions 74

Which of the following is an example of an impairment to an internal auditor ' s independence?

Options:

A.

An internal auditor delays reporting material financial statement audit findings until after his parents sell all of their stock in the company

B.

Following the restructuring of the organization, the internal audit activity now reports functionally to the chief financial officer

C.

A new member of the internal audit activity, who was the accounts payable supervisor for two years, is asked to consult on the implementation of a new accounts payable system

D.

Believing there must be errors in a given balance sheet account the internal auditor decides to expand his testing

Buy Now
Questions 75

According to IIA guidance, which of the following activities are considered a core internal audit role with regard to enterprise risk management?

Reviewing the management of key risks.

Evaluating the reporting of key risks.

Evaluating risk management processes.

Consolidating the reporting of risks.

Options:

A.

1 and 4.

B.

2 and 4.

C.

2, 3, and 4.

D.

1, 2, and 3.

Buy Now
Questions 76

Which of the following is an example of corruption?

Options:

A.

Recognizing revenue up front rather than over a contract’s life to inflate revenue for the current period

B.

Requesting reimbursement for overstated travel and entertainment expense amount

C.

Misstating realized foreign currency transaction gains or losses

D.

Demanding payment from a vendor for decisions made in the vendor’s favor

Buy Now
Questions 77

An internal auditor is providing consulting services on an area he was responsible for three years ago. Part of the consulting scope covers a review of a performance measuring system that the auditor helped to develop. What is the best course of action for the auditor to take concerning the consulting service?

Options:

A.

Accept the consulting services only after receiving approval to do so from the board.

B.

Accept the consulting services. The objectivity won ' t be impaired if it has been more than a year since he last worked in the area under review.

C.

Refrain from providing the consulting service because he was responsible for that area and his objectivity will be impaired,

D.

Disclose the potential impairment to the customer before accepting the consulting engagement

Buy Now
Questions 78

According to the 11A Code of Ethics, which of the following is required with regard to communicating results?

Options:

A.

The internal auditor should present material information to appropriate personnel within the organization without revealing confidential matters that could be detrimental to the organization.

B.

The internal auditor should disclose all material information obtained by the date of the final engagement communication.

C.

The internal auditor should obtain all material information within the established time and budget parameters.

D.

The internal auditor should reveal material facts that could potentially distort the reporting of activities under review.

Buy Now
Questions 79

Which of the following statements is the most appropriate for a chief audit executive to include in the internal audit policy manual in order to promote objectivity?

Options:

A.

Internal auditors may conduct a financial effectiveness engagement in a business unit at any point after being transferred from that area.

B.

Internal auditors may conclude that a business unit ' s current control environment is adequate and effective if the review of the prior year ' s workpapers and audit report supports that conclusion.

C.

Internal auditors may conduct an engagement in a business unit at any point after providing a training workshop in that area.

D.

Internal auditors should limit the scope of an engagement if they become aware of a potential impairment of their objectivity in order to reduce the potential impact of the impairment on the engagement results.

Buy Now
Questions 80

To comply with the proficiency standard which of the following would the chief audit executive likely consider as the primary hiring criterion when choosing a new internal auditor?

Options:

A.

The length and consistency of the auditor ' s work experience

B.

The auditor ' s demonstrated problem-solving skills

C.

The auditor ' s skills compared to those already possessed by other audit staff

D.

The auditor ' s ability to be self motivated and a good team player

Buy Now
Questions 81

When beginning an engagement to assess the effectiveness of the organization ' s newly revamped risk management processes, which of the following should internal auditors review first?

Options:

A.

Key risk disclosures in the annual report.

B.

Existing risk assessment and identification processes.

C.

Organizational strategy and business plans.

D.

Risk mitigation plans and risk responses.

Buy Now
Questions 82

Which of the following practices is generally most effective to protect internal audit objectivity?

Options:

A.

Ensuring regular documentation of auditor skills and experience in the workpapers.

B.

Basing performance evaluations heavily on customer satisfaction surveys.

C.

Prohibiting auditors from accepting gifts from audit clients or potential clients.

D.

Ensuring that auditors have a balance of both operational and internal audit responsibilities.

Buy Now
Questions 83

At a construction company, supervisors are entitled to bonus payments if there are no safety rule violations on their teams. There are several channels available for workers to report accidents and violations, and all reported violations are investigated. Bonus payment calculations are approved by managers and the head of safety. Which of the controls best addresses the risk that supervisors will conceal accidents on their teams in order to receive the bonus?

Options:

A.

The investigation of all reported violations

B.

The authorization process for bonus calculations

C.

The variety of reporting channels

D.

The presence of safety rules

Buy Now
Questions 84

Internal controls belong to which risk response category?

Options:

A.

Reduction.

B.

Avoidance.

C.

Sharing.

D.

Acceptance.

Buy Now
Questions 85

Which of the following controls would best mitigate the risk of fraud in the bidding process?

Options:

A.

Have a bidding committee open the tender bids.

B.

Restrict the time to submit tender bids.

C.

Keep minutes of pre-bid meetings.

D.

Allow the higher tenders to rebid.

Buy Now
Questions 86

Which of the following is the primary benefit of an effective professional development program for internal auditors?

Options:

A.

An effective program may enhance internal auditors ' business acumen

B.

An effective program may ensure that HA Standards requirements are adhered to during audit engagements

C.

An effective program may ensure internal auditors ' effectiveness in setting the organization ' s nsk management process

D.

An effective program may clarify management ' s expectations of the auditors and their responsibilities to the organization

Buy Now
Questions 87

During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management ' s request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?

Options:

A.

Assurance services

B.

Blended services

C.

Consulting services

D.

Prohibited services

Buy Now
Questions 88

Senior management relies on the professional judgment of an internal auditor and uses outcomes of her audit work to make business decisions Which of the following personal qualities displayed by the internal auditor is most likely the foundation for this relationship?

Options:

A.

Integrity

B.

Negotiation skills.

C.

Business acumen

D.

Flexibility

Buy Now
Questions 89

Which of the following statements is true regarding consulting engagements?

Options:

A.

Internal auditors cannot provide consulting services related to operations for which they had previous responsibilities.

B.

The nature of consulting services to be performed by internal auditors must be defined in the internal audit charter

C.

If internal auditors have potential impairments to objectivity related to the proposed consulting engagement, the engagement must be declined.

D.

If internal auditors lack the knowledge, skills, or other competencies needed to perform the consulting engagement, the engagement can proceed with proper disclosures.

Buy Now
Questions 90

According to The IIA ' s Competency Framework, which competency is considered the mandatory minimum for internal auditors to possess when performing internal audit engagements?

Options:

A.

To recognize red flags that indicate fraud.

B.

To recommend controls to prevent fraud.

C.

To apply forensic auditing techniques to detect fraud.

D.

To evaluate the potential for fraud.

Buy Now
Questions 91

According to MA guidance, which of the following is an appropriate role for the internal audit activity?

Options:

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management ' s behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Buy Now
Questions 92

The internal audit activity was denied access to expenditure and budget reports because they were considered to be confidential. This situation would result in which of the following limitations of the internal audit activity?

Options:

A.

Independence

B.

Integrity

C.

objectivity

D.

Authority

Buy Now
Questions 93

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments. The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International

Standards for the Professional Practice of Internal Auditing ( Standards) Which of the following justifies inclusion of this clause in the reports?

Options:

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause

C.

The self-assessment results were validated by a qualified external review team three years prior

D.

The internal audit charter, approved by the audit committee requires conformance with the Standards

Buy Now
Questions 94

An organization ' s fraud policies and procedures dictate that the internal audit activity does not have primary responsibility for conducting fraud investigations and should, in fact, refrain from involvement in investigations. Which of the following activities would be considered acceptable for internal auditors to perform of this organization?

Options:

A.

Evaluate the effectiveness of fraud investigations

B.

Oversee and monitor senior management s approach to manage fraud risks

C.

Set the tone for fraud risk management within an organization

D.

Evaluate whether the financial statements are free of material misstatement due to fraud

Buy Now
Questions 95

The chief audit executive (CAE) decided to conduct a self-assessment with independent validation. Which of the following is the most likely reason the CAE selected this course of action?

Options:

A.

The audit committee requested the self assessment for quality assurance purposes

B.

The staff auditors have the necessary knowledge and experience to conduct the review

C.

The internal audit activity is relatively small in size and is due for an external assessment

D.

The internal audit activity is due for a self-assessment which is specifically required at least once every five years

Buy Now
Questions 96

An internal auditor is trying to evaluate what could go wrong after determining that a risk management technique is operating effectively. What type of risk is the auditor assessing?

Options:

A.

Inherent risk.

B.

Residual risk.

C.

Impact risk.

D.

Detection risk.

Buy Now
Questions 97

A business unit manager was impressed by the competence of the internal auditor who was conducting an assurance engagement in his area and the manager made the auditor an attractive job offer to begin after the audit was completed The auditor later told her auditor in charge that she was considering the offer. Which of the following IIA Code of Ethics principles was most likely violated?

Options:

A.

Integrity

B.

Confidentiality

C.

Objectivity

D.

No violation was committed

Buy Now
Questions 98

Which of the following offers the feast evidence that the internal audit activity has achieved organizational independence?

Options:

A.

An independent third party has assessed the organization ' s system of internal controls to be adequate and effective.

B.

The chief audit executive reports both functionally and administratively to the CEO.

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

Buy Now
Questions 99

Which of the following is true regarding the stakeholder theory of corporate social responsibility?

Options:

A.

An organization has a fiduciary duty to put shareholders ' needs first

B.

Customers ' needs are the primary responsibility of the organization

C.

Competitors are considered stakeholders of the organization

D.

Employees are the organization ' s best assets and primary responsibility

Buy Now
Questions 100

According to IIA guidance, which of the following threats to objectivity is described as familiarity ' ?

Options:

A.

An internal auditor is a close friend or relative of the manager or an employee of the audit client

B.

An internal auditor has a long-term business relationship with the audit client.

C.

An internal auditor has an economic stake in the performance of the organization

D.

An internal auditor is exposed to or perceived to be exposed to pressures from external parties

Buy Now
Questions 101

According to IIA guidance, which of the following is an appropriate role for the internal audit activity?

Options:

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management’s behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Buy Now
Questions 102

According to IIA guidance, which of the following is the strongest indicator of deficiencies in the risk management process?

Options:

A.

The periodic evaluation of risk ratings is primarily dependent on subjective assessments.

B.

Separate evaluations of the risk management process were conducted, but the results were never integrated.

C.

Management ' s primary objective is minimizing changes to the structure and operation of the risk management process.

D.

Many aspects of the related enterprise risk management program are informal and undocumented.

Buy Now
Questions 103

Which of the following statements is true regarding control activities?

Options:

A.

Control activities are carried out by first-line and second-line functions to mitigate risks.

B.

Control activities are implemented by internal auditors to mitigate risks to an acceptable level.

C.

Control activities provide the foundation for the organization to establish its risk appetite.

D.

Control activities are a precondition to setting risk tolerance levels.

Buy Now
Questions 104

Which of the following is an indicator of ineffective third-party risk management?

Options:

A.

Sourcing of third parties does not follow public procurement law.

B.

Violations of service conditions trigger either fines or termination.

C.

Due diligence of third parties is conducted only after contract signing.

D.

The right-to-audit clause is limited by personal data protection regulations.

Buy Now
Questions 105

Which of the following best describes a purpose for the internal audit charter?

Options:

A.

The internal audit charter authorizes the internal audit activity ' s reporting structure and clearly defines the roles of each internal auditor.

B.

The internal audit charter defines the roles and responsibilities of the chief audit executive, board of directors, and senior management.

C.

The internal audit charter authorizes access to records, personnel, and physical properties relevant to the performance of audit engagements.

D.

The internal audit charter defines the criteria by which the internal audit activity ' s performance will be evaluated

Buy Now
Questions 106

An internal auditor has documented several instances in which management asked employees to ad against the policies and procedures. Which of the following is the most appropriate next step?

Options:

A.

Report the non-compliance cases to the board of directors.

B.

Recommend that management update its policies and procedures based on the circumstances.

C.

Investigate the rationale for management ' s actions.

D.

Recommend those employees to report the cases through the designed whistleblowing channel for the appropriate treatment.

Buy Now
Questions 107

With regard to governance, which of the following is a board-level responsibility rather than a management responsibility?

Options:

A.

Obtaining assurance on external financial, regulatory, and internal audits.

B.

Complying with laws, regulations, and codes.

C.

Assigning authority and responsibilities organization wide.

D.

Monitoring and measuring performance.

Buy Now
Questions 108

In which of the following scenarios would the internal auditor’s objectivity be best protected?

Options:

A.

A former human resources manager conducts an effectiveness review of the appointment and termination process six months after transferring to the internal audit activity.

B.

An accounts payable clerk assists the internal auditors during an effectiveness review of the physical access controls to the server room.

C.

An internal auditor writes the system manual for a newly acquired payroll software application prior to conducting an effectiveness review of the system.

D.

An internal auditor conducts an effectiveness review of an organization ' s business continuity plan in which his son is a minority stockholder.

Buy Now
Questions 109

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

Options:

A.

Residual.

B.

Net.

C.

Inherent.

D.

Accepted.

Buy Now
Questions 110

For a new board chair who has not previously served on the organization ' s board, which of the following steps should first be undertaken to ensure effective leadership to the board?

Options:

A.

Chair should learn the current organizational culture of the company.

B.

Chair should learn the current risk management system of the company.

C.

Chair should determine the appropriateness of the current strategic risks.

D.

Chair should gain an understanding of the needs of key stakeholders.

Buy Now
Questions 111

During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids. Which of the following would be the most effective preventative control to reduce these losses?

Options:

A.

Ensure that returned merchandise is restocked to shelves or sent to the manufacturer by an independent employee.

B.

Call a sample of customers who returned merchandise to test the legitimacy of the returns and check refund amounts.

C.

Require that a manager use a reserved register code to approve voids or refunds.

D.

Analyze voids and refunds by employee, credit card number, and amount for unusual numbers, amounts, or patterns.

Buy Now
Questions 112

In which of the following ways can a whistleblower hotline serve as a prevent

Options:

A.

active control? 3

B.

Third parties who operate the hotline ensure anonymity for whistle blowers. D Whistleblower tips help discover wrongdoings and violations of the code of conduct.Potential perpetrators of fraud know that their actions can be reported easily.

C.

Better investigation protocols are triggered by the whistleblower hotline.

Buy Now
Questions 113

Which of the following preventative controls would be most effective for organizations facing business disruptions and respective financial losses?

Options:

A.

Develop a business continuity plan for contingent situations,

B.

Insure the organization against financial losses.

C.

Rely on third-party cloud solution providers for the organization ' s systems.

D.

Hedge company assets via purchasing derivatives.

Buy Now
Questions 114

According to IIA guidance, the internal audit activity must be free from interference in which of the following areas in order to maintain organizational independence?

Options:

A.

Monitoring resources.

B.

Compensating the chief audit executive.

C.

Determining scope.

D.

Allocating internal costs.

Buy Now
Questions 115

An organization’s senior management team is awarding substantial bonuses if employees meet financial targets. Which of the following motivators to potentially commit fraud would become most likely in this scenario?

Options:

A.

Opportunity

B.

Pressure

C.

Rationalization

D.

Justification

Buy Now
Questions 116

Which of the following statements about internal audit consulting engagements is true?

Options:

A.

The primary purpose of a consulting engagement is to assess evidence and provide conclusions.

B.

The internal audit activity determines the nature and scope of work for the specific consulting engagement

C.

Internal auditors may provide consulting services relating to operations for which they had previous responsibilities.

D.

It is not appropriate to communicate control issues identified during consulting engagements to the board

Buy Now
Questions 117

A newly hired internal auditor is performing an engagement that requires significant IT expertise that he does not possess. If the auditor does not alert the chief audit executive about his lack of expertise and decides to perform the engagement anyhow, which principle of the IIA ' s Code of Ethics would he violate?

Options:

A.

Due professional care.

B.

Competency.

C.

Effective communication

D.

Professionalism

Buy Now
Questions 118

When performing an audit of the risk management process an auditor makes the observations listed below. Which poses the greatest risk to the organization?

Options:

A.

The identified risks have not undergone a detailed review to ensure completeness in the past two years.

B.

The controls in place to mitigate the risks are not tested on an annual basis to confirm operating effectiveness.

C.

The process in place to identify and evaluate new risks to the organization is informal and poorly documented.

D.

The identified risks have not been ranked to establish their importance and risk management priority.

Buy Now
Questions 119

Considering the concepts of organization wide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?

Options:

A.

Transaction-level control.

B.

Management-oversight control.

C.

Governance control.

D.

Process-level control.

Buy Now
Questions 120

What is the primary purpose of The IIA ' s Code of Ethics?

Options:

A.

Communicate specific activities appropriate to the performance of internal auditing

B.

Promote ethical culture within corporations and other business organizations

C.

Establish mandatory standards of competence for the practice of internal auditing

D.

Establish principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing

Buy Now
Questions 121

Which of the following situations would cause the greatest concern regarding impairment of internal audit objectivity?

Options:

A.

The eternal auditor reviewed the audit clients proposed procedures and standards of control and offered suggested improvements at the client’s request.

B.

The internal auditor performed nonaudit work for the audit client which was communicated to senior management and the board before the engagement was performed and restated in the audit report

C.

internal auditors accepted limited access to the audit client ' s systems and records m accordance with the scope of the engagement

D.

The internal auditor used his in-depth knowledge of systems development to assist the audit client m designing a new operational system with robust controls.

Buy Now
Questions 122

An internal auditor was completely honest with operational management when delivering unfavorable audit results. Which of the following best describes the IIA Code of Ethics principle that the auditor demonstrated?

Options:

A.

Integrity

B.

Objectivity

C.

Competency

D.

Transparency

Buy Now
Questions 123

Senior management purchased surveillance cameras and installed them over a door that provides entry to an area where according to a recent internal audit report, hazardous materials exist and there is a high risk of explosion Which type of control was implemented in this situation?

Options:

A.

A corrective control

B.

A detective control

C.

A preventive control

D.

A directive control

Buy Now
Questions 124

Which of the following actions best demonstrates an internal auditor exercising due professional care?

Options:

A.

Testing an entire population, even when a sample would suffice

B.

Using technology and data analysis techniques for efficiency

C.

Enhancing knowledge, skills, and other competencies through professional development

D.

Establishing audit objectives, performing audit tests, and implementing missing controls

Buy Now
Questions 125

While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company ' s engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?

Options:

A.

Include the engineering department on the audit plan, use the available internal audit resources to conduct the review, and exclude procedures that cannot be adequately assessed.

B.

Advise management to accept the assessed risk until the internal auditors are able to review the area adequately.

C.

Recruit internal auditors with the required competencies and wait until they are employed before including this audit on the internal audit plan.

D.

Proceed with a review of the engineering department but supplement the internal audit team with nonauditors from an external engineering company who have the required skills to assist

Buy Now
Questions 126

Due to extreme liquid fuel price fluctuations, management decided to designate a specific price below which liquid fuel shall not be sold to customers, but instead shall be pumped into storage tanks. Which of the following risk responses has management selected?

Options:

A.

Risk reduction.

B.

Risk transfer.

C.

Risk acceptance.

D.

Risk avoidance.

Buy Now
Questions 127

An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment. According to the Standards, which of the following would the auditor include in the risk register?

Options:

A.

Management’s acceptance of inadequate controls for cybersecurity risk.

B.

Discussions with senior management relating to a new revenue stream.

C.

Mitigating controls implemented by the engagement supervisor

D.

Project manager planned hours versus time spent for all prior year projects

Buy Now
Questions 128

In an internal audit charter, which of the following statements regarding the chief audit executive (CAE) would be most directly related to describing the responsibilities of the internal audit activity*?

Options:

A.

The CAE shall report functionally to the board and administratively to the chief financial officer

B.

The CAE and the Internal audit activity shall have full access to any and all records and personnel of the organization that are relevant to audit engagements

C.

The CAE and the internal audit activity shall be independent and objective in performing their work.

D.

The CAE shall report periodically on the performance of the internal audit activity relative to its plan

Buy Now
Questions 129

The chief audit executive (CAE) annually develops a budget and resource plan and submits it to the board for approval. This action best fulfills which of the following responsibilities of the CAE?

Options:

A.

The responsibility to maintain organizational independence.

B.

The responsibility to perform engagements with due professional care.

C.

The responsibility to communicate corrective action plans to the board.

D.

The responsibility to define the purpose of the internal audit activity.

Buy Now
Questions 130

Which of the following is a primary responsibility of senior management with respect to ethical violations?

Options:

A.

Senior management provides oversight for the organization ' s ethical climate.

B.

Senior management promotes an ethical culture in the organization.

C.

Senior management assesses the effectiveness of the organization’s ethical programs.

D.

Senior management reviews major ethical policies in the organization for compliance

Buy Now
Questions 131

How do assurance services and consulting services differ?

Options:

A.

There is less variety of consulting services that an internal audit activity might provide compared to assurance services

B.

Assurance services are limited to financial events or actions, and consulting services are not limited in this way

C.

Consulting services do not have to be included in the internal audit charter

D.

Other employees in an organization can provide consulting services but only an internal audit activity can provide assurance services

Buy Now
Questions 132

Which of the following scenarios would cause a chief audit executive (CAE) to immediately discontinue using any statements that would indicate conformance with the Standards in an audit report?

Options:

A.

The internal audit activity used a risk-based approach to create the internal audit plan.

B.

The engagement supervisor considered requests from senior management regarding engagements to include in the internal audit plan.

C.

The CAE only accepted engagements that the internal audit activity collectively had the knowledge to perform.

D.

The area under review restricted the internal audit activity ' s ability to access records, impacting the audit results.

Buy Now
Questions 133

Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?

Options:

A.

Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions.

B.

The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff.

C.

Security cameras that monitor cash handling at the register are not functioning.

D.

The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff

Buy Now
Questions 134

Which of the following is an advantage of using nongovernmental organization (NGO) members on an assurance team when auditing corporate social responsibility?

Options:

A.

Typically less time is needed to train the NGO members on the audit process.

B.

NGO members are often more unbiased and objective

C.

A report with a positive statement from an NGO member is deemed to be more credible. As opposed to auditors.

D.

NGO members are licensed to audit corporate social responsibility.

Buy Now
Questions 135

Which of the following best describes the risk contained in an initial public offering for a new stock?

Options:

A.

Residual risk.

B.

Net risk.

C.

Inherent risk.

D.

Underlying risk.

Buy Now
Questions 136

Which of the following situations would best indicate to the chief audit executive that one of the audit team members is struggling with application of due professional care?

Options:

A.

The engagement supervisor requests that an auditor carry out improvements to workpapers to address numerous problems: evidence is missing, references are incorrect, and conclusions are superfluous

B.

Audit work was completed m accordance with the established goals; however, a material misstatement was later uncovered in the audited area by another assurance provider.

C.

According to the audit report, several control failures occurred due to irresponsible behavior of local management, who was consequently deprived of bonuses and wrote a negative feedback to the auditor

D.

The delivery of audit results was several weeks late because the internal auditor had to spend additional time trying to understand the nature of certain transactions with derivation.

Buy Now
Questions 137

A global manufacturing company has three regional offices. The chief audit executive (CAE) is concerned about the cost of an upcoming external quality assessment of the internal audit activity. The last external assessment was performed six years ago. Recently, the internal audit staff at one of the regional offices performed an internal assessment. To ensure conformance with the Standards, what is the most appropriate action for the CAE to take?

Options:

A.

Request from the audit committee an additional budget and an extension so that the external assessment could be performed next year.

B.

Review the results of the internal assessment, identify weaknesses, and implement improvements at the remaining offices.

C.

Request the regional office that performed the internal assessment to perform an assessment of the remaining offices.

D.

Request that an external assessor validate the results of the internal assessment and review the remaining offices.

Buy Now
Questions 138

An internal auditor creates a professional development plan to obtain more experience in the organization ' s environmental, social, and corporate governance initiatives. Which of the following would the auditor include in the plan to support these objectives?

Options:

A.

A plan to study for and obtain a certification in nonprofit management.

B.

A deadline within the individual development plan to meet the overall engagement objectives.

C.

A plan to perform a variety of engagements to develop general skills that could be used to assess environmental, social, and governance initiatives.

D.

A request to attend the organization ' s committee meeting that is focused on strategic community awareness.

Buy Now
Questions 139

An internal auditor is reviewing employee travel expenses from the previous six months for fraud. Which of the following tests would best detect instances where personal travel has been claimed?

Options:

A.

Verifying whether claims have been properly authorized for payment.

B.

Verifying whether claims are properly supported by invoices or other documents.

C.

Confirming that all claims are within the limits of the organization ' s travel policy.

D.

Reconciling claims against business trip requests that were approved by supervisors.

Buy Now
Questions 140

According to IIA guidance, a new internal auditor is expected to possess which of the following competencies?

Options:

A.

Technical industry-specific expertise.

B.

Expertise in cybersecurity, an area of increasing risk.

C.

Knowledge of IT risks and controls.

D.

Knowledge of forensic accounting.

Buy Now
Questions 141

Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?

Options:

A.

Describe data analytics and the application of data analytics methods in internal auditing.

B.

Apply data analytics methods in internal auditing.

C.

Evaluate the use of data analytics in an internal audit.

D.

Understand the definition of data analytics only.

Buy Now
Questions 142

Which of the following represents an example of an ethical issue that the organization should address ' ?

Options:

A.

An employee discovered that there is no personal protective equipment at a temporary construction site

B.

An employee saw that a group of other employees were smoking in close proximity to petrol distribution tanks

C.

A supervisor insists that an employee complete time sheets regularly

D.

An employee received concert tickets from a vendor and asked whether she could keep them

Buy Now
Questions 143

A manufacturer of power tools is experiencing regular fluctuations in the price of electrical power which is having a serious impact on the bottom line. Which of the following would be the most effective risk strategy to reduce the impact of these fluctuations?

Options:

A.

Use an average cost for power to smooth the bottom line.

B.

Analyze the amount of power used to produce each power tool.

C.

Review the current process to identify opportunities to reduce power usage.

D.

Use a forward contract for bulk power purchases

Buy Now
Questions 144

Which of the following procedures will best help an internal auditor assess operating effectiveness of fraud prevention and detection controls?

Options:

A.

Benchmarking best practices

B.

Testing,

C.

Mapping,

D.

Interviewing

Buy Now
Questions 145

According to NA guidance which of the following should be documented in the internal audit chatter?

Options:

A.

The risk assessment process applied by the internal audit activity

B.

The organization ' s internal control framework used by the internal audit activity

C.

The nature of consulting services provided by the internal audit activity

D.

The performance evaluation process used by the internal audit activity

Buy Now
Questions 146

An internal auditor in a busy internal audit activity reviews her continuing professional development records toward the end of the year and is concerned to find she has undertaken limited training and formal professional development. Which of the following actions is the most appropriate for her to take?

Options:

A.

Remind the chief audit executive (CAE) that he is responsible for her continuing professional development and needs to address the issue

B.

Contact her professional organization and explain that she does not need formal professional development, as she is being developed sufficiently through undertaking audit engagements.

C.

Accept that she is unlikely to meet continuing professional development requirements but look to attend training courses at the next available time.

D.

Accept that she is responsible for her own continuing professional development, develop a professional plan, and discuss it with the CAE.

Buy Now
Questions 147

For a high-risk observation, which is the best approach to follow when management takes an aggressive, uncompromising position in opposition to the internal audit activity?

Options:

A.

The parties should work together to develop a mutually beneficial solution.

B.

The internal audit activity should share the observation with other business units to get their opinions.

C.

The internal audit activity should discuss with senior management, and if still not resolved, discuss with the board.

D.

The internal audit activity should accommodate management ' s position, since the relationship is more important than the fight.

Buy Now
Questions 148

A new chief audit executive realized that the internal audit charter has not been updated in five years and only includes the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, and the Standards. What mandatory component is missing?

Options:

A.

Statement of Independence.

B.

Operating Procedures of Internal Auditing.

C.

Definition of Internal Auditing.

D.

Attestation of Quality Assurance.

Buy Now
Questions 149

According to MA guidance, which of the following statements is true regarding internal auditors ' use of technology-based techniques?

Options:

A.

Auditors must consider using technology if it advances the engagement, even when implementation costs exceed the benefits.

B.

Auditors must considering using technology to reduce the organization ' s risk by detecting all instances of fraud.

C.

Auditors must consider using technology only when the Implementation cost does not exceed benefits.

D.

Auditors must consider using technology in a variety of engagements to ensure that their work is substantiated and infallible.

Buy Now
Questions 150

A global organization established a new internal audit activity and the recently hired chief audit executive needs to develop an internal audit manual for internal auditors Among the following policies in the manual, which would facilitate internal auditors in upholding their objectivity?

Options:

A.

Internal auditors shall attend professional workshops to refresh internal audit norms and concepts

B.

Internal auditors ' performance is synchronized with satisfaction ratings given by audit clients

C.

Internal auditors take prior audit results into account when conducting current audit engagements

D.

Internal auditors observe the audit client’s expectations when scoping audit engagements

Buy Now
Questions 151

An internal auditor in a newly established internal audit activity identifies many control weaknesses and raises a number of high-priority recommendations in her first few audit engagements. The internal auditor is concerned that there seems to be a poor understanding by management of risk and control. Which of the following is the most likely reason for this?

Options:

A.

Poor performance by individual operational managers in the areas audited.

B.

Unrealistic expectations by the internal audit activity on the quality of risk management and control.

C.

A lack of an effective organizational framework for risk management and control.

D.

A failure by the internal audit activity to identify and manage the organization ' s risks.

Buy Now
Questions 152

Which of the following situations presents the lowest risk of impairing an internal audit activity ' s independence?

Options:

A.

Senior management has the authority to terminate the chief audit executive

B.

Senior management has control over the internal audit activity ' s budget

C.

Senior management provides feedback on the scope of the internal audit plan.

D.

Senior management limits the internal audit activity ' s access to the board

Buy Now
Questions 153

Which of the following controls would most likely prevent fraud related to the overpayment of vendors?

Options:

A.

Require supervisory review of all invoices and cash disbursements exceeding a stated threshold.

B.

Require the matching of a purchase order, receiving report, and invoice before payment.

C.

Require all checks to be signed by more than one person.

D.

Require all invoices to be paid within 30 days by check only.

Buy Now
Questions 154

IT management requires all employees in the IT department to attend annual training on the department’s mission values and key performance measures This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge’s kills gap

B.

Monitoring gap

C.

Accountability/reward failure

D.

Communication failure

Buy Now
Questions 155

Which of the following best demonstrates that an internal auditor is applying due professional care when planning an assurance engagement?

Options:

A.

Assessing the risk of noncompliance with laws and regulations

B.

Following the policies as prescribed by the internal audit manual.

C.

Advising management of the area under review on how to mitigate internal control risks.

D.

Conducting the engagement on the presupposition that fraud exists.

Buy Now
Questions 156

Which of the following parties would be responsible for ongoing monitoring of the organization ' s corporate social responsibility activities to reduce its carbon footprint?

Options:

A.

Chief audit executive

B.

Facility operation manager

C.

Public relations manager

D.

Regulatory agency

Buy Now
Questions 157

According to IIA guidance, which of the following actions by a new chief audit executive would be most appropriate to gain an understanding of the current level of knowledge, skills, and competencies required by an internal audit activity to fulfill its responsibilities?

Options:

A.

Identify gaps in the activity’s proficiency, based on criteria defined by a widely accepted competency framework.

B.

Have a quality assessment review performed by an expert external entity.

C.

Identify a mature internal audit activity to serve as a benchmark for measuring the internal audit activity’s competence.

D.

Assess whether members of the internal audit activity understand and apply the 11As mandatory guidance.

Buy Now
Questions 158

Which of the following is most likely to impair the organizational independence of the internal audit activity?

Options:

A.

The chief audit executive (CAE) reports administratively to the chief financial officer.

B.

The CAE oversees the effectiveness of the organization’s risk management function.

C.

The CAE reports functionally to the CEO.

D.

The CAE managed the finance department for the past five years.

Buy Now
Questions 159

Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

Options:

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud.

C.

Interrogating a suspected fraudster

D.

Completing a process review to improve controls to prevent fraud

Buy Now
Questions 160

Which of the following situations is most likely to threaten the independence of the internal audit activity?

Options:

A.

The chief audit executive reports functionally to the board and administratively to the CEO.

B.

The annual budget for the internal audit activity is approved by the chief financial officer.

C.

The internal audit activity is completely outsourced to an external service provider.

D.

The internal audit manager provides consulting services to the procurement department, where she worked during the prior year.

Buy Now
Questions 161

Which of the following controls would be most useful to prevent an employee from using the organization ' s funds for inappropriate expenditures and falsifying financial records to conceal the fraud?

Options:

A.

Segregating duties in the payroll processes.

B.

Confirming receipt of goods or services.

C.

Performing background checks on newly hired employees.

D.

Requiring management approval for expenses.

Buy Now
Questions 162

According to IIA guidance, which of the following is required of an internal audit activity?

Options:

A.

The internal audit activity should refrain from conducting an assurance engagement for which it lacks the necessary competencies or skills

B.

The chief audit executive must decline a consulting engagement or obtain competent advice and assistance if internal auditors lack the necessary competencies or skills

C.

The audit committee should ensure that the internal audit activity continuously improves its knowledge and skills in order to fulfill its responsibilities

D.

In today ' s business climate which is dominated by technology and big data, it is imperative that each staff internal auditor has detailed knowledge about IT risks and technology-based audit techniques

Buy Now
Questions 163

The same internal auditor has audited the regional purchasing department annually for the last three years. The audits have shown several significant control deficiencies that have not been corrected by management. New management is in charge of this regional purchasing department, and it is time to audit the department again. What concerns should be considered prior to assigning the audit to the same auditor?

Options:

A.

Intimidation threats may compromise the auditor ' s objectivity due to multiple negative audit reports completed by the auditor.

B.

The auditor has reviewed the department annually for the last three years, leading to familiarity, which can impact the internal audit activity ' s independence.

C.

A negative cognitive bias may be in place that affects the employee ' s objectivity due to the recent audits with uncorrected control deficiencies.

D.

The auditor may have formed a cultural bias, as the department under review is in the auditor ' s geographic area.

Buy Now
Questions 164

Outsourcing a business activity is considered which of the following risk management techniques?

Options:

A.

Sharing a risk.

B.

Avoiding a risk.

C.

Reducing a risk.

D.

Mitigating a risk

Buy Now
Questions 165

A third-party provider ' s questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization ' s risk management practices was most likely ineffective?

Options:

A.

The organization ensured that the third-party vendor provided the best pricing for the requested services.

B.

The organization conducted quality control reviews of provided services to ensure industry standards were met.

C.

The organization performed a due diligence review of all vendors during the bid review process.

D.

The organization planned to issue a resolution concerning the third-party provider ' s labor practices.

Buy Now
Questions 166

According to IIA guidance, which of the following conditions would enhance the independence of the internal audit activity?

Options:

A.

The organizational culture rewards critical and objective thinking.

B.

The quality of work performed by the internal audit activity is periodically reviewed.

C.

The organization establishes effective governing body oversight.

D.

Audit assignments are rotated among internal audit staff.

Buy Now
Questions 167

When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports?

1. Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.

2. Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management

reporting and the negative consequences of intentional misreporting.

3. Setting up a hotline for employees to report fraudulent behavior anonymously,

4. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.

Options:

A.

1 and 2 only.

B.

2 and 3 only.

C.

2 and 4 only.

D.

3 and 4 only

Buy Now
Questions 168

Which of the following statements is true regarding corporate social responsibility (CSR)?

Options:

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan

B.

Despite significant corporate resources spent on CSR reporting investors generally do not rely on CSR information

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary

D.

Typically operating management does not have a major role to play based on the public nature of reporting

Buy Now
Questions 169

An internal auditor notes that inventory counts are conducted on Mondays only and that all documentation is on paper as there are no computers in the underground warehouses. Also she notices that the person responsible for receiving the goods is the same one who distributes materials and spare parts Finally, she sees that spare parts are written off and taken by the heads of mining units to different underground locations to wait for their turn to be installed. Which of the described findings requires more consideration from a fraud risk perspective?

Options:

A.

The job responsibilities of the warehouse employee compromise segregation of duties

B.

Spare parts are written off before their actual usage and installation

C.

Warehouse management is conducted on paper and requires further investigation

D.

The inventory counts take place on specific days of the week for no apparent reason

Buy Now
Questions 170

In which of the following audits would the internal auditors most likely contribute to the assessment of organizational governance?

Options:

A.

An assessment of compliance of individual data protection procedures with data protection regulations

B.

An assessment of profit and loss generated by financial assets and instruments in the past quarter

C.

An assessment of the effectiveness of back-up procedures and execution of business recovery plans

D.

An assessment of performance management practices and establishment of key performance indicators

Buy Now
Questions 171

Who is responsible for ensuring internal auditors’ continuing professional development?

Options:

A.

Individual internal auditors.

B.

Chief audit executive.

C.

The board.

D.

Engagement supervisors.

Buy Now
Questions 172

Which of the following would be considered a violation of The HAfs mandatory guidance on independence?

Options:

A.

The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer.

B.

The board seeks senior management ' s recommendation before approving the annual salary adjustment of the CAE.

C.

The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity,

D.

The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline

Buy Now
Questions 173

Which of the following would be most helpful to measure whether an internal audit activity successfully provides risk-based assurance?

Options:

A.

Percentage of highly significant risks covered by internal audit plan.

B.

Percentage of previously unknown risks identified per engagement.

C.

Percentage of internal audit staff skilled in alignment with the organization ' s structure and key risks.

D.

Percentage of observations made in assurance engagements compared to advisory engagements.

Buy Now
Questions 174

After the draft engagement report is issued, the manager of the area that was reviewed is informally interviewed by the engagement supervisor regarding the audit experience. Which of the following is most likely the purpose for this interview?

Options:

A.

Such an interview is performed when there is a need to dismiss an internal auditor

B.

Feedback from the manager will contribute to the audit team ' s professional development

C.

The manager ' s opinion will be used to form the final audit assessment and report rating.

D.

The manager will provide insights into the audited industry ' s trends

Buy Now
Questions 175

Which of the following statements best demonstrates application of due professional care during an assurance engagement?

Options:

A.

The engagement detected irregularities and noncompliance instances.

B.

The engagement supervisor had no significant comments in the supervisory review.

C.

The audit procedures were systematically planned, executed, and documented.

D.

The engagement objectives were designed to assist the engagement client.

Buy Now
Questions 176

Which of the following scenarios best illustrates due professional care?

Options:

A.

An internal auditor who previously worked in the payroll department within the last year was intentionally excluded by the chief audit executive from the audit team assigned to a payroll audit

B.

While performing a payroll audit an auditor became skeptical about significant payments made to a manager. The auditor sought to determine whether these payments were reasonable through discussion with a manager in a different department in the organization

C.

The head of the payroll department being audited is a business partner of the engagement supervisor During the audit the engagement supervisor sought to maintain his objectivity by not participating in fieldwork

D.

An auditor assigned to a payroll audit was unable to reperform some complex payroll computations for a small number of employees The sum of these payments was below the materiality thresholds provided so the auditor did not perform further tests

Buy Now
Questions 177

The internal auditor obtained large volumes of transaction history data for accounts on which he suspected that some fraudulent transactions occurred. Which of the following actions best demonstrates due professional care by the internal auditor?

Options:

A.

The internal auditor carefully scrutinized the data by manually reviewing each transaction to ensure that all irregularities were identified.

B.

The internal auditor employed the use of data analytics tools to sort, analyze, and detect anomalies in the data

C.

The internal auditor started the data analysis process by selecting a random sample of transactions on which to perform further tests.

D.

The internal auditor requested that the branch supervisor assist in identifying fraudulent transactions, as he was most familiar with the accounts being audited.

Buy Now
Questions 178

Which of the following best describes the type of organizational culture known as adaptability culture ' ?

Options:

A.

A results-oriented culture that values competitiveness and personal initiative

B.

A culture that emerges in quick-response and high-risk decision-making environments

C.

A culture that is characterized by low involvement with environmental and health issues

D.

A culture that places high value on participation and meeting the needs of employees.

Buy Now
Questions 179

What is the primary purpose of The IIA ' s Code of Ethics?

Options:

A.

Communicate specific activities appropriate to the performance of internal auditing.

B.

Promote ethical culture within corporations and other business organizations.

C.

Establish mandatory standards of competence for the practice of internal auditing.

D.

Establish principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing.

Buy Now
Questions 180

An internal auditor extended the scope of testing for a disbursements engagement following a fraud risk assessment Despite the investment of additional audit resources no significant issues were found Unfortunately a major payment fraud was discovered several

months later According to IIA guidance which of the following statements is true regarding the internal auditor ' s application of due professional care?

Options:

A.

Due professional care was not applied because no additional work should have been performed unless there was actual evidence of fraud

B.

Due professional care was not applied because the extended scope resulted in no issues being identified, while fraud actually existed

C.

Due professional care was applied as the internal auditor modified the scope based on reasonable judgment, despite the additional cost of resources

D.

Due professional care was applied as the cost of audit resources should not be a determining factor in the degree of testing undertaken

Buy Now
Questions 181

According to IIA guidance, which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

Options:

A.

Internal assessments rely solely on the review of completed audit engagements for demonstrated performance.

B.

The chief audit executive is responsible for assessing the suitability and competence of an external assessor.

C.

QAIP results must first be discussed with the board and approval obtained for distribution to senior management.

D.

At the board ' s discretion, the frequency of external assessments can exceed the five-year guideline.

Buy Now
Questions 182

In which of the following situations would the organizational independence of an internal audit activity be impaired?

Options:

A.

The chief audit executive reports administratively to the CEO.

B.

Scope limitations are imposed on internal audits.

C.

The internal audit activity provides assurance services for an activity for which the engagement supervisor had responsibility within the previous year.

D.

The compensation committee of the board approves the remuneration of the chief audit executive.

Buy Now
Questions 183

Which of the following options describes the reason that conformance with The IIA ' s Code of Ethics is mandatory for internal auditors?

Options:

A.

Ethical compliance provides the basis for stakeholder confidence in the competence of the internal audit activity and of professional internal auditors.

B.

Ethical compliance is necessary for internal auditors and the internal audit activity to accept responsibility for providing g absolute assurance about the organization ' s risk management.

C.

Ethical compliance provides the basis for stakeholder trust and confidence in the validity of the profession of internal auditing and the internal audit activity ' s findings.

D.

The internal audit activity ' s ethical compliance sets the tone for the ethical compliance by the organization ' s board, management, and employees.

Buy Now
Questions 184

The internal audit activity conducted an organization wide risk assessment. One of the most significant risks identified is associated with the oil price market. The chief audit executive (CAE) is considering including in the annual audit plan an assessment of the effectiveness of oil price risk management. The manager responsible commented that the assessment was not needed, as market risks were regularly addressed by the financial risk committee. If the CAE decides to include this activity in the annual audit plan anyway, how should it be recorded?

Options:

A.

A consulting engagement independent of the financial risk committee ' s review.

B.

A risk assessment.

C.

An assurance engagement.

D.

A joint consulting engagement with input from the financial risk committee.

Buy Now
Questions 185

A chief audit executive (CAE) is concerned that the internal audit activity is not receiving adequate training and continuing education. Which of the following approaches should the CAE take?

Options:

A.

Implement a uniform professional development plan for the internal audit activity.

B.

Create a formal development agreement with each individual staff auditor.

C.

Require each internal auditor to obtain the same professional certifications.

D.

Require training and developmental activities that are sponsored by The HA.

Buy Now
Questions 186

A chief audit executive (CAE) has no direct access to the board. According to IIA guidance, which of the following is the most appropriate way for the CAE to react?

Options:

A.

Ensure all subsequent audit reports include a disclaimer as to the lack of access to the board,

B.

Focus on operational audit work and disregard lack of direct access to the members of the board.

C.

Initiate changes to the internal audit charter to report to senior management for the time being,

D.

Engage in written communications with the board and present relevant issues in writing

Buy Now
Questions 187

Which of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

Options:

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system.

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed in the last year.

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistleblower hotline.

Buy Now
Questions 188

Which of the following is an example of a directive control?

Options:

A.

Segregation of duties.

B.

Exception reports.

C.

Training programs.

D.

Supervisory review.

Buy Now
Questions 189

Which of the following specifications in an internal audit charter is the most important factor in the internal audit activity’s independence?

Options:

A.

Description of internal audit activity ' s responsibilities

B.

Definition of internal auditing

C.

Statement of internal audit activity ' s authority

D.

Description of internal audit activity ' s reporting structure

Buy Now
Questions 190

Which of the following would most likely be classified as a consulting engagement?

Options:

A.

Examining the internal control effectiveness of the marketing department

B.

Assessing the adequacy of the IT system ' s business process design

C.

Facilitating a self assessment of the organizations business risk and control identification

D.

Reviewing the application controls in the human resources system

Buy Now
Questions 191

Which of the following would a chief audit executive most likely use to identify a need for improvement in a staff internal auditor ' s business acumen?

Options:

A.

A quality assessment review.

B.

An internal audit client survey.

C.

A control self-assessment.

D.

A peer review of the internal audit activity.

Buy Now
Questions 192

Which of the following statements is true regarding management ' s use of judgement to design, implement, and conduct internal control?

Options:

A.

The use of judgment enhances management ' s ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.

Introducing judgment generally diminishes management ' s ability to make good decisions about internal control.

C.

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

Buy Now
Questions 193

Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?

Options:

A.

Evaluating and suggesting improvements to the risk management process.

B.

Establishing the organization ' s risk appetite.

C.

Determining whether the risk attitude is aligned with shareholder interests.

D.

Ensuring an adequate risk management system is in place.

Buy Now
Questions 194

Wi ch of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

Options:

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed the last year

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistieblower hotline.

Buy Now
Questions 195

Which of the following is an example of risk monitoring to ensure a system is performing as intended?

Options:

A.

Checking the progress of risk treatment plans

B.

Considering the consequence and likelihood of risks

C.

Documenting the risks and their areas of impact

D.

Communicating to management about risks

Buy Now
Questions 196

Which of the following scenarios depicts an appropriate role for the internal audit activity to take regarding an organization ' s risk management process?

Options:

A.

Internal audit designs and implements the organization ' s controls to help manage risk.

B.

Internal audit sets the organization ' s risk tolerance and promotes awareness throughout the organization.

C.

Internal audit assesses whether the organization ' s risk management processes are effective.

D.

Internal audit is responsible for safeguarding the organization ' s assets and preventing loss from occurring.

Buy Now
Questions 197

What is the best course of action when the internal audit activity does not have the knowledge necessary to perform a planned audit of the organization ' s new IT data backup process?

Options:

A.

Postpone the audit engagement to a later date.

B.

Recruit and hire a full-time staff auditor who is proficient in data backup processes.

C.

Change the plan from an assurance engagement to a consulting engagement.

D.

Provide data backup training to the engagement supervisor.

Buy Now
Questions 198

With regard to IT governance, which of the following is the most effective and appropriate role for the internal audit activity?

Options:

A.

Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization ' s risk appetite.

B.

Evaluate the organization’s governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization’s risk appetite.

C.

Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.

D.

Assess whether governance activities are aligned with the organization ' s risk appetite and take into consideration emerging risks

Buy Now
Questions 199

Which of the following is most accurate concerning corporate social responsibility?

Options:

A.

A moral agent in an organization makes decisions that are based on the rules and regulations of the organization as they apply to human resources decisions

B.

The utilitarian approaching deciding on ethical dilemmas is concerned with choosing the simplest solution that will apply to the most people

C.

Ethics are not defined by laws but they are not a matter of free choice ethics are based on standards of conduct derived from shared principles and values

D.

The individualism approach to ethical decision making is focused on implementing a customized long-term outcome that is most beneficial for the entire organization

Buy Now
Questions 200

A new chief audit executive wants to develop a formal internal control framework for her organization. She uses globally accepted frameworks as a guide. Which of the following would she likely find critical in creating the new framework for her organization?

Options:

A.

Independent assessments.

B.

Continuous monitoring.

C.

Business continuity and backups.

D.

Organization wide objectives.

Buy Now
Questions 201

Which of the following statements is true regarding control activities ' ?

Options:

A.

Control activities are defined by management through risk mitigation strategies

B.

Control activities should be defined for all business processes

C.

If two organizations have identical objectives and structures their control activities would be the same

D.

Organizations that are less regulated generally have more complex control activities than highly regulated organizations

Buy Now
Questions 202

During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as he are earning a significantly higher salary. The auditor noted the names and amounts of each, and he planned to prepare a request to the chief audit executive for a salary increase based on this information. Which of the following IIA Code of Ethics principles was violated in this scenario?

Options:

A.

Competency.

B.

Objectivity,

C.

Integrity.

D.

Confidentiality

Buy Now
Questions 203

Which of the following activities best ensures that internal auditors grow professionally in alignment with current industry trends to meet the expectations of primary stakeholders?

Options:

A.

Deploying self-assessments against a competency benchmark.

B.

Acquiring memberships in professional organizations.

C.

Developing professional succession plans.

D.

Obtaining subscriptions to professional journals in their area of interest.

Buy Now
Questions 204

Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?

Options:

A.

The risk of collusion between parties.

B.

The risk of falsified reconciliations.

C.

The risk of low-liquidity inventory.

D.

The risk of damages to the inventory.

Buy Now
Questions 205

Which of the following should be considered in developing a risk and control model for use in an engagement?

Options:

A.

The risk and control model should be globally accepted by the profession.

B.

The risk and control model should be strictly adhered to in performing the engagement.

C.

The risk and control model should be tailored to the organization that will be the subject of the engagement.

D.

The risk and control model should be developed individually by the auditor for use on individual audit projects within the planned engagement.

Buy Now
Questions 206

A technology company recently hired an entry-level internal auditor. To achieve conformance with the Standards, which of the following must the newly hired internal auditor possess?

Options:

A.

An understanding of fraud and fraud risk.

B.

IT audit expertise.

C.

Industry-specific knowledge

D.

At least one audit-related certification

Buy Now
Questions 207

According to IIA guidance, which of the following training methods is considered most effective in assisting new entry-level internal auditors in achieving competence with internal audit practices in the workplace?

Options:

A.

Pursuance of an internal audit certification.

B.

Enrollment in internal audit practice webinars.

C.

Attendance of internal audit workshops.

D.

Involvement in a variety of audit assignments.

Buy Now
Questions 208

Which of the following would best serve to deter unethical behavior and encourage internal auditors to be objective in their work?

Options:

A.

A requirement that internal auditors undergo objectivity training periodically

B.

Periodic communications reminding internal auditors of Standards requirements

C.

A review of the final audit report by the audit committee

D.

Ongoing monitoring and periodic internal quality assessments

Buy Now
Questions 209

An internal audit team analyzed the organization ' s value-at-risk model during an assurance engagement and suggested several useful improvements. Management was impressed by the internal audit team’s work and requested additional actions. Which of the following requested actions would impact internal audit independence most severely if fulfilled?

Options:

A.

Assess the effectiveness of the model at least semi-annually.

B.

Modify model inputs and suggest courses of action based on outcomes.

C.

Employ acquired experience to test other models used by the company.

D.

Validate whether model outputs serve the purpose stated by the model.

Buy Now
Questions 210

Which of the following describes two duties that should not be performed by the same person?

Options:

A.

Posting cash receipts and cash payments to the general ledger.

B.

Posting bad debt write-offs and reconciling the accounts payable subsidiary ledger.

C.

Distributing payroll checks and approving sales returns for credit.

D.

Recording cash receipts and preparing bank reconciliations.

Buy Now
Questions 211

Which of the following statements is most likely to be true regarding a consulting engagement involving an organization ' s new payroll system?

Options:

A.

The internal auditor and engagement client established an understanding that the scope would include the new payroll system project.

B.

The payroll system engagement was scheduled as a result of internal audit ' s risk-based annual planning process.

C.

The internal auditor concluded that the engagement objectives would include assessing the effectiveness of the payroll process controls.

D.

The internal auditor acknowledged the engagement client’s satisfactory performance in the final engagement results that were communicated to senior management and the board.

Buy Now
Questions 212

Recently an organization’s internal audit activity discovered ghost employees who receive payments Senior management decides to strengthen the internal control measures to address this Which of the following is considered an effective control to mitigate payments to ghost employees?

Options:

A.

Staff transfers are reviewed by the recruiting manager and approved by the head of human resources

B.

New staff requisition forms are authorized by operational management and acknowledged by the head of human resources

C.

Staff salary payments and accounting records are approved by the head of accounting and acknowledged by the head of human resources

D.

The staff salary payment list is reviewed by the head of payroll and endorsed by the head of human resources

Buy Now
Questions 213

Which of the following statements is true regarding intangible assets?

Options:

A.

The amortization period of an intangible asset cannot exceed 20 years.

B.

The cost intangible assets with indefinite lives should be amortized.

C.

Intangible assets are categorized as having either a limited life or an indefinite life.

D.

Companies should record intangible assets at fair market value

Buy Now
Questions 214

Which of the following statements is most accurate with respect to the required elements of the quality assurance and improvement program?

Options:

A.

Internal assessments provide sufficient objectivity to provide evidence to the board that the internal audit activity understands the organization’s control processes.

B.

Quality assessments focus on the internal audit activity ' s structure, relationships with stakeholders, compliance with the Standards, and internal audit staff proficiency.

C.

In order to comply with the Standards, the internal audit activity must obtain an objective assessment of its processes and function at least once a year.

D.

Internal auditors completing internal assessments must demonstrate certification to perform quality assessments.

Buy Now
Questions 215

According to IIA guidance, which of the following is an appropriate role for the internal audit activity?

Options:

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management ' s behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Buy Now
Questions 216

During a review of the procurement function, an internal auditor identified an existing control for adding new vendors into the vendor contract system. Which of the following would best help the auditor determine the adequacy of the control ' s design?

Options:

A.

Flowchart of the vendor addition process.

B.

Independent confirmations sent to vendors.

C.

Analysis of the control ' s costs and benefits.

D.

Interview with management of the procurement function.

Buy Now
Questions 217

A chief audit executive (CAE) recruited a few new internal auditors to reduce the resource gaps identified in this year ' s internal audit plan. One of the new recruits has several years of experience with the organization. Ten months ago. she served as a senior supervisor in the finance department. However, for the past 10 months, she has been helping the organization with implementing a new IT system. What approach should the CAE take for the upcoming financial statement controls audit?

Options:

A.

Assign the new auditor to assist with conducting the fieldwork. but ensure that her work is reviewed by the CAE.

B.

Assign the new auditor to assist with developing the audit program, but ensure that the audit program is executed by other audit staff.

C.

Ensure that the new auditor ' s previous manager, and other close former coworkers, are excused during the audit.

D.

Ensure that the new auditor is responsible only for the supervisory review, but not the execution of the audit field work.

Buy Now
Questions 218

In a retail organization, sales teams compete with each other to achieve and exceed sales targets. Each quarter, the members of the top sales team receive a bonus. In this environment, management should closely monitor for the emergence of which of the following potential risks?

Options:

A.

Risks related to employee turnover.

B.

Risks related to data manipulation.

C.

Risks related to employee competency.

D.

Risks related to not achieving sales targets.

Buy Now
Questions 219

The principle that " no action should be taken that may harm in some way the least fortunate people " is an expression of which of the following more general ethical principles?

Options:

A.

Utilitarian benefits.

B.

Personal virtues.

C.

Religious injunctions.

D.

Distributive justice.

Buy Now
Questions 220

According to IIA guidance, which policy, established by the chief audit executive, would most likely ensure internal audits are conducted with due professional care?

Options:

A.

The initial review of workpapers should be conducted after the final engagement report is issued.

B.

Independent internal assessments of the internal audit activity should be performed by entry-level staff as part of on-the-job training.

C.

Internal audit staff should be informed regularly of changes to policies and procedures.

D.

Training documents should be destroyed at the end of the year to create space for the next year ' s training documents.

Buy Now
Exam Code: IIA-CIA-Part1
Exam Name: Internal Audit Fundamentals
Last Update: Jul 4, 2026
Questions: 735

PDF + Testing Engine

$64.99   $185.69

Testing Engine

$49.99   $142.83

PDF (Q&A)

$54.99   $157.11