Free Practice Questions for the IIA CIA IIA-CIA-Part1 Exam (2026 Updated)
At Marks4sure, we are dedicated to providing IT professionals with the most accurate and reliable preparation materials for the IIA IIA-CIA-Part1 exam. To support your certification journey, we have made a selection of our premium 2026 CIA practice questions and answers available completely free. You can take this practice test as many times as you need. Every question includes a detailed, expertly verified explanation to ensure you fully grasp the core security concepts before test day.
The level of authority for the internal audit activity is granted by which of the following?
Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?
The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement?
Which of the following statements best describes the difference between risk appetite and risk tolerance?
Which of the following activities aligns with The IIA ' s Core Principles for the Professional Practice of Internal Auditing?
Which of the following factors are commonly assessed to determine the magnitude of risk events?
The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?
An automobile manufacturer will become one of the first in the industry to adopt a new inventory management software. Despite the system being new to the market, senior management believes that the benefits are great enough to offset the potential risks. Which of the following aspects of risk management does senior management’s decision best illustrate?
An internal auditor has completed an assurance engagement Which of the following is most likely true regarding the engagement?
During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company ' s expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?
An internal auditor believes that a weakness exists in the control environment relating to the delegation of authority and responsibility within the management structure. Which of the following actions should the internal auditor first consider in this matter?
According to the Standards, in today ' s technology and business environments, how much computer and information systems-related knowledge and skills must an internal auditor have to be effective in fulfilling his job responsibilities?
Which of the following strategies for professional development best demonstrates an internal auditor’s competency ' ?
Which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?
An organization ' s board recommends revising the internal audit charter by adding requirements regarding the hiring and compensation of the chief audit executive as well as information on approving the internal audit budget. Which of the following is the board most likely defining in the charter?
To assure that the technical proficiency of internal auditors is appropriate for the audit engagements to be performed, a chief audit executive should:
Which of the following describes the internal audit activity ' s most appropriate role in an organization ' s risk management process?
Which of the following statements is true regarding the quality assurance and improvement program (QAIP)?
According to IIA guidance, which of the following best demonstrates that the chief audit executive is properly reporting the results of the quality assurance and improvement program to senior management and the board?
There is a growing perception that employees generally evade their responsibilities. What impact will an internal auditor most likely see during an engagement?
Which of the following statements is true regarding organizational independence of the internal audit activity (IAA)?
Which of the following must be in existence as a precondition to developing an effective system of internal controls?
An internal auditor assessed that the risk of steel theft at a plant is high. In response, the plant ' s management introduced a number of controls, including fences around the facility, a metal detector at the entrance, and monthly steel inventory counts. If the controls operate as intended, which of the following outcomes would the internal auditor hope to see?
During an assurance engagement an internal auditor discovered that risk limits risk limit were set for a new market expansion project Management of the area under review was eager to comply and submitted a potential risk limit value for the auditor ' s review and approval. Which of the following would be an appropriate course of action for the auditor to take?
Which of the following best demonstrates the board of directors ' governance over internal control?
The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?
In which of the following ways could stakeholders be engaged in corporate social responsibility efforts?
Which of the following actions should an organization take to detect an emerging risk of potential fraud?
An investment advisory firm purchased professional liability insurance to offer protection from lawsuits brought by customers claiming they received poor or erroneous advice. Which of the following best describes this risk management technique?
Which action by senior management indicates to the internal auditor that there may be fraudulent activities occurring within the organization?
According to The IIA’s Code of Ethics, which of the following statements is true?
According to IIA guidance, which of the following statements is true regarding internal auditors ' knowledge, skills and other competencies?
An external assessment of an organization ' s internal audit activity was last completed four years ago Which of the following options would be acceptable this year if the internal audit activity is to fulfill the requirements of the Standards?
The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions The CAE was an accounting manager for the organization six months ago How should she respond to the request?
An electrician visits a client to assess the scope of work. After the visit, the sales office compiles and sends the client a proposal based on the electrician ' s estimation and approved price list. The internal auditor notices that in the last six months, the number of cancelled proposals has increased substantially. Which of the following is a fraud risk scenario that the auditor should consider in this situation?
Which of the following best demonstrates organizational independence of the internal audit activity?
An internal audit activity is performing a governance engagement. Which of the following would provide the best evidence for an internal auditor when evaluating the organization’s culture?
An organization established 20 years ago has had its internal audit activity in place for the last three years. Which of the following would allow the internal audit activity to accurately state that it is in conformance with the Standards ' ?
An internal auditor is assessing the effectiveness of the organization ' s risk management practices She checks to see whether risk management is an intégrai part of decision making and whether risk management is transparent, responsive to change and addresses uncertainty. According to HA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?
Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?
A description of their job responsibilities,
A subsidiary of the organization was preparing for an initial public offering (IPO). Af the request of the audit committee, the chief audit executive (CAE) and all senior audit staff were actively involved in the process by helping collect and validate financial data, conducting assessments, and participating in meetings with IPO advisors. Six months later, it became obvious that the IPO had to be canceled. Newly appointed audit committee members requested an assurance engagement that v/ould assess the IPO preparation process. Which of the following would be the best course of action for the chief audit executive (CAE) to take?
In its five years of existence, an internal audit activity conducted a single internal assessment of its quality assurance and improvement program (QAIP). The results of that assessment showed that the internal audit activity did not conform with the Standards. Prior to this, an external assessment of the internal audit activity ' s QAIP was conducted, which reported that the internal audit activity was in conformance with the Standards. Considering the two assessments, what would be the internal audit activity ' s current state of conformance with the Standards?
During an assurance engagement internal auditors interview operational management to gather and evaluate information. Which approach is most important for internal auditors to be able to listen effectively to interviewees in the given situation?
According to IIA guidance, which of the following is most critical to ensuring that an organization ' s risk management program remains effective over time?
During a procurement process audit the internal audit activity undertakes a fraud risk assessment and considers a range of possible fraud scenarios within the process. Which of the following scenarios constitutes a pressure to commit fraud?
Which of the following best describes the internal audit activity’s responsibility within a risk and control framework?
According to IIA guidance, which of the following corporate social responsibility {CSR) evaluation activities may be performed by the internal audit activity?
1. Consult on CSR program design and implementation
2. Serve as an advisor on CSR governance and risk management.
3. Review third parties for contractual compliance with CSR terms.
4. Identify and mitigate risks to help meet the CSR program objectives.
A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?
Which of the following statements is the most appropriate example of the internal audit activity exercising due professional care during an audit of the payroll department?
Which of the following describes the most appropriate match between a potential temporary guest auditor candidate and an upcoming audit assignment?
According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?
1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.
2. Ability to provide relevant advice and recommendations to management and the board.
3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.
4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.
According to IIA guidance, which of the following would be included in an internal audit charter to help establish the authority of the internal audit activity?
A newly hired chief audit executive is reviewing available documentation to provide evidence of conformance with the standard for continuing professional development. Which of the following documents is the most reliable source for this purpose?
Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?
Which of the following is an example of an entity-level control pertaining to the finance area of an organization ' ?
Which of the following would be considered an impairment to an internal auditor ' s objectivity when performing a review of the organization ' s procurement function ' ?
Which of the following situations undermines the independence of the internal audit activity?
Which of the following would best preserve the organizational independence of the internal audit activity?
Which of the following would be the best choice for a continuing professional development requirement for a newly created internal audit activity?
An internal audit of an organization ' s disbursement department revealed that multiple payments were made to legitimate vendors bearing fraudulent banking information belonging lo employees in the department. These vendors were initially set up with accurate banking information but were subsequently modified by disbursement officers with access to the vendor management system. Which of the following controls would have likely prevented the fraudulent modification of vendors ' banking information?
During an assurance engagement, an internal auditor identified that a developer of the organization ' s enterprise resource planning (ERP) system had intentionally modified the production code to commit a fraudulent transaction. Which control activity should be implemented to prevent such issues in the future?
According to NA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?
Which of the following scenarios demonstrates nonconformance with the Standards?
Which of the following should be part of the internal audit activity ' s duties?
Which of the following would provide the best support for internal auditors to meet their continuing professional development requirements?
Which of the following scenarios best demonstrates the application of internal audit proficiency?
Which of the following is most likely to result in the impairment of independence for the internal audit activity?
Which of the following is the best way for an internal auditor to demonstrate due professional care?
Which of the following is an example of an impairment to an internal auditor ' s independence?
According to IIA guidance, which of the following activities are considered a core internal audit role with regard to enterprise risk management?
Reviewing the management of key risks.
Evaluating the reporting of key risks.
Evaluating risk management processes.
Consolidating the reporting of risks.
An internal auditor is providing consulting services on an area he was responsible for three years ago. Part of the consulting scope covers a review of a performance measuring system that the auditor helped to develop. What is the best course of action for the auditor to take concerning the consulting service?
According to the 11A Code of Ethics, which of the following is required with regard to communicating results?
Which of the following statements is the most appropriate for a chief audit executive to include in the internal audit policy manual in order to promote objectivity?
To comply with the proficiency standard which of the following would the chief audit executive likely consider as the primary hiring criterion when choosing a new internal auditor?
When beginning an engagement to assess the effectiveness of the organization ' s newly revamped risk management processes, which of the following should internal auditors review first?
Which of the following practices is generally most effective to protect internal audit objectivity?
At a construction company, supervisors are entitled to bonus payments if there are no safety rule violations on their teams. There are several channels available for workers to report accidents and violations, and all reported violations are investigated. Bonus payment calculations are approved by managers and the head of safety. Which of the controls best addresses the risk that supervisors will conceal accidents on their teams in order to receive the bonus?
Which of the following controls would best mitigate the risk of fraud in the bidding process?
Which of the following is the primary benefit of an effective professional development program for internal auditors?
During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management ' s request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?
Senior management relies on the professional judgment of an internal auditor and uses outcomes of her audit work to make business decisions Which of the following personal qualities displayed by the internal auditor is most likely the foundation for this relationship?
According to The IIA ' s Competency Framework, which competency is considered the mandatory minimum for internal auditors to possess when performing internal audit engagements?
According to MA guidance, which of the following is an appropriate role for the internal audit activity?
The internal audit activity was denied access to expenditure and budget reports because they were considered to be confidential. This situation would result in which of the following limitations of the internal audit activity?
An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments. The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International
Standards for the Professional Practice of Internal Auditing ( Standards) Which of the following justifies inclusion of this clause in the reports?
An organization ' s fraud policies and procedures dictate that the internal audit activity does not have primary responsibility for conducting fraud investigations and should, in fact, refrain from involvement in investigations. Which of the following activities would be considered acceptable for internal auditors to perform of this organization?
The chief audit executive (CAE) decided to conduct a self-assessment with independent validation. Which of the following is the most likely reason the CAE selected this course of action?
An internal auditor is trying to evaluate what could go wrong after determining that a risk management technique is operating effectively. What type of risk is the auditor assessing?
A business unit manager was impressed by the competence of the internal auditor who was conducting an assurance engagement in his area and the manager made the auditor an attractive job offer to begin after the audit was completed The auditor later told her auditor in charge that she was considering the offer. Which of the following IIA Code of Ethics principles was most likely violated?
Which of the following offers the feast evidence that the internal audit activity has achieved organizational independence?
Which of the following is true regarding the stakeholder theory of corporate social responsibility?
According to IIA guidance, which of the following threats to objectivity is described as familiarity ' ?
According to IIA guidance, which of the following is an appropriate role for the internal audit activity?
According to IIA guidance, which of the following is the strongest indicator of deficiencies in the risk management process?
Which of the following is an indicator of ineffective third-party risk management?
Which of the following best describes a purpose for the internal audit charter?
An internal auditor has documented several instances in which management asked employees to ad against the policies and procedures. Which of the following is the most appropriate next step?
With regard to governance, which of the following is a board-level responsibility rather than a management responsibility?
In which of the following scenarios would the internal auditor’s objectivity be best protected?
A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?
For a new board chair who has not previously served on the organization ' s board, which of the following steps should first be undertaken to ensure effective leadership to the board?
During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids. Which of the following would be the most effective preventative control to reduce these losses?
Which of the following preventative controls would be most effective for organizations facing business disruptions and respective financial losses?
According to IIA guidance, the internal audit activity must be free from interference in which of the following areas in order to maintain organizational independence?
An organization’s senior management team is awarding substantial bonuses if employees meet financial targets. Which of the following motivators to potentially commit fraud would become most likely in this scenario?
Which of the following statements about internal audit consulting engagements is true?
A newly hired internal auditor is performing an engagement that requires significant IT expertise that he does not possess. If the auditor does not alert the chief audit executive about his lack of expertise and decides to perform the engagement anyhow, which principle of the IIA ' s Code of Ethics would he violate?
When performing an audit of the risk management process an auditor makes the observations listed below. Which poses the greatest risk to the organization?
Considering the concepts of organization wide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?
Which of the following situations would cause the greatest concern regarding impairment of internal audit objectivity?
An internal auditor was completely honest with operational management when delivering unfavorable audit results. Which of the following best describes the IIA Code of Ethics principle that the auditor demonstrated?
Senior management purchased surveillance cameras and installed them over a door that provides entry to an area where according to a recent internal audit report, hazardous materials exist and there is a high risk of explosion Which type of control was implemented in this situation?
Which of the following actions best demonstrates an internal auditor exercising due professional care?
While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company ' s engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?
Due to extreme liquid fuel price fluctuations, management decided to designate a specific price below which liquid fuel shall not be sold to customers, but instead shall be pumped into storage tanks. Which of the following risk responses has management selected?
An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment. According to the Standards, which of the following would the auditor include in the risk register?
In an internal audit charter, which of the following statements regarding the chief audit executive (CAE) would be most directly related to describing the responsibilities of the internal audit activity*?
The chief audit executive (CAE) annually develops a budget and resource plan and submits it to the board for approval. This action best fulfills which of the following responsibilities of the CAE?
Which of the following is a primary responsibility of senior management with respect to ethical violations?
Which of the following scenarios would cause a chief audit executive (CAE) to immediately discontinue using any statements that would indicate conformance with the Standards in an audit report?
Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?
Which of the following is an advantage of using nongovernmental organization (NGO) members on an assurance team when auditing corporate social responsibility?
Which of the following best describes the risk contained in an initial public offering for a new stock?
Which of the following situations would best indicate to the chief audit executive that one of the audit team members is struggling with application of due professional care?
A global manufacturing company has three regional offices. The chief audit executive (CAE) is concerned about the cost of an upcoming external quality assessment of the internal audit activity. The last external assessment was performed six years ago. Recently, the internal audit staff at one of the regional offices performed an internal assessment. To ensure conformance with the Standards, what is the most appropriate action for the CAE to take?
An internal auditor creates a professional development plan to obtain more experience in the organization ' s environmental, social, and corporate governance initiatives. Which of the following would the auditor include in the plan to support these objectives?
An internal auditor is reviewing employee travel expenses from the previous six months for fraud. Which of the following tests would best detect instances where personal travel has been claimed?
According to IIA guidance, a new internal auditor is expected to possess which of the following competencies?
Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?
Which of the following represents an example of an ethical issue that the organization should address ' ?
A manufacturer of power tools is experiencing regular fluctuations in the price of electrical power which is having a serious impact on the bottom line. Which of the following would be the most effective risk strategy to reduce the impact of these fluctuations?
Which of the following procedures will best help an internal auditor assess operating effectiveness of fraud prevention and detection controls?
According to NA guidance which of the following should be documented in the internal audit chatter?
An internal auditor in a busy internal audit activity reviews her continuing professional development records toward the end of the year and is concerned to find she has undertaken limited training and formal professional development. Which of the following actions is the most appropriate for her to take?
For a high-risk observation, which is the best approach to follow when management takes an aggressive, uncompromising position in opposition to the internal audit activity?
A new chief audit executive realized that the internal audit charter has not been updated in five years and only includes the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, and the Standards. What mandatory component is missing?
According to MA guidance, which of the following statements is true regarding internal auditors ' use of technology-based techniques?
A global organization established a new internal audit activity and the recently hired chief audit executive needs to develop an internal audit manual for internal auditors Among the following policies in the manual, which would facilitate internal auditors in upholding their objectivity?
An internal auditor in a newly established internal audit activity identifies many control weaknesses and raises a number of high-priority recommendations in her first few audit engagements. The internal auditor is concerned that there seems to be a poor understanding by management of risk and control. Which of the following is the most likely reason for this?
Which of the following situations presents the lowest risk of impairing an internal audit activity ' s independence?
Which of the following controls would most likely prevent fraud related to the overpayment of vendors?
IT management requires all employees in the IT department to attend annual training on the department’s mission values and key performance measures This activity is designed to prevent which of the following conditions?
Which of the following best demonstrates that an internal auditor is applying due professional care when planning an assurance engagement?
Which of the following parties would be responsible for ongoing monitoring of the organization ' s corporate social responsibility activities to reduce its carbon footprint?
According to IIA guidance, which of the following actions by a new chief audit executive would be most appropriate to gain an understanding of the current level of knowledge, skills, and competencies required by an internal audit activity to fulfill its responsibilities?
Which of the following is most likely to impair the organizational independence of the internal audit activity?
Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?
Which of the following situations is most likely to threaten the independence of the internal audit activity?
Which of the following controls would be most useful to prevent an employee from using the organization ' s funds for inappropriate expenditures and falsifying financial records to conceal the fraud?
According to IIA guidance, which of the following is required of an internal audit activity?
The same internal auditor has audited the regional purchasing department annually for the last three years. The audits have shown several significant control deficiencies that have not been corrected by management. New management is in charge of this regional purchasing department, and it is time to audit the department again. What concerns should be considered prior to assigning the audit to the same auditor?
Outsourcing a business activity is considered which of the following risk management techniques?
A third-party provider ' s questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization ' s risk management practices was most likely ineffective?
According to IIA guidance, which of the following conditions would enhance the independence of the internal audit activity?
When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports?
1. Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.
2. Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management
reporting and the negative consequences of intentional misreporting.
3. Setting up a hotline for employees to report fraudulent behavior anonymously,
4. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.
Which of the following statements is true regarding corporate social responsibility (CSR)?
An internal auditor notes that inventory counts are conducted on Mondays only and that all documentation is on paper as there are no computers in the underground warehouses. Also she notices that the person responsible for receiving the goods is the same one who distributes materials and spare parts Finally, she sees that spare parts are written off and taken by the heads of mining units to different underground locations to wait for their turn to be installed. Which of the described findings requires more consideration from a fraud risk perspective?
In which of the following audits would the internal auditors most likely contribute to the assessment of organizational governance?
Who is responsible for ensuring internal auditors’ continuing professional development?
Which of the following would be considered a violation of The HAfs mandatory guidance on independence?
Which of the following would be most helpful to measure whether an internal audit activity successfully provides risk-based assurance?
After the draft engagement report is issued, the manager of the area that was reviewed is informally interviewed by the engagement supervisor regarding the audit experience. Which of the following is most likely the purpose for this interview?
Which of the following statements best demonstrates application of due professional care during an assurance engagement?
The internal auditor obtained large volumes of transaction history data for accounts on which he suspected that some fraudulent transactions occurred. Which of the following actions best demonstrates due professional care by the internal auditor?
Which of the following best describes the type of organizational culture known as adaptability culture ' ?
An internal auditor extended the scope of testing for a disbursements engagement following a fraud risk assessment Despite the investment of additional audit resources no significant issues were found Unfortunately a major payment fraud was discovered several
months later According to IIA guidance which of the following statements is true regarding the internal auditor ' s application of due professional care?
According to IIA guidance, which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?
In which of the following situations would the organizational independence of an internal audit activity be impaired?
Which of the following options describes the reason that conformance with The IIA ' s Code of Ethics is mandatory for internal auditors?
The internal audit activity conducted an organization wide risk assessment. One of the most significant risks identified is associated with the oil price market. The chief audit executive (CAE) is considering including in the annual audit plan an assessment of the effectiveness of oil price risk management. The manager responsible commented that the assessment was not needed, as market risks were regularly addressed by the financial risk committee. If the CAE decides to include this activity in the annual audit plan anyway, how should it be recorded?
A chief audit executive (CAE) is concerned that the internal audit activity is not receiving adequate training and continuing education. Which of the following approaches should the CAE take?
A chief audit executive (CAE) has no direct access to the board. According to IIA guidance, which of the following is the most appropriate way for the CAE to react?
Which of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?
Which of the following specifications in an internal audit charter is the most important factor in the internal audit activity’s independence?
Which of the following would most likely be classified as a consulting engagement?
Which of the following would a chief audit executive most likely use to identify a need for improvement in a staff internal auditor ' s business acumen?
Which of the following statements is true regarding management ' s use of judgement to design, implement, and conduct internal control?
Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?
Wi ch of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?
Which of the following is an example of risk monitoring to ensure a system is performing as intended?
Which of the following scenarios depicts an appropriate role for the internal audit activity to take regarding an organization ' s risk management process?
What is the best course of action when the internal audit activity does not have the knowledge necessary to perform a planned audit of the organization ' s new IT data backup process?
With regard to IT governance, which of the following is the most effective and appropriate role for the internal audit activity?
Which of the following is most accurate concerning corporate social responsibility?
A new chief audit executive wants to develop a formal internal control framework for her organization. She uses globally accepted frameworks as a guide. Which of the following would she likely find critical in creating the new framework for her organization?
During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as he are earning a significantly higher salary. The auditor noted the names and amounts of each, and he planned to prepare a request to the chief audit executive for a salary increase based on this information. Which of the following IIA Code of Ethics principles was violated in this scenario?
Which of the following activities best ensures that internal auditors grow professionally in alignment with current industry trends to meet the expectations of primary stakeholders?
Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?
Which of the following should be considered in developing a risk and control model for use in an engagement?
A technology company recently hired an entry-level internal auditor. To achieve conformance with the Standards, which of the following must the newly hired internal auditor possess?
According to IIA guidance, which of the following training methods is considered most effective in assisting new entry-level internal auditors in achieving competence with internal audit practices in the workplace?
Which of the following would best serve to deter unethical behavior and encourage internal auditors to be objective in their work?
An internal audit team analyzed the organization ' s value-at-risk model during an assurance engagement and suggested several useful improvements. Management was impressed by the internal audit team’s work and requested additional actions. Which of the following requested actions would impact internal audit independence most severely if fulfilled?
Which of the following describes two duties that should not be performed by the same person?
Which of the following statements is most likely to be true regarding a consulting engagement involving an organization ' s new payroll system?
Recently an organization’s internal audit activity discovered ghost employees who receive payments Senior management decides to strengthen the internal control measures to address this Which of the following is considered an effective control to mitigate payments to ghost employees?
Which of the following statements is most accurate with respect to the required elements of the quality assurance and improvement program?
According to IIA guidance, which of the following is an appropriate role for the internal audit activity?
During a review of the procurement function, an internal auditor identified an existing control for adding new vendors into the vendor contract system. Which of the following would best help the auditor determine the adequacy of the control ' s design?
A chief audit executive (CAE) recruited a few new internal auditors to reduce the resource gaps identified in this year ' s internal audit plan. One of the new recruits has several years of experience with the organization. Ten months ago. she served as a senior supervisor in the finance department. However, for the past 10 months, she has been helping the organization with implementing a new IT system. What approach should the CAE take for the upcoming financial statement controls audit?
In a retail organization, sales teams compete with each other to achieve and exceed sales targets. Each quarter, the members of the top sales team receive a bonus. In this environment, management should closely monitor for the emergence of which of the following potential risks?
The principle that " no action should be taken that may harm in some way the least fortunate people " is an expression of which of the following more general ethical principles?
According to IIA guidance, which policy, established by the chief audit executive, would most likely ensure internal audits are conducted with due professional care?
