1. Which of the following would typically be part of the agenda for an opening meeting?
I. Discussion of business objectives, risks and key processes
II. Review of the audit process and timeline
III. Review of audit objectives and scope
IV. Presentation by auditee of how they have addressed findings from the last audit.
a. I and III only.
b. II and IV only.
c. II and III only
d. I, II, and III only
e. I, II, III, and IV.
2. According to the COSO control framework, a precondition to risk assessment is:
a. Establishing control procedures or activities.
b. Establishing a monitoring mechanism.
c. Establishing an internal audit function.
d. Establishing objectives or goals.
e. Establishing performance measures.
Use the following information to answer questions 8 and 9.
An internal auditing department plans to begin an audit of manufacturing operations in the Automotive Products Division. The audit objectives are to: (1) evaluate the quality of performance in carrying out assigned responsibilities, (2) determine whether all legal and regulatory requirements concerning employee safety are being properly implemented, and (3) determine whether fixed assets employed in manufacturing are properly reflected in the accounting records.
3. In meeting objective (2), which of the following audit approaches is likely to be most effective?
a. Interviewing members of the executive management team to determine their commitment to employee safety.
b. Reviewing accident reports.
c. Examining documentation concerning the design of the relevant systems and observing operations for compliance.
d. Requesting an inspection by government regulators.
e. Interview a sample of assembly line workers from each shift regarding their concerns.
4. In meeting objective (3), which of the following audit approaches is likely to be most effective?
a. Inspecting fixed assets used in the manufacturing process and tracing to the asset subsidiary ledger.
b. Selecting items from asset subsidiary ledger and recalculating depreciation.
c. Interviewing members of the accounting department.
d. Examining documentation concerning the cost of fixed assets used in the manufacturing process.
e. Scanning the asset subsidiary ledger for credit entries.
5. The possibility of a maliciously virus overwhelming an information system and denying services legitimate users is an example of:
a. Availability risk.
b. Access risk.
c. Confidentiality risk.
d. Deployment risk
6. Which of the following actions taken by the CAE of a large company would not be considered to violate the IIA's Code of Ethics?
a. The CAE decides to delay the audit of a branch so that his daughter-in-law, the branch manager, will have time to "clean things up."
b. In order to save company resources, the CAE cancels all staff training for the next two years on the basis that all staff are too new to benefit from training.
c. The CAE buys a significant amount of stock in a public company that is a competitor.
d. In order to save company resources, the CAE limits the audit of foreign branches to confirmations from branch managers that no major personnel changes have occurred.
e. The CAE provides information about company operations to his father who is a stockholder.
7. Audit report content and format may vary; but according to The InternationalStandards of Professional Practice of Internal Auditing which of the following is a necessary element?
a. Status of findings from prior reports.
b. The auditee's views about the engagement's conclusions.
c. Statement of what was cover in the engagement.
d. Documentation of previous oral communications with area management.
e. Related activities not examined in the engagement.
8. The COO has requested the internal audit group advise her regarding the new incentive plan being developed for sales representatives. Which of the following tasks should the CAE decline with respect to providing advice to the COO?
a. Determining how to best document the support for amounts paid to provide a sufficient audit trail.
b. Researching and benchmarking incentive plans provided by other companies in the industry.
c. Identify what new risks the incentive plan introduces to the organization.
d. Recommending monitoring procedures so that appropriate amounts are paid out under the plan.
e. Determining the appropriate bonus formula for inclusion in the plan.
9. Which of the following is one of the seven elements that need to be present for an organization to have an effective compliance program?
a. The organization has an enterprise risk management system in place.
b. The organization has an audit committee.
c.The CEO and CFO must sign the organization's Code of Ethical Conduct.
d. Standards are consistently enforced through appropriate discipline, including discipline of individuals responsible for failure to detect offense.
e. The organization has a person appointed as General Counsel for the organization.