1. The status of the internal audit function should be free from the impact of irresponsible policy changes by management. The most effective way to make sure of that freedom is to:
a. Develop written policies and procedures to serve as standards of performance of the internal audit function.
b. Have the internal audit charter approved by both management and the board of directors.
c. Adopt the policy that the audit function follows the Standards for the Professional Practice of Internal Auditing.
d. Require that the external auditor approve any policy change by management regarding internal audit.
e. Establish an audit committee within the board of directors.
2. A chief audit executive (CAE) has been requested by the audit committee to conduct an engagement at one of the company's chemical factories as soon as possible. The engagement will include reviews of health, safety, and environmental management and processes. The CAE knows that the internal audit department does not have the necessary technical knowledge to conduct such an engagement. What should the CAE do?
a. Ask the audit committee for additional resources to obtain appropriate support from a health, safety and environmental professional for the engagement.
b. Suggest to the audit committee that the factory's own health, safety and environmental staff conduct the engagement.
c. Begin the engagement and incorporate the necessary technical training into next year's training program so as to be prepared for a follow-up engagement.
d. Defer the engagement and tell the audit committee that it will take six months to train internal audit staff for such an engagement.
e. Conduct the engagement but limit its scope to cover only those areas where the internal audit staff has the necessary skills.
3. In the case of an efficient system of internal control, in which quadrant would you expect to find the lowest investment in controls?
a. I
b. II
c. III
d. IV
e. The investment woudl be equal in each of the four quadrants.
4. During an audit, an employee with whom you have developed a good working relationship informs you that she has some information about top management which would be damaging to the organization and may concern illegal activities. The employee does not want her name associated with the release of the information. Which of the following actions would be considered inconsistent with the IIA Code of Ethics and Standards?
a. Suggest the person consider talking to legal counsel.
b. Inform the employee of other methods of communicating this type of information.
c. Inform the individual that you will attempt to keep the source of the information confidential and will look into the matter further.
d. Assure the employee that you can maintain her anonymity and listen to the information.
e. Suggest that she talk with the organization's compliance officer.
5. Which of the following is an element of sampling risk?
a. Selecting and audit procedure that is inconsistent with the audit objective.
b. Failing to perform audit procedures that are required by the sampling plan.
c. Forgetting to apply the finite correction factor in deterring sample size.
d. Failing to detect an error on a document that has been inspected by an auditor.
e. Concluding that internal controls are not effective when in fact they are effective based on a sample that had multiple cases of control failure.
6. Which of the following would typically be part of the agenda for an opening meeting?
I. Discussion of business objectives, risks and key processes
II. Review of the audit process and timeline
III. Review of audit objectives and scope
IV. Presentation by auditee of how they have addressed findings from the last audit.
a. I and III only.
b. II and IV only.
c. II and III only
d. I, II, and III only
e. I, II, III, and IV.
7. According to the COSO control framework, a precondition to risk assessment is:
a. Establishing control procedures or activities.
b. Establishing a monitoring mechanism.
c. Establishing an internal audit function.
d. Establishing objectives or goals.
e. Establishing performance measures.
Use the following information to answer questions 8 and 9.
An internal auditing department plans to begin an audit of manufacturing operations in the Automotive Products Division. The audit objectives are to: (1) evaluate the quality of performance in carrying out assigned responsibilities, (2) determine whether all legal and regulatory requirements concerning employee safety are being properly implemented, and (3) determine whether fixed assets employed in manufacturing are properly reflected in the accounting records.
8. In meeting objective (2), which of the following audit approaches is likely to be most effective?
a. Interviewing members of the executive management team to determine their commitment to employee safety.
b. Reviewing accident reports.
c. Examining documentation concerning the design of the relevant systems and observing operations for compliance.
d. Requesting an inspection by government regulators.
e. Interview a sample of assembly line workers from each shift regarding their concerns.
9. In meeting objective (3), which of the following audit approaches is likely to be most effective?
a. Inspecting fixed assets used in the manufacturing process and tracing to the asset subsidiary ledger.
b. Selecting items from asset subsidiary ledger and recalculating depreciation.
c. Interviewing members of the accounting department.
d. Examining documentation concerning the cost of fixed assets used in the manufacturing process.
e. Scanning the asset subsidiary ledger for credit entries.
10. The possibility of a maliciously virus overwhelming an information system and denying services legitimate users is an example of:
a. Availability risk.
b. Access risk.
c. Confidentiality risk.
d. Deployment risk
11. Which of the following actions taken by the CAE of a large company would not be considered to violate the IIA's Code of Ethics?
a. The CAE decides to delay the audit of a branch so that his daughter-in-law, the branch manager, will have time to "clean things up."
b. In order to save company resources, the CAE cancels all staff training for the next two years on the basis that all staff are too new to benefit from training.
c. The CAE buys a significant amount of stock in a public company that is a competitor.
d. In order to save company resources, the CAE limits the audit of foreign branches to confirmations from branch managers that no major personnel changes have occurred.
e. The CAE provides information about company operations to his father who is a stockholder.
12. Audit report content and format may vary; but according to The InternationalStandards of Professional Practice of Internal Auditing which of the following is a necessary element?
a. Status of findings from prior reports.
b. The auditee's views about the engagement's conclusions.
c. Statement of what was cover in the engagement.
d. Documentation of previous oral communications with area management.
e. Related activities not examined in the engagement.
13. The COO has requested the internal audit group advise her regarding the new incentive plan being developed for sales representatives. Which of the following tasks should the CAE decline with respect to providing advice to the COO?
a. Determining how to best document the support for amounts paid to provide a sufficient audit trail.
b. Researching and benchmarking incentive plans provided by other companies in the industry.
c. Identify what new risks the incentive plan introduces to the organization.
d. Recommending monitoring procedures so that appropriate amounts are paid out under the plan.
e. Determining the appropriate bonus formula for inclusion in the plan.
14. Which of the following is one of the seven elements that need to be present for an organization to have an effective compliance program?
a. The organization has an enterprise risk management system in place.
b. The organization has an audit committee.
c.The CEO and CFO must sign the organization's Code of Ethical Conduct.
d. Standards are consistently enforced through appropriate discipline, including discipline of individuals responsible for failure to detect offense.
e. The organization has a person appointed as General Counsel for the organization.