An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?
A)
B)
C)
D)
An organization is experiencing a significant risk that threatens its financial well-being Senior management requested that the chief audit executive (CAE) meet with them to discuss the risk. Which of the following would best describe the CAE's responsibility at the meeting?
When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?
According to HA guidance, which of the following statements regarding audit workpapers is true?
A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan''
According to IIA guidance, when of the Mowing statements is true regarding an engagement supervisor's use of review notes?
Which of the following statements regarding the risk management process' support of the internal audit activity is true?
According to IIA guidance, which of the following activities is most likely to enhance stakeholders' perception of the value the internal audit activity (IAA) adds to the organization?
1. The IAA uses computer-assisted audit techniques and IT applications.
2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.
3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.
4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.
Which informal ion- gathering method would be most efficient for an internal auditor to determine whether specified control procedures are in place?
During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?
An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management's compliance with privacy laws for safeguarding customer information stored on the organization's servers. Which course of action is appropriate for this phase of the engagement?
Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?
An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?
An internal auditor for a regional bank suspects that the head of commercial lending has been granting loans without the required collateral Which of the following sampling techniques will be most effective for investigating the auditor's suspicion?
When addressing the excessive overtime being paid lo employees in an organization's customer service call center, which of the following would be most relevant for the internal auditor to use?
1 Confirmation.
2. Trend analysis.
3 External benchmarking
4. Internal benchmarking
Which of the following actions best describes an internal auditor's use of test data to determine whether an organization's new accounts payable system avoids processing questionable invoices for payment?
The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?
An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?
A chief audit executive (CAE) reviews the supervision of an internal audit engagement Which of the following would most likely assure the CAE that the engagement had adequate supervision?
What type of audit engagement would be the most appropriate to determine how an organization could be more profitable in the long term?
The chief audit executive was asked to define me internal audit activity s key performance indicators (KPIs) tor the upcoming year. The KPIs must measure efficiency and effectiveness. Which of the following is an example of a KPI that measures effectiveness?
An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable pacts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques Which of the following audit procedures should be used to test the auditor's theory?
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?
Which method of examining entity-level controls involves gathering information from work groups that represent different levels in an organization?
An organization's finance manager plans to implement a state-of-the-art management system to better manage the organization's receivables. The finance manager consulted the chief audit executive (CAE) and asked for her assistance in determining whether the organization is able to accommodate this system. How would the CAE proceed to determine the objectives of this engagement
According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?
The internal audit activity has adopted the balanced scorecard approach to assess its performance According to MA guidance which of the following is a key performance indicator relevant to the audit client?
An organization buys crude oil on the open market and refines it into a high-quality gasoline. The price of crude oil is extremely volatile. Which of the following is the most appropriate risk management technique to protect the organization against these price fluctuations?
An internal auditor wants to compare performance information from one quarter to another. Which analytics procedure would the auditor use?
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?
While planning for an accounts payable audit an internal auditor performs an entity level controls analysis. Which of the following statements is true regarding me approach used by the auditor?
The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA.
4. Arrange for reciprocal peer review with another CAE.
Which of the following is the primary purpose of implementing a program whereby employees are rotated from other parts of the organization into the internal audit activity?
Which of the following is least likely to help ensure that risk is considered in a work program?
An internal auditor wants to assess the completeness of sales invoices issued by the organization over a period of time Providing that at the necessary data and analytics software is which of the following types of analyse would be appropriate to satisfy the auditor's objective?
An engagement work program o of greatest value to audit management when which of the following is true?
A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with management's decision, which of the following is the most appropriate next step for the CAE to take?
New environmental regulations require the board to certify that the organization's reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization's compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?
Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?
The board of directors expressed concerns about potential external risks that could impact the organization s ability to meet its annual objectives and goals The board requested consulting services from the internal audit activity to gain insight regarding the external risks Which of the following engagement objectives would be appropriate to fulfill this request?
The final engagement communication contains the following observation:
The internal auditor discovered that three of the 10 contracts reviewed failed to meet the organization's competitive bidding requirements Management explained that senior management deemed these purchases to be critical and awarded them as sole-source."
Which of the following components is missing in the documentation of the observation?
An internal auditor develops an engagement observation related to an organization's accumulation of large travel advances. The auditor observes that the organization's procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization's procedures?
An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization's health and safety program?
Which of the following is not a direct benefit of control self-assessment (CSA)?
In which of following scenarios is the internal auditor performing benchmarking?
According to IIA guidance which of the following statements is true regarding heat maps?
White planning an audit engagement of a procurement card activity. which of the following actions should an internal auditor take to denary relevant risks and controls?
An IT auditor is reviewing the access controls in an organization's accounting application. The auditor intends to deploy a tool that can help test the logical controls embedded in the system to ensure employee access is granted according to need. Which of the following would help achieve this objective?
Which of the following is one of the five attributes that internal auditors include when documenting a deficiency?
An internal auditor has been asked to join a project team to help design controls in a software application to address specific risks that have been identified by the team Which of the following actions is most appropriate for the internal auditor to perform?
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?