New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. IIA
  3. CIA Challenge Exam
  4. IIA-ACCA - ACCA CIA Challenge Exam

IIA IIA-ACCA ACCA CIA Challenge Exam Exam Practice Test

Page: 1 / 60
Total 604 questions
Get IIA-ACCA Full Access Download IIA-ACCA PDF

ACCA CIA Challenge Exam Questions and Answers

Question 1

Which of the following is a characteristic of just-in-time inventory management systems?

Options:

A.

Users determine the optimal level of safety stocks.

B.

They are applicable only to large organizations.

C.

They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

D.

They rely heavily on high quality materials.

Question 2

Which of the following most accurately describes the purpose of application authentication controls?

Options:

A.

To ensure that data input into business applications is valid, complete, and accurate.

B.

To prevent or detect errors in data processed using business applications.

C.

To ensure that business applications are protected from unauthorized logical access.

D.

To ensure the validity, accuracy, and completeness of outputs from business applications.

Question 3

An internal auditor is reviewing physical and environmental controls for an IT organization. Which control activity should not be part of this review?

Options:

A.

Develop and test the organization's disaster recovery plan.

B.

Install and test fire detection and suppression equipment.

C.

Restrict access to tangible IT resources.

D.

Ensure that at least one developer has access to both systems and operations.

Question 4

When auditing an application change control process, which of the following procedures should be included in the scope of the audit?

1. Ensure system change requests are formally initiated, documented, and approved.

2. Ensure processes are in place to prevent emergency changes from taking place.

3. Ensure changes are adequately tested before being placed into the production environment.

4. Evaluate whether the procedures for program change management are adequate.

Options:

A.

1 only

B.

1 and 3 only

C.

2 and 4 only

D.

1, 3, and 4 only

Question 5

Which of the following are typical audit considerations for a review of authentication?

1. Authentication policies and evaluation of controls transactions.

2. Management of passwords, independent reconciliation, and audit trail.

3. Control self-assessment tools used by management.

4. Independent verification of data integrity and accuracy.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 6

Which of the following statements regarding program change management is not correct?

Options:

A.

The goal of the change management process is to sustain and improve organizational operations.

B.

The degree of risk associated with a proposed change determines if the change request requires authorization.

C.

In order to protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.

D.

All changes should be tested in a non-production environment before migrating to the production environment.

Question 7

According to Porter, which of the following is associated with fragmented industries?

Options:

A.

Weak entrance barriers.

B.

Significant scale economies.

C.

Steep experience curve.

D.

Strong negotiation power with suppliers.

Question 8

While reviewing the contracts for a large city, the internal auditor learns that the organization contracted to perform trash collection is paid based on the number of bins emptied each week As a result, the city has minimal control over payments Which of the following actions should the auditor recommend to give the city greater control over payments?

Options:

A.

Change the contract so payment is based on the distances traveled by the contractor during collection.

B.

Renegotiate a lump-sum contract when the contract is up for renewal

C.

Assign a city employee to verify the number of bins emptied each day

D.

Require that the contractor provide supervisory review of the number of bins emptied each day

Question 9

Which of the following statements about COBIT is not true?

Options:

A.

COBIT helps management understand and manage the risks associated with information technology (IT) processes.

B.

Management needs to determine the cost-benefit ratio of adopting COBIT control objectives.

C.

COBIT control objectives are specific to various IT platforms and help determine minimum controls.

D.

COBIT provides management with the capability to conduct self-assessments against industry best practices.

Question 10

Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange?

Options:

A.

A time-sensitive just-in-time purchase environment.

B.

A large volume of custom purchases.

C.

A variable volume sensitive to material cost.

D.

A currently inefficient purchasing process.

Question 11

According to IIA guidance on IT. which of the following plans would pair the identification of critical business processes with recovery time objectives?

Options:

A.

The business continuity management charter.

B.

The business continuity risk assessment plan

C.

The business impact analysis plan

D.

The business case for business continuity planning

Question 12

The greatest advantage of functional departmentalization is that it:

Options:

A.

Facilitates communication between primary functions.

B.

Helps to focus on the achievement of organizational goals.

C.

Provides for efficient use of specialized knowledge .

D.

Accommodates geographically dispersed companies

Question 13

Which of the following is not a barrier to effective communication?

Options:

A.

Filtering.

B.

Communication overload.

C.

Similar frames of reference.

D.

Lack of source credibility.

Question 14

The audit committee of a global corporation has mandated a change in the organization's business ethics policy. Which of the following approaches describes the best way to accomplish the policy's diffusion worldwide?

Options:

A.

Deploy the policy in the corporate headquarters' language, so everyone gets an unfiltered version simultaneously.

B.

Introduce the policy region by region, using any lessons learned to change the subsequent version of the policy for the next area.

C.

Consult with legal and operational management in each affected country to ensure the final version can be implemented globally, following audit committee approval.

D.

Send the board-approved version of the policy to each country's senior leadership, and empower them to tailor the policy to the local language and culture.

Question 15

During an audit of the organization's annual financial statements, the internal auditor notes that the current cost of goods sold percentage is substantially higher than in prior years. Which of the following is the most likely explanation for this increase?

Options:

A.

Cost of raw material inventory items is decreasing.

B.

Process to manufacture goods is more efficient.

C.

Labor productivity to produce goods is increasing.

D.

Write-off of inventory is increasing.

Question 16

Which of the following are the most common characteristics of big data?

Options:

A.

Visibility, validity, vulnerability

B.

Velocity, variety volume.

C.

Complexity completeness constancy

D.

Continuity, control convenience

Question 17

Operational management in the IT department has introduced performance evaluation policies that are linked to employees achieving continuing education hours. This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge/skills gap

B.

Monitoring gap

C.

Accountability/reward failure.

D.

Communication failure.

Question 18

When attempting to devise creative solutions to problems, team members initially should do which of the following?

Options:

A.

Suspend assumptions and negative feedback

B.

Weight suggestions based on the speaker's level of authority.

C.

Discuss the details of all options presented

D.

Provide documentation to support their positions

Question 19

Which of the following is a major advantage of decentralized organizations, compared to centralized organizations?

Options:

A.

Decentralized organizations are more focused on organizational goals.

B.

Decentralized organizations streamline organizational structure.

C.

Decentralized organizations tend to be less expensive to operate.

D.

Decentralized organizations tend to be more responsive to market changes.

Question 20

Which of the following best describes the purpose of disaster recovery planning?

Options:

A.

To reconstitute systems efficiently following a disruptive event.

B.

To define rules on how devices within the system should communicate after a disaster.

C.

To describe how data should move from one system to another system in case of an emergency.

D.

To establish a protected area of network that is accessible to the public after a disaster

Question 21

Which of the following application software features is the least effective control to protect passwords?

Options:

A.

Suspension of user IDs after a user's repeated attempts to sign on with an invalid password.

B.

Encryption of passwords prior to their transmission or storage.

C.

Forced change of passwords after a designated number of days.

D.

Automatic logoff of inactive users after a specified time period of inactivity.

Question 22

An organization had three large centralized divisions: one that received customer orders for service work; one that scheduled the service work at customer locations; and one that answered customer calls about service problems. These three divisions were restructured into seven regional groups, each of which performed all three functions. One advantage of this restructuring would be:

Options:

A.

Better internal controls.

B.

Greater economies of scale.

C.

Improved work flow.

D.

Increased specialization.

Question 23

According to MA guidance, which of the following would indicate poor change management control?

1. Low change success rate

2. Occasional planned outages

3. Low number of emergency changes.

4. Instances of unauthorized changes

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Question 24

Which of the following would be a risk in the development of end-user computing (EUC) applications, compared to traditional information systems?

Options:

A.

Management might place the same degree of reliance in reports produced by EUC applications as it does in reports produced under traditional systems development procedures .

B.

The organization may incur higher application development and maintenance costs for EUC systems.

C.

Since development time is typically longer for EUC applications, management may not be able to respond quickly to competitive pressures

D.

Management may not be able to make quick and accurate decisions due to a diminished capacity to respond to managerial requests for computerized information

Question 25

Which of the following statements about matrix organizations is false?

Options:

A.

In a matrix organization, conflict between functional and product managers may arise.

B.

In a matrix organization, staff under dual command is more likely to suffer stress at work.

C.

Matrix organizations offer the advantage of greater flexibility.

D.

Matrix organizations minimize costs and simplify communication.

Question 26

Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?

1. The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.

2. The IAA must assess whether the IT governance of the organization supports the organization’s strategies and objectives.

3. The IAA may assess whether the IT governance of the organization supports the organization’s strategies and objectives.

4. The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization’s strategies and objectives.

Options:

A.

1 only

B.

4 only

C.

2 and 4

D.

3 and 4

Question 27

The percentage of sales method, rather than the percentage of receivables method, would be used to estimate uncollectible accounts if an organization seeks to:

Options:

A.

Use an aging schedule to more closely estimate uncollectible accounts.

B.

Eliminate the need for an allowance for doubtful accounts.

C.

Emphasize the accuracy of the net realizable value of the receivables on the balance sheet.

D.

Use a method that approximates the matching principle.

Question 28

Which of the following are typical responsibilities for operational management within a risk management program?

1. Implementing corrective actions to address process deficiencies.

2. Identifying shifts in the organization's risk management environment.

3. Providing guidance and training on risk management processes.

4. Assessing the impact of mitigation strategies and activities.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 29

Which of the following factors is considered a disadvantage of vertical integration?

Options:

A.

It may reduce the flexibility to change partners.

B.

It may not reduce the bargaining power of suppliers.

C.

It may limit the organization's ability to differentiate the product.

D.

It may lead to limited control of proprietary knowledge.

Question 30

A retail organization mistakenly did not include S10.000 of inventory in the physical count at the end of the year. What was the impact to the organization's financial statements?

Options:

A.

Cost of sales and net income are understated

B.

Cost of sales and net income are overstated

C.

Cost of sales is understated and net income is overstated.

D.

Cost of sales is overstated and net income is understated.

Question 31

An organization's internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?

1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.

2. The AIC should notify HR management before the planning stage begins.

3. The AIC should schedule formal status meetings with HR management at the start of the engagement.

4. The AIC should finalize the scope of the engagement before communicating with HR management.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Question 32

When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

Options:

A.

Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.

B.

Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.

C.

Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.

D.

Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Question 33

Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?

Options:

A.

A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.

B.

A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.

C.

A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.

D.

A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.

Question 34

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 35

According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?

1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.

2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.

3. Provide structured learning opportunities for engagement auditors when possible.

4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 36

For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?

Options:

A.

Independently evaluating conflicts of interests.

B.

Assessing contracts for relevant terms and conditions.

C.

Performing statistical analysis for data anomalies.

D.

Preparing evidentiary documentation.

Question 37

The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?

• The annual audit plan should include audits that are consistent with the skills of the IAA.

• Audits of high-risk areas of the organization should be conducted by internal audit staff.

• External resources may be hired to provide subject-matter expertise but should be supervised.

• Auditors should develop their skills by being assigned to complex audits for learning opportunities.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 38

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 39

Which of the following is a detective control for managing the risk of fraud?

Options:

A.

Awareness of prior incidents of fraud.

B.

Contractor non-disclosure agreements.

C.

Verification of currency exchange rates.

D.

Receipts for employee expenses.

Question 40

Which of the following is the primary purpose of financial statement audit engagements?

Options:

A.

To assess the efficiency and effectiveness of the accounting department.

B.

To evaluate organizational and departmental structures, including assessments of process flows related to financial matters.

C.

To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.

D.

To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.

Question 41

Which of the following statements about internal audit's follow-up process is true?

Options:

A.

The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure quality performance.

B.

The actions of external auditors and other external assurance providers is not encompassed by internal audit's follow-up process.

C.

Internal auditors have responsibility for determining if management and the board have implemented the recommended action or otherwise accepted the risk.

D.

The follow-up process must be complete and documented in the working papers in order to conclude the engagement.

Question 42

A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?

1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.

2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.

3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.

4. Include the incident in the next quarterly report to the audit committee.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 43

According to IIA guidance, which of the following is true regarding audit supervision?

1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.

2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.

3. Supervision should include review of engagement workpapers, with documented evidence of the review.

Options:

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 3 only

D.

1, 2, and 3

Question 44

According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?

Options:

A.

The CAE can release prior internal audit reports with the approval of the board and senior management.

B.

The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

C.

The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

D.

The CAE can release prior information provided it is as originally published and distributed within the organization.

Question 45

A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?

Options:

A.

Integrity.

B.

Flexibility.

C.

Initiative.

D.

Curiosity.

Question 46

During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?

Options:

A.

The observation was made during the same audit, and the action plan has a common owner.

B.

The observation relates to the same control activity within a common process.

C.

The observation has a common control, and it was noted in a prior audit.

D.

The observation has a common process, and the action plan for the observation has a common owner.

Question 47

Which of the following is the most important concept to be included in a consulting engagement agreement?

Options:

A.

Define the duties and responsibilities needed from management to perform the engagement.

B.

Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of the review.

C.

Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee.

D.

Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.

Question 48

Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?

Options:

A.

Verify that amounts are correct.

B.

Verify that payments are on time.

C.

Verify that recipients are valid employees.

D.

Verify that benefits deductions are accurate.

Question 49

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Options:

A.

Report follow-up activities to senior management.

B.

Implement follow-up procedures to evaluate residual risk.

C.

Determine the costs of implementing the recommendations.

D.

Evaluate the extent of improvements.

Question 50

An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?

Options:

A.

Conduct a joint brainstorming session with management.

B.

Ask the chief audit executive to mediate.

C.

Disclose the client's differing opinion in the final report.

D.

Escalate the issue to senior management for a decision.

Question 51

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

Options:

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Question 52

According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?

Options:

A.

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

B.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

C.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

D.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

Question 53

According to IIA guidance,which of the following is true about the supervising internal auditor's review notes?

• They are discussed with management prior to finalizing the audit.

• They may be discarded after working papers are amended as appropriate.

• They are created by the auditor to support her fieldwork in case of questions.

• They are not required to support observations issued in the audit report.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Question 54

Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?

Options:

A.

Strategic plans reflect the organization's business objectives and overall attitude toward risk.

B.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.

Strategic plans are likely to show areas of weak financial controls.

D.

The strategic plan is a relatively stable document on which to base audit planning.

Question 55

Which of the following is not an outcome of control self-assessment?

Options:

A.

Informal, soft controls are omitted, and greater focus is placed on hard controls.

B.

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

C.

Internal auditors become involved in and knowledgeable about the self-assessment process.

D.

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

Question 56

Which of the following components should be included in an audit finding?

1. The scope of the audit.

2. The standard(s) used by the auditor to make the evaluation.

3. The engagement's objectives.

4. The factual evidence that the internal auditor found in the course of the examination.

Options:

A.

1 and 2

B.

1 and 3 only

C.

2 and 4

D.

1, 3, and 4

Question 57

According to IIA guidance, which of the following statements are true regarding the internal audit plan?

1. The audit plan is based on an assessment of risks to the organization.

2. The audit plan is designed to determine the effectiveness of the organization's risk management process.

3. The audit plan is developed by senior management of the organization.

4. The audit plan is aligned with the organization's goals.

Options:

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4

D.

1, 3, and 4

Question 58

Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?

1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.

2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.

3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.

4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 59

The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?

Options:

A.

Refuse to accept the consulting engagement because it would be a violation of independence.

B.

Collaborate with the external auditor to ensure the most efficient use of resources.

C.

Accept the engagement but hire an external training specialist to provide the necessary expertise.

D.

Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.

Question 60

According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?

Options:

A.

The employee’s name listed on organization’s payroll is compared to the personnel records.

B.

Payroll time sheets are reviewed and approved by the timekeeper before processing.

C.

Employee access to the payroll database is deactivated immediately upon termination.

D.

Changes to payroll are validated by the personnel department before being processed.

Question 61

Which of the following activities should the chief audit executive perform to ensure compliance with an organization's code of conduct?

Options:

A.

Act as an adviser to the committee responsible for reviewing violations of the code.

B.

Review and adjudicate all violations of the code of conduct.

C.

Lead the committee responsible for the oversight of the code.

D.

Implement a system of procedures to inform all employees of the code.

Question 62

Which of the following factors have the greatest influence on the independence of the internal audit activity?

Options:

A.

Quality assessments and cultural biases of the internal audit activity.

B.

Rotational assignments and familiarity of the internal audit activity.

C.

Employee incentives and self review of the internal audit activity.

D.

Organizational positioning and scope control of the internal audit activity.

Question 63

Which of the following is an example of a directive control?

Options:

A.

Segregation of duties.

B.

Exception reports.

C.

Incentive compensation plans.

D.

Automated reconciliations.

Question 64

An organization is facing a financial downturn and needs to impose major budget reductions to all departments. According to MA guidance, which of the following actions is most appropriate for the board to take to evaluate the potential impact on the internal audit activity?

Options:

A.

Ask management to determine which internal audit engagements are lower risk and could be considered for removal from the annual audit plan.

B.

Ask appropriate stakeholders for their opinion on the potential impacts of reducing the scope of the internal audit plan.

C.

Ask the chief audit executive to determine whether budgetary limitations impede the ability of the internal audit activity to execute its responsibilities.

D.

Ask The human resources department to determine how the annual compensation and salary of the audit staff could be adjusted to achieve savings.

Question 65

Which of the following are core responsibilities to be included in the internal audit charter?

1. Review reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.

2. Determine the adequacy and effectiveness of the organization’s systems of internal accounting and operating controls.

3. Participate in the planning and performance of audits of potential acquisitions with the organization's outside accountants and other members of the corporate staff.

4. Report to those members of management who should be informed of results of audit examinations, the audit opinions formed, and the recommendations made.

Options:

A.

1 and 2.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Question 66

The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?

Options:

A.

The CAE's work may be reviewed by any other experienced staff member within the IAA.

B.

The CAE's work should be reviewed by an individual with the appropriate background and knowledge.

C.

The CAE may self-review his work, provided he discloses this practice in the final report.

D.

The CAE should avoid performing engagements to ensure he is able to review all audit work objectively.

Question 67

Reviewing prior audit reports and supporting workpapers before an engagement starts enables an internal auditor to do which of the following?

1. To understand better the activity and processes that will be audited.

2. To identify the audit procedures that will be used during the engagement.

3. To ensure that matters of greatest vulnerability will be addressed.

4. To use the information obtained as evidence in the current engagement.

Options:

A.

4 only

B.

1 and 3 only

C.

1 and 4 only

D.

2, 3, and 4 only

Question 68

According to COSO, which of the following describes a principle related to the control environment?

Options:

A.

The organization identifies and assesses changes that could significantly impact the system of internal control.

B.

The organization establishes appropriate authorities and responsibilities in the pursuit of objectives.

C.

The organization selects and develops control activities that contribute to the mitigation of risks.

D.

The organization performs evaluations to ascertain whether internal control components are present and functioning.

Question 69

Which of the following is not an objective of internal control?

Options:

A.

Compliance.

B.

Accuracy.

C.

Efficiency.

D.

Validation.

Question 70

An auditor in charge was reviewing the workpapers submitted by a newly hired internal auditor. She noted that the new auditor's analytical work did not include any rating or quantification of the risk assessment results, and she returned the workpapers for correction. Which section of the workpapers will the new auditor need to modify?

Options:

A.

Condition section.

B.

Criteria section.

C.

Effect section.

D.

Cause section.

Question 71

An internal audit charter should do which of the following?

Options:

A.

Outline the schedule of future audits.

B.

Define the scope of internal audit activities.

C.

Establish the size of the internal audit activity.

D.

Communicate the internal audit activity's goals.

Question 72

Faced with a complex, highly technical construction audit engagement, the chief audit executive (CAE) considered complementing the current internal audit resources by engaging the services of a civil engineer.

Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?

1. Professional certification, license, or other recognition of the engineer's competence in the relevant discipline.

2. Experience of the engineer in the type of work being considered.

3. Compensation or other incentives that the engineer may receive.

4. The extent of other ongoing services that the engineer may be performing for the organization.

Options:

A.

1 and 4 only

B.

2 and 3 only

C.

3 and 4 only

D.

1, 2, and 4 only

Question 73

During an audit engagement, the internal auditor discussed a risk mitigation recommendation with the manager of the area under review. The manager disagreed with the risk assessment and recommendation. The two failed to come up with an alternative solution, and the auditor decided to proceed with including the original recommendation in the engagement report. Which of the following is especially important in dealing with this type of situation?

Options:

A.

Soft skills in communication, negotiation, and collaboration.

B.

Technical skills in the area under review.

C.

Professional qualifications and certification in internal auditing.

D.

Confidentiality and independence.

Question 74

If appropriate safeguards exist, which of the following is considered a legitimate internal audit role within risk management at an organization?

Options:

A.

Imposing risk management processes.

B.

Providing consolidated reporting on risks.

C.

Taking accountability for risk management.

D.

Making decisions on risk responses.

Question 75

Click the Exhibit.

Question # 75

Internal auditors are asked to keep track of how many hours per day they spend planning the audit, conducting the engagement, and writing the audit report. The data for two days has been collected as follows:

Day 1

Day 2

Planning the audit

2 hours

3 hours

Conducting the engagement

1 hour

1 hour

Writing the audit report

2 hours

4 hours

Which of the following graphs depicts the data accurately?

Options:

A.

Graph A only

B.

Graph B only

C.

Both A and B.

D.

Neither A nor B.

Question 76

According to IIA guidance, which of the following statements is true when an internal auditor performs consulting services that improve an organization's operations?

Options:

A.

The services must be aligned with those defined in the internal audit charter.

B.

The services must not be performed by the same internal auditor who performed assurance services, in order to maintain objectivity.

C.

The services may preclude assurance services from the consulting engagement.

D.

The services impose no responsibility to communicate information other than to the engagement client.

Question 77

A chief audit executive (CAE) is selecting an internal audit team to perform an audit engagement that requires a high level of knowledge in the areas of finance, investment portfolio management, and taxation. If neither the CAE nor the existing internal audit staff possess the required knowledge, which of the following actions should the CAE take?

Options:

A.

Postpone the audit until the CAE hires internal audit staff with the required knowledge.

B.

Ask the audit committee to decide the course of action.

C.

Select the most experienced auditors in the department to perform the engagement.

D.

Hire consultants who possess the required knowledge to perform the engagement.

Question 78

According to IIA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

Options:

A.

To enable Triple Bottom Line reporting capability.

B.

To facilitate the conduct of risk assessment.

C.

To achieve and maintain sustainable development.

D.

To fulfill regulatory and compliance requirements.

Question 79

Which of the following controls could an internal auditor reasonably conclude is effective by observing the physical controls of a large server room?

Options:

A.

Adequate signs are in place to assist in locating safety equipment.

B.

Servers are secured individually to their racks by locks.

C.

Foam fire extinguishers are operable to protect against electrical fires.

D.

Swipe card access is required to gain access to the server room.

Question 80

An organization invests its savings in a volatile stock with the potential for high gains rather than a mutual fund with a lower expected return and lower volatility. This best describes which of the following risk concepts?

Options:

A.

Risk identification.

B.

Risk appetite.

C.

Risk capacity.

D.

Risk tolerance.

Question 81

While preparing for an audit of senior management expenses, the chief audit executive (CAE) learns that management is unable to locate a number of original expense claims to support the related disbursements. She decides to defer the engagement until they can be located. Which of the following principles likely guided the CAE's decision?

Options:

A.

Objectivity.

B.

Proficiency.

C.

Independence.

D.

Due professional care.

Question 82

Which of the following techniques would provide the most compelling evidence that a safety hazard exists within a manufacturing facility?

Options:

A.

Observation of the facility during operations.

B.

Questioning of facility management, including the facility safety officer.

C.

Analysis of facility operating reports, focusing on instances when breakdowns occurred.

D.

Review of records involving safety violations, filed by facility production employees.

Question 83

An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. Which of the following is an example of risk reduction?

Options:

A.

Management sells the product division to a competitor.

B.

Management outsources the product division to a third party.

C.

Management allows the product division to remain unchanged.

D.

Management modifies the product division to minimize errors.

Question 84

Which of the following professional development approaches would offer internal auditors the most opportunities to broaden their engagement experiences?

Options:

A.

Assign more experienced internal auditors to mentor the less experienced auditors.

B.

Send internal auditors to external trainings in advanced internal audit topics.

C.

Appraise internal auditors' performance and competencies at least annually and issue constructive feedback.

D.

Rotate internal auditors among different engagement assignments.

Question 85

Which of the following enhances the independence of the internal audit activity?

Options:

A.

The chief audit executive (CAE) approves the annual internal audit plan.

B.

The CAE administratively reports to the board.

C.

The audit committee approves the CAE's annual salary increase.

D.

The chief executive officer approves the internal audit charter.

Question 86

According to IIA guidance, when preparing the charter for the internal audit activity, the chief audit executive (CAE), board, and senior management should agree on which of the following?

1. The standards to be used by the internal audit activity.

2. The internal audit activity's code of ethics.

3. The CAE's reporting line.

4. The internal audit activity's responsibilities.

Options:

A.

4 only.

B.

1 and 2 only.

C.

3 and 4.

D.

1,2, and 3.

Question 87

According to The IIA's Code of Ethics, which of the following is true?

Options:

A.

Confidentiality requires that auditors disclose all material facts known to them.

B.

Integrity requires that auditors perform internal audit services in accordance with the Standards.

C.

Objectivity requires that auditors perform their work with honesty, diligence, and responsibility.

D.

Confidentiality requires that auditors be prudent in the use and protection of client information.

Question 88

A government agency maintains a system of internal control, according to the COSO model, and has made a change to its employee performance reviews and rewards program. This change relates to which of the following components of COSO's internal control framework?

Options:

A.

Control environment.

B.

Control activities.

C.

Information and communication.

D.

Monitoring activities.

Question 89

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

Options:

A.

Leadership.

B.

Documentation.

C.

Analysis.

D.

Reporting.

Question 90

Which of the following documents is most appropriate in promoting the objectivity of the internal audit activity?

Options:

A.

Usage of IT system policy.

B.

Risk management framework.

C.

Acceptance of gifts policy.

D.

Personal responsibility policy.

Load More IIA-ACCA Questions 
Page: 1 / 60
Total 604 questions
Get IIA-ACCA Full Access Download IIA-ACCA PDF