Certified Internal Auditor - Part 1,The Internal Audit Activity's Role in Governance,Risk,and Control v8.0

Page:    1 / 38   
Exam contains 566 questions

In a manufacturing organization,all sales prices are determined centrally and are electronically sent to the distribution centers to update their sales price tables. Any pricing deviations must beapproved by central headquarters. To determine how this process is functioning,an internal auditorshould:

  • A. Document the flow of sales price information,and determine how the table is accessed and updated.
  • B. Develop a flowchart of the sales order process to determine how orders are taken and priced.
  • C. Identify who approves the shipment of goods and how the goods are priced.
  • D. Obtain a copy of the existing flowchart for the computer program to determine how price data are accessed.


Answer : A

The primary reason that a bank would maintain a separate compliance function is to:

  • A. Better manage perceived high risks.
  • B. Strengthen controls over the bank's investments.
  • C. Ensure the independence of line and senior management.
  • D. Better respond to shareholder expectations.


Answer : A

Which of the following would be the most useful in developing an annual audit plan?

  • A. General purpose audit software.
  • B. Voting software and hardware.
  • C. Flowcharting and data capture software.
  • D. Risk assessment software.


Answer : D

An organization has developed a large database that tracks employees,employee benefits,payroll deductions,job classifications,and other similar information. In order to test whether data currently within the automated system are correct,an auditorshould:

  • A. Use test data and determine whether all the data entered are captured correctly in the updated database.
  • B. Select a sample of data to be entered for a few days and trace the data to the updated database to determine the correctness of the updates.
  • C. Use generalized audit software to provide a printout of all employees with invalid job descriptions. Investigate the causes of the problems.
  • D. Use generalized audit software to select a sample of employees from the database. Verify the data fields.


Answer : D

Which of the following is not an appropriate role for internal auditors after a disaster occurs?

  • A. Monitor the effectiveness of the recovery and control of operations.
  • B. Correct deficiencies of the entity's business continuity plan.
  • C. Recommend future improvements to the entity's business continuity plan.
  • D. Assist in the identification of lessons learned from the disaster and the recovery operations.


Answer : B

To identify those components of a telecommunications system that present the greatest risk,an internal auditor should first:

  • A. Review the open systems interconnect network model.
  • B. Identify the network operating costs.
  • C. Determine the business purpose of the network.
  • D. Map the network software and hardware products into their respective layers.


Answer : C

In advance of a preliminary survey,a chief audit executive sends a memorandum and questionnaire to the supervisors of the department to be audited. What is the most likely result of that procedure?

  • A. It creates apprehension about the audit engagement.
  • B. It involves the engagement client's supervisory personnel in the audit.
  • C. It is an uneconomical approach to obtaining information.
  • D. It is only useful for audits of distant locations.


Answer : B

Which of the following would be most effective in determining if the percentage of medication orders containing errors improved after a hospital installed a computerized medication-tracking system?

  • A. Compare the proportion of erroneous medication orders before and after system installation for similar periods.
  • B. Compare the number of errors before and after system installation for similar periods.
  • C. Compare,after adjusting for the number of patients,the proportion of erroneous medication orders before and after system installation.
  • D. Compare,after adjusting for the number of patients,the number of errors before and after system installation for similar periods.


Answer : A

Which of the following lists the audit activities in the order in which they would generally be completed during a preliminary survey?
I. Write detailed audit procedures.
II.Identify client objectives,goals,and standards.
III.Identify risks and controls intended to prevent associated losses.
IV.Determine relevant engagement objectives.

  • A. II,I,IV,III.
  • B. II,III,IV,I.
  • C. III,IV,II,I.
  • D. II,IV,I,III.


Answer : B

An organization has a policy requiring two signatures on all checks written for amounts in excess of $10,000. When evaluating controls over disbursements,an auditor would conclude that a greater risk existsif.

  • A. The auditor located two checks for $9,000 each that contained one authorized signature.
  • B. The $10,000 was an immaterial amount to the organization and very few cash disbursements required an amount in excess of $10,000.
  • C. The director of accounting was not one of the authorized signers.
  • D. There were several instances in which successively numbered checks for amounts between $5,000 and $10,000 were made payable to the same vendor.


Answer : D

In order to ensure that the internal auditors have the objectivity required by the
Standards,the chief audit executiveshould:

  • A. Demonstrate willingness to include in engagement final communications all matters believed to be important.
  • B. Require all auditors to sign statements attesting to their independent mental attitudes and honest belief in their work product.
  • C. Carefully assign personnel to individual audit engagements and require auditors to disclose all conflicts of interest.
  • D. Appraise each auditor's performance on each audit assignment.


Answer : C

Which of the following would be the best source of information for a chief audit executive to use in planning future audit staff requirements?

  • A. Discussions of audit needs with executive management and the audit committee.
  • B. Review of audit staff education and training records.
  • C. Review of audit staff size and composition of similar-sized companies in the same industry.
  • D. Interviews with existing audit staff.


Answer : A

In order to save time,an audit manager no longer required that a standard internal control questionnaire be completed for each audit engagement. Does this represent a violation of the Standards?

  • A. Yes,because internal control should be evaluated on every engagement and the internal control questionnaire is the mandated approach to evaluate controls.
  • B. Yes,because internal control should be evaluated on every engagement and the internal control questionnaire is the most efficient method to do so.
  • C. No,because auditors may omit necessary procedures if there is a time constraint,based on audit judgment.
  • D. No,because auditors are not required to complete internal control questionnaires on every engagement.


Answer : D

Inadequate risk assessment would have the strongest negative impact in which of the following phases of an audit engagement?

  • A. Determining the scope.
  • B. Reviewing internal controls.
  • C. Testing.
  • D. Evaluating findings.


Answer : A

An internal auditor is assigned to conduct an audit of security for a local area network
(LAN) in the finance department of the organization. Investment decisions,including the use of hedging strategies and financial derivatives,use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions.
Which of the following should be considered outside the scope of this security audit engagement?

  • A. Investigation of the physical security over access to the components of the LAN.
  • B. The ability of the LAN application to identify data items at the field or record level and implement user access security at that level.
  • C. Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise.
  • D. The level of security of other LANs in the company which also utilize sensitive data.


Answer : D

Page:    1 / 38   
Exam contains 566 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us