Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

IIA IIA-ACCA - ACCA CIA Challenge Exam

IIA IIA-ACCA Premium Access     Download Demo    
Page: 7 / 13
Total 604 questions

An internal auditor is performing analytical reviews as part of an audit of a supermarket's merchandising department. Because the economy has declined since midyear, the auditor can expect to encounter which of the following?

A.

Higher inventory turnover.

B.

Higher operating margin.

C.

Lower obsolete stock disposal.

D.

Lower sales volume.

Which of the following are components of the ISO 31000 risk management process?

1. Setting the context.

2. Risk treatment.

3. Risk avoidance.

4. Communication.

A.

1 and 2 only.

B.

2 and 3.

C.

3 and 4.

D.

1,2, and 4.

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

A.

A monitoring process.

B.

A risk assessment process.

C.

A strategic objective-setting process.

D.

An information and communication process.

Which of the following is the most common method of fraud detection?

A.

Analytical reviews of high-risk areas.

B.

Detective controls built into the daily processes.

C.

Unannounced audits or reviews of programs or departments.

D.

Tips received from employees or citizens.

An internal audit activity is using the auditing-by-element approach to audit the organization's controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?

A.

Working conditions.

B.

Employees' families.

C.

Marketplace competition.

D.

Shareholders and investors.

Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?

A.

If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.

B.

Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is C. required to conduct privacy assessments.

C.

The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.

D.

The internal audit activity should have appropriate knowledge and competence to conduct an asses .......framework.

A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization's payroll function, which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?

A.

She may participate, but only after she has completed one year with the IAA.

B.

She may participate, because she did not previously work in the Human Resources Department.

C.

She may participate, but she must be supervised by the auditor in charge.

D.

She may participate for training purposes, to build her knowledge of the IAA.

An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

A.

Preventive controls.

B.

Detective controls.

C.

Soft controls.

D.

Directive controls.

While preparing for an audit of senior management expenses, the chief audit executive (CAE) learns that management is unable to locate a number of original expense claims to support the related disbursements. She decides to defer the engagement until they can be located. Which of the following principles likely guided the CAE's decision?

A.

Objectivity.

B.

Proficiency.

C.

Independence.

D.

Due professional care.

An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use?

A.

Statistical sampling only

B.

Nonstatistical sampling only

C.

A combination of both statistical and nonstatistical sampling.

D.

Neither approach to testing the audit theory would be cost effective.

An internal auditor in a small broadcasting organization was assigned to review the revenue collection process. The auditor discovered that some checks from three customers were never recorded in the organization's financial records. Which of the following documents would be the least useful for the auditor to verify the finding?

A.

Bank statements.

B.

Customer confirmation letters.

C.

Copies of sales invoices.

D.

Copies of deposit slips.

What is the additional advantage of facilitated workshops, in comparison with structured interviews, used when testing the effectiveness of entity-level controls?

A.

During facilitated workshops, people more openly say things to internal auditors than during private interviews.

B.

Internal auditors do not need other sources of information, as the data gathered during facilitated workshops is sufficient.

C.

Facilitated workshops create a synergy of discussion that can bring multiple perspectives to the same issue.

D.

The testimonial evidence obtained during facilitated workshops is generally considered more reliable.

Which of the following is a common type of payroll fraud?

A.

Unauthorized overtime.

B.

Fictitious employees.

C.

Unearned bonuses or commissions.

D.

Skimming.

According to IIA guidance, which of the following statements is true regarding periodic internal assessments of the internal audit activity?

A.

Internal assessments are conducted to benchmark the internal audit activity's performance against industry best practices.

B.

Internal assessments must be performed at least once every five years by a qualified assessor.

C.

An internal auditor may perform a peer review of a colleague's workpapers, as long as the auditor wasn't involved in the audit under review.

D.

Follow-up to ensure appropriate improvements are implemented is a recommended, but not mandatory, element of internal assessments.

The security department uncovered what appears to be a complex fraud in the accounting department. The CEO has requested the internal audit activity to investigate the fraud. If the internal audit staff lacks the expertise to conduct the investigation, how should the chief audit executive proceed?

A.

Disclose the deficiency, and request that the investigation be reassigned to the first line of defense.

B.

Proceed with the investigation, as internal auditors are not required to have fraud expertise.

C.

Outsource the sensitive investigation to a third-party consultant with fraud expertise.

D.

Select a member of the accounting department who is not involved in the fraud to join the investigation team in a consulting capacity.