QUESTION: 225
To identify those components of a telecommunications system that present the greatest
risk, an internal auditor should first
A. Review the open systems interconnect network model.
B. Identify the network operating costs.
C. Determine the business purpose of the network.
D. Map the network software and hardware products into their respective layers.
Answer: C
QUESTION: 226
An auditor plans toanalyze customer satisfaction,including (1)customer complaints
recordedbythe customer service departmentduring thelast threemonths; (2)
merchandise returnedin thelastthree months; and (3) responses toa surveyof
customerswho made purchases in thelastthree months.Which ofthefollowing
statements regarding this audit approach is correct?
A. Although useful, such an analysis does not address any risk factors.
B. The survey would notconsider customers who did notmake purchases in the last
three months.
C. Steps1 and 2 ofthe analysis are notnecessary or cost-effectiveif the customer
survey is comprehensive.
D. Analysis of three months' activity would not evaluate customer satisfaction.
Answer: B
QUESTION: 227
Wheninternalauditors provideconsulting services,the scope ofthe engagementis
primarily determined by
A. Internal auditing standards.
B. The audit engagement team.
C. The engagement client.
D. The internal audit activity's charter.
Answer: C
QUESTION: 228
An internal auditor is assigned to conduct an audit of security for a local area network
(LAN) in the finance department of the organization. Investment decisions, including
the use of hedging strategies andfinancial derivatives,use data and financial models
which run on the LAN. The LAN is also used to download data from the mainframe to
assist in decisions. Which of the following should be considered outside the scope of
this security audit engagement?
A. Investigation of the physical security over access to the components of the LAN.
B. The ability of the LAN application to identify data items at the field or record level
and implement user access security at that level.
C. Interviews with users to determine their assessment of thelevel of security in the
system and the vulnerability of the system to compromise.
D. The level of security of other LANs in the company which also utilize sensitive data.
Answer: D
QUESTION: 229
At the beginning of fieldwork in an audit of investments, an internal auditor noted that
theinterestratehad declined significantly sincethe engagementworkprogram was
created. The auditor should
A. Proceed with the existing program since this was the original scope of work that was
approved.
B. Modify the audit program and proceed with the engagement.
C. Consultwithmanagementtoverify theinterestrate change andproceed withthe
engagement.
D. Determine the effect of the interest rate change and whether the program should be
modified.
Answer: D
QUESTION: 230
Which of the following measurements could an auditor use in an audit of the efficiency
of a motor vehicle inspection facility?
A. The total number of cars approved.
B. The ratio of cars rejected to total cars inspected.
C. The number of cars inspected per inspection agent.
D. The average amount of fees collected per cashier.
Answer: C
QUESTION: 231
Abakery chainhas astatistical modelthatcan be used topredict daily sales at
individual stores based on a direct relationship to the cost of ingredients used and an
inverse relationship to rainydays.Whatconditions would an auditorlook foras an
indicator of employee theft of food from a specific store?
A. On a rainy day, total sales are greater than expected when compared to the cost of
ingredients used.
B. On a sunny day,total sales areless than expected when compared to the cost of
ingredients used.
C. Both total sales and cost of ingredients used are greater than expected.
D. Both total sales and cost of ingredients used are less than expected.
Answer: B
QUESTION: 232
Which of the following procedures would provide the best evidence of the effectiveness
of a credit-granting function?
A. Observe the process.
B. Review the trend in receivables write-offs.
C. Ask the credit manager about the effectiveness of the function.
D. Check for evidence of credit approval on a sample of customer orders.
Answer: B
QUESTION: 233
Anorganizationhas developed alarge database thattracks employees, employee
benefits, payroll deductions, job classifications, and other similar information. In order
to test whether data currently within the automated system are correct, an auditor should
A. Use test data and determine whether all the data entered are captured correctly in the
updated database.
B. Select a sample of data to be entered for a few days and trace the data to the updated
database to determine the correctness of the updates.
C. Use generalized audit software to provide a printout of all employees with invalid job
descriptions. Investigate the causes of the problems.
D. Use generalized audit software to select a sample of employees from the database.
Verify the data fields.
Answer: D
QUESTION: 234
Seniormanagementat afinancial institutionhas received allegations of fraudatits
derivatives trading desk and has asked the internal audit activity to investigate and issue
a reportconcerningthe allegations. The internalauditactivity hasnotyetdeveloped
sufficient proficiencyregardingderivativestradingto conduct athorough fraud
investigationin this area.Which of the followingcourses of actionshould the chief
audit executive (CAE) take to comply with the Standards?
A. Engage the former head of the institution's derivatives trading desk to perform the
investigation and submit a report with supporting documentation to the CAE.
B. Request thatsenior management allow a delay of thefraud investigation until the
internal audit activity's on-staff certified fraud examiner is able to obtain the appropriate
training regarding the analysis of derivatives trading.
C. Request thatseniormanagementexclude theinternal auditactivity fromthe
investigation completely and instead contract with an external certified fraud examiner
with derivatives experience to perform all aspects of the investigation and subsequent
reporting.
D. Contractwith anexternal certifiedfraudexaminerwith derivatives experienceto
performtheinvestigation andsubsequentreporting,withthe chief auditexecutive
approving the scope oftheinvestigation and evaluating the adequacy ofthe work
performed.
Answer: D
QUESTION: 235
AccordingtotheInternational ProfessionalPracticesFramework,internalauditors
should possess which of the following competencies?
I. Proficiency in applying internal auditing standards, procedures, and techniques.
II. Proficiency in accounting principles and techniques.
III. An understanding of management principles.
IV. An understanding of thefundamentals ofeconomics,commerciallaw,taxation,
finance, and quantitative methods.
A. I only.
B. II only.
C. I and III only.
D. I, III, and IV only.
Answer: D
QUESTION: 236
Which of the following are acceptable resources for a chief audit executive to use when
developing a staffing plan?
I. Co-sourcing arrangements.
II. Employees from other areas of the organization.
III. The organization's external auditors.
IV. The organization's audit committee members.
A. I only.
B. I and II only.
C. II and IV only.
D. I, II, and IV only.
Answer: B
QUESTION: 237
Which of the following would be a violation of the IIA Code of Ethics?
A. Reporting information that could be damaging to the organization, at the request of a
court of law.
B. Including an issue in the final audit report after management has resolved the issue.
C.Participatinginan auditengagementforwhich the auditor does nothave the
necessary experience or training.
D. Accepting a gift that is a commercial advertisement available to the public.
Answer: C
QUESTION: 238
Which of thefollowingis notanappropriate objectivefora qualityassurance and
improvement program?
A. Continually monitor the internal audit activity's effectiveness.
B. Assure conformance with the Standards and Code of Ethics.
C. Perform an internal assessment at least once every five years.
D. Communicate the results of quality assessments to the board.
Answer: C
QUESTION: 239
Accordingtothe International Professional Practices Framework,which of the
following is true with respect to the different roles in the risk management process?
I. Boards have an oversight role.
II. Acceptance of residual risks can reside with the chief audit executive.
III. Theboard candelegatetheoperationoftherisk management framework tothe
management team.
IV. Theinternal auditactivity's rolecanrangefrom havingnoresponsibilities to
managing and coordinating the process.
A. I only.
B. II and IV only.
C. I, III, and IV only.
D. I, II, III, and IV.
Answer: C
QUESTION: 240
Which of the following types of risk factors are used within risk models to establish the
priority of internal audit engagements?
I. Management competence.
II. Quality of internal controls.
III. Audit staff experience.
IV. Regulatory requirements.
A. II only.
B. I, II, and III only.
C. I, II, and IV only.
D. I, III, and IV only.
Answer: C
QUESTION: 241
Which of the following is not an appropriate type of coordination between the internal
audit activity and regulatory auditors?
A.Regulatoryauditors share theirperspectiveon riskmanagement,control,and
governance with the internal auditors.
B. Internal auditors perform fieldwork at the direction of the regulatory auditors.
C. Internal auditors review copies of regulatory reports in planning related internal
engagements.
D. Regulatory and internal auditors exchange information about planned activities.
Answer: B
QUESTION: 242
An organization's accounts payable function improved its internal controls significantly
after it received an unsatisfactory audit report. When planning a follow-up audit of the
function,whatlevel ofdetection risk shouldbeexpected ifthe auditandsampling
procedures used are unchanged from the prior audit?
A. Detection risk is lower because control risk is lower.
B. Detection risk is lower because control risk is higher.
C. Detection risk is higher because control risk is lower.
D. Detection risk is unchanged although control risk is lower.
Answer: D
QUESTION: 243
Which of the following is an appropriate role for the board in governance?
A.Preparingwritten organizational policies thatrelatetocompliancewithlaws,
regulations, ethics, and conflicts of interest.
B. Ensuring that financial statements are understandable, transparent, and reliable.
C. Assisting the internal audit activity in performing annual reviews of governance.
D.Workingwith the organization's attorneys todevelopa strategy regardingcurrent
litigation, pending litigation, or regulatory proceedings governance.
Answer: B
QUESTION: 244
Accordingtothe International Professional Practices Framework,which of the
following are allowable activities for an internal auditor?
I. Advocating the establishment of a risk management function.
II. Identifying and evaluating significant risk exposures during audit engagements.
III. Developing a risk response for the organization if there is no chief risk officer.
IV. Benchmarking risk management activities with other organizations.
V. Documenting risk mitigation strategies and techniques.
A. IV and V only.
B. I, II, and III only.
C. I, II, IV, and V only.
D. II, III, IV, and V only.
Answer: C
QUESTION: 245
Accordingtothe International Professional Practices Framework,which of the
following should be stated in the internal audit charter?
I. Authorization for access to records.
II. The internal audit activity's position within the organization.
III. The relationship between the internal audit activity and the board.
IV. The scope of internal audit activities.
A. I and IV only.
B. II and III only.
C. I, II, and IV only.
D. I, II, III, and IV.
Answer: C
QUESTION: 246
Which of the following is not an appropriate role for internal auditors after a disaster
occurs?
A. Monitor the effectiveness of the recovery and control of operations.
B. Correct deficiencies of the entity's business continuity plan.
C. Recommend future improvements to the entity's business continuity plan.
D. Assistintheidentification of lessons learnedfromthe disaster and the recovery
operations.
Answer: B
QUESTION: 247
Which component is the foundation of the COSO internal control framework?
A. Risk assessment.
B. Control environment.
C. Control activities.
D. Monitoring.
Answer: B
QUESTION: 248
Which of the following best describes the underlying premise of the COSO enterprise
risk management framework?
A. Management should set objectives before assessing risk.
B. Every entity exists to provide value for its stakeholders.
C. Policies are established to ensure that risk responses are performed effectively.
D. Enterprise risk management can minimize the impact and likelihood of unanticipated
events.
Answer: B
QUESTION: 249
Which of the following is an example of sharing risk?
A. An organization redesigned a business process to change the risk pattern.
B. An organization outsourced a portion of its services to a third-party service provider.
C. An organization sold an unprofitable business unit to its competitor.
D. In ordertospread totalrisk,anorganization usedmultiplevendors forcritical
materials.
Answer: B
QUESTION: 250
A records management system is an example of what type of control?
A. Preventive.
B. Detective.
C. Corrective.
D. Directive.
Answer: A
QUESTION: 251
Which of the following procedures is nota step that an auditor would perform when
planning an audit of an organization?
A. Obtaining detailed knowledge about the organization.
B. Obtaining a management representation letter.
C. Assessing the audit risk of the organization.
D. Having discussions with the organization's management team.
Answer: B
QUESTION: 252
Which of thefollowing riskassessmenttoolswouldbestfacilitate thematchingof
controls to risks?
A. Control matrix.
B. Internal control questionnaire.
C. Control flowchart.
D. Program evaluation and review technique (PERT) analysis.
Answer: A
QUESTION: 253
Whichof thefollowingfactors shouldbe considered when determining thestaff
requirements for an audit engagement?
I. The internal audit activity's time constraints.
II. The nature and complexity of the area to be audited.
III. The period of time since the area was last audited.
IV. The auditors' preference to audit the area.
V. The results of a preliminary risk assessment of the activity under review.
A. I and IV only.
B. I, II, and V only.
C. II, III, and V only.
D. I, II, III, IV, and V.
Answer: B
For More exams visit https://killexams.com
�
Kill your exam at First Attempt....Guaranteed!
No comments:
Post a Comment