Esta é uma pré-visualização de arquivo. Entre para ver o arquivo original
2 Let’s Connect with Each Other Web: www.zainacademy.us Web: www.mzain.org Email: help@zainacademy.us Email: help@mzain.org WhatsApp (Messaging & Call): +92 311 222 4261 International Call: +92 311 222 4261 US & Canada Call: +1 646 979 0865 Facebook: https://www.facebook.com/zainacademy YouTube: https://www.youtube.com/c/zainacademy LinkedIn: https://www.linkedin.com/in/mzainhabib/ Twitter: https://twitter.com/mzaincpacmacia Instagram: https://www.instagram.com/mzain.cpa.cma.cia/ Pinterest: https://www.pinterest.com/mzainhabib/ Amazon: https://www.amazon.com/MUHAMMAD-ZAIN/e/B07K2G2R8M Telegram: https://t.me/ZainAcademy Tumblr: https://zainacademy.tumblr.com/ Medium: https://medium.com/@muhammad_zain_cpa_cma_cia http://www.zainacademy.us/ http://www.mzain.org/ mailto:help@zainacademy.us mailto:help@mzain.org https://www.facebook.com/zainacademy https://www.youtube.com/c/zainacademy https://www.linkedin.com/in/mzainhabib/ https://twitter.com/mzaincpacmacia https://www.instagram.com/mzain.cpa.cma.cia/ https://www.pinterest.com/mzainhabib/ https://www.amazon.com/MUHAMMAD-ZAIN/e/B07K2G2R8M https://t.me/ZainAcademy https://zainacademy.tumblr.com/ https://medium.com/@muhammad_zain_cpa_cma_cia INDEX Preface…………………………………………………………………………………………………………………..5 Certified Internal Auditor (CIA) – US Basic Information………………………………………….6 Letter from Muhammad Zain…………………………………………..………………………………….17 Section A – Essentials of Internal Auditing……………………..……………………………………21 Sub - Section I – Foundations of Internal Auditing………………..……………………………..22 Sub - Section II – Independence and Objectivity….…………………………………………….143 Sub - Section III – Proficiency and Due Professional Care……………………………………230 Sub - Section IV – Quality Assurance and Improvement Program…………………….…513 Sub - Section V – Governance, Risk Management and Controls…………………….……763 Sub - Section VI – Fraud Risks……………………………………………………………………..……1241 INDEX Section B – Practice of Internal Auditing…………………..………………………………………1580 Sub - Section I – Managing the Internal Audit Activity…………………………………...…1581 Sub - Section II – Planning the Engagement………………………………………………………1991 Sub - Section III – Performing the Engagement..……………………………………….……...2294 Sub - Section IV – Communicating Engagement Results and Monitoring Progress………………………………………………………………………………….3083 Section C – Business Knowledge for Internal Auditing………………………………………3498 Sub - Section I – Business Acumen……………………………………..………………………….…3499 Sub - Section II – Information Security……………………………………………………3883 Sub – Section III – Information Technology…………………………………………………….…4078 Books Written By Muhammad Zain……………………………………………….………………….4361 Quotes That Will Change Your Life………………………………………………………………..….4369 5 PREFACE All the knowledge possessed by me is a gift from Almighty Allah. The Creator of the Heavens and the earth blessed me with the success of passing Certified Public Accountant (CPA), Certified Management Accountant (CMA), Certified Internal Auditor (CIA), and Masters of Business Administration (MBA) exams in 1st attempt. I am profoundly grateful to my family for providing all the resources and time at their disposal for my enrichment morally, physically, and spiritually. I am also thankful to my teachers, who delivered their knowledge, wisdom, and experience. The knowledge, resources, views, facts, and information presented in this book are a voice from my heart bestowed by Allah and my experience gained during my entire lifetime. I capitalized hours searching the Internet, Blogs, Social media, and Wikipedia to update my knowledge and notebook as part of my continuous learning objective. I am highly indebted to contributors to Google, Blogs, Social Media, and Wikipedia for presenting me with the ocean of knowledge and insights. The more I dived deep into the ocean, the more I concluded that we human beings are only given limited knowledge, which is unexplored and undiscovered entirely to this date. This curiosity of mankind is bringing innovations, discoveries, and ideas. Any resemblance to any copyrighted material available on the planet is purely coincidental and unintentional. I allow the readers of this book to use it for any related educational purpose and reproduce the contents as long as the original text in this book is unaltered. I give reasonable assurance that the information provided in this book is correct according to my knowledge and belief. There may be circumstances where potential readers challenge the information presented. I welcome these challenges to correct me for future updates. May the Lord, Master of the day of Judgement and to whom the sovereignty belongs, bless me more and my readers in this world and in particular in life hereafter (Ameen). 6 CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Certified Internal Auditor (CIA) certification is offered by the Institute of Internal Auditors (IIA), US. It is a premium internal auditing qualification having a global presence. CIA is a symbol of excellence in compliance reporting, risk management, and consultancy. The IIA releases the primary guidance for the profession, such as International Professional Practices Framework (IPPF), Code of Ethics, International Standards for the Professional Practice of Internal Auditing. Membership with IIA is not required to earn a CIA designation. Candidates can save their earned money by not choosing the membership. Chapters and affiliated institutes hold regular meetings, seminars, and conferences to develop networking, contacts, and social bonding. It is advisable to attend these types of events to learn about the current practices in internal auditing. Why Choose CIA The Certified Internal Auditor (CIA) credential offers many benefits. CIA certification can help you move forward in a focused direction. CIA certification gives a message that you are a proficient internal auditor who can bring valuable insights and experience. CIA holders can be entrusted with significant responsibility. CIA also helps in increasing accounting knowledge and skill. CIA holders earning potential is excellent as compared to non-certified peers. Companies retain talented individuals by giving them market-based remuneration, bonuses, perks, fringe benefits, vacations. Qualified individuals earning is multiplied if he/she opens consultancy, compliance or internal auditing firm. 7 CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Way To Achieve CIA Credential The candidates must meet the four Es requirement, i.e., Education, Ethics, Examination, and Experience for achieving the CIA designation. Three years is provided by the Institute to get certified. However, the candidates can apply for one of the three types of 1-year eligibility extension i.e. hardship, non-hardship, and exam eligibility. Each type of extension has its procedures and fees. Please refer to the CIA Candidate Handbook as available from the IIA website. CIA Examination Candidates have to pass just one exam to become certified. 150 Questions will be asked in 3 hours time period. Each MCQ has to be solved in 1.2 minutes. IIA Retired Questions Test Bank Questions available with all the publishers are retired questions by IIA. 75% of the questions are same with every publisher. The rest 25% is their creativity. REMEMBER that actual CIA exam questions are non-disclosed and are not available to anyone. 8 CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION CIA Exam Scoring The CIA exam is computer-graded. The candidate will receive the result within five minutes of finishing the exam. Scores are determined by the difficulty level of questions asked and converting the value of questions answered correctly to a scale that ranges between 250 to 750. A score of at least 600 is required to pass the exam, i.e. 80%. If the questions are of higher IQ level, the passing score can go below 600, but if the items tested are easy, then passing criteria can go up from 600. Whether the questions being asked are easy or difficult, I suggest for Choice D: Access to the external auditor’s engagement records cannot be guaranteed. 512 CORRECT ANSWER IS B . Its Explanation is The charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities. INCORRECT CHOICES EXPLANATION 513 Sub - Section IV Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 113 Quality program assessments may be performed internally or externally. A distinguishing feature of an external assessment is its objective to A. Determine whether internal audit services meet professional standards. B. Set forth the recommendations for improvement. C. Provide independent assurance. D. Identify tasks that can be performed better. 741 Sub - Section IV Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 113 Explanation for Choice A: An internal assessment will determine whether internal audit services meet professional standards. Explanation for Choice B: An internal assessment will set forth recommendations for improvement. Explanation for Choice D: An internal assessment will identify tasks that can be performed better. 742 CORRECT ANSWER IS C . Its Explanation is External assessments must be conducted at least once every 5 years by a qualified, independent reviewer or review team from outside the organization. Individuals who perform the external assessment are free of any obligation to, or interest in, the organization whose internal audit activity is assessed. INCORRECT CHOICES EXPLANATION Sub - Section IV Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 114 Periodic internal assessments of the internal audit activity primarily serve the needs of A. The board of directors. B. The chief audit executive (CAE). C. The internal audit activity’s staff. D. Senior management. 743 Sub - Section IV Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 114 Explanation for Choice A: The directors are secondary users of a periodic internal assessment. Explanation for Choice C: The internal audit activity staff are secondary users of a periodic internal assessment. Explanation for Choice D: Senior management is a secondary user of a periodic internal assessment. 744 CORRECT ANSWER IS B . Its Explanation is Those conducting internal assessments generally should report to the CAE while performing the reviews and communicate directly to the CAE. INCORRECT CHOICES EXPLANATION Sub - Section IV Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 115 An external assessment of an internal audit activity contains an expressed opinion. The opinion may apply to A. Only to the effectiveness of the internal auditing coverage. B. Only to the internal audit activity’s conformance with the Standards. C. Only to the adequacy of internal control. D. Conformance with the Standards and an assessment for each standard. 745 Sub - Section IV Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 115 Explanation for Choice A: The scope of an external assessment extends to more than the effectiveness of the internal auditing coverage. Explanation for Choice B: An opinion may be expressed on the Standards and an assessment may be made for each standard or series of standards. Explanation for Choice C: An external assessment addresses the internal audit activity, not the adequacy of the organization’s controls. 746 CORRECT ANSWER IS D . Its Explanation is External assessments of an internal audit activity contain an expressed opinion or conclusion on overall conformance with the Standards and possibly an assessment for each standard or series of standards. An external assessment also includes, as appropriate, recommendations (corrective action plans) for improvement. INCORRECT CHOICES EXPLANATION Sub - Section IV Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 116 Which of the following is only part of an internal audit activity’s quality assurance program rather than being included as part of other responsibilities of the chief audit executive (CAE)? A. Each individual internal auditor’s performance is appraised at least annually. B. Management approves a formal charter establishing the purpose, authority, and responsibility of the internal audit activity. C. Supervision of an internal auditor’s work is performed throughout each audit engagement. D. The CAE provides information about and access to internal audit working papers to the external auditors to enable them to understand and determine the degree to which they may rely on the internal auditors’ work. 747 Sub - Section IV Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 116 Explanation for Choice A: Individual performance appraisals are part of a CAE’s responsibility for personnel management and development. Explanation for Choice B: A CAE’s responsibility to seek approval of a charter to establish the authority, purpose, and responsibility of the internal audit activity is not part of a quality assurance program. Explanation for Choice D: Providing working papers to the external auditors relates to the responsibility of the CAE to coordinate with external auditors. 748 CORRECT ANSWER IS C . Its Explanation is The CAE develops and maintains a quality assurance and improvement program (Attr. Std. 1300) that includes (1) external assessments and (2) ongoing and periodic internal assessments. Ongoing monitoring is incorporated into the routine policies and practices used to manage the internal audit activity. Among the processes used in ongoing internal assessments is engagement planning and supervision (IG 1311). INCORRECT CHOICES EXPLANATION Sub - Section IV Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 117 The interpretation related to quality assurance given by the Standards is that A. External assessments can provide senior management and the board with independent assurance about the quality of the internal audit activity. B. Appropriate follow-up to an external assessment is the responsibility of the chief audit executive’s immediate supervisor. C. Supervision is limited to the planning, examination, evaluation, communication, and follow-up process. D. The internal audit activity is primarily measured against The IIA’s Code of Ethics. 749 Sub - Section IV Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 117 Explanation for Choice B: The communication of final results of an external assessment should include the CAE’s responses. These include corrective action plans. Explanation for Choice C: Supervision begins with planning and continues throughout the engagement. Explanation for Choice D: The external assessment considers the internal audit activity’s conformance with the Standards and the Code of Ethics. 750 CORRECT ANSWER IS A . Its Explanation is External assessments provide an independent and objective evaluation of the internal audit activity’s compliance with the Standards and Code of Ethics. INCORRECT CHOICES EXPLANATION Sub - Section IV Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 118 Potential conflicts of interest with the quality assurance assessment team should be disclosed to A. Internal audit activity. B. Chief audit executive. C. Internal audit staff. D. Senior management and the board. 751 Sub - Section IV Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 118 Explanation for Choice A: Potential conflicts of interest with the quality assurance assessment team should not be disclosed to the internal audit activity. Explanation for Choice B: The chief audit executive should disclose the potential conflicts of interest with the quality assurance assessment team to the appropriate parties. Explanation for Choice C: Potential conflicts of interest with the quality assurance assessment team should not be disclosed to the internal audit staff. 752 CORRECT ANSWER IS D . Its Explanation is The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Disclosures should include the qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest. INCORRECT CHOICES EXPLANATION Sub - Section IV Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 119 Following an external assessment of the internal audit activity, who is (are) responsible for communicating the results to the board? A. Chief audit executive. B. Audit committee. C. External auditors. D. Internal auditors. 753 Sub - Section IV Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 119 Explanation for Choice B: The chief audit executive (not the audit committee) is responsible for communicating the results of external assessments to the board. Explanation for Choice C: The chief audit executive (not external auditors) is responsible for communicating the results of external assessments to the board. Explanation for Choice D: The chief audit executive (not internal auditors) is responsible for communicating the results of external assessments to the board. 754 CORRECT ANSWER IS A . Its Explanation is The chief audit executive must communicate the results of the QAIP to senior management and the board INCORRECT CHOICES EXPLANATION Sub - Section IV Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 120 The chief audit executive’s disclosure to senior management and the board regarding the QAIP should include all of the following except A. Corrective action plans. B. Scope and frequency of external assessments. C. Conclusions of assessors. D. Checklists or automation tools used. 755 Sub - Section IV Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 120 Explanation for Choice A: Corrective action plans should be disclosed to senior management and the board. Explanation for Choice B: The scope and frequency of external assessments should be disclosed to senior management and the board. Explanation for Choice C: Conclusions of assessors should be disclosed to senior management and the board. 756 CORRECT ANSWER IS D . Its Explanation is Attribute Standard 1320, Reporting on the Quality Assurance and Improvement Program, states, “The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Disclosure should include (1) the scope and frequency of both the internal and external assessments; (2) the qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest; (3) conclusions of assessors; and (4) corrective action plans.” Checklists or automation tools used do not require disclosure. INCORRECT CHOICES EXPLANATION Sub - Section IV Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 121 Internal auditors may include in their audit report that their activities conform with The IIA Standards. They may use this statement only if A. An independent external assessment of the internal audit activity is conducted annually. B. Senior management or the board is accountable for implementing a quality program. C. External assessments of the internal audit activity are made by external auditors. D. It is supported by the results of the quality program. 757 Sub - Section IV Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 121 Explanation for Choice A: An independent external assessment of the internal audit activity must be conducted at least once every 5 years. Explanation for Choice B: The CAE must develop and maintain a QAIP that covers all aspects of the internal audit activity. Explanation for Choice C: Assessments also may be made by others who are (1) independent, (2) qualified, and (3) from outside - the organization. 758 CORRECT ANSWER IS D . Its Explanation is The chief audit executive may state that the internal audit activity conforms with the International Standards for the Professional Practice of Internal Auditing only if the results of the quality assurance and improvement program support this statement. INCORRECT CHOICES EXPLANATION Sub - Section IV Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 122 Which of the following is the appropriate response when nonconformance with the Code of Ethics or the Standards impacts the overall scope or operation of the internal audit activity? A. External assessments of the organization’s quality assurance and improvement program must be performed annually. B. The chief audit executive must disclose the nonconformance and the impact to senior management and the board. C. Senior management must reevaluate the qualifications and independence of the assessor(s). D. The internal audit activity must reinforce expectations outlined in the audit plan. 759 Sub - Section IV Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 122 Explanation for Choice A: External assessments must be conducted at least once every five years, not annually, by a qualified, independent assessor or assessment team from outside the organization. Explanation for Choice C: According to Attribute Standard 1310, Reporting on the Quality Assurance and Improvement Program, the qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest, should be disclosed to senior management and the board by the chief audit executive. But this is not the appropriate response when nonconformance with the Code of Ethics or the Standards impacts the overall scope or operation of the internal audit activity. Explanation for Choice D: Reinforcing expectations outlined in the audit plan is not the appropriate response when nonconformance with the Code of Ethics or the Standards impacts the overall scope or operation of the internal audit activity. 760 CORRECT ANSWER IS B . Its Explanation is Attribute Standard 1322, Disclosure on Nonconformance, states, “When nonconformance with the Code of Ethics or the Standards impacts the overall scope or operation of the internal audit activity, the chief audit executive must disclose the nonconformance and the impact to senior management and the board.” Nonconformance of this type refers to the overall internal audit activity and not to specific engagements. INCORRECT CHOICES EXPLANATION Sub - Section IV Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 123 Which of the following would demonstrate that the internal audit activity is in compliance with IIA practices? A. The results of periodic internal assessments are communicated at least twice a year. B. The results of external assessments are communicated upon their completion. C. The chief audit executive determines the form and content of the results communicated. D. The results of ongoing monitoring are communicated upon their completion. 761 Sub - Section IV Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 123 Explanation for Choice A: The results of periodic internal assessments are communicated upon their completion. Explanation for Choice C: The form, content, and frequency of communicating the results of the quality assurance and improvement program is established through discussions with senior management and the board and considers the responsibilities of the internal audit activity and chief audit executive as contained in the internal audit charter. Explanation for Choice D: The results of ongoing monitoring are communicated at least annually. 762 CORRECT ANSWER IS B . Its Explanation is “To demonstrate conformance with the Definition of Internal Auditing and the Standards, and application of the Code of Ethics, the results of external and periodic internal assessments are communicated upon completion of such assessments and the results of ongoing monitoring are communicated at least annually. The results include the assessor’s or assessment team’s evaluation with respect to the degree of conformance”. INCORRECT CHOICES EXPLANATION 763 Sub - Section V Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 228 According to the Standards, what is the role of internal audit as it relates to risk management? A. Identify and assess significant risks within the organization. B. Determine the risk appetite of the organization. C. Communicate relevant risk information to the appropriate people within the organization. D. Evaluate the effectiveness of the risk management process. 1219 Sub - Section V Governance, Risk Management and Controls ANSWER TO QUESTION NO. 228 Explanation for Choice A: According to Standard 2120 - Risk Management, this is one of the areas that internal audit would assess in determining the effectiveness of risk management processes. Explanation for Choice B: According to Standard 2120 - Risk Management, this is one of the areas that internal audit would assess in determining the effectiveness of risk management processes. Explanation for Choice C: According to Standard 2120 - Risk Management, this is one of the areas that internal audit would assess in determining the effectiveness of risk management processes. 1220 CORRECT ANSWER IS D . Its Explanation is According to Standard 2120, “The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes.” INCORRECT CHOICES EXPLANATION Sub - Section V Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 229 It is not uncommon for organizations to develop a formal risk appetite statement. Which of the following would not be included in the statement? A. Management compensation packages are regularly reviewed by the board’s remuneration committee before being approved by the board. B. The company will use derivative instruments only for hedging purposes. C. The company will not give additional trade credit to creditors whose accounts are more than 40 days past due. D. The company may not keep more than 20% of its cash in a single bank. 1221 Sub - Section V Governance, Risk Management and Controls ANSWER TO QUESTION NO. 229 Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice C: See the correct answer for an explanation. Explanation for Choice D: See the correct answer for an explanation. 1222 CORRECT ANSWER IS A . Its Explanation is Formalizing risk appetite means putting it in writing so that there is little confusion about the board and management’s attitude toward risk. Determining the level of management remuneration is a function of the company’s remuneration committee. INCORRECT CHOICES EXPLANATION Sub - Section V Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 230 Companies respond to risk differently depending upon impact and likelihood. What would be a company’s risk response if the company decided to self-insure its employees’ health care? A. Strategize the risk. B. Retain the risk. C. Avoid the risk. D. Transfer the risk. 1223 Sub - Section V Governance, Risk Management and Controls ANSWER TO QUESTION NO. 230 Explanation for Choice A: See the correct answer for an explanation. Explanation for Choice C: See the correct answer for an explanation. Explanation for Choice D: See the correct answer for an explanation. 1224 CORRECT ANSWER IS B . Its Explanation is If a company decides to self-insure its employees for health care, it is retaining the risk. If there are health issues with its employees, then the company would pay for those issues out of its own money. INCORRECT CHOICES EXPLANATION Sub - Section V Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 231 Many organizations use electronic funds transfer to pay their suppliers instead of issuing checks. Regarding the risks associated with issuing checks, which of the following risk management techniques does this represent? A. Transferring. B. Controlling. C. Accepting. D. Avoiding. 1225 Sub - Section V Governance, Risk Management and Controls ANSWER TO QUESTION NO. 231 Explanation for Choice A: Risk is not transferred to anyone else; it is eliminated. Explanation for Choice B: Eliminating checks does not represent an ongoing control. Explanation for Choice C: Eliminating checks avoids instead of accepts the associated risk. 1226 CORRECT ANSWER IS D . Its Explanation is By eliminating checks, the organization avoids all risk associated with them. INCORRECT CHOICES EXPLANATION Sub - Section V Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 232 According to the 2017 COSO publication, Enterprise Risk Management: Integrating with Strategy and Performance, when should enterprise risk management take place? A. At the same time as the organization's strategies and objectives are being set for the coming period. B. At the same time as the organization's strategies and objectives are being set for the coming period and on an ongoing basis. C. Before the organization's strategies and objectives are set for the coming period. D. Immediately after the organization’s strategies and objectives have been set for the coming period. 1227 Sub - Section V Governance, Risk Management and Controls ANSWER TO QUESTION NO. 232 Explanation for Choice A: Enterprise risk management enhances strategy selection when it is integrated with strategy selection. However, enterprise risk management is also an ongoing activity. It is not something that can be done once. Explanation for Choice C: Enterprise risk management should not take place before the organization's strategies and objectives are set. Explanation for Choice D: Enterprise risk management should not be treated as an add-on activity after a strategy has been chosen. 1228 CORRECT ANSWER IS B . Its Explanation is Enterprise risk management enhances strategy selection when it is integrated with strategy selection. Integrating ERM with strategy selection enables the organization to consider the risks inherent in the strategy under consideration, whether the strategy will align with the organization’s mission, vision, and values, and whether it might have unintended consequences. Furthermore, enterprise risk management is an ongoing activity. Review and revision is an important component of ERM. As part of its regular review of the organization’s performance, management should consider how well the components of its enterprise risk management are functioning over time. If substantial changes occur, management should consider what revisions are needed. INCORRECT CHOICES EXPLANATION Sub - Section V Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 233 Which of the following enterprise risk management (ERM) components influences the risk consciousness of an organization's people and is the basis for all other ERM components? A. Governance and culture. B. Information and communication. C. Performance. D. Objective setting. 1229 Sub - Section V Governance, Risk Management and Controls ANSWER TO QUESTION NO. 233 Explanation for Choice B: Information and communication is not the component of ERM that influences the risk consciousness of the organization. Explanation for Choice C: Performance is not the component of ERM that influences the risk consciousness of the organization. Explanation for Choice D: Objective setting is not the component of ERM that influences the risk consciousness of the organization. 1230 CORRECT ANSWER IS A . Its Explanation is The governance and culture of the organization is what sets the organization's tone in respect to risk management. INCORRECT CHOICES EXPLANATION Sub - Section V Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 234 When assessing the risk associated with an activity, an internal auditor should: A. Update the risk management process based on risk exposures. B. Provide assurance on the management of the risk. C. Determine how the risk should best be managed. D. Design controls to mitigate the identified risks. 1231 Sub - Section V Governance, Risk Management and Controls ANSWER TO QUESTION NO. 234 Explanation for Choice A: Designing and updating the risk management process is the role of management. Explanation for Choice C: Determining how unacceptable risk should be managed is the role of management. Explanation for Choice D: Designing controls would impair the internal auditor’s independence. 1232 CORRECT ANSWER IS B . Its Explanation is Assurance services involve the internal auditor’s objective assessment of management’s risk management activities and the degree to which they are effective. INCORRECT CHOICES EXPLANATION Sub - Section V Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 235 Which of the following would be a preventive control? A. Comparing a bank deposit slip with the total cash received as noted on a prelisting sheet prepared in the mail room. B. Approving customer credit prior to shipping merchandise. C. Reviewing the sequence of pre-numbered documents. D. Scanning the general ledger for accounts with unusually high or low balances. 1233 Sub - Section V Governance, Risk Management and Controls ANSWER TO QUESTION NO. 235 Explanation for Choice A: Comparing a bank deposit slip with the total cash received as noted on a prelisting sheet prepared in the mail room is not a preventive control. Explanation for Choice C: Reviewing the sequence of pre-numbered is not a preventive control. Explanation for Choice D: Scanning the general ledger for accounts with unusually high or low balances is detective control, not a preventive control. 1234 CORRECT ANSWER IS B . Its Explanation is Approving a customer before shipping merchandise is a preventive control as it should prevent shipping merchandise to customers who will not be able to pay. INCORRECT CHOICES EXPLANATION Sub - Section V Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 236 Which of the following statements is correct regarding corporate compensation systems and related bonuses? I. A bonus system should be considered part of the control environment of an organization and should be considered in formulating are port on internal control. II. Compensation systems are not part of an organization’s control system and should not be reported as such. III. An audit of an organization’s compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses. A.II only. B.III only. C.II and III only. D.I only. 1235 Sub - Section V Governance, Risk Management and Controls ANSWER TO QUESTION NO. 236 Explanation for Choice A: See the correct answer for an explanation. Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice C: See the correct answer for an explanation 1236 CORRECT ANSWER IS D . Its Explanation is I. Correct. Compensation systems influence behavior and should be considered an integral part of an organization’s control structure. Thus, it should be considered as an important part of the control structure. II. Incorrect. Compensation systems are part of the organization’s control systems. III. Incorrect. Audits of the compensation systems can be combined with an audit over other functions that impact corporate bonuses INCORRECT CHOICES EXPLANATION Sub - Section V Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 237 Several years ago a senior member in the accounting area developed a software application that automates a simple, yet time-saving task. Over time, the application has been adopted by other users in accounting, and these other users have encouraged the original author to maintain the application, adapting it as needed when new systems are introduced. Which of the following controls for this situation would be most effective and efficient? A. Recommend policy changes that freeze further adoption and work on the software. B. Recommend that the application be replaced by a commercially developed product. C. Analyze the application to ensure that it is, in fact, the most efficient solution to the work problem. D. Ensure complete, accurate, and updated documentation of the application. 1237 Sub - Section V Governance, Risk Management and Controls ANSWER TO QUESTION NO. 237 Explanation for Choice A: See the correct answer for an explanation. Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice C: See the correct answer for an explanation. 1238 CORRECT ANSWER IS D . Its Explanation is The application appears to do the task well, so limiting its use, verifying its effectiveness, and replacing it are probably not the most effective and efficient controls. Ensuring that the application’s design and subsequent modifications are documented would be most effective. This helps protect the function against the eventual loss of its author’s expertise if the employee retires or leaves the organization, as well as control the impact of modifications to the program. If the application does not include application authentication controls, this would also be a good recommendation. INCORRECT CHOICES EXPLANATION Sub - Section V Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 238 A specific objective of an audit of an organization’s expenditure cycle is to determine if all goods paid for have been received and charged to the correct account. This objective would address which of the following primary objectives identified in the Standards? I. Reliability and integrity of financial and operational information. II. Compliance with laws, regulations, and contracts. III. Effectiveness and efficiency of operations. IV. Safeguarding of assets. A.I and II only. B.I and IV only. C.II, III, and IV only. D. I, II, and IV only. 1239 Sub - Section V Governance, Risk Management and Controls ANSWER TO QUESTION NO. 238 Explanation for Choice A: See the correct answer for an explanation. Explanation for Choice C: See the correct answer for an explanation. Explanation for Choice D: See the correct answer for an explanation. 1240 CORRECT ANSWER IS B . Its Explanation is I. Correct. According to Standard 2130.A1: “The internal audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations, and information systems regarding the: Achievement of the organization’s strategic objectives; Reliability and integrity of financial and operational information; Effectiveness and efficiency of operations and programs; Safeguarding of assets; and Compliance with laws, regulations, policies, procedures, and contracts.” The specific engagement objective of determining if goods are charged to the appropriate account would address the objective regarding the reliability and integrity of information. IV. Correct. The specific engagement objective of determining if all goods paid for have been received would address the objective regarding safeguarding of assets. INCORRECT CHOICES EXPLANATION 1241 Sub - Section VI Fraud Risks MULTIPLE CHOICE QUESTION NO. 159 How does fraud awareness training support fraud prevention? A. Reduces opportunities to commit fraud. B. Facilitates the testing of controls. C. Helps develop credible responses to potential risks. D. Limits rationalization. 1558 Sub - Section VI Fraud Risks ANSWER TO QUESTION NO. 159 Explanation for Choice A: Fraud awareness training does not reduce opportunities to commit fraud. Explanation for Choice B: Fraud awareness training does not facilitate the testing of controls. Explanation for Choice C: Controls help develop credible responses to potential risks, not fraud awareness training. 1559 CORRECT ANSWER IS D . Its Explanation is An individual justifies fraudulent actions by rationalization. Fraud awareness training minimizes rationalization by (1) supporting the ethical tone at the top, (2) promoting an anti-fraud environment, and (3) emphasizing that the organization does not tolerate misconduct of any kind. INCORRECT CHOICES EXPLANATION Sub - Section VI Fraud Risks MULTIPLE CHOICE QUESTION NO. 160 The internal auditors’ responsibility regarding fraud includes all of the following except A. Determining whether the control environment sets the appropriate tone at top. B. Ensuring that fraud will not occur. C. Being aware of activities in which fraud is likely to occur. D. Evaluating the effectiveness of control activities. 1560 Sub - Section VI Fraud Risks ANSWER TO QUESTION NO. 160 Explanation for Choice A: Internal auditing is responsible for evaluating the organization’s control environment. Explanation for Choice C: The internal auditor should have sufficient knowledge of fraud indicators and be alert to opportunities that could allow fraud. Explanation for Choice D: Assessing the design and operating effectiveness of fraud-related controls is the responsibility of internal auditing. 1561 CORRECT ANSWER IS B . Its Explanation is Control is the principal means of preventing fraud, and management is responsible for establishing and maintaining internal control. Thus, internal auditors cannot give absolute assurance that noncompliance or fraud does not exist. INCORRECT CHOICES EXPLANATION Sub - Section VI Fraud Risks MULTIPLE CHOICE QUESTION NO. 161 The primary purpose of operating a fraud hotline within an organization is to A. Measure how well organizational units are achieving the organization’s goals. B. Reduce total costs of operations. C. Concentrate on areas that deserve attention. D. Establish channels of communication for people to report suspected improprieties. 1562 Sub - Section VI Fraud Risks ANSWER TO QUESTION NO. 161 Explanation for Choice A: The primary purpose of operating a fraud hotline is not to measure how well organizational units are achieving the organization’s goals. Explanation for Choice B: Reducing total costs of operating the organization is not the primary purpose of a fraud hotline. Explanation for Choice C: Concentrating on areas that deserve attention and less attention on areas operating as expected is not the primary purpose of a fraud hotline. 1563 CORRECT ANSWER IS D . Its Explanation is Fraud-related information and communication practices promote fraud risk management. For example, hotlines are a convenient way for employees to report suspected improprieties. INCORRECT CHOICES EXPLANATION Sub - Section VI Fraud Risks MULTIPLE CHOICE QUESTION NO. 162 Which of the following is not a responsibility of internal auditors regarding fraud prevention, deterrence, and detection? A. Support audit committee oversight in ensuring management has implemented an effective system of internal controls. B. Monitor the annual disclosure of whether the organization has a code of ethics that covers its chief executive officer (CEO) and senior financial officers. C. Raise fraud awareness within the organization, including encouraging the audit committee and senior management to set the proper “tone at the top.” D. Develop an approach the organization can use to sustain anti-bribery principles in every country in which the organization operates. 1564 Sub - Section VI Fraud Risks ANSWER TO QUESTION NO. 162 Explanation for Choice A: Internal auditors are responsible for supporting audit committee oversight in ensuring management has implemented effective internal controls regarding fraud prevention. Explanation for Choice B: Internal auditors are responsible for monitoring the annual disclosure of whether the organization has a code of ethics that covers its CEO and senior financial officers. Explanation for Choice C: Internal auditors are responsible for raising fraud awareness within the organization, including encouraging the audit committee and senior management to set the proper “tone at the top.” 1565 CORRECT ANSWER IS D . Its Explanation is Management, not the internal auditors, is responsible for establishing and maintaining effective controls to deter and prevent fraud. Translating the organization’s corruption prevention principles across operations is a management responsibility. INCORRECT CHOICES EXPLANATION Sub - Section VI Fraud Risks MULTIPLE CHOICE QUESTION NO. 163 A chief audit executive (CAE) suspects that several employees have used desktop computers for personal gain. In conducting an investigation, the primary reason that the CAE chose to engage a forensic information systems auditor rather than using the organization’s information systems auditor is that a forensic information systems auditor would possess A. Superior analytical skills that would facilitate the identification of computer abuse. B. Knowledge of what constitutes evidence acceptable in a court of law. C. Knowledge of the computing system that would enable a more comprehensive assessment of the computer use and abuse. D. Superior documentation and organization skills that would facilitate in the presentation of findings to senior management and the board. 1566 Sub - Section VI Fraud Risks ANSWER TO QUESTION NO. 163 Explanation for Choice A: A forensic auditor would not necessarily have analytical skills that are superior to those of the organization’s auditor. Explanation for Choice C: The organization’s information systems auditor would probably have more knowledge of the organization’s computing systems than a forensic auditor. Explanation for Choice D: A forensic auditor would not necessarily have organizational skills that are superior to those of the organization’s auditor. 1567 CORRECT ANSWER IS B . Its Explanation is The distinguishing characteristic of forensic auditing is the knowledge needed to testify as an expert witness in a court of law. Although a forensic auditor may possess the other attributes listed, the organization’s information systems auditor may also possess these skills or knowledge elements. INCORRECT CHOICES EXPLANATION Sub - Section VI Fraud Risks MULTIPLE CHOICE QUESTION NO. 164 Assume that subsequent investigation shows that previously issued financial statements were materially misstated due to the improper recognition of sales. The internal auditor’s next step should be to A. Inform the external auditor, senior management, and the board. B. Inform divisional management of the preliminary observation, but wait until a formal engagement communication is issued to inform the board. C. Inform senior management and the board. D. Immediately inform the external auditor and the divisional manager. 1568 Sub - Section VI Fraud Risks ANSWER TO QUESTION NO. 164 Explanation for Choice A: The auditor should inform senior management, the board, and the audit committee. Explanation for Choice B: The auditor should inform senior management, the board, and the audit committee. Explanation for Choice D: The auditor should inform senior management, the board, and the audit committee. 1569 CORRECT ANSWER IS C . Its Explanation is The results of a fraud investigation may indicate that fraud has had a previously undiscovered materially adverse effect on the financial position and results of operations of an organization for 1 or more years on which financial statements have already been issued. Internal auditors should inform appropriate management and the audit committee of the board of directors of such a discovery. INCORRECT CHOICES EXPLANATION Sub - Section VI Fraud Risks MULTIPLE CHOICE QUESTION NO. 165 Why does The IIA’s Code of Ethics in Rule of Conduct 4.2 require that due professional care be used in obtaining information to support an engagement opinion? A. To require honesty in performing work. B. If internal auditors were permitted to communicate engagement results without obtaining sufficient information, they would be in a position to accept fees or gifts from engagement clients. C. To preclude any conflict of interest. D. Sufficient, reliable, relevant, and useful information lends credibility to the opinion. 1570 Sub - Section VI Fraud Risks ANSWER TO QUESTION NO. 165 Explanation for Choice A: Rule of Conduct 1.1 requires honesty, diligence, and responsibility in the performance of work. Explanation for Choice B: Rule of Conduct 2.2 prohibits accepting anything that may impair or be presumed to impair the professional judgment of an internal auditor. Explanation for Choice C: A separate ethics rule prohibits conflicts of interest. Rule of Conduct 2.1 states, “Internal auditors shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.” 1571 CORRECT ANSWER IS D . Its Explanation is Engagements must be performed with proficiency and due professional care (Attr. Std. 1200), and the engagement results must be communicated (Perf. Std. 2400). Engagement results include observations, conclusions, opinions, recommendations, and action plans. If internal auditors expressed opinions or otherwise communicated engagement results without substantive investigation and compliance with the Standards, such communications would be meaningless. The Standards are therefore incorporated by reference into The IIA’s Code of Ethics by Rule of Conduct 4.2. Thus, internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives INCORRECT CHOICES EXPLANATION Sub - Section VI Fraud Risks MULTIPLE CHOICE QUESTION NO. 166 During a review of contracts, a chief audit executive (CAE) suspects that a supplier was given an unfair advantage in bidding on a contract. After learning that the chief executive officer (CEO) of the company is a member of the supplier’s board of directors, how should the CAE proceed? A. Obtain supporting documentation and present the finding to the chair of the audit committee. B. Immediately notify the board of directors. C. Submit a draft report to senior management, excluding the CEO. D. Contact the organization’s external auditors for assistance. 1572 Sub - Section VI Fraud Risks ANSWER TO QUESTION NO. 166 Explanation for Choice B: The CAE should obtain supporting documentation before informing the audit committee or the board. Explanation for Choice C: The CEO is a member of senior management. Other members of senior management may receive a final report that has been reviewed and approved by legal counsel. Explanation for Choice D: External auditors should not be contacted. External auditors may be given a final report that has been reviewed and approved by legal counsel. 1573 CORRECT ANSWER IS A . Its Explanation is A conflict of interest is an undisclosed, personal economic interest in a transaction that adversely affects the organization. After determining the existence of such a conflict on the part of a senior manager, the CAE should obtain supporting documentation and present the finding to the chair of the audit committee. INCORRECT CHOICES EXPLANATION Sub - Section VI Fraud Risks MULTIPLE CHOICE QUESTION NO. 167 When interviewing an individual suspected of fraud, the interviewer should A. Lock the door to ensure no one will interrupt the interview. B. Ensure the suspect’s supervisor is present during the interview. C. Pay attention to the wording choices of the suspect. D. Ask if the suspect committed the fraud. 1574 Sub - Section VI Fraud Risks ANSWER TO QUESTION NO. 167 Explanation for Choice A: Although the area in which the fraud interview takes place should be private, the suspect should not feel that (s)he is in a room in which no one can come to his or her aid. Explanation for Choice B: The presence of the suspect’s supervisor may inhibit honest communication on the suspect’s part. Explanation for Choice D: Directly asking the suspect if (s)he committed the fraud is not appropriate. The questioner should appear confident that (s)he already has all the relevant facts and not provide the suspect with an opportunity to deny the fraud. 1575 CORRECT ANSWER IS C . Its Explanation is Through his or her choice of words, a suspect can reveal much without meaning to. Excessive and/or inappropriate use of the passive voice or of impersonal pronouns may indicate a desire to be detached from the topic. INCORRECT CHOICES EXPLANATION Sub - Section VI Fraud Risks MULTIPLE CHOICE QUESTION NO. 168 Which of the following statements is correct regarding audit engagement work paper documentation for a fraud investigation? 1. All incriminating evidence should be included in the work papers. 2. All important testimonial evidence should be reviewed to ensure that it provides sufficient basis for the conclusions reached. 3. If interviews are held with a suspected perpetrator, written transcripts or statements should be included in the work papers. A. 2 only. B. 1 only. C. 1, 2, and 3. D. 2 and 3 only. 1576 Sub - Section VI Fraud Risks ANSWER TO QUESTION NO. 168 Explanation for Choice A: All incriminating evidence should be included in the work papers, and if interviews are held with a suspected perpetrator, written transcripts or statements should be included in the work papers. Explanation for Choice B: All important testimonial evidence should be reviewed to ensure that it provides sufficient basis for the conclusions reached, and if interviews are held with a suspected perpetrator, written transcripts or statements should be included in the work papers. Explanation for Choice D: All incriminating evidence should be included in the work papers. 1577 CORRECT ANSWER IS C . Its Explanation is Internal auditors must document relevant information to support the conclusions and engagement results(Perf. Std. 2330). Incriminating evidence, important testimonial evidence, and interviews with suspected perpetrators are clearly relevant and should be documented. INCORRECT CHOICES EXPLANATION Sub - Section VI Fraud Risks MULTIPLE CHOICE QUESTION NO. 169 Forensic auditing differs from internal auditing because forensic auditing A. Relies more heavily on investigative skills. B. Concentrates less on legal issues. C. Places less emphasis on communication skills. D. Focuses on error identification and prevention. 1578 Sub - Section VI Fraud Risks ANSWER TO QUESTION NO. 169 Explanation for Choice B: Forensic auditing applies accounting facts gathered through auditing procedures to legal problems. Thus, forensic auditing focuses heavily on legal issues. Explanation for Choice C: Although both forensic and internal auditing require written and oral communication skills, these skills are more critical in forensic auditing. Explanation for Choice D: Internal auditing, not forensic auditing, focuses on error identification and prevention. 1579 CORRECT ANSWER IS A . Its Explanation is Forensic auditing is the use of accounting and auditing knowledge and skills in matters having civil or criminal legal implications. Engagements involving fraud, litigation support, and expert witness testimony are examples. Forensic auditing requires investigative and accounting skills. The investigative skills are required to collect, analyze, and evaluate financial evidence. These skills differentiate forensic auditing from internal auditing. INCORRECT CHOICES EXPLANATION Sub - Section I Managing the Internal Audit Activity This Section has weightage of 20% in exams and contains the 173 Multiple Choice Questions (MCQs). 1581 Sub - Section I Managing the Internal Audit Activity MULTIPLE CHOICE QUESTION NO. 195 Which of the following is true of benchmarking? A. It is typically accomplished by comparing an organization’s performance with the performance of its closest competitors. B. It is accomplished by comparing an organization’s performance to that of the best-performing organizations. C. It can be performed using either qualitative or quantitative comparisons. D. It is normally limited to manufacturing operations and production processes. 1969 Sub - Section I Managing the Internal Audit Activity ANSWER TO QUESTION NO. 195 Explanation for A: Benchmarking involves a comparison against industry leaders or “world-class” operations. Benchmarking either uses industry wide figures (to protect the confidentiality of information provided by participating organizations) or figures from cooperating organizations. Explanation for C: Benchmarking requires measurements, which involve quantitative comparisons. Explanation for D: Benchmarking can be applied to all of the functional areas in a company. In fact, because manufacturing often tends to be industry-specific, whereas things like processing an order or paying an invoice are not, there is greater opportunity to improve by learning from global leaders. 1970 CORRECT ANSWER IS B . Its Explanation is Benchmarking involves a comparison against industry leaders or “world-class” operations. Benchmarking either uses industry wide figures (to protect the confidentiality of information provided by participating organizations) or figures from cooperating organizations. INCORRECT CHOICES EXPLANATION Sub - Section I Managing the Internal Audit Activity MULTIPLE CHOICE QUESTION NO. 196 Senior representatives for a manufacturing company are reimbursed for 100 percent of their cellular telephone bills. Cellular telephone costs vary significantly from representative to representative and from month to month, complicating the budgeting and forecasting processes. Management has requested that the internal auditors develop a method for controlling these costs. Which of the following would most appropriately be included in the scope of the consulting project? A. Control self-assessment involving sales representatives. B. Business process review of procurement and payables routines. C. Performance measurement and design of the budgeting and forecasting processes. D. Benchmarking with other cellular telephone users. 1971 Sub - Section I Managing the Internal Audit Activity ANSWER TO QUESTION NO. 196 Explanation for A: Neither control self-assessment nor performance measurement will address management’s objective of controlling costs. Explanation for C: Neither control self-assessment nor performance measurement will address management’s objective of controlling costs. Explanation for D: Although benchmarking may have some applicability, it is not the most appropriate tool. 1972 CORRECT ANSWER IS B . Its Explanation is A business process review (BPR) assesses the performance of administrative and financial processes, such as within procurement and payables. BPR considers process effectiveness and efficiency, including the presence of appropriate controls, to mitigate business risk. Because the objective is to control cellular phone costs, BPR is the appropriate tool to use in this area. INCORRECT CHOICES EXPLANATION Sub - Section I Managing the Internal Audit Activity MULTIPLE CHOICE QUESTION NO. 197 An auditor is reviewing an organization’s plan for developing a performance scorecard. Which of the following potential performance measures should the auditor recommend excluding from the performance scorecard? A. Product innovation. B. Employee development. C. Market share. D. Customer satisfaction. 1973 Sub - Section I Managing the Internal Audit Activity ANSWER TO QUESTION NO. 197 Explanation for B: Key results in employee development help predict the ability to attract and retain good employees. Explanation for C: Key results in market share track changes to the organization’s competitive position. Explanation for D: Key results in customer satisfaction help predict future sales. 1974 CORRECT ANSWER IS A . Its Explanation is Innovations in the production of goods or services do not typically lend themselves to ongoing performance measurement. INCORRECT CHOICES EXPLANATION Sub - Section I Managing the Internal Audit Activity MULTIPLE CHOICE QUESTION NO. 198 If a department outside the internal audit activity is responsible for reviewing a function or process, the internal auditors should: A. Yield the responsibility for assessing the function or process to the other department. B. Ignore the work of the other department and proceed with an independent audit. C. Reduce the scope of the audit because the work has already been performed by the other department. D. Consider the work of the other department when assessing the function or process. 1975 Sub - Section I Managing the Internal Audit Activity ANSWER TO QUESTION NO. 198 Explanation for A: The internal audit activity’s overall responsibility for assessing the function or process is not affected by the other department’s coverage. Explanation for B: Concentrating on the function or process might lead to a duplication of efforts. Explanation for C: The internal auditor cannot rely on the work of others without verifying the results. 1976 CORRECT ANSWER IS D . Its Explanation is Review and testing of the other department’s procedures may reduce necessary audit coverage of the function or process. INCORRECT CHOICES EXPLANATION Sub - Section I Managing the Internal Audit Activity MULTIPLE CHOICE QUESTION NO. 199 Using the internal audit department to coordinate regulatory examiners’ efforts is beneficial to the organization because internal auditor scan: A. Supply evidence of adequate compliance testing through internal audit work papers and reports. B. Influence the regulatory examiners’ interpretation of law to match corporate practice. C. Perform fieldwork for the regulatory examiners and thus reduce the amount of time regulatory examiners are onsite. D. Recommend changes in scope to limit bias by the regulatory examiners. 1977 Sub - Section I Managing the Internal Audit Activity ANSWER TO QUESTION NO. 199 Explanation for B: Internal auditors should not attempt to influence regulators’ interpretations of law. Explanation for C: Internal auditors should not perform fieldwork for regulatory examiners. Explanation for D: Internal auditors should not attempt to influence the scope of work of the regulatory examiners. This would be unethical and a violation of The IIA’s Code of Ethics. 1978 CORRECT ANSWER IS A . Its Explanation is Internal auditors have immediate access to work papers and reports, which can supply evidence of compliance testing to the regulatory examiners. INCORRECT CHOICES EXPLANATION Sub - Section I Managing the Internal Audit Activity MULTIPLE CHOICE QUESTION NO. 200 What is the first step in establishing an effective internal audit performance measurement process? A. Define internal audit effectiveness. B. Interview key internal and external stakeholders. C. Propose specific measures of effectiveness and efficiency. D. Align the internal audit process with performance measurement processes used throughout the organization. 1979 Sub - Section I Managing the Internal Audit Activity ANSWER TO QUESTION NO. 200 Explanation for B: See the correct answer for an explanation. Explanation for C: See the correct answer for an explanation. Explanation for D: See the correct answer for an explanation. 1980 CORRECT ANSWER IS A . Its Explanation is The first step is to define internal audit effectiveness, based on the Definition of Internal Auditing, the Code of Ethics, the Standards, existing charters, internal audit deliverables that the activity has agreed to produce, and internal consensus. INCORRECT CHOICES EXPLANATION Sub - Section I Managing the Internal Audit Activity MULTIPLE CHOICE QUESTION NO. 201 Which of the following audit objectives would be appropriate in an audit of the efficient use of an organization's facilities? A. To determine whether rates to lease office space for the organization are reasonable when compared to market lease rates. B. To determine whether employees are satisfied with the allocation of office space among departments. C. To determine whether the actual capacity is reasonable compared to the needed capacity. D. To determine whether facilities are procured competitively. 1981 Sub - Section I Managing the Internal Audit Activity ANSWER TO QUESTION NO. 201 Explanation for A: This is not a measure of the efficiency of the use of an organization's facilities. Explanation for B: This is not a measure of the efficiency of the use of an organization's facilities. Explanation for D: This is not a measure of the efficiency of the use of an organization's facilities. 1982 CORRECT ANSWER IS C . Its Explanation is Measuring actual capacity to needed capacity is a measure of the efficiency of the use of an organization's facilities. INCORRECT CHOICES EXPLANATION Sub - Section I Managing the Internal Audit Activity MULTIPLE CHOICE QUESTION NO. 202 An internal audit team is performing a due diligence audit to assess plans for a potential merger/acquisition. Which of the following would be the least valid reason for a company to merge with or acquire another company? A. To reduce labor costs. B. To respond to government policy. C. To increase stock prices. D. To diversify risk. 1983 Sub - Section I Managing the Internal Audit Activity ANSWER TO QUESTION NO. 202 Explanation for A: Gaining economies of scale by reducing labor costs is a primary reason for acquiring or merging with another company. Explanation for B: Responding to government policy is a primary reason for mergers and acquisitions. Explanation for D: The diversification of risk is a primary reason a company acquires or mergers with another company.1984 CORRECT ANSWER IS C . Its Explanation is Increased stock price is a result of a merger or acquisition that is seen to benefit the company, but it is not a primary reason for doing the acquisition or merger. INCORRECT CHOICES EXPLANATION Sub - Section I Managing the Internal Audit Activity MULTIPLE CHOICE QUESTION NO. 203 Inherent risk and control risk differ from detection risk in that they A. Arise from the misapplication of auditing procedures. B. Exist independently of the financial statement audit. C. Can be changed at the auditor's discretion. D. May be assessed in either quantitative or non-quantitative terms. 1985 Sub - Section I Managing the Internal Audit Activity ANSWER TO QUESTION NO. 203 Explanation for A: Misapplication of auditing procedures affects detection risk, but not inherent or control risk. Explanation for C: Inherent and control risk cannot be changed at the auditor's discretion. Explanation for D: All three types of risk can be assessed either quantitatively or non-quantitatively. 1986 CORRECT ANSWER IS B . Its Explanation is Inherent risk is the risk that there is an error in the first place. Control risk is the risk that the internal controls will fail to detect the error. Detection risk is the risk that the auditor will not detect the error. The auditor assesses inherent and control risk, but the auditor is notable to do anything to influence (change) these risks. Detection risk is the only risk that can be changed at the auditor’s discretion by altering the nature, timing, or extent of the audit procedures. INCORRECT CHOICES EXPLANATION Sub - Section I Managing the Internal Audit Activity MULTIPLE CHOICE QUESTION NO. 204 During an audit, information is uncovered that could have a significant impact on the organization's competitiveness. According to IIA guidance, when is it appropriate for the internal auditor to communicate this information to management? A. After the auditor has decided that the information is substantial and credible. B. After the auditor has formulated recommendations. C.As soon as the auditor has determined that communicating the information is not a violation of the organization's code of conduct. D. Immediately, because of the sensitivity of the information. 1987 Sub - Section I Managing the Internal Audit Activity ANSWER TO QUESTION NO. 204 Explanation for B: The auditor does not need to wait until they have formed recommendations to communicate information that could have as significant impact on the organization's competitiveness to management. Explanation for C: Before communicating the information to management, the IAA should determine that the information is credible and material. Explanation for D: Before communicating the information to management, the IAA should determine that the information 1988 CORRECT ANSWER IS A . Its Explanation is Even when information would have a significant impact on the organization's competitiveness, the IAA should determine that the information is substantial and credible before communicating it to management. INCORRECT CHOICES EXPLANATION Sub - Section I Managing the Internal Audit Activity MULTIPLE CHOICE QUESTION NO. 205 Who has primary responsibility for providing information to the audit committee on the professional and organizational benefits of coordinating internal audit assurance and consulting activities with other assurance and consulting activities? A. The CEO. B. The external auditor. C. The CAE. D. Each assurance and consulting function. 1989 Sub - Section I Managing the Internal Audit Activity ANSWER TO QUESTION NO. 205 Explanation for A: The CEO would not normally be responsible for planning, work, and coordination related to internal audit assurance and consulting engagements or coordination with other assurance and consulting activities. Explanation for B: The responsibility for ensuring that the internal audit activity’s professional and organizational responsibilities maximize the benefits that can be achieved from coordination with other assurance consulting activities lies with the CAE, according to Standard 2050. Comments on this should be reported by the CAE to the audit committee. Explanation for D: Not all other assurance and consulting activities are organizationally responsible to the audit committee for their work, and they may not have the opportunity to report information directly to the audit committee. 1990 CORRECT ANSWER IS C . Its Explanation is The CAE should provide the audit committee with information on the coordination with and oversight of other control and monitoring functions. INCORRECT CHOICES EXPLANATION Sub - Section II Planning the Engagement This Section has weightage of 20% in exams and contains the 140 Multiple Choice Questions (MCQs). 1991 Sub - Section II Planning the Engagement MULTIPLE CHOICE QUESTION NO. 141 If an auditor’s preliminary evaluation of internal controls results in an observation that controls may be inadequate, the next step would be to: A. Note an exception in the engagement final communication if losses have occurred. B. Expand audit work before the preparation of an engagement final communication. C. Implement the desired controls. D. Prepare a flowchart depicting the internal control system. 2272 Sub - Section II Planning the Engagement ANSWER TO QUESTION NO. 141 Explanation for A: The auditor is not ready to make a report until more work has been performed. Explanation for C: Auditors do not implement controls; that is a function of management. Explanation for D: If a flowchart were necessary, the auditor would have prepared one during the preliminary evaluation. 2273 CORRECT ANSWER IS B . Its Explanation is If the preliminary evaluation indicates control problems, the auditor usually decides to perform some expanded testing. INCORRECT CHOICES EXPLANATION Sub - Section II Planning the Engagement MULTIPLE CHOICE QUESTION NO. 142 In which phase(s) of the internal audit engagement can data analytics be used? I. Planning the individual engagement. II. Testing the effectiveness and efficiency of controls. III. Assessing risk to determine which areas of the organization to audit. A.I only. B.II only. C.I and III only. D.I, II, and III. 2274 Sub - Section II Planning the Engagement ANSWER TO QUESTION NO. 142 Explanation for A: The use of data analytics is not limited to planning individual engagements. Data analytics can be used to test the effectiveness of controls and assess risk to prioritize which areas to audit. Explanation for B: The use of data analytics is not limited to testing the effectiveness and efficiency of controls. Data analytics can be used to design scope and plan testing for individual engagements as well as assess risk within the audit universe to prioritize which areas to audit. Explanation for C: The use of data analytics is not limited to assessing risk to determine which areas to audit. Data analytics can be used to design scope and plan testing for individual engagements as well as test the effectiveness of controls within an audit. 2275 CORRECT ANSWER IS D . Its Explanation is Data analytics can be used in all phases of the audit process, although many times it is used for testing the effectiveness and efficiency of controls. Internal audit data analytics can also be used as part of continuous auditing and can be performed throughout the year. INCORRECT CHOICES EXPLANATION Sub - Section II Planning the Engagement MULTIPLE CHOICE QUESTION NO. 143 Which of the following factors should an internal auditor consider when planning an audit of an activity? A. The qualifications of management, the significant risks, and the control system. B. The objectives of the activity, the significant risks, and the control system. C. The number of employees involved, the control system, and the recommendations of external auditors. D. The objectives of the activity, the number of employees involved, and the control system. 2276 Sub - Section II Planning the Engagement ANSWER TO QUESTION NO. 143 Explanation for A: The qualifications of management is not a main factor in planning an engagement. Explanation for C: The number of employees involved and the recommendations of external auditors are not main factors in planning an engagement. Explanation for D: The number of activities is not a main factor in planning an engagement. 2277 CORRECT ANSWER IS B . Its Explanation is These are main factors to take into account when planning an engagement. INCORRECT CHOICES EXPLANATION Sub - Section II Planning the Engagement MULTIPLE CHOICE QUESTION NO. 144 A CAE would most likely use risk assessment for audit planning because it provides: A. A list of auditable activities in the organization. B. A listing of potentially adverse effects on the organization. C. The probability that an event or action may adversely affect the organization. D.A systematic process for assessing and integrating professional judgment about probable adverse conditions. 2278 Sub - Section II Planning the Engagement ANSWER TO QUESTION NO. 144 Explanation for A: This is used in the risk assessment process but is not the rationale for using risk assessment. Explanation for B: Such a listing might convince the CAE of the need for risk assessment but is not provided by the process. Explanation for C: This is one definition of risk. 2279 CORRECT ANSWER IS D . Its Explanation is This is an appropriate rationale. INCORRECT CHOICES EXPLANATION Sub - Section II Planning the Engagement MULTIPLE CHOICE QUESTION NO. 145 The chief audit executive (CAE) for an organization has just completed a risk assessment process, identified the areas with the highest risks, and assigned an engagement priority to each. Which of the following conclusions most logically follow(s) from such a risk assessment? I. Items should be quantified as to risk in the rank order of quantifiable monetary exposure to the organization. II. The risk priorities should be in order of major control deficiencies. III. The risk assessment process, though quantified, is the result of professional judgments about both exposures and probability of occurrences. A.I only. B.I, II, and III. C.II and III only. D.III only. 2280 Sub - Section II Planning the Engagement ANSWER TO QUESTION NO. 145 Explanation for A: The risk assessment process is based on a number of factors, including professional judgment about exposure and probability of occurrence. Conclusions I & II state specific criteria that may not be consistent with the internal auditor's professional judgment. Explanation for B: The risk assessment process is based on a number of factors, including professional judgment about exposure and probability of occurrence. Conclusions I & II state specific criteria that may not be consistent with the internal auditor's professional judgment. Explanation for C: The risk assessment process is based on a number of factors, including professional judgment about exposure and probability of occurrence. Conclusions I & II state specific criteria that may not be consistent with the internal auditor's professional judgment. 2281 CORRECT ANSWER IS D . Its Explanation is Audit work schedules are based on, among other factors, an assessment of risk and exposure. Prioritizing is needed to make decisions for applying resources. A variety of risk models exist to assist the CAE. Most risk models use risk factors, such as impact, likelihood, materiality, asset liquidity, management competence, quality of and adherence to internal controls, degree of change or stability, timing and results of last engagement, complexity, and employee and government relations (PA 2010-1). INCORRECT CHOICES EXPLANATION Sub - Section II Planning the Engagement MULTIPLE CHOICE QUESTION NO. 146 Which of the following represent(s) appropriate internal audit action in response to the risk assessment process? I. The low-risk areas may be delegated to the external auditor, but the high-risk areas should be performed by the internal audit activity. II. The high-risk areas should be integrated into an engagement work schedule along with the high- priority requests of senior management and the audit committee. III. The risk analysis should be used in determining an annual engagement work schedule; therefore, the risk analysis should be performed only on an annual basis. A.II only. B.I only. C.III only. D.I and III only. 2282 Sub - Section II Planning the Engagement ANSWER TO QUESTION NO. 146 Explanation for B: Work with the external auditor should be coordinated in order to minimize duplication of work effort. Explanation for C: Risk analysis should be performed anytime there is a change in the work environment. Explanation for D: Risk analysis should be performed anytime there is a change in the work environment, and work with the external auditor should be coordinated in order to minimize duplication of the work effort. 2283 CORRECT ANSWER IS A . Its Explanation is Risk assessment is part of the planning process. Higher perceived risk areas are generally given higher priority than lower perceived risk areas. Requests by senior management, the audit committee, and the governing are also considered in establishing engagement work schedule priorities. INCORRECT CHOICES EXPLANATION Sub - Section II Planning the Engagement MULTIPLE CHOICE QUESTION NO. 147 A bank internal auditor wants to determine whether all loans are supported by sufficient collateral, properly aged regarding current payments, and accurately categorized as current or noncurrent. The best audit procedure to accomplish these objectives would be to: A. Select a discovery sample of all loan applications to determine whether each application contains a statement of collateral. B. Use generalized audit software to read the total loan file, age the file by last payment due, and extract a statistical sample stratified by the current and aged population. Examine each loan selected for proper collateralization and aging. C. Select a block sample of all loans in excess of a specified dollar limit and determine if they are current and properly categorized. For each loan approved, verify aging and categorization. D. Select a sample of payments made on the loan portfolio and trace them to loans to see if the payments are properly applied. For each loan identified, examine the loan application to determine that the loan has proper collateralization. 2284 Sub - Section II Planning the Engagement ANSWER TO QUESTION NO. 147 Explanation for A: This is an inefficient audit procedure because it samples from loan applications, not loans approved. Explanation for C: This sample only deals with large dollar items and does not test for proper collateralization. Explanation for D: This would be an ineffective procedure because it is based only on loans for which payments are currently being made. It does not include loans that should have been categorized differently because payments are not being made. 2285 CORRECT ANSWER IS B . Its Explanation is This is the best procedure because it takes a sample from the total loan file and tests to determine that the loan is properly categorized as well as properly collateralized and aged. INCORRECT CHOICES EXPLANATION Sub - Section II Planning the Engagement MULTIPLE CHOICE QUESTION NO. 148 Writing an engagement work program occurs at which stage of the engagement? A. During the planning stage. B. Subsequent to evaluating risk management and control systems. C. At the end of each engagement when the standard work program should be revised for the next engagement to ensure coverage of noted problem areas. D.As the engagement is performed. 2286 Sub - Section II Planning the Engagement ANSWER TO QUESTION NO. 148 Explanation for B: The work program must be written in planning stage. Explanation for C: It is allowed to revise the work program at the end of the engagement for the next engagement, but the work program must still be written in the planning stage. Explanation for D: The work program must be written in the planning stage. 2287 CORRECT ANSWER IS A . Its Explanation is Internal auditors write the engagement work program during the planning stage. Internal auditors must develop a plan for each engagement, including the engagement's objectives, scope, timing, and resource allocations (Standard 2200). INCORRECT CHOICES EXPLANATION Sub - Section II Planning the Engagement MULTIPLE CHOICE QUESTION NO. 149 As part of a preliminary survey of the purchasing function, an auditor read the department’s policies and procedures manual. The auditor concluded that the manual described the processing steps well and contained an appropriate internal control design. The next engagement objective was to determine the operating effectiveness of internal controls. Which procedure would be most appropriate in meeting this objective? A. Prepare a flowchart. B. Perform a substantive test. C. Prepare a system narrative. D. Perform a test of controls. 2288 Sub - Section II Planning the Engagement ANSWER TO QUESTION NO. 149 Explanation for A: Flowcharts are most appropriate for studying internal control design. The audit objective is whether the controls are in place and effective, which indicates the need for a test of controls. Explanation for B: Substantive tests are tests to determine whether an objective has been achieved and do not necessarily test internal controls. Explanation for C: System narratives are most appropriate for studying internal control design. The audit objective is whether the controls are in place and effective, which indicates the need for a test of controls. 2289 CORRECT ANSWER IS D . Its Explanation is Tests of controls, also known as compliance tests, help an auditor determine whether controls are being followed and are effective. For instance, a policy may require that all large transactions be approved by a manager. As a test of controls, the auditor may sample large transactions and review whether manager approval was obtained and whether the proposed transaction meets all the criteria that the manager was supposed to verify. INCORRECT CHOICES EXPLANATION Sub - Section II Planning the Engagement MULTIPLE CHOICE QUESTION NO. 150 Audit engagement programs testing internal controls should: A. Be generalized to fit all situations without regard to departmental lines. B. Reduce costly duplication of effort by ensuring that every aspect of an operation is examined. C. Be tailored for the audit of each operation. D. Be generalized so as to be usable at various international locations of an organization. 2290 Sub - Section II Planning the Engagement ANSWER TO QUESTION NO. 150 Explanation for A: A generalized program cannot take into account variations resulting from changing circumstances and varied conditions. Explanation for B: Every aspect of an operation need not be examined—only those likely to conceal problems and difficulties. Explanation for D: A generalized program cannot take into account variations in circumstances and conditions. 2291 CORRECT ANSWER IS C . Its Explanation is A tailored program will be more relevant to an operation than will a generalized program. INCORRECT CHOICES EXPLANATION Sub - Section II Planning the Engagement MULTIPLE CHOICE QUESTION NO. 151 If electronic funds transfer (EFT) is used to pay vendor invoices, which of the following computer- assisted audit procedures would an auditor use to determine if any payments were made twice? I. Identification of EFT transactions to the same vendor for the same dollar amount. II. Extraction of EFT transactions with unauthorized vendor codes. III. Testing of EFT transactions for reasonableness. IV. Searching for EFT transactions with duplicate purchase order numbers. A. I and IV only. B. III and IV only. C. I and II only. D. II and III only. 2292 Sub - Section II Planning the Engagement ANSWER TO QUESTION NO. 151 Explanation for B: See the correct answer for an explanation. Explanation for C: See the correct answer for an explanation. Explanation for D: See the correct answer for an explanation. 2293 CORRECT ANSWER IS A . Its Explanation is I, IV. Correct. These tests can identify duplicate payments. II, III. Incorrect. Selection of transactions with unauthorized vendor codes and testing of transactions for reasonableness do not identify duplicate payments. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement This Section has weightage of 40% in exams and contains the 344 Multiple Choice Questions (MCQs). 2294 Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 375 Which of the following steps works against effective listening? A. Understanding the speaker’s steps to reach a solution. B. Recognizing the speaker’s emotion. C. Helping the speaker to complete the point. D. Asking appropriate questions. 3059 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 375 Explanation for A: Listening to how a person is solving the problem allows the provision of comments on process as well as content. Explanation for B: Listening for emotions enables the detection of strong emotions inhibiting rational problem resolution and the likelihood of consensus. Explanation for D: Asking thoughtful questions shows that one is listening deeply and encourages people to arrive at their own you to target achieving an overall 85% in exams by accurately attempting the 85 questions correct out of 100 questions. The trend analysis for several years of CIA exam passing ratio is between 40% to 44%. Documents Required By IIA The following documents are required by the Institute when a candidate makes a profile at the Certification Candidate Management System (CCMS): A soft copy of an unexpired official passport or national candidate ID card; A soft copy of degree and transcripts; A soft copy of the character reference form duly attested. Pearson VUE www.pearsonvue.com/iia conducts CIA examinations globally. Select the testing center location that is easily reachable for you. http://www.pearsonvue.com/iia 9 CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Investment in CIA Investment in CIA is one time if the candidates passes Challenge Exam in the first attempt. Investment in the CIA is highly rewarding throughout life. I highly recommend the candidates to pay their dues through DEBIT CARD only. This way, you will be free from all claims of the bank and will be much relieved. The target must be to clear the exams in 1st Attempt so that the examination fee is paid only once, and benefits of opportunity costs can be derived. Investment in study materials, test bank questions, and lecture videos are separate and vary according to the candidate’s preferences and study methods. REMEMBER to subscribe to the study materials and test bank questions that are economical, comprehensive, updated, and excellent. 10 CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Difficulty Level of CIA Challenge Exam CIA Challenge Exam is hard as it will cover the entire topics from CIA Part 1 - Essentials of Internal Auditing, CIA Part 2 – Practice of Internal Auditing and CIA Part 3 – Business Knowledge for Internal Auditing (except for Financial Management section). CIA Challenge Exam can be passed easily if the candidates can exhibit the traits of Excellency, Creativity, Passionate, and Patience in their preparation and, in particular, on exam day. The Candidates must have a clear vision of their future. They must be able to define their purpose of life. The will to win, the desire to succeed, the urge to reach full potential – these are the keys that will unlock the door of CIA certification. The reason that many candidates find it difficult to achieve the CIA is that they are not able to define their goals or ever seriously consider them as believable or achievable. Champions can tell you where they are going, what they plan to do along the way, and with whom they will be sharing their adventure. CIA Challenge Exam – Syllabus There are three sections in CIA Challenge Exam. a. Section A – Foundation of Internal Auditing – 35% weightage b. Section B – Practice of Internal Auditing – 43% Weightage c. Section C – Business Knowledge for Internal Auditing – 22% Weightage 11 CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION CIA Challenge Exam Preparation Time It is generally observed that many of the CIA candidates are working executives. They have to allocate time for work, family, studies, and personal leisure. The candidates are ready for Challenge exam if they can allocate at least 3 hours on weekdays and at least 6 hours on weekends for four to five months continuously. The candidates must follow the steps to understand the concepts being part of the syllabus of CIA Challenge Exam. Read a whole particular section from the study book first with the questioning mind approach. Mark or highlight only the important paras or sentences in the book. Attempt the True / False Questions of that particular section presented in the book to bring clarity on the already read topics. Attempt the Multiple Choice Questions of that particular section from the Test Bank without any time constraints. Focus must be on selecting the right answers in the first place. If you attempt any question correctly, proceed to the next question. These questions do not need to be reviewed ever again because a question once attempted successfully will always be correct in the future. If any question attempted is wrong in the 1st place, then mark or highlight or flag those questions. Furthermore, there might be instances in which you have selected the right answer, but you are in doubt about the outcome of the result if attempted later. These questions also need to be marked or highlighted. These marked questions will form the basis of review, revision, and rehearsal at a later stage. 12 CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION CIA Challenge Exam Preparation Time……(continued) Read the explanation of the incorrect answers selected and try to understand the logic of the question and correct answer explanation. As you complete 80% of the total questions of a particular section, move to the next section, and repeat the steps from (a) to (d). Revision of the already learned topics every week is warranted. Dedicate a particular day in a week in which you will only revise the already learned topics. Read only those paras from the book which have been highlighted. Attempt only those questions from Test Bank Questions, which have been marked or highlighted. Time Management must come into effect while re-attempting the questions. Each MCQ has to be attempted in 1.2 minutes. This way you will revise the entire section smartly and anxiety level will decrease. As you complete reading and studying all the sections of the CIA Challenge Exam, then focus on completing the 100% of the MCQs from the Test Bank Questions. REMEMBER that each topic has an equal chance of selection in the exam. So you have to be prepared for every concept. ALSO REMEMBER that CIA Challenge Exams are of continuous 3-hour duration. Train your mind to be active for at least 4 hours during MCQs preparation. 13 CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION The candidates must have updated study materials and test bank questions. The study materials must be simple, concise, and easy to understand. The majority of finance graduates and working executives prefer self-studies. Select test bank questions of any comprehensive publisher. Subscribing for more than one publisher’s test bank questions will not help as most of the questions will be repetitive. Video Lectures are of great aid. They increase the retention power of the candidates by at least 25%. Furthermore, the candidates can view them later at their ease and convenience. Many of the candidates prefer live classes or online interactive sessions. This can also increase the odds in your favor exponentially. Recommended Study Approach CIA Challenge Exam are computer-based. It is recommended that all your preparation, highlighting, and practice must be on the computer or laptop. The candidates must avoid the traditional method of studying and making notes via pen and paper. Pen and paper shall be used only for calculation related purposes while attempting the test bank questions. The candidates can study at any time of day or night, but my preferable time is early morning daily at 4:30 am. This is the time where human brain is at a high energy level. This is also the time of great silence. You will be provided with earplugs in the center and must use them to avoid distractions from the noise of other candidates. Silence also has its own voice, which you will agree with me on your exam day. Your mind needs to be accustomed to it. Therefore, use good quality of foam-based earplugs from day 1 of your preparation. You can find these earplugs from your local pharmacy. You will be provided with black pens at the center and two sheets. Start using a black pen from day 1. Your mind must be able to recognize and work in a black pen. Please become familiar with the MCQ screens and navigation of the Pearson VUE Testing Environment before the exams. The tour can be arranged from your computer. This will make you comfortable solutions. 3060 CORRECT ANSWER IS C . Its Explanation is By interrupting the speaker, even with good intentions, the listener may inhibit further communication and may be jumping to unwarranted conclusions. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 376 Data-gathering activities such as interviewing operating personnel, identifying standards to be used to evaluate performance, and assessing risks inherent in a department’s operations are typically performed in which phase of an audit engagement? A. Engagement program development. B. Preliminary survey. C. Fieldwork. D. Examination and evaluation of evidence. 3061 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 376 Explanation for A: The activities described must be performed before the engagement program can be developed. Explanation for C: The activities described must be performed before the fieldwork can be undertaken. Explanation for D: The activities described must be performed before the evidence can be examined or evaluated. 3062 CORRECT ANSWER IS B . Its Explanation is These activities are normally accomplished during the preliminary survey phase. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 377 Which of the following best describes the primary purpose of exit conferences? A. To elicit audit client concerns. B. To preview the audit report. C. To validate audit findings and conclusions. D. To present audit results. 3063 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 377 Explanation for A: This is not the primary purpose of the exit interview. Explanation for B: The exit conferences presents, it does not preview, the audit results. Explanation for C: This is not the primary purpose of the exit interview. 3064 CORRECT ANSWER IS D . Its Explanation is This is the primary purpose of the exit interview. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 378 An internal auditor is using an internal control questionnaire as part of a preliminary survey. Which of the following is the best reason for the auditor to interview management regarding the questionnaire responses? A. Interviewing is the least costly audit technique when a large amount of information is involved. B. Interviews provide the opportunity to insert questions to probe promising areas. C. Interviews are the most efficient way to upgrade the information to the level of objective evidence. D. Interviewing is the only audit procedure that does not require confirmation of the information obtained. 3065 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 378 Explanation for A: Interviewing is probably not the most cost effective method to collect a large amount of information because of the costs of both the interviewee and interviewer involved. Explanation for C: Information collected from an interviewee is only the perspective of that person and it may not be objective. Explanation for D: Information obtained in an interview still needs to be confirmed. 3066 CORRECT ANSWER IS B . Its Explanation is If additional information is needed after receiving the questionnaire, an interview is an effective method to get that additional information. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 379 What computer-assisted audit technique would an auditor use to identify a fictitious or terminated employee? A. Exception testing for payroll deductions. B. Tagging and tracing of payroll tax-rate changes. C. Recalculations of net pay. D. Parallel simulation of payroll calculations. 3067 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 379 Explanation for B: In this type of CAAT program, certain actual transactions are “tagged,” and as they proceed through the system, a data file is created that traces the processing through the system and permits an auditor to subsequently review that processing. This would not, however, identify a fictitious or terminated employee. Explanation for C: A CAAT program can recalculate amounts such as gross pay, net pay, taxes and other deductions, and accumulated or used leave times. These recalculations can help determine if the payroll program is operating correctly or if employee files have been altered, but they would not identify a fictitious or terminated employee. Explanation for D: In a parallel simulation, data that were processed by the engagement client’s system are reprocessed through the auditor’s program to determine if the output obtained matches the output generated by the client’s system. This technique might identify problems with the client’s processing but would not identify a fictitious or terminated employee. 3068 CORRECT ANSWER IS A . Its Explanation is This type of computer-assisted audit technique (CAAT) program can identify employees who have no deductions. This is important because fictitious or terminated employees will generally not have any deductions. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 380 In which of the following situations would observation not provide the most compelling audit evidence? A. Verification of the existence of production equipment. B. Identification of excess inventory. C. Analysis of the security of a storeroom or facility. D. Documentation of a production or accounting process. 3069 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 380 Explanation for A: Observation would provide the most compelling evidence for the verification of the existence of production equipment. Explanation for C: Observation would provide the most compelling evidence about the security of a storeroom or facility. Explanation for D: Observation would provide the most compelling evidence about the documentation of a production or accounting process. 3070 CORRECT ANSWER IS B . Its Explanation is Observation would not provide excellent evidence about excess inventory because the auditor would usually also need to confirm through other sources that the amount of inventory is excessive. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 381 An internal auditor observes that controls over the perpetual inventory system are weak. An appropriate engagement response is to A. Increase the testing of the inventory controls. B. Perform turnover ratio tests. C. Apply gross profit analyses by product lines and compare the results with prior- years' information for reasonableness. D. Recommend that a physical inventory count be scheduled. 3071 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 381 Explanation for A: If the internal auditor observes that controls are weak then increasing the testing of controls would probably be inefficient. Explanation for B: Performing turnover ratio tests would not provide sufficient information. Explanation for C: Applying gross profit analyses would not be sufficient. 3072 CORRECT ANSWER IS D . Its Explanation is The most appropriate response would be to recommend a physical inventory count. Observing a physical inventory count would be the most persuasive form of information. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 382 A flowchart of process activities and controls may provide: A. Information on the extent of a past fraud. B. Information on where fraud could occur. C. An indication of where fraud has occurred in a process. D. No information related to fraud prevention. 3073 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 382 Explanation for A: Flowcharts do not provide any evidence of the extent of fraud. Explanation for C: Other procedures would be needed to detect where fraud has occurred. Explanation for D: Flowcharts provide evidence of where fraud can occur. Flowcharts therefore help in prevention. 3074 CORRECT ANSWER IS B . Its Explanation is By indicating control weaknesses, flowcharts show where fraud may occur. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 383 Reviewing an edit listing of payroll changes processed during each payroll cycle would most likely reveal: A. A failure to offer employees an opportunity to contribute to their pension plan. B. Undetected errors in the payroll rates of new employees. C. Labor hours charged to the wrong account in the cost reporting system. D. Inaccurate payroll deductions. 3075 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 383 Explanation for A: This is not applicable to a listing of payroll changes. Explanation for C: This data should come from the time reporting system (timecard or timesheet). It is not a payroll change. Explanation for D: The computer calculates this. It is not a change and would not be on the list. 3076 CORRECT ANSWER IS B . Its Explanation is Only a category such as new employee would generate a payroll change. By reviewing the list of changes to the payroll information during a period, unauthorized changes to payroll rates would be discovered. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 384 A company uses a linear regression formula (Y = a + b(x)) to estimate its total manufacturing costs. The formula used by the company is Y = $66,067.18 + $0.40(x). Assuming the regression formula holds true, if the company planned to increase production by 20% from 200,000 to 240,000 units, the company could expect per unit manufacturing costs to: A. Increase by some amount greater than 5%. B. Decrease by some amount greater than 8%. C. Decrease by some amount greater than 20%. D. Increase by some amount greater than 15%. 3077 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 384 Explanation for A: See the correct answer for an explanation. Explanation for C: See the correct answer for an explanation. Explanation for D: See the correct answer for an explanation. 3078 CORRECT ANSWER IS B . Its Explanation is At a production level of 200,000 units, per unit cost is $0.73. If we increase production by 20%, the cost goes down to $0.6753. This represents a decrease of just over 8%. Tip: At a production level of 200,000 units, variable cost is greater than its fixed cost. Because of this, we know that decreases in per unit cost would have to be lower than the increase in production. Therefore, we can automatically eliminate "Decrease by some amount greater than 20%" as an answer. Also, because fixed cost ($66,067.18) stays fixed, we know that per unit costs have to decrease, not increase. Therefore, we can eliminate "Increase by some amount greater than 5%" and "Increase by some amount greater than 15%" as possible answers. Thus, the only answer left is "Decrease by some amount greater than 8%.“ Therefore, without having to do a calculation, you could determine the correct answer. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 385 A company uses a linear regression formula (Y = a + b(x)) to estimate its total manufacturing costs. The formula used by the company is Y = $66,067.18 + $0.40(x). If R for the formula is 0.9470, the proportion of the total variation in (Y) that can be explained by variations in (x) is: A. 5.30% B. 10.32% C. 89.68% D. 94.70% 3079 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 385 Explanation for A: See the correct answer for an explanation. Explanation for B: See the correct answer for an explanation. Explanation for D: See the correct answer for an explanation. 3080 CORRECT ANSWER IS C . Its Explanation is The coefficient of determination R is the proportion of the total variation in the dependent variable (Y) that can be explained by variations in the independent variable (x). Therefore, if we square R, then the correct answer is 0.8968. INCORRECT CHOICES EXPLANATION Sub - Section III Performing the Engagement MULTIPLE CHOICE QUESTION NO. 386 When conducting a performance appraisal of an internal auditor who has been a below-average performer, it is not appropriate to: A. Document the appraisal. B. Notify the internal auditor of the upcoming appraisal several days in advance. C. Use objective, impartial language. D. Use generalizations. 3081 Sub - Section III Performing the Engagement ANSWER TO QUESTION NO. 386 Explanation for A: In a performance appraisal of a below-average performer, it is appropriate and advisable to notify the employee of the upcoming appraisal, use objective language, and document the appraisal. Explanation for B: In a performance appraisal of a below-average performer, it is appropriate and advisable to notify the employee of the upcoming appraisal, use objective language, and document the appraisal. Explanation for C: In a performance appraisal of a below-average performer, it is appropriate and advisable to notify the employee of the upcoming appraisal, use objective language, and document the appraisal. 3082 CORRECT ANSWER IS D . Its Explanation is It is not appropriate to use generalizations when giving a performance appraisal to a below-average performer. Rather, the evaluator must cite specific information and be prepared to support assertions with evidence. INCORRECT CHOICES EXPLANATION 3083 Sub - Section IV Communicating Engagement Results and Monitoring Progress MULTIPLE CHOICE QUESTION NO. 201 An audit committee is concerned that management is not addressing all internal audit observations and recommendations. What should the audit committee do to address this situation? A. Require the chief executive officer to report why action has not been taken. B. Require all managers to confirm when they have taken action. C. Require managers to provide detailed action plans with specific dates for addressing audit observations and recommendations. D. Require the chief audit executive to establish procedures to monitor progress. 3482 Sub - Section IV Communicating Engagement Results and Monitoring Progress ANSWER TO QUESTION NO. 201 Explanation for A: See the correct answer for an explanation. Explanation for B: See the correct answer for an explanation. Explanation for C: See the correct answer for an explanation. 3483 CORRECT ANSWER IS D . Its Explanation is The CAE is responsible for establishing appropriate procedures for monitoring the progress by management on all internal audit observations and recommendations. This responsibility should be written into its charter by the audit committee, and progress should be reported at each audit committee meeting. INCORRECT CHOICES EXPLANATION Sub - Section IV Communicating Engagement Results and Monitoring Progress MULTIPLE CHOICE QUESTION NO. 202 A coefficient of correlation of −0.90 means that: A. The relationship between the variables is strong and positive. B. The relationship between the variables is strong and negative. C. None of the other choices are correct. D. The relationship between the variables is weak. 3484 Sub - Section IV Communicating Engagement Results and Monitoring Progress ANSWER TO QUESTION NO. 202 Explanation for A: See the correct answer for an explanation. Explanation for C: See the correct answer for an explanation. Explanation for D: See the correct answer for an explanation. 3485 CORRECT ANSWER IS B . Its Explanation is The coefficient of correlation is expressed as a number between -1 and +1. Therefore, the relationship between the variables is strong and negative. INCORRECT CHOICES EXPLANATION Sub - Section IV Communicating Engagement Results and Monitoring Progress MULTIPLE CHOICE QUESTION NO. 203 Information is considered sufficient when: A. It is well-documented and crossed-referenced in the working papers. B. It is directly related to the engagement observations and includes all of the elements of an engagement observation. C. It is based on references considered reliable. D. It is convincing enough that a prudent person would reach the same conclusion. 3486 Sub - Section IV Communicating Engagement Results and Monitoring Progress ANSWER TO QUESTION NO. 203 Explanation for A: See the correct answer for an explanation. Explanation for B: See the correct answer for an explanation. Explanation for C: See the correct answer for an explanation. 3487 CORRECT ANSWER IS D . Its Explanation is Sufficient information is information that is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusion as the internal auditor. INCORRECT CHOICES EXPLANATION Sub - Section IV Communicating Engagement Results and Monitoring Progress MULTIPLE CHOICE QUESTION NO. 204 Auditors must be effective listeners, especially when asking complex questions. To improve their listening, auditors should take care to do all of the following except: A. Hold questions. Allow the speaker ample time to respond. B. Put the speaker at ease. A nervous speaker will be difficult to understand. C. Avoid all questions until the speaker has concluded. D. Stop talking. It is very difficult to listen and talk at the same time. 3488 Sub - Section IV Communicating Engagement Results and Monitoring Progress ANSWER TO QUESTION NO. 204 Explanation for A: See the correct answer for an explanation. Explanation for B: See the correct answer for an explanation. Explanation for D: See the correct answer for an explanation. 3489 CORRECT ANSWER IS C . Its Explanation is If the person waits until the speaker has concluded, it is possible that important questions will be forgotten and not asked. Also, asking questions while the speaker is talking may provide needed clarification. INCORRECT CHOICES EXPLANATION Sub - Section IV Communicating Engagement Results and Monitoring Progress MULTIPLE CHOICE QUESTION NO. 205 An internal auditor is interviewing an employee. While listening to the interviewee, the internal auditor should: A. Prepare a response to the interviewee. B. Integrate the incoming information from the interviewee with information that is already known. C. Make sure all details, as well as the main ideas of the interviewee, are remembered. D. Take mental notes on the speaker’s non-verbal communication because it is more important than what is being said. 3490 Sub - Section IV Communicating Engagement Results and Monitoring Progress ANSWER TO QUESTION NO. 205 Explanation for A: See the correct answer for an explanation. Explanation for C: See the correct answer for an explanation. Explanation for D: See the correct answer for an explanation. 3491 CORRECT ANSWER IS B . Its Explanation is The mind can process information faster than most people speak. Therefore, the internal auditor can sort through information that he/she already knows with new information from the interviewee. This puts the internal auditor in a position to respond to the interviewee. INCORRECT CHOICES EXPLANATION Sub - Section IV Communicating Engagement Results and Monitoring Progress MULTIPLE CHOICE QUESTION NO. 206 An auditor is conducting a survey of perceptions and beliefs of employees concerning an organization's healthcare plan. The best approach to selecting a sample would be to: A. Focus on people who are likely to respond so that a larger sample can be obtained. B. Use monetary-unit sampling according to employee salaries. C. Use stratified sampling where the strata are defined by marital and family status, age, and salaried/hourly status. D. Focus on managers and supervisors because they can also reflect the opinions of the people in their departments. 3492 Sub - Section IV Communicating Engagement Results and Monitoring Progress ANSWER TO QUESTION NO. 206 Explanation for A: See the correct answer for an explanation. Explanation for B: See the correct answer for an explanation. Explanation for D: See the correct answer for an explanation. 3493 CORRECT ANSWER IS C . Its Explanation is Because different employees probably have different situations, needs, and experiences, stratified sampling would best ensure that are presentative sample would result. INCORRECT CHOICES EXPLANATION Sub - Section IV Communicating Engagement Results and Monitoring Progress MULTIPLE CHOICE QUESTION NO. 207 A senior internal auditor has been approached by the CAE to interview a potential candidate. The CAE likes the candidate but would like a second opinion. During the interview process, the senior internal auditor should not: A. Ask open-ended questions, because they require more than a “yes” or “no” answer. B. Ask the candidate about their political affiliation. C. Ask the candidate about his or her background experience. D. Ask the candidate how he or she would react in a given situation. 3494 Sub - Section IV Communicating Engagement Results and Monitoring Progress ANSWER TO QUESTION NO. 207 Explanation for A: See the correct answer for an explanation. Explanation for C: See the correct answer for an explanation. Explanation for D: See the correct answer for an explanation. 3495 CORRECT ANSWER IS B . Its Explanation is A person’s political affiliation is unrelated to the performance of internal auditing. INCORRECT CHOICES EXPLANATION Sub - Section IV Communicating Engagement Results and Monitoring Progress MULTIPLE CHOICE QUESTION NO. 208 Sales representatives for a manufacturing company are reimbursed for 100 percent of their mobile phone bills. Mobile phone costs vary significantly from representative to representative and from month to month, complicating the budgeting and forecasting processes. Management has requested that the internal auditors develop a method for controlling these costs. Which of the following would most appropriately be included in the scope of the consulting project? A. Benchmarking with other mobile phone users. B. Control self-assessment involving sales representatives. C. Performance measurement and design of the budgeting and forecasting processes. D. Business process review (BPR) of procurement and payables routines. 3496 Sub - Section IV Communicating Engagement Results and Monitoring Progress ANSWER TO QUESTION NO. 208 Explanation for A: See the correct answer for an explanation. Explanation for B: See the correct answer for an explanation. Explanation for C: See the correct answer for an explanation. 3497 CORRECT ANSWER IS D . Its Explanation is A business process review (BPR) assesses the performance of administrative and financial processes, such as within procurement and payables. BPR considers process effectiveness and efficiency, including the presence of appropriate controls to mitigate business risk. Because the objective is to control mobile phone costs, BPR is the appropriate tool to use. INCORRECT CHOICES EXPLANATION Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 175 An employee’s need to self-actualization would be met by: A. Regular positive feedback. B. Attractive pension provisions. C. Challenging new job assignments. D. Good working conditions. 3854 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 175 Explanation for Choice A: Regular positive feedback would meet an employee’s esteem needs. Explanation for Choice B: Attractive pension provisions would meet an employee’s physiological needs. Explanation for Choice D: Good working conditions would meet an employee’s physiological needs. 3855 CORRECT ANSWER IS C. Its Explanation is INCORRECT CHOICES EXPLANATION Challenging new job assignments would meet an employee’s self-actualization needs. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 176 An internal audit manager has a small team of auditors, but each individual is self- motivated and could be termed a "high achiever." The manager has been given a particularly difficult assignment. Even for a high achiever, the probability that this job can be completed by one individual by the required deadline is low. Select the best course for the internal audit manager. A. Assign two employees to moderate the risk of failure. B. Assign all employees to ensure the risk of failure is low. C. Ask company management to cancel the job. D. Assign one individual since high achievers thrive on high risks. 3856 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 176 Explanation for Choice B: High achievers perform best in circumstances with moderate risks. Explanation for Choice C: High achievers perform best in circumstances with moderate risks. Explanation for Choice D: High achievers perform best when given moderate risks, not extremely difficult assignments. 3857 CORRECT ANSWER IS A. Its Explanation is INCORRECT CHOICES EXPLANATION High achievers want to do things better than ever done before, they avoid very easy or very difficult tasks, and don't like to succeed by chance. They thrive when the job includes personal responsibility, feedback, and moderate risks, according to McClelland's Theory of Needs. Therefore, it is not a good idea to assign the job to only one high achiever when the probability of successful completion by a required deadline is very low. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 177 Which of the following is not an effective leadership technique? A. Value differences. B. Follow written procedures at all times. C. Serve as a model of the behavior expected from others. D. Value accountability. 3858 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 177 Explanation for Choice A: Seeking synergies from diversity is an effective leadership habit. Explanation for Choice C: Recursive leadership is important to gaining trust. Explanation for Choice D: This ensures high-value activities. 3859 CORRECT ANSWER IS B. Its Explanation is INCORRECT CHOICES EXPLANATION Focusing on internal process is a habit of administration and not of leadership. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 178 Which of the following is not an advantage of decentralization? A. Greater uniformity in decisions is achieved. B. Motivation of managers increases. C. Problems can be resolved immediately. D. Decisions are more easily made. 3860 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 178 Explanation for Choice B: Increase in managers’ motivation is an advantage of decentralization. Explanation for Choice C: Immediacy of problem resolution is an advantage of decentralization. Explanation for Choice D: Ease of decision-making is an advantage of decentralization. 3861 CORRECT ANSWER IS A. Its Explanation is INCORRECT CHOICES EXPLANATION Increased uniformity in decisions is an advantage of centralization. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 179 A means of limiting production delays caused by equipment breakdown and repair is to: A. Preauthorize equipment maintenance and overtime pay. B. Establish a preventive maintenance program for all production equipment. C. Schedule production based on capacity planning. D. Plan maintenance activity based on an analysis of equipment repair work orders. 3862 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 179 Explanation for Choice A: Standing authorizations of work orders and overtime will not address the problem posed. Explanation for Choice C: Scheduling production based on capacity utilization ignores other important factors such as demand. Explanation for Choice D: Budgeting maintenance department activities based on previous work orders will not prevent equipment breakdowns and repairs. 3863 CORRECT ANSWER IS B. Its Explanation is INCORRECT CHOICES EXPLANATION A preventive maintenance program will reduce equipment breakdowns and repairs. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 180 Common uses for data analytics within internal audit may include all of the following except: A. Identify ghosts on the payroll. B. Identify invalid expense report items. C. Identify suspect timesheets. D. Identify theft of inventory. 3864 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 180 Explanation for Choice A: Data analytics can be used to identify potentially fictitious employees (e.g., employees who have not accessed a building, never taken sick leave or vacation, with the same address or bank account number). Explanation for Choice B: Data analytics can be used to evaluate compliance with expense report policies (e.g., expense type greater than policy amount; expenses when logging in locally). Explanation for Choice C: Data analytics can be used to identify employee time reporting errors (e.g., regular/overtime when the employee did not enter the building, more hours than physically possible or allowed by regulation). 3865 CORRECT ANSWER IS D. Its Explanation is INCORRECT CHOICES EXPLANATION Data analytics can be used to evaluate compliance with expense report policies, identify potentially fictitious employees, and in accurate employee time reporting. However, it may not be able to readily identify inventory theft, because the inventory would need to be identified and the balance would have to be constantly known without counting inventory. Furthermore, inventory could be misplaced instead of being stolen. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 181 Which of the following is not a category of Big Data? A. Structured data. B. Semi-structured data. C. Hybrid data. D. Unstructured data. 3866 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 181 3867 CORRECT ANSWER IS C. Its Explanation is Big Data refers to vast datasets that are too large to be analyzed using standard software tools and so require new processing technologies, called data analytics. Big Data can be broken down into three categories: Structured data is in an organized format that enables it to be input into a relational database management system and analyzed. Examples include the data in CRM or ERP systems, such as transaction data, customer data, financial data, employee data, and vendor data. Unstructured data has no defined format or structure. It is typically free-form and text-heavy, making in-depth analysis difficult. Examples include word processing documents, email, call center communications, contracts, audio and video, photos, data from radio-frequency identification (RFID) tags, and information contained on websites and social media. Semi-structured data has some format or structure but does not follow a defined model. Examples include XML files, CSV files, and most server log files. Sub - Section I Business Acumen ANSWER TO QUESTION NO. 181 Explanation for Choice A: Big Data can be broken down into three categories, one of which is structured data. Structured data is in an organized format that enables it to be input into a relational database management system and analyzed. Examples include the data in CRM or ERP systems, such as transaction data, customer data, financial data, employee data, and vendor data. Explanation for Choice B: Big Data can be broken down into three categories, one of which is semi-structured data. Semi-structured data has some format or structure but does not follow a defined model. Examples include XML files, CSV files, and most server log files. Explanation for Choice D: Big Data can be broken down into three categories, one of which is unstructured data. Unstructured data has no defined format or structure. It is typically free-form and text-heavy, making in-depth analysis difficult. Examples include word processing documents, email, call center communications, contracts, audio and video, photos, data from radio-frequency identification(RFID) tags, and information contained on websites and social media. 3868 INCORRECT CHOICES EXPLANATION Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 182 The saying “garbage in, garbage out” is a negative assessment of which attribute of Big Data? A. Its veracity. B. Its variety. C. Its velocity. D. Its volume. 3869 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 182 Explanation for Choice B: “Garbage in, garbage out” is not a negative assessment of the variety of data. Variety of data refers to the diverse forms of data that organizations create and collect. Explanation for Choice C: “Garbage in, garbage out” is not a negative assessment of the velocity of data. Velocity of data refers to the speed at which data is generated and changed, also called its flow rate. Explanation for Choice D: “Garbage in, garbage out” is not a negative assessment of the volume of data. Volume of data refers to the amount of data that exists. 3870 CORRECT ANSWER IS A. Its Explanation is INCORRECT CHOICES EXPLANATION “Garbage in, garbage out” means that poor quality data leads to inaccurate analysis and results. Veracity refers to the accuracy of data, or the extent to which it can be trusted for decision making. Data must be objective and relevant to the decision at hand in order to have value for use in making decisions. However, various distributed processes—such as millions of people signing up online for services or free downloads—generate data, and the information they input is not subject to controls or quality checks. If biased, ambiguous, irrelevant, inconsistent, incomplete, or even deceptive data is used in analysis, poor decisions will result. Controls and governance over data to be used in decision-making are essential to ensure the data’s accuracy. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 183 The process of gathering and analyzing data in a way that produces meaningful information that can be used to aid in decision-making is known as A. Data analytics. B. Data cleansing. C. Data mart. D. Data mining. 3871 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 183 Explanation for Choice B: Data cleansing or data cleaning is the process of detecting and correcting (or removing) corrupt or inaccurate records from a record set, table, or database. Explanation for Choice C: A data mart is a subsection of a data warehouse that provides users with analytical capabilities for a restricted set of data. Explanation for Choice D: Data mining is the use of statistical techniques to search large data sets to extract and analyze data in order to discover previously unknown, useful patterns, trends, and relationships within the data that go beyond simple analysis and that can be used to make decisions. 3872 CORRECT ANSWER IS A. Its Explanation is INCORRECT CHOICES EXPLANATION Data analytics is the process of gathering and analyzing data in a way that produces meaningful information that can be used to aid indecision-making. Data analytics includes efficiently collecting, aggregating, analyzing, and utilizing data. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 184 Prescriptive analytics is considered to be the most impactful and complex type of data analytics. Which of the following questions is no tone of the questions management may be able to determine the answer to using prescriptive analytics? A. Why will it happen? B. What needs to happen in order to take advantage of what will happen? C. What will happen? D. What will never happen? 3873 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 184 Explanation for Choice A: Prescriptive analytics make use of structured and unstructured data and apply rules to predict what will happen and to prescribe what needs to happen in order to take advantage of the predicted events. In addition to anticipating what will happen and determining what needs to happen, prescriptive analytics can help determine why it will happen. Explanation for Choice B: Prescriptive analytics make use of structured and unstructured data and apply rules to predict what will happen and to prescribe what needs to happen in order to take advantage of the predicted events. In addition to anticipating what will happen and determining what needs to happen, prescriptive analytics can help determine why it will happen. Explanation for Choice C: Prescriptive analytics make use of structured and unstructured data and apply rules to predict what will happen and to prescribe what needs to happen in order to take advantage of the predicted events. In addition to anticipating what will happen and determining what needs to happen, prescriptive analytics can help determine why it will happen. 3874 CORRECT ANSWER IS D. Its Explanation is INCORRECT CHOICES EXPLANATION Prescriptive analytics make use of structured and unstructured data and apply rules to predict what will happen and to prescribe what needs to happen in order to take advantage of the predicted events. For example, prescriptive analytics might generate a sales forecast and then use that information to determine what additional production lines and employees are needed to meet the sales forecast. In addition to anticipating what will happen and determining what needs to happen, prescriptive analytics can help determine why it will happen. Prescriptive analytics does not answer the question “What will never happen?”. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 185 Which of the following is true of individual decision-making, compared to group decision-making? A. Individual decision-making is more conservative. B. Individual decision-making generates more alternatives. C. Individual decision-making evaluates more complete information. D. Individual decision-making increases the perceived legitimacy of the decision. 3875 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 185 Explanation for Choice B: Group decision-making generates more alternatives. Explanation for Choice C: Group decision-making evaluates more complete information. Explanation for Choice D: Group decision-making increases the perceived legitimacy of the decision. 3876 CORRECT ANSWER IS A. Its Explanation is INCORRECT CHOICES EXPLANATION Individual decision-making does tend to be more conservative than group decision making. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 186 Following a decision to change the composition of several work teams, management encounters significant resistance to the change from members of the teams. The most likely reason for the resistance is: A. The breakup of existing teams. B. Understaffing for the tasks involved. C. The selection of a more costly approach to performing the assigned tasks. D. Possible inefficiencies of the new arrangement. 3877 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 186 Explanation for Choice B: Issues of under- or over-staffing for a task represent symptoms of resistance to change but not the actual or root cause of the problem. Explanation for Choice C: Citing cost factors also represents an “acceptable” rationale to block the implementation of a new approach. Explanation for Choice D: Complaints about “why it will not work” virtually always represent an “acceptable” roadblock to a plan that has unacceptable behavioral consequences. 3878 CORRECT ANSWER IS A. Its Explanation is INCORRECT CHOICES EXPLANATION Members of cohesive work groups often exert pressure to resist changes that threaten to break up the group. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 187 Departmentalization may be performed by: I. Function. II. Product. III. Geography. A.I only. B.I and II only. C.I, II, and III. D.II only. 3879 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 187 Explanation for Choice A: See the correct answer for an explanation. Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice D: See the correct answer for an explanation. 3880 CORRECT ANSWER IS C. Its Explanation is INCORRECT CHOICES EXPLANATION I, II, III. Correct. Departmentalization may be performed by function, product, or geography. Sub - Section I Business Acumen MULTIPLE CHOICE QUESTION NO. 188 Activity-based costing (ABC) is increasingly more feasible because of technological advances that allow managers to obtain better and more timely information at relatively low cost. For this reason, a manufacturer is considering using bar-code identification for recording information on parts used by the manufacturer. A reason to use bar codes rather than other means of identification is to ensure that A. Vendors use the same part numbers. B. Vendors use the same identification methods. C. The movement of parts is easily and quickly recorded. D. The movement of all parts is recorded. 3881 Sub - Section I Business Acumen ANSWER TO QUESTION NO. 188 Explanation for Choice A: Just because a bar code system is used does not mean that vendors will use the same part numbers. Explanation for Choice B: Just because a bar code system is used does not mean that vendors will use the same identification methods. Explanation for Choice D: Just because the unit has a bar code on it does not mean that the bar code will be read and the movement of the unit tracked each time it is moved. 3882 CORRECT ANSWER IS C. Its Explanation is INCORRECT CHOICES EXPLANATION Through the use of bar codes the movement and location of a product may be tracked quickly and easily without human involvement. Sub - Section II Information Security MULTIPLE CHOICE QUESTION NO. 85 Which of the following cybersecurity risks can secretly gather personal data by recording keystrokes in order to harvest banking details, credit card information and passwords? A. Phishing. B. Spyware. C. Pay-per-click abuse. D. Ransomware. 4055 Sub - Section II Information Security ANSWER TO QUESTION NO. 85 Explanation for Choice A: Phishing is not a cybersecurity risk that can secretly gather personal data. Phishing uses spam email to deceive people into disclosing sensitive personal information such as credit card numbers, bank account information, Social Security numbers, or passwords. Explanation for Choice C: Pay-per-click abuse is not a cybersecurity risk that can secretly gather personal data. Pay-per-click abuse refers to fraudulent clicks on paid online search ads (for example, on Google or Bing) that drive up the target company’s advertising costs. It can also cause the company’s ads to be pushed off the search engine site if a maximum-clicks threshold is reached, resulting in lost business as well as inflated advertising costs. Explanation for Choice D: Ransomware is not a cybersecurity risk that can secretly gather personal data. Ransomware is a particularly dangerous type of malware that encrypts data on a system and then demands a ransom (a payment) for decryption. If the ransom is not paid, the data is lost forever. 4056 CORRECT ANSWER IS B. Its Explanation is INCORRECT CHOICES EXPLANATION Spyware is a type of malware that can secretly gather personal data, such as recording keystrokes in order to harvest banking details, credit card information, and passwords. Sub - Section II Information Security MULTIPLE CHOICE QUESTION NO. 86 Which of the following is not part of the internal auditors' role as the third line of defense? A. Auditing IT controls. B. Reporting deficiencies in controls to senior management and the board. C. Conducting cybersecurity risk assessments of third parties. D. Creating an inventory of information assets. 4057 Sub - Section II Information Security ANSWER TO QUESTION NO. 86 Explanation for Choice A: Auditing IT controls would be one of the primary objectives as the third line of defense. Explanation for Choice B: This is a usual responsibility of the internal auditor, independent of the third line of defense model. Explanation for Choice C: This would fall under the responsibilities of the internal auditor as part of the third line of defense. 4058 CORRECT ANSWER IS D. Its Explanation is INCORRECT CHOICES EXPLANATION This is a responsibility of operational management in the first line of defense. Sub - Section II Information Security MULTIPLE CHOICE QUESTION NO. 87 Which of the following is not part of the role of the internal auditor when evaluating the effective of physical controls and security? A. Implementing controls to correct control gaps. B. Evaluating "worse case" scenarios. C. Reviewing industry-wide incident statistics. D. Analyzing past incidents. 4059 Sub - Section II Information Security ANSWER TO QUESTION NO. 87 Explanation for Choice B: Physical security includes not only everyday situations but also worst case and disaster scenarios. Planning for worst case scenarios requires identifying what the worst cases are. Explanation for Choice C: Risk cannot be completed eliminated, so it is helpful to know if controls and risk exposure are consistent with similar companies. Explanation for Choice D: Analyzing past incidents is an effective way for the internal auditor to gain an understanding of the risks, controls, and gaps in the controls. 4060 CORRECT ANSWER IS A. Its Explanation is INCORRECT CHOICES EXPLANATION While the auditor should report exposures due to control gaps and may even make recommendations for how to close the gaps, the internal auditor should not implement the controls. Sub - Section II Information Security MULTIPLE CHOICE QUESTION NO. 88 Which of the following security controls would best prevent unauthorized access to sensitive data through an unattended data terminal directly connected to a mainframe? A. Use of a screensaver with a password. B. Use of workstation scripts. C. Automatic logoff of inactive users. D. Encryption of data files. 4061 Sub - Section II Information Security ANSWER TO QUESTION NO. 88 Explanation for Choice A: Data terminals do not normally use screensaver protection. Explanation for Choice B: Scripting is the use of a program to automate a process such as startup. Explanation for Choice D: Encryption of data files will not prevent the viewing of data on an unattended data terminal. 4062 CORRECT ANSWER IS C. Its Explanation is INCORRECT CHOICES EXPLANATION Automatic logoff of inactive users may prevent the viewing of sensitive data on an unattended data terminal. Sub - Section II Information Security MULTIPLE CHOICE QUESTION NO. 89 Which of the following is incorrect with respect to access controls? A. A combination of strategies will provide the strongest form of access controls. B. Keys as physical controls are the weakest and also the most expensive form of access controls. C. Some access controls can be used to maintain employee time and attendance records. D. Some access controls overlap between logical and physical access controls. 4063 Sub - Section II Information Security ANSWER TO QUESTION NO. 89 Explanation for Choice A: A combination of access controls would automatically increase the strength of the control. More security controls would need to be breached to gain access. Explanation for Choice C: Biometric access systems can record when employees have entered and left the premises. Thus, they can be used to maintain employee time and attendance records. Explanation for Choice D: It is true that some access controls can serve as both physical access controls and logical access controls. A biometric access system requires hardware such as a reader (a physical access control) along with a physical characteristic such as blood vessel patterns on the retina, handprints, or voice authentication (logical access controls) to authorize access. 4064 CORRECT ANSWER IS B. Its Explanation is INCORRECT CHOICES EXPLANATION Keys are the least expensive way to manage physical access (not the most expensive way) but are also the weakest way because key scan be copied. Sub - Section II Information Security MULTIPLE CHOICE QUESTION NO. 90 Utility programs can be used to read files that contain all authorized access user codes for a server. A control to prevent this is: A. A password hierarchy. B. A peer-to-peer network. C. Internally encrypted passwords. D. Logon passwords. 4065 Sub - Section II Information Security ANSWER TO QUESTION NO. 90 Explanation for Choice A: A password hierarchy represents a set of interrelated authorization codes to distinguish between action privileges such as reading, adding, or deleting records. Explanation for Choice B: A peer-to-peer network is a system that relies on a series of equal microcomputers for processing. Explanation for Choice D: Logon passwords represent the initial user authorization access codes to the typical system. 4066 CORRECT ANSWER IS C. Its Explanation is INCORRECT CHOICES EXPLANATION Internally encrypted passwords are controls designed to preclude users browsing the password file with a utility software application. Sub - Section II Information Security MULTIPLE CHOICE QUESTION NO. 91 Which of the following statements about a firewall is false? A. A firewall can block port scans from finding computers on a company's network. B. Firewalls act as a barrier between the internal and external network. C. Firewalls can be either hardware-based or software-based. D. Firewalls are an effective barrier from phishing attacks. 4067 Sub - Section II Information Security ANSWER TO QUESTION NO. 91 Explanation for Choice A: This is a true statement. Port scans would be unable to reach the computers on the company's network through the firewall. Explanation for Choice B: This is the definition of a firewall. Explanation for Choice C: This is a true statement. Firewalls can either be a software program installed on a computer either as part of the operating system, or as a separate utility. Firewalls can also be a physical piece of equipment that is installed between the internal network and the Internet. 4068 CORRECT ANSWER IS D. Its Explanation is INCORRECT CHOICES EXPLANATION Firewalls are not an effective barrier against phishing attacks. A phishing attack involves tricking someone into divulging information, and a firewall cannot help prevent someone from releasing private information. A firewall's purpose is to prevent unauthorized access to the company internal network. Sub - Section II Information Security MULTIPLE CHOICE QUESTION NO. 92 To reduce security exposure when transmitting proprietary data over communication lines, a company should use: A. Cryptographic devices. B. Authentication techniques. C. Callback procedures. D. Asynchronous modems. 4069 Sub - Section II Information Security ANSWER TO QUESTION NO. 92 Explanation for Choice B: Authentication techniques confirm that valid users have access to the system. Explanation for Choice C: Callback procedures are used to ensure incoming calls are from authorized locations. Explanation for Choice D: Asynchronous modems handle data streams from peripheral devices to a central processor. 4070 CORRECT ANSWER IS A. Its Explanation is INCORRECT CHOICES EXPLANATION Cryptographic devices protect data in transmission over communication lines. Sub - Section II Information Security MULTIPLE CHOICE QUESTION NO. 93 Which of the following is not considered a smart device? A. Amazon Fire Tablet B. HP Laptop C. Apple iPhone D. Samsung Tablet 4071 Sub - Section II Information Security ANSWER TO QUESTION NO. 93 Explanation for Choice A: The Amazon Fire tablet is an Android-based tablet with the usual tablet capabilities. Explanation for Choice C: The iPhone and Android phones are the two most popular types of smart devices in use. Explanation for Choice D: Samsung tablets run Android OS, a very popular smart device operating system. 4072 CORRECT ANSWER IS B. Its Explanation is INCORRECT CHOICES EXPLANATION Computers are not considered smart devices. Sub - Section II Information Security MULTIPLE CHOICE QUESTION NO. 94 Which of the following is a non-technical type of cybersecurity attack? A. Password attack. B. Buffer overflow attack. C. Denial of service. D. Dumpster diving. 4073 Sub - Section II Information Security ANSWER TO QUESTION NO. 94 Explanation for Choice A: A password attack is an attempt to break into a system by guessing passwords. It is not a non-technical type of cyber security attack. Explanation for Choice B: A buffer overflow attack is designed to send more data than expected to a computer system, causing the system to crash, permitting the attacker to run malicious code, or even allowing for a complete takeover of the system. It is not a non-technical type of cybersecurity attack. Explanation for Choice C: A Denial of Service (DOS) attack occurs when a website or server is accessed so frequently that legitimate users cannot connect to it. It is not a non-technical type of cybersecurity attack. 4074 CORRECT ANSWER IS D. Its Explanation is INCORRECT CHOICES EXPLANATION Two types of cybersecurity attacks can be of a non-technical nature: Social engineering: An individual may pose as a trustworthy co-worker, perhaps someone from the company's IT support department, and politely ask for passwords or other confidential information. Dumpster diving: Sifting through a company's trash may be done in order to find information that can be used either to break into its computers directly or to assist in social engineering. Dumpster diving is a personal, in-person, or non-technical type of cybersecurity risk. Sub - Section II Information Security MULTIPLE CHOICE QUESTION NO. 95 The best defense against a phishing attack is A. employee education. B. anti-sniffers. C. virus scans. D. a firewall. 4075 Sub - Section II Information Security ANSWER TO QUESTION NO. 95 4076 CORRECT ANSWER IS A. Its Explanation is Phishing is a high-tech scam that uses spam email to deceive people into disclosing sensitive personal information such as credit card numbers, bank account information, Social Security numbers, or passwords. Sophisticated phishing scams can create emails that look like the information request is coming from a trusted source, such as state or local government, a bank, or even a coworker. The best defense against phishing in a business is employee education, awareness, and common sense. Potential recipients need to know not to respond to any email that requests personal or financial information or a password and not to click on any link given in such an email that could take them to a spoofed website where they would be asked to enter that information. Sub - Section II Information Security ANSWER TO QUESTION NO. 95 Explanation for Choice B: Anti-sniffers are not a defense against a phishing attack. Phishing is a high-tech scam that uses spam email to deceive people into disclosing sensitive personal information such as credit card numbers, bank account information, Social Security numbers, or passwords. Sophisticated phishing scams can create emails that look like the information request is coming from a trusted source, such as state or local government, a bank, or even a coworker. Explanation for Choice C: Virus scans are not a defense against a phishing attack. Phishing is a high-tech scam that uses spam email to deceive people into disclosing sensitive personal information such as credit card numbers, bank account information, Social Security numbers, or passwords. Sophisticated phishing scams can create emails that look like the information request is coming from a trusted source, such as state or local government, a bank, or even a coworker. Explanation for Choice D: A firewall is not a defense against a phishing attack. Phishing is a high-tech scam that uses spam email to deceive people into disclosing sensitive personal information such as credit card numbers, bank account information, Social Security numbers, or passwords. Sophisticated phishing scams can create emails that look like the information request is coming from a trusted source, such as state or local government, a bank, or even a coworker. 4077 INCORRECT CHOICES EXPLANATION Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 125 An appropriate technique for planning and controlling manufacturing inventories, such as raw materials, components, and subassemblies, whose demand depends on the level of production is: A. Linear programming. B. Material requirements planning. C. Regression analysis. D. Capital budgeting. 4331 Sub - Section III Information Technology ANSWER TO QUESTION NO. 125 Explanation for Choice A: Linear programming is a mathematical technique for maximizing or minimizing a given objective subject to certain constraints. Explanation for Choice C: Regression analysis is a statistical procedure for estimating the relation between variables. Explanation for Choice D: Capital budgeting is used for analyzing and evaluating long-term capital investments. 4332 CORRECT ANSWER IS B. Its Explanation is INCORRECT CHOICES EXPLANATION Material requirements planning (MRP) is a planning and controlling technique for managing dependent-demand manufacturing inventories. Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 126 Which of the following are disadvantages of Enterprise Resource Planning (ERP) systems? I. Re-engineering business processes for the new ERP system is usually required, which is time- consuming. II. Converting data from existing systems to the new ERP system is costly. III. Information technology staff costs increase. IV. An ERP transition can lead to system failures and cause disruptions in various departments of the organization. V. An ERP system has ongoing costs for hardware, system maintenance, and upgrades. VI. Data duplication is reduced. A.I, II, III, IV, and V only. B.I, II, III, IV, V, and VI. C.I, II, and III only. D.I, II, IV, and V only. 4333 Sub - Section III Information Technology ANSWER TO QUESTION NO. 126 4334 CORRECT ANSWER IS D. Its Explanation is Disadvantages of an ERP system include: Business re-engineering (developing business-wide integrated processes for the new ERP system) is usually required to implement an ERP system and it is time-consuming and requires careful planning (I). Converting data from existing systems into the new ERP system can be time-consuming and costly and, if done incorrectly, can result in an ERP system that contains inaccurate information (II). An unsuccessful ERP transition can result in system-wide failures that disrupt production, inventory management, and sales, leading to huge financial losses. Customers who are inconvenienced by the implementation may leave. Because the entire business relies on the new ERP system, it is critical that it be completely functional and completely understood by all employees before it “goes live.” No opportunities are available to “work out the bugs” or “learn the ropes” when the entire business relies on the one system. (IV) Ongoing costs after implementation include hardware costs, system maintenance costs, and upgrade costs (V). Sub - Section III Information Technology ANSWER TO QUESTION NO. 126 Explanation for Choice A: Information technology staff costs usually decrease due to centralizing computer resources instead of each department maintaining its own systems and IT staff. So III, "information technology staff costs increase," is not correct. Explanation for Choice B: Information technology staff costs usually decrease due to centralizing computer resources instead of each department maintaining its own systems and IT staff. So III, "information technology staff costs increase," is not correct. Data duplication is reduced with an ERP system (VI), but that is an advantage, not a disadvantage, so it should not be included. Explanation for Choice C: Information technology staff costs usually decrease due to centralizing computer resources instead of each department maintaining its own systems and IT staff. So III, "information technology staff costs increase," is not correct. The new ERP system may lead to system failures and business disruption (IV), a disadvantage that is omitted in this answer choice. An ERP system has ongoing costs, including hardware costs, system maintenance costs, and upgrade costs (V), a disadvantage that is omitted in this answer choice. 4335 INCORRECT CHOICES EXPLANATION Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 127 Which of the following is false with respect to the COBIT maturity model? A. It is used for comprehensive assessment, gap analyses, and improvement planning. B. It helps professionals explain where IT process management shortcomings exist. C. It permits analysis of IT processes from a nonexistent stage to an optimized process stage. D. It focuses on both capability and performance. 4336 Sub - Section III Information Technology ANSWER TO QUESTION NO. 127 Explanation for Choice A: This is a true statement about the COBIT maturity model. Explanation for Choice B: This is a true statement about the COBIT maturity model. Explanation for Choice C: This is a true statement about the COBIT maturity model. 4337 CORRECT ANSWER IS D. Its Explanation is INCORRECT CHOICES EXPLANATION The COBIT maturity model focuses only on capability. It does not focus on performance. Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 128 IT governance and control frameworks have been developed to provide models, or sets of standardized guidelines, for the management of IT resources and processes. Frameworks provide numerous benefits to an organization. Which of the following is not a benefit of using an IT governance framework? A. The framework provides a higher likelihood of implementing effective governance and controls. B. The framework breaks down groups into objectives and activities. C. The framework provides a benchmark for assessing risks and controls. D. The framework identifies specific roles and responsibilities that need to be met. 4338 Sub - Section III Information Technology ANSWER TO QUESTION NO. 128 4339 CORRECT ANSWER IS B. Its Explanation is A framework does not break down groups into objectives and activities. It is the other way around: a framework breaks down objectives and actions into groups. For example, COBIT 2019, an information and technology framework for the governance and management of enterprise information and technology, breaks down objectives and actions into the following components of an IT governance system and provides specific guidance for each component. Processes: the practices and activities needed to achieve IT goals. Organizational structures: the decision-making entities in the enterprise. Principles, policies, and frameworks: to provide guidance for day-to-day management. Information needed for effective guidance. Culture, ethics, and behavior of the enterprise and the individuals in it. People, skills, and competencies, which are important for making good decisions, for corrective action, and for successful completion of activities. Services, infrastructure, and applications: the infrastructure, technology, and applications used to provide the governance system for information and technology processing. Sub - Section III Information Technology ANSWER TO QUESTION NO. 128 Explanation for Choice A: One of the benefits of using an IT governance and control framework is that it increases the likelihood of implementing effective governance and controls. Explanation for Choice C: One of the benefits of using an IT governance and control framework is that it provides a benchmark for assessing risks and controls. Explanation for Choice D: One of the benefits of using an IT governance and control framework is that it identifies specific roles and responsibilities that need to be met. 4340 INCORRECT CHOICES EXPLANATION Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 129 According to COBIT 2019, which statement represents a key distinction between management and governance? A. Management involves consideration of stakeholder needs and evaluation of conditions and options in order to determine enterprise objectives, whereas governance involves planning, building, running, and monitoring activities in order to achieve the enterprise objectives as set by management. B. Governance is the responsibility of the board of directors under the leadership of its Audit Committee, whereas management is the responsibility of executive management under the leadership of the chair of the board of directors. C. The responsibility of governance is prioritization and decision-making to set direction, whereas the responsibility of management is performance and compliance. D. Governance is the responsibility of the board of directors under the leadership of the chair of the board of directors, whereas management is the responsibility of executive management under the leadership of the chief executive officer. 4341 Sub - Section III Information Technology ANSWER TO QUESTION NO. 129 4342 CORRECT ANSWER IS D. Its Explanation is Governance is the responsibility of the board of directors under the leadership of the chair of the board of directors. It involves ensuring that stakeholder needs are considered; conditions and options are evaluated in order to determine balanced, agreed-upon enterprise objectives; prioritization and decision-making are used to set direction; and performance and compliance are monitored in terms of the agreed-upon direction and enterprise objectives. Management is the responsibility of the executive management under the leadership of the chief executive officer. It involves planning, building, running, and monitoring activities in accordance with the direction set by the body responsible for governance such as the board of directors, in order to achieve the enterprise objectives. Sub - Section III Information Technology ANSWER TO QUESTION NO. 129 Explanation for Choice A: Governance is the responsibility of the board of directors, and it involves ensuring that stakeholder needs are considered and that conditions and options are evaluated in order to determine enterprise objectives. Management involves planning, building, running, and monitoring activities in order to achieve the enterprise objectives as set by the board of directors. Explanation for Choice B: Governance is the responsibility of the board of directors under the leadership of the chair of the board of directors. Management is the responsibility of executive management under the leadership of the chief executive officer. Explanation for Choice C: One of the responsibilities of governance is to ensure that prioritization and decision-making are used to set direction. Another responsibility of governance is to ensure that performance and compliance are monitored in terms of the agreed-upon direction and enterprise objectives. 4343 INCORRECT CHOICES EXPLANATION Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 130 The best evidence that contingency planning is effective is to have: A. Comprehensive documentation of the plan. B. Successful testing of the plan. C. Signoff on the plan by the internal audit activity. D. No processing interruptions during the past year. 4344 Sub - Section III Information Technology ANSWER TO QUESTION NO. 130 Explanation for Choice A: A contingency plan may have comprehensive documentation, but until the plan is tested, an organization has no indication of its effectiveness. Explanation for Choice C: Audit signoff is one indicator of plan quality, but until the plan is tested, an organization has no indication of its effectiveness. Explanation for Choice D: The absence of processing interruptions indicates nothing about the interruptions that might occur in the future, especially those that are not under the organization’s control. 4345 CORRECT ANSWER IS B. Its Explanation is INCORRECT CHOICES EXPLANATION The only way to know whether contingency planning has been effective is to test the plan by simulating an interruption or by conducting a paper test with a walkthrough of recovery procedures. Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 131 Which of the following best describes the primary reason that organizations develop contingency plans for their IT operations? A. To ensure the safety of important records and data files. B. To reduce the cost of insurance. C. To ensure that critical transactions can be processed in the event of any type of disaster. D. To plan for sources of capital for recovery from any type of disaster. 4346 Sub - Section III Information Technology ANSWER TO QUESTION NO. 131 Explanation for Choice A: This would be the primary reason for data and record backups. Explanation for Choice B: This could be considered a secondary reason for a contingency plan. There is a better choice for the primary reason that organizations develop contingency plans for their IT operations. Explanation for Choice D: Sources of capital are rarely included in a contingency plan. 4347 CORRECT ANSWER IS C. Its Explanation is INCORRECT CHOICES EXPLANATION The primary reason for a contingency plan is to restore critical transaction processing to ensure continuity of operations within a reasonable amount of time. Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 132 Systems development audit engagements include reviews at various points to ensure that development is properly controlled and managed. The reviews should include all of the following except: A. Verifying the use of controls and quality assurance techniques for program development, conversion, and testing. B. Conducting a technical feasibility study on the available hardware, software, and technical resources. C. Determining if system, user, and operations documentation conforms to formal standards. D. Examining the level of user involvement at each stage of the development process. 4348 Sub - Section III Information Technology ANSWER TO QUESTION NO. 132 Explanation for Choice A: This ensures the quality in the development process at various points. Explanation for Choice C: Without good documentation, an information system may be difficult, if not impossible, to operate, maintain, or use. Explanation for Choice D: The involvement of users in the development process at various points is important. 4349 CORRECT ANSWER IS B. Its Explanation is INCORRECT CHOICES EXPLANATION A feasibility study should be conducted in the systems analysis stage. Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 133 Database administrators use the Entity-Relationship Model to plan and analyze relational database files and records. Which of the following is not one of the most important relationship types (or cardinalities) used by database administrators in planning and analyzing relational database files and records? A. One-to-many. B. Many-to-many. C. One-to-one. D. None of the above. 4350 Sub - Section III Information Technology ANSWER TO QUESTION NO. 133 Explanation for Choice A: One-to-many is an important type of relationship used by database administrators in planning and analyzing relational database files and records. Explanation for Choice B: Many-to-many is an important type of relationship used by database administrators in planning and analyzing relational database files and records. Explanation for Choice C: One-to-one is an important type of relationship used by database administrators in planning and analyzing relational data base files and records. 4351 CORRECT ANSWER IS D. Its Explanation is INCORRECT CHOICES EXPLANATION All of the answer choices are important types of relationships used by database administrators in planning and analyzing relational database files and records. An entity relationship diagram utilizes symbols to represent the relationships between and among the different entities in the database. The three most important relationship types are one-to-one, one-to-many, and many-to-many. These relationship types are known as database cardinalities and show the nature of the relationship between the entities in the different files or tables within the database. Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 134 Data in a database is structured in various levels from the lowest level to the highest level. Arrange the following data elements according to their hierarchical levels, from the lowest level to the highest level: File Field Record Database A. Field, file, record, database. B. Field, record, file, database. C. Database, field, record, file. D. Field, record, database, file. 4352 Sub - Section III Information Technology ANSWER TO QUESTION NO. 134 Explanation for Choice A: A file is a higher level than a record in the data hierarchy. Explanation for Choice C: The database is the highest level in the data hierarchy, not the lowest. Explanation for Choice D: The database is the highest level in the data hierarchy. 4353 CORRECT ANSWER IS B. Its Explanation is INCORRECT CHOICES EXPLANATION A data field is the first level in the data hierarchy. A field is information that describes one attribute of an item, or entity, in the database such as a person or an object. A record is the second level in the data hierarchy. A database record contains all the information about one item, or entity, in the database. A file, also called a table, is the third level of the data hierarchy. A table is a set of common records. A complete database is the highest level. Several related files or tables make up a database. Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 135 Which of the following statements is false with respect to data definition language (DDL)? A. Data definition language is used to update the stored data in the database. B. Data definition language is used to specify and define data fields. C. Data definition language is used to create the database schema. D. Data definition language is used to create a description of the database organization. 4354 Sub - Section III Information Technology ANSWER TO QUESTION NO. 135 Explanation for Choice B: This is incorrect because it is a true statement. A data definition language (DDL) is used in database development to specify and define data fields, records, and files or tables. Explanation for Choice C: This is incorrect because it is a true statement. A data definition language (DDL) is used in database development to create the database schema. Explanation for Choice D: This is incorrect because it is a true statement. A data definition language (DDL) is used in database development to create a description of the database organization. 4355 CORRECT ANSWER IS A. Its Explanation is INCORRECT CHOICES EXPLANATION Updating the stored data in the database is accomplished by a data manipulation language (DML), not a data definition language. A data definition language (DDL) is used in database development to create the database schema, create a description of the database organization, and to specify and define data fields, records, and files or tables. Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 136 An ERP (Enterprise Resource Planning) system enables the same information to be available across all departments such as purchasing, production, delivery, and sales. This can help in A. All of the above. B. Reducing wasted time. C. Lowering production costs. D. Minimizing duplication of effort. 4356 Sub - Section III Information Technology ANSWER TO QUESTION NO. 136 Explanation for Choice B: Wasted time can be reduced with an ERP system because communication and coordination are improved across departments, leading to efficiencies. Explanation for Choice C: Production costs can be lowered with an ERP system because the improvement in communication and coordination across departments can lead to greater efficiencies in production. However, production costs are not the only thing that can be improved by an ERP system. Explanation for Choice D: Duplication of effort is minimized with an ERP system. However, that is not the only thing that can be improved by an ERP system. 4357 CORRECT ANSWER IS A. Its Explanation is INCORRECT CHOICES EXPLANATION All of the above may be improved with an ERP system. An Enterprise Resource Planning (ERP) system is usually a suite of integrated applications that is used to collect, store, manage, and interpret data across the organization. Often the information is available in real time. The applications share data, facilitating information flow among business functions. Communication and coordination are improved across departments, leading to greater efficiencies in production, planning, and decision-making that can lead to lower production costs, lower marketing expenses, and other efficiencies such as reducing redundancies and wasted time. Data duplication is reduced and labor required to create inputs and distribute and use system outputs is reduced. Potential errors caused by inputting the same data multiple times are reduced. Sub - Section III Information Technology MULTIPLE CHOICE QUESTION NO. 137 Which of the following is not a component of a governance system over information and technology according to the COBIT 2019framework? A. Processes. B. Information. C. Risk assessment. D. Organizational structures. 4358 Sub - Section III Information Technology ANSWER TO QUESTION NO. 137 4359 CORRECT ANSWER IS C. Its Explanation is Risk assessment is not a component of a governance system over information and technology according to the COBIT 2019framework. The COBIT 2019 framework defines seven components of an information and technology governance system as follows: Processes - a set of practices and activities needed to support achievement of IT-related goals. Organizational structures - the primary decision-making entities in the enterprise. Principles, policies, and frameworks - practical guidance for day-to-day management of the enterprise. Information - the information produced and used by the enterprise. Culture, ethics, and behavior - the culture of the enterprise and the ethics and behavior of both the enterprise and the individuals init. People, skills, and competencies - necessary for making good decisions, for corrective action, and successful completion of activities. Services, infrastructure, and applications - the infrastructure, technology, and applications used to provide the governance system for information and technology processing. Sub - Section III Information Technology ANSWER TO QUESTION NO. 137 Explanation for Choice A: Processes, the set of practices and activities needed to support achievement of IT-related goals, is a component of a governance system over information and technology according to the COBIT 2019 framework. Explanation for Choice B: Information produced and used by the enterprise that is needed for effective governance of the enterprise is a component of a governance system over information and technology according to the COBIT 2019 framework. Explanation for Choice D: Organizational structures, the primary decision-making entities within an enterprise, is a component of a governance system over information and technology according to the COBIT 2019 framework. 4360 INCORRECT CHOICES EXPLANATION on your exam day. 14 CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION How to Answer the MCQs in preparation and exams? My preferable way of approaching any MCQ is provided below. Ask yourself three bold phrases in every MCQ. What are the requirements of the question? The requirements of the question are generally presented in the second last or last line of the question. Read it thoroughly and then reread the whole question to filter out the extra information. What is the answer? Read twice the answer choices carefully and then select the best answer. Numerical questions require double-checking of formulas and calculations. If you do not know the answer, make an educated guess. The educated guess is a technique in which you can filter out the two options out of four based on your insights. Now the two options left to be paid attention to. Read the requirements of the question again and then the remaining two answer choices. Select the best one. This way you will increase your odds in favor by 50%. Attempt all the questions in exams even if the testlet is harder, and time management is crucial. You will not be penalized for any incorrect choices being made. Your score is determined out of correct questions only. Mark or Flag all those questions which you want to review in end if the time allows. 15 CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Pearson VUE Testing Site Visit After you schedule your appointment with Pearson VUE, visit the center at least three days before the exam to become familiar with the location. If the center is in a building, make yourself familiar with the security perimeters of the building as well. Make contingency plans to reach the exam center in case of any unexpected circumstances. Double-check the weather conditions in advance of the exam day. Day Before Exam Day This day is also vital in the candidate’s life. Leave all the review, revisions, or attempting the test bank questions at least 24 hours before the exam day. CIA is a professional paper and the candidate has to be ready at any time. You have done enough preparation. Trust in Allah and have confidence in your abilities. You have done enough training. It is now time to showcase your talent. You will be intimidated to see the materials or revise the test bank questions or watch the lecture videos. Keep aside all these urges. Divert your mind to the most enjoyable activity. That enjoyable activity can be praying, meditating, walking in the garden, or even watching a good movie. Arrange all the required documents, clothes, shoes, calculators, funds, and other items in advance. Charge your cell phone if you plan to travel and navigate by Apps. Mobile Data Connection package must be active. Sleep for at least 10 hours at night before the exam day. 16 CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Activities on Exam Day Take a good shower and wear comfortable clothing according to the weather conditions. Have a comprehensive meal that is easily digestible and consume any necessary medicines. Bring printouts of Authorization Letter / Confirmation Letter / Notice to Schedule received through email from Pearson VUE and Institute, mentioning candidate’s name, section part, exam date, time, and venue. Two original forms of non-expired identification with photograph and signature are required. Therefore, bring an unexpired and signed passport and national identity card / driver’s license along with you. Reach the exam center at least 60 minutes’ prior of your appointment time. Drink coffee or tea before the exam so that you are charged enough. Visit the washroom before the start of exam. The mobile phone has to be switched off and placed in a locker along with wallets. You will not be given any complimentary breaks during the 3-hour exam. However, you can take one for taking a slight break for recharging yourself, visiting the washroom and having water. However, the clock will continue to run. Do not make noise or stand up from the seat without permission. Raise your hand first. The invigilator will visit you, and then you can ask for pens, extra sheets for working, or taking a break or any malfunction encountered in exams. Once you finish your exam, review the mark or flagged questions and try to attempt in the remaining time period. Your score is based on the number of questions you answer correctly. You are not penalized for selecting the wrong answer. Make sure to submit your exam and watch for the incoming message from the system for acknowledging your submitted questions. 17 LETTER FROM MUHAMMAD ZAIN 06 September 2021 Dear CIA, May Peace, Blessings, and Mercy of Allah be upon you, to all the Messengers of Allah and, in particular, on the Noble and Final Messenger Prophet Muhammad (Peace Be Upon Him), his Family, and his Companions. Be a symbol of excellence in your life. Always dream big and think beyond the dimensions of the Universe. Man is made to conquer the seven Heavens. Explore the purpose of your existence and discover the enormous potential that is within oneself. Having faith and trust in Creator will give you the light in the darkness and unchartered territories. There is always a silver lining beneath the dark skies. A creative mindset makes life simple. Work on your passion by synchronizing your soul, heart, and mind. We all will die one day, but only a few dare to live the life they wish for. The Creator has created the entire Universe in six days. There is a great potential to discover the magnificent beauty that remains unexplored to date. This is only possible by seeking knowledge and applying them in our daily lives. We are living in end times and witnessing a moment that humanity has not ever experienced before. This is the digital transformation age. Artificial Intelligence, Blockchain Technology, Cryptocurrency, Business Intelligence, and Big Data are business norms. All the information is available in the blink of an eye. Whatever we think in mind comes in front of our screens. These advancements will change the dynamics of the whole world we live in today. All the traditional and so-called “modern” methods of doing work will be replaced by cloud computing. The work of accountants, doctors, engineers, pilots will no longer exist. The irredeemable paper money will be replaced by electronic money. Central Governments will only exist in name only. Universal Government and a unified taxation system will emerge. Virtual reality will be ordinary. Blind will be able to see, deaf will be able to hear, without limbs persons will be able to run, and mentally disabled people will utilize the maximum brain capacity through mental chip implants. Teleportation of humans will be done in a blink of an eye. 18 My advice to all readers around the world is to focus on entrepreneurship after the certification. This is the only way of survival. Only those businesses are operational who have inelastic demand for their products or services and who are on cloud computing / virtual workplaces. Furthermore, invest surplus funds in real assets such as Gold, Silver, and property. They are the effective hedges against inflation and devaluation. They generate positive returns even in times of economic distress. I highly recommend that my potential readers pay their interest-bearing debt at the earliest to avoid the debt trap and never go for this easy money for the foreseeable future, even in the form of credit cards. Housing loans are the blood- sucking predator. These are all the means to enslave the human race to limit their thinking and imagination capability. Always spend out of your realized income. Save some funds for your family as a contingency measure. Allow me the opportunity to present to you the 2022 edition of CIA Challenge Exam Test Bank Questions. This Test Bank contains the 2,145 MCQs with explanation to the correct and incorrect choices to help you prepare for CIA exams conducted by IIA. This CIA Exam Prep is ideal for all persons BOOKS WRITTEN BY MUHAMMAD ZAIN 4361 4362 LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CIA Challenge Exam Test Bank Questions (06 September 2021) Web: https://zainacademy.us/product/cia-challenge-exam-test-bank-questions-2022/ Web: https://mzain.org/product/cia-challenge-exam-test-bank-questions-2022/ CIA Part 2 Test Bank Questions (26 August 2021) Web: https://zainacademy.us/product/cia-part-2-test-bank-questions-2022/ Web: https://mzain.org/product/cia-part-2-test-bank-questions-2022/ CIA Part 1 Test Bank Questions 2022 (16 August 2021) Web: https://zainacademy.us/product/cia-part-1-test-bank-questions-2022/ Web: https://mzain.org/product/cia-part-1-test-bank-questions-2022/ CPA Auditing and Attestation 2021 (26 July 2021) Web: https://zainacademy.us/product/cpa-auditing-and-attestation-2021/ Web: https://mzain.org/product/cpa-auditing-and-attestation-2021/ https://zainacademy.us/product/cia-part-2-test-bank-questions-2022/ https://mzain.org/product/cia-challenge-exam-test-bank-questions-2022/ https://zainacademy.us/product/cia-part-2-test-bank-questions-2022/ https://mzain.org/product/cia-part-1-test-bank-questions-2022/ https://zainacademy.us/product/cia-part-1-test-bank-questions-2022/ https://mzain.org/product/cia-part-1-test-bank-questions-2022/ https://zainacademy.us/product/cpa-auditing-and-attestation-2021/ https://mzain.org/product/cpa-auditing-and-attestation-2021/ 4363 LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CIA Review Complete 2021 (15 June 2021) Web: https://zainacademy.us/product/cia-review-complete-2021/ Web: https://mzain.org/product/cia-review-complete-2021/ CIA Part 2 Practice of Internal Auditing 2021 (05 May 2021) Web: https://zainacademy.us/product/cia-part-2-practice-of-internal-auditing-2021/ Web: https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2021/ CIA Challenge Exam Study Book 2021 (03 May 2021) Web: https://zainacademy.us/product/cia-challenge-exam-study-book-2021/ Web: https://mzain.org/product/cia-challenge-exam-study-book-2021/ CIA Part 1 Essentials of Internal Auditing 2021 (23 April 2021) Web: https://zainacademy.us/product/cia-part-1-essentials-of-internal-auditing-2021/ Web: https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2021/ https://zainacademy.us/product/cia-review-complete-2021/ https://mzain.org/product/cia-review-complete-2021/ https://zainacademy.us/product/cia-part-2-practice-of-internal-auditing-2021/ https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2021/ https://zainacademy.us/product/cia-challenge-exam-study-book-2021/ https://mzain.org/product/cia-challenge-exam-study-book-2021/ https://zainacademy.us/product/cia-part-1-essentials-of-internal-auditing-2021/ https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2021/ 4364 LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CIA Part 3 Business Knowledge for Internal Auditing 2021 (14 April 2021) Web: https://zainacademy.us/product/cia-part-3-2021/ Web: https://mzain.org/product/cia-part-3-2021/ CMA Preparation Pack 2021 (24 March 2021) Web: https://zainacademy.us/product/cma-preparation-pack-2021/ Web: https://mzain.org/product/cma-preparation-pack-2021/ CMA Part 1 Preparation Pack 2021 (22 March 2021) Web: https://zainacademy.us/product/cma-part-1-preparation-pack-2021/ Web: https://mzain.org/product/cma-part-1-preparation-pack-2021/ CMA Part 2 Preparation Pack 2021 (12 February 2021) Web: https://zainacademy.us/product/cma-part-2-preparation-pack-2021/ Web: https://mzain.org/product/cma-part-2-preparation-pack-2021/ CIA Challenge Exam Test Bank Questions 2021 (26 November 2020) Web: https://zainacademy.us/product/cia-challenge-exam-2021/ Web: https://mzain.org/product/cia-challenge-exam-2021/ https://zainacademy.us/product/cia-part-3-2021/ https://mzain.org/product/cia-part-3-2021/ https://zainacademy.us/product/cma-preparation-pack-2021/ https://mzain.org/product/cma-preparation-pack-2021/ https://zainacademy.us/product/cma-part-1-preparation-pack-2021/ https://mzain.org/product/cma-part-1-preparation-pack-2021/ https://zainacademy.us/product/cma-part-2-preparation-pack-2021/ https://mzain.org/product/cma-part-2-preparation-pack-2021/ https://zainacademy.us/product/cia-challenge-exam-2021/ https://mzain.org/product/cia-challenge-exam-2021/ 4365 LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CIA Part 3 Test Bank Questions 2021 (22 November 2020) Web: https://zainacademy.us/product/cia-part-3-test-bank-questions-2021/ Web: https://mzain.org/product/cia-part-3-test-bank-questions-2021/ CIA Part 1 Test Bank Questions 2021 (28 September 2020) Web: https://zainacademy.us/product/cia-part-1-test-bank-questions-2021/ Web: https://mzain.org/product/cia-part-1-test-bank-questions-2021/ CIA Part 2 Test Bank Questions 2021 (10 September 2020) Web: https://zainacademy.us/product/cia-part-2-test-bank-2021/ Web: https://mzain.org/product/cia-part-2-test-bank-questions-2021/ CMA Part 2 Strategic Financial Management 2020 (21 April 2020) Web: https://zainacademy.us/product/cma-part-2-2020/ Web: https://mzain.org/product/cma-part-2-strategic-financial-management-2020/ https://zainacademy.us/product/cia-part-3-test-bank-questions-2021/ https://mzain.org/product/cia-part-3-test-bank-questions-2021/ https://zainacademy.us/product/cia-part-1-test-bank-questions-2021/ https://mzain.org/product/cia-part-1-test-bank-questions-2021/ https://zainacademy.us/product/cia-part-2-test-bank-2021/ https://mzain.org/product/cia-part-2-test-bank-questions-2021/ https://zainacademy.us/product/cma-part-2-2020/ https://mzain.org/product/cma-part-2-strategic-financial-management-2020/ 4366 LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CMA Part 1 Financial Planning, Performance and Analytics 2020 (01 February 2020) Web: https://zainacademy.us/product/cma-part-1-study-book-2020/ Web: https://mzain.org/product/cma-part-1-financial-planning-performance-and-analytics-2020/ CIA Part 2 Test Bank Questions 2020 (24 December 2019) Web: https://zainacademy.us/product/cia-part-2-test-bank-2020/ Web: https://mzain.org/product/cia-part-2-test-bank-questions-2020/ CIA Part 3 Test Bank Questions 2020 (14 December 2019) Web: https://zainacademy.us/product/cia-part-3-test-bank-2020/ Web: https://mzain.org/product/cia-part-3-test-bank-questions-2020/ CIA Part 1 Test Bank Questions 2020 (08 December 2019) Web: https://zainacademy.us/product/cia-part-1-test-bank-2020/ Web: https://mzain.org/product/cia-part-1-test-bank-questions-2020/ https://zainacademy.us/product/cma-part-1-study-book-2020/ https://mzain.org/product/cma-part-1-financial-planning-performance-and-analytics-2020/ https://zainacademy.us/product/cia-part-2-test-bank-2020/ https://mzain.org/product/cia-part-2-test-bank-questions-2020/ https://zainacademy.us/product/cia-part-3-test-bank-2020/ https://mzain.org/product/cia-part-3-test-bank-questions-2020/ https://zainacademy.us/product/cia-part-1-test-bank-2020/ https://mzain.org/product/cia-part-1-test-bank-questions-2020/ 4367 LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CIA Part 2 Practice of Internal Auditing 2020 (25 September 2019) Web: https://zainacademy.us/product/cia-part-2-2020/ Web: https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2020/ CIA Part 1 Essentials of Internal Auditing 2020 (12 September 2019) Web: https://zainacademy.us/product/cia-part-1-2020/ Web: https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2020/ CPA Business Environment and Concepts (BEC) 2019 (22 July 2019) Web: https://zainacademy.us/product/cpa-business-environment-and-concepts-bec-2019/ Web: https://mzain.org/product/cpa-business-environment-and-concepts-bec-2019/ CIA Part 2 Practice of Internal Auditing 2019 (11 April 2019) Web: https://zainacademy.us/product/cia-part-2-practice-of-internal-auditing-2019/ Web: https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2019/ https://zainacademy.us/product/cia-part-2-2020/ https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2020/ https://zainacademy.us/product/cia-part-1-2020/ https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2020/ https://zainacademy.us/product/cpa-business-environment-and-concepts-bec-2019/ https://mzain.org/product/cpa-business-environment-and-concepts-bec-2019/ https://zainacademy.us/product/cia-part-2-practice-of-internal-auditing-2019/ https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2019/ 4368 LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CIA Part 1 Essentials of Internal Auditing 2019 (17 February 2019) Web: https://zainacademy.us/product/cia-part-1-essentials-of-internal-auditing-2019/ Web: https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2019/ CIA Part 3 Business Knowledge for Internal Auditing 2019 (05 January 2019) Web: https://zainacademy.us/product/cia-part-3-business-knowledge-for-internal-auditing-2019/ Web: https://mzain.org/product/cia-part-3-business-knowledge-for-internal-auditing-2019/ Certified Management Accountant (CMA) Part 1 2019 (07 October 2018) Web: https://zainacademy.us/product/cma-part-1-financial-reporting-planning-performance-and-control- 2019/ Web: https://mzain.org/product/cma-part-1-financial-reporting-planning-performance-and-control-2019/ Certified Management Accountant (CMA) Part 2 2019 (13 September 2018) Web: https://zainacademy.us/product/cma-part-2-financial-decision-making-2019/ Web: https://mzain.org/product/cma-part-2-financial-decision-making-2019/ https://zainacademy.us/product/cia-part-1-essentials-of-internal-auditing-2019/ https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2019/ https://zainacademy.us/product/cia-part-3-business-knowledge-for-internal-auditing-2019/ https://mzain.org/product/cia-part-3-business-knowledge-for-internal-auditing-2019/ https://zainacademy.us/product/cma-part-1-financial-reporting-planning-performance-and-control-2019/ https://mzain.org/product/cma-part-1-financial-reporting-planning-performance-and-control-2019/ https://zainacademy.us/product/cma-part-2-financial-decision-making-2019/ https://mzain.org/product/cma-part-2-financial-decision-making-2019/ 4369 4370 QUOTES THAT WILL CHANGE YOUR LIFE These are the quotes that have made me what I am today. You can also be the one in your Universe: • We are born in one day. We die in one day. We can change in one day. And we can fall in love in one day Anything can happen in just one day. The finest of the brains are in an extreme level of slavery. For them, career and job are important than financial freedom and peace of soul. You will be replaced in a day or two when you leave this world for eternal life. Not understanding this point will lead to a dead-end tunnel. Seek certification to change your world, well-being, and, most important yourself. • Excellence, Creativity, Passion, and Patience are key ingredients to become a Star. • Get up and Hustle. Chase your dreams. Turn your dreams into reality by showing up every day. 4371 QUOTES THAT WILL CHANGE YOUR LIFE • Have Confidence. You can do it. You have the capacity and potential to reach the top. Just believe in your abilities and chase your dream. • Dream is what seen by an open eye, not with the closed one. • Dreams don’t work unless you do. • What we learn becomes a part of who we are. • The right way to start your day is to focus on end goal. • Sometimes the bad things that happen in our lives put us directly on the path to the best things that will ever happen to us. • A creative man is motivated by the desire to achieve, not by the desire to beat others. • Twenty years from now you will be more disappointed by the things that you didn’t do than by the ones you did do. So throw off the bowlines. Sail away from the safe harbor. Catch the trade winds in your sails. Explore. Dream. Discover. 4372 QUOTES THAT WILL CHANGE YOUR LIFE • It does not matter how slow you go. So long as you don’t stop. • It is never too late to begin. • If it scares you, it might be a good thing to try. • There is only you and your camera. The limitations in your photography are in yourself, for what we see is what we are. • Creativity is Intelligence having fun. • All progress takes place out of comfort zone, so when are you starting. • Everything you have ever wanted is on the other side of fear. • When everything seems to be going against you, remember that the airplane takes off against the wind, not with it. 4373 QUOTES THAT WILL CHANGE YOUR LIFE • Unexpected kindness is the most powerful, least costly, and most underrated agent of human change. • Sometimes courage is the quiet voice at the end of the day saying I will try again tomorrow. • Sometimes you win, sometimes you learn. • Do something today that your future self will thank you for. • The past has no power over the present moment. So forget about your failures and start a new day. • Most of the important things in the world have been accomplished by people who have kept on trying when there seemed to be no help at all. • Your imagination is everything. It is the preview of life’s coming attractions. Only those who believe anything is possible can achieve things most would consider impossible. • Don’t let the noise of others’ opinions drown out your own inner voice. • Have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary. 4374 QUOTES THAT WILL CHANGE YOUR LIFE • Your time is limited, so don’t waste it living someone else’s life. • Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose. You are already naked. There is no reason not to follow your heart. • Your work is going to fill large part of your life and the only way to be truly satisfied is to do what you believe is great work. The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you will know when you find it. • Success doesn’t come from what you do occasionally. It comes from what you do consistently. • If opportunity doesn’t knock, build a door. • The things you regret most in life are the risks you didn’t take. • Every successful person was once an unknown person that refused to give up on their dream. • Life is too short to be working for someone else’s dream. 4375 QUOTES THAT WILL CHANGE YOUR LIFE • It always seems impossible until it’s done. • Innovation distinguishes between a leader and a follower. • Success is not final; failure is not fatal. It is the courage to continue that counts. • Every problem is a gift. Without problems, we would not grow. • There is no shortage of remarkable ideas, what’s missing is the will to execute them. • Forget past mistakes. Forget failures. Forget everything except what you are going to do now and do it. • Many of life’s failure are people who did not realize how close they were to success when they gave up. • If something is important enough, or you believe something is important enough, even if you are scared, you will keep going. 4376 QUOTES THAT WILL CHANGE YOUR LIFE • The best way to predict the future is to create it. • The only strategy that is guaranteed to fail is not taking risks. • Only those who will risk going too far can possibly find out how far one can go. • Don’t waste words on people who deserve your silence. Sometimes the most powerful thing you can say is nothing at all. Title Cover Let's Connect With Each Other Index Preface CIA - Basic Information Letter from Muhammad Zain Section A - Essentials of Internal Auditing Sub - Section I Foundations of Internal Auditing Sub - Section II Independence and Objectivity Sub - Section III Proficiency and Due Professional Care Sub - Section IV Quality Assurance and Improvement Program Sub Section V Governance, Risk Management and Controls Sub - Section VI Fraud Risks Section B - Practice of Internal Auditing Sub - Section I Managing the Internal Audit Activity Sub - Section II Planning the Engagement Sub - Section III Performing the Engagement Sub - Section IV Communicating Engagement Results and Monitoring Progress Section C - Business Knowledge for Internal Auditing Sub - Section I Business Acumen Sub - Section II Information Security Sub - Section III Information Technology Books Written by Muhammad Zain Quotes That Will Change Your Life About The Author working in internal auditing, risk management and compliance reporting positions. It also equally suitable for those candidates who wish to learn the concepts and principles of Internal Audit. Aspiring entrepreneurs can also benefit from this CIA review course. Study with complete dedication and commitment. Make the goal of learning something new and different each day. Replace your fear with curiosity. LETTER FROM MUHAMMAD ZAIN 19 Let’s work together towards the common goal of earning a Certified Internal Auditor (CIA) credential. My support and guidance will be with you TILL YOU PASS THE EXAMS. Furthermore, you can ask as many questions as you wish to either through WhatsApp (+92 311 222 4261) or email (help@zainacademy.us and help@mzain.org), and I will answer to the best of my ability. Your work is going to fill a large part of your life and the only way to be truly satisfied is to do what you believe is great work. The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you will know when you find it. Have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary. Your imagination is everything. It is the preview of life’s coming attractions. Only those who believe anything is possible can achieve things most would consider impossible. Don’t let the noise of others’ opinions drown out your own inner voice. Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose. You are already naked. There is no reason not to follow your heart. LETTER FROM MUHAMMAD ZAIN mailto:help@zainacademy.us mailto:help@mzain.org 20 Your time is limited, so don’t waste it living someone else’s life. I dedicate this work to the Prophet Muhammad (Peace Be Upon Him), Mercy to all the Creation, who has been the source of inspiration and guidance to humanity. May the Knowledge delivered by me shall be a continuing blessing for me in the Life Hereafter (Ameen). With Love and Care, Muhammad Zain LETTER FROM MUHAMMAD ZAIN 22 Sub - Section I Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 51 Which of the following is an element of authority that should be included in the internal audit activity's charter? A. Access to the external auditors' engagement records. B. Access to records, personnel, and physical properties relevant to the performance of engagements. C. Identification of the organizational units in which engagements are to be performed. D. Samples of the types of disclosures that should be made to the audit committee. 123 Sub - Section I Foundations of Internal Auditing ANSWER TO QUESTION NO. 51 Explanation for Choice A: This would not be included in the internal audit activity's charter. Explanation for Choice C: This would not be included in the internal audit activity's charter. Explanation for Choice D: This would not be included in the internal audit activity's charter. 124 CORRECT ANSWER IS B . Its Explanation is This would be included in the internal audit activity's charter. INCORRECT CHOICES EXPLANATION Sub - Section I Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 52 Which of the following would be permissible under The IIA’s Code of Ethics? A. An auditor did not report significant observations about illegal activity to the board because management indicated that it would resolve the issue. B. After praising an employee in a recent audit engagement communication, an auditor accepted a gift from the employee. C. An auditor used audit-related information in a decision to buy stock issued by the employer corporation. D. In response to a subpoena, an auditor appeared in a court of law and disclosed confidential, audit-related information thatcould potentially damage the auditor’s organization. 125 Sub - Section I Foundations of Internal Auditing ANSWER TO QUESTION NO. 52 Explanation for Choice A: Rule of Conduct 1.3 prohibits auditors from knowingly being a party to any illegal or improper activity. Significant observations of illegal activity should be reported to the board. Explanation for Choice B: Rule of Conduct 2.2 prohibits auditors from accepting anything that might be presumed to impair the auditor’s professional judgment. Explanation for Choice C: Rule of Conduct 3.2 prohibits auditors from using audit information for personal gain. 126 CORRECT ANSWER IS D . Its Explanation is Auditors must exhibit loyalty to the organization but must not be a party to any illegal activity. Thus, auditors must comply with legal subpoenas. INCORRECT CHOICES EXPLANATION Sub - Section I Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 53 According to the IIA Code of Ethics, which of the following are four principles relevant to the professional care that internal auditors should apply in their practice of internal auditing? A. Judgment, interest, authority, and experience. B. Trust, communication, value, and performance. C. Integrity, objectivity, confidentiality, and competency. D. Reliance, evaluation, information, and service. 127 Sub - Section I Foundations of Internal Auditing ANSWER TO QUESTION NO. 53 Explanation for Choice A: These are not the four principles that are included in the IIA's Code of Ethics. Explanation for Choice B: These are not the four principles that are included in the IIA's Code of Ethics. Explanation for Choice D: These are not the four principles that are included in the IIA's Code of Ethics. 128 CORRECT ANSWER IS C . Its Explanation is These are the four principles that are included in the IIA's Code of Ethics. INCORRECT CHOICES EXPLANATION Sub - Section I Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 54 An internal auditing team has made observations and recommendations that should significantly improve a division’s operating efficiency. Out of appreciation of this work, and because it is the holiday season, the division manager presents the in-charge internal auditor with a gift of moderate value. Which of the following best describes the action prescribed by The IIA Code of Ethics? A. Not accept it if the gift is presumed to impair the internal auditor's judgment. B. Not accept it prior to submission of the final engagement communication. C. Not accept it, regardless of other circumstances, because its value is significant. D. Accept it, regardless of other circumstances, because its value is insignificant. 129 Sub - Section I Foundations of Internal Auditing ANSWER TO QUESTION NO. 54 Explanation for Choice B: The timing of accepting the gift is irrelevant. Explanation for Choice C: The Rule of Conduct states that the internal auditor shall not accept "anything" that may impair, or be presumed to impair judgment. Explanation for Choice D: The Rule of Conduct states that the internal auditor shall not accept "anything" that may impair, or be presumed to impair judgment. 130 CORRECT ANSWER IS A . Its Explanation is Rule of Conduct 2.2 states that internal auditors shall not accept anything that may impair, or be presumed to impair their professional judgment. Thus, the gift should not be accepted if it presumes to impair the internal auditor’s judgment. INCORRECT CHOICES EXPLANATION Sub - Section I Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 55 According to the IIA Code of Ethics, the principle of integrity requires internal auditors to do which of the following? A. Be prudent in the use and protection of the information acquired in the course of their duties. B. Respect and contribute to the legitimate and ethical objectives of the organization. C. Continually improve their proficiency, effectiveness, and quality of services. D. Not accept anything that may impair or be presumed to impair their professional judgment. 131 Sub - Section I Foundations of Internal Auditing ANSWER TO QUESTION NO. 55 Explanation for Choice A: This is a requirement of the principle of Confidentiality. Explanation for Choice C: This is a requirement of the principle of Competency. Explanation for Choice D: This is a requirement of the principle of Objectivity 132 CORRECT ANSWER IS B . Its Explanation is This is a requirement of the principle of Integrity. INCORRECT CHOICES EXPLANATION Sub - Section I Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 56 Which of the following actions taken by a chief audit executive (CAE) could be considered professionally ethical under the IIA Code of Ethics? A. To save organizational resources, the CAE limits procedures at foreign branches to confirmations from branch managers that no major personnel changes have occurred. B. The CAE refuses to provide information about organizational operations to his father, who is a part owner. C. The CAE decides to delay an engagement at a branch so that his nephew, the branch manager, will have time to "clean things up." D. To save organizational resources, the CAE cancels all staff training for the next 2 years on the basis that all staff are too new to benefit from training. 133 Sub - Section I Foundations of Internal Auditing ANSWER TO QUESTION NO. 56 Explanation for Choice A: Rule of Conduct 4.2 states that internal auditors shall perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing. Based on the Standards, information should be sufficient, reliable, relevant, and useful to achieve the engagement objectives. Explanation for Choice C: Rule of Conduct 1.1 states that internal auditors shall perform their work with honesty, diligence, and responsibility. Deciding to delay an engagement so the branch manager (his nephew) will have time to "clean things up" would not be considered professionally ethical. Explanation for Choice D: Rule of Conduct 4.3 states that internal auditors shall continually improve their proficiency and the effectiveness and quality of their services. Canceling staff training for the next two years would not contribute to improving the staff’s proficiency, effectiveness, or quality of their services.134 CORRECT ANSWER IS B . Its Explanation is Rule of Conduct 3.1 states that internal auditors shall be prudent in the use and protection of information acquired in the course of their duties. Thus, refusing to provide information about operations to the CAE's father would be appropriate since the information could be used for insider trading. INCORRECT CHOICES EXPLANATION Sub - Section I Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 57 An internal auditor who encounters an ethical dilemma not explicitly addressed by The IIA’s Code of Ethics should always: A. Seek the counsel of the audit committee before deciding on an action. B. Act consistently with the employing organization’s code of ethics, even if such action would not be consistent with The IIA’s Code of Ethics. C. Take action consistent with the principles embodied in The IIA’s Code of Ethics. D. Seek counsel from an independent attorney to determine the personal consequences of potential actions. 135 Sub - Section I Foundations of Internal Auditing ANSWER TO QUESTION NO. 57 Explanation for Choice A: It would not be practical to seek the audit committee’s advice for all potential dilemmas. Further, the advice might not be consistent with the profession’s standards. Explanation for Choice B: If the organization’s standards are not consistent with, or as high as, the profession’s standards, the professional internal auditor should abide by the standards of the profession. Explanation for Choice D: The auditor must act consistently with the spirit embodied in The IIA’s Code of Ethics. It would not be practical to seek the advice of legal counsel for all ethical decisions. Ethics is a moral and professional concept, not just a legal concept. 136 CORRECT ANSWER IS C . Its Explanation is This is consistent with the concepts embodied in The IIA’s Code of Ethics. INCORRECT CHOICES EXPLANATION Sub - Section I Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 58 Which of the following is a Core Principle for the Professional Practice of Internal Auditing? A. Maintain confidentiality. B. Develop consistency in internal audit practices. C.Is appropriately positioned and adequately resourced. D. Promote an ethical culture in the internal audit profession. 137 Sub - Section I Foundations of Internal Auditing ANSWER TO QUESTION NO. 58 Explanation for Choice A: This is a principle of The IIA’s Code of Ethics but not one of the Core Principles. Explanation for Choice B: This is not a Core Principle, nor is it something even desirable across the internal audit profession, as practice will vary depending on organizational environment, culture, and level of maturity of the audit function. Explanation for Choice D: This is the purpose of The IIA’s Code of Ethics. 138 CORRECT ANSWER IS C . Its Explanation is This is one of the 10 Core Principles. INCORRECT CHOICES EXPLANATION Sub - Section I Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 59 The function of internal auditing, as related to internal financial reports, would be to: A. Identify inadequate controls that increase the likelihood of unauthorized expenditures. B. Determine if there are any employees expending funds without authorization. C. Review the expenditure items and match each item with the expenses incurred. D. Ensure compliance with reporting procedures. 139 Sub - Section I Foundations of Internal Auditing ANSWER TO QUESTION NO. 59 Explanation for Choice B: This would be a function of the personnel and/or finance departments. Explanation for Choice C: There is no expected match of funds flows with expense items in a single time period. Explanation for Choice D: The Standards do not require internal auditors to ensure compliance with reporting procedures. 140 CORRECT ANSWER IS A . Its Explanation is Internal auditors are responsible for identifying inadequate controls. INCORRECT CHOICES EXPLANATION Sub - Section I Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 60 An auditor, nearly finished with an engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the CAE but performs no further follow-up. The auditor’s actions would: A. Be in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud. B. Be in violation of The IIA’s Code of Ethics for withholding meaningful information. C. Not be in violation of either The IIA’s Code of Ethics or Standards. D. Be in violation of both The IIA’s Code of Ethics for withholding meaningful information and Be in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud. 141 Sub - Section I Foundations of Internal Auditing ANSWER TO QUESTION NO. 60 Explanation for Choice A: The auditor has documented a red flag that may be important in a subsequent engagement. This does not violate the Standards. Explanation for Choice B: The auditor is not withholding information because the information has been forwarded to the CAE. The information may be useful in a subsequent engagement in the marketing area. Explanation for Choice D: The auditor is not withholding information because the information has been forwarded to the CAE. The information may be useful in a subsequent engagement in the marketing area. The auditor has documented a red flag that may be important in a subsequent engagement. This does not violate the Standards. 142 CORRECT ANSWER IS C . Its Explanation is There is no violation of either the Code of Ethics or the Standards. INCORRECT CHOICES EXPLANATION 143 Sub - Section II Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 34 Which of the following activities undertaken by the internal auditor might be in conflict with the standard of independence? A. External audit liaison. B. Product development team leader. C. Risk management consultant. D. Ethics advocate. 210 Sub - Section II Independence and Objectivity ANSWER TO QUESTION NO. 34 Explanation for Choice A: This does not conflict with the independence of the internal audit activity as the internal and external audit functions both share information and work collaboratively outside the influence of management. Explanation for Choice C: This does not conflict with the independence of the internal audit activity. Explanation for Choice D: To improve the ethical climate, the internal auditor should assume the role of ethics advocate, which therefore does not conflict with the independence of the internal audit activity. 211 CORRECT ANSWER IS B . Its Explanation is In some circumstances, such as a product development team, the role of team leader or member may conflict with the independence attribute of the internal audit activity. The auditor can participate as a consultant to the team but should not participate as a team leader. INCORRECT CHOICES EXPLANATION Sub - Section II Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 35 Organizational independence exists if the CAE reports [Blank A] to the CEO or similar level of the organization as long as the internal audit activity [Blank B] without interference A. Blank A: functionally; Blank B: controls the scope and performance of work and reporting of results. B. Blank A: functionally; Blank B: approves the internal audit budget and risk-based internal audit plan. C. Blank A: administratively; Blank B: controls the scope and performance of work and reporting of results. D. Blank A: administratively; Blank B: approved the internal audit budget and risk-based internal audit plan. 212 Sub - Section II Independence and Objectivity ANSWER TO QUESTION NO. 35 Explanation for Choice A: See the correct answer for an explanation. Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice D: See the correct answer for an explanation. 213 CORRECT ANSWER IS C . Its Explanation is IIA Standard 1110 states that the CAE “must confirm to the board, at least annually, the organizational independence of the internal audit activity.” Organizational independence exists if the CAE: Reports functionally to the board, has direct and unrestricted access to the board, reports administratively to the CEO or a similar head of the organization, or reports administratively to some other organizational level so long as the internal audit activity controls the scope of work, performance of the work, and the reporting of results without interference. INCORRECT CHOICES EXPLANATION Sub - Section II Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 36 Which of the following describes the chief audit executive's optimal reporting line to enhance the independence of the internal audit activity? A. Administrative reporting to the chief financial officer. B. Functional reporting to the audit committee. C. Administrative reporting to the board. D. Functional and administrative reporting to the president of the organization. 214 Sub - Section II Independence and Objectivity ANSWER TO QUESTION NO. 36 Explanation for Choice A: Administrative reporting should be to the CEO. Explanation for Choice C: Administrative reporting should be to the CEO. Explanation for Choice D: Administrative reporting should be to the CEO and functional reporting should be to the audit committee. 215 CORRECT ANSWER IS B . Its Explanation is In the proper reporting structure, the CAE should report functionally to the audit committee and administratively to the CEO. INCORRECT CHOICES EXPLANATION Sub - Section II Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 37 The independence of the internal audit department may be impaired in which of the following situations? A. The CAE reports functionally to the board of directors. B. The CAE has an established reporting relationship with the audit committee. C. The internal audit department has responsibility for the organization’s risk and compliance areas. D. The internal audit department has unrestricted access to information, people, and records throughout the organization. 216 Sub - Section II Independence and Objectivity ANSWER TO QUESTION NO. 37 Explanation for Choice A: Standard 1110 interpretation states: “Organizational independence is effectively achieved when the CAE reports functionally to the board.” Explanation for Choice B: According to IIA Practice Guide, Independence and Objectivity, direct and unrestricted access to the governing body allows the internal activity to be insulated form possible threats to independence. Explanation for Choice D: This would not impair the independence of the internal audit department. 217 CORRECT ANSWER IS C . Its Explanation is The interpretation of Standard 1112 notes that organizational independence may be impaired or appear to be impaired if the CAE assumes roles/responsibilities outside of internal auditing. Standard 1112 states that if this occurs, safeguards must be in place to limit impairments to independence or objectivity. INCORRECT CHOICES EXPLANATION Sub - Section II Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 38 The call center of an organization has requested that the internal audit department review procedures and controls during the implementation of a new process. The CAE should: A. Accept the engagement but indicate to management that, because recommending controls impairs independence, future engagements in the area will be impaired. B. Not accept the engagement because recommending controls would impair future objectivity regarding this operation. C. Not accept the engagement because internal audit activities are presumed to have expertise regarding accounting controls, not process controls. D. Accept the engagement because individual objectivity will not be impaired. 218 Sub - Section II Independence and Objectivity ANSWER TO QUESTION NO. 38 Explanation for Choice A: According to PA 1120-1, recommending controls will not adversely affect the internal auditor’s objectivity. Explanation for Choice B: According to PA 1120-1, recommending controls will not adversely affect the internal auditor’s objectivity. The auditor’s objectivity is considered impaired if the auditor designs, installs, drafts procedures for, or operates such systems. Explanation for Choice C: The internal audit activity should be able to evaluate the adequacy and effectiveness of controls encompassing the organization’s governance, operations, and information systems (Standard 2120.A1). 219 CORRECT ANSWER IS D . Its Explanation is Recommending standards of control for systems or reviewing procedures prior to implementation does not impair objectivity (PA 1120-1). Additionally, if the engagement is deemed to involve consulting services, objectivity is not required provided that any impairment thereof is disclosed to the client prior to acceptance of the engagement (Standard 1130.C2). See also IIA Practice Guide, Independence and Objectivity. INCORRECT CHOICES EXPLANATION Sub - Section II Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 39 An internal auditor assigned to audit a vendor’s compliance with product quality standards is the brother of the vendor’s controller. The auditor should: A. Notify the CAE of the potential conflict of interest. B. Accept the assignment, but disclose the relationship in the engagement final communication. C. Notify the vendor of the potential conflict of interest. D. Accept the assignment, but avoid contact with the controller during fieldwork. 220 Sub - Section II Independence and Objectivity ANSWER TO QUESTION NO. 39 Explanation for Choice B: Situations of potential conflict of interest or bias should be avoided, not merely disclosed. Explanation for Choice C: Conflicts of interest should be reported to the CAE, not the vendor or engagement client. Explanation for Choice D: Even if the auditor avoided contact with the controller, there would still be the appearance of conflict of interest. 221 CORRECT ANSWER IS A . Its Explanation is Practice Advisory 1130-1 states that internal auditors should report to the CAE any situations in which a conflict of interest or bias is present or may reasonably be inferred. INCORRECT CHOICES EXPLANATION Sub - Section II Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 40 In which of the following situations would an auditor potentially lack objectivity? A. An auditor reviews the procedures for a new electronic data interchange connection to a major customer before it is implemented. B. An auditor recommends standards of control and performance measures for a contract with a service organization for the processing of payroll and employee benefits. C. A former purchasing assistant performs a review of internal controls over purchasing four months after being transferred to the internal audit activity. D. A payroll accounting employee assists an auditor in verifying the physical inventory of small motors. 222 Sub - Section II Independence and Objectivity ANSWER TO QUESTION NO. 40 Explanation for Choice A: An internal auditor’s objectivity is not adversely affected when the auditor reviews procedures before they are implemented. Explanation for Choice B: An internal auditor’s objectivity is not adversely affected when the auditor recommends standards of control for systems before they are implemented. Explanation for Choice D: Use of staff from other areas to assist the internal auditor does not impair objectivity, especially when the staff is from outside the area being audited. 223 CORRECT ANSWER IS C . Its Explanation is Practice Advisory 1130.A1-1 states that persons transferred to the internal audit activity should not be assigned to audit those activities that they previously performed until at least one year has elapsed. INCORRECT CHOICES EXPLANATION Sub - Section II Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 41 In which of the following situations does the internal auditor potentially lack objectivity? A. An internal auditor recommends standards of control and performance measures for contracting with a service organization. B. Four months after being transferred to the internal audit activity, a former purchasing assistant performs a review of internal controls over purchasing. C. A payroll accounting employee assists an internal auditor in verifying the physical inventory of small motors. D. An internal auditor reviews the procedures for a new electronic data interchange connection for a customer before itis implemented. 224 Sub - Section II Independence and Objectivity ANSWER TO QUESTION NO. 41 Explanation for Choice A: This is not a potential impairment to the objectivity of the internal auditor. Explanation for Choice C: This is not a potential impairment to the objectivity of the internal auditor. Explanation for Choice D: This is not a potential impairment to the objectivity of the internal auditor. 225 CORRECT ANSWER IS B . Its Explanation is In order to maintain objectivity, an internal auditor should not be involved in an engagement in an area where they have worked in the past 12 months. In this situation, the internal auditor's objectivity would be impaired in respect to the purchasing department. INCORRECT CHOICES EXPLANATION Sub - Section II Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 42 When reviewing a report prepared by an internal auditor who has a personal friend employed in the area being audited, a chief audit executive's primary focus would be to ensure which of the following? A. The report is clearly worded and avoids unnecessary detail, redundancy, and wordiness. B. The report is fair, impartial, and unbiased. C. The report is easily understood and findings are presented in a logical manner. D. The report is free from errors and misstatements. 226 Sub - Section II Independence and Objectivity ANSWER TO QUESTION NO. 42 Explanation for Choice A: While this will be reviewed, this is not the primary focus of the review in this situation. Explanation for Choice C: While this will be reviewed, this is not the primary focus of the review in this situation. Explanation for Choice D: While this will be reviewed, this is not the primary focus of the review in this situation. 227 CORRECT ANSWER IS B . Its Explanation is When there are concerns about the objectivity of the internal auditor, the primary focus during the review of the report will be making certain that the report is fair, impartial and unbiased. The other choices will also be addressed, but in this situation, the fairness, impartiality and being unbiased are the most important considerations. INCORRECT CHOICES EXPLANATION Sub - Section II Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 43 According to the International Professional Practices Framework, the independence of the internal audit activity is achieved through: A. Human relations and communications. B. Organizational status and objectivity. C. Staffing and supervision. D. Continuing professional development and due professional care. 228 Sub - Section II Independence and Objectivity ANSWER TO QUESTION NO. 43 Explanation for Choice A: Human relations and communications relate to the professional proficiency of the internal auditor. Explanation for Choice C: Staffing and supervision relate to the professional proficiency of the internal audit activity. Explanation for Choice D: Continuing professional development and due professional care relate to the professional proficiency of the internal auditor. 229 CORRECT ANSWER IS B . Its Explanation is According to Practice Advisory 1110-1, organizational status and objectivity permit members of the internal audit activity to render the impartial and unbiased judgments essential to the proper conduct of engagements. INCORRECT CHOICES EXPLANATION 230 Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 131 Which one of the following is not included in the internal audit charter? A. Risk assessment of the internal audit activity. B. Authority of the internal audit activity. C. Responsibility of the internal audit activity. D. Purpose of the internal audit activity. 489 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 131 Explanation for Choice B: The appropriate contents of the internal audit charter are the purpose, authority, and responsibility of the internal audit activity. Explanation for Choice C: The appropriate contents of the internal audit charter are the purpose, authority, and responsibility of the internal audit activity. Explanation for Choice D: The appropriate contents of the internal audit charter are the purpose, authority, and responsibility of the internal audit activity. 490 CORRECT ANSWER IS A . Its Explanation is A risk assessment is not appropriate for inclusion in the internal audit charter. INCORRECT CHOICES EXPLANATION Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 132 After the chief audit executive receives approval from the board to offer consulting services, what should be done? A. The internal audit charter should be amended. B. The CAE should get approval from the internal auditors. C. The CAE should begin performing consulting services. D. The board should develop appropriate policies and procedures for conducting such engagements. 491 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 132 Explanation for Choice B: The CAE does not need to get additional approval from the internal auditors. Only board approval is required. Explanation for Choice C: After the CAE receives board approval, the internal audit charter must be amended and the CAE must establish policies and procedures. Explanation for Choice D: The CAE must establish policies and procedures to guide the internal audit activity. 492 CORRECT ANSWER IS A . Its Explanation is The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter (Attr. Std. 1000). The nature of consulting services must be defined in the internal audit charter. INCORRECT CHOICES EXPLANATION Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 133 The internal audit charter includes all of the following except A. The nature of the chief audit executive’s relationship with the board. B. The internal auditor’s responsibility to provide assurance and consulting services. C. The organization’s core values, mission, and vision statements. D. A formal definition of the purpose, authority, and responsibility of the internal audit activity. 493 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 133 Explanation for Choice A: The nature of the chief audit executive’s functional reporting relationship with the board is defined in the internal audit charter. This includes the CAE’s functional and administrative reporting lines and the level of authority required for the internal audit activity to perform engagements and fulfill its agreed-upon objectives and responsibilities. Explanation for Choice B: The internal audit charter for the internal audit activity defines the internal audit activity’s purpose, authority, and responsibility. The internal audit activity’s responsibility to provide the organization with assurance and consulting services is defined in the internal audit charter. Explanation for Choice D: The internal audit charter includes a formal definition of the purpose, authority, and responsibility of the internal audit activity. The internal audit charter should be discussed among the CAE, senior management, and the board to mutually agree upon (1) the internal audit objectives and responsibilities and (2) the expectations for the internal audit activity. 494 CORRECT ANSWER IS C . Its Explanation is The core values, mission, and vision statements of the organization are not included in the internal audit charter. The interpretation of Standard 1000, defines the internal audit charter as “a formal document that defines the internal audit activity’s purpose, authority, and responsibility. The internal audit charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities. Final approval of the internal audit charter resides with the board.” INCORRECT CHOICES EXPLANATION Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 134 The chief audit executive (CAE) is best defined as the A. Inspector general. B. Person responsible for overseeing the contract with the outside provider of internal audit services. C. Outside provider of internal audit services. 495 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 134 Explanation for Choice A: The specific job title of the chief audit executive may vary across organizations (The IIA Glossary). Explanation for Choice B: The term “chief audit executive” is defined broadly because (1) the internal audit activity may be insourced or outsourced and (2) many different titles are used in practice. Explanation for Choice C: The internal audit activity may be insourced. 496 CORRECT ANSWER IS D . Its Explanation is The CAE is a person in a senior position responsible for effectively managing the internal audit activity in accordance with the internal audit charter and the mandatory elements of the IPPF (The IIA Glossary). INCORRECT CHOICES EXPLANATION Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 135 Which of the following is not appropriate for inclusion in the internal audit charter? A. The nature of the chief audit executive’s functional reporting relationship with the board. B. Authorization of internal audit access to records, personnel, and physical properties. C. Authorization of the board to approve the charter. D. Definition of the scope of internal audit activities. 497 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 135 Explanation for Choice A: The nature of the chief audit executive’s functional reporting relationship with the board is one of the elements to be included in the internal audit charter. Explanation for Choice B: Authorization of internal audit access to records, personnel, and physical properties is one of the elements to be included in the internal audit charter. Explanation for Choice D: Definition of the scope of internal audit activities is one of the elements to be included in the internal audit charter. 498 CORRECT ANSWER IS C . Its Explanation is Final approval of the internal audit charter resides with the board. The board has this power inherently. INCORRECT CHOICES EXPLANATION Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 136 The organizational position of the internal audit activity should be free from the effects of irresponsible policy changes by management. The most effective way to ensure that freedom is to A. Develop written policies and procedures to serve as standards of performance for the internal audit activity. B. Establish an audit committee within the board. C. Adopt policies for the functioning of the internal audit activity. D. Have the internal audit charter approved by the board. 499 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 136 Explanation for Choice A: Written policies and procedures serve to guide the internal auditor but have little effect on management. Explanation for Choice B: The establishment of an audit committee alone does not ensure the status of the internal audit activity. Explanation for Choice C: Adoption of policies for the functioning of the internal audit activity does not protect its organizational position. 500 CORRECT ANSWER IS D . Its Explanation is The internal audit charter is a formal document that defines the internal audit activity’s purpose, authority, and responsibility. Final approval of the internal audit charter resides with the board (Inter. Std. 1000). INCORRECT CHOICES EXPLANATION Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 137 Which one of the following must be included in the internal audit charter? A. Number of full-time internal audit employees deemed to be the necessary minimum. B. Internal audit responsibility. C. Internal audit objectivity. D. Chief audit executive’s compensation plan. 501 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 137 Explanation for Choice A: The staffing of the internal audit activity is determined by the CAE and the board; it is not an appropriate matter to include in the internal audit charter. Explanation for Choice C: Objectivity is an attribute of individual auditors and is not included in the internal audit charter. Explanation for Choice D: The CAE’s compensation plan is not an appropriate matter to include in the internal audit charter. 502 CORRECT ANSWER IS B . Its Explanation is The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter. INCORRECT CHOICES EXPLANATION Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 138 The chief audit executive has assigned an internal auditor to perform a year-end engagement to evaluate payroll records. The internal auditor has contacted the director of compensation and has been refused access to necessary documents. To avoid this problem, A. Internal auditing should be required to report to the CEO of the organization. B. Access to records relevant to performance of engagements should be specified in the internal audit activity’s charter. C. Board approval should be required for all scope limitations. D. By following the long-range planning process, access to all relevant records should be guaranteed. 503 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 138 Explanation for Choice A: The internal audit activity need not report to a specific individual in the organization, although reporting administratively to the CEO is desirable. Explanation for Choice C: The internal audit activity must inform the board of any scope limitations, but the board’s approval is not required. Explanation for Choice D: Following the long-range planning process provides no guarantee of access. 504 CORRECT ANSWER IS B . Its Explanation is Specific guidelines are written in the internal audit activity’s charter authorizing access to records, personnel, and physical properties relevant to the performance of engagements (Inter. Std. 1000). Such provisions reduce the likelihood of scope limitations. INCORRECT CHOICES EXPLANATION Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 139 Internal auditing has planned an engagement to evaluate the effectiveness of the quality assurance function as it affects the receipt of goods, the transfer of the goods into production, and the scrap costs related to defective items. The engagement client argues that such an engagement is not within the scope of the internal audit activity and should come under the purview of the quality assurance department only. What is the most appropriate response? A. Because quality assurance is a new function, seek the approval of management as a mediator to set the scope of the engagement. B. Terminate the engagement because it will not be productive without the client’s cooperation. C. Indicate that the engagement will evaluate the function only in accordance with the standards set by, and approved by, the quality assurance function before beginning the engagement. D. Refer to the internal audit activity’s charter and the approved engagement plan that includes the area designated for evaluation in the current time period. 505 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 139 Explanation for Choice A: The engagement client does not determine the scope of this type of assurance engagement. A scope limitation imposed by the client might prevent the internal audit activity from achieving its objectives. Explanation for Choice B: The internal auditors must conduct the engagement and communicate any scope limitations to management and the board. Explanation for Choice C: Other objectives may be established by management and the internal auditors. The engagement is not limited to the specific standards set by the quality assurance department. It considers such standards in the development of the engagement program. 506 CORRECT ANSWER IS D . Its Explanation is The written charter, approved by the board, defines the scope of internal audit activities. INCORRECT CHOICES EXPLANATION Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 140 To prevent misunderstandings, engagement clients must A. Define the level of authority required by internal auditors for each engagement. B. Authorize access to records, personnel, and physical properties relevant to the engagement. C. Be informed of the internal audit activity’s purpose, authority, and responsibility. D. Establish the internal audit activity’s position within the organization. 507 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 140 Explanation for Choice A: The level of authority required for each engagement within the internal audit activity is mutually agreed upon by the CAE, senior management, and the board, and is defined in the internal audit charter. Explanation for Choice B: Engagement clients do not authorize the internal auditor’s activity but must be informed of the internal auditor’s authority. The internal audit charter authorizes access to records, personnel, and physical properties relevant to the performance of engagements. Final approval of the internal audit charter resides with the board. Explanation for Choice D: The internal audit charter, not the engagement client, establishes the internal audit activity’s position within the organization. 508 CORRECT ANSWER IS C . Its Explanation is Engagement clients must be informed of the internal audit activity’s purpose, authority, and responsibility to prevent misunderstandings about access to records and personnel. The CAE, senior management, and the board mutually agree upon the internal audit charter. The charter defines (1) the internal audit objectives and responsibilities and (2) the expectations for the internal audit activity. INCORRECT CHOICES EXPLANATION Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 141 The transportation department of a publicly held company has asked the internal audit activity to review the design specifications for a proposed new warehouse and repair facility. The best reason for the internal audit activity to decline the request is A. The CEO and the head of the transportation department are neighbors and belong to the same social clubs. B. The transportation department’s budget is immaterial to the organization’s total budget. C. Such a review does not fall within the authority granted in the internal audit charter. D. The internal audit activity performed a thorough review of the transportation department the previous year. 509 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 141 Explanation for Choice A: An attitude of independence is required for internal auditors, not for auditees and management. Explanation for Choice B: Internal audit engagements are scheduled based on a risk assessment, only one of the elements of which is monetary materiality. Explanation for Choice D: Internal audit engagements are scheduled based on a risk assessment, not simply time elapsed since the last engagement. 510 CORRECT ANSWER IS C . Its Explanation is The internal audit activity’s purpose, authority, and responsibility are specifically granted in the form of a written charter approved by the board. INCORRECT CHOICES EXPLANATION Sub - Section III Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 142 An element of authority that must be included in the charter of the internal audit activity is A. Identification of the organizational units where engagements are to be performed. B. Access to records, personnel, and physical properties relevant to the performance of engagements. C. Identification of the types of disclosures that should be made to the board. D. Access to the external auditor’s engagement records. 511 Sub - Section III Proficiency and Due Professional Care ANSWER TO QUESTION NO. 142 Explanation for Choice A: The audit schedule is based on a risk assessment; it is thus inappropriate to designate specific engagement areas in the internal audit charter. Explanation for Choice C: Disclosure to the board is an obligation, not an element of authority. Explanation
Mais conteúdos dessa disciplina
Tecnologia de preparação dos alimentos- Erros e Acertos em Licitação - Resumo
- Qualidade do Relatório de Auditoria
- 01 - Conceitos Iniciais Objetivos Gerais Normas Profissionais
- O Escandalo Satyam - Resumo
- Simulado_ AUDITORIA CONTÁBIL AVANÇADA - ON
- AVALIAÇÃO AUDITORIA EM ORGANIZAÇÕES, SISTEMAS E PROCESSOS DE SAÚDE
- Atividade Online 2 - Auditoria Contábil e de Sistemas
- Atividade Online 1 - Auditoria Contábil e de Sistemas
- Fundamentos de Auditoria Contábil
- AULA 3 Compliance - Governanca, Risco e Compliance
- Auditoria - Novo
- Qual o nome dos documentos em que os auditores devem registrar seus apontamentos que suportarão o Relatório de Auditoria? A Testes Substantivos. ...
- Sobre a interpolação bicúbica em imagens para aumento de resolução, analise as afirmativas a seguir e assinale-as com V (verdadeiro) ou F (falso): ( )
- O plano de auditorias é um cronograma que, basicamente, estabelece a frequência e responsabilidade pela sua execução. As informações para o plano das
- quais comprovante de residencia consigo tirar somente com o cpf
- NOME DADO A CONCLUSÃO DE TRABALHO DO PERITO JUDICIAL, É DENOMINADO: Question 3Select one: a. Relatório de auditoria b. Relatório de Conformidade c. Re
- Como é dividido o conteúdo do relatório de auditoria? Opções de resposta para questão 8 A) Capa, introdução, resumo executivo, terminologia utilizada
- A prova possui 10 questões com média de 6 para aprovação, essa é a sua 1ª tentativa 01:59:55 Questão 1 Em auditoria de qualidade, quando o auditor dep
- Questão 06 A NBC TA 700 traz em seu texto, editado em 17 de junho de 2016, a estrutura formal na construção do relatório dos auditores independente...
- Questão 04 A auditoria segue algumas fases necessárias para conduzir o trabalho do profissional contábil. A fase inicial da auditoria é conhecida c...
- Com relação à paramentação cirúrgica, assinale a afirmativa correta a seguir: Escolha uma opção: a. O avental estéril deve cobrir apenas a parte f...
- quais sao as evidencias de atributos de auditoria do tcu
- Segundo as Normas de Auditoria do Tribunal de Contas da União (TCU), a evidência de auditoria deve possuir atributos específicos para fundamentar adeq
- Auditoria externa conhecida também como auditoria independente, são executadas por outras organizações, executadas por pessoas externas à companhia...
- sap-isu-fica-configurations
- Gestão Pública e Contabilidade