Free IIA-ACCA Practice Test Questions 2026

Which of the following best describes the four components of a balanced scorecard?

A. Customers, innovation, growth, and internal processes.

B. Business objectives, critical success factors, innovation, and growth.

C. Customers, support, critical success factors, and learning.

D. Financial measures, learning and growth, customers, and internal processes.

Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?

A. To evaluate controls regarding the computer security of an oil refinery.

B. To examine the processes involved in exploring, developing, and operating a gold mine.

C. To assess the likelihood and impact of events associated with operating a finished goods warehouse.

D. To link a financial institution's business objectives to a work unit responsible for the associated risk.

During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?

A. The audit supervisor should include the new contracts in the finding for the final audit report.

B. The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.

C. The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.

D. The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.

Which of the following is an appropriate role for the internal audit activity with regard to the organization's risk management program?

A. Identify and manage risks in line with the organization's risk appetite.

B. Ensure that a proper and effective risk management process exists.

C. Attain an adequate understanding of the organization's key risk mitigation strategies.

D. Identify and ensure that appropriate controls exist to mitigate risks.

Which of the following has the greatest effect on the efficiency of an audit?

A. The complexity of deficiency findings.

B. The adequacy of preliminary survey information.

C. The organization and content of workpapers.

D. The method and amount of supporting detail used for the audit report.

An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?

A. Inform the audit supervisor.

B. Investigate the potential conflict of interest.

C. Inform the external auditors of the potential conflict of interest.

D. Disregard the potential conflict, because it is outside the scope of the audit assignment.

An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

A. Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.

B. Confirm the decision with management and document this decision in the audit file.

C. Document the issue in the audit file and follow up until the issues are resolved.

D. Initiate an assurance engagement on the unresolved issues.

Which of the following statements is false regarding audit criteria?

A. Audit criteria should be consistent across audit assignments.

B. Audit criteria should represent reasonable standards against which to assess existing conditions.

C. Audit criteria should provide flexibility but allow identification of nonadherence.

D. Audit criteria should equate to good or acceptable management practices.

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

A. Senior management is charged with overseeing the establishment risk management and control processes.

B. The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C. Operating managers are responsible for assessing risks and controls in their departments.

D. Internal auditors provide assurance about risk management and control process effectiveness.

Which of the following factors should a chief audit executive consider when determining the audit universe?

1. Components of the organization's strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.

A. 1 and 2 only

B. 2 and 4 only

C. 1, 2, and 4

D. 2, 3, and 4

An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?

A. Analytical procedures.

B. Detail testing.

C. Test of design.

D. Test of control.

A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?

A. Operational management, because they are responsible for the day-to-day management of the operational risks.

B. The CRO, because he is responsible for coordinating and project managing risk activities based on his specialized skills and knowledge.

C. The chief audit executive, although he is not accountable for risk management in the organization.

D. The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed tolerance limits set by the board.