Free IIA-ACCA Practice Test Questions 2026

An internal audit charter should do which of the following?

A. Outline the schedule of future audits.

B. Define the scope of internal audit activities.

C. Establish the size of the internal audit activity.

D. Communicate the internal audit activity's goals.

Which of the following is an example of a directive control?

A. Segregation of duties.

B. Exception reports.

C. Incentive compensation plans.

D. Automated reconciliations.

A chief audit executive (CAE) is reviewing the internal audit activity's performance and is concerned that the average number of revisions to findings is steadily rising, making it increasingly difficult to trace the finding to the supporting evidence and workpapers.
According to MA guidance, which of the following elements of the internal audit activity's quality assurance and improvement program would provide the CAE with the most helpful insight into the cause of this problem?

A. The overall effectiveness of the internal audit activity's periodic self assessments.

B. The type of audit productivity and performance statistics reported.

C. The adequacy of the day-to-day supervision and review process.

D. The scope and frequency of external assessments.

If appropriate safeguards exist, which of the following is considered a legitimate internal audit role within risk management at an organization?

A. Imposing risk management processes.

B. Providing consolidated reporting on risks.

C. Taking accountability for risk management.

D. Making decisions on risk responses.

Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook. Which of the following handbook policies has the greatest risk of compromising audit objectivity?

A. Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related.

B. Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization's operations.

C. Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board.

D. Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer.

According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor's need for objectivity?

A. An internal auditor assessed the effectiveness of controls over payroll software, which he had helped implement with a previous employer.

B. An internal auditor participated in an audit of controls around absenteeism, despite providing some consultation on controls in this area earlier in the year.

C. An internal auditor performed an assurance engagement for the effectiveness of accounts payable access controls, one of which he previously helped to design.

D. An internal auditor, previously employed in the quality assurance operations area, performed a consulting engagement for the operations manager.

Which of the following types of fraud includes embezzlement?

A. Fraudulent statements.

B. Bribery.

C. Misappropriation of assets.

D. Corruption.

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

A. Leadership.

B. Documentation.

C. Analysis.

D. Reporting.

A new internal audit activity is creating its first charter. According to IIA guidance, which of the following objectives would be appropriate for inclusion in the charter?

A. Continuously monitor the organization's overall risk activities in relation to its risk appetite.

B. Evaluate the adequacy and effectiveness of the organization's governance activities.

C. Oversee the establishment and administration of an effective risk management program.

D. Assist management in implementing recommended control improvements.

An internal auditor is conducting an assessment of the organization's fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?

1. The organization uses an automated authority approval matrix to control payments.
2. The organization has a whistleblower hotline that is available to employees.
3. Annually, every manager completes a comprehensive fraud assessment of his or her department.
4. Annually, the organization reviews and communicates the code of expected behavior.

A. 1 and 2.

B. 1 and 3.

C. 2 and 3.

D. 2 and 4.

Which of the following is a requirement for an assurance engagement that may not be for a consulting engagement?

A. The internal audit activity has to ensure team members' objectivity is not impaired.

B. Auditors cannot participate in an assurance engagement of a function for which they previously performed a consulting engagement.

C. The scope and objective of the engagement is agreed upon based on the engagement client's needs.

D. The internal audit activity must ensure management actions have been implemented effectively or risk accepted.

The security department uncovered what appears to be a complex fraud in the accounting department. The CEO has requested the internal audit activity to investigate the fraud. If the internal audit staff lacks the expertise to conduct the investigation, how should the chief audit executive proceed?

A. Disclose the deficiency, and request that the investigation be reassigned to the first line of defense.

B. Proceed with the investigation, as internal auditors are not required to have fraud expertise.

C. Outsource the sensitive investigation to a third-party consultant with fraud expertise.

D. Select a member of the accounting department who is not involved in the fraud to join the investigation team in a consulting capacity.