Free IIA-CHAL-QISA Practice Test Questions 2026

Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?
1.Ensure encryption keys meet ISO standards.
2.Determine whether an independent review of the service provider's operation has been conducted.
3.Verify that the service provider's contracts include necessary clauses.
4.Verify that only public-switched data networks are used by the service provider

A. 1 and 3.

B. 1 and 4

C. 2 and 3.

D. 2 and 4.

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

A. Residual

B. Net

C. inherent.

D. Accepted.

In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?

A. The CAE previously undertook a consulting assignment in that area to improve processes.

B. A couple of years ago, the CAE performed accounting functions for the payroll department.

C. Prior to becoming the CAE, the CAE was the payroll manager.

D. The assurance review was initiated following issues identified during a consulting assignment requested by management.

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9

A. Mitigating risks affecting achievement of organizational objectives.

B. Enabling opportunities affecting achievement of organizational objectives.

C. Analyzing and advising regarding costs versus benefits of control activities.

D. Attesting to fairness of financial statements

An internal auditor observed that sales staff are able to modify or cancel an order in the system prior to shipping She wonders whether they can also modify orders after shipping. Which of the following types of controls should she examine?

A. Batch controls.

B. Application controls

C. General IT controls.

D. Logical access controls

Organizations that adopt just-in-time purchasing systems often experience which of the following?

A. A slight increase in carrying costs.

B. A greater need for inspection of goods as the goods arrive

C. A greater need for linkage with a vendors computerized order entry system.

D. An Increase in the number of suitable suppliers

A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days What conditions would an auditor look for as an Indicator of employee theft of food from a specific store?

A. On a rainy day. total sales are greater than expected when compared to the cost of ingredients used

B. On a sunny day. total sales are less than expected when compared to the cost of ingredients used.

C. Both total sales and cost of ingredients used are greater than expected.

D. Both total sales and cost of ingredients used are less than expected.

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

A. An independent third party has assessed the organization's system of internal controls to be adequate and effective.

B. The chief audit executive reports both functionally and administratively to the CEO

C. The internal audit charter is drafted properly and approved by the appropriate parties.

D. The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives

Which of the following is most likely to be considered a control weakness?

A. Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B. Purchase orders are typed by the purchasing department using prenumbered forms

C. Buyers promptly update the official vendor listing as new supplier sources become known.

D. Department managers initiate purchase requests that must be approved by the plant superintendent

Which of the following could increase risks to the organization’s control environment?

A. Strong board of directors oversight.

B. Incentive-based compensation structures

C. Lower than average employee turnover.

D. Implementation of a fraud hotline

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

A. increased access to the organization's employees.

B. Increased ability to preserve evidence and the chain of command.

C. Increased ability to scrutinize the organization's key business processes.

D. increased access to the organization's software and proprietary data.

If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable resolution?

A. Politely decline the engagement due to a lack of qualified staff available at the time.

B. Complete the engagement as requested, with the best of the current staff’s abilities.

C. Consider using employees from other departments in the organization on the audit team.

D. Change the scope of the testing to ensure that only available staff proficiencies are used