An internal audit activity encounters a scope limitation from senior management that will
affect its ability to meet its goals and objectives for a potential engagement client. The
nature of the scope limitation shouldbe.

A.

Noted in the audit workpapers,but the engagement should be carried out as
scheduled,with any necessary adjustments made based on the scope limitation.

B.

Communicated to the external auditors so that they can investigate the area in more detail.

C.

Communicated,preferably in writing,to the board.

D.

Communicated to management,stating that the limitation will not be accepted because it
would impair the audit activity's independence.

Which of the following is a key performance indicator for an internal audit function?

A.

Audit expenditures compared to financial budgets.

B.

Percent of required continuing education hours completed.

C.

Implementation of new audit computer software.

D.

Frequency of meetings with the board members.

Which of the following controls would most likely prevent the input of an unreasonable
number of labor hours into a costing system?

A.

Recalculation tests during processing.

B.

Programmed limit tests of input fields.

C.

Reconciliation of input control totals.

D.

Consistency checks of data in input fields.

Which of the following lists these audit steps in the correct chronological order?
I.Create the engagement work program.
II.Conduct the exit conference.
III.Perform fieldwork.
IV.Schedule the audit engagement.
Issue a summary report of audit findings.

A.

I,IV,III,II,V.

B.

I,IV,II,III,V.

C.

IV,I,III,II,V.

D.

IV,III,I,V,II.

Risk assessments can vary in format,but generallyinclude.
I.A description of identified risks.
II.Tests of audit controls.
III.A system of rating risks.
IV.Sample size identification.

A.

I and IIonly

B.

I and IIIonly

C.

I,III,and IVonly

D.

II,III,and IVonly

Some of a company's payroll transactions were batch posted to the payroll file but were not
uploaded correctly to the general ledger file on the mainframe. The best control to detect
this type of error wouldbe.

A.

Edit controls on the payroll file.

B.

Appropriate segregation of duties for batch approval.

C.

Validation of hash totals.

D.

Reconciliation of paychecks to the bank account.

A tax consultancy agency retains sensitive personal information regarding its clients. Which
of the following is a violation of acceptable privacy practices?

A.

Copies of printed client information not used by the agency are shredded.

B.

 Employees share client information with coworkers with the permission of the client.

C.

The agency only releases client information with management's approval.

D.

The agency advises clients of their privacy rights before they commence business with the agency.

When reviewing management reports to the board of directors,the internal audit activityshould:

A.

Evaluate the process used to prepare the management reports.

B.

 Maintain supporting documentation for the management reports.
 

C.

Tie all financial numbers in the reports to the general ledger.

D.

Compare to prior-period reports for consistency.

Internal auditors can benefit from a strong relationship with the external auditors because external auditors can:

A.

Provide internal auditors with an independent and knowledgeable viewpoint.

B.

Concur with the internal auditors' reports and thus improve the quality of assurance
provided to management.

C.

Increase the effectiveness of internal control sampling techniques.

D.

Assist the internal auditor by providing information obtained from similar audits with other clients.

Which of the following is true with respect to the risk assessment process?

A.

The ethical climate should not be included since this factor cannot be measured quantitatively.

B.

More than one risk factor may have to be used to ensure that the risk assessment is comprehensive.

C.

Each risk factor should be given equal weighting in order to reduce the opportunity for bias.

D.

The risk assessment process should be conducted at least every three years.

When reviewing operational risk for a department whose manager adopts a laissez-faire
style of leadership,it is most important for the internal auditor to verify that:

A.

Employee decisions follow department and company guidelines.

B.

The manager considers employees' input when designing new procedures.

C.

Employees are empowered to deal with unusual or emergency situations.

D.

Management has adopted an open-door policy to assist with communication.

Which of the following statements regarding organizational governance is not correct?

A.

An effective internal audit function is one of the four cornerstones of good governance.

B.

Those performing governance activities are accountable to the customer.

C.

Accountability is one of the key elements of organizational governance.

D.

Governance principles and the need for an internal audit function are applicable to
governmental and not-for-profit activities.