According to the International Professional Practices Framework,risk is:
I.Defined as the negative effect of events that are expected to occur.
II.Measured in terms of consequences.
III.Measured in terms of likelihood.

A.

Ionly

B.

I and IIonly

C.

 II and IIIonly

D.

I,II,and III.

Which of the following is not true with regard to the internal audit charter?

A.

It defines the authorities and responsibilities of the internal audit activity.

B.

It specifies the minimum resources needed for the internal audit activity.

C.

It provides a basis for evaluating the internal audit activity.

D.

It should be approved by senior management and the board.

When developing an effective risk-based plan to determine audit priorities,an internal audit
activity should start by:

A.

Identifying risks to the organization's operations.

B.

Observing and analyzing controls.

C.

Prioritizing known risks.

D.

Reviewing organizational objectives.

Continuing Professional Education (CPE) hours for Certified Internal Auditors may be achieved by:

A.

Attending audit staff meetings.

B.

 Verifying that all completed audit tests are fully documented.

C.

Publishing an article on the company's internal audit department.

D.

Obtaining experience on the job.

Which of the following would provide the best assessment of an organization's ethical climate?

A.

Number of years that directors have been appointed to the board.

B.

Evidence of training provided to the board of directors on ethical issues.

C.

Clarity and consistency of consequences imposed by the board of directors for ethical violations.

D.

Frequency of fraud reported and results of subsequent investigations.

When an external auditor unknowingly fails to modify an opinion on financial statements
that are materially misstated,this is an exampleof:

A.

 An inherent risk.

B.

 A control risk.

C.

 An audit risk.

D.

 A residual risk.

The audit committee has asked the chief audit executive (CAE) to assist in the selection of
a new external audit firm. Which of the following is an appropriate action by the CAE?

A.

The CAE and two managers from the audit staff review the bids and select one firm to
meet with the audit committee for the committee's approval.

B.

The CAE develops a formal set of criteria for the audit committee to use in selecting the external auditor.

C.

The CAE,chief financial officer,and controller review the bids,interview two firms,and
recommend one of the two firms to the audit committee for its approval.

D.

The CAE declines to participate in the process because providing this assistance would
result in compromising the internal audit activity's objectivity.

A company has entered into a $20,000,000 fixed-price contract with a general contractor
for the construction of a new retail outlet. For this contract,which of the following would
represent the greatest risk?

A.

Excessive labor charged to the project.

B.

Poor physical protection of materials and equipment.

C.

Failure to complete the project within budget.

D.

Substitution of inferior materials.

To enhance the independence of both the internal and external audit functions,audit
committees should be composed of:

A.

A rotating subcommittee of the board of directors or its equivalent.

B.

A combination of external members of the board of directors and company officers.

C.

Members from all important constituencies,specifically including representatives from
banking,labor,regulatory agencies,shareholders,and officers.

D.

Only external members of the board of directors or other similar oversight committees.

In a manufacturing company,which department would be the internal audit activity's most
reliable source of information on the controls over minimizing defective goods?

A.

Manufacturing.

B.

Quality control.

C.

Research and development.

D.

Inventory management.

Which of the following elements is important for an internal auditor to consider when
performing a privacy risk assessment of an organization?
I.Areas where personal information is collected,used,stored,and disseminated.
II.Inherent risk.
III.Privacy practices of competitors.
IV.Third-party recipients of information.

A.

IIIonly

B.

I and IIonly

C.

I,II,and IVonly

D.

I,II,III,and IV.

In a well-developed management environment,the internal audit activitywould.

A.

Report the results of audit engagements to line management as well as to senior management.

B.

Conduct regularly scheduled audits of existing systems and initial audits of new computer systems after they have begun operating.

C.

Interface primarily with senior management,minimizing interactions with line managers
who are the subjects of internal audit work.

D.

Focus on the maintenance of accounting controls (such as segregation of the duties of
authorization,recording,and custody) and report results to the audit committee.