Topic 2, Volume B
Which statement most accurately describes how criteria are established for use by internal
auditors in determining whether goals and objectives have been accomplished?
A.
Management is responsible for establishing the criteria.
B.
Internal auditors should use professional standards or government regulations to establish the criteria.
C.
The industry in which a company operates establishes criteria for each member
company through benchmarks and best practices for that industry.
D.
Appropriate accounting or auditing standards,including international standards,should be
used as the criteria.
Management is responsible for establishing the criteria.
An organization receives the most value from an internal audit activity's enterprise-wide risk
assessment when the auditor:
A.
Focuses primarily on enterprise-level risks.
B.
Considers activities at all levels of the organization.
C.
Reviews special projects and new initiatives.
D.
Validates supporting financial and operational data.
Considers activities at all levels of the organization.
The audit process used by the internal audit activity of a large wholesale clothing company
does not include an engagement letter or project approval document. The most serious
consequence of this deficiency in the process is thatthe:
A.
Audit schedule may not be optimal from the engagement client's perspective.
B.
Audit objectives may not be understood by management of the area being audited.
C.
Audit resources may not be sufficient.
D.
Audit plan priority may have changed.
Audit objectives may not be understood by management of the area being audited.
The chairperson of an organization's audit committee has obtained a risk management
report that identifies significant industry concerns that impact the organization. The
chairperson has asked the chief audit executive (CAE) to review these concerns and
advise if they are relevant to the organization. How should the CAE respond?
A.
Accept the engagement but communicate only with the audit committee to protect the
confidentiality of the request.
B.
Decline the engagement because it is outside of the scope of the internal audit charter.
C.
Decline the engagement because it impairs the internal audit activity's independence.
D.
Accept the engagement but inform senior management of the request.
Accept the engagement but inform senior management of the request.
When a risk assessment process has been used to construct an audit engagement
schedule,which of the following should receive attention first?
A.
The external auditors have requested assistance for their upcoming annual audit.
B.
A new accounts payable system is currently undergoing testing by the information
technology department.
C.
Management has requested an investigation of possible lapping in receivables.
D.
The existing accounts payable system has not been audited over the past year.
Management has requested an investigation of possible lapping in receivables.
A major difference between enterprise risk management and traditional risk management
lies in the narrow focus of traditional risk management on:
I.Property and liability risks.
II.Risks with insurance solutions.
III.Risks impacting organizational objectives.
A.
I and IIonly
B.
I and IIIonly
C.
II and IIIonly
D.
I,II,and III.
I and IIonly
A chief audit executive used risk assessment to prepare the audit work schedule. Which of
the following would be the least appropriate reason to modify the schedule?
A.
Need for coordination of audit activities with the external auditors.
B.
Request for postponement since the audit would be too complicated.
C.
Change in the relative risk of auditable activities during the year.
D.
Budget constraints or expansions.
Request for postponement since the audit would be too complicated.
The percentage of orders that are rush orders and the percentage of returns to total orders
are examples of which of the following types of control activities?
A.
Quality control monitoring.
B.
Direct functional management.
C.
Benchmarking.
D.
Performance indicators.
Performance indicators.
The internal audit activity's role in the risk assessment and management processes of an
organization is determined bythe:
A.
Board of directors.
B.
Chief audit executive.
C.
Risk management department.
D.
External auditors.
Board of directors.
If management has not established a risk management process,the internal audit activitycould.
A.
Take a proactive role that supplements traditional assurance activities.
B.
Identify and mitigate risks to the organization.
C.
Assume responsibility for the management of identified risks.
D.
Assume primary responsibility for determining if adequate and effective processes are in place.
Take a proactive role that supplements traditional assurance activities.
Which of the following processes should be included in a benchmarking activity?
I.Identify key measures.
II.Collect data on performances and practices.
III.Identify opportunities for improvement.
A.
IIonly
B.
I and IIIonly
C.
II and IIIonly
D.
I,II,and III.
I,II,and III.
The primary objective of risk-based auditing is to assessthe:
A.
Economy of controls.
B.
Compliance with controls.
C.
Adequacy of controls.
D.
Efficiency of controls.
Adequacy of controls.
| Page 14 out of 48 Pages |
| Previous |