Which of the following is not an appropriate role for internal auditors after a disaster occurs?

A.

Monitor the effectiveness of the recovery and control of operations.

B.

Correct deficiencies of the entity's business continuity plan.

C.

Recommend future improvements to the entity's business continuity plan.

D.

Assist in the identification of lessons learned from the disaster and the recovery operations.

Organizations that use a highly structured command-and-control management approach
are at greater risk of:

A.

Delayed response due to the inability to reach consensus among decision makers.

B.

Negative consequences that result from lower-level staff's unwillingness to confront errors by superiors.

C.

Erosion of staff morale due to perceptions of ineffective leadership.

D.

Waste and abuse of organizational resources resulting from management override of controls.

Which of the following would be the best source of information for a chief audit executive to
use in planning future audit staff requirements?

A.

Discussions of audit needs with executive management and the audit committee.

B.

Review of audit staff education and training records.

C.

Review of audit staff size and composition of similar-sized companies in the same industry.

D.

Interviews with existing audit staff.

Which of the following best describes the most important criteria when assigning
responsibility for specific tasks required in an audit engagement?

A.

Auditors must be given assignments based primarily upon their years of experience.

B.

All auditors assigned an audit task must have the knowledge and skills necessary to
complete the task satisfactorily.

C.

Tasks must be assigned to the audit team member who is most qualified to perform them.

D.

All audit team members must have the skills necessary to satisfactorily complete any
task that will be required in the audit engagement.

An internal auditor is assigned to conduct an audit of security for a local area network
(LAN) in the finance department of the organization. Investment decisions,including the use
of hedging strategies and financial derivatives,use data and financial models which run on
the LAN. The LAN is also used to download data from the mainframe to assist in decisions.
Which of the following should be considered outside the scope of this security audit engagement?

A.

Investigation of the physical security over access to the components of the LAN.

B.

The ability of the LAN application to identify data items at the field or record level and
implement user access security at that level.

C.

Interviews with users to determine their assessment of the level of security in the system
and the vulnerability of the system to compromise.

D.

The level of security of other LANs in the company which also utilize sensitive data.

Which is the least effective form of risk management?

A.

Systems-based preventive control.

B.

People-based preventive control.

C.

Systems-based detective control.

D.

People-based detective control.

Which of the following is not a benefit of using information technology in solving audit problems?

A.

It helps reduce audit risk.

B.

It improves the timeliness of the audit engagement.

C.

It increases audit opportunities.

D.

It improves the auditor's judgment.

An audit of the quality control department is being planned. Which of the following would
least likely be used in the preparation of a preliminary survey questionnaire?

A.

An analysis of quality control documents.

B.

The permanent audit file.

C.

The prior audit report.

D.

Management's charter for the quality control department.

In advance of a preliminary survey,a chief audit executive sends a memorandum and
questionnaire to the supervisors of the department to be audited. What is the most likely
result of that procedure?

A.

It creates apprehension about the audit engagement.

B.

 It involves the engagement client's supervisory personnel in the audit.

C.

It is an uneconomical approach to obtaining information.

D.

It is only useful for audits of distant locations.

Which of the following lists the audit activities in the order in which they would generally be
completed during a preliminary survey?
I. Write detailed audit procedures.
II.Identify client objectives,goals,and standards.
III.Identify risks and controls intended to prevent associated losses.
IV.Determine relevant engagement objectives.

A.

II,I,IV,III.

B.

II,III,IV,I.

C.

III,IV,II,I.

D.

II,IV,I,III.

During a payroll audit of a large organization,an auditor noted that the assistant personnel
director is responsible for many aspects of the computerized payroll system,including
adding new employees in the system; entering direct-deposit information for employees;
approving and entering all payroll changes; and providing training for system users. After
discussions with the director of personnel,the auditor concluded that the director was not
comfortable dealing with information technology issues and felt obliged to support all
actions taken by the assistant director. The auditorshould:

A.

Continue to follow the engagement program because the engagement scope and
objectives have already been discussed with management.

B.

Review the engagement program to ensure testing of direct deposits to employee bank
accounts is adequately covered.

C.

Recommend to the chief audit executive that a fraud investigation be started.

D.

Test a sample of payroll changes to ensure that they were approved by the assistant director before being processed.

Human resources and payroll are separate departments. Which of the following
combinations would provide the best segregation of duties?

A.

Human resources personnel add employees,payroll personnel process hours,and
human resources personnel deliver paychecks to employees.

B.

Human resources personnel add employees,review and submit payroll hours to the
payroll department for processing,and deliver paychecks to employees.

C.

Human resources personnel add employees,and payroll personnel process hours and
enter employee bank account numbers. Paychecks are automatically deposited in the
employee's bank account.

D.

Payroll personnel add employees and enter employee bank account numbers but
process hours only as approved by the human resources department. Paychecks are
automatically deposited in the employee's bank account.