To determine if a new computer system is improving the use of a manufacturer's limited
facilities in serving the largest number of customers,an auditor shouldcompare.

A.

The number of reworked orders and their costs before and after system installation.

B.

Inventory and materials handling costs before and after system installation.

C.

The number of orders filled and their cycle times before and after system installation.

D.

The number of reworked orders and orders filled before and after system installation.

To identify those components of a telecommunications system that present the greatest
risk,an internal auditor should first:

A.

Review the open systems interconnect network model.

B.

Identify the network operating costs.

C.

Determine the business purpose of the network.

D.

Map the network software and hardware products into their respective layers.

A manufacturer uses a materials requirements planning (MRP) system to track
inventory,orders,and raw materials requirements. What condition should an auditor search
for in the MRP database if a preliminary assessment indicated that inventory is
understated?
I.Item cost set at zero.
II.Negative quantities on hand.
III.Order quantity exceeding requirements.
IV.Inventory lead times exceeding delivery schedule.

A.

I and IIonly

B.

I and IVonly

C.

II and IVonly

D.

III and IVonly

An audit to test the system of controls over the purchase,distribution,and use of radioactive
material is being conducted at a company's plants. The process is well documented,and
employees in the safety department are very familiar with the department's procedures.
Since the purchasing and facilities departments are involved in the process,the auditor is
considering reviewing their radioactive material-handling procedures as well. The auditorshould:

A.

Have confidence in the rigorous and detailed safety department procedures,since that
department has the main responsibility for radiation safety,and should not use audit time to review other departments.

B.

Adjust the engagement schedule and budget,if needed,and interview the appropriate
individuals in the purchasing and facilities departments to ascertain whether additional
controlsexist that complement those identified within the safety department.

C.

Test the controls identified within the safety department; if results are unfavorable,the
auditor should consider whether to involve the other departments.

D.

Defer questions regarding purchasing,facilities,and other departments until audit
projects can be scheduled for those departments.

Risk assessments are valuable to the internal audit activity's planning process because they assist in:

A.

Eliminating all areas with low risk from the audit plan.

B.

Educating management on the importance of keeping the internal audit activity informed
of organizational changes.

C.

Identifying the audit universe or auditable activities that need to be reviewed.

D.

Identifying risks that management and the internal auditors have overlooked.

The chief commodity trader for a large energy company learns from a friend that a
competitor will likely fail its upcoming regulatory audit and will be forced to temporarily
decrease production. If the information is true,the trader has short-term opportunities to
make trades that will financially benefit the trader's company and will lead to a substantial
increase in the trader's performance bonus. However,if the information is not true,making
the trades will significantly increase the company's risk of being caught in a long position.
From an ethical perspective,which of the following would be the most appropriate course of
action for the trader to take?

A.

Make the trade because the company and the trader will both benefit.

B.

Have another trader on staff make the trade in order to avoid a conflict of interest.

C.

Disclose the information to the risk oversight committee but proceed with the trade to capitalize on the opportunity.

D.

Defer the decision to management and risk the loss of the trading opportunity.

All of the following would normally be involved in preparing for and carrying out the internal
audit activity's annual plan except:

A.

Establishing policies and procedures for workpapers and referencing.

B.

Providing periodic activity reports to the audit committee on audit engagements in progress.

C.

Assessing the amount of risk in major departments.

D.

Training audit staff on appropriate audit methodologies for addressing any newly identified risks.

Noncompliance with which of the following would cause a control deficiency related to
privacy protection practices?
I.An organization's internal privacy policies.
II.Financial accounting standards.
III.Privacy laws and regulations.
IV.The Standards.

A.

I and IIIonly

B.

II and IVonly

C.

II,III,and IVonly

D.

I,II,III,and IV.

A chief audit executive would most likely use risk assessment for audit planning because it provides:

A.

A systematic process for assessing and integrating professional judgment about
probable adverse conditions.

B.

A listing of potentially adverse effects on the organization.

C.

A list of auditable activities in the organization.

D.

The probability that an event or action may adversely affect the organization.

An internal audit activity's work schedule should always provide sufficient information to the
audit committee to enable it to determine whether the proposed engagements:

A.

Support the organization's objectives.

B.

Include sufficient fraud awareness.

C.

Will likely result in the detection of any major risk exposures.

D.

Are likely to detect control deficiencies.

When planning the work program for an assurance engagement,an internal auditor should
first review the department's business objectives and then:

A.

Identify risks.

B.

Review controls.

C.

Determine scope.

D.

Evaluate vulnerabilities.

Which of the following would be the most effective action for an internal audit activity to
take in order to assist in improving an organization's ethical climate?
I.Review formal and informal processes within the organization that could promote
unethical behavior.
II.Conduct surveys of employees,suppliers,and customers regarding ethics.
III.Assess the employees' knowledge of and compliance with the organization's code of conduct.

A.

Ionly

B.

I and IIonly

C.

II and IIIonly

D.

I,II,and III.