Which of the following examples of audit evidence is the most persuasive?

A.

 Real estate deeds, which were properly recorded with a government agency.

B.

Canceled checks written by the treasurer and returned from a bank.

C.

Time cards for employees, which are stored by a manager.

D.

Vendor invoices filed by the accounting department

In reviewing the appropriateness of the minimum quantity level of inventory established by a
department, an auditor would be least likely to consider:

A.

Stockout costs, including lost customers.

B.

Seasonal variations in forecasting inventory demand.

C.

Optimal order sizes determined by an economic order quantity model.

D.

 The potential for obsolescence of inventory items.

During an audit, an employee, who does not want to be identified, offers to provide information that would be damaging to the organization and may concern illegal activities. Which of the
following actions by the auditor would not be consistent with the IIA Code of Ethics and
Standards?

A.

Promising to maintain the employee's anonymity and listening to the information.

B.

Suggesting that the employee consider talking to legal counsel.

C.

Informing the employee that an attempt will be made to keep the source of the information
confidential while looking into the matter further.

D.

Informing the employee of other methods of communicating this type of information

Which of the following would have the least impact (either positive or negative) on an assessment
of a department's control environment?

A.

The department managed long-term investments, including investment in derivatives and other
financial instruments, to maximize return.

B.

The department manager sets a tone of honesty and integrity in all business dealings and this
tone is emulated by department personnel.

C.

Many department functions were duplicated or verified by other department employees as part
of the department's normal procedures.

D.

Audit tests designed to verify compliance with control procedures detected a general failure to
follow standard procedures for transaction authorization.

A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis
involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the
greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is
Which of the following statements regarding risk in the department is true?

A.

As compared to departments A and C, department B has a stronger control system to
compensate for the greater complexity of the department's transactions and dollar value of its
assets.

B.

B. The internal audit activity should schedule audits of department B more often than audits of
department C because of the relative control strength of department C as compared to department B

C.

The nature of department A's control structure may be justified by the nature of the
department's assets and the complexity of its transactions.

D.

The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C;
B.

A chief audit executive (CAE) is evaluating four potential audit engagements based on the
following factors: the engagement's ability to reduce risk to the organization, the engagement's
ability to save the organization money, and the extent of change in the area since the last
engagement. The CAE has scored the engagements for each factor from low to high, assigned
points, and calculated an overall ranking. The results are shown below with the points in
parentheses:
Risk Reduction
Cost Savings
Changes
High (3)
Medium (2)
Low (1)
High (3)
Low (1)
High (3)
Low (1)
High (3)
Medium (2)
Medium (2)
Medium (2)
High (3)
If the organization has asked the CAE to consider the cost savings factor to be twice as important
as any other factor, which engagements should the CAE pursue?

A.

1 and 2 only

B.

1 and 3 only

C.

 2 and 4 only

D.

3 and 4 only

Which of the following is least likely to vary when conducting audit engagements in different
regions of an international organization?

A.

Application of governmental regulations to business activities.

B.

Work schedules and holidays of the individual regions.

C.

Level of workpaper documentation needed to support audit observations.

D.

Availability of technology and technical support.

Which of the following is not likely to be included as an audit step when assessing vendor
performance policies?

A.

Determine whether agreed-upon lot sizes were sent by vendors.

B.

Determine whether only authorized items were received from vendors.

C.

Determine whether the balances owed to vendors are correct.

D.

Determine whether the quality of the goods purchased from the vendors has been satisfactory.

An organization has developed a large database that tracks employees, employee benefits,
payroll deductions, job classifications, and other similar information. The internal auditor reviews
the retirement benefits plan and determines that the pension and medical benefits have been
changed several times in the past ten years. The auditor wishes to determine whether there is
justification to perform further audit investigation. The most appropriate audit procedure would be
to:

A.

Review the trend of overall retirement expense over the last ten years. If the retirement
expense increased, it would indicate the need for further investigation.

B.

Use generalized audit software to select a monetary-unit sample of retirement pay, and
determine whether each retired employee was paid correctly.

C.

Review reasonableness of retirement pay and medical expenses on a per-person basis
stratified by which plan was in effect when the employee retired.

D.

Use generalized audit software to select an attributes sample of retirement pay, and perform
detailed testing to determine whether each person chosen was given the proper benefits.

Risk assessments can vary in format, but generally include:
1. A description of identified risks.
2. Tests of audit controls.
3. A system of rating risks.
4. Sample size identification.

A.

1 and 2 only

B.

1 and 3 only

C.

1, 3, and 4 only

D.

 2, 3, and 4 only

An internal auditor has just undertaken an organization-wide risk assessment. In identifying
potential audit engagements the internal auditor should consider least:

A.

Focusing on the high risk areas as sources of potential engagements.

B.

Focusing in areas not audited last year.

C.

Factoring in management requests.

D.

Focusing on those risks highlighted by the external auditor

When planning an audit engagement, what should an internal auditor first consider when
assessing the risk of fraud in the area to be audited?

A.

Impact of and exposure to fraud.

B.

Existence of evidence of fraud.

C.

Organizational structure.

D.

Management's risk appetite.