Questions Chapter 1

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 84

Chapter 1 Multiple Choice Questions (Questions 1-243)

The IIA’s Attribute Standards

1. According to the IIA Standards, which of the following is not included in the scope of the
internal audit function?

a. Appraising the effectiveness and efficiency of operations and programs.

b. Reviewing the strategic management process, assessing the quality of management


decision making both quantitatively and qualitatively and reporting the results to the audit
committee.

c. Reviewing the means of safeguarding assets.

d. Complying with the laws, regulations, policies, procedures, and contracts.

2. An internal auditor is auditing the financial operations of an organization. Which of the


following is not specified by the IIA Standards for inclusion in the scope of the audit?

a. Reviewing the reliability and integrity of financial and operational information.

b. Reviewing the compliance with laws, regulations, policies, procedures, and contracts.

c. Appraising the effectiveness and efficiency of operations and programs.

d. Reviewing the financial decision-making process.

3. The Audit Committee of an organization has charged the chief audit executive (CAE) with
bringing the department into full compliance with the IIA Standards. The CAE's first task is to
develop a charter. Identify the item that should be included in the statement of objectives:

a. Report all audit findings to the Audit Committee every quarter.

b. Notify governmental regulatory agencies of unethical business practices by organization


management.

c. Determine the adequacy and effectiveness of the organization's systems of internal controls.

d. Submit departmental budget variance reports to management every month.


4. A charter is being drafted for a newly formed internal auditing department. Which of the
following best describes the appropriate organizational status that should be incorporated into the
charter?

a. The chief audit executive (CAE) should report to the chief executive officer but have
access to the board of directors

b. The CAE should be a member of the audit committee of the board of directors

c. The CAE should be a staff officer reporting to the chief financial officer

d. The CAE should report to an administrative vice president

5. If an auditee’s operating standards are vague and thus subject to interpretation, the auditor
should:

a. Seek agreement with the auditee as to the standards to be used to measure operating
performance

b. Determine best practices in this area and use them as the standard

c. Interpret the standards in their strictest sense because standards are otherwise only
minimum measures of acceptance

d. Omit any comments on standards and the auditee’s performance in relationship to those
standards, because such an analysis would be meaningless

6. In which of the following situations does the auditor potentially lack objectivity?

a. An auditor reviews the procedures for a new electronic data interchange (EDI) connection
to a major customer before it is implemented.

b. A former purchasing assistant performs a review of internal controls over purchasing four
months after being transferred to the internal auditing department.

c. An auditor recommends standards of control and performance measures for a contract with
a service organization for the processing of payroll and employee benefits.

d. A payroll accounting employee assists an auditor in verifying the physical inventory of


small motors.
7. Which of the following actions would be a violation of auditor independence?

a. Continuing on an audit assignment at a division for which the auditor will soon be
responsible as the result of a promotion.

b. Reducing the scope of an audit due to budget restrictions.

c. Participating on a task force which recommends standards for control of a new distribution
system.

d. Reviewing a purchasing agent's contract drafts prior to their execution.

8. Which of the following activities would not be presumed to impair the independence of an
internal auditor?

I. Recommending standards of control for a new information system application.

II. Drafting procedures for running a new computer application to ensure that proper controls
are installed.

III. Performing reviews of procedures for a new computer application before it is installed.

a. I only.

b. II only.

c. III only.

d. I and III.

9. Which of the following is not a true statement about the relationship between internal auditors
and external auditors?

a. Oversight of the work of external auditors is the responsibility of the director of internal
auditing.

b. There may be periodic meetings between internal and external auditors to discuss matters
of mutual interest.
c. There may be an exchange of audit reports and management letters between internal and
external auditors.

d. Internal auditors may provide audit programs and working papers to external auditors.

10. A quality assurance program of an internal audit department provides reasonable assurance that
audit work conforms to applicable standards. Which of the following activities are designed to
provide feedback on the effectiveness of an audit department?

I. Proper supervision

II. Proper training

III. Internal reviews

IV. External reviews

a. I, II, and III.

b. II, III, and IV.

c. I, III, and IV.

d. I, II, III, and IV.

Use the following information to answer questions 11 and 12.

An internal audit team recently completed an audit of the company's compliance with its lease-
versus-purchase policy concerning company automobiles. The audit report noted that the basis for
several decisions to lease rather than purchase automobiles had not been documented and was not
auditable. The report contained a recommendation that operating management ensure that such
lease agreements not be executed without proper documentation of the basis for the decision to
lease rather than buy. The internal auditors are about to perform follow-up work on this audit
report.

11. The primary purpose for performing a follow-up review is to:

a. Ensure timely consideration of the internal auditors' recommendations.

b. Ascertain that appropriate action was taken on reported findings.


c. Allow the internal auditors to evaluate the effectiveness of their recommendations.

d. Document what management is doing in response to the audit report and close the audit file
in a timely manner.

12. Assume that senior management has decided to accept the risk involved in failure to document
the basis for lease-versus-purchase decisions involving company automobiles. In such a case, what
would be the auditors' reporting obligation?

a. The auditors have no further reporting responsibility.

b. Management's decision and the auditors' concern should be reported to the company's
Board of Directors.

c. The auditors should issue a follow-up report to management clearly stating the rationale for
the recommendation that the basis for lease-versus-purchase decisions be properly documented.

d. The auditors should inform the external auditor and any responsible regulatory agency that
no action has been taken on the finding in question.

13. Auditors realize that at times corrective action is not taken even when agreed to by the
appropriate parties. This should lead an internal auditor to:

a. Decide the extent of necessary follow-up work.

b. Allow management to decide when to follow-up, since it is management's ultimate


responsibility.

c. Decide to conduct follow-up work only if management requests the auditor's assistance.

d. Write a follow-up audit report with all findings and their significance to the operations.

14. In publicly held companies, management often requires the internal auditing department's
involvement with quarterly financial statements that are made public and/or used internally. Which
one of the following is generally not a reason for such involvement?

a. Management may be concerned about its reputation in the financial markets.

b. Management may be concerned about potential penalties that could occur if quarterly
financial statements that are made public are misstated.
c. The Standards state that internal auditors should be involved with reviewing quarterly
financial statements.

d. Management may perceive that having quarterly financial information examined by the
internal auditors enhances its value for internal decision making.

15. During testing of the effectiveness of inventory controls, the auditor makes a note in the
working papers that most of the cycle count adjustments for the facility involved transactions of
the machining department. The machining department also had generated an extraordinary number
of cycle count adjustments in comparison to other departments last year. The auditor should:

a. Interview management and apply other audit techniques to determine whether transaction
controls and procedures within the machining department are adequate.

b. Do no further work because the concern was not identified by the analytical procedures
designed in the audit program.

c. Notify internal audit management that fraud is suspected.

d. Place a note in the working papers to review this matter in detail during the next review.

16. Developing an audit finding involves comparing the condition to the relevant standard or
criterion. Which of the following choices best represents an appropriate standard or criterion to
support a finding?

a. A quality standard operating procedure (number and date) for the department.

b. An internal accounting control principle cited and copied from a public accounting
reference.

c. A sound business practice, based on the internal auditor's knowledge and experience
obtained during many audit assignments within the company.

d. All of the above.

17. The chief audit executive (CAE) for a large manufacturing company is considering revising the
department's audit charter with respect to the minimum educational and experience qualifications
required. The CAE wants to require all staff auditors to possess specialized training in accounting
and a professional auditing certification such as the Certified Internal Auditor (CIA) or the
Chartered Accountant (CA). One of the disadvantages of imposing this requirement would be:
a. The policy might negatively affect the department's ability to perform quality examinations
of the company's financial and accounting systems,

b. The policy would not promote the professionalism of the department,

c. The policy would prevent the department from using outside consultants when the
department did not have the skills and knowledge required in certain audit situations,

d. The policy could limit the range of activities, which could be audited by the department
due to the department's narrow expertise and backgrounds,

18. An organization was in the process of establishing its new internal audit department. The
controller had no previous experience with internal auditors. Due to this lack of experience, the
controller advised the applicants that they would be reporting to the external auditors. However,
the new chief audit executive (CAE) would have free access to the controller to report anything
important. The controller would convey the CAE's concerns to the board of directors. Which of the
following is true?

a. The internal audit department will be independent because the CAE has direct access to the
board of directors.

b. The internal audit department will not be independent because the CAE reports to the
external auditors.

c. The internal audit department will not be independent because the controller has no
experience with internal auditors.

d. The internal audit department will not be independent because the company did not specify
that the applicants must be Certified Internal Auditors.

Use the following information to answer questions 19 and 20.

During a year-end planning meeting with senior management, the chief audit executive (CAE)
learns that a recent draft audit report on one of the company's inventory costing systems had
provoked a discussion in the accounting area. The audit report proposed a relatively large
adjustment due to an error in the local inventory system. The auditor's conclusion stated that six
other production facilities using the same costing system would require similar inventory
adjustments. The total required adjustment for all seven locations represented a material
adjustment to the financial statements, according to the chief financial officer (CFO). The CFO
questioned the method used by the auditor to calculate the amount of the inventory adjustment and
asked the CAE to delay processing the audit report until all aspects of the finding had been fully
considered. The CAE reports directly to the CFO. The audit committee has not been apprised of
this audit because the audit report is still in draft stage awaiting management comment.

19. Assuming that there is a meeting later the same day with the audit committee of the board,
which of the following is not a responsibility of the director of internal auditing?

a. Inform the audit committee of senior management's decisions on all significant audit
findings.

b. Highlight significant audit findings and recommendations and report on the approved audit
work schedule.

c. Inform the audit committee of the outcome of earlier meetings with the CFO and the
options being considered for recording the inventory adjustment.

d. Attempt to resolve the inventory issue before reporting the finding to the audit committee.

20. Which of the following actions should the CAE take?

a. Schedule audits to review the inventory costing systems at all locations after year-end.

b. Recall all copies of the draft audit report sent out for management review and response.

c. Tell the representatives of senior management that distorting financial reports is not
acceptable.

d. Offer to review the basis for the conclusion about the inventory valuation at all locations.

21. An inexperienced internal auditor notified the senior auditor of a significant variance from the
auditee's budget. The senior told the new auditor not to worry as the senior had heard that there had
been an unauthorized work stoppage that probably accounted for the difference. Which of the
following statements is most appropriate?

a. The new auditor should have investigated the matter fully and not bothered the senior.

b. The senior used proper judgment in curtailing what could have been a wasteful
investigation.

c. The senior should have halted the audit until the variance was fully explained.
d. The senior should have aided the new auditor in formulating a plan for accumulating
appropriate evidence.

22. The IIA Standards state that internal auditors are responsible for continuing their education in
order to maintain their proficiency. Which of the following is correct regarding the continuing
education requirements of the practicing internal auditor?

a. Internal auditors are required to obtain 40 hours of continuing professional development


(CPD) each year and a minimum of 120 hours over a three-year period.

b. CIAs have formal requirements that must be met in order to continue as a CIA.

c. Attendance, as an officer or committee member, at formal Institute of Internal Auditors


meetings does not meet the criteria of continuing professional development.

d. In-house programs meet continuing professional development requirements only if they


have been pre-approved by The Institute of Internal Auditors.

23. A significant part of the auditor's working papers will be the conclusions reached by the
auditor regarding the audit area. In some situations, the supervisor might not agree with the
conclusions and will ask the staff auditor to perform more work. Assume that after subsequent
work is performed, the staff auditor and the supervisor continue to disagree on the conclusions
documented in the working paper developed by the staff auditor. Which of the following audit
department responses would not be appropriate?

a. Both the staff auditor and the supervisor document their reasons for reaching different
conclusions. Retain the rationale of both parties in the working papers.

b. Note the disagreement and retain the notice of disagreement and follow-up work in the
audit working papers.

c. Present both conclusions to the chief audit executive (CAE) for resolution. The CAE may
resolve the matter.

d. Present both conclusions in the audit report and let management and the auditee react to
both.

24. The IIA Standards specify that supervision of the work of internal auditors be “carried out
continuously.” Which of the following statements regarding supervision is correct?
I. “Continuously” indicates that supervision should be performed throughout
the planning, examination, evaluation, report, and follow-up stages of the audit

II. Supervision should also be extended to training, time reporting, and expense
control, as well as similar administrative matters

III. The extent and nature of supervision needs to be documented, preferably in the
appropriate working papers

a. I only.

b. I and III.

c. II only.

d. I, II, and III.

25. It would be appropriate for internal auditing departments to use consultants with expertise in
health care benefits when the internal auditing department is:

a. Conducting an audit of the organization's estimate of its liability for post-retirement


benefits which include health care benefits.

b. Comparing the cost of the organization's health care program with other programs offered
in the industry.

c. Training its staff to conduct an audit of health care costs in a major division of the
organization.

d. All of the above.

26. An auditor has uncovered facts, which could be interpreted as indicating unlawful activity on
the part of an auditee. The auditor decides not to inform senior management of these facts since he
cannot prove that an irregularity occurred. The auditor, however, decides that if questions are
raised regarding the omitted facts, they will be answered fully and truthfully. In taking this action,
the auditor:

a. Has not violated the Code of Ethics or the Standards because confidentiality takes
precedence over all other standards.
b. Has not violated the Code of Ethics or the Standards because the auditor is committed to
answering all questions fully and truthfully.

c. Has violated the Code of Ethics because unlawful acts should have been reported to the
appropriate regulatory agency to avoid potential "aiding and abetting" by the auditor.

d. Has violated the Standards because the auditor should inform the appropriate authorities in
the organization if fraud may be indicated.

27. A new staff auditor was told to perform an audit in an area with which the auditor was not
familiar. Because of time constraints, there was no supervision of the audit. The auditor was given
the assignment because it represented a good learning experience, but the area was clearly beyond
the auditor's competence. Nonetheless, the auditor prepared comprehensive working papers and
reported the results to management. In this situation:

a. The audit department violated the IIA Standards by hiring an auditor without proficiency in
the area.

b. The audit department violated the IIA Standards by not providing adequate supervision.

c. The chief audit executive (CAE) has not violated the Code of Ethics since the Code does
not address supervision.

d. The IIA’s Standards and the Code of Ethics were followed by the audit department.

28. Management has requested the internal auditing department to perform an operational audit of
the telephone marketing operations of a major division and to recommend procedures and policies
for improving management control over the operation. The auditor should:

a. Not accept the engagement because recommending controls would impair future
objectivity of the department regarding this auditee.

b. Not accept the engagement because audit departments are presumed to have expertise on
accounting controls, not marketing controls.

c. Accept the engagement, but indicate to management that recommending controls would
impair audit independence so management knows that future audits of the area would be impaired.

d. Accept the audit engagement because independence would not be impaired.


29. A new staff auditor has been assigned to an audit of the cash management operations of the
organization. The staff auditor has no background in cash management and this is the auditor's first
audit. Under which of the following conditions would the internal auditing department be in
compliance with the Standards regarding knowledge and skills?

a. The senior auditor is skilled in the area and closely supervises the staff auditor.

b. The staff auditor performs the work and prepares a report which is reviewed in detail by the
director of audit.

c. Both a and b.

d. Neither a nor b.

30. Communication skills are important to internal auditors. According to the Standards, the
auditor should be able to effectively convey all of the following to the auditee except:

a. The audit objectives designed for a specific auditable entity.

b. The audit evaluations based on a preliminary survey of an auditable entity.

c. The risk assessment used in selecting the area for audit investigation.

d. Recommendations that are generated in relationship to a specific auditable entity.

31. Internal auditing is unique in that its scope often encompasses all areas of an organization.
Thus, it is not possible for each internal auditor to possess detailed competence in all areas, which
might be audited. Which of the following competencies is required by the IIA Standards for every
internal auditor?

a. Taxation and law as it applies to operation of the organization.

b. Proficiency in accounting principles.

c. Understanding of management principles.

d. Proficiency in computer systems and databases.

32. The IIA Standards would not require the chief audit executive (CAE) to:

a. Contribute resources for the annual audit of financial statements.


b. Coordinate audit work with that of the external auditors.

c. Communicate to senior management and the board the results of evaluations of the
coordination between internal and external auditors.

d. Communicate to senior management and the board the results of evaluations of the
performance of external auditors.

33. Follow-up activity may be required to ensure that corrective action has taken place for certain
findings. The internal audit department's responsibility to perform follow-up activities as required
should be defined in the:

a. Internal auditing department's written charter.

b. Mission statement of the audit committee.

c. Engagement memo issued prior to each audit assignment.

d. Purpose statement within applicable audit reports.

34. As a particular audit is being planned in a high-risk area, the chief audit executive (CAE)
determines that the available staff does not have the requisite skills to perform the assignment. The
best course of action consistent with audit planning standards would be to:

a. Not perform the audit, since the requisite skills are not available.

b. Use the audit as a training opportunity and let the auditors learn as the audit is performed.

c. Consider using external resources to supplement the needed knowledge, skills, and
disciplines and complete the assignment.

d. Perform the audit but limit the scope in light of the skill deficiency.

35. According to the IIA Standards, internal auditors must be objective in performing audits.
Assume that the chief audit executive (CAE) received an annual bonus as part of that individual's
compensation package. The bonus may impair the CAE's objectivity if:

a. The bonus is administered by the board of directors or its salary administration committee.

b. The bonus is based on dollar recoveries or recommended future savings as a result of


audits.
c. The scope of internal auditing work is reviewing control rather than account balances.

d. All of the above.

36. A company is planning to develop and implement a new computerized purchase order system
in one of its manufacturing subsidiaries. The Vice President of Manufacturing has requested that
internal auditors participate on a team consisting of representatives from Finance, Manufacturing,
Purchasing, and Marketing. This team will be responsible for the implementation effort. Eager to
take on this high profile project, the chief audit executive (CAE) assigns a senior auditor to the
project to assist "as needed." Assuming the senior auditor performed all of the following activities,
which one would impair objectivity if asked to review the purchase order system on a post-audit
basis?

a. Helping to identify and define control objectives.

b. Testing for compliance with system development standards.

c. Reviewing the adequacy of systems and programming standards.

d. Drafting operating procedures for the new system.

37. An internal audit department is currently undergoing its first external quality assurance review
since its formation three years ago. From interviews with a few of the staff auditors, the review
team is informed of certain auditor activities, which occurred over the past year. Which of the
following activities could affect the quality assurance review team's evaluation of the objectivity of
the internal audit department?

a. One internal auditor told the review team that during the payroll audit, the payroll manager
approached him. The manager indicated he was looking for an accountant to prepare his financial
statements for his part-time business. The internal auditor agreed to perform this work for a
reduced fee during non-work hours.

b. During the audit of the company's construction of a building addition to the corporate
office, the Vice-President of Facilities Management gave the auditor a commemorative mug with
the company's logo. These mugs were distributed to all employees present at the groundbreaking
ceremony.

c. After reviewing the installation of a data processing system, the auditor made
recommendations on standards of control. Three months after completing the audit, the auditee
requested the auditor's review of certain procedures for adequacy. The auditor agreed and
performed this review.
d. An auditor's participation was requested on a task force to reduce the company's inventory
losses from theft and shrinkage. This is the first consulting assignment undertaken by the audit
department. The auditor's role is to advise the task force on appropriate control techniques.

38. A medium-sized publicly owned corporation operating in Country X has grown to a size, which
the directors of the corporation believe warrants the establishment of an internal auditing depart-
ment. Country X has legislated internal auditing requirements for government-owned companies.
The company changed the corporate by-laws to reflect the establishment of the internal auditing
department. The directors decided that the chief audit executive (CAE) must be a Certified Internal
Auditor (CIA) and will report directly to the newly established audit committee of the board of
directors.

Which of the items discussed above will contribute the most to the new CAE's independence?

a. The establishment of the internal auditing department is documented in corporate by-laws.

b. Legislated internal auditing requirements in Country X.

c. The fact that the CAE will report to the audit committee of the board of directors.

d. The fact that the CAE is to be a Certified Internal Auditor (CIA).

39. An internal auditor reports directly to the board of directors. The auditor discovered a material
cash shortage. When questioned, the person responsible explained that the cash was used to cover
sizable medical expenses for a child and agreed to replace the funds. Because of the corrective
action, the internal auditor did not inform management. In this instance, the auditor:

a. Has organizational independence, but not objectivity.

b. Has both organizational independence and objectivity.

c. Does not have organizational independence but has objectivity.

d. Does not have either organizational independence or objectivity.

40. During a purchasing audit, the internal auditor finds that the largest blanket purchase order is
for tires which are expensed as vehicle maintenance items. The fleet manager requisitions tires
against the blanket order for the company's 400-vehicle service fleet based on a visual inspection
of the cars and trucks in the parking lot each week. Sometimes the fleet manager picks up the tires
but always signs the receiving report for payment. Vehicle service data is entered into a
maintenance database by the mechanic after the tires are installed. Which would be the best course
of action for the auditor in these circumstances?

a. Determine whether the number of tires purchased can be reconciled to maintenance


records.

b. Count the number of tires on hand and trace them to the related receiving reports.

c. Select a judgmental sample of requisitions and verify that the fleet manager signs each one.

d. Compare the number of tires purchased under the blanket purchase order with the number
of tires purchased in the prior year for reasonableness.

41. Auditors need to determine if management has established criteria to determine if goals and
objectives have been accomplished. If the auditor determines such criteria are inadequate or
nonexistent, which of the following actions would be appropriate?

I. Report the inadequacies to the appropriate level of management and recommend


appropriate courses of action

II. Recommend alternative sources of criteria to management such as acceptable industry


standards

III. Formulate criteria the auditor believes to be adequate and perform the audit and report in
relationship to the alternative criteria

a. I only.

b. I and II.

c. I, II, and III.

d. II only.

42. Several members of senior management have questioned whether the internal audit department
should report to the newly established, quality audit function as part of the total quality
management process within the company. The chief audit executive (CAE) has reviewed the
quality standards and the programs that the quality audit manager has proposed. The CAE’s
response to senior management should include:
a. Changing the applicable standards for internal auditing within the company to provide
compliance with quality audit standards.

b. Changing the qualification requirements for new staff members to include quality audit
experience.

c. Estimating departmental cost savings from eliminating the internal auditing function.

d. Identifying appropriate liaison activities with the quality audit function to ensure
coordination of audit schedules and overall audit responsibilities.

43. Internal auditors are often called on to either perform, or assist the external auditor in
performing, a due diligence review. A due diligence review is:

a. A review of interim financial statements as directed by an underwriting firm.

b. An operational audit of a division of a company to determine if divisional management is


complying with laws and regulations.

c. A review of operations as requested by the audit committee to determine whether the


operations comply with audit committee and organizational policies.

d. A review of financial statements and related disclosures in conjunction with a potential


acquisition.

Use the following information to answer questions 44 through 47.

The director of internal auditing of a mid-sized internal auditing organization was concerned that
management might outsource the internal auditing function. Therefore, the manager adopted a very
aggressive program to promote the internal auditing department within the organization. The
manager planned to present the results to management and the audit committee and recommend
modification of the Internal Audit Charter after using the new program. The following lists six
actions the audit manager took to promote a positive image within the organization:

1. Audit assignments concentrated on economy and efficiency audits. The audits focused
solely on cost savings and each audit report highlighted potential costs to be saved. Negative
findings were omitted. The focus on economy and efficiency audits was new, but the auditees
seemed very happy.

2. Drafts of all audit reports were carefully reviewed with the auditee to get their input. Their
comments were carefully considered when developing the final audit report.
3. The IT auditor participated as part of a development team to review the control procedures
to be incorporated into a major computer application under development.

4. Given limited resources, the audit manager performed a risk analysis to determine which
locations to audit. This was a marked departure from the previous approach of ensuring that all
operations are reviewed on at least a three-year interval.

5. In order to save time, the manager no longer required that a standard internal control
questionnaire be completed for each audit.

6. When the auditors found that management and the auditee had not developed specific
criteria or data to evaluate the operations of the auditee, the audit team was instructed to perform
research, develop specific criteria, review the criteria with the auditee, and if acceptable, use it to
evaluate the auditee's operations. If the auditee disagreed with the criteria, a negotiation took place
until acceptable criteria could be agreed upon. The audit report commented on the auditee's
operations in conjunction with the agreed-upon criteria.

44. Which of the following elements of Action 1 taken by the audit manager would be considered a
violation of the IIA Standards?

I. The type of audits was changed before modifying the charter and going to the audit
committee

II. Negative findings were omitted from the audit reports

III. Cost savings and recommendations were highlighted in the report

a. I and II.

b. I and III.

c. I only.

d. II and III.

45. Considering Actions 2, 3 and 4 that were taken, which would be considered a violation of the
IIA Standards?

a. Actions 2, 3, and 4.

b. Action 4 only.
c. Action 2 and 3 only.

d. None of the Actions.

46. Is Action 5 a violation of the IIA Standards?

a. Yes. Internal control should be evaluated on every audit, but the internal control
questionnaire is not the mandated approach to evaluate the controls.

b. No. Auditors may omit necessary procedures if there is a time constraint. It is a matter of
audit judgment.

c. Yes. Internal control should be evaluated on every audit engagement and the internal
control questionnaire is the most efficient method to do so.

d. No. Auditors are not required to fill out internal control questionnaires on every audit.

47. Regarding Action 6, which of the following elements of the action would be considered a
violation of the IIA Standards?

a. Failing to report the lack of criteria to appropriate level of management.

b. Developing a set of criteria to present to the auditee as a basis for evaluating the auditee's
operations.

c. Commenting on the agreed-upon criteria.

d. All of the above.

48. Given the acceptance of the cost savings audits and the scarcity of internal audit resources, the
audit manager also decided that follow-up action was not needed. The manager reasoned that cost
savings should be sufficient to motivate the auditee to implement the auditor's recommendations.
Therefore, follow-up was not scheduled as a regular part of the audit plan. Does the audit
manager's decision violate the Standards?

a. No. The Standards do not specify whether follow-up is needed.

b. Yes. The Standards require the auditors to determine whether the auditee has appropriately
implemented all of the auditor's recommendations.

c. Yes. Scarcity of resources is not a sufficient reason to omit follow-up action.


d. No. When there is evidence of sufficient motivation by the auditee, there is no need for
follow-up action.

49. Reporting to senior management and the board is an important part of the auditor's obligation.
Which of the following items is not required to be reported to senior management and/or the
board?

a. Subsequent to the completion of an audit, but prior to the issuance of an audit report, the
audit senior in charge of the audit was offered a permanent position in the auditee's department.

b. An annual report summary of the department's audit work schedule and financial budget.

c. Significant interim changes to the approved audit work schedule and financial budget.

d. An audit plan was approved by senior management and the board. Subsequent to the
approval, senior management informed the chief audit executive (CAE) not to perform an audit of
a division because the division's activities were very sensitive.

50. It has been established that an internal auditing charter is one of the more important factors
positively affecting the internal auditing department's independence. The IIA Standards help
clarify the nature of the charter by providing guidelines as to the contents of the charter. Which of
the following is not suggested in the Standards as part of the charter?

a. The department's access to records within the organization.

b. The scope of internal auditing activities.

c. The length of tenure for the internal auditing director.

d. The department's access to personnel within the organization.

51. The preliminary survey indicates that severe staff reductions at the audit location have resulted
in extensive amounts of overtime among accounting staff. Department members are visibly
stressed and very vocal about the effects of the cutbacks. Accounting payrolls are nearly equal to
prior years and many key controls, such as segregation of duties, are no longer in place. The
accounting supervisor now performs all operations within the cash receipts and posting process,
and has no time to review and approve transactions generated by the remaining members of the
department. Journal entries for the last six months since the staff reductions show increasing
numbers of prior-month adjustments and corrections, including revenues, cost of sales, and
accruals that had been misstated or forgotten during month-end closing activity. The auditor
should:

a. Discuss these findings with audit management to determine whether further audit work
would be an efficient use of audit resources at this time.

b. Proceed with the scheduled audit but add audit personnel based on the expected number of
findings and anticipated lack of assistance from local accounting management.

c. Research temporary helps agencies and evaluates the cost and benefit of outsourcing
needed services.

d. Suspend further audit work because the findings are obvious and issue the audit report.

52. Auditors realize that at times corrective action is not taken even when agreed to by the
appropriate parties. This should lead an internal auditor to:

a. Decide the extent of necessary follow-up work.

b. Allow management to decide when to follow-up, since it is management's ultimate


responsibility.

c. Decide to conduct follow-up work only if management requests the auditor's assistance.

d. Write a follow-up audit report with all findings and their significance to the operations.

53. Which of the following actions would be a violation of independence?

a. Continuing on an audit assignment at a division for which the auditor will soon be
responsible as the result of a promotion.

b. Reducing the scope of an audit due to budget restrictions.

c. Participating on a task force which recommends standards for control of a new distribution
system.

d. Reviewing a purchasing agent's contract drafts prior to execution.

54. Management has requested the audit department to conduct an audit of the implementation of
its recently developed company code of conduct. In preparing for the audit, the auditor reviews the
newly developed code and compares it with several others for comparable companies and
concludes that the newly developed code has severe deficiencies. Based on this conclusion, the
auditor should:

a. Plan an audit for the implementation of management's code of conduct and also for
compliance with the “best practices” from the other codes since this represents the best available
criteria.

b. Report the nature of the deficiencies in a formal report to management.

c. Inform management of the problems with the existing code and report that it would be
inappropriate to conduct an audit until the code is revised to incorporate the "best practices" from
industry.

d. Conduct the audit as requested by management, reporting only noncompliance with the
code.

55. The IIA’s Standards assign the responsibility for providing appropriate audit supervision to the:

a. Audit Committee.

b. Director of internal auditing.

c. Audit supervisor.

d. Senior auditor.

56. The IIA Standards require that the chief audit executive (CAE) seek the approval of manage-
ment and acceptance by the board of a formal written charter for the internal auditing department.
The purpose of this charter is to:

a. Protect the internal auditing department from undue outside influence.

b. Establish the purpose, authority, and responsibility of the internal auditing department.

c. Clearly define the relationship between internal and external auditing.

d. Establish the director's status as a staff executive.

57. The primary criteria for determining the adequacy of working papers can be found in the:

a. The IIA Standards.


b. Institute's Code of Ethics.

c. Practice Guides.

d. Foreign Corrupt Practices Act.

58. Based on the IIA Standards, an internal auditing department's staff development program will
be deficient if individual employees are:

a. Given a large variety of tasks to perform.

b. Expected to study current events on an independent basis.

c. Assigned to a different supervisor on each job.

d. Formally evaluated once every two years.

59. The IIA Standards require written policies and procedures to guide the audit staff. Which of the
following statements is false with respect to this requirement?

a. The form and content of written policies and procedures should be appropriate to the size
of the department.

b. All internal audit departments should have a detailed policies and procedures manual.

c. Formal administrative and technical audit manuals may not be needed by all internal
auditing departments.

d. A small internal auditing department may be managed informally through close supervision
and written memos.

Use the following audit finding to answer questions 60 and 61

PARAGRAPH 1: The production department has the newest production equipment available
because of a fire that required the replacement of all equipment.

PARAGRAPH 2: The members of the production department have become completely


comfortable with the state-of-the-art technology over the past year and a half. As a result, the
production department has become an industry leader in production efficiency and effectiveness.

PARAGRAPH 3: The production department produces an average of 25 units per worker per shift.
The defect rate is one percent.
PARAGRAPH 4: The industry average productivity is 20 units per worker per shift. The industry
defect rate is three percent.

60. Which paragraph would be characterized as the attribute described in the IIA Standards as
“Criteria”?

a. 1.

b. 2.

c. 3.

d. 4.

61. Which paragraph would be characterized as the attribute described in the IIA Standards as
“Condition”?

a. 1.

b. 2.

c. 3.

d. 4.

62. A relatively new internal auditor is completing an audit report. The final report should most
appropriately be signed by:

a. The auditor because of a greater level of detail knowledge of the report.

b. The auditor and the person in charge of the area being audited to indicate review of the
report.

c. The Chief Audit Executive.

d. The Chairman of the Audit Committee of the Board of Directors.

63. An auditor often faces special problems when auditing a foreign subsidiary. Which of the
following statements is false with respect to the conduct of international audits?

a. The IIA Standards do not apply outside of the United States.


b. The auditor should determine whether managers are in compliance with local laws.

c. There may be justification for having different company policies in force in foreign
branches.

d. It is preferable to have multilingual auditors conduct audits at branches in non-English-


speaking nations.

64. The interpretation related to quality assurance given by the IIA Standards is that:

a. Quality assurance reviews can provide senior management and the audit committee with an
assessment of the internal auditing function.

b. Appropriate follow-up to an external review is the responsibility of the chief audit


executive's immediate supervisor.

c. The internal auditing department is primarily measured against the IIA's Code of Ethics.

d. Continual supervision is limited to the planning, examination, evaluation report and follow-
up process.

65. An internal auditor fails to discover an employee fraud during an audit. The nondiscovery is
most likely to suggest a violation of the IIA Standards if it was the result of a:

a. Failure to perform a detailed audit of all transactions in the area.

b. Determination that any possible fraud in the area would not involve a material amount.

c. Determination that the cost of extending audit procedures in the area would exceed the
potential benefits.

d. Presumption that the internal controls in the area were adequate and effective.

66. Which of the following will best promote the independence of the internal auditing function?

a. A quality control system within the internal auditing function designed to ensure that
departmental objectives are met.

b. Direct lines of communication between the audit committee and the chief audit executive
(CAE).
c. A written charter that reflects the concepts contained in the International Standards for the
Professional Practice of Internal Auditing.

d. Direct reporting responsibilities to the company's chief financial officer.

67. The charter of a newly formed internal auditing department contains the following statement:
“The organizational status of the internal auditing department will be sufficient to permit the
accomplishment of its audit responsibilities”. Select the best reporting lines from the following
relationships, which would promote the accomplishment of the intended organizational status.
Solid line to:

a. Board of directors, dotted line to vice-president, of finance.

b. President, dotted line to board of directors.

c. Controller, dotted line to board of directors.

d. Vice-president, finance, dotted line to board of directors.

68. According to the IIA Standards, the purpose of an internal auditor's review for effectiveness of
the system of internal control is to ascertain if:

a. The system is functioning as intended.

b. The system is functioning efficiently and economically.

c. The organization's goals and objectives have been achieved.

d. Financial and operating data are reliable.

69. The best description of the purpose of internal auditing is that it:

a. Furnishes members of the organization with information needed to effectively discharge


their responsibilities.

b. Reviews the reliability and integrity of financial and operating information.

c. Reviews the means of safeguarding assets and, as appropriate, verifies the existence of such
assets.

d. Appraises the economy and efficiency with which resources are employed.
70. The chief audit executive (CAE) of a newly formed internal auditing department is seeking
management approval of a charter. What is the authoritative source for seeking such approval?

a. The IIA Standards which clearly place that responsibility on the director.

b. The appropriate Practice Advisories, which requires the director to take that course of
action.

c. The Code of Ethics which requires internal auditors to document company policy.

d. According to the IIA Standards, no approval is necessary.

71. According to the IIA Standards, the staff of a newly developed internal auditing department
should include:

a. Members with bachelor's degrees in accounting and related fields.

b. Members possessing appropriate professional designations.

c. Members proficient in applying internal auditing standards, procedures, and techniques.

d. Members with prior internal audit experience.

72. According to the IIA Standards, which of the following best describes the nature of opinions
that are appropriate for internal audit reports?

a. Opinions are generally the auditor's subjective judgments concerning why deficiencies
exist.

b. Opinions are the auditor's evaluations of the effects of the observations and
recommendations on the activities reviewed.

c. Opinions are conclusions that the auditor has reached concerning the appropriateness of the
auditee's objectives.

d. Opinions should only involve the fairness of the auditee's financial statements.

73. The chief audit executive (CAE) is concerned that a recently disclosed fraud was not uncovered
during the last audit of cash operations. A review of the working papers indicated that the
fraudulent transaction was not included in a properly designed statistical sample of transactions
tested. Which of the following applies to this situation?

a. Because cash operation is a high-risk area, 100 percent testing of transactions should have
been performed.

b. The internal auditor acted with Due Professional Care since an appropriate statistical
sample of material transactions was tested.

c. Fraud should not have gone undetected in a recently audited area.

d. Extraordinary care is necessary in the performance of a cash operations audit and the
auditor should be held responsible for the oversight.

74. In the course of their work, internal auditors must be alert for fraud and other forms of white-
collar crime. The important characteristic that distinguishes fraud from other varieties of white-
collar crime is that:

a. Fraud encompasses an array of irregularities and illegal acts that involve intentional
deception.

b. Unlike other white-collar crimes, fraud is always perpetrated against an outside party.

c. White-collar crime is usually perpetrated for the benefit of an organization, whereas fraud
benefits an individual.

d. White-collar crime is usually perpetrated by outsiders to the detriment of an organization,


whereas fraud is perpetrated by insiders to benefit the organization.

75. During an audit of purchasing, internal auditors found several violations of company policy
concerning competitive bidding. The same condition had been reported in an audit report last year-
and corrective action had not been taken. Which of the following best describes the appropriate
action concerning this repeat finding?

a. The audit report should note that this same condition had been reported in the prior audit.

b. During the exit interview, management should be made aware that a finding from the prior
report had not been corrected.

c. The chief audit executive (CAE) should determine whether management or the board has
assumed the risk of not taking corrective action.
d. The CAE should determine whether this condition should be reported to the independent
auditor and any regulatory agency.

76. Internal auditing is responsible for assisting in the prevention of fraud by:

a. Informing the appropriate authorities within the organization and recommending whatever
investigation is considered necessary in the circumstances when wrongdoing is suspected.

b. Establishing the systems designed to ensure compliance with the organization's policies,
plans, and procedures, as well as applicable laws and regulations.

c. Examining and evaluating the adequacy and the effectiveness of control, commensurate
with the extent of the potential exposure/risk in the various segments of the organization's
operations.

d. Determining whether operating standards have been established for measuring economy
and efficiency, and whether these standards are understood and are being met.

77. Which of the following combination of participants would be most appropriate to attend an
exit conference?

a. The responsible internal auditor and representatives from management who are knowledge-
able of detailed operations and those who can authorize implementation of corrective action.

b. The chief audit executive and the executive in charge of the activity or function audited.

c. Staff auditors who conducted the fieldwork and operating personnel in charge of the daily
performance of the activity or function audited.

d. Staff auditors who conducted the fieldwork and the executive in charge of the activity or
function audited.

78. An internal audit of sales contracts revealed that a bribe had been paid to secure a major
contract. It was considered quite possible that a senior executive had authorized the bribe. Which
of the following best describes the proper distribution of the completed audit report?

a. The report should be distributed to the chief executive officer and the appropriate
regulatory agency.
b. The report should be distributed to the board of directors, the chief executive officer, and
the independent auditor.

c. The chief audit executive should provide the board of directors a copy of the report and
decide whether further distribution is appropriate.

d. The report should be distributed to the board of directors, the appropriate law enforcement
agency, and the appropriate regulatory agency.

79. The IIA Standards define relevant evidence as:

a. Factual, adequate, and convincing.

b. Reliable and the best attainable through the use of appropriate audit techniques.

c. Consistent with the audit objectives and supports audit observations and recommendations.

d. Information that helps the organization meets its goals.

80. Which is the lowest organizational level to which the Internal Auditing Department should
address the final report of the operational audit of the Production Department?

a. The Audit Committee of the Board of Directors.

b. The Chief Executive officer.

c. The Vice President of Production.

d. The first-line supervisor.

81. Which of the following is not ordinarily an objective of a quality assurance review? To
determine compliance with:

a. Applicable laws and regulations.

b. The Attribute Standards for the professional practice of internal auditing.

c. The Performance Standards for the professional practice of internal auditing.

d. The goals of the internal audit function.


82. According to the IIA Standards, the independence of internal auditors is achieved through:

a. Staffing and supervision.

b. Continuing education and due professional care.

c. Human relations and communications.

d. Organizational status and objectivity.

83. According to the IIA Standards, an internal auditor should possess proficiency in:

a. Management principles.

b. The fundamentals of such subjects as accounting, economics, and finance.

c. Computerized information systems.

d. Applying internal auditing standards, procedures, and techniques.

84. Which of the following audit committee activities would be of the greatest benefit to the
internal auditing department?

a. Review and approval of audit programs.

b. Assurance that the external auditor will rely on the work of the internal auditing department
whenever possible.

c. Review and endorsement of all internal audit reports prior to their release.

d. Support for appropriate follow-up of recommendations made by the internal auditing


department.

85. Which of the following relationships best depicts the appropriate dual reporting responsibility
of the internal auditor? Administratively to the:

a. Board of directors, functionally to the chief executive officer.

b. Controller, functionally to the chief financial officer.

c. Chief executive officer, functionally to the board of directors.

d. Chief executive officer, functionally to the external auditor.


86. According to the IIA Standards, the documentation required to plan an internal auditing project
should include evidence that the:

a. Expected findings were clearly identified.

b. Internal auditing department's resources are effectively and efficiently employed.

c. Planned audit work will be completed on a timely basis.

d. Resources needed to perform the audit have been considered.

87. The IIA Standards require an internal auditor to exercise due professional care in performing
internal audits. This includes:

a. Establishing direct communication between the director of internal auditing and the board
of directors.

b. Evaluating established operating standards and determining whether those standards are
acceptable and are being met.

c. Accumulating sufficient evidence so that the auditor can give absolute assurance that
irregularities do not exist.

d. Establishing suitable criteria of education and experience for filling internal audit positions.

88. The chief audit executive (CAE) for a large retail organization reports to the controller and is
responsible for designing and installing computer applications relating to inventory control. Which
of the following is the major limitation of this arrangement?

a. It prevents the audit organization from devoting full time to auditing.

b. Auditors generally do not have the required expertise to design and implement such
systems.

c. It potentially affects the CAE's independence and thereby lessens the value of audit
services.

d. Such arrangements are unlawful because the director participates in incompatible functions.

89. According to the IIA Standards, the internal auditing department's goals should specify:
a. Audit work schedules and activities to be audited.

b. Policies and procedures to guide the audit staff.

c. Measurement criteria and target dates for completion.

d. Staffing plans and financial budgets.

90. According to the IIA Standards, internal auditors should possess the knowledge, skills, and
disciplines essential to the performance of internal auditing. This means that all internal auditors
should be proficient in applying:

a. Internal auditing standards.

b. Quantitative methods.

c. Management principles.

d. Structured systems analysis.

91. Coordination of internal and external auditing can reduce the overall audit costs. According to
the IIA Standards, who is responsible for coordinating internal and external audit efforts?

a. Chief audit executive.

b. External auditor.

c. Audit committee of the board of directors.

d. Management.

92. You have been asked to be a member of a peer review team. In assessing the independence of
the internal audit department being reviewed, you should consider all of the following factors
except:

a. Access to and frequency of communications with the board of directors or its audit
committee.

b. The criteria of education and experience considered necessary when filling vacant positions
on the audit staff.

c. The degree to which auditors assume operating responsibilities.


d. The scope and depth of audit objectives for the audits included in the review.

93. The IIA Standards require that, in most cases, an internal auditing department have
documented policies and procedures to ensure the consistency and quality of audit work. The
exception to this requirement is directly related to:

a. Departmentalization.

b. Division of labor.

c. Span of control.

d. Authority.

94. The chief audit executive (CAE) routinely provides activity reports to the board as part of the
board meeting agenda each quarter. Senior management has asked to review the CAE's board
presentation before each board meeting so that any issues or questions can be discussed
beforehand. The CAE should:

a. Provide the activity reports to senior management as requested and discuss any issues,
which may require action to be taken.

b. Not provide activity reports to senior management because such matters are the sole-
province of the board.

c. Disclose only those matters in the activity reports to the board, which pertain to
expenditures and financial budgets of the internal auditing department.

d. Provide information to senior management that pertains only to completed audits and
findings available in published audit reports.

95. An auditor finds a situation where there is some suspicion, but no evidence, of potential
misstatement. The standard of due professional care would be violated if the auditor:

a. Identified potential ways in which an error could occur and ranked the items for audit
investigation.

b. Informed the audit manager of the suspicions and asked for advice on how to proceed.

c. Did not test for possible misstatement because the audit program had already been
approved by audit management.
d. Expanded the audit program, without the auditee's approval, to address the highest ranked
ways in which a misstatement may have occurred.

96. Which of the following combination of participants would be most appropriate to attend an
exit conference?

a. The responsible internal auditor and representatives from management who are
knowledgeable of detailed operations and those who can authorize implementation of corrective
action.

b. The chief audit executive and the executive in charge of the activity or function audited.

c. Staff auditors who conducted the fieldwork and operating personnel in charge of the daily
performance of the activity or function audited.

d. Staff auditors who conducted the fieldwork and the executive in charge of the activity or
function audited.

97. An internal audit director initiated an audit of the corporate code of ethics and the environment
for ethical decision making. Which of the following would most likely be considered
inappropriate regarding the scope and/or recommendations of the audit?

a. A review of the corporate code of ethics and a comparison to other corporate codes.

b. A survey of corporate employees, asking general questions regarding the ethical quality of
corporate decision making.

c. Administration of an anonymous "ethics test" to determine if employees know of unethical


behavior or have acted unethically themselves.

d. A survey of the Board of Directors to determine their level of support for a corporate code
of ethics.

98. Which of the following statements is true regarding coordination of internal and external audit
efforts?

a. The chief audit executive (CAE) should not give information about illegal acts to an
external auditor because external auditors may be required to report the matter to the Board and/or
regulatory agencies.
b. Ownership and the confidentiality of the external auditor's working papers prohibit their
review by internal auditors.

c. The CAE should determine that appropriate follow-up and corrective action was taken by
management where required on matters discussed in the external auditor's management letter.

d. If internal auditors provide assistance to the external auditors in connection with the annual
audit, the audit work is not subject to the International Standards for the Professional Practice of
Internal Auditing.

99. An auditor's objectivity could be compromised in all of the following situations except:

a. A conflict of interest.

b. Auditee familiarity with auditor due to lack of rotation in assignments.

c. Auditor assumption of operational duties on a temporary basis.

d. Reliance on outside expert opinion when appropriate.

100. The IIA Standards require that the chief audit executive establish and maintain a quality
assurance program to evaluate the operations of the internal audit department. All of the following
are considered elements of a quality assurance program except:

a. Annual appraisals of individual internal auditors' performance.

b. Internal reviews of audits completed.

c. Supervision of audit work.

d. External reviews to assess compliance with standards.

101. Auditing standards state that the internal auditor may communicate recommendations for im-
provements. Which of the following would be a valid justification for omitting recommendations
in an audit report? The auditor:

a. May not always understand the true cause of the finding being reported.

b. Does not have sufficient time to formulate a recommendation due to audit budget
pressures.

c. Can avoid the confrontation by letting management solve its own problems.
d. May lose independence by being perceived as making operational decisions.

102. When evaluating the independence of an internal audit department, a quality review team
considers several factors. Which of the following factors has the least amount of influence when
judging an internal audit department's independence?

a. Criteria used in making auditors assignments.

b. The extent of auditor training in communications skills.

c. Relationship between audit working papers and audit report.

d. Impartial and unbiased audit judgments.

103. As used in the IIA Standards when discussing audit planning or risk assessment, the term risk
is best defined as the probability that:

a. An internal auditor will fail to detect a material error or event that causes financial
statement or internal reports to be misstated or misleading.

b. An event or action may adversely affect the organization.

c. Management will either knowing or unknowingly, makes decisions that increase the
potential liability of the organization.

d. Financial statements and/or internal records will contain material error.

104. Which of the following statements is not true regarding risk assessment as the term is used in
internal auditing?

a. Risk assessment is a judgmental process of assigning dollar values to the perceived level of
risk found in an auditable activity. These values allow directors to select the auditees most likely to
result in identifiable audit savings.

b. The chief audit executive (CAE) should incorporate information from a variety of sources
into the risk assessment process, including discussions with the board, management, external
auditors, and review of regulations, and analysis of financial/operating data.

c. Risk assessment is a systematic process of assessing and integrating professional judgments


about probable adverse conditions and/or events, providing a means of organizing an internal audit
schedule.
d. As a result of an audit or preliminary survey, the CAE may revise the level of assessed risk
of an auditee at any time, making appropriate adjustments to the work schedule.

105. A chief audit executive has to determine how an organization can be divided into auditable
activities. Which of the following is an auditable activity?

a. A procedure.

b. A system.

c. An account.

d. All of the above.

106. When determining the number and experience level of the internal audit staff to be assigned to
an audit, the chief audit executive should consider all of the following except the:

a. Complexity of the audit assignment.

b. Available audit resources.

c. Training needs of internal auditors.

d. Lapsed time since the last audit.

107. The IIA Standards require an auditor to have the knowledge, skills, and disciplines essential
to perform an internal audit. Which of the following correctly describes the level of knowledge or
skill required by the Standards? Auditors must have:

a. Proficiency in applying knowledge of auditing standards and procedures to specific


situations without extensive recourse to technical research and assistance.

b. Proficiency in applying knowledge of accounting and computerized information systems to


specific or potential problems.

c. An understanding of broad techniques used in supporting and developing audit findings


and the ability to research the proper audit procedures to be used in any audit situation.

d. A broad appreciation for accounting principles and techniques when auditing the financial
records and reports of the organization.
108. An audit manager responsible for the supervision and review of other auditors needs the
necessary skills and knowledge. Which of the following does not describe a skill or knowledge
necessary to supervise a particular audit assignment?

a. The ability to review and analyze an audit program to determine if the proposed audit
procedures will result in evidence relevant to the audit's objectives.

b. Assuring that an audit report is supported and accurate relative to the evidence documented
in the working papers of the audit.

c. Use risk assessment and other judgmental processes to develop an audit plan and schedule
for the department and present the plan to the audit committee.

d. Determine that staff auditors have completed the audit procedures and that audit objectives
have been met.

109. You have been asked to be a member of a peer review team. In assessing the independence of
the internal audit department being reviewed, you should consider all of the following factors
except:

a. Access to and frequency of communications with the board of directors or its audit
committee.

b. The criteria of education and experience considered necessary when filling vacant positions
on the audit staff.

c. The degree to which auditors assume operating responsibilities.

d. The scope and depth of audit objectives for the audits included in the review.

110. A written charter, approved by the board of directors, which outlines the internal audit
department's purpose, authority, and responsibility is primarily meant to enhance the department's:

a. Due professional care.

b. Stature within the organization.

c. Relationship with management.

d. Independence.
111. In the past, the internal auditing department of XYZ Company designed and installed
computerized systems for the company. A newly appointed member of the audit committee has
questioned the auditing department's independence due to its performance of that activity. Which
of the following actions would best satisfy the committee's concern regarding independence?

a. The internal audit department should continue to design and install other computer systems
as long as the internal audit staff possesses the expertise to do so.

b. The internal audit department should refrain from designing and installing any computer
systems for their organization in the future.

c. The internal audit department should not assign those internal auditors who designed and
installed the payroll system to audit the payroll area.

d. The internal audit department should refrain from operating and drafting procedures for
any of its organization's systems.

112. A professional engineer applied for a position in the internal auditing department of a high-
technology firm. The engineer became interested in the position after observing several internal
auditors while they were auditing the engineering department. The chief audit executive:

a. Should not hire the engineer because of the lack of knowledge of internal auditing
standards.

b. May hire the engineer in spite of the lack of knowledge of internal auditing standards.

c. Should not hire the engineer because of the lack of knowledge of accounting and taxes.

d. May hire the engineer because of the knowledge of internal auditing gained in the previous
position.

113. Specific airline ticket information, including fare class, purchase date, and lowest available
fare options, as prescribed in the company's travel policy, is obtained and reported to department
management when employees purchase airline tickets from the company's authorized travel
agency. Such a report provides information for:

a. Quality of performance in relation to the company's travel policy.

b. Identifying costs necessary to process employee business expense report data.

c. Departmental budget-to-actual comparisons.


d. Supporting employer's business expense deductions.

114. Audit policy requires that final reports will not be issued without a management response. An
audit with significant findings is complete except for management's response. Evaluate the
following courses of action and select the best alternative.

a. Issue an interim report regarding the important issues noted.

b. Modify audit policy to allow a specific time period for the management response.

c. Wait for management response and issue audit report.

d. Discuss situation with the external auditors.

115. Audit findings often emerge by a process of comparing “what should be” with “what is.”
Findings are based on the attributes of criteria, condition, cause and effect. From the following
descriptions, which one most appropriately describes the effect of the audit finding?

a. Reason for the difference between the expected and actual conditions.

b. Factual evidence found during the course of the examination.

c. Risk or exposure encountered because of the condition.

d. Standards, measures, or expectations used in making the evaluation.

116. Management asserted that the performance standards the auditors used to evaluate operating
performance were inappropriate. Written performance standards which had been established by
management were vague and had to be interpreted by the auditor. In such cases auditors may meet
their due professional care responsibility by:

a. Assuring them that their interpretations are reasonable.

b. Assuring themselves that their interpretations are in line with industry practices.

c. Establishing agreement with auditees as to the standards needed to measure performance.

d. Incorporating management's objections in the audit report.


117. The IIA Standards require the director of internal auditing to establish and maintain a quality
assurance program to evaluate the operations of the internal audit department. Which of the
following relates most directly to the objective of maintaining high quality in all audits?

a. Required supervisory review of all audit programs, working papers, and draft audit reports.

b. Required coordination with external auditors.

c. Required compliance with the Code of Ethics of the Institute of Internal Auditors.

d. Required educational standards for all members of the professional audit staff.

118. An audit supervisor would challenge whether audit evidence is sufficient to support the
conclusion that journal entries are properly prepared and approved if the working papers included:

a. A note stating the controller's assurance those journal-entries are always looked at by the
accounting supervisor before entry into the computer system.

b. A copy of a hand-written schedule of standard and appended nonstandard journal entries


for the most recent month showing the initials of the preparer for each entry and the summary
approval of the controller at the top.

c. A copy of a computer-generated list of automated and nonstandard journal entries initialed


by the controller showing the auditor's references to system reports and monthly reconciliations.

d. A cross-reference to another section of the working papers containing sufficient evidence


for this conclusion.

119. The internal auditing department has concluded a fraud investigation, which revealed a
previously undiscovered materially adverse impact on the financial position and results of
operations for two years on which financial statements have already been issued. The chief audit
executive should immediately inform:

a. The external audit firm responsible for the financial statements affected by the discovery.

b. The appropriate governmental or regulatory agency.

c. Appropriate management and the audit committee of the board of directors.

d. The internal accounting function ultimately responsible for making corrective journal
entries.
120. According to the IIA Standards, internal auditing has a responsibility for helping to deter
fraud. Which of the following best describes how this responsibility is generally met?

a. By coordinating with security personnel and law enforcement agencies in the investigation
of possible frauds.

b. By testing for fraud in every audit and following up as appropriate.

c. By assisting in the design of control systems to prevent fraud.

d. By evaluating the adequacy and effectiveness of controls in light of the potential exposure
or risk.

121. An internal auditor observes that a receivables clerk has physical access to and control of cash
receipts. The auditor worked with the clerk several years before and has a high level of trust in the
individual. Accordingly, the auditor notes in the working papers that controls over receipts are
adequate. Is the auditor in compliance with the Standards?

a. Yes, reasonable care has been taken.

b. No, irregularities were not noted.

c. No, alertness to conditions where irregularities are most likely was not shown.

d. Yes, the working papers were annotated.

122. Which of the following most seriously compromises the independence of the internal auditing
department?

a. Internal auditors frequently draft revised procedures for departments whose procedures
they have criticized in an audit report.

b. The chief audit executive has dual reporting responsibility to the firm's top executive and
the board of directors.

c. The internal auditing department and the firm's external auditors engage in joint planning
of total audit coverage to avoid duplicating each other's work.

d. The internal auditing department is included in the review cycle of the firm's contracts with
other firms before the contracts are executed.
123. An internal auditor has uncovered illegal acts, which were committed by a member of senior
management. According to the IIA Standards, such information:

a. Should be excluded from the internal auditor's report and discussed orally with the senior
manager.

b. Must be immediately reported to the appropriate government authorities.

c. May be disclosed in a separate report and distributed to all senior management.

d. May be disclosed in a separate report and distributed to the company's audit committee of
the board of directors.

124. The internal auditing department for a chain of retail stores recently concluded an audit of
sales adjustments in all stores in the southeast region. The audit revealed that several stores are
costing the company an estimated $85,000 per quarter in duplicate credits to customers' charge
accounts.

The audit report, published eight weeks after the audit was concluded, included the internal
auditors' recommendations to store management that should prevent duplicate credits to customers'
accounts.

Which of the following standards for reporting has been disregarded in the above case?

a. The follow-up actions were not adequate.

b. The auditors should have implemented appropriate corrective action as soon as the
duplicate credits were discovered.

c. Auditor recommendations should not be included in the report.

d. The report was not timely.

125. During an audit of the organization's accounts payable function, an internal auditor plans to
confirm balances with suppliers. What is the source of authority for such contacts with units
outside the organization?

a. Internal auditing department policies and procedures.

b. The IIA Standards.

c. The IIA Practice Guides.


d. The internal auditing department's charter.

126. The chief audit executive is responsible for establishing a program to develop the human
resources of the internal auditing department. According to the IIA Standards, this program should
include:

a. Continuing education opportunities and performance appraisals.

b. Counseling and an established career path.

c. An established training plan and a charter.

d. Job descriptions and competitive salary increases.

127. The IIA Standards require the performance of periodic internal reviews by members of the
internal auditing staff. This function is designed to primarily serve the needs of:

a. The audit committee.

b. The chief audit executive.

c. Management.

d. The internal auditing staff.

128. According to the IIA Standards, which of the following is the correct listing of information
which must be included in a fraud report?

a. Purpose, Scope, Results and, where appropriate, an expression of the auditor's opinion.

b. Criteria, Condition, Cause and Effect.

c. Background, Findings and Recommendations.

d. Findings, Conclusions, Recommendations and Corrective Action.

129. An internal auditor reported a suspected fraud to the chief audit executive (CAE). The CAE
turned the entire case over to the Security Department. Security failed to investigate or report the
case to management. The perpetrator continued to defraud the organization until being accidentally
discovered by a line manager two years later. Select the most appropriate action for the CAE:
a. The CAE's actions were correct.

b. The CAE should have periodically checked the status of the case with Security.

c. The CAE should have conducted the investigation.

d. The CAE should have discharged the perpetrator.

130. An internal auditor has just completed an audit of a division and is in the process of preparing
the audit report. According to the IIA Standards, the observations in the audit report should
include:

a. Statements of opinion about the cause of an observation.

b. Pertinent factual statements concerning the control weaknesses which were uncovered
during the course of the audit.

c. Statements of both fact and opinion developed during the course of the audit.

d. Statements which may deal with potential future events that may be helpful to the audited
division.

131. According to the IIA Standards, supervision of an audit assignment should include:

a. Determining that audit working papers adequately support the audit observations.

b. Assigning staff members to the particular engagement.

c. Determining the scope of the audit.

d. Appraising each auditor's performance on at least an annual basis.

132. Which of the following reporting structures would best depict the internal audit organizational
guidelines contained in the IIA Standards?

a. Administratively to the board of directors, functionally to the chief executive officer.

b. Administratively to the controller, functionally to the chief financial officer.

c. Administratively to the chief executive officer, functionally to the board of directors.

d. Administratively to the chief executive officer, functionally to the external auditor.


133. As the chief audit executive for your organization, you have developed a plan which includes
a detailed schedule of areas to be audited during the coming year, an estimate of the time required
for each audit, and the approximate starting date of each audit. The scheduling of specific audits
was based upon the time elapsed since the last audit in each area. The plan is inadequate because it
fails to:

a. Cite authoritative support, such as the IIA Standards, for such a plan.

b. Consider factors such as risk, exposure, and potential loss to the organization.

c. State whether all audit resources had been committed to the plan.

d. Seek management approval of the plan.

134. The Audit Committee can serve several important purposes, some of which directly benefit
internal auditing. The most significant benefit provided by the Audit Committee to the internal
auditor is:

a. Protecting the independence of the internal auditor free from interference.

b. Reviewing annual audit plans and monitoring audit results.

c. Approving audit plans, scheduling, staffing, and meeting with the internal auditor as
needed.

d. Reviewing copies of the internal control procedures for selected company operations and
meeting with company officials to discuss them.

135. The IIA Standards indicate that independence permits internal auditors to render the impartial
and unbiased judgments essential to the proper conduct of audits. Which of the following would
best promote independence?

a. A policy that requires internal auditors to report to the chief audit executive any situation in
which a conflict of interest or bias on the part of the individual auditor is present or may reasonably
be inferred.

b. An internal audit department policy that prevents it from recommending standards of


controls for systems that it audits.
c. An organizational policy that allows internal audits of sensitive operations to be "contracted
out" to other audit providers.

d. An organizational policy that prevents personnel transfers from operating activities to the
internal audit department.

136. The IIA Standards require written policies and procedures to guide the audit staff. Which of
the following statements is false with respect to this requirement?

a. The form and content of written policies and procedures should be appropriate to the size
of the department.

b. All internal audit departments should have a detailed policies and procedures manual.

c. Formal administrative and technical audit manuals may not be needed by all internal
auditing departments.

d. A small internal auditing department may be managed informally through close supervision
and written memos.

137. According to the IIA Standards, the chief audit executive should establish goals that have two
basic qualities. Select the correct traits of Internal Auditing goals:

a. Measurable and attainable.

b. Budgeted and approved.

c. Planned and attainable.

d. Requested and approved.

138. Internal audit reports should contain the purpose, scope, and results. The audit results should
contain the criteria, condition, effect, and cause of the finding. The cause can best be described as:

a. Factual evidence which the internal auditor found.

b. Reason for the difference between the expected and actual conditions.

c. The risk or exposure because of the condition found.

d. Resultant evaluations of the effects of the findings.


139. According to the IIA Standards, internal auditing reports should be distributed to those
members of the organization who are able to ensure that audit results are given due consideration.
For higher-level members of the organization that requirement can usually be satisfied with:

a. Interim reports.

b. Summary reports.

c. Oral reports.

d. Final written reports only.

140. If an internal auditor finds that no corrective action has been taken on a prior audit finding
which is still valid, the IIA Standards states that the internal auditor should:

a. Restate the prior finding along with the findings of the current audit.

b. Determine whether management or the board has assumed the risk of not taking corrective
action.

c. Seek the board's approval to initiate corrective action.

d. Schedule a future audit of the specific area involved.

141. Internal auditing is responsible for reporting fraud to senior management or the board when:

a. The incidence of fraud of a material amount has been established to a reasonable certainty.

b. Suspicious activities have been reported to internal auditing.

c. Irregular transactions have been identified and are under investigation.

d. The review of all suspected fraud-related transactions is complete.

142. According to the IIA Standards, the role of internal auditing in the investigation of fraud
includes all of the following, except:

a. Assessing the probable level and extent of complicity in the fraud within the organization.
b. Designing the procedures to follow in attempting to identify the perpetrators, extent of the
fraud, techniques used, and cause of the fraud.

c. Coordinating activities with management personnel, legal counsel, and other appropriate
specialists throughout the investigation.

d. Interrogating suspected perpetrators of the fraud.

143. After completing an investigation, internal auditing has concluded that an employee has stolen
a material amount of cash receipts. A draft of the proposed report on this finding should be
reviewed by:

a. Legal counsel.

b. The audit committee of the board of directors.

c. The president of the organization.

d. The external auditor.

144. The IIA Standards specify that final audit reports should be reviewed and approved by the:

a. Auditee or the person to whom the auditee reports.

b. Auditor-in-charge.

c. Chief audit executive or designee.

d. Chief financial officer.

145. According to the IIA Standards, internal auditors should review the means of physically
safeguarding assets from losses arising from:

a. Misapplication of accounting principles.

b. Procedures which are not cost justified.

c. Exposure to the elements.

d. Underutilization of physical facilities.


146. The IIA Standards state that the chief audit executive should have direct communication with
the board. Such communication is often accomplished through the board's audit committee. Which
of the following best describes why the charter for internal auditing should provide for direct
access to the audit committee?

a. Such access is required by law for publicly traded companies.

b. Direct access to the audit committee tends to enhance internal auditing's independence and
objectivity.

c. With direct access, the director of internal auditing is in a better position to affect policy
decisions.

d. The audit committee must authorize implementation of audit recommendations that involve
financial reporting.

147. According to the IIA Standards, a report issued by an internal auditor should contain an
expression of opinion when:

a. The area of the audit is the financial statements.

b. The internal auditors' work is to be used by external auditors.

c. A full-scope audit has been conducted in an area.

d. An opinion will improve communications with the reader of the report.

Use the following information to answer questions 148 and 149.

As an internal auditor for a multinational chemical company, you have been assigned to perform an
operational audit at a local plant. This plant is similar in age, sizing, and construction to two other
company plants that have been recently cited for discharge of hazardous wastes. In addition, you
are aware that chemicals manufactured at the plant release toxic by-products.

148. Assume that you have evidence that the plant is discharging hazardous wastes. As a Certified
Internal Auditor, what are the appropriate reporting requirements in this situation?

a. Send a copy of your audit report to the appropriate regulatory agency.

b. Ignore the issue; the regulatory inspectors are better qualified to assess the danger.

c. Issue an interim report to the appropriate levels of management.


d. Note the issue in your working papers, but do not report it.

149. Identify your responsibility for detection of a hazardous waste discharge problem.

a. You have no responsibility; it is the concern of the appropriate governmental agency.

b. You are responsible for ensuring compliance with company policies and procedures.

c. Operational audits do not require a determination of compliance with laws and regulations.

d. You are required by the Standards to determine compliance with laws and regulations.

150. The IIA Standards define competent information as:

a. Supporting the audit observations and being consistent with the audit objectives.

b. Assisting the organization in meeting prescribed goals.

c. Factual, adequate, and convincing so that a prudent person would reach the same
conclusion as auditor.

d. Reliable and the best available through the use of appropriate audit techniques.

151. Adequate internal controls are most likely to be present if:

a. Management has planned and organized in a manner, which provides reasonable assurance,
that the organization's objectives will be achieved efficiently and effectively.

b. Management has exercised due professional care in the design of operating and functional
systems.

c. Operating and functional systems are designed, installed, and implemented in compliance
with law.

d. Management has designed, installed and implemented efficient operating and functional
systems.

152. A company's management accountants prepared a set of reports for top management. These
reports detail the funds expended and the expenses incurred by each department for the current
reporting period. The function of internal auditing would be to:
a. Ensure against any and all noncompliance of reporting procedures.

b. Review the expenditure items and match each item with the expenses incurred.

c. Determine if there are any employees expending funds without authorization.

d. Identify inadequate controls that increase the likelihood of unauthorized expenditures.

153. Independence permits internal auditors to render impartial and unbiased judgments. The best
way to achieve independence is through:

a. Individual knowledge and skills.

b. Organizational status and objectivity.

c. Supervision within the organization.

d. Organizational knowledge and skills.

154. When faced with an imposed scope limitation, the chief audit executive should:

a. Refuse to perform the audit until the scope limitation is removed.

b. Communicate the potential effects of the scope limitation to the audit committee of the
board of directors.

c. Increase the frequency of auditing the activity in question.

d. Assign more experienced personnel to the engagement.

155. Which of the following is not a requirement of a long-range plan for the internal auditing
department?

a. To be consistent with the department's charter.

b. To be capable of being accomplished.

c. To include a list of auditable activities.

d. To include the basics of the audit program.


156. To avoid being the apparent cause of conflict between an organization's top management and
the audit committee, the chief audit executive should:

a. Submit copies of all audit reports to both top management and the audit committee.

b. Strengthen the independence of the department through organizational status.

c. Discuss all reports to top management with the audit committee first.

d. Request board acceptance of charter, which include internal auditing relationships with the
audit committee.

157. According to the IIA Standards, internal auditors should possess all of the following except:

a. Proficiency in applying internal audit standards.

b. An understanding of management principles.

c. The ability to exercise good interpersonal relations.

d. The ability to conduct training sessions in quantitative methods.

158. Which of the following aspects of evaluating the performance of staff members would be
considered as a violation of good personnel management techniques?

a. The evaluator should justify very high and very low evaluations because of their impact on
the employee.

b. Evaluations should be made annually or more frequently to provide the employee feedback
about competence.

c. The first evaluation should be made shortly after commencing work to serve as an early
guide to the new employee.

d. Because there are so many employees whose performance is completely satisfactory, it is


preferable to use standard evaluation comments.

159. According to the IIA Standards concerning due professional care, an internal auditor should:

a. Consider the relative materiality or significance of matters to which audit procedures are
applied.
b. Emphasize the potential benefits of an audit without regard to the cost.

c. Consider whether established operating standards are being met and not whether those
standards are acceptable.

d. Select procedures that are likely to provide absolute assurance those irregularities do not
exist.

160. Which of the items below would most likely reflect differences between the policies of a
relatively small and relatively large internal auditing operation? The policies for the large
operation should:

a. Spell out scope and status of internal auditing.

b. Contain the authority to carry out audits.

c. Be specific as to activities to be followed.

d. Be in considerable detail.

161. An audit committee of the Board of Directors of a corporation is being established. Which of
the following would normally be a responsibility of the committee?

a. Approval of the appointment and removal of the chief audit executive.

b. Development of the annual internal audit schedule.

c. Approval of internal audit programs.

d. Determination of findings appropriate for specific internal audit reports.

162. While performing a construction audit, the auditor suspects that the structural steel used does
not conform to contract specifications. The internal auditing department does not have an engineer
on the staff. According to the IIA Standards, the appropriate course of action is to:

a. Assign a dollar value to the difference and prepare a deficiency finding.

b. Ask a company or consulting engineer to determine whether the steel conforms to the
contract specifications.

c. Ask the construction superintendent to explain why there is a difference.


d. Require suspension of contract payments until the difference is resolved.

163. The charter of the internal auditing department should:

a. Authorize access to records, personnel, and physical properties relevant to the performance
of audits.

b. Provide recommended formats to report significant audit findings and recommendations.

c. Describe audit programs to be carried out.

d. Define the audit department's work schedule, staffing plan, and financial budget.

164. According to the IIA Standards, activity reports submitted periodically to management and to
the board should:

a. Summarize planned audit activities.

b. Compare performance with audit work schedules.

c. Provide detail on financial budgets.

d. Detail projected staffing needs.

165. An internal auditing director is establishing the evaluation criteria for the selection of new
internal audit staff members. According to the IIA Standards, which of the following would be an
inappropriate item to list?

a. An appreciation of the fundamentals of accounting.

b. An understanding of management principles.

c. The ability to recognize deviations from good business practice.

d. Proficiency in computerized operations and the use of computers in auditing.

166. The person responsible for audit report distribution should be:

a. The chief audit executive or designee.

b. The audit committee of the Board of Directors.


c. The vice president responsible for the area being audited.

d. The audit supervisor of the audit being performed.

167. The IIA Standards require that the internal auditing department provide assurance that internal
audits are properly supervised in order to:

a. Produce professional audits of consistently high quality.

b. Assure high productivity of audit reporting.

c. Provide for the efficient training of the audit staff.

d. Determine that the audit program is followed without deviation.

168. An exit conference helps ensure that:

a. The objectives of the audit and the scope of the audit work are known by the auditee.

b. The auditee understands the audit program.

c. There have been no misunderstandings or misinterpretations of fact.

d. The list of persons who are to receive the final report are identified.

169. You transferred from the treasury department to the internal auditing department of the same
company last month. The Chief Financial Officer of the company has suggested that since you
have significant knowledge in this area, it would be a good idea for you to immediately begin an
audit of the treasury department. In this circumstance you should:

a. Accept the audit engagement and begin work immediately.

b. Discuss the need for such an audit with your former superior, the Treasurer.

c. Suggest that the audit be performed by another member of the internal auditing staff.

d. Offer to prepare an audit program but suggest that interviews with your former co-workers
be conducted by other members of the internal auditing staff.
170. Which of the following is the most appropriate method of reporting disagreement between the
auditor and the auditee concerning audit findings and recommendations?

a. State the auditor's position because the report is designed to provide the auditor's
independent view.

b. State the auditee's position because management is ultimately responsible for the activities
reported.

c. State both positions and identify the reasons for the disagreement.

d. State neither position. If the disagreement is ultimately resolved, there will be no reason to
report the previous disagreement. If the disagreement is never resolved, the disagreement should
not be reported, because there is no mechanism to resolve it.

171. Which of the following does not describe one of the primary functions of audit working
papers?

a. Facilitates third-party reviews.

b. Aids in the planning, performance and review of engagement.

c. Provides the principal support for the engagement results.

d. Aids in the professional development of the audit staff.

172. Which of the following statements most correctly reflects the chief audit executive’s (CAE’s)
responsibilities for personnel management and development as reflected in the IIA Standards?

a. The CAE is responsible for selecting qualified individuals but has no explicit responsibility
for providing ongoing educational opportunities for the internal auditor.

b. The CAE is responsible for performing an annual review of each internal auditor's
performance but has no explicit responsibility for counseling internal auditors on their performance
and professional development.

c. The CAE is responsible for selecting qualified individuals but has no explicit responsibility
for the preparation of job descriptions.

d. The CAE is responsible for developing formal job descriptions for the audit staff but has no
explicit responsibility for administering the corporate compensation program.
173. During the year-end physical inventory process, the auditor observed over $1.2 million worth
of items staged in the shipping area and marked "Sold - Do Not Inventory." The customer had
been on credit hold for three months because of bankruptcy proceedings, but the sales manager had
ordered the shipping supervisor to treat the inventory as sold for physical inventory purposes. The
auditor noted the terms of sale were "FOB Warehouse." After confirming no change in corporate
policy, the auditor should:

a. Recommend that the inventory staged in the shipping area be counted and included along
with the rest of the physical inventory results.

b. Make test counts and trace the results to appropriate records to ensure that the cost is
properly relieved from inventory.

c. Follow up with appropriate procedures to ensure that the inventory staged in the shipping
area appears on related invoicing documentation.

d. Request copies of the signed bills of lading to include with working papers for this physical
inventory.

174. According to the IIA Standards, the organizational status of the internal auditing department:

a. Should be sufficient to permit the accomplishment of its audit responsibilities.

b. Is best when the reporting relationship is direct to the board of directors.

c. Requires the board's annual approval of the audit schedules, plans and budgets.

d. Is guaranteed when the charter specifically defines its independence.

175. Which of the following best defines an audit opinion?

a. A summary of the significant audit findings.

b. The auditor's professional judgment of the situation which was reviewed.

c. Conclusions which must be included in the audit report.

d. Recommendations for corrective action.

176. “Due professional care implies reasonable care and competence, not infallibility or
extraordinary performance.” This statement makes which of the following unnecessary:
a. The conduct of examinations and verifications to a reasonable extent.

b. The conduct of extensive examinations.

c. The reasonable assurance that compliance does exist.

d. The consideration of the possibility of material irregularities.

177. Management asserted that the performance standards the auditors used to evaluate operating
performance were inappropriate. Written performance standards which had been established by
management were vague and had to be interpreted by the auditor. In such cases auditors may meet
their due professional care responsibility by:

a. Assuring them that their interpretations are reasonable.

b. Assuring themselves that their interpretations are in line with industry practices.

c. Establishing agreement with auditees as to the standards needed to measure performance.

d. Incorporating management's objections in the audit report.

178. Which of the following is not a true statement about the relationship between internal auditors
and external auditors?

a. External auditors must assess the competence and objectivity of internal auditors.

b. There may be periodic meetings between internal and external auditors to discuss matters
of mutual interest.

c. There may be an exchange of audit reports and management letters.

d. Internal auditors may provide audit programs and working papers to external auditors.

179. In recent years which of the following two factors have changed the relationship between
internal auditors and external auditors so that internal auditors are partners rather than
subordinates?

a. The increasing liability of external auditors and the increasing professionalism of internal
auditors.

b. The increasing professionalism of internal auditors and the evolving economics of external
auditing.
c. The increased reliance on computerized accounting systems and the evolving economics of
external auditing.

d. The globalization of audit entities and the increased reliance on computerized accounting
systems.

Use the following information to answer questions 180 and 181.

After using the same public accounting firm for several years, the board of directors retained
another public accounting firm to perform the annual financial audit in order to reduce the annual
audit fee. The new firm has now proposed a one-time audit of the cost-effectiveness of the various
operations of the business. The chief audit executive has been asked to advise management in
making a decision on the proposal.

180. An argument can be made that the internal auditing department would be better able to
perform such an audit because:

a. External auditors may not possess the same depth of understanding of the company as the
internal auditors.

b. Internal auditors are required to be objective in performing audits.

c. Audit techniques used by internal auditors are different from those used by external
auditors.

d. Internal auditors will not be vitally concerned with fraud and waste.

181. Additional criteria that should be considered by management in evaluating the proposal would
include all the following except:

a. Existing expertise of internal auditing staff.

b. Overall cost of the proposed audit.

c. The need to develop in-house expertise.

d. The external auditor's required adherence to the single audit concept.

182. To improve audit efficiency, internal auditors can rely upon the work of external auditors if it
is:
a. Performed after the internal audit.

b. Primarily concerned with operational objectives and activities.

c. Coordinated with the internal audit.

d. Conducted in accordance with the IIA’s Code of Ethics.

Use the following information to answer questions 183 and 184.

You are the chief audit executive of a parent company that has foreign subsidiaries. Independent
external audits performed for the parent company are not conducted by the same firm that conducts
the foreign subsidiary audits. Since your department occasionally provides direct assistance to both
external firms, you have copies of audit programs and selected working papers produced by each
firm.

183. The foreign subsidiary's audit firm would like to rely on some of the work performed by the
parent company's audit firm, but they need to review the working papers first. They have asked
you for copies of the parent Company's audit firm working papers. Select the most appropriate
response to the foreign subsidiary's auditors:

a. Provide copies of the working papers without notifying the parent company's audit firm.

b. Notify the parent company's audit firm of the situation and request that either they provide
the working papers or authorize you to do so.

c. Provide copies of the working papers and notify the parent company's audit firm that you
have done so.

d. Refuse to provide the working papers under any circumstances.

184. The foreign subsidiary's audit firm wants to rely on an audit of a function at the parent
company. The audit was conducted by the internal auditing department. To place reliance on the
work performed, the foreign subsidiary's auditors have requested copies of the working papers.
Select the most appropriate response to the foreign subsidiary's auditors:

a. Provide copies of the working papers.

b. Ask the parent company's audit firm if it is appropriate to release the working papers.

c. Ask the Audit Committee for permission to release the working papers.

d. Refuse to provide the working papers under any circumstances.


185. The chief audit executive plans to meet with the independent outside auditor to discuss joint
efforts regarding an upcoming audit of the company's pension plan. The independent outside
auditor has performed all audit work in this area in the past. The CAE's objective is to:

a. Determine if audit work in this area could not be performed exclusively by internal
auditing.

b. Coordinate the pension audit so as to fulfill the scope of work and not duplicate work of the
independent outside auditor.

c. Ascertain which account balances have been tested by the independent outside auditor so
that internal auditing may test the internal controls to determine the reliability of these balances.

d. Determine whether the independent outside auditor's audit techniques, methods and
terminology should be used by internal auditing in this area to conform with past audit work or to
use techniques consistent with other internal auditors.

The IIA's Code of Ethics

186. A certified internal auditor (CIA) is working in a non-internal audit position as the director of
purchasing. The CIA signs a contract to procure a large order from the supplier with the best price,
quality, and performance. Shortly after signing the contract, the supplier presents the CIA with a
gift of significant monetary value. Which of the following statements regarding the acceptance of
the gift is correct?

a. Acceptance of the gift would be prohibited only if it were noncustomary.

b. Acceptance of the gift would violate the IIA Code of Ethics and would be prohibited for a
CIA.

c. Since the CIA is no longer acting as an internal auditor, acceptance of the gift would be
governed only by the organization’s code of conduct.

d. Since the contract was signed before the gift was offered, acceptance of the gift would not
violate either the IIA Code of Ethics or the organization’s code of conduct.

187. An auditor, nearly finished with an audit, discovers that the director of marketing has a
gambling habit. The gambling issue is not directly related to the existing audit and there is pressure
to complete the current audit. The auditor notes the problem and passes the information on to the
chief audit executive but does no further follow-up. The auditor’s actions would:

a. Be in violation of the IIA Code of Ethics for withholding meaningful information.

b. Be in violation of the Standards because the auditor did not properly follow-up on a red
flag that might indicate the existence of fraud.

c. Not be in violation of either the IIA Code of Ethics or Standards.

d. Both a and b.

188. As used by the internal auditing profession, the IIA Standards refer to all of the following
except:

a. Criteria by which the operations of an internal audit department are evaluated and
measured.

b. Criteria which dictate the minimum level of ethical actions to be taken by internal auditors.

c. Statements intended to represent the practice of internal auditing, as it should be.

d. Criteria that is applicable to all types of internal audit departments.

189. Which of the following situations would be a violation of the IIA Code of Ethics?

a. An auditor was subpoenaed in a court case in which a merger partner claimed to have been
defrauded by the auditor’s company. The auditor divulged confidential audit information to the
court.

b. An auditor for a manufacturer of office products recently completed an audit of the


corporate marketing function. Based on this experience, the auditor spent several hours one
Saturday working as a paid consultant to a hospital in the local area, which intended to conduct an
audit of its marketing function.

c. An auditor gave a speech at a local IIA chapter meeting outlining the contents of a program
the auditor had developed for auditing electronic data interchange (EDI) connections. Several
auditors from major competitors were in the audience.

d. During an audit, an auditor learned that the company was about to introduce a new product
that would revolutionize the industry. Because of the probable success of the new product, the
product manager suggested that the auditor buy additional stock in the company, which the auditor
did.

190. In applying the standards of conduct set forth in the Code of Ethics, internal auditors are
expected to:

a. Exercise their individual judgment.

b. Compare them to standards in other professions.

c. Be guided by the desires of the auditee.

d. Use discretion in deciding whether to use them or not.

191. During an audit of a manufacturing division of a defense contractor, the auditor came across a
scheme which looked like the company was inappropriately adding costs to a cost-plus govern-
mental contract. The auditor discussed the manner with senior management, which suggested that
the auditor seek an opinion from legal counsel. The auditor did so and, upon review of the
government contract, legal counsel indicated that the practice was questionable, but did offer the
opinion that the practice was not technically in violation of the government contract. Based on
legal counsel's decision, the auditor decided to omit any discussion of the practice in the formal
audit report that went to management and the audit committee, but did informally communicate
legal counsel's decision to management. Did the auditor violate The IIA's Code of Ethics?

a. No. The auditor followed up the matter with appropriate personnel within the organization
and reached a conclusion that no fraud was involved.

b. No. If a fraud is suspected, it should be resolved at the divisional level where it is taking
place.

c. Yes. It is a violation because all-important information, even if resolved, should be reported


to the audit committee.

d. Yes. Internal legal counsel's opinion is not sufficient. The auditor should have sought
advice from outside legal counsel.

192. An internal auditor, recently terminated from a company due to downsizing, has found a job
with another company in the same industry. Which of the following disclosures made by the
internal auditor to the new organization would constitute a violation of The IIA's Code of Ethics?
a. The auditor used the audit risk approach that was used by the auditor's former employer in
determining audit priorities in the new job.

b. The new audit department does not utilize probability proportional to size (PPS) sampling
and the auditor believes PPS sampling has advantages for many of the types of audits conducted by
the new employer. The auditor conducts training sessions and develops forms to implement
sampling in the same manner as the previous employer.

c. While at the previous firm, the auditor conducted a great deal of research to identify "best
practices" for the management of the treasury function as part of an audit for that firm. Since most
of the research was done at home and during non-office hours, the auditor retained much of the
research and plans to use it in conducting an audit of the treasury function at the new employer.

d. None of the above represents a violation of the Code of Ethics.

193. Which of the following could be an organization factor that might adversely affect the ethical
behavior of the chief audit executive (CAE)?

a. The CAE reports directly to an independent audit committee of the board of directors.

b. The CAE is not assigned any operational responsibilities.

c. The CAE may not be appointed or approved without concurrence of the board of directors.

d. The CAE’s annual bonuses are based on dollar recoveries or recommended future savings
as a result of audits.

194. The Code of Ethics of a professional organization sets forth:

a. Broad standards of conduct for the members of the organization.

b. The organizational details of the profession's governing body.

c. A list of illegal activities which are proscribed to the members of the profession.

d. The criteria by which the performance of professional activities is to be evaluated and


measured.

195. The IIA’s Code of Ethics identifies three personal characteristics that form the foundation
upon which the entire Code rests. Which is not one of these three personal characteristics?
a. Objectivity.

b. Diligence.

c. Probity.

d. Honesty.

196. Under the IIA’s Code of Ethics' provisions with respect to gifts and fees, which of the
following would be acceptable for an internal auditor to receive?

a. A pen received from the sales manager of a subsidiary with the imprinted name of the
company's product and a phone number.

b. A dinner and baseball tickets from the manager of a department being audited. The tickets
are usually made available to employees of the audited department.

c. A dinner and baseball tickets from the manager of a department that has never been audited
and for which there are no plans for a future audit. The tickets are usually made available to
employees of that department.

d. A bottle of whiskey from the corporate treasurer.

197. A Certified Internal Auditor (CIA) is found to have committed a very serious violation of the
Code of Ethics of the Institute of Internal Auditors. Which of the following describes the
disciplinary action most likely to be imposed by the Institute? The CIA will:

a. Be required to take up to 40 hours of appropriate continuing professional education


courses.

b. Be required to retake the CIA Examination.

c. Forfeit his or her membership in the Institute.

d. Be assessed a fine not to exceed $1,000.

198. Which of the following actions by an internal auditor would violate the IIA’s Code of Ethics?

a. Attendance at an educational program offered by an auditee to all employees.

b. Acceptance of airline tickets from an auditee.


c. Disclosure, in an audit opinion, of all material facts relevant to the audit area.

d. Disposal of stock in the company prior to learning of a business downturn.

199. An internal auditor for XYZ Company is auditing the revenues and operating expenses of a
shopping mall managed by ABC company. ABC is the operating partner of this joint venture with
XYZ. The internal auditor discovers numerous audit exceptions where some credits will be due to
each party. Which of the following should the auditor report in this situation?

a. Only those audit exceptions where credit is due to XYZ.

b. If requested by ABC, detail information on credits due ABC.

c. Only those audit exceptions where credit is due ABC.

d. All material audit exceptions and provide ABC with a net amount due.

200. Which of the following actions by an auditor would violate the IIA’s Code of Ethics?

a. An audit of an activity managed by the auditor's spouse.

b. A material financial investment in the company.

c. Use of a company car.

d. A significant ownership interest in a non-related business.

201. Through an audit of the credit department, the chief audit executive (CAE) became aware of a
material misstatement of the year-end accounts receivable balance. The external auditor has
completed his audit without detecting the misstatement. What should the CAE do in this situation?

a. Inform the external auditor of the misstatement.

b. Report the misstatement to management when the external auditor presents his report.

c. Exclude the misstatement from the internal audit report since the external auditor is
responsible to express an opinion on the financial statements.

d. Perform additional audit work on account receivable balances to benefit the external
auditor.
202. A Certified Internal Auditor (CIA) who is judged by the IIA’s Board of Directors to be in
violation of the provisions of the IIA’s Code of Ethics shall be subject to:

a. Suspension as a CIA for a minimum of one year.

b. Completion of additional continuing professional development (CPD) hours to retain the


CIA designation.

c. Suspension as a CIA indefinitely until reinstatement by the board.

d. Forfeiture of the CIA designation.

203. In a review of warranty programs for new products introduced by a company with low and
declining profits, an auditor has determined, and management has acknowledged, that the company
will be unable to fulfill promised warranty coverage. The auditor should:

a. Inform appropriate regulatory authorities.

b. Inform customers.

c. Inform the audit committee.

d. Resign from the employer.

204. A Certified Internal Auditor (CIA) is found to have committed a violation of the Code of
Ethics of the Institute of Internal Auditors. The violation is not serious enough to warrant the
maximum disciplinary action. The most likely result is that the CIA will:

a. Be required to take up to 24 hours of appropriate continuing professional education


courses.

b. Lose his or her CIA designation permanently unless subsequent reinstatement is approved
by the Board of Directors of the Institute.

c. Be prohibited from engaging in the practice of internal auditing for a period not to exceed
60 days.

d. Receive from the Institute's Board of Directors a written censure, which outlines the
consequences of repeated similar actions.
205. Internal auditors should be prudent in their relationships with persons and organizations
external to their employers. Which of the following activities would most likely not adversely
affect internal auditors' ethical behavior?

a. Accepting compensation from professional organizations for consulting work.

b. Serving as consultants to competitor organizations.

c. Serving as consultants to suppliers.

d. Discussing audit plans or results with external parties.

206. A primary purpose for establishing a Code of Conduct within a professional organization is to:

a. Reduce the likelihood that members of the profession will be sued for substandard work.

b. Ensure that all members of the profession perform at approximately the same level of
competence.

c. Demonstrate acceptance of responsibility to the interests of those served by the profession.

d. Require members of the profession to exhibit loyalty in all matters pertaining to the affairs
of their organization.

207. An auditor discovers some material inefficiency in a purchasing function. The purchasing
manager happens to be the auditor's next-door neighbor and best friend. In accordance with the
Code of Ethics, the auditor should:

a. Objectively include the facts of the case in the audit report.

b. Not report the incident because of loyalty to the friend.

c. Include the facts of the case in a special report submitted only to the friend.

d. Not report the friend unless the activity is illegal.

208. Which of the following actions could be construed as a violation of the IIA’s Code of Ethics?

a. Failing to report to management information that would be material to management's


judgment.

b. Rendering an opinion on internal financial statements.


c. Turning a case over to the security department when an auditor suspects fraud, but has no
proof.

d. Including an internal control problem in a report, when it has been corrected prior to
completion of the audit.

209. Which of the following would constitute a violation of the IIA's Code of Ethics?

a. Janice has accepted an assignment to audit the electronics manufacturing division. Janice
has recently joined the internal auditing department. But she was senior auditor for the external
audit of that division and has audited many electronics companies during the past two years.

b. George has been assigned to do an audit of the warehousing function six months from now.
George has no expertise in that area but accepted the assignment anyway. He has signed up for
continuing professional education courses in warehousing, which will be completed before his
assignment begins.

c. Jane is content with her career as an internal auditor and has come to look at it as a regular
9 to 5 job. She has not engaged in continuing professional education or other activities to improve
her effectiveness during the last three years. However, she feels she is performing the same quality
work she always has.

d. John discovered an internal financial fraud during the year. The books were adjusted to
properly reflect the loss associated with the fraud. John discussed the fraud with the external
auditor when the external auditor reviewed working papers detailing the incident.

210. Which of the following would be permissible under the IIA’s Code of Ethics?

a. Disclosing confidential, audit-related, information that is potentially damaging to the


organization in a court of law in response to a subpoena.

b. Using audit-related information in a decision to buy stock issued by the employer’s


corporation.

c. Accepting an unexpected gift from an employee whom you have praised in a recent audit
report.

d. Not reporting significant findings about illegal activity to the audit committee because
management has indicated it will handle the issue.
211. During an audit, an employee with whom you have developed a good working relationship in-
forms you that she has some information about top management, which would be damaging to the
organization and may concern illegal activities. The employee does not want her name associated
with the release of the information. Which of the following actions would be considered inconsis-
tent with the IIA’s Code of Ethics and Standards?

a. Assure the employee that you can maintain her anonymity and listen to the information.

b. Suggest the person consider talking to legal counsel.

c. Inform the individual that you will attempt to keep the source of the information
confidential and will look into the matter further.

d. Inform the employee of other methods of communicating this type of information.

212. An internal auditor for a large regional bank holding company was asked to serve on the
board of directors of a local bank. The bank competes in many of the same markets as the bank
holding company, but focuses more on consumer financing than on business financing. In
accepting this position, the auditor:

I. Violates the IIA Code of Ethics because serving on the board may be in conflict
with the best interests of the auditor’s employer.

II. Violates the IIA Code of Ethics because the information gained while serving on the board
of directors of the local bank may influence recommendations regarding potential acquisitions.

a. I only.

b. II only.

c. I and II.

d. Neither I nor II.

213. The chief audit executive has been appointed to a committee to evaluate the appointment of
the external auditors. The engagement partner for the external accounting firm wants the director to
join him for a week of hunting at his private lodge. The CAE should:

a. Accept, assuming both their schedules allow it.

b. Refuse on the grounds of conflict of interest.

c. Accept as long as it is not charged to company time.


d. Ask the comptroller if this would be a violation of the company's code of ethics.

214. In a review of travel and entertainment expenses, a Certified Internal Auditor (CIA)
questioned the business purposes of an officer's reimbursed travel expenses. The officer promised
to compensate for the questioned amounts by not claiming legitimate expenses in the future. If the
officer makes good on the promise, the internal auditor:

a. Can ignore the original charging of the non-business expenses.

b. Should inform the tax authorities in any event.

c. Should still include the finding in the audit report.

d. Should recommend that the officer forfeit any frequent flyer miles received as part of the
questionable travel.

215. The standards of conduct set forth in the IIA’s Code of Ethics:

a. Provide basic principles in the practice of internal auditing.

b. Are guidelines to assist internal auditors in dealing with auditees.

c. Are rules that must be obeyed in all circumstances.

d. Provide a general understanding of the responsibility of internal auditing.

216. Today's internal auditor will often encounter a wide range of potential ethical dilemmas, not
all of which are explicitly addressed by The Institute of Internal Auditors' (IIA’s) Code of Ethics. If
the auditor encounters such a dilemma, the auditor should always:

a. Seek counsel from an independent attorney to determine the personal consequences of


potential actions.

b. Consider all parties affected and the potential consequences of actions, and take an action
consistent with the objectives of internal auditing and the principles and rules of conduct embodied
in the IIA’s Code of Ethics.

c. Seek the counsel of the audit committee before deciding on an action.

d. Act consistently with the Code of Ethics adopted by the organization even if such action
would not be consistent with the IIA’s Code of Ethics.
217. An internal auditor has been assigned to audit a foreign subsidiary. The auditor is aware that
the social climate of the country is such that “facilitating payments” (bribes) are often used to make
things happen and are an accepted part of that society. The auditor has completed an audit of the
division and has found significant weaknesses relating to important controls. The division manager
offers the auditor a substantial “facilitating payment” to omit the audit findings from the audit
report with a provision that the auditor could re-visit the division in six months so the auditor could
verify that the problem areas had been properly addressed. The auditor should:

a. Not accept the payment since such acceptance would be in conflict with the Code of
Ethics.

b. Not accept the payment, but omit the findings as long as there is a verification visit in six
months.

c. Accept the offer since it is consistent with the ethical concepts of the country in which the
division is doing business.

d. Accept the payment because it has the effect of doing the greatest good for the greatest
number; the auditor is better off, the division is better off, and the organization is better off because
there is strong motivation to correct the deficiencies found by the auditor.

218. A certified internal auditor (CIA), who performs financial, operational, and information
systems audits, is now facing an ethical dilemma. During an audit, he discovered several illegal
activities conducted by senior management of his firm. What should the auditor do now?

a. Comply with the Institute of Management Accountants’ (IMA’s) code of ethics and
standards.

b. Comply with the American Institute of Certified Public Accountants’ (AICPA’s) code of
ethics and standards.

c. Comply with the Institute of Internal Auditors’ (IIA’s) code of ethics and standards.

d. Comply with the Information Systems and Audit Control Association’s (ISACA’s) code
of ethics and standards.

Use the following to answer questions 219 and 220.

A staff auditor has been assigned to the Treasury audit for the second consecutive year. The
auditor confirmed investment securities held by a brokerage house and realized that several large
securities were improperly used as collateral for personal loans a few years ago by the current
Treasurer. Last year the staff auditor had mistakenly signed off on the audit steps involving the
confirmations and verification of the securities without completing all of the steps. The audit
manager also mistakenly signed off on the review last year. When the error was detected this year,
the audit manager commented that "it was an error, but the loan has been repaid, and the securities
returned. We have corrected the control weakness, and I'm positive it will not happen again. Pursuit
of this issue will be an embarrassment to everyone involved. Leave it like it is."

219. Which of the following should be considered by the staff auditor when deciding whether or
not to report the situation?

a. Securities were used improperly as collateral.

b. The mistake in signing off work that was not done.

c. The repayment of loans and return of the securities.

d. The correction of the control weakness.

220. As a staff auditor, which of the following actions would be considered a violation of the IIA
Standards or Code of Ethics?

a. Inform the audit manager that you will be including the information in your working papers
as an audit finding.

b. Discuss the matter with the chief audit executive without further discussion with the audit
manager.

c. Disclose the matter to the external auditor without further discussion.

d. Resign from the audit department and company if further action is not taken on the matter.

221. Which of the following situations would most likely be considered a violation of the IIA’s
Code of Ethics and thus the Standards?

a. As chief audit executive (CAE) you have become perplexed as to how to resolve a
particular disagreement between you and auditee management regarding the finding and
recommendation in a very sensitive audit area. Unsure as to what to do, you discuss the detail of
the finding and your proposed recommendation with a fellow CAE you know from your work in
The Institute of Internal Auditors, local chapter.
b. After researching and developing the proposed yearly audit plan, your company audit
charter requires that as CAE you present the plan to the audit committee for its approval and
suggestions.

c. Your audit manager has just removed your most significant finding and recommendation
from your audit report. Being the in-charge auditor, you have voiced your opposition to the
removal and have explained that you know the reported condition exists. Although you agree that,
technically, the audit lacks sufficient evidence to support the finding, management cannot explain
the condition and your audit finding is the only reasonable conclusion.

d. Because your department lacks skill and knowledge in a specialty area, your CAE has
engaged the services of an expert consultant. As audit manager you have been asked to review the
expert's approach to the assignment. You are knowledgeable regarding the area under review but
are hesitant to accept the assignment because you lack the expertise to judge the validity of the
expert's conclusion.

222. Internal auditors sometimes express opinions in audit reports in addition to stating facts. Due
professional care requires that the auditor's opinions be:

a. Based on sufficient factual evidence that warrants the expression of the opinions.

b. Based on experience and not biased in any manner.

c. Expressed only when requested by the auditee or executive management.

d. Limited to the effectiveness of controls and the appropriateness of accounting treatments.

223. An accounting association established a Code of Ethics for all members. Identify the
association's primary purpose for establishing the Code of Ethics.

a. To outline criteria for professional behavior to maintain standards of competence, morality,


honesty, and dignity within the association.

b. To establish standards to follow for effective accounting practice.

c. To provide a framework within which accounting policies could be effectively developed


and executed.

d. To outline criteria that can be utilized in conducting interviews of potential new


accountants.
224. During an audit, a Certified Internal Auditor (CIA) learned that certain individuals in the
organization were involved in industrial espionage for the benefit of the organization. According to
the IIA’s Code of Ethics, identify the auditor's course of action.

a. Report the facts to the appropriate individuals within the organization.

b. No action is required since this condition is not detrimental to the organization.

c. Note the condition in the working papers but refrain from reporting it because it benefits
the organization.

d. Report the condition to the appropriate government regulatory agency.

225. An organization has recently placed a former operating manager in the position of chief audit
executive (CAE). The new CAE is not a member of The IIA and is not a CIA. Henceforth, the
internal auditing department will be run strictly by the CAE’s standards, not The IIA's. All four
staff auditors are members of The Institute, but they are not CIAs. According to the IIA’s Code of
Ethics, what is the best course of action for the staff auditors?

a. The Code does not apply because the auditors are not CIAs.

b. The auditors should adopt suitable means to comply with the IIA Standards.

c. The auditors must exhibit loyalty to the organization and ignore the IIA Standards.

d. The auditors must resign their jobs to avoid improper activities.

226. A primary purpose for establishing a Code of Conduct within a professional organization is to:

a. Reduce the likelihood that members of the profession will be sued for substandard work.

b. Ensure that all members of the profession perform at approximately the same level of
competence.

c. Demonstrate acceptance of responsibility to the interests of those served by the profession.

d. Require members of the profession to exhibit loyalty in all matters pertaining to the affairs
of their organization.

227. While performing an operational audit of the firm's production cycle, an internal auditor
discovers that, in the absence of specific guidelines, some engineers and buyers routinely accept
vacation trips paid by certain of the firm's vendors. Other engineers and buyers will not accept
even a working lunch paid for by a vendor. Which of the following actions should the internal
auditor take?

a. None. The engineers and buyers are professionals. It is inappropriate for an internal auditor
to interfere in what is essentially a personal decision.

b. Informally counsel the engineers and buyers who accept the vacation trips. This helps
prevent the possibility of kickbacks, while preserving good auditor/auditee relations.

c. Formally recommend that the organization establish a corporate Code of Ethics. Guidelines
of acceptable conduct, within which individual decisions may be made, should be provided.

d. Issue a formal deficiency report naming the personnel who accept vacations but make no
recommendations. Corrective action is the responsibility of management.

228. You work for an organization that has adopted a conflict-of-interest policy, which prohibits
any activity contrary to the best interests and wellbeing of the organization. Which of the
following statements should be included in the policy to illustrate unacceptable behavior?

a. Serving as a member of the board of directors of nonprofit organization dedicated to


preservation of the environment.

b. Serving as an elected official (part-time) of a local government.

c. Providing a mailing list of company employees to a relative whom is offering training that
might benefit the organization.

d. Teaching (part-time) at a local university.

229. The IIA’s Code of Ethics requires IIA members to exercise three particular qualities in the per-
formance of their duties. These three qualities are:

a. Honesty, diligence, and responsibility.

b. Timeliness, sobriety, and clarity.

c. Knowledge, skill, and discipline.

d. Punctuality, loyalty, and dignity.


230. According to the Code of Ethics, the IIA Board of Directors may take action against a
Certified Internal Auditor (CIA) whose work is dishonest by:

a. Requesting that the CIA be fired by the employing company.

b. Reporting the dishonest act to legal authorities.

c. Having the CIA's employer issue a reprimand.

d. Revoking the auditor's CIA designation.

231. Which of the following involves a violation of the IIA’s Code of Ethics?

a. An auditor informed a friend in an operating department of the expected closing of that


department.

b. Unlike other employees, the auditors always fly first-class to maintain the appearance of
independence.

c. With the consent of senior management, an auditor accepted a gift from an auditee depart-
ment, which was given as a reward for finding a major inefficiency.

d. An auditor accepted a promotional calendar from the sales manager.

232. The IIA’s Board of Directors has been informed that a Certified Internal Auditor (CIA) was
tried and convicted of tax evasion. The probable consequences for this person are:

a. Immediate revocation of the CIA designation by the Internal Auditing Standards Board.

b. Nothing; the act was performed outside of the normal line of work.

c. Censure by the Director of Professional Practices of the Institute.

d. Review by the Board of Directors and forfeiture of the CIA designation.

233. A chief audit executive (CAE) learns that a staff auditor has provided confidential information
to a relative. Both the CAE and staff auditor are CIAs. Although the auditor did not benefit from
the transaction, the relative used the information to make a significant profit. The most appropriate
way for the CAE to deal with this problem is to:

a. Verbally reprimand the auditor.


b. Summarily discharge the auditor and notify the Institute of Internal Auditors (IIA).

c. Take no action since the auditor did not benefit from the transaction.

d. Inform the IIA’s Board of Directors and take the personnel action required by company
policy.

234. During the course of an audit, an auditor discovers that a clerk is embezzling company funds.
Although this is the first embezzlement ever encountered and the organization has a security
department, the auditor decides to personally interrogate the suspect. If the auditor is violating the
IIA’s Code of Ethics, the rule violated is most likely:

a. Failing to show due diligence.

b. Lack of loyalty to the organization.

c. Lack of competence in this area.

d. Failing to comply with the law.

235. The chief audit executive (CAE) of a company is aware of a material inventory shortage
caused by internal control deficiencies at one manufacturing plant. The shortage and related causes
are of sufficient magnitude to impact the external auditor's report. Based on the IIA’s Code of
Ethics, identify the CAE’s most appropriate course of action:

a. Say nothing; guard against interfering with the independence of the external auditors.

b. Discuss the issue with management and take appropriate action to ensure that the external
auditors are informed.

c. Inform the external auditors of the possibility of a shortage but allow them to make an
independent assessment of the amount.

d. Report the shortages to the board of directors and allow them to report it to the external
auditor.

236. Which of the following statements is not appropriate to include in a manufacturer's conflict of
interest policy? An employee shall not:

a. Accept money, gifts or services from a customer.


b. Participate (directly or indirectly) in the management of a public agency.

c. Borrow from or loan money to vendors.

d. Use company information for private purposes.

237. A firm's Code of Ethics contains the following statement: “Employees shall not accept gifts or
gratuities over $50 in value from persons or firms with whom our organization does business.”
This provision is designed to prevent:

a. Diversion of the firm's securities by an employee.

b. Excessive sales allowances granted by an employee.

c. Failure by an employee to record cash collections.

d. Participation by an employee in a working lunch funded by one of the firm's suppliers.

238. A Code of Conduct was developed several years ago and distributed by a large financial
institution to all its officers and employees. Identify the best audit approach to provide the audit
committee with the highest level of comfort about the Code of Conduct:

a. Fully evaluate the comprehensiveness of the Code and compliance therewith, and report
the results to the audit committee.

b. Fully evaluate company practices for compliance with the code and report to the audit
committee.

c. Review employee activities for compliance with provisions of the code and report to the
audit committee.

d. Perform tests on various employee transactions to detect potential violations of the code of
conduct.

239. A review of an organization's Code of Conduct revealed that it contained comprehensive


guidelines designed to inspire high levels of ethical behavior. The review also revealed that
employees were knowledgeable of its provisions. However, some employees still did not comply
with the code. What element should a Code of Conduct contain to enhance its effectiveness?

a. Periodic review and acknowledgement by all employees.


b. Employee involvement in its development.

c. Public knowledge of its contents and purpose.

d. Provisions for disciplinary action in the event of violations.

240. The best reason for establishing a Code of Conduct within an organization is that such codes:

a. Are required by the Foreign Corrupt Practices Act.

b. Express standards of individual behavior for members of the organization.

c. Provide a quantifiable basis for personnel evaluations.

d. Have tremendous public relations potential.

Use the following information to answer questions 241 through 243.

A company with a whistle blowing hotline has received an anonymous tip that three senior
internal auditors are in violation of the IIA Code of Ethics. The company has adopted the IIA Code
as a part of the corporate ethical code. Among the allegations against the auditors were the
following:

1. Auditor 1 has a part-time job outside of office hours as a visiting professor at a local
community college.

2. Auditor 1 owns stock in the employer company.

3. Auditor 1 told his next-door neighbor to start looking for a new job because an audit of the
executive office indicated that the neighbor's division was going to be closed down in about six
months.

4. Auditor 2 received an item of value from a local nonprofit organization of purchasing


agents for whom he gave a speech.

5. Auditor 2 received an item of value from a customer of the employer.

6. Auditor 2 has a part-time job as president of a local charitable organization.

7. Auditor 2 shared audit techniques with auditors from another company while attending a
professional meeting.
8. A buyer accepted a kickback of $500 to give bid amounts to a supplier to enable that
supplier to bid the contract. Auditor 2 omitted this information from the audit report since the
contract amount was not material to the financial statements.

9. Auditor 3 received royalties from a publisher for authoring a professional book on internal
auditing.

10. Auditor 3 has a part-time job as a real estate broker, and his real estate firm recently
received a commission from the employer company.

11. Auditor 3 received an item of value from a fellow employee in the same company whose
department has never been audited and whose department is not scheduled to be audited in the
foreseeable future.

12. Auditor 3 did not include in an audit report that the bottlenecks in a shipping department
were caused by the absence of the supervisor. The supervisor was the auditor's friend and neighbor
who had a hospitalized child requiring him to miss work off and on for several weeks.

241. How many of the allegations about Auditor 1 represent violations of the IIA’s Code of Ethics?

a. None.

b. One.

c. Two.

d. Three.

242. How many of the allegations about Auditor 2 represent violations of the IIA’s Code of Ethics?

a. One.

b. Two.

c. Three.

d. Four.

243. How many of the allegations about Auditor 3 represent violations of the IIA’s Code of Ethics?

a. One.
b. Two.

c. Three.

d. Four.

You might also like