Questions Chapter 1
Questions Chapter 1
Questions Chapter 1
1. According to the IIA Standards, which of the following is not included in the scope of the
internal audit function?
b. Reviewing the compliance with laws, regulations, policies, procedures, and contracts.
3. The Audit Committee of an organization has charged the chief audit executive (CAE) with
bringing the department into full compliance with the IIA Standards. The CAE's first task is to
develop a charter. Identify the item that should be included in the statement of objectives:
c. Determine the adequacy and effectiveness of the organization's systems of internal controls.
a. The chief audit executive (CAE) should report to the chief executive officer but have
access to the board of directors
b. The CAE should be a member of the audit committee of the board of directors
c. The CAE should be a staff officer reporting to the chief financial officer
5. If an auditee’s operating standards are vague and thus subject to interpretation, the auditor
should:
a. Seek agreement with the auditee as to the standards to be used to measure operating
performance
b. Determine best practices in this area and use them as the standard
c. Interpret the standards in their strictest sense because standards are otherwise only
minimum measures of acceptance
d. Omit any comments on standards and the auditee’s performance in relationship to those
standards, because such an analysis would be meaningless
6. In which of the following situations does the auditor potentially lack objectivity?
a. An auditor reviews the procedures for a new electronic data interchange (EDI) connection
to a major customer before it is implemented.
b. A former purchasing assistant performs a review of internal controls over purchasing four
months after being transferred to the internal auditing department.
c. An auditor recommends standards of control and performance measures for a contract with
a service organization for the processing of payroll and employee benefits.
a. Continuing on an audit assignment at a division for which the auditor will soon be
responsible as the result of a promotion.
c. Participating on a task force which recommends standards for control of a new distribution
system.
8. Which of the following activities would not be presumed to impair the independence of an
internal auditor?
II. Drafting procedures for running a new computer application to ensure that proper controls
are installed.
III. Performing reviews of procedures for a new computer application before it is installed.
a. I only.
b. II only.
c. III only.
d. I and III.
9. Which of the following is not a true statement about the relationship between internal auditors
and external auditors?
a. Oversight of the work of external auditors is the responsibility of the director of internal
auditing.
b. There may be periodic meetings between internal and external auditors to discuss matters
of mutual interest.
c. There may be an exchange of audit reports and management letters between internal and
external auditors.
d. Internal auditors may provide audit programs and working papers to external auditors.
10. A quality assurance program of an internal audit department provides reasonable assurance that
audit work conforms to applicable standards. Which of the following activities are designed to
provide feedback on the effectiveness of an audit department?
I. Proper supervision
An internal audit team recently completed an audit of the company's compliance with its lease-
versus-purchase policy concerning company automobiles. The audit report noted that the basis for
several decisions to lease rather than purchase automobiles had not been documented and was not
auditable. The report contained a recommendation that operating management ensure that such
lease agreements not be executed without proper documentation of the basis for the decision to
lease rather than buy. The internal auditors are about to perform follow-up work on this audit
report.
d. Document what management is doing in response to the audit report and close the audit file
in a timely manner.
12. Assume that senior management has decided to accept the risk involved in failure to document
the basis for lease-versus-purchase decisions involving company automobiles. In such a case, what
would be the auditors' reporting obligation?
b. Management's decision and the auditors' concern should be reported to the company's
Board of Directors.
c. The auditors should issue a follow-up report to management clearly stating the rationale for
the recommendation that the basis for lease-versus-purchase decisions be properly documented.
d. The auditors should inform the external auditor and any responsible regulatory agency that
no action has been taken on the finding in question.
13. Auditors realize that at times corrective action is not taken even when agreed to by the
appropriate parties. This should lead an internal auditor to:
c. Decide to conduct follow-up work only if management requests the auditor's assistance.
d. Write a follow-up audit report with all findings and their significance to the operations.
14. In publicly held companies, management often requires the internal auditing department's
involvement with quarterly financial statements that are made public and/or used internally. Which
one of the following is generally not a reason for such involvement?
b. Management may be concerned about potential penalties that could occur if quarterly
financial statements that are made public are misstated.
c. The Standards state that internal auditors should be involved with reviewing quarterly
financial statements.
d. Management may perceive that having quarterly financial information examined by the
internal auditors enhances its value for internal decision making.
15. During testing of the effectiveness of inventory controls, the auditor makes a note in the
working papers that most of the cycle count adjustments for the facility involved transactions of
the machining department. The machining department also had generated an extraordinary number
of cycle count adjustments in comparison to other departments last year. The auditor should:
a. Interview management and apply other audit techniques to determine whether transaction
controls and procedures within the machining department are adequate.
b. Do no further work because the concern was not identified by the analytical procedures
designed in the audit program.
d. Place a note in the working papers to review this matter in detail during the next review.
16. Developing an audit finding involves comparing the condition to the relevant standard or
criterion. Which of the following choices best represents an appropriate standard or criterion to
support a finding?
a. A quality standard operating procedure (number and date) for the department.
b. An internal accounting control principle cited and copied from a public accounting
reference.
c. A sound business practice, based on the internal auditor's knowledge and experience
obtained during many audit assignments within the company.
17. The chief audit executive (CAE) for a large manufacturing company is considering revising the
department's audit charter with respect to the minimum educational and experience qualifications
required. The CAE wants to require all staff auditors to possess specialized training in accounting
and a professional auditing certification such as the Certified Internal Auditor (CIA) or the
Chartered Accountant (CA). One of the disadvantages of imposing this requirement would be:
a. The policy might negatively affect the department's ability to perform quality examinations
of the company's financial and accounting systems,
c. The policy would prevent the department from using outside consultants when the
department did not have the skills and knowledge required in certain audit situations,
d. The policy could limit the range of activities, which could be audited by the department
due to the department's narrow expertise and backgrounds,
18. An organization was in the process of establishing its new internal audit department. The
controller had no previous experience with internal auditors. Due to this lack of experience, the
controller advised the applicants that they would be reporting to the external auditors. However,
the new chief audit executive (CAE) would have free access to the controller to report anything
important. The controller would convey the CAE's concerns to the board of directors. Which of the
following is true?
a. The internal audit department will be independent because the CAE has direct access to the
board of directors.
b. The internal audit department will not be independent because the CAE reports to the
external auditors.
c. The internal audit department will not be independent because the controller has no
experience with internal auditors.
d. The internal audit department will not be independent because the company did not specify
that the applicants must be Certified Internal Auditors.
During a year-end planning meeting with senior management, the chief audit executive (CAE)
learns that a recent draft audit report on one of the company's inventory costing systems had
provoked a discussion in the accounting area. The audit report proposed a relatively large
adjustment due to an error in the local inventory system. The auditor's conclusion stated that six
other production facilities using the same costing system would require similar inventory
adjustments. The total required adjustment for all seven locations represented a material
adjustment to the financial statements, according to the chief financial officer (CFO). The CFO
questioned the method used by the auditor to calculate the amount of the inventory adjustment and
asked the CAE to delay processing the audit report until all aspects of the finding had been fully
considered. The CAE reports directly to the CFO. The audit committee has not been apprised of
this audit because the audit report is still in draft stage awaiting management comment.
19. Assuming that there is a meeting later the same day with the audit committee of the board,
which of the following is not a responsibility of the director of internal auditing?
a. Inform the audit committee of senior management's decisions on all significant audit
findings.
b. Highlight significant audit findings and recommendations and report on the approved audit
work schedule.
c. Inform the audit committee of the outcome of earlier meetings with the CFO and the
options being considered for recording the inventory adjustment.
d. Attempt to resolve the inventory issue before reporting the finding to the audit committee.
a. Schedule audits to review the inventory costing systems at all locations after year-end.
b. Recall all copies of the draft audit report sent out for management review and response.
c. Tell the representatives of senior management that distorting financial reports is not
acceptable.
d. Offer to review the basis for the conclusion about the inventory valuation at all locations.
21. An inexperienced internal auditor notified the senior auditor of a significant variance from the
auditee's budget. The senior told the new auditor not to worry as the senior had heard that there had
been an unauthorized work stoppage that probably accounted for the difference. Which of the
following statements is most appropriate?
a. The new auditor should have investigated the matter fully and not bothered the senior.
b. The senior used proper judgment in curtailing what could have been a wasteful
investigation.
c. The senior should have halted the audit until the variance was fully explained.
d. The senior should have aided the new auditor in formulating a plan for accumulating
appropriate evidence.
22. The IIA Standards state that internal auditors are responsible for continuing their education in
order to maintain their proficiency. Which of the following is correct regarding the continuing
education requirements of the practicing internal auditor?
b. CIAs have formal requirements that must be met in order to continue as a CIA.
23. A significant part of the auditor's working papers will be the conclusions reached by the
auditor regarding the audit area. In some situations, the supervisor might not agree with the
conclusions and will ask the staff auditor to perform more work. Assume that after subsequent
work is performed, the staff auditor and the supervisor continue to disagree on the conclusions
documented in the working paper developed by the staff auditor. Which of the following audit
department responses would not be appropriate?
a. Both the staff auditor and the supervisor document their reasons for reaching different
conclusions. Retain the rationale of both parties in the working papers.
b. Note the disagreement and retain the notice of disagreement and follow-up work in the
audit working papers.
c. Present both conclusions to the chief audit executive (CAE) for resolution. The CAE may
resolve the matter.
d. Present both conclusions in the audit report and let management and the auditee react to
both.
24. The IIA Standards specify that supervision of the work of internal auditors be “carried out
continuously.” Which of the following statements regarding supervision is correct?
I. “Continuously” indicates that supervision should be performed throughout
the planning, examination, evaluation, report, and follow-up stages of the audit
II. Supervision should also be extended to training, time reporting, and expense
control, as well as similar administrative matters
III. The extent and nature of supervision needs to be documented, preferably in the
appropriate working papers
a. I only.
b. I and III.
c. II only.
25. It would be appropriate for internal auditing departments to use consultants with expertise in
health care benefits when the internal auditing department is:
b. Comparing the cost of the organization's health care program with other programs offered
in the industry.
c. Training its staff to conduct an audit of health care costs in a major division of the
organization.
26. An auditor has uncovered facts, which could be interpreted as indicating unlawful activity on
the part of an auditee. The auditor decides not to inform senior management of these facts since he
cannot prove that an irregularity occurred. The auditor, however, decides that if questions are
raised regarding the omitted facts, they will be answered fully and truthfully. In taking this action,
the auditor:
a. Has not violated the Code of Ethics or the Standards because confidentiality takes
precedence over all other standards.
b. Has not violated the Code of Ethics or the Standards because the auditor is committed to
answering all questions fully and truthfully.
c. Has violated the Code of Ethics because unlawful acts should have been reported to the
appropriate regulatory agency to avoid potential "aiding and abetting" by the auditor.
d. Has violated the Standards because the auditor should inform the appropriate authorities in
the organization if fraud may be indicated.
27. A new staff auditor was told to perform an audit in an area with which the auditor was not
familiar. Because of time constraints, there was no supervision of the audit. The auditor was given
the assignment because it represented a good learning experience, but the area was clearly beyond
the auditor's competence. Nonetheless, the auditor prepared comprehensive working papers and
reported the results to management. In this situation:
a. The audit department violated the IIA Standards by hiring an auditor without proficiency in
the area.
b. The audit department violated the IIA Standards by not providing adequate supervision.
c. The chief audit executive (CAE) has not violated the Code of Ethics since the Code does
not address supervision.
d. The IIA’s Standards and the Code of Ethics were followed by the audit department.
28. Management has requested the internal auditing department to perform an operational audit of
the telephone marketing operations of a major division and to recommend procedures and policies
for improving management control over the operation. The auditor should:
a. Not accept the engagement because recommending controls would impair future
objectivity of the department regarding this auditee.
b. Not accept the engagement because audit departments are presumed to have expertise on
accounting controls, not marketing controls.
c. Accept the engagement, but indicate to management that recommending controls would
impair audit independence so management knows that future audits of the area would be impaired.
a. The senior auditor is skilled in the area and closely supervises the staff auditor.
b. The staff auditor performs the work and prepares a report which is reviewed in detail by the
director of audit.
c. Both a and b.
d. Neither a nor b.
30. Communication skills are important to internal auditors. According to the Standards, the
auditor should be able to effectively convey all of the following to the auditee except:
c. The risk assessment used in selecting the area for audit investigation.
31. Internal auditing is unique in that its scope often encompasses all areas of an organization.
Thus, it is not possible for each internal auditor to possess detailed competence in all areas, which
might be audited. Which of the following competencies is required by the IIA Standards for every
internal auditor?
32. The IIA Standards would not require the chief audit executive (CAE) to:
c. Communicate to senior management and the board the results of evaluations of the
coordination between internal and external auditors.
d. Communicate to senior management and the board the results of evaluations of the
performance of external auditors.
33. Follow-up activity may be required to ensure that corrective action has taken place for certain
findings. The internal audit department's responsibility to perform follow-up activities as required
should be defined in the:
34. As a particular audit is being planned in a high-risk area, the chief audit executive (CAE)
determines that the available staff does not have the requisite skills to perform the assignment. The
best course of action consistent with audit planning standards would be to:
a. Not perform the audit, since the requisite skills are not available.
b. Use the audit as a training opportunity and let the auditors learn as the audit is performed.
c. Consider using external resources to supplement the needed knowledge, skills, and
disciplines and complete the assignment.
d. Perform the audit but limit the scope in light of the skill deficiency.
35. According to the IIA Standards, internal auditors must be objective in performing audits.
Assume that the chief audit executive (CAE) received an annual bonus as part of that individual's
compensation package. The bonus may impair the CAE's objectivity if:
a. The bonus is administered by the board of directors or its salary administration committee.
36. A company is planning to develop and implement a new computerized purchase order system
in one of its manufacturing subsidiaries. The Vice President of Manufacturing has requested that
internal auditors participate on a team consisting of representatives from Finance, Manufacturing,
Purchasing, and Marketing. This team will be responsible for the implementation effort. Eager to
take on this high profile project, the chief audit executive (CAE) assigns a senior auditor to the
project to assist "as needed." Assuming the senior auditor performed all of the following activities,
which one would impair objectivity if asked to review the purchase order system on a post-audit
basis?
37. An internal audit department is currently undergoing its first external quality assurance review
since its formation three years ago. From interviews with a few of the staff auditors, the review
team is informed of certain auditor activities, which occurred over the past year. Which of the
following activities could affect the quality assurance review team's evaluation of the objectivity of
the internal audit department?
a. One internal auditor told the review team that during the payroll audit, the payroll manager
approached him. The manager indicated he was looking for an accountant to prepare his financial
statements for his part-time business. The internal auditor agreed to perform this work for a
reduced fee during non-work hours.
b. During the audit of the company's construction of a building addition to the corporate
office, the Vice-President of Facilities Management gave the auditor a commemorative mug with
the company's logo. These mugs were distributed to all employees present at the groundbreaking
ceremony.
c. After reviewing the installation of a data processing system, the auditor made
recommendations on standards of control. Three months after completing the audit, the auditee
requested the auditor's review of certain procedures for adequacy. The auditor agreed and
performed this review.
d. An auditor's participation was requested on a task force to reduce the company's inventory
losses from theft and shrinkage. This is the first consulting assignment undertaken by the audit
department. The auditor's role is to advise the task force on appropriate control techniques.
38. A medium-sized publicly owned corporation operating in Country X has grown to a size, which
the directors of the corporation believe warrants the establishment of an internal auditing depart-
ment. Country X has legislated internal auditing requirements for government-owned companies.
The company changed the corporate by-laws to reflect the establishment of the internal auditing
department. The directors decided that the chief audit executive (CAE) must be a Certified Internal
Auditor (CIA) and will report directly to the newly established audit committee of the board of
directors.
Which of the items discussed above will contribute the most to the new CAE's independence?
c. The fact that the CAE will report to the audit committee of the board of directors.
39. An internal auditor reports directly to the board of directors. The auditor discovered a material
cash shortage. When questioned, the person responsible explained that the cash was used to cover
sizable medical expenses for a child and agreed to replace the funds. Because of the corrective
action, the internal auditor did not inform management. In this instance, the auditor:
40. During a purchasing audit, the internal auditor finds that the largest blanket purchase order is
for tires which are expensed as vehicle maintenance items. The fleet manager requisitions tires
against the blanket order for the company's 400-vehicle service fleet based on a visual inspection
of the cars and trucks in the parking lot each week. Sometimes the fleet manager picks up the tires
but always signs the receiving report for payment. Vehicle service data is entered into a
maintenance database by the mechanic after the tires are installed. Which would be the best course
of action for the auditor in these circumstances?
b. Count the number of tires on hand and trace them to the related receiving reports.
c. Select a judgmental sample of requisitions and verify that the fleet manager signs each one.
d. Compare the number of tires purchased under the blanket purchase order with the number
of tires purchased in the prior year for reasonableness.
41. Auditors need to determine if management has established criteria to determine if goals and
objectives have been accomplished. If the auditor determines such criteria are inadequate or
nonexistent, which of the following actions would be appropriate?
III. Formulate criteria the auditor believes to be adequate and perform the audit and report in
relationship to the alternative criteria
a. I only.
b. I and II.
d. II only.
42. Several members of senior management have questioned whether the internal audit department
should report to the newly established, quality audit function as part of the total quality
management process within the company. The chief audit executive (CAE) has reviewed the
quality standards and the programs that the quality audit manager has proposed. The CAE’s
response to senior management should include:
a. Changing the applicable standards for internal auditing within the company to provide
compliance with quality audit standards.
b. Changing the qualification requirements for new staff members to include quality audit
experience.
c. Estimating departmental cost savings from eliminating the internal auditing function.
d. Identifying appropriate liaison activities with the quality audit function to ensure
coordination of audit schedules and overall audit responsibilities.
43. Internal auditors are often called on to either perform, or assist the external auditor in
performing, a due diligence review. A due diligence review is:
The director of internal auditing of a mid-sized internal auditing organization was concerned that
management might outsource the internal auditing function. Therefore, the manager adopted a very
aggressive program to promote the internal auditing department within the organization. The
manager planned to present the results to management and the audit committee and recommend
modification of the Internal Audit Charter after using the new program. The following lists six
actions the audit manager took to promote a positive image within the organization:
1. Audit assignments concentrated on economy and efficiency audits. The audits focused
solely on cost savings and each audit report highlighted potential costs to be saved. Negative
findings were omitted. The focus on economy and efficiency audits was new, but the auditees
seemed very happy.
2. Drafts of all audit reports were carefully reviewed with the auditee to get their input. Their
comments were carefully considered when developing the final audit report.
3. The IT auditor participated as part of a development team to review the control procedures
to be incorporated into a major computer application under development.
4. Given limited resources, the audit manager performed a risk analysis to determine which
locations to audit. This was a marked departure from the previous approach of ensuring that all
operations are reviewed on at least a three-year interval.
5. In order to save time, the manager no longer required that a standard internal control
questionnaire be completed for each audit.
6. When the auditors found that management and the auditee had not developed specific
criteria or data to evaluate the operations of the auditee, the audit team was instructed to perform
research, develop specific criteria, review the criteria with the auditee, and if acceptable, use it to
evaluate the auditee's operations. If the auditee disagreed with the criteria, a negotiation took place
until acceptable criteria could be agreed upon. The audit report commented on the auditee's
operations in conjunction with the agreed-upon criteria.
44. Which of the following elements of Action 1 taken by the audit manager would be considered a
violation of the IIA Standards?
I. The type of audits was changed before modifying the charter and going to the audit
committee
a. I and II.
b. I and III.
c. I only.
d. II and III.
45. Considering Actions 2, 3 and 4 that were taken, which would be considered a violation of the
IIA Standards?
a. Actions 2, 3, and 4.
b. Action 4 only.
c. Action 2 and 3 only.
a. Yes. Internal control should be evaluated on every audit, but the internal control
questionnaire is not the mandated approach to evaluate the controls.
b. No. Auditors may omit necessary procedures if there is a time constraint. It is a matter of
audit judgment.
c. Yes. Internal control should be evaluated on every audit engagement and the internal
control questionnaire is the most efficient method to do so.
d. No. Auditors are not required to fill out internal control questionnaires on every audit.
47. Regarding Action 6, which of the following elements of the action would be considered a
violation of the IIA Standards?
b. Developing a set of criteria to present to the auditee as a basis for evaluating the auditee's
operations.
48. Given the acceptance of the cost savings audits and the scarcity of internal audit resources, the
audit manager also decided that follow-up action was not needed. The manager reasoned that cost
savings should be sufficient to motivate the auditee to implement the auditor's recommendations.
Therefore, follow-up was not scheduled as a regular part of the audit plan. Does the audit
manager's decision violate the Standards?
b. Yes. The Standards require the auditors to determine whether the auditee has appropriately
implemented all of the auditor's recommendations.
49. Reporting to senior management and the board is an important part of the auditor's obligation.
Which of the following items is not required to be reported to senior management and/or the
board?
a. Subsequent to the completion of an audit, but prior to the issuance of an audit report, the
audit senior in charge of the audit was offered a permanent position in the auditee's department.
b. An annual report summary of the department's audit work schedule and financial budget.
c. Significant interim changes to the approved audit work schedule and financial budget.
d. An audit plan was approved by senior management and the board. Subsequent to the
approval, senior management informed the chief audit executive (CAE) not to perform an audit of
a division because the division's activities were very sensitive.
50. It has been established that an internal auditing charter is one of the more important factors
positively affecting the internal auditing department's independence. The IIA Standards help
clarify the nature of the charter by providing guidelines as to the contents of the charter. Which of
the following is not suggested in the Standards as part of the charter?
51. The preliminary survey indicates that severe staff reductions at the audit location have resulted
in extensive amounts of overtime among accounting staff. Department members are visibly
stressed and very vocal about the effects of the cutbacks. Accounting payrolls are nearly equal to
prior years and many key controls, such as segregation of duties, are no longer in place. The
accounting supervisor now performs all operations within the cash receipts and posting process,
and has no time to review and approve transactions generated by the remaining members of the
department. Journal entries for the last six months since the staff reductions show increasing
numbers of prior-month adjustments and corrections, including revenues, cost of sales, and
accruals that had been misstated or forgotten during month-end closing activity. The auditor
should:
a. Discuss these findings with audit management to determine whether further audit work
would be an efficient use of audit resources at this time.
b. Proceed with the scheduled audit but add audit personnel based on the expected number of
findings and anticipated lack of assistance from local accounting management.
c. Research temporary helps agencies and evaluates the cost and benefit of outsourcing
needed services.
d. Suspend further audit work because the findings are obvious and issue the audit report.
52. Auditors realize that at times corrective action is not taken even when agreed to by the
appropriate parties. This should lead an internal auditor to:
c. Decide to conduct follow-up work only if management requests the auditor's assistance.
d. Write a follow-up audit report with all findings and their significance to the operations.
a. Continuing on an audit assignment at a division for which the auditor will soon be
responsible as the result of a promotion.
c. Participating on a task force which recommends standards for control of a new distribution
system.
54. Management has requested the audit department to conduct an audit of the implementation of
its recently developed company code of conduct. In preparing for the audit, the auditor reviews the
newly developed code and compares it with several others for comparable companies and
concludes that the newly developed code has severe deficiencies. Based on this conclusion, the
auditor should:
a. Plan an audit for the implementation of management's code of conduct and also for
compliance with the “best practices” from the other codes since this represents the best available
criteria.
c. Inform management of the problems with the existing code and report that it would be
inappropriate to conduct an audit until the code is revised to incorporate the "best practices" from
industry.
d. Conduct the audit as requested by management, reporting only noncompliance with the
code.
55. The IIA’s Standards assign the responsibility for providing appropriate audit supervision to the:
a. Audit Committee.
c. Audit supervisor.
d. Senior auditor.
56. The IIA Standards require that the chief audit executive (CAE) seek the approval of manage-
ment and acceptance by the board of a formal written charter for the internal auditing department.
The purpose of this charter is to:
b. Establish the purpose, authority, and responsibility of the internal auditing department.
57. The primary criteria for determining the adequacy of working papers can be found in the:
c. Practice Guides.
58. Based on the IIA Standards, an internal auditing department's staff development program will
be deficient if individual employees are:
59. The IIA Standards require written policies and procedures to guide the audit staff. Which of the
following statements is false with respect to this requirement?
a. The form and content of written policies and procedures should be appropriate to the size
of the department.
b. All internal audit departments should have a detailed policies and procedures manual.
c. Formal administrative and technical audit manuals may not be needed by all internal
auditing departments.
d. A small internal auditing department may be managed informally through close supervision
and written memos.
PARAGRAPH 1: The production department has the newest production equipment available
because of a fire that required the replacement of all equipment.
PARAGRAPH 3: The production department produces an average of 25 units per worker per shift.
The defect rate is one percent.
PARAGRAPH 4: The industry average productivity is 20 units per worker per shift. The industry
defect rate is three percent.
60. Which paragraph would be characterized as the attribute described in the IIA Standards as
“Criteria”?
a. 1.
b. 2.
c. 3.
d. 4.
61. Which paragraph would be characterized as the attribute described in the IIA Standards as
“Condition”?
a. 1.
b. 2.
c. 3.
d. 4.
62. A relatively new internal auditor is completing an audit report. The final report should most
appropriately be signed by:
b. The auditor and the person in charge of the area being audited to indicate review of the
report.
63. An auditor often faces special problems when auditing a foreign subsidiary. Which of the
following statements is false with respect to the conduct of international audits?
c. There may be justification for having different company policies in force in foreign
branches.
64. The interpretation related to quality assurance given by the IIA Standards is that:
a. Quality assurance reviews can provide senior management and the audit committee with an
assessment of the internal auditing function.
c. The internal auditing department is primarily measured against the IIA's Code of Ethics.
d. Continual supervision is limited to the planning, examination, evaluation report and follow-
up process.
65. An internal auditor fails to discover an employee fraud during an audit. The nondiscovery is
most likely to suggest a violation of the IIA Standards if it was the result of a:
b. Determination that any possible fraud in the area would not involve a material amount.
c. Determination that the cost of extending audit procedures in the area would exceed the
potential benefits.
d. Presumption that the internal controls in the area were adequate and effective.
66. Which of the following will best promote the independence of the internal auditing function?
a. A quality control system within the internal auditing function designed to ensure that
departmental objectives are met.
b. Direct lines of communication between the audit committee and the chief audit executive
(CAE).
c. A written charter that reflects the concepts contained in the International Standards for the
Professional Practice of Internal Auditing.
67. The charter of a newly formed internal auditing department contains the following statement:
“The organizational status of the internal auditing department will be sufficient to permit the
accomplishment of its audit responsibilities”. Select the best reporting lines from the following
relationships, which would promote the accomplishment of the intended organizational status.
Solid line to:
68. According to the IIA Standards, the purpose of an internal auditor's review for effectiveness of
the system of internal control is to ascertain if:
69. The best description of the purpose of internal auditing is that it:
c. Reviews the means of safeguarding assets and, as appropriate, verifies the existence of such
assets.
d. Appraises the economy and efficiency with which resources are employed.
70. The chief audit executive (CAE) of a newly formed internal auditing department is seeking
management approval of a charter. What is the authoritative source for seeking such approval?
a. The IIA Standards which clearly place that responsibility on the director.
b. The appropriate Practice Advisories, which requires the director to take that course of
action.
c. The Code of Ethics which requires internal auditors to document company policy.
71. According to the IIA Standards, the staff of a newly developed internal auditing department
should include:
72. According to the IIA Standards, which of the following best describes the nature of opinions
that are appropriate for internal audit reports?
a. Opinions are generally the auditor's subjective judgments concerning why deficiencies
exist.
b. Opinions are the auditor's evaluations of the effects of the observations and
recommendations on the activities reviewed.
c. Opinions are conclusions that the auditor has reached concerning the appropriateness of the
auditee's objectives.
d. Opinions should only involve the fairness of the auditee's financial statements.
73. The chief audit executive (CAE) is concerned that a recently disclosed fraud was not uncovered
during the last audit of cash operations. A review of the working papers indicated that the
fraudulent transaction was not included in a properly designed statistical sample of transactions
tested. Which of the following applies to this situation?
a. Because cash operation is a high-risk area, 100 percent testing of transactions should have
been performed.
b. The internal auditor acted with Due Professional Care since an appropriate statistical
sample of material transactions was tested.
d. Extraordinary care is necessary in the performance of a cash operations audit and the
auditor should be held responsible for the oversight.
74. In the course of their work, internal auditors must be alert for fraud and other forms of white-
collar crime. The important characteristic that distinguishes fraud from other varieties of white-
collar crime is that:
a. Fraud encompasses an array of irregularities and illegal acts that involve intentional
deception.
b. Unlike other white-collar crimes, fraud is always perpetrated against an outside party.
c. White-collar crime is usually perpetrated for the benefit of an organization, whereas fraud
benefits an individual.
75. During an audit of purchasing, internal auditors found several violations of company policy
concerning competitive bidding. The same condition had been reported in an audit report last year-
and corrective action had not been taken. Which of the following best describes the appropriate
action concerning this repeat finding?
a. The audit report should note that this same condition had been reported in the prior audit.
b. During the exit interview, management should be made aware that a finding from the prior
report had not been corrected.
c. The chief audit executive (CAE) should determine whether management or the board has
assumed the risk of not taking corrective action.
d. The CAE should determine whether this condition should be reported to the independent
auditor and any regulatory agency.
76. Internal auditing is responsible for assisting in the prevention of fraud by:
a. Informing the appropriate authorities within the organization and recommending whatever
investigation is considered necessary in the circumstances when wrongdoing is suspected.
b. Establishing the systems designed to ensure compliance with the organization's policies,
plans, and procedures, as well as applicable laws and regulations.
c. Examining and evaluating the adequacy and the effectiveness of control, commensurate
with the extent of the potential exposure/risk in the various segments of the organization's
operations.
d. Determining whether operating standards have been established for measuring economy
and efficiency, and whether these standards are understood and are being met.
77. Which of the following combination of participants would be most appropriate to attend an
exit conference?
a. The responsible internal auditor and representatives from management who are knowledge-
able of detailed operations and those who can authorize implementation of corrective action.
b. The chief audit executive and the executive in charge of the activity or function audited.
c. Staff auditors who conducted the fieldwork and operating personnel in charge of the daily
performance of the activity or function audited.
d. Staff auditors who conducted the fieldwork and the executive in charge of the activity or
function audited.
78. An internal audit of sales contracts revealed that a bribe had been paid to secure a major
contract. It was considered quite possible that a senior executive had authorized the bribe. Which
of the following best describes the proper distribution of the completed audit report?
a. The report should be distributed to the chief executive officer and the appropriate
regulatory agency.
b. The report should be distributed to the board of directors, the chief executive officer, and
the independent auditor.
c. The chief audit executive should provide the board of directors a copy of the report and
decide whether further distribution is appropriate.
d. The report should be distributed to the board of directors, the appropriate law enforcement
agency, and the appropriate regulatory agency.
b. Reliable and the best attainable through the use of appropriate audit techniques.
c. Consistent with the audit objectives and supports audit observations and recommendations.
80. Which is the lowest organizational level to which the Internal Auditing Department should
address the final report of the operational audit of the Production Department?
81. Which of the following is not ordinarily an objective of a quality assurance review? To
determine compliance with:
83. According to the IIA Standards, an internal auditor should possess proficiency in:
a. Management principles.
84. Which of the following audit committee activities would be of the greatest benefit to the
internal auditing department?
b. Assurance that the external auditor will rely on the work of the internal auditing department
whenever possible.
c. Review and endorsement of all internal audit reports prior to their release.
85. Which of the following relationships best depicts the appropriate dual reporting responsibility
of the internal auditor? Administratively to the:
87. The IIA Standards require an internal auditor to exercise due professional care in performing
internal audits. This includes:
a. Establishing direct communication between the director of internal auditing and the board
of directors.
b. Evaluating established operating standards and determining whether those standards are
acceptable and are being met.
c. Accumulating sufficient evidence so that the auditor can give absolute assurance that
irregularities do not exist.
d. Establishing suitable criteria of education and experience for filling internal audit positions.
88. The chief audit executive (CAE) for a large retail organization reports to the controller and is
responsible for designing and installing computer applications relating to inventory control. Which
of the following is the major limitation of this arrangement?
b. Auditors generally do not have the required expertise to design and implement such
systems.
c. It potentially affects the CAE's independence and thereby lessens the value of audit
services.
d. Such arrangements are unlawful because the director participates in incompatible functions.
89. According to the IIA Standards, the internal auditing department's goals should specify:
a. Audit work schedules and activities to be audited.
90. According to the IIA Standards, internal auditors should possess the knowledge, skills, and
disciplines essential to the performance of internal auditing. This means that all internal auditors
should be proficient in applying:
b. Quantitative methods.
c. Management principles.
91. Coordination of internal and external auditing can reduce the overall audit costs. According to
the IIA Standards, who is responsible for coordinating internal and external audit efforts?
b. External auditor.
d. Management.
92. You have been asked to be a member of a peer review team. In assessing the independence of
the internal audit department being reviewed, you should consider all of the following factors
except:
a. Access to and frequency of communications with the board of directors or its audit
committee.
b. The criteria of education and experience considered necessary when filling vacant positions
on the audit staff.
93. The IIA Standards require that, in most cases, an internal auditing department have
documented policies and procedures to ensure the consistency and quality of audit work. The
exception to this requirement is directly related to:
a. Departmentalization.
b. Division of labor.
c. Span of control.
d. Authority.
94. The chief audit executive (CAE) routinely provides activity reports to the board as part of the
board meeting agenda each quarter. Senior management has asked to review the CAE's board
presentation before each board meeting so that any issues or questions can be discussed
beforehand. The CAE should:
a. Provide the activity reports to senior management as requested and discuss any issues,
which may require action to be taken.
b. Not provide activity reports to senior management because such matters are the sole-
province of the board.
c. Disclose only those matters in the activity reports to the board, which pertain to
expenditures and financial budgets of the internal auditing department.
d. Provide information to senior management that pertains only to completed audits and
findings available in published audit reports.
95. An auditor finds a situation where there is some suspicion, but no evidence, of potential
misstatement. The standard of due professional care would be violated if the auditor:
a. Identified potential ways in which an error could occur and ranked the items for audit
investigation.
b. Informed the audit manager of the suspicions and asked for advice on how to proceed.
c. Did not test for possible misstatement because the audit program had already been
approved by audit management.
d. Expanded the audit program, without the auditee's approval, to address the highest ranked
ways in which a misstatement may have occurred.
96. Which of the following combination of participants would be most appropriate to attend an
exit conference?
a. The responsible internal auditor and representatives from management who are
knowledgeable of detailed operations and those who can authorize implementation of corrective
action.
b. The chief audit executive and the executive in charge of the activity or function audited.
c. Staff auditors who conducted the fieldwork and operating personnel in charge of the daily
performance of the activity or function audited.
d. Staff auditors who conducted the fieldwork and the executive in charge of the activity or
function audited.
97. An internal audit director initiated an audit of the corporate code of ethics and the environment
for ethical decision making. Which of the following would most likely be considered
inappropriate regarding the scope and/or recommendations of the audit?
a. A review of the corporate code of ethics and a comparison to other corporate codes.
b. A survey of corporate employees, asking general questions regarding the ethical quality of
corporate decision making.
d. A survey of the Board of Directors to determine their level of support for a corporate code
of ethics.
98. Which of the following statements is true regarding coordination of internal and external audit
efforts?
a. The chief audit executive (CAE) should not give information about illegal acts to an
external auditor because external auditors may be required to report the matter to the Board and/or
regulatory agencies.
b. Ownership and the confidentiality of the external auditor's working papers prohibit their
review by internal auditors.
c. The CAE should determine that appropriate follow-up and corrective action was taken by
management where required on matters discussed in the external auditor's management letter.
d. If internal auditors provide assistance to the external auditors in connection with the annual
audit, the audit work is not subject to the International Standards for the Professional Practice of
Internal Auditing.
99. An auditor's objectivity could be compromised in all of the following situations except:
a. A conflict of interest.
100. The IIA Standards require that the chief audit executive establish and maintain a quality
assurance program to evaluate the operations of the internal audit department. All of the following
are considered elements of a quality assurance program except:
101. Auditing standards state that the internal auditor may communicate recommendations for im-
provements. Which of the following would be a valid justification for omitting recommendations
in an audit report? The auditor:
a. May not always understand the true cause of the finding being reported.
b. Does not have sufficient time to formulate a recommendation due to audit budget
pressures.
c. Can avoid the confrontation by letting management solve its own problems.
d. May lose independence by being perceived as making operational decisions.
102. When evaluating the independence of an internal audit department, a quality review team
considers several factors. Which of the following factors has the least amount of influence when
judging an internal audit department's independence?
103. As used in the IIA Standards when discussing audit planning or risk assessment, the term risk
is best defined as the probability that:
a. An internal auditor will fail to detect a material error or event that causes financial
statement or internal reports to be misstated or misleading.
c. Management will either knowing or unknowingly, makes decisions that increase the
potential liability of the organization.
104. Which of the following statements is not true regarding risk assessment as the term is used in
internal auditing?
a. Risk assessment is a judgmental process of assigning dollar values to the perceived level of
risk found in an auditable activity. These values allow directors to select the auditees most likely to
result in identifiable audit savings.
b. The chief audit executive (CAE) should incorporate information from a variety of sources
into the risk assessment process, including discussions with the board, management, external
auditors, and review of regulations, and analysis of financial/operating data.
105. A chief audit executive has to determine how an organization can be divided into auditable
activities. Which of the following is an auditable activity?
a. A procedure.
b. A system.
c. An account.
106. When determining the number and experience level of the internal audit staff to be assigned to
an audit, the chief audit executive should consider all of the following except the:
107. The IIA Standards require an auditor to have the knowledge, skills, and disciplines essential
to perform an internal audit. Which of the following correctly describes the level of knowledge or
skill required by the Standards? Auditors must have:
d. A broad appreciation for accounting principles and techniques when auditing the financial
records and reports of the organization.
108. An audit manager responsible for the supervision and review of other auditors needs the
necessary skills and knowledge. Which of the following does not describe a skill or knowledge
necessary to supervise a particular audit assignment?
a. The ability to review and analyze an audit program to determine if the proposed audit
procedures will result in evidence relevant to the audit's objectives.
b. Assuring that an audit report is supported and accurate relative to the evidence documented
in the working papers of the audit.
c. Use risk assessment and other judgmental processes to develop an audit plan and schedule
for the department and present the plan to the audit committee.
d. Determine that staff auditors have completed the audit procedures and that audit objectives
have been met.
109. You have been asked to be a member of a peer review team. In assessing the independence of
the internal audit department being reviewed, you should consider all of the following factors
except:
a. Access to and frequency of communications with the board of directors or its audit
committee.
b. The criteria of education and experience considered necessary when filling vacant positions
on the audit staff.
d. The scope and depth of audit objectives for the audits included in the review.
110. A written charter, approved by the board of directors, which outlines the internal audit
department's purpose, authority, and responsibility is primarily meant to enhance the department's:
d. Independence.
111. In the past, the internal auditing department of XYZ Company designed and installed
computerized systems for the company. A newly appointed member of the audit committee has
questioned the auditing department's independence due to its performance of that activity. Which
of the following actions would best satisfy the committee's concern regarding independence?
a. The internal audit department should continue to design and install other computer systems
as long as the internal audit staff possesses the expertise to do so.
b. The internal audit department should refrain from designing and installing any computer
systems for their organization in the future.
c. The internal audit department should not assign those internal auditors who designed and
installed the payroll system to audit the payroll area.
d. The internal audit department should refrain from operating and drafting procedures for
any of its organization's systems.
112. A professional engineer applied for a position in the internal auditing department of a high-
technology firm. The engineer became interested in the position after observing several internal
auditors while they were auditing the engineering department. The chief audit executive:
a. Should not hire the engineer because of the lack of knowledge of internal auditing
standards.
b. May hire the engineer in spite of the lack of knowledge of internal auditing standards.
c. Should not hire the engineer because of the lack of knowledge of accounting and taxes.
d. May hire the engineer because of the knowledge of internal auditing gained in the previous
position.
113. Specific airline ticket information, including fare class, purchase date, and lowest available
fare options, as prescribed in the company's travel policy, is obtained and reported to department
management when employees purchase airline tickets from the company's authorized travel
agency. Such a report provides information for:
114. Audit policy requires that final reports will not be issued without a management response. An
audit with significant findings is complete except for management's response. Evaluate the
following courses of action and select the best alternative.
b. Modify audit policy to allow a specific time period for the management response.
115. Audit findings often emerge by a process of comparing “what should be” with “what is.”
Findings are based on the attributes of criteria, condition, cause and effect. From the following
descriptions, which one most appropriately describes the effect of the audit finding?
a. Reason for the difference between the expected and actual conditions.
116. Management asserted that the performance standards the auditors used to evaluate operating
performance were inappropriate. Written performance standards which had been established by
management were vague and had to be interpreted by the auditor. In such cases auditors may meet
their due professional care responsibility by:
b. Assuring themselves that their interpretations are in line with industry practices.
a. Required supervisory review of all audit programs, working papers, and draft audit reports.
c. Required compliance with the Code of Ethics of the Institute of Internal Auditors.
d. Required educational standards for all members of the professional audit staff.
118. An audit supervisor would challenge whether audit evidence is sufficient to support the
conclusion that journal entries are properly prepared and approved if the working papers included:
a. A note stating the controller's assurance those journal-entries are always looked at by the
accounting supervisor before entry into the computer system.
119. The internal auditing department has concluded a fraud investigation, which revealed a
previously undiscovered materially adverse impact on the financial position and results of
operations for two years on which financial statements have already been issued. The chief audit
executive should immediately inform:
a. The external audit firm responsible for the financial statements affected by the discovery.
d. The internal accounting function ultimately responsible for making corrective journal
entries.
120. According to the IIA Standards, internal auditing has a responsibility for helping to deter
fraud. Which of the following best describes how this responsibility is generally met?
a. By coordinating with security personnel and law enforcement agencies in the investigation
of possible frauds.
d. By evaluating the adequacy and effectiveness of controls in light of the potential exposure
or risk.
121. An internal auditor observes that a receivables clerk has physical access to and control of cash
receipts. The auditor worked with the clerk several years before and has a high level of trust in the
individual. Accordingly, the auditor notes in the working papers that controls over receipts are
adequate. Is the auditor in compliance with the Standards?
c. No, alertness to conditions where irregularities are most likely was not shown.
122. Which of the following most seriously compromises the independence of the internal auditing
department?
a. Internal auditors frequently draft revised procedures for departments whose procedures
they have criticized in an audit report.
b. The chief audit executive has dual reporting responsibility to the firm's top executive and
the board of directors.
c. The internal auditing department and the firm's external auditors engage in joint planning
of total audit coverage to avoid duplicating each other's work.
d. The internal auditing department is included in the review cycle of the firm's contracts with
other firms before the contracts are executed.
123. An internal auditor has uncovered illegal acts, which were committed by a member of senior
management. According to the IIA Standards, such information:
a. Should be excluded from the internal auditor's report and discussed orally with the senior
manager.
d. May be disclosed in a separate report and distributed to the company's audit committee of
the board of directors.
124. The internal auditing department for a chain of retail stores recently concluded an audit of
sales adjustments in all stores in the southeast region. The audit revealed that several stores are
costing the company an estimated $85,000 per quarter in duplicate credits to customers' charge
accounts.
The audit report, published eight weeks after the audit was concluded, included the internal
auditors' recommendations to store management that should prevent duplicate credits to customers'
accounts.
Which of the following standards for reporting has been disregarded in the above case?
b. The auditors should have implemented appropriate corrective action as soon as the
duplicate credits were discovered.
125. During an audit of the organization's accounts payable function, an internal auditor plans to
confirm balances with suppliers. What is the source of authority for such contacts with units
outside the organization?
126. The chief audit executive is responsible for establishing a program to develop the human
resources of the internal auditing department. According to the IIA Standards, this program should
include:
127. The IIA Standards require the performance of periodic internal reviews by members of the
internal auditing staff. This function is designed to primarily serve the needs of:
c. Management.
128. According to the IIA Standards, which of the following is the correct listing of information
which must be included in a fraud report?
a. Purpose, Scope, Results and, where appropriate, an expression of the auditor's opinion.
129. An internal auditor reported a suspected fraud to the chief audit executive (CAE). The CAE
turned the entire case over to the Security Department. Security failed to investigate or report the
case to management. The perpetrator continued to defraud the organization until being accidentally
discovered by a line manager two years later. Select the most appropriate action for the CAE:
a. The CAE's actions were correct.
b. The CAE should have periodically checked the status of the case with Security.
130. An internal auditor has just completed an audit of a division and is in the process of preparing
the audit report. According to the IIA Standards, the observations in the audit report should
include:
b. Pertinent factual statements concerning the control weaknesses which were uncovered
during the course of the audit.
c. Statements of both fact and opinion developed during the course of the audit.
d. Statements which may deal with potential future events that may be helpful to the audited
division.
131. According to the IIA Standards, supervision of an audit assignment should include:
a. Determining that audit working papers adequately support the audit observations.
132. Which of the following reporting structures would best depict the internal audit organizational
guidelines contained in the IIA Standards?
a. Cite authoritative support, such as the IIA Standards, for such a plan.
b. Consider factors such as risk, exposure, and potential loss to the organization.
c. State whether all audit resources had been committed to the plan.
134. The Audit Committee can serve several important purposes, some of which directly benefit
internal auditing. The most significant benefit provided by the Audit Committee to the internal
auditor is:
c. Approving audit plans, scheduling, staffing, and meeting with the internal auditor as
needed.
d. Reviewing copies of the internal control procedures for selected company operations and
meeting with company officials to discuss them.
135. The IIA Standards indicate that independence permits internal auditors to render the impartial
and unbiased judgments essential to the proper conduct of audits. Which of the following would
best promote independence?
a. A policy that requires internal auditors to report to the chief audit executive any situation in
which a conflict of interest or bias on the part of the individual auditor is present or may reasonably
be inferred.
d. An organizational policy that prevents personnel transfers from operating activities to the
internal audit department.
136. The IIA Standards require written policies and procedures to guide the audit staff. Which of
the following statements is false with respect to this requirement?
a. The form and content of written policies and procedures should be appropriate to the size
of the department.
b. All internal audit departments should have a detailed policies and procedures manual.
c. Formal administrative and technical audit manuals may not be needed by all internal
auditing departments.
d. A small internal auditing department may be managed informally through close supervision
and written memos.
137. According to the IIA Standards, the chief audit executive should establish goals that have two
basic qualities. Select the correct traits of Internal Auditing goals:
138. Internal audit reports should contain the purpose, scope, and results. The audit results should
contain the criteria, condition, effect, and cause of the finding. The cause can best be described as:
b. Reason for the difference between the expected and actual conditions.
a. Interim reports.
b. Summary reports.
c. Oral reports.
140. If an internal auditor finds that no corrective action has been taken on a prior audit finding
which is still valid, the IIA Standards states that the internal auditor should:
a. Restate the prior finding along with the findings of the current audit.
b. Determine whether management or the board has assumed the risk of not taking corrective
action.
141. Internal auditing is responsible for reporting fraud to senior management or the board when:
a. The incidence of fraud of a material amount has been established to a reasonable certainty.
142. According to the IIA Standards, the role of internal auditing in the investigation of fraud
includes all of the following, except:
a. Assessing the probable level and extent of complicity in the fraud within the organization.
b. Designing the procedures to follow in attempting to identify the perpetrators, extent of the
fraud, techniques used, and cause of the fraud.
c. Coordinating activities with management personnel, legal counsel, and other appropriate
specialists throughout the investigation.
143. After completing an investigation, internal auditing has concluded that an employee has stolen
a material amount of cash receipts. A draft of the proposed report on this finding should be
reviewed by:
a. Legal counsel.
144. The IIA Standards specify that final audit reports should be reviewed and approved by the:
b. Auditor-in-charge.
145. According to the IIA Standards, internal auditors should review the means of physically
safeguarding assets from losses arising from:
b. Direct access to the audit committee tends to enhance internal auditing's independence and
objectivity.
c. With direct access, the director of internal auditing is in a better position to affect policy
decisions.
d. The audit committee must authorize implementation of audit recommendations that involve
financial reporting.
147. According to the IIA Standards, a report issued by an internal auditor should contain an
expression of opinion when:
As an internal auditor for a multinational chemical company, you have been assigned to perform an
operational audit at a local plant. This plant is similar in age, sizing, and construction to two other
company plants that have been recently cited for discharge of hazardous wastes. In addition, you
are aware that chemicals manufactured at the plant release toxic by-products.
148. Assume that you have evidence that the plant is discharging hazardous wastes. As a Certified
Internal Auditor, what are the appropriate reporting requirements in this situation?
b. Ignore the issue; the regulatory inspectors are better qualified to assess the danger.
149. Identify your responsibility for detection of a hazardous waste discharge problem.
b. You are responsible for ensuring compliance with company policies and procedures.
c. Operational audits do not require a determination of compliance with laws and regulations.
d. You are required by the Standards to determine compliance with laws and regulations.
a. Supporting the audit observations and being consistent with the audit objectives.
c. Factual, adequate, and convincing so that a prudent person would reach the same
conclusion as auditor.
d. Reliable and the best available through the use of appropriate audit techniques.
a. Management has planned and organized in a manner, which provides reasonable assurance,
that the organization's objectives will be achieved efficiently and effectively.
b. Management has exercised due professional care in the design of operating and functional
systems.
c. Operating and functional systems are designed, installed, and implemented in compliance
with law.
d. Management has designed, installed and implemented efficient operating and functional
systems.
152. A company's management accountants prepared a set of reports for top management. These
reports detail the funds expended and the expenses incurred by each department for the current
reporting period. The function of internal auditing would be to:
a. Ensure against any and all noncompliance of reporting procedures.
b. Review the expenditure items and match each item with the expenses incurred.
153. Independence permits internal auditors to render impartial and unbiased judgments. The best
way to achieve independence is through:
154. When faced with an imposed scope limitation, the chief audit executive should:
b. Communicate the potential effects of the scope limitation to the audit committee of the
board of directors.
155. Which of the following is not a requirement of a long-range plan for the internal auditing
department?
a. Submit copies of all audit reports to both top management and the audit committee.
c. Discuss all reports to top management with the audit committee first.
d. Request board acceptance of charter, which include internal auditing relationships with the
audit committee.
157. According to the IIA Standards, internal auditors should possess all of the following except:
158. Which of the following aspects of evaluating the performance of staff members would be
considered as a violation of good personnel management techniques?
a. The evaluator should justify very high and very low evaluations because of their impact on
the employee.
b. Evaluations should be made annually or more frequently to provide the employee feedback
about competence.
c. The first evaluation should be made shortly after commencing work to serve as an early
guide to the new employee.
159. According to the IIA Standards concerning due professional care, an internal auditor should:
a. Consider the relative materiality or significance of matters to which audit procedures are
applied.
b. Emphasize the potential benefits of an audit without regard to the cost.
c. Consider whether established operating standards are being met and not whether those
standards are acceptable.
d. Select procedures that are likely to provide absolute assurance those irregularities do not
exist.
160. Which of the items below would most likely reflect differences between the policies of a
relatively small and relatively large internal auditing operation? The policies for the large
operation should:
d. Be in considerable detail.
161. An audit committee of the Board of Directors of a corporation is being established. Which of
the following would normally be a responsibility of the committee?
162. While performing a construction audit, the auditor suspects that the structural steel used does
not conform to contract specifications. The internal auditing department does not have an engineer
on the staff. According to the IIA Standards, the appropriate course of action is to:
b. Ask a company or consulting engineer to determine whether the steel conforms to the
contract specifications.
a. Authorize access to records, personnel, and physical properties relevant to the performance
of audits.
d. Define the audit department's work schedule, staffing plan, and financial budget.
164. According to the IIA Standards, activity reports submitted periodically to management and to
the board should:
165. An internal auditing director is establishing the evaluation criteria for the selection of new
internal audit staff members. According to the IIA Standards, which of the following would be an
inappropriate item to list?
166. The person responsible for audit report distribution should be:
167. The IIA Standards require that the internal auditing department provide assurance that internal
audits are properly supervised in order to:
a. The objectives of the audit and the scope of the audit work are known by the auditee.
d. The list of persons who are to receive the final report are identified.
169. You transferred from the treasury department to the internal auditing department of the same
company last month. The Chief Financial Officer of the company has suggested that since you
have significant knowledge in this area, it would be a good idea for you to immediately begin an
audit of the treasury department. In this circumstance you should:
b. Discuss the need for such an audit with your former superior, the Treasurer.
c. Suggest that the audit be performed by another member of the internal auditing staff.
d. Offer to prepare an audit program but suggest that interviews with your former co-workers
be conducted by other members of the internal auditing staff.
170. Which of the following is the most appropriate method of reporting disagreement between the
auditor and the auditee concerning audit findings and recommendations?
a. State the auditor's position because the report is designed to provide the auditor's
independent view.
b. State the auditee's position because management is ultimately responsible for the activities
reported.
c. State both positions and identify the reasons for the disagreement.
d. State neither position. If the disagreement is ultimately resolved, there will be no reason to
report the previous disagreement. If the disagreement is never resolved, the disagreement should
not be reported, because there is no mechanism to resolve it.
171. Which of the following does not describe one of the primary functions of audit working
papers?
172. Which of the following statements most correctly reflects the chief audit executive’s (CAE’s)
responsibilities for personnel management and development as reflected in the IIA Standards?
a. The CAE is responsible for selecting qualified individuals but has no explicit responsibility
for providing ongoing educational opportunities for the internal auditor.
b. The CAE is responsible for performing an annual review of each internal auditor's
performance but has no explicit responsibility for counseling internal auditors on their performance
and professional development.
c. The CAE is responsible for selecting qualified individuals but has no explicit responsibility
for the preparation of job descriptions.
d. The CAE is responsible for developing formal job descriptions for the audit staff but has no
explicit responsibility for administering the corporate compensation program.
173. During the year-end physical inventory process, the auditor observed over $1.2 million worth
of items staged in the shipping area and marked "Sold - Do Not Inventory." The customer had
been on credit hold for three months because of bankruptcy proceedings, but the sales manager had
ordered the shipping supervisor to treat the inventory as sold for physical inventory purposes. The
auditor noted the terms of sale were "FOB Warehouse." After confirming no change in corporate
policy, the auditor should:
a. Recommend that the inventory staged in the shipping area be counted and included along
with the rest of the physical inventory results.
b. Make test counts and trace the results to appropriate records to ensure that the cost is
properly relieved from inventory.
c. Follow up with appropriate procedures to ensure that the inventory staged in the shipping
area appears on related invoicing documentation.
d. Request copies of the signed bills of lading to include with working papers for this physical
inventory.
174. According to the IIA Standards, the organizational status of the internal auditing department:
c. Requires the board's annual approval of the audit schedules, plans and budgets.
176. “Due professional care implies reasonable care and competence, not infallibility or
extraordinary performance.” This statement makes which of the following unnecessary:
a. The conduct of examinations and verifications to a reasonable extent.
177. Management asserted that the performance standards the auditors used to evaluate operating
performance were inappropriate. Written performance standards which had been established by
management were vague and had to be interpreted by the auditor. In such cases auditors may meet
their due professional care responsibility by:
b. Assuring themselves that their interpretations are in line with industry practices.
178. Which of the following is not a true statement about the relationship between internal auditors
and external auditors?
a. External auditors must assess the competence and objectivity of internal auditors.
b. There may be periodic meetings between internal and external auditors to discuss matters
of mutual interest.
d. Internal auditors may provide audit programs and working papers to external auditors.
179. In recent years which of the following two factors have changed the relationship between
internal auditors and external auditors so that internal auditors are partners rather than
subordinates?
a. The increasing liability of external auditors and the increasing professionalism of internal
auditors.
b. The increasing professionalism of internal auditors and the evolving economics of external
auditing.
c. The increased reliance on computerized accounting systems and the evolving economics of
external auditing.
d. The globalization of audit entities and the increased reliance on computerized accounting
systems.
After using the same public accounting firm for several years, the board of directors retained
another public accounting firm to perform the annual financial audit in order to reduce the annual
audit fee. The new firm has now proposed a one-time audit of the cost-effectiveness of the various
operations of the business. The chief audit executive has been asked to advise management in
making a decision on the proposal.
180. An argument can be made that the internal auditing department would be better able to
perform such an audit because:
a. External auditors may not possess the same depth of understanding of the company as the
internal auditors.
c. Audit techniques used by internal auditors are different from those used by external
auditors.
d. Internal auditors will not be vitally concerned with fraud and waste.
181. Additional criteria that should be considered by management in evaluating the proposal would
include all the following except:
182. To improve audit efficiency, internal auditors can rely upon the work of external auditors if it
is:
a. Performed after the internal audit.
You are the chief audit executive of a parent company that has foreign subsidiaries. Independent
external audits performed for the parent company are not conducted by the same firm that conducts
the foreign subsidiary audits. Since your department occasionally provides direct assistance to both
external firms, you have copies of audit programs and selected working papers produced by each
firm.
183. The foreign subsidiary's audit firm would like to rely on some of the work performed by the
parent company's audit firm, but they need to review the working papers first. They have asked
you for copies of the parent Company's audit firm working papers. Select the most appropriate
response to the foreign subsidiary's auditors:
a. Provide copies of the working papers without notifying the parent company's audit firm.
b. Notify the parent company's audit firm of the situation and request that either they provide
the working papers or authorize you to do so.
c. Provide copies of the working papers and notify the parent company's audit firm that you
have done so.
184. The foreign subsidiary's audit firm wants to rely on an audit of a function at the parent
company. The audit was conducted by the internal auditing department. To place reliance on the
work performed, the foreign subsidiary's auditors have requested copies of the working papers.
Select the most appropriate response to the foreign subsidiary's auditors:
b. Ask the parent company's audit firm if it is appropriate to release the working papers.
c. Ask the Audit Committee for permission to release the working papers.
a. Determine if audit work in this area could not be performed exclusively by internal
auditing.
b. Coordinate the pension audit so as to fulfill the scope of work and not duplicate work of the
independent outside auditor.
c. Ascertain which account balances have been tested by the independent outside auditor so
that internal auditing may test the internal controls to determine the reliability of these balances.
d. Determine whether the independent outside auditor's audit techniques, methods and
terminology should be used by internal auditing in this area to conform with past audit work or to
use techniques consistent with other internal auditors.
186. A certified internal auditor (CIA) is working in a non-internal audit position as the director of
purchasing. The CIA signs a contract to procure a large order from the supplier with the best price,
quality, and performance. Shortly after signing the contract, the supplier presents the CIA with a
gift of significant monetary value. Which of the following statements regarding the acceptance of
the gift is correct?
b. Acceptance of the gift would violate the IIA Code of Ethics and would be prohibited for a
CIA.
c. Since the CIA is no longer acting as an internal auditor, acceptance of the gift would be
governed only by the organization’s code of conduct.
d. Since the contract was signed before the gift was offered, acceptance of the gift would not
violate either the IIA Code of Ethics or the organization’s code of conduct.
187. An auditor, nearly finished with an audit, discovers that the director of marketing has a
gambling habit. The gambling issue is not directly related to the existing audit and there is pressure
to complete the current audit. The auditor notes the problem and passes the information on to the
chief audit executive but does no further follow-up. The auditor’s actions would:
b. Be in violation of the Standards because the auditor did not properly follow-up on a red
flag that might indicate the existence of fraud.
d. Both a and b.
188. As used by the internal auditing profession, the IIA Standards refer to all of the following
except:
a. Criteria by which the operations of an internal audit department are evaluated and
measured.
b. Criteria which dictate the minimum level of ethical actions to be taken by internal auditors.
189. Which of the following situations would be a violation of the IIA Code of Ethics?
a. An auditor was subpoenaed in a court case in which a merger partner claimed to have been
defrauded by the auditor’s company. The auditor divulged confidential audit information to the
court.
c. An auditor gave a speech at a local IIA chapter meeting outlining the contents of a program
the auditor had developed for auditing electronic data interchange (EDI) connections. Several
auditors from major competitors were in the audience.
d. During an audit, an auditor learned that the company was about to introduce a new product
that would revolutionize the industry. Because of the probable success of the new product, the
product manager suggested that the auditor buy additional stock in the company, which the auditor
did.
190. In applying the standards of conduct set forth in the Code of Ethics, internal auditors are
expected to:
191. During an audit of a manufacturing division of a defense contractor, the auditor came across a
scheme which looked like the company was inappropriately adding costs to a cost-plus govern-
mental contract. The auditor discussed the manner with senior management, which suggested that
the auditor seek an opinion from legal counsel. The auditor did so and, upon review of the
government contract, legal counsel indicated that the practice was questionable, but did offer the
opinion that the practice was not technically in violation of the government contract. Based on
legal counsel's decision, the auditor decided to omit any discussion of the practice in the formal
audit report that went to management and the audit committee, but did informally communicate
legal counsel's decision to management. Did the auditor violate The IIA's Code of Ethics?
a. No. The auditor followed up the matter with appropriate personnel within the organization
and reached a conclusion that no fraud was involved.
b. No. If a fraud is suspected, it should be resolved at the divisional level where it is taking
place.
d. Yes. Internal legal counsel's opinion is not sufficient. The auditor should have sought
advice from outside legal counsel.
192. An internal auditor, recently terminated from a company due to downsizing, has found a job
with another company in the same industry. Which of the following disclosures made by the
internal auditor to the new organization would constitute a violation of The IIA's Code of Ethics?
a. The auditor used the audit risk approach that was used by the auditor's former employer in
determining audit priorities in the new job.
b. The new audit department does not utilize probability proportional to size (PPS) sampling
and the auditor believes PPS sampling has advantages for many of the types of audits conducted by
the new employer. The auditor conducts training sessions and develops forms to implement
sampling in the same manner as the previous employer.
c. While at the previous firm, the auditor conducted a great deal of research to identify "best
practices" for the management of the treasury function as part of an audit for that firm. Since most
of the research was done at home and during non-office hours, the auditor retained much of the
research and plans to use it in conducting an audit of the treasury function at the new employer.
193. Which of the following could be an organization factor that might adversely affect the ethical
behavior of the chief audit executive (CAE)?
a. The CAE reports directly to an independent audit committee of the board of directors.
c. The CAE may not be appointed or approved without concurrence of the board of directors.
d. The CAE’s annual bonuses are based on dollar recoveries or recommended future savings
as a result of audits.
c. A list of illegal activities which are proscribed to the members of the profession.
195. The IIA’s Code of Ethics identifies three personal characteristics that form the foundation
upon which the entire Code rests. Which is not one of these three personal characteristics?
a. Objectivity.
b. Diligence.
c. Probity.
d. Honesty.
196. Under the IIA’s Code of Ethics' provisions with respect to gifts and fees, which of the
following would be acceptable for an internal auditor to receive?
a. A pen received from the sales manager of a subsidiary with the imprinted name of the
company's product and a phone number.
b. A dinner and baseball tickets from the manager of a department being audited. The tickets
are usually made available to employees of the audited department.
c. A dinner and baseball tickets from the manager of a department that has never been audited
and for which there are no plans for a future audit. The tickets are usually made available to
employees of that department.
197. A Certified Internal Auditor (CIA) is found to have committed a very serious violation of the
Code of Ethics of the Institute of Internal Auditors. Which of the following describes the
disciplinary action most likely to be imposed by the Institute? The CIA will:
198. Which of the following actions by an internal auditor would violate the IIA’s Code of Ethics?
199. An internal auditor for XYZ Company is auditing the revenues and operating expenses of a
shopping mall managed by ABC company. ABC is the operating partner of this joint venture with
XYZ. The internal auditor discovers numerous audit exceptions where some credits will be due to
each party. Which of the following should the auditor report in this situation?
d. All material audit exceptions and provide ABC with a net amount due.
200. Which of the following actions by an auditor would violate the IIA’s Code of Ethics?
201. Through an audit of the credit department, the chief audit executive (CAE) became aware of a
material misstatement of the year-end accounts receivable balance. The external auditor has
completed his audit without detecting the misstatement. What should the CAE do in this situation?
b. Report the misstatement to management when the external auditor presents his report.
c. Exclude the misstatement from the internal audit report since the external auditor is
responsible to express an opinion on the financial statements.
d. Perform additional audit work on account receivable balances to benefit the external
auditor.
202. A Certified Internal Auditor (CIA) who is judged by the IIA’s Board of Directors to be in
violation of the provisions of the IIA’s Code of Ethics shall be subject to:
203. In a review of warranty programs for new products introduced by a company with low and
declining profits, an auditor has determined, and management has acknowledged, that the company
will be unable to fulfill promised warranty coverage. The auditor should:
b. Inform customers.
204. A Certified Internal Auditor (CIA) is found to have committed a violation of the Code of
Ethics of the Institute of Internal Auditors. The violation is not serious enough to warrant the
maximum disciplinary action. The most likely result is that the CIA will:
b. Lose his or her CIA designation permanently unless subsequent reinstatement is approved
by the Board of Directors of the Institute.
c. Be prohibited from engaging in the practice of internal auditing for a period not to exceed
60 days.
d. Receive from the Institute's Board of Directors a written censure, which outlines the
consequences of repeated similar actions.
205. Internal auditors should be prudent in their relationships with persons and organizations
external to their employers. Which of the following activities would most likely not adversely
affect internal auditors' ethical behavior?
206. A primary purpose for establishing a Code of Conduct within a professional organization is to:
a. Reduce the likelihood that members of the profession will be sued for substandard work.
b. Ensure that all members of the profession perform at approximately the same level of
competence.
d. Require members of the profession to exhibit loyalty in all matters pertaining to the affairs
of their organization.
207. An auditor discovers some material inefficiency in a purchasing function. The purchasing
manager happens to be the auditor's next-door neighbor and best friend. In accordance with the
Code of Ethics, the auditor should:
c. Include the facts of the case in a special report submitted only to the friend.
208. Which of the following actions could be construed as a violation of the IIA’s Code of Ethics?
d. Including an internal control problem in a report, when it has been corrected prior to
completion of the audit.
209. Which of the following would constitute a violation of the IIA's Code of Ethics?
a. Janice has accepted an assignment to audit the electronics manufacturing division. Janice
has recently joined the internal auditing department. But she was senior auditor for the external
audit of that division and has audited many electronics companies during the past two years.
b. George has been assigned to do an audit of the warehousing function six months from now.
George has no expertise in that area but accepted the assignment anyway. He has signed up for
continuing professional education courses in warehousing, which will be completed before his
assignment begins.
c. Jane is content with her career as an internal auditor and has come to look at it as a regular
9 to 5 job. She has not engaged in continuing professional education or other activities to improve
her effectiveness during the last three years. However, she feels she is performing the same quality
work she always has.
d. John discovered an internal financial fraud during the year. The books were adjusted to
properly reflect the loss associated with the fraud. John discussed the fraud with the external
auditor when the external auditor reviewed working papers detailing the incident.
210. Which of the following would be permissible under the IIA’s Code of Ethics?
c. Accepting an unexpected gift from an employee whom you have praised in a recent audit
report.
d. Not reporting significant findings about illegal activity to the audit committee because
management has indicated it will handle the issue.
211. During an audit, an employee with whom you have developed a good working relationship in-
forms you that she has some information about top management, which would be damaging to the
organization and may concern illegal activities. The employee does not want her name associated
with the release of the information. Which of the following actions would be considered inconsis-
tent with the IIA’s Code of Ethics and Standards?
a. Assure the employee that you can maintain her anonymity and listen to the information.
c. Inform the individual that you will attempt to keep the source of the information
confidential and will look into the matter further.
212. An internal auditor for a large regional bank holding company was asked to serve on the
board of directors of a local bank. The bank competes in many of the same markets as the bank
holding company, but focuses more on consumer financing than on business financing. In
accepting this position, the auditor:
I. Violates the IIA Code of Ethics because serving on the board may be in conflict
with the best interests of the auditor’s employer.
II. Violates the IIA Code of Ethics because the information gained while serving on the board
of directors of the local bank may influence recommendations regarding potential acquisitions.
a. I only.
b. II only.
c. I and II.
213. The chief audit executive has been appointed to a committee to evaluate the appointment of
the external auditors. The engagement partner for the external accounting firm wants the director to
join him for a week of hunting at his private lodge. The CAE should:
214. In a review of travel and entertainment expenses, a Certified Internal Auditor (CIA)
questioned the business purposes of an officer's reimbursed travel expenses. The officer promised
to compensate for the questioned amounts by not claiming legitimate expenses in the future. If the
officer makes good on the promise, the internal auditor:
d. Should recommend that the officer forfeit any frequent flyer miles received as part of the
questionable travel.
215. The standards of conduct set forth in the IIA’s Code of Ethics:
216. Today's internal auditor will often encounter a wide range of potential ethical dilemmas, not
all of which are explicitly addressed by The Institute of Internal Auditors' (IIA’s) Code of Ethics. If
the auditor encounters such a dilemma, the auditor should always:
b. Consider all parties affected and the potential consequences of actions, and take an action
consistent with the objectives of internal auditing and the principles and rules of conduct embodied
in the IIA’s Code of Ethics.
d. Act consistently with the Code of Ethics adopted by the organization even if such action
would not be consistent with the IIA’s Code of Ethics.
217. An internal auditor has been assigned to audit a foreign subsidiary. The auditor is aware that
the social climate of the country is such that “facilitating payments” (bribes) are often used to make
things happen and are an accepted part of that society. The auditor has completed an audit of the
division and has found significant weaknesses relating to important controls. The division manager
offers the auditor a substantial “facilitating payment” to omit the audit findings from the audit
report with a provision that the auditor could re-visit the division in six months so the auditor could
verify that the problem areas had been properly addressed. The auditor should:
a. Not accept the payment since such acceptance would be in conflict with the Code of
Ethics.
b. Not accept the payment, but omit the findings as long as there is a verification visit in six
months.
c. Accept the offer since it is consistent with the ethical concepts of the country in which the
division is doing business.
d. Accept the payment because it has the effect of doing the greatest good for the greatest
number; the auditor is better off, the division is better off, and the organization is better off because
there is strong motivation to correct the deficiencies found by the auditor.
218. A certified internal auditor (CIA), who performs financial, operational, and information
systems audits, is now facing an ethical dilemma. During an audit, he discovered several illegal
activities conducted by senior management of his firm. What should the auditor do now?
a. Comply with the Institute of Management Accountants’ (IMA’s) code of ethics and
standards.
b. Comply with the American Institute of Certified Public Accountants’ (AICPA’s) code of
ethics and standards.
c. Comply with the Institute of Internal Auditors’ (IIA’s) code of ethics and standards.
d. Comply with the Information Systems and Audit Control Association’s (ISACA’s) code
of ethics and standards.
A staff auditor has been assigned to the Treasury audit for the second consecutive year. The
auditor confirmed investment securities held by a brokerage house and realized that several large
securities were improperly used as collateral for personal loans a few years ago by the current
Treasurer. Last year the staff auditor had mistakenly signed off on the audit steps involving the
confirmations and verification of the securities without completing all of the steps. The audit
manager also mistakenly signed off on the review last year. When the error was detected this year,
the audit manager commented that "it was an error, but the loan has been repaid, and the securities
returned. We have corrected the control weakness, and I'm positive it will not happen again. Pursuit
of this issue will be an embarrassment to everyone involved. Leave it like it is."
219. Which of the following should be considered by the staff auditor when deciding whether or
not to report the situation?
220. As a staff auditor, which of the following actions would be considered a violation of the IIA
Standards or Code of Ethics?
a. Inform the audit manager that you will be including the information in your working papers
as an audit finding.
b. Discuss the matter with the chief audit executive without further discussion with the audit
manager.
d. Resign from the audit department and company if further action is not taken on the matter.
221. Which of the following situations would most likely be considered a violation of the IIA’s
Code of Ethics and thus the Standards?
a. As chief audit executive (CAE) you have become perplexed as to how to resolve a
particular disagreement between you and auditee management regarding the finding and
recommendation in a very sensitive audit area. Unsure as to what to do, you discuss the detail of
the finding and your proposed recommendation with a fellow CAE you know from your work in
The Institute of Internal Auditors, local chapter.
b. After researching and developing the proposed yearly audit plan, your company audit
charter requires that as CAE you present the plan to the audit committee for its approval and
suggestions.
c. Your audit manager has just removed your most significant finding and recommendation
from your audit report. Being the in-charge auditor, you have voiced your opposition to the
removal and have explained that you know the reported condition exists. Although you agree that,
technically, the audit lacks sufficient evidence to support the finding, management cannot explain
the condition and your audit finding is the only reasonable conclusion.
d. Because your department lacks skill and knowledge in a specialty area, your CAE has
engaged the services of an expert consultant. As audit manager you have been asked to review the
expert's approach to the assignment. You are knowledgeable regarding the area under review but
are hesitant to accept the assignment because you lack the expertise to judge the validity of the
expert's conclusion.
222. Internal auditors sometimes express opinions in audit reports in addition to stating facts. Due
professional care requires that the auditor's opinions be:
a. Based on sufficient factual evidence that warrants the expression of the opinions.
223. An accounting association established a Code of Ethics for all members. Identify the
association's primary purpose for establishing the Code of Ethics.
c. Note the condition in the working papers but refrain from reporting it because it benefits
the organization.
225. An organization has recently placed a former operating manager in the position of chief audit
executive (CAE). The new CAE is not a member of The IIA and is not a CIA. Henceforth, the
internal auditing department will be run strictly by the CAE’s standards, not The IIA's. All four
staff auditors are members of The Institute, but they are not CIAs. According to the IIA’s Code of
Ethics, what is the best course of action for the staff auditors?
a. The Code does not apply because the auditors are not CIAs.
b. The auditors should adopt suitable means to comply with the IIA Standards.
c. The auditors must exhibit loyalty to the organization and ignore the IIA Standards.
226. A primary purpose for establishing a Code of Conduct within a professional organization is to:
a. Reduce the likelihood that members of the profession will be sued for substandard work.
b. Ensure that all members of the profession perform at approximately the same level of
competence.
d. Require members of the profession to exhibit loyalty in all matters pertaining to the affairs
of their organization.
227. While performing an operational audit of the firm's production cycle, an internal auditor
discovers that, in the absence of specific guidelines, some engineers and buyers routinely accept
vacation trips paid by certain of the firm's vendors. Other engineers and buyers will not accept
even a working lunch paid for by a vendor. Which of the following actions should the internal
auditor take?
a. None. The engineers and buyers are professionals. It is inappropriate for an internal auditor
to interfere in what is essentially a personal decision.
b. Informally counsel the engineers and buyers who accept the vacation trips. This helps
prevent the possibility of kickbacks, while preserving good auditor/auditee relations.
c. Formally recommend that the organization establish a corporate Code of Ethics. Guidelines
of acceptable conduct, within which individual decisions may be made, should be provided.
d. Issue a formal deficiency report naming the personnel who accept vacations but make no
recommendations. Corrective action is the responsibility of management.
228. You work for an organization that has adopted a conflict-of-interest policy, which prohibits
any activity contrary to the best interests and wellbeing of the organization. Which of the
following statements should be included in the policy to illustrate unacceptable behavior?
c. Providing a mailing list of company employees to a relative whom is offering training that
might benefit the organization.
229. The IIA’s Code of Ethics requires IIA members to exercise three particular qualities in the per-
formance of their duties. These three qualities are:
231. Which of the following involves a violation of the IIA’s Code of Ethics?
b. Unlike other employees, the auditors always fly first-class to maintain the appearance of
independence.
c. With the consent of senior management, an auditor accepted a gift from an auditee depart-
ment, which was given as a reward for finding a major inefficiency.
232. The IIA’s Board of Directors has been informed that a Certified Internal Auditor (CIA) was
tried and convicted of tax evasion. The probable consequences for this person are:
a. Immediate revocation of the CIA designation by the Internal Auditing Standards Board.
b. Nothing; the act was performed outside of the normal line of work.
233. A chief audit executive (CAE) learns that a staff auditor has provided confidential information
to a relative. Both the CAE and staff auditor are CIAs. Although the auditor did not benefit from
the transaction, the relative used the information to make a significant profit. The most appropriate
way for the CAE to deal with this problem is to:
c. Take no action since the auditor did not benefit from the transaction.
d. Inform the IIA’s Board of Directors and take the personnel action required by company
policy.
234. During the course of an audit, an auditor discovers that a clerk is embezzling company funds.
Although this is the first embezzlement ever encountered and the organization has a security
department, the auditor decides to personally interrogate the suspect. If the auditor is violating the
IIA’s Code of Ethics, the rule violated is most likely:
235. The chief audit executive (CAE) of a company is aware of a material inventory shortage
caused by internal control deficiencies at one manufacturing plant. The shortage and related causes
are of sufficient magnitude to impact the external auditor's report. Based on the IIA’s Code of
Ethics, identify the CAE’s most appropriate course of action:
a. Say nothing; guard against interfering with the independence of the external auditors.
b. Discuss the issue with management and take appropriate action to ensure that the external
auditors are informed.
c. Inform the external auditors of the possibility of a shortage but allow them to make an
independent assessment of the amount.
d. Report the shortages to the board of directors and allow them to report it to the external
auditor.
236. Which of the following statements is not appropriate to include in a manufacturer's conflict of
interest policy? An employee shall not:
237. A firm's Code of Ethics contains the following statement: “Employees shall not accept gifts or
gratuities over $50 in value from persons or firms with whom our organization does business.”
This provision is designed to prevent:
238. A Code of Conduct was developed several years ago and distributed by a large financial
institution to all its officers and employees. Identify the best audit approach to provide the audit
committee with the highest level of comfort about the Code of Conduct:
a. Fully evaluate the comprehensiveness of the Code and compliance therewith, and report
the results to the audit committee.
b. Fully evaluate company practices for compliance with the code and report to the audit
committee.
c. Review employee activities for compliance with provisions of the code and report to the
audit committee.
d. Perform tests on various employee transactions to detect potential violations of the code of
conduct.
240. The best reason for establishing a Code of Conduct within an organization is that such codes:
A company with a whistle blowing hotline has received an anonymous tip that three senior
internal auditors are in violation of the IIA Code of Ethics. The company has adopted the IIA Code
as a part of the corporate ethical code. Among the allegations against the auditors were the
following:
1. Auditor 1 has a part-time job outside of office hours as a visiting professor at a local
community college.
3. Auditor 1 told his next-door neighbor to start looking for a new job because an audit of the
executive office indicated that the neighbor's division was going to be closed down in about six
months.
7. Auditor 2 shared audit techniques with auditors from another company while attending a
professional meeting.
8. A buyer accepted a kickback of $500 to give bid amounts to a supplier to enable that
supplier to bid the contract. Auditor 2 omitted this information from the audit report since the
contract amount was not material to the financial statements.
9. Auditor 3 received royalties from a publisher for authoring a professional book on internal
auditing.
10. Auditor 3 has a part-time job as a real estate broker, and his real estate firm recently
received a commission from the employer company.
11. Auditor 3 received an item of value from a fellow employee in the same company whose
department has never been audited and whose department is not scheduled to be audited in the
foreseeable future.
12. Auditor 3 did not include in an audit report that the bottlenecks in a shipping department
were caused by the absence of the supervisor. The supervisor was the auditor's friend and neighbor
who had a hospitalized child requiring him to miss work off and on for several weeks.
241. How many of the allegations about Auditor 1 represent violations of the IIA’s Code of Ethics?
a. None.
b. One.
c. Two.
d. Three.
242. How many of the allegations about Auditor 2 represent violations of the IIA’s Code of Ethics?
a. One.
b. Two.
c. Three.
d. Four.
243. How many of the allegations about Auditor 3 represent violations of the IIA’s Code of Ethics?
a. One.
b. Two.
c. Three.
d. Four.