CIA Exam Question Bank - Part 1
Questions 1 - 100
1. Which of the following is not true with
regard to the internal audit charter?
a. It defines the authorities and responsibilities for the
internal audit activity.
b. It specifies the minimum resources needed for the internal
audit activity.
c. It provides a basis for evaluating the internal audit activity.
d. It should be approved by senior management and the board.
b. Correct. The internal audit manual and annual audit plan help
in determining the resource requirements.
2. The function of internal auditing, as
related to internal financial reports, would be to
a. Ensure compliance with reporting procedures.
b. Review the expenditure items and match each item with the
expenses incurred.
c. Determine if there are any employees expending funds without
authorization.
d. Identify inadequate controls that increase the likelihood of
unauthorized expenditures.
d. Correct. Internal auditors are responsible for identifying
inadequate controls, for appraising managerial
effectiveness, and the pinpointing common risks.
3. The status of the internal audit activity
should be free from the effects of irresponsible policy changes by management.
The most effective way to assure that freedom is to
a. Have the internal audit charter approved by the board.
b. Adopt policies for the functioning of the internal audit
activity.
c. Establish an audit committee as a subcommittee of the board.
d. Develop written policies and procedures to serve as standards
of performance for the internal audit
activity.
a. Correct. The purpose, authority, and responsibility of the
IAA should be formally defined in the charter, which is approved by management
and the board.
4. As part of a company-sponsored award
program, an internal auditor was offered an award of significant monetary value
by a division in recognition of the cost savings that resulted from the
auditor's recommendations. According to the International Professional
Practices Framework (IPPF), what is the most appropriate action for the auditor
to take?
a. Accept the gift since the engagement is already concluded and
the report issued.
b. Accept the award under the condition that any proceeds go to
charity.
c. Inform audit management and ask for direction on whether to
accept the gift.
d. Decline the gift and advise the division manager's superior.
c. Correct. Even though the gift is of significant value, since
it is part of a company-sponsored program, it might be acceptable for the
internal auditor to accept the gift; however, in these cases, it is recommended
for the internal auditor to first confirm the acceptance with the CAE.
5. If a department's operating standards are
vague and thus subject to interpretation, an auditor should
a. Seek agreement with the departmental manager as to the criteria
needed to measure operating performance.
b. Determine best practices in the area and use them as the
standard.
c. Interpret the standards in their strictest sense because
standards are otherwise only minimum measures of acceptance.
d. Omit any comments on standards and the department's performance
in relationship to those standards, because such an analysis would be inappropriate.
a. Correct. Based on Implementation Standard 2210.A3, if control
criteria are inadequate, then internal auditors must work with management to
develop appropriate evaluation criteria.
6. In which of the following would an internal
auditor potentially lack objectivity?
a. The internal auditor reviews the procedures for a new
electronic data interchange (EDI) connection to a major customer before it is implemented.
b. A former purchasing assistant performs a review of the internal
controls over purchasing four months after being transferred to the internal audit activity (IAA).
c. An internal auditor recommends standards of control and
performance measures for a contract with a service organization for a processing
of payroll and employee benefits.
d. A payroll accounting employee assists an internal auditor in
verifying the physical inventory of small motors.
b. Correct. According to the Standards, persons transferred to
the internal audit activity (IAA) should
not be assigned to audit those activities they previously
performed until a reasonable period of time
(at least one year) has elapsed.
7. Which of the following would not be
considered a stated purpose of the IIA (as listed in the organization’s
articles of incorporation)?
a. To cultivate, promote, and disseminate knowledge and
information concerning internal auditing and subjects related to internal auditing.
b. To establish and maintain high standards of integrity, honor,
and character among internal auditors.
c. To publish the technical journal, The Internal Auditor.
d. To promote social intercourse among the IIA’s members.
c. Correct. According to the articles of incorporation, the
objectives of The IIA are: (1) to cultivate, promote, and disseminate knowledge
and information concerning internal auditing and subjects related to internal
auditing; (2) to establish and maintain high standards of integrity, honor, and
character among internal auditors; (3) to promote social intercourse among its
members; (4) to furnish information regarding internal auditing and the practice
and methods thereof to its members, to other persons interested therein, and to
the general public, and (5) to cause the publication of articles related to
internal auditing and practices and methods thereof; and others (review all of
the stated objectives). Publishing the technical journal, The Internal Auditor,
is a method to promote the professionalism of internal auditing, but it is not
a specific stated purpose.
8. An auditor’s objectivity could be compromised
in all of the following situations except
a. A conflict of interest.
b. Auditee familiarity with auditor due to lack of rotation in
assignment.
c. Auditor assumption of operational duties on a temporary basis.
d. Reliance on outside expert opinion when appropriate.
d. Correct. It is highly likely that an auditor at some time
will have to rely on the opinion of an
outside expert.
9. An auditor, nearly finished with an
engagement, discovers that the director of marketing has a gambling habit. The
gambling issue is not directly related to the existing engagement and there is pressure
to complete the current engagement. The auditor notes the problem and forwards
the information to the chief audit executive but performs no further follow-up.
The auditor's actions would
a. Be in violation of the IIA Code of Ethics for withholding
meaningful information.
b. Be in violation of the Standards because the auditor did not
properly follow up on a red flag that might indicate the existence of fraud.
c. Not be in violation of either the IIA Code of Ethics or
Standards.
d. Both a and b.
c. Correct. There is no violation of either the Code of Ethics
or the Standards.
10. Independence is most likely impaired by an
internal auditor’s
a. Continuation on an engagement at a division for which (s)he
will soon be responsible as the result of a
promotion.
b. Reduction of the scope of an engagement due to budget
restrictions.
c. Participation on a task force that recommends standards for
control of a new distribution system.
d. Review of a purchasing agent’s contract drafts prior to their
execution.
a. Correct. When the IAA or individual internal auditor is
responsible for, or management is
considering assigning, an operation that it might audit, the
internal auditor’s independence and
objectivity may be impaired.
11. One of the purposes of the Standards for the International
Professional Practice of Internal Auditing as
stated in the Introduction to the current version of the Standards
is to
a. Encourage the professionalization of internal auditing.
b. Establish the independence of the internal audit activity and
emphasize the objectivity of internal
auditing.
c. Encourage external auditors to make more extensive use of the
work of internal auditors.
d. Establish the basis for evaluating internal auditing
performance.
d. Correct. According to the IIA, the Standards are intended to:
(1) State basic principles for the
practice of internal auditing; (2) Provide a framework for
performing and promoting value added
internal audit activities; (3) Establish the basis for evaluating
internal auditing performance; and (4)
Improve organizational processes and operations.
12. The Standards require that the chief audit executive (CAE)
seek the approval of management and the
board of a formal, written internal audit charter. The purpose of
the internal audit charter is to
a. Protect the internal auditing activity from outside influence.
b. Establish the purpose, authority, and responsibility of the
internal auditing activity.
c. Define the internal auditor’s relationship with the external
auditor.
d. Define the role of the chief audit executive as a member of the
audit committee.
b. Correct. The purpose, authority and responsibility of the IAA
must be formally defined in the
charter.
13. The best means for the internal auditing activity (IAA) to
determine whether its goal of implementing
broader audit coverage of functional activities has been met is
through
a. Accumulation of audit findings by auditable area.
b. Comparison of the audit plan to actual audit activity.
c. Surveys of management satisfaction with the internal audit activity.
d. Implementation of a quality assurance and improvement program.
d. Correct. Implementing a quality assurance and improvement
program (QAIP) can assist the CAE in
determining whether the IAA’s audit coverage goals are being met.
The QAIP evaluates and
analyzes the effectiveness and efficiency of IAA operations, which
has to do with understanding
whether stated IAA goals and objectives are being achieved.
14. Quality program assessments may be performed internally or
externally. A distinguishing feature of an
external assessment is its objective to
a. Provide independent assurance.
b. Set forth the recommendations for improvement.
c. Determine whether internal auditing services meet professional
standards.
d. Identify tasks that can be performed better.
a. Correct. External assessments of an IAA should appraise and
express an opinion as to the IAA’s
compliance with the Standards for the International Professional
Practice of Internal Auditing and,
as appropriate, should include recommendations for improvement.
External assessment should be
conducted at least once every five years (PA 1312-1).
15. During an engagement to evaluate the organization’s accounts
payable function, an internal auditor
plans to confirm balances with suppliers. What is the source of
authority for such contacts with units
outside the organization?
a. Internal audit activity policies and procedures.
b. The Standards.
c. The Code of Ethics.
d. The internal audit activity’s charter.
d. Correct. The purpose, authority and responsibility of the
internal audit activity should be defined in
the charter. The charter should establish the internal audit
activity’s position within the
organization; authorize access to records, personnel, and physical
properties relevant to the
performance of engagements; and define the scope of internal audit
activities (PA 1000-1).
16. External assessment of an internal audit activity is not
likely to evaluate
a. The tools and techniques employed by the internal audit
activity.
b. Detailed cost-benefit analysis of the internal audit activity.
c. Compliance with the Standards for the International
Professional Practice of Internal Auditing.
d. Adherence to the internal audit activity’s charter.
b. Correct. The external assessment should consist of a broad
scope of coverage that includes: (1)
Conformance with the Definition of Internal Auditing, Standards,
The Code of Ethics and the internal
audit activity’s charter, plans, policies, procedures, practices,
and applicable legislative and
regulatory requirements; (2) the expectations of the IAA expressed
by the board, executive
management and operational managers; (3) the integration of the
IAA into the organization’s
governance process, including the relationships between and among
the key groups involved in the
process; (4) tools and techniques employed by the IAA; (5) the mix
of knowledge, experience, and
disciplines within the staff, including staff focus on process
improvement; and (6) the determination
as to whether or not the IAA adds value and improves the
organization’s operations (PA 1312-
1.10). A detailed cost-benefit analysis of the IAA would not be
part of the external assessment.
17. During an internal audit, the internal auditor should exercise
due professional care. Due professional
care means that the internal auditor should consider
I. The extent of work needed to achieve the engagement’s
objectives.
II. The relative complexity and materiality to which assurance
procedures are applied.
III. The probability of significant errors, irregularities, or
noncompliance.
IV. The engagement procedures necessary to ensure that all
significant risks have been identified.
a. I and II only.
b. I, II and IV only.
c. I, II, III and IV.
d. I, II and III only.
d. Correct. Only items I, II and III are correct. The internal
auditor can only provide reasonable
assurance that significant risks will be identified, not a
guarantee.
18. Internal auditors need have an understanding with respect to
which discipline?
a. Internal auditing procedures and techniques.
b. Accounting principles and techniques.
c. Management principles.
d. Marketing techniques.
c. Correct. The internal auditor needs to have an understanding of
management principles.
19. If a department outside of the internal audit activity (IAA)
is responsible for reviewing a function or
process, the internal auditor should
a. Consider the work of the other department when assessing the
function or process.
b. Ignore the work of the other department and proceed with an
independent audit.
c. Reduce the scope of the audit since the work has already been
performed by the other department.
d. Yield the responsibility for assessing the function or process
to the other department.
a. Correct. Review and testing of the other department’s
procedures may reduce necessary audit
coverage of the function or process.
20. Independence from outside pressure is an important factor for
the internal audit activity (IAA) to work
freely and objectively. Which of the following contributes to the
internal auditor’s independence?
a. Management should assist the IAA by reviewing, revising and
forwarding engagement communications
to the audit committee.
b. The IAA reports directly to the audit committee, without
corroborating engagement communications
with management.
c. Ideally, the IAA functionally reports to the audit committee
but reports to the chief operating officer on
all engagements relating to operations.
d. The accuracy of the engagement communications should be
verified with management, and the IAA
should then report to management and the audit committee.
CIA Part 1 Mock Exam
5
d. Correct. Internal auditors should first discuss conclusions and
recommendations with management
so management is able to verify the accuracy of the engagement
communications. Final
engagement communications would then be sent to the audit
committee.
21. The Standards require that internal auditors possess which of
the following skills?
I. Internal auditors should understand human relations and be
skilled in dealing with people.
II. Internal auditors should be able to recognize and evaluate the
materiality and significance of deviations
from good business practices.
III. Internal auditors should be experts on subjects such as
economics, commercial law, taxation, finance,
and information technology.
IV. Internal auditors should be skilled in oral and written
communication.
a. I and II only.
b. I, II and III only.
c. I, II, III and IV.
d. I, II and IV only.
I. Correct. Internal auditors need to understand human relations
and be skilled in dealing with
people.
II. Correct. Internal auditors need to be able to understand what
constitutes materiality and
significance of deviations from good business practice.
IV. Correct. Internal auditors should be skilled in oral and
written communication.
22. You were appointed the chief audit executive (CAE) of an
organization one week ago. An engagement
client has come to you complaining vigorously that one of your
internal auditors is taking up an
excessive amount of the client’s time on an engagement that seems
to be lacking a clear purpose. In
handling this conflict with the client, you should consider
a. Promising the client that you will have the internal auditor
finish the work within 1 week.
b. Whether existing procedures within the internal audit activity
provide for proper planning and quality
assurance.
c. Presenting an immediate defense of the internal auditor based
upon currently known facts.
d. Discounting what is said, but documenting the complaint.
b. Correct. In this situation the CAE would have a responsibility
to review the existing procedures to
determine whether the IAA had provided for proper planning and
quality assurance. Not doing so
would jeopardize the authority of the CAE.
23. According to the Standards, the internal audit activity’s
goals should specify
a. Policies and procedures to guide the internal audit staff.
b. Engagement work schedules and activities to be reviewed.
c. Measurement criteria and target dates for completion.
d. Staffing plans and financial budgets.
c. Correct. The goals of the IAA should be capable of being
accomplished within specified operating
plans and budgets and, to the extent possible, should be
measurable. They should be accompanied
by measurement criteria and targeted dates of accomplishment.
24. Which of the following best describes an internal auditor’s
purpose in reviewing the organization’s
existing risk management, control and governance processes?
a. To help determine the nature, timing, and extent of tests
necessary to achieve engagement objectives.
b. To ensure that weaknesses in the internal control system are
corrected.
c. To provide reasonable assurance that the processes will enable
the organization’s objectives and goals
to be met efficiently and economically.
d. To determine whether the processes ensure that the accounting
records are correct and that financial
statements are fairly stated.
c. Correct. As described by the IIA, the internal auditors’
primary purpose in reviewing an
organization’s existing risk management, control, and governance
processes is to provide
reasonable assurance that these processes are functioning as
intended and will enable the
organization’s objectives and goals to be met.
25. Periodic external assessments of an internal audit activity's
quality assurance and improvement
program should be undertaken. On completion of such an assessment,
a formal report or other
communication should be issued expressing an opinion as to the
a. Adequacy of internal control.
b. Effectiveness of the internal auditing coverage.
c. Conformance with the internal audit activity's charter.
d. Internal audit activity's compliance with the Standards.
d. Correct. The external assessment should consist of a broad
scope of coverage that includes
conformance with the Definition of Internal Auditing; the Code of
Ethics; and the Standards (PA
1312-1.10).
26. During review of a construction contract, the chief audit
executive (CAE) suspects that a construction
company was given an unfair advantage in bidding on the contract.
After learning that the chief
executive officer (CEO) of the company is a member of the
construction company’s board of directors,
how should the CAE proceed?
a. Submit a draft report to senior management, excluding the CEO.
b. Contact the organization’s external auditors for assistance.
c. Obtain supporting documentation and present the finding to the
chairperson of the audit committee.
d. Immediately notify the board of directors.
c. Correct. A draft of the proposed report on fraud or conflict of
interest situations should be
submitted to the chairperson of the audit committee as a next step
in light of the CEO’s position in
the company.
27. Of the following activities, which ones are within the scope
of internal auditing?
I. To assess an operating department's effectiveness in achieving
stated organizational goals.
II. To safeguard assets.
III. To evaluate controls over compliance with laws and
regulations.
IV. To ascertain the extent to which objectives and goals have
been established.
a. I and III only.
b. I and IV only.
c. I, III and IV only.
d. I, II and IV only.
I. Correct. Internal auditing should assess an operating
department’s effectiveness in achieving its
stated goals.
III. Correct. Internal auditors should evaluate controls over
compliance with laws and regulations.
IV. Correct. Internal auditors should ascertain the extent to
which objectives and goals have been
established.
28. Which of the following represents the best governance
structure?
Executive Management Board and Audit Committee Internal Auditing
a. Responsibility for risk Oversight role Advisory role
b. Oversight role Responsibility for risk Advisory role
c. Responsibility for risk Advisory role Oversight role
d. Oversight role Advisory role Responsibility for risk
a. Correct. Executive management is responsible for risk
management, board and audit committee
provide an oversight function and internal auditor serve in the
capacity of oversight and advisory
roles.
29. Assessments of the performance of the organization’s external
auditors should
a. Be carried out only when the external auditor is appointed.
b. Not include any participation by the internal audit activity.
c. Include the internal audit activity only when the external
auditor is appointed.
d. Include the internal audit activity at the time of the
appointment and regularly thereafter.
d. Correct. Management and the board might request the IAA to
participate in the performance of the
external auditor, and this may include assessment of the external
auditor’s independence. In
addition, this assessment should be carried out at least annually.
30. A new chief audit executive (CAE) for a major retail company
is questioning the audit activity’s
extensive use of store compliance testing, stating that the
approach is not responsive to materiality
concepts. Which of the following statements are valid in response
to the CAE’s claims?
I. Materiality is not based only on the size of individual stores;
it is also based on the control structure
that affects the whole organization.
II. Any deviation from a prescribed control procedure is, by
definition, material.
III. The only way to ensure that a material amount of the
company’s control structure is reviewed is to
comprehensively audit all stores.
a. I only.
b. III only.
c. I and II only.
d. I, II and III.
I. Correct. Materiality is defined by the potential impact of an
item on the organization and is not
limited to items that can be assessed only in qualitative terms.
31. Which of the following is the best means of aiding an internal
audit activity (IAA) in determining
whether its goals are being met?
a. Having external auditors review and evaluate the work of the
internal audit activity.
b. Having the board periodically review the quality of the
internal audit activity's work.
c. Developing measurement criteria to accompany its goals.
d. Scheduling an external assessment every 3 years.
c. Correct. The goals of the IAA should be capable of being
accomplished within specified operating
plans and budgets and, to the extent possible, should be
measurable. They should be accompanied
by measurement criteria and targeted dates of accomplishment.
32. The interpretation related to quality assurance given by the
Standards is that
a. The IAA is primarily measured against the Institute's Code of
Ethics.
b. External assessments can provide senior management and the
board with independent assurance about
the quality of the IAA.
c. Continual supervision is limited to the planning, examination,
evaluation, communication, and follow-up
process.
d. Appropriate follow-up to an external assessment is the
responsibility of the chief audit executive's
immediate supervisor.
b. Correct. External assessments of an internal audit activity
appraise and express an opinion as to
the IAA’s compliance with the Standards of the Professional
Practice of Internal Auditing and, as
appropriate, should include recommendations for improvement.
33. The consultative approach to internal auditing emphasizes
a. Participation with engagement clients to improve methods.
b. Imposition of corrective measures.
c. Fraud investigation.
d. Implementation of policies and procedures.
a. Correct. Consultation with the engagement client helps to
facilitate good relations. This is
important since the engagement client will be more likely to
accept recommendations.
34. As part of the process to improve internal auditor-engagement
client relations, it is very important to
deal with how the internal audit activity is perceived. Certain
types of attitudes in the work performed
will help create these perceptions. From a management perspective,
which attitude is likely to be the
most conducive to a positive perception?
a. Interrogatory.
b. Investigative.
c. Consultative.
d. Objective.
c. Correct. A consultative attitude leads to two-way
communication.
35. Procedures describing how the supervisory review of staff
auditors will be accomplished should be fully
documented so that the internal audit activity will
a. Have a basis for promotions, pay raises, or disciplinary
actions, if required.
b. Have substantiation of its quality program.
c. Comply with the Standards.
d. Have a consistent framework for evaluating staff performance.
d. Correct. The IAA's quality program should provide reasonable
assurance that the internal auditing
work conforms to the Standards, the Code of Ethics, the IAA's
charter, and other applicable
standards
36. An internal auditor often faces special problems when
performing an engagement at a foreign
subsidiary. Which of the following statements is true with respect
to the conduct of internal
international engagements?
a. The IIA Standards do apply outside the United States.
b. The internal auditor should determine whether managers are in
compliance with local laws.
c. There may be justification for having different organizational
policies in force in foreign branches.
d. All of the above are true.
d. All of the above are true.
37. The CAE of a fast growing software company wanted to promote
the value added capabilities of internal
auditing within the company. In order to achieve this goal the CAE
instituted several initiatives. Which
of the following initiatives would be considered appropriate?
I. The CAE promised that before the release of the final report,
the auditor would review the findings with
the client manager.
II. The CAE also promised that if the client manager disagreed
with the conclusions of the report, the final
report would contain the client manager’s disagreements.
III. The CAE promised the client manager that if control
deficiencies were in fact found, internal auditing
has the capability to take care of the deficiencies.
a. I only
b. II and III only
c. I and II only
d. I, II and III
I. Correct. Internal auditing should review findings with the
client before release of the final report.
II. Correct. If the client disagrees with the conclusion of the
report then the final report should contain
any and all disagreements the client manager may have with the
report.
38. During an engagement to evaluate the organization’s accounts
payable function, an internal auditor
plans to confirm balances with suppliers. What is the source of
authority for such contracts with units
outside the organization?
a. The internal audit activity policies and procedures.
b. The Standards.
c. The Code of Ethics.
d. The internal audit activity’s charter.
d. Correct. The charter is what gives the IAA the authority to
confirm balances with suppliers
39. Internal auditors must distinguish carefully between a scope
limitation and other limitations. Which of
the following is not considered a scope limitation?
a. The divisional manager of an engagement client has indicated
that the division is in the process of
converting a major computer system and has indicated that the
information systems portion of the
planned engagement will have to be postponed until next year.
b. The board reviews the engagement work schedule for the year and
deletes an engagement that the
CAE thought was important to conduct.
c. The engagement client has indicated that certain customers
cannot be contacted because the
organization is in the process of negotiating a long-term contract
with the customers and do not want
to upset the customers.
d. None of the answers are correct.
b. Correct. The board has the right to delete an engagement from
the annual IAA work schedule.
Therefore, this is not considered to be a scope limitation.
40. Which of the following combinations best illustrates a scope
limitation and the appropriate response by
the CAE?
Nature of limitation Internal audit action
a. Engagement client limits scope based upon
proprietary information.
Report only to the controller
b. Engagement client will not provide access to
records needed for approved work schedule.
Report to the board.
c. Engagement client requests that the engagement
be delayed for 2 weeks to allow it to close its
books.
Report directly to the CEO and controller.
d. Engagement client will not allow internal auditor
to contact major customers as part of an
engagement to evaluate the efficiency of
operations.
No reporting is required because the
operational engagement concerns operational
efficiency.
b. Correct. This is the best combination. If the internal auditor
does not have access to records then
this fact needs to be reported to the board.
41. Your organization has selected you to develop an IAA. Your
approach will most likely be to hire
a. Internal auditors each of whom possesses all the skills
required to handle all engagements.
b. Inexperienced personnel and train them the way the organization
wants them trained.
c. Degreed accountants because most internal audit work is
accounting related.
d. Internal auditors who collectively have the knowledge and
skills needed to perform the responsibilities
of the IAA.
d. Correct. Collectively, the IAA should have necessary skills,
knowledge and experience to carry out
its activities. The IAA may use both internal and external
resources that are qualified in such
disciplines as accounting, tax, engineering, law, environmental,
and IT.
42. The consultative approach to internal auditing emphasizes
a. Imposition of corrective measures.
b. Participation with engagement clients to improve methods.
c. Fraud investigation.
d. Implementation of policies and procedures.
b. Correct. Internal auditors need to maintain a satisfactory
relationship with engagement clients. In
order to enhance this relationship, it is good policy to involve
the client on all engagements.
Developing a positive relationship produces a more favorable
environment for the engagement
effort.
43. An internal auditor issues a final report which had to do with
evaluating the client’s procedures for
increasing the diversity of the organization’s work force. In this
regard, the internal auditor made
several recommendations for changes in hiring and retaining
practices. Regarding due professional
care, the internal auditor would conduct a follow up to ensure
which of the following actions by the
client?
a. To ascertain whether the client has carried out the internal
auditor’s recommendations.
b. To ascertain whether the organization is in line with the
organization’s diversity policies.
c. To ascertain whether the client has considered the audit
findings and has taken action to improve
diversity within the organization.
d. All of the following are true.
c. Correct. Exercise due professional care includes following up
to see that the client has taken
appropriate action. This does not mean that the client has to
implement every recommendation
submitted by the auditor but it is expected that the client
would/should consider the
recommendations.
44. Which of the following persons might be considered when conducting
a periodic external review of the
internal auditing activity (IAA) in an organization’s regional
office?
I. An auditor from headquarters.
II. An internal audit “peer” from another organization’s IAA.
III. A tax consultant who has no audit experience but will review
only technical matters related to tax
audits.
IV. An external chartered accountant with internal auditing
experience who has been an external auditor of
the organization’s external financial reports.
a. I and II only.
b. II and III only.
c. I, II, III and IV.
d. I, II and IV only.
I. Correct. An auditor from the company’s headquarters could be
part of the external review of an
organization’s regional office’s IAA.
II. Correct. An internal audit “peer” from another organization’s
IAA could be part of the external
review of an organization’s regional office’s IAA.
IV. Correct. A chartered accountant with internal auditing
experience and who had been an external
auditor of the organization’s external financial reports could be
part of the external review of an
organization’s regional office’s IAA.
45. The IIA Standards require internal auditors to have the
knowledge, skills and disciplines essential to
performing an audit. Which of the following is true considering
the level of knowledge or skill required
by the Standards? Internal auditors must
I. Be proficient in the application of auditing standards and
procedures to specific situations without
extensive recourse to technical research and assistance.
II. Be proficient in accounting principles when auditing the
financial records and reports of the
organization.
III. Be proficient in applying knowledge of accounting and computerized
information systems to specific or
potential problems.
a. I only.
b. I and II only.
c. II and III only.
d. I, II and III.
I. Correct. Internal auditors have to be proficient in applying
the Standards.
II. Correct. Internal auditors must be proficient in accounting
principles if auditing an organization’s
financial statements.
46. A CIA, working as the purchasing director, signs a contract to
procure a large order from the supplier
with the best price, quality, and performance. Shortly after
signing the contract, the supplier presents
the CIA with a gift of significant monetary value. Which of the
following statements regarding the
acceptance of the gift is correct?
a. Acceptance of the gift would be prohibited only if it were
non-customary.
b. Acceptance of the gift would violate the IIA Code of Ethics and
would be prohibited from a CIA.
c. Since the CIA is not acting as an internal auditor, acceptance
of the gift would be governed only by the
organization’s code of conduct.
d. Since the contract was signed before the gift was offered,
acceptance of the gift would not violate either
the IIA Code of Ethics or the organization’s code of conduct.
b. Correct. As long as the individual has the CIA designation,
then he or she should be guided by the
profession’s Code of Ethics in addition to the organization’s code
of conduct. Rule of conduct 2.2
precludes such gifts because it could be presumed to have
influenced the individual’s decision.
47. A review of an organization’s code of conduct revealed that it
contained comprehensive guidelines
designed to inspire high levels of ethical behavior. The review
also revealed that employees were
knowledgeable of its provisions. However, some employees still did
not comply with the code. What
element should a code of conduct contain to enhance its effectiveness?
a. Periodic review and acknowledgment by all employees.
b. Employee involvement in its development.
c. Public knowledge of its contents and purpose.
d. Provisions for disciplinary action in the event of violations.
d. Correct. Provisions for disciplinary action in the event of
violations would be the most affect
method to deter employees from conducting misconduct.
48. Which of the following statements is not appropriate to
include in a manufacturer’s conflict of interest
policy? An employee shall not
a. Accept money, gifts, or services from a customer.
b. Participate (directly or indirectly) in the management of a
public agency.
c. Borrow from or lend money to vendors.
d. Use organizational information for private purposes.
b. Correct. A person has the right to participate in the
management of a public agency (a government
agency). Thus, it would not be included in a manufacture’s
conflict of interest policy.
49. An internal auditor, during the course of evaluating the
policies & procedures for capitalizing fixed
assets, uncovered some information that indicated that management
had capitalized some general
maintenance costs that should have been expensed. The amount is
considered to be material. If the
internal auditor failed to disclose this information to senior
management or the Audit Committee, the
internal auditor would be in violation of which rule of conduct?
a. Integrity.
b. Objectivity.
c. Confidentiality.
d. Competence.
b. Correct. The internal auditor would be in violation of the
objectivity rule of conduct. According to
rule 2.3, internal auditors shall disclose all material facts
known to them, that if not disclosed, may
distort the reporting of activities under review. In this case,
capitalizing general maintenance cost
would distort the financial statements.
50. Which of the following concurrent occupations could appear to
subvert the ethical behavior of an
internal auditor?
a. Internal auditor and a well-known charitable organization’s
local in-house chairperson.
b. Internal auditor and part-time business insurance broker.
c. Internal auditor and adjunct faculty member of a local business
college that educates potential
employees.
d. Internal auditor and landlord of multiple housing that publicly
advertise for tenants in a local
community newspaper listing monthly rental fees.
b. Correct. According to the Code, an “Internal auditor shall not
participate in any activity or
relationship that may impair or be presumed to impair their
unbiased assessment.” Thus, an
internal auditor and part-time business broker would be considered
to be incompatible.
51. Which of the following is not implied by the definition of
control?
a. Measurement of progress toward goals.
b. Uncovering of deviations from plans.
c. Assignment of responsibility for deviations.
d. Indication of the need for corrective action.
c. Correct. The basic process of control is to set objectives,
measure performance and take corrective
action is deficiencies are found. Assigning responsibility is not
part of the controlling function.
52. Which of the following different types of controls is often
difficult to evaluate because it may lack
established criteria or standards?
a. Operating controls.
b. Financial controls.
c. Directive controls.
d. Preventive controls.
a. Correct. Operating controls are those applicable to production
and support activities. In some
cases, an operating activity, like customer service, or security,
is difficult to measure because there
is no set control standard.
53. Which of the following operating controls relate to the
organizing function?
a. Formal procedures for selecting potential suppliers.
b. Procedures providing for clear levels of purchase order
approvals based on the value of the requisition.
c. Written objectives and goals for the department.
d. Timely materials reporting to buyers.
b. Correct. Organizing is the intentional design and structuring
of tasks and roles to accomplish
organizational goals. An organizational arrangement whereby
purchases of greater value require
authorization at higher management levels is an example of an
organizational control.
54. Controls should be designed to ensure that
a. Operations are performed efficiently.
b. Management’s plans have not been circumvented by worker
collusion.
c. The IAA’s guidance and oversight of management’s performance is
accomplished economically and
efficiently.
d. Management’s planning, organizing, and directing processes are
properly evaluated.
a. Correct. The purpose of the control process is to support
people of the organization in the
management of risks and the achievement of its established and
communicated objectives. Control
processes are expected to ensure that operations are performed
efficiently and achieve established
objectives (PA 2130).
55. Enterprise risk management
a. Guarantees achievement of organizational objectives.
b. Requires establishment of risk and control activities by
internal auditors.
c. Involves the identification of events with negative impacts on
organizational objectives.
d. Includes selection of the best risk response for the
organization.
c. Correct. ERM is a process affected by entity’s board,
management, and other personnel, applied in
strategy setting and across the enterprise, designed to identify
potential events that may affect the
entity and manage risk to be within its risk appetite, to provide
reasonable assurance regarding the
achievement of objectives.
56. Requests for purchases beyond those initially budgeted must be
approved by the marketing manager.
This procedure
I. Should provide for the most efficient allocation of scarce
organizational resources.
II. Is a detective control procedure.
III. Is unnecessary because each product manager is evaluated on
profits generated.
a. I only.
b. III only.
c. II and III only.
d. I, II, III.
I. Correct. The marketing manager is high enough in the
organization to coordinate this allocation.
57. Which of the following control procedures does an internal
auditor expect to find during an engagement
to evaluate risk management and insurance?
a. Periodic internal review of the in-force list to evaluate the
adequacy of insurance coverage.
b. Required approval of all new insurance policies by the
organization’s CEO.
c. Policy of repetitive standard journal entries to record
insurance expense.
d. Cutoff procedures with regard to insurance expense reporting.
a. Correct. Periodically reviewing the adequacy of the insurance
policy is a risk assessment function.
Insurance coverage should be sufficient to ensure that the
relevant assessed risks are managed in
accordance with the entity’s risk appetite.
58. Management can best strengthen internal control over the
custody of inventory stored in an off-site
warehouse by implementing
a. Reconciliations of transfer slips to/from the warehouse in
inventory records.
b. Increases in insurance coverage.
c. Regular reconciliation of physical inventories to accounting
records.
d. Regular confirmation of the amount on hand with the custodian
of the warehouse.
c. Correct. The best control would be to reconcile inventory on
hand at the off-site warehouse with
the company’s accounting records. Discrepancies would be
investigated.
59. Which of the following describes a control weakness?
a. Purchasing procedures are well designed and are followed unless
otherwise directed by the purchasing
director.
b. Prenumbered blank purchase orders are secured within the
purchasing department.
c. Normal operational purchases fall in the range from US $500 to
US $1,000 with two signatures required
for purchases over US $1,000.
d. The purchasing agent invests in a publicly traded mutual fund
that lists the stock of one of the
organization’s suppliers in its portfolio.
a. Correct. Management override of controls is considered to be a
control weakness.
60. An internal auditor is conducting an audit of the use of
corporate credit cards. Which of the following
are major audit concerns regarding the use of credit cards?
I. Segregation of duties is insufficient.
II. The purchasing function is impaired.
III. Cards may be used for personal benefit.
IV. The company is required to make one large payment instead of
many small ones.
a. I and III only.
b. II and IV only.
c. III only.
d. I, II, III, and IV.
I. Correct. Cardholders effectively approve and execute purchasing
transactions. Therefore, there is a
lack of segregation of duties.
III. Correct. In the absence of effective monitoring, cards could
easily be used for personal benefit.
61. Which of the following are true concerning responsibility for
maintaining a sound system of internal
control?
I. The board of directors are responsible for the company’s system
of internal control.
II. The role of management is to implement board policies on risk
and control.
III. All employees have some responsibility for internal control
as part of their accountability for achieving
objectives.
IV. Internal auditing has the primary responsibility to establish
and maintain the internal control system.
a. I and II only.
b. I, II and III only.
c. II, III and IV only.
d. I, II, III and IV.
I. Correct. The board is ultimately responsible for the company’s
system of internal control.
II. Correct. The board delegates authority and responsibility to
management to implement board
policies on risk and control.
III. Correct. All employees do have some responsibly to make sure
that controls are operating as they
should.
62. A control likely to prevent purchasing agents from favoring
specific suppliers is
a. Requiring management's review of a monthly report of the totals
spent by each buyer.
b. Requiring buyers to adhere to detailed material specifications.
c. Rotating buyer assignments periodically.
d. Monitoring the number of orders placed by each buyer.
c. Correct. Periodic rotation of buyer assignments will limit the
opportunity for any buyer to show
favoritism to a particular supplier.
63. The results of an audit of cash controls indicated that the
bookkeeper signed expense checks and
reconciled the checking account. If the cash account
reconciliations were current and no cash shortages
were found, an internal auditor should conclude that the system of
internal controls over
a. Recording of cash receipts is adequate.
b. Accounting for cash is inadequate.
c. Reconciliations of the cash account are adequate.
d. Physical safeguards of cash are adequate.
b. Correct. The bookkeeper should not sign the checks and
reconcile the checking account. These
functions should be segregated. Therefore, the accounting for cash
is inadequate.
64. Which of the following exemplifies an inherent limitation of
internal control?
a. A controller makes and records cash deposits.
b. A security guard allows a warehouse employee to remove company
property from the premises without
authorization.
c. The company sells to customers on credit without proper credit
approval.
d. An employee who is unable to read is assigned custody of the
company’s tape library and run manuals.
CIA Part 1 Mock Exam
14
b. Correct. This is an example of collusion, where the security
guard let the employee steal company
property. Collusion is an inherent limitation of internal control
because no matter how tight controls
are, if two or more people get together to circumvent the control,
controls aren’t going to work.
65. Which of the following controls would help an organization
from ordering quantities in excess of the
organization's needs?
I. User department supervisor reviews all purchase requisitions
prior to submitting them to the purchasing
department.
II. Automatic reorder by the purchasing department when low
inventory is indicated by the system.
III. A policy requiring the accounts payable department to match
the receiving report with the vendor’s
invoice.
a. I only.
b. I and II only.
c. I and III only.
d. I, II and III.
I. Correct. Supervisory review at the originating department level
is one means of control over the
number of items ordered.
66. The receiving department maintains a purchase orders file.
Purchase orders are kept in the file until
goods are received. The main purpose of this control function is
meant to ensure that
a. Received goods are released to the appropriate department in a
timely manner.
b. Only approved shipments are accepted.
c. Goods are accurately counted upon receipt.
d. Goods are not stolen or lost after receipt.
b. Correct. A shipment should be rejected if it is not documented
by a purchase order in the open file.
67. The cash receipts function should be separated from the
related record-keeping function in an
organization to
a. Physically safeguard the cash receipts.
b. Establish accountability when cash is first received.
c. Prevent paying cash disbursements from cash receipts.
d. Minimize undetected misappropriations of cash receipts.
a. Correct. The purpose of separating the functions is to prevent
theft of the cash receipts.
68. Which of the following is an example of an effectiveness
measure?
a. The rate of absenteeism.
b. The goal of becoming a leading manufacturer.
c. The number of insurance claims processed per day.
d. The rate of customer complaints.
b. Correct. Effectiveness has to do with meeting goals.
69. Budgets are generally classified as both planning documents
and control devices. An important
difference between the budget planning information needed and the
budget control information needed
is that planning information is more
a. Likely to be generated using external data.
b. Detailed.
c. Likely to be quantifiable.
d. Likely to be more accurate.
a. Correct. Because planning is impacted more strongly by the
organization's environment, the
planning information is more likely to be generated using external
data.
70. Appropriate internal control for a multinational corporation's
branch office that has a monetary transfer
unit requires that
a. The individual who initiates wire transfers not reconcile the
bank statement.
b. The branch manager receives all wire transfers.
c. Foreign currency rates are computed separately by two different
employees.
d. Corporate management approves the hiring of monetary transfer
unit employees.
a. Correct. Independent reconciliation of bank accounts is
necessary for good internal control.
71. The following are steps in a typical control process.
1) Select the times or points at which to collect information
about the activities that are being
measured and controlled.
2) Set the standards.
3) Observe the process, or collect the samples.
4) Report any significant deviations or problems.
5) Review and revise the standards.
6) Record the information that was collected.
7) Implement whatever corrections to the system or processes are
necessary.
8) Evaluate if the performance is satisfactory.
What is the correct order of these steps?
a. 2, 1, 6, 3, 8, 7, 4, 5.
b. 1, 2, 3, 6, 5, 7, 8, 4.
c. 2, 1, 3, 6, 8, 4, 7, 5.
d. 1, 3, 2, 6, 7, 5, 8, 4.
The correct order is:
1. Set the standards.
2. Select the times or points.
3. Observe the process.
4. Record the information.
5. Compare and measure the results against the standard.
6. Evaluate if performance is satisfactory.
7. Report any significant deviations.
8. Implement whatever corrections are necessary.
9. Follow-up to see if the corrections are effective.
10. Review and revise the standards.
72. A warehouse employee of a retail company was able to conceal
the theft of items of inventory by
entering adjustments to the computer-based perpetual inventory
records indicating that the items had
been damaged or lost. The control that would have prevented the
adjustments from being recorded is
a. Including a check digit in the inventory part number.
b. Requiring separate authorization for input of adjustment
transactions.
c. Including a parity check on the inventory part number.
d. Providing an edit check for the validity of the inventory part
number.
b. Correct. All adjusting transactions have to have proper
segregation of duties. This means that the
warehouse employee having custody of inventory should not have
authority to initiate or process
entries to the inventory records.
73. Which of the following internal control procedures would
minimize the misuse of corporate credit cards?
a. Establishing a restrictive policy regarding the issuance of the
cards.
b. Reviewing the continued need for each card periodically.
c. Reconciling the company's monthly credit card statements with
cardholder charge slips.
d. Subjecting credit card charges to the same controls applied to
other expenses.
d. Correct. Credit card expenses should be subjected to the same
controls used in processing similar
expense reports for currency. In this way, per diems and
authorization limits would be reviewed.
Use the following information to answer questions 74 and 75.
The following information applies to an organization’s project.
The numbers in the table are the expected
times (in days) to perform each activity in the project.
Activity Time (days)
Immediate
Predecessor
AB 6 None
AC 5 None
BE 6 AB
CD 2 AC
CE 5 AC
DF 6 CD
EF 2 CE
74. The expected time to complete the project is
a. 13 days.
b. 11 days.
c. 14 days.
d. 18 days.
75. The process of adding resources to shorten selected activity
times on the critical path in project
scheduling is called
a. Crashing.
b. The Delphi technique.
c. ABC analysis.
d. A branch-and-bound solution.
76. A bank is designing an on-the-job training program for its
branch managers. The bank would like to
design the program so that participants can complete it as quickly
as possible. The training program
requires that certain activities be completed before others. For
example, a participant cannot make
credit loan decisions without first having obtained experience in
the loan department. An appropriate
scheduling technique for this training program is
a. PERT/CPM.
b. Linear programming.
c. Queuing theory.
d. Sensitivity analysis.
a. Correct. PERT/CPM is a network technique for scheduling
interrelated time series activities and
identifying any critical paths in the series of activities. The
critical path is the longest path through
the network.
77. A Gantt chart
a. Shows the critical path for a project.
b. Is used for determining an optimal product mix.
c. Shows only the activities along the critical path of a network.
d. Does not necessarily show the critical path through a network.
d. Correct. A Gantt or bar chart is sometimes used in conjunction
with PERT or CPM to show the
progress of a special project. Time is shown on the horizontal
axis, the length of a bar equals the
length of an activity, and shading indicates the degree of
completion. However, the Gantt chart is
not as sophisticated as PERT or CPM in that it does not reflect
the relationships among the activities
or define a critical path.
78. Customer checks are received on a daily basis. What controls
should be in place to safeguard against
theft of the checks.
a. Establishing a separate post office box for customer payments.
b. Forwarding all checks to the cashier upon receipt.
c. Requiring a specific mail clerk to list and endorse each check.
d. Providing bonding protection for mail clerks.
c. Correct. Requiring an authorized mail clerk to list and endorse
each check is the strongest control
procedure.
79. Which of the following activities performed by a payroll clerk
is a control weakness rather than a control
strength?
a. Has custody of check signature stamp machine.
b. Prepares the payroll register.
c. Forwards the payroll register to the chief accountant for
approval.
d. Draws the paychecks on a separate payroll checking account.
a. Correct. In this case there is a segregation of duties issue.
The payroll clerk should not have
custody of the check signature stamp.
80. Which of the following observations made during a preliminary
survey of a local department store’s
disbursement cycle reflects a control strength?
a. Individual department managers use prenumbered forms to order
merchandize from vendors.
b. The receiving department is given a copy of the purchase order
complete with a description of goods,
quantity ordered, and extended price for all merchandize ordered.
c. The treasurer prepares checks/EFT for suppliers based on
vouchers prepared by the accounts payable
department.
d. Individual department managers are responsible for the movement
of merchandize from the receiving
dock to storage or sales areas as appropriate.
c. Correct. This is control strength. The treasure should prepare
checks/EFT based on vouchers
prepared by the accounts payable department.
81. Which of the following situations would cause an internal
auditor to question the adequacy of controls
over a purchasing function?
a. The original and one copy of the purchase order are mailed to
the vendor. The copy on which the
vendor acknowledges acceptance is returned to the purchasing
department.
b. Receiving reports are forwarded to purchasing where they are
matched with the purchase orders and
send to accounts payable.
c. The accounts payable section prepares documentation for
payments.
d. Unpaid voucher files and perpetual inventory records are
independently maintained.
b. Correct. This is a control weakness. The receiving reports are
forwarded to accounts payable
department, where they are matched the purchase order.
82. Which of the following are elements of the control environment
as described by COSO’s internal control
framework?
a. Commitment to competence, strategic planning, and management
philosophy.
b. Integrity and ethical values, assigning authority, and
maintaining backup facilities.
c. Risk assessment, monitoring, and organizational structure.
d. Management’s philosophy, organizational structure, and
commitment to competence.
CIA Part 1 Mock Exam
18
d. Correct. The control environment includes the attitude and
actions of the board and management
regarding the significance of control within the organization.
According to COSO, the control
environment includes the following seven elements:
• Integrity and ethical values.
• Commitment to competence.
• Human resource policies and practices.
• Assigning authority and responsibility.
• Management’s philosophy and operating style.
• Board of directors or audit committee.
• Organizational structure.
83. Which of the following best describes an auditor's
responsibility after noting some indicators of fraud?
a. Expand activities to determine whether an investigation is
warranted.
b. Report the possibility of fraud to top management and ask how
to proceed.
c. Consult with external legal counsel to determine the course of
action to be taken.
d. Report the matter to the audit committee and request funding
for outside specialists to help investigate
the possible fraud.
The following information is for questions 84 and 85.
The manager of a production line has the authority to order and
receive replacement parts for all machinery
that require periodic maintenance. The internal auditor received
an anonymous tip that the manager ordered
substantially more parts than were necessary from a family member
in the parts supply business. The
unneeded parts were never delivered. Instead, the manager
processed receiving documents and charged the
parts to machinery maintenance accounts. The payments for the
undelivered parts were sent to the supplier,
and the money was divided between the manager and the family
member.
a. Correct. If an internal auditor notes that there is a
possibility of fraud, then the internal auditor
needs to expand activities to determine whether an investigation
is warranted.
84. Which of the following internal controls would have most
likely prevented this fraud from occurring?
a. Establishing predefined spending levels for all vendors during
the bidding process.
b. Segregating the receiving function from the authorization of
parts purchases.
c. Comparing the bill of lading for replacement parts to the
approved purchase order.
d. Using the company’s inventory system to match quantities
requested with quantities received.
b. Correct. Additional authorization would be the most likely
choice in preventing the fraud.
85. Which of the following tests would best assist the auditor in
deciding whether to investigate this
anonymous tip further?
a. Comparison of the current quarter’s maintenance expense with
prior-period activity.
b. Physical inventory testing of replacement parts for existence
and valuation.
c. Analysis of repair parts charged to maintenance to review the
reasonableness of the number of items
replaced.
d. Review of a test sample of parts invoices for proper
authorization and receipt.
c. Correct. An analysis of repair parts charged to maintenance
would quantify the excessive number
of items and detect that abuse may be occurring.
86. Which of the following fraudulent entries is most likely to be
made to conceal the theft of an asset?
a. Debit expenses, and credit the asset.
b. Debit the asset, and credit another asset account.
c. Debit revenue, and credit the asset.
d. Debit another asset account, and credit the asset.
a. Correct. Most fraud perpetrators would attempt to conceal their
theft by charging it against an
expense account.
87. Which of the following would not be considered a condition
that indicates a higher likelihood of fraud?
a. Management has delegated the authority to make purchases under
a certain dollar limit to
subordinates.
b. An individual has held the same cash-handling job for an
extended period without any rotation of
duties.
c. An individual handling marketable securities is responsible for
making the purchases, recording the
purchases, and reporting any discrepancies and gains/losses to
senior management.
d. The assignment of responsibility and accountability in the
accounts receivable department is not clear.
a. Correct. This is an acceptable control procedure, which is
aimed at limiting risk while promoting
efficiency. It is not, by itself, considered a condition that
indicates a higher likelihood of fraud (a red
flag).
88. Which of the following statements is(are) true regarding the
prevention of fraud?
I. The primary means of preventing fraud is through internal
control established and maintained by
management.
II. Internal auditors are responsible for assisting in the
prevention of fraud by examining and evaluating
the adequacy of the internal control system.
III. Internal auditors should assess the operating effectiveness
of fraud-related communication systems.
a. I only.
b. II only.
c. I and II only.
d. I, II and III.
I. Correct. Fraud is best prevented when management establishes
and maintains strong internal
controls.
II. Correct. Internal auditors are responsible for assisting
management in the prevention and
detection of fraud.
III. Correct. Internal auditors should assess the operating
effectiveness of fraud related communication
systems.
89. Internal auditors are more likely to detect fraud by
developing and strengthening their ability to
a. Recognize and question changes that occur in organizations.
b. Interrogate fraud perpetrators to discover why fraud was
committed.
c. Develop internal controls to prevent the occurrence of fraud.
d. Document computerized operating system programs.
a. Correct. The responsibility of internal auditors for detecting
fraud include having sufficient
knowledge of fraud to be able to identify indicators that fraud
may have been committed. Fraud
may be indicated by negative organizational changes; thus,
recognizing and questioning changes
can help in the detection of fraud.
90. Which of the following best describes a preliminary survey?
a. A standardized questionnaire used to obtain an understanding of
management objectives.
b. A statistical sample of key employee attitudes, skills, and
knowledge.
c. A “walk-through” of the financial control system to identify
risks and the controls that can address
those risks.
d. A process used to become familiar with activities and risks in
order to identify areas for engagement
emphasis.
d. Correct. A preliminary survey is used to become familiar with
the activities, risks and controls; to
identify areas for engagement emphasis; and to invite comments and
suggestions from
engagement clients (PA 2210.A1-1.3). A preliminary survey might
include the use of standard
questionnaires, statistical sampling, and a walk-through.
91. During a preliminary survey of the accounts receivable
function, an internal auditor discovered a
potentially major control deficiency while preparing a flowchart.
What immediate action should the
internal auditor take regarding the weakness?
a. Perform sufficient testing to determine its cause and effect.
b. Report it to the level of management responsible for corrective
action.
c. Schedule a separate engagement to evaluate that segment of the
accounts receivable function.
d. Highlight the weakness to ensure that procedures to test it are
included in the engagement work
program.
d. Correct. The internal auditor would highlight the weakness to
ensure that procedures to test it are
included in the engagement work program.
92. Which of the following would not aid in the effectiveness of
the preliminary survey?
a. Read all relevant background information.
b. Identify the risk implicit in the areas under review.
c. Identify people who could provide additional and needed information.
d. Review the adequacy and effectiveness of controls.
CIA Part 1 Mock Exam
20
d. Correct. Reviewing the adequacy and effectiveness of controls
is part of the fieldwork, which is
done after the planning stage.
93. Which of the following procedures is the least effective in
gathering information about the nature of the
processing and potential problems?
a. Interview supervisors in the claims department to find out more
about the procedures used, and the
rationale for the procedures, and obtain their observations about
the nature and efficiency of
processing.
b. Send an electronic mail message to all clerical personnel
detailing the alleged problems and request
them to respond.
c. Interview selected clerical employees in the claims department
to find out more about the procedures
used, and the rationale for the procedures, and obtain their
observations about the nature and
efficiency of processing.
d. Distribute a questionnaire to gain a greater understanding of
the responsibilities for claims processing
and the control procedures utilized.
b. Correct. Sending emails to clerical staff is the least
effective method of gathering information.
Emails are impersonal and the clerical staff might take offense to
the alleged inefficiencies. Thus,
the responses back might not be as truthful had another method
been used.
94. Many organizations use electronic funds transfer (EFT) to pay
their vendors instead of issuing a check.
Regarding the risks associated with issuing checks, which of the
following risk management techniques
does this represent?
a. Controlling.
b. Accepting.
c. Transferring.
d. Avoiding.
d. Correct. Risk responses include avoidance, acceptance, transferring
and reduction (TARA). By
eliminating checks, the organization avoids all risk associated
with them.
95. Risk appetite is the level of risk an organization is willing
to pursue or retain or take. Factors that could
influence an organization’s risk appetite might include
a. Viewpoints of the major stakeholders.
b. The complexity of the organization’s accounting system.
c. External factors, such as changing economic considerations,
changes in technology, changes in the
industry, etc.
d. All of the above.
d. Correct. The following are factors which could influence an
organization’s risk appetite, including:
• The viewpoints of the major stakeholders, including the views of
the company’s major shareholders,
bondholders, lenders, analyst and many others. Each stakeholder
might have a different opinion as
to how much risk a company should take on.
• Accounting factors, such as the volume of transactions, the
complexity of the accounting system,
changing rules and regulations.
• The opportunity for fraud to be committed.
• External factors, such as changing economic considerations,
changes in industry, changes in
technology, etc.
• Governmental restrictions.
• Entity-level factors, such as the quality and quantity of hired
personnel, quality for training courses,
changes in key personnel, etc.
96. In internal auditing sampling applications, there are four
types of errors that may occur. These four
errors are divided into two categories of risks. These risks
a. Result directly from the chance that the sample obtained by the
internal auditor is unrepresentative of
the population.
b. Can be decreased by using more reliable, albeit more expensive,
audit procedures.
c. Have a magnitude based only on the economic consequences of
incorrect sample-based conclusions.
d. Refer respectively to the risks that (1) internal controls will
fail, and (2) the resultant error will go
undetected.
a. Correct. Sampling risk is the risk that the sample will not be
representative of the population.
Alpha and Beta risk are types of risks inherent in the practice of
sampling. Alpha risk will cause the
auditor to do additional and unnecessary work in coming to the
correct conclusion. This makes the
audit less efficient. Beta risk will cause the auditor to come to
the wrong conclusion. This reduces
audit effectiveness.
97. An auditor is conducting a survey of perceptions and beliefs
of employees concerning an organization's
health-care plan. The best approach to selecting a sample would be
to
a. Focus on people who are likely to respond so that a larger sample
can be obtained.
b. Focus on managers and supervisors because they can also reflect
the opinions of the people in their
departments.
c. Use stratified sampling where the strata are defined by marital
and family status, age, and
salaried/hourly status.
d. Use monetary-unit sampling according to employee salaries.
c. Correct. Because different employees probably have different
situations, needs, and experiences,
stratified sampling would best ensure that a representative sample
would result.
The following information is for questions 98 and 99.
An internal auditor works for a car rental agency that operates a fleet
of 75,000 vehicles in 1,000 cities
throughout North America. As a part of an operational audit, the
auditor tested the impact of vehicle age on
the incidence of major repairs. A computer program showed that 20%
of the fleet has been in service for
more than 12 months. A sample of 375 is drawn based on:
• Confidence level = 95%
• Expected rate of occurrence = 10%
• Precision = ±3%
98. If 30 of the vehicles tested had received major repairs after
being in service for more than 12 months,
which is the sample rate of occurrence?
a. 8%.
b. 0.2%.
c. 2.5%
d. 20%.
a. Correct. The sample rate of occurrence is the proportion of
items in a population that has a certain
characteristic or attribute of interest. The sample rate of
occurrence is calculated by dividing the
number of items with major repairs by the sample population (30 ÷
375). Therefore, the rate of
occurrence is 8%.
99. Assuming that all other factors remain constant, how would
sample size and achieved precision be
affected by a change in confidence level from 95% to 99%?
a. Sample size would be smaller; achieved precision would be
larger.
b. Both sample size and achieved precision would be larger.
c. Both sample size and achieved precision would be smaller.
d. Sample size would be larger; achieved precision would be
smaller.
d. Correct. Because the confidence coefficient is a numerator,
increasing the confidence coefficient
from 95% up to 99% will make the numerator value larger, thereby,
sample size is larger. Also,
since sample size is a denominator when calculating precision, a
smaller precision would result from
using a larger sample.
100. An auditor applying a discovery-sampling plan with a 5% risk
of overreliance may conclude that there is
a. A 95% probability that the actual rate of occurrence in the
population is less than the critical rate if only
one exception is found.
b. A 95% probability that the actual rate of occurrence in the
population is less than the critical rate if no
exceptions are found.
c. A 95% probability that the actual rate of occurrence in the
population is less than the critical rate if the
occurrence rate in the sample is less than the critical rate.
d. Greater than a 95% probability that the actual rate of
occurrence in the population is less than the
critical rate if no exceptions are found.
b. Correct. Discovery sampling is when the auditor is looking for
that one critical error or irregularity.
If no exceptions are found, the correct conclusion is that the
occurrence rate is less than the critical
rate.
