IIA-ACCA ACCA CIA Challenge Exam Questions and Answers

1 and 3 only

2 and 4 only

1, 3, and 4 only

1, 2, 3, and 4

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

The exit conference provides only anticipated results for inclusion in the final audit communication.

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

1 and 2

1 and 3

2 and 4

3 and 4

Sufficiency.

Appropriateness.

Effective deployment.

Cost effectiveness.

Opportunity.

Rationalization.

Pressure.

Incentives.

Verify that approvals of purchasing documents comply with the authority matrix.

Observe whether the purchase orders are sequentially numbered.

Examine whether the sales department supervisor approves invoices for payment.

Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

All completed training costs, and the cost of actual production hours completed to date.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

All completed training costs, and 50% of the contracted production costs.

Testing controls where operating procedures vary.

Testing controls in decentralized offices.

Testing controls in high risk areas.

Testing controls in areas with high control failure rates.

Conduct a joint brainstorming session with management.

Ask the chief audit executive to mediate.

Disclose the client's differing opinion in the final report.

Escalate the issue to senior management for a decision.

Management disagrees with the report findings and conclusions in their responses.

Management has already satisfactorily completed the recommended corrective action.

Management has provided additional information that contradicts the findings.

Management believes that the finding is insignificant and unfairly included in the report.

Integrity.

Flexibility.

Initiative.

Curiosity.

Manage and coordinate risk management processes.

Audit risk management processes.

Become involved in risk oversight committees, monitoring activities, and status reporting.

Accept management's responsibility for risk management without board approval.

Independently evaluating conflicts of interests.

Assessing contracts for relevant terms and conditions.

Performing statistical analysis for data anomalies.

Preparing evidentiary documentation.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

Compare employee addresses to vendor addresses to identify potential employee fraud.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Were audit findings relevant and useful to management?

Does the audit report format present issues clearly and concisely?

Does the IAA work with a high degree of professionalism and objectivity?

Were the findings reported in a timely manner?

All assurance engagement observations should be communicated to the audit committee.

All assurance engagement observations should be included in the main section of the engagement communication.

During the "communicate" phase of an assurance engagement, it is best to define the methods and timing of engagement communications.

A detailed escalation process should be developed during the planning stage of an assurance engagement.

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

1 only

1 and 2 only

1 and 3 only

1, 2, 3, and 4

Awareness of prior incidents of fraud.

Contractor non-disclosure agreements.

Verification of currency exchange rates.

Receipts for employee expenses.

The accounts payable supervisor, accounts payable manager, and controller.

The accounts payable manager, purchasing manager, and receiving manager.

The accounts payable supervisor, controller, and treasurer.

The accounts payable manager, chief financial officer, and audit committee.

The review should focus on the efficiency of the controls in place to prevent fraud.

The scope of the review does not need to include all operating areas of the organization.

The cost of the control should be compared to the benefit of mitigating the related risk.

The review should assess whether the internal controls can be circumvented.

Strategic plans reflect the organization's business objectives and overall attitude toward risk.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

Strategic plans are likely to show areas of weak financial controls.

The strategic plan is a relatively stable document on which to base audit planning.

Option A

Option B

Option C

Option D

The need and availability of automated support.

The potential impact of key risks.

The expected outcomes and deliverables.

The operational and geographic boundaries.

The organization's audit universe is extensive and diverse.

There has been an increase in unanticipated requests for advisory work.

Previous work provided by the external service provider has been of great quality and value.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

Align organizational activities to internal audit activities and measure according to the approved IAA performance measures.

Establish a periodic review of monitoring and reporting processes to help ensure relevant IAA reporting.

Use the results of IAA engagement and advisory reporting to guide current and future internal audit activities.

Establish a format and frequency for IAA reporting that is appropriate and aligns with the organization's governance structure.

Report follow-up activities to senior management.

Implement follow-up procedures to evaluate residual risk.

Determine the costs of implementing the recommendations.

Evaluate the extent of improvements.

1 and 2

1 and 3

2 and 4

3 and 4

A monitoring process.

A risk assessment process.

A strategic objective-setting process.

An information and communication process.

Requesting a private meeting with senior management, without the presence of the chief audit executive.

Intervening during an audit involving ethical wrongdoing.

Discussing periodic reports of ethical breaches.

Authorizing an investigation of an unsafe product.

Control activities.

Information and communication.

Commitment.

Control environment.

Risk identification.

Risk appetite.

Risk capacity.

Risk tolerance.

An auditor conveys public information about an organization's financial condition.

An auditor reports a manager's illegal activity to senior management, rather than reporting the incident to the appropriate external authority.

An auditor receives allegations of fraud from a whistleblower and immediately reports the allegations to senior management.

An auditor reports material deficiencies, despite the fact that management is already aware of the defects.

1 and 2 only.

2 and 3.

3 and 4.

1,2, and 4.

Senior management.

Internal audit activity.

All employees.

Board of directors.

An operations audit of the accounts payable department.

A consulting engagement related to a new accounts payable optimization initiative.

A review of the employees' sports club finances, which are overseen by the chief audit executive.

An assurance review for a sales program on which she previously provided consultation.

The chief audit executive (CAE) approves the annual internal audit plan.

The CAE administratively reports to the board.

The audit committee approves the CAE's annual salary increase.

The chief executive officer approves the internal audit charter.

1 and 2.

1 and 3.

2 and 3.

3 and 4.

Conduct anti-fraud training.

Perform background investigations.

Implement process controls.

Activate a whistleblower hotline.

An internal auditor should express an opinion only when consensus with top management has been achieved.

An internal auditor's opinion should be based on experience and free of all bias.

An internal auditor's opinion should be based on factual evidence.

An internal auditor's opinion should be limited to the effectiveness of internal controls.

Definition of Internal Auditing.

MA Standards.

Internal audit charter.

The IIA's Code of Ethics.

The amount of risk that an organization is willing to seek or accept.

The extent and degree of interdependency for identified key risks.

The boundaries established to manage the amount of risk taken.

The exposure to risks following management's risk responses.

Fraud open on the books.

Fraud hidden on the books.

Fraud off the books.

Fraud on the balance sheet.

Replace the auditor with another audit staff member.

Continue with the present auditor, as more than one year has passed.

Withdraw the audit team and outsource the financial audit of the division.

Work with the division's management to resolve the situation.

Internal auditors shall perform their work with honesty, diligence, and responsibility.

Internal auditors shall perform their work in accordance with the Standards.

Internal auditors shall perform their work in accordance with the law and make disclosures expected by the law.

Internal auditors shall be prudent in the use of information acquired while performing their work.

Internal auditors should take a leading role in investigating all fraud-related cases.

Internal auditors must have sufficient knowledge to evaluate the risk of fraud.

Internal auditors should report all fraud cases to law enforcement agents, in accordance with the Code of Ethics.

Internal auditors are responsible for ensuring that fraud does not occur.

The sample to be representative of the population.

The sample to be selected haphazardly.

A smaller sample size than if selected using statistical sampling.

Projecting the results to the population.

1 only.

4 only.

2 and 4.

3 and 4.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity has addressed all areas of nonconformance and the audit committee has been notified.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.

Indicate that the internal audit activity operates in partial conformance with the Standards, as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.

Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to all parties who received the original reports.

Management sells the product division to a competitor.

Management outsources the product division to a third party.

Management allows the product division to remain unchanged.

Management modifies the product division to minimize errors.

The practice of surprise audits and the implementation of an employee support program.

Hiring an employee with a prior fraud conviction and yearly management review.

Occasional accounting department overrides and discontinuation of the anonymous fraud hotline due to infrequent use.

A veteran employee in upper management experiencing financial difficulties and recently implemented enhanced controls.

The chief audit executive (CAE) should review all work performed by the auditor during her temporary assignment to ensure no impairments.

The CAE may conduct audits in the purchasing department during the auditor's temporary assignment.

The auditor should obtain the CAE's approval as to the nature and scope of the duties she is permitted to perform during her temporary assignment.

Any work performed by the auditor during her temporary assignment must conform to the internal audit charter.

An internal auditor reports both functionally and administratively to the chief financial officer (CFO).

An internal auditor, who was an accounts receivable intern for the organization three years prior, performs an audit of the accounts receivable cycle.

According to policy, the internal auditor must obtain approval from the CFO prior to requesting information for internal audit purposes.

An internal auditor performs an audit in a department that is led by the auditor's close friend.

Pressure or incentive.

Opportunity.

Rationalization.

Commitment.

The external assessment results are reported upon completion in confidence directly to the board, and senior management is advised only of the recommendations and improvement action plans.

The results of self-assessments with independent external validation are shared with the board upon completion, and monitoring of recommended improvements must be reported monthly.

The external assessment results are communicated upon completion to senior management and the board, but action plans for recommended improvements do not have to be reported.

The requirements for reporting quality assessment results are the same for external assessments and self-assessments with independent external validation.

Exiting a marketplace.

Recalling a product.

Obtaining product insurance.

Outsourcing production.

Observation of the facility during operations.

Questioning of facility management, including the facility safety officer.

Analysis of facility operating reports, focusing on instances when breakdowns occurred.

Review of records involving safety violations, filed by facility production employees.

Residual.

Net.

Inherent.

Accepted.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

1 and 2 only

2 and 3 only

1, 2, and 3 only

1, 2, 3, and 4

Lower annual unit sales.

Higher fixed inventory ordering costs.

Higher annual carrying costs as a percentage of inventory value.

A higher purchase price per unit of inventory.

Program design, system requirements, software design, analysis, coding, testing, operations.

System requirements, software design, analysis, program design, testing, coding, operations.

System requirements, software design, analysis, program design, coding, testing, operations.

System requirements, analysis, coding, software design, program design, testing, operations.

Identifying the processes at the activity level.

Analyzing the organization's strategic plan where the business processes are defined.

Analyzing the organization's objectives and identifying the processes needed to achieve the objectives.

Identifying the risks affecting the organization, the objectives, and then the processes concerned.

Conduct periodic reviews of the privacy policy to ensure that the existing policy meets current legislation requirements in both regions.

Include a "right to audit" clause in the contract and impose detailed security obligations on the outsourced vendor

Implement mandatory privacy training for management to help with identifying privacy risks when outsourcing services

Develop an incident monitoring and response plan to track breaches from internal and external sources

A sense of achievement.

Promotion.

Recognition.

An incremental increase in salary.

Application input controls

Firewall controls.

Transmission encryption controls

Change management controls

Formulate contingency plans.

Conduct a risk analysis.

Create a crisis management team.

Practice the response to a crisis.

Businesses must pay a tax only if they make a profit.

The consumer ultimately bears the cost of the tax through higher prices.

Consumer savings are discouraged.

The amount of value added is the difference between an organization's sales and its cost of goods sold.

Ensuring that the other party has a personal stake in the agreement.

Focusing on interests rather than on obtaining a winning position.

Considering a few select choices during the settlement phase.

Basing the agreement on negotiating power and positioning leverage.

Submit batches of test transactions through the current system and verify with expected results.

Use a test program to simulate the normal data entering process.

Select a sample of records from the database and ensure it matches supporting documentation.

Evaluate compliance with the organization's change management process.

Access system security.

Policy development.

Change management.

Operations processes.

An internal auditor analyzed electricity production and sales interim reports and compiled a risk assessment.

An internal auditor extracted sales data to a spreadsheet and applied judgmental analysis for sampling.

An internal auditor classified solar panel sales by region and discovered unsuccessful sales representatives.

An internal auditor broke down a complex process into smaller pieces to make it more understandable.

The auditor eliminated duplicate information.

The auditor organized data to minimize useless information.

The auditor made data usable for a specific purpose by ensuring that anomalies were identified and corrected.

The auditor ensured data fields were consistent and that data could be used for a specific purpose.

Specific guidance must be followed when interacting with nongovernmental organizations.

Disclosure laws tend to be consistent from one jurisdiction to another.

There are several internationally recognized standards for dealing with financial donors.

Legal representation should be consulted before releasing internal audit information to other assurance providers.

Marketing.

Finance.

Production.

Diversification.

Conform with all other parts of The IIA's Standards and provide appropriate disclosures.

Conform with all other parts of The IIA's Standards; there is no need to provide appropriate disclosures.

Continue the engagement without conforming with the other parts of The IIA's Standards.

Withdraw from the engagement.

It uses the same products in all countries.

It centralizes control with little decision-making authority given to the local level.

It is an effective strategy when large differences exist between countries.

It provides cost advantages, improves coordinated activities, and speeds product development.

Cost of raw material inventory items is decreasing.

Process to manufacture goods is more efficient.

Labor productivity to produce goods is increasing.

Write-off of inventory is increasing.

To ensure that adequate controls exist to prevent any significant business interruptions.

To identify and address potential security weaknesses within the system.

To ensure that tests contribute to improvement of the program.

To ensure that deficiencies identified by the audit are promptly addressed.

Program versions are synchronized across the network.

Emergency move procedures are documented and followed.

Appropriate users are involved in program change testing.

Movement from the test library to the production library is controlled.

Determine the optimal amount of resources for the organization to invest in CSR.

Align CSR program objectives with the organization's strategic plan.

Integrate CSR activities into the organization's decision-making process.

Determine whether the organization has an appropriate policy governing its CSR activities.

All personal information, by definition is considered to be sensitive, requiring specialized controls.

Information is not considered personal if it can only be linked to or used to identify an individual indirectly.

Individuals who provide personal information to organizations share in the risk of inappropriate disclosure.

Good protection controls remove any restrictions on the quantity of personal information that can be collected

Improved integrity of programs and processing.

Enhanced ongoing maintenance of the system.

Greater accuracy of the testing phase.

Reduced need for unexpected software changes.

1 and 3 only

1 and 4 only

2 and 3 only

2 and 4 only

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters.

Orders, commands and advice are sent to the subsidiaries from headquarters.

People of local nationality are developed for the best positions within their own country

There is a significant amount of collaboration between headquarters and subsidiaries.

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only