If a bank’s activities are categorized under such departments as community banking, institutional banking, and agricultural banking, what kind of departmentalization is being utilized?
- A . Product departmentalization.
- B . Process departmentalization.
- C . Functional departmentalization.
- D . Customer departmentalization.
What must be monitored in order to manage risk of consumer product inventory obsolescence?
1) Inventory balances.
2) Market share forecasts.
3) Sales returns.
4) Sales trends.
- A . 1 only
- B . 4 only
- C . 1 and 4 only
- D . 1, 2, and 3 only
Maintenance cost at a hospital was observed to increase as activity level increased.
The following data was gathered:
Activity Level –
Maintenance Cost
Month
Patient Days
January
5,600
$7,900
February
7,100
$8,500
March
5,000
$7,400
April
6,500
$8,200
May
7,300
$9,100
June
8,000
$9,800
If the cost of maintenance is expressed in an equation, what is the independent variable for this data?
- A . Fixed cost.
- B . Variable cost.
- C . Total maintenance cost.
- D . Patient days.
An internal auditor is reviewing physical and environmental controls for an IT organization .
Which control activity should not be part of this review?
- A . Develop and test the organization’s disaster recovery plan.
- B . Install and test fire detection and suppression equipment.
- C . Restrict access to tangible IT resources.
- D . Ensure that at least one developer has access to both systems and operations.
Preferred stock is less risky for investors than is common stock because:
- A . Common stock pays dividends as a stated percentage of face value.
- B . Common stock has priority over preferred stock with regard to earnings and assets.
- C . Preferred dividends are usually cumulative.
- D . Preferred stock with no conversion feature has a higher dividend yield than does convertible preferred stock.
Which of the following are appropriate reasons for internal auditors to document processes as part of an audit engagement?
1) To determine areas of primary concern.
2) To establish a standard format for process mapping.
3) To define areas of responsibility within the organization.
4) To assess the performance of employees.
- A . 1 and 2 only
- B . 1 and 3 only
- C . 2 and 3 only
- D . 2 and 4 only
An internal auditor is trying to assess control risk and the effectiveness of an organization’s internal controls .
Which of the following audit procedures would not provide assurance to the auditor on this matter?
- A . Interviewing the organization’s employees.
- B . Observing the organization’s operations.
- C . Reading the board’s minutes.
- D . Inspecting manuals and documents.
Which of the following statements is true regarding the relationship between an individual’s average tax rate and marginal tax rate?
- A . In a regressive personal tax system, an individual’s marginal tax rate is normally greater than his average tax rate.
- B . In a regressive personal tax system, an individual’s marginal tax rate is normally equal to his average tax rate.
- C . In a progressive personal tax system, an individual’s marginal tax rate is normally equal to his average tax rate.
- D . In a progressive personal tax system, an individual’s marginal tax rate is normally greater than his average tax rate.
Which of the following is always true regarding the use of encryption algorithms based on public key infrastructure (PKI)?
- A . PKI uses an independent administrator to manage the public key.
- B . The public key is authenticated against reliable third-party identification.
- C . PKI’s public accessibility allows it to be used readily for e-commerce.
- D . The private key uniquely authenticates each party to a transaction.
Presented below are partial year-end financial statement data (000 omitted from dollar amounts) for companies A and B:
If company A has a quick ratio of 2:1, then it has an accounts receivable balance of:
- A . $100
- B . $200
- C . $300
- D . $500
The market price is the most appropriate transfer price to be charged by one department to another in the same organization for a service provided when:
- A . There is an external market for that service.
- B . The selling department operates at 50 percent of its capacity.
- C . The purchasing department has more negotiating power than the selling department.
- D . There is no external market for that service.
Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users?
- A . Increasing complexity over time.
- B . Interface with corporate systems.
- C . Ability to meet user needs.
- D . Hidden data columns or worksheets.
Which stage of group development is characterized by a decrease in conflict and hostility among group members and an increase in cohesiveness?
- A . Forming stage.
- B . Norming stage.
- C . Performing stage.
- D . Storming stage.
Which of the following is a role of the board of directors in the governance process?
- A . Conduct periodic assessments of the organization’s governance systems.
- B . Obtain assurance concerning the effectiveness of the organization’s governance systems.
- C . Implement an effective system of internal controls to support the organization’s governance systems.
- D . Review and approve operational goals and objectives.
An internal auditor has been asked to conduct an investigation involving allegations of independent contractor fraud .
Which of the following controls would be least effective in detecting any potential fraudulent activity?
- A . Exception report identifying payment anomalies.
- B . Documented policy and procedures.
- C . Periodic account reconciliation of contractor charges.
- D . Monthly management review of all contractor activity.
An organization decided to install a motion detection system in its warehouse to protect against after-hours theft. According to the COSO enterprise risk management framework, which of the following best describes this risk management strategy?
- A . Avoidance.
- B . Reduction.
- C . Elimination.
- D . Sharing.
Which of the following are the most appropriate measures for evaluating the change in an organization’s liquidity position?
- A . Times interest earned, return on assets, and inventory turnover.
- B . Accounts receivable turnover, inventory turnover in days, and the current ratio.
- C . Accounts receivable turnover, return on assets, and the current ratio.
- D . Inventory turnover in days, the current ratio, and return on equity.
An organization is considering mirroring the customer data for one regional center at another center. A disadvantage of such an arrangement would be:
- A . Lack of awareness of the state of processing.
- B . Increased cost and complexity of network traffic.
- C . Interference of the mirrored data with the original source data.
- D . Confusion about where customer data are stored.
According to the COSO enterprise risk management (ERM) framework, which of the following is not a typical responsibility of the chief risk officer?
- A . Establishing risk category definitions and a common risk language for likelihood and impact measures.
- B . Defining ERM roles and responsibilities.
- C . Providing the board with an independent, objective risk perspective on financial reporting.
- D . Guiding integration of ERM with other management activities.
A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:
- A . Adequate segregation of duties between data processing controls and file security controls.
- B . Documented procedures for remote job entry and for local data file retention.
- C . Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.
- D . Established procedures to prevent and detect unauthorized changes to data files.
A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:
- A . Adequate segregation of duties between data processing controls and file security controls.
- B . Documented procedures for remote job entry and for local data file retention.
- C . Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.
- D . Established procedures to prevent and detect unauthorized changes to data files.
A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:
- A . Adequate segregation of duties between data processing controls and file security controls.
- B . Documented procedures for remote job entry and for local data file retention.
- C . Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.
- D . Established procedures to prevent and detect unauthorized changes to data files.
A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:
- A . Adequate segregation of duties between data processing controls and file security controls.
- B . Documented procedures for remote job entry and for local data file retention.
- C . Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.
- D . Established procedures to prevent and detect unauthorized changes to data files.
A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:
- A . Adequate segregation of duties between data processing controls and file security controls.
- B . Documented procedures for remote job entry and for local data file retention.
- C . Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.
- D . Established procedures to prevent and detect unauthorized changes to data files.
5
Based on this data, which of the following describes the value of Cost X in relation to the value of Output Produced?
- A . Cost X is a variable cost.
- B . Cost X is a fixed cost.
- C . Cost X is a semi-fixed cost.
- D . Cost X and the value of Output Produced are unrelated.
Which of the following engagement observations would provide the least motivation for management to amend or replace an existing cost accounting system?
- A . The distorted unit cost of a service is 50 percent lower than the true cost, while the true cost is 50 percent higher than the competition’s cost.
- B . The organization is losing $1,000,000 annually because it incorrectly outsourced an operation based on information from its current system.
- C . The cost of rework, hidden by the current system, is 50 percent of the total cost of all services.
- D . 50 percent of total organizational cost has been allocated on a volume basis.
Which of the following is the most likely reason an organization may decide to undertake a stock split?
- A . To keep stock price constant.
- B . To keep shareholders’ equity constant.
- C . To increase shareholders’ equity.
- D . To enhance the stock liquidity.
An organization facing rapid growth decides to employ a third party service provider to manage its customer relationship management function .
Which of the following is true regarding the supporting application software used by that provider compared to an in-house developed system?
1) Updating documentation is always a priority.
2) System availability is usually more reliable.
3) Data security risks are lower.
4) Overall system costs are lower.
- A . 1 and 2 only
- B . 1 and 3 only
- C . 2 and 4 only
- D . 3 and 4 only
A capital investment project will have a higher net present value, everything else being equal, if it has:
- A . A higher initial investment level.
- B . A higher discount rate.
- C . Cash inflows that are larger in the later years of the life of the project.
- D . Cash inflows that are larger in the earlier years of the life of the project.
Within an enterprise, IT governance relates to the:
1) Alignment between the enterprise’s IT long term plan and the organization’s objectives.
2) Organizational structures of the company that are designed to ensure that IT supports the organization’s strategies and objectives.
3) Operational plans established to support the IT strategies and objectives.
4) Role of the company’s leadership in ensuring IT supports the organization’s strategies and objectives.
- A . 1 and 2 only
- B . 3 and 4 only
- C . 1, 2, and 4 only
- D . 2, 3, and 4 only
Multinational organizations generally spend more time and effort to identify and evaluate:
- A . Internal strengths and weaknesses.
- B . Break-even points.
- C . External trends and events.
- D . Internal risk factors.
The economic order quantity for inventory is higher for an organization that has:
- A . Lower annual unit sales.
- B . Higher fixed inventory ordering costs.
- C . Higher annual carrying costs as a percentage of inventory value.
- D . A higher purchase price per unit of inventory.
Which of the following is an element of effective negotiating?
- A . Ensuring that the other party has a personal stake in the agreement.
- B . Focusing on interests rather than on obtaining a winning position.
- C . Considering a few select choices during the settlement phase.
- D . Basing the agreement on negotiating power and positioning leverage.
Which audit approach should be employed to test the accuracy of information housed in a database on an un-networked computer?
- A . Submit batches of test transactions through the current system and verify with expected results.
- B . Use a test program to simulate the normal data entering process.
- C . Select a sample of records from the database and ensure it matches supporting documentation.
- D . Evaluate compliance with the organization’s change management process.
According to the International Professional Practices Framework, which of the following statements is true regarding a corporate social responsibility (CSR) program?
1) Every employee generally has a responsibility for ensuring the success of CSR objectives.
2) The board has overall responsibility for the effectiveness of internal control processes associated with CSR.
3) Public reporting on the CSR governance process is expected.
4) Organizations generally have flexibility regarding what is included in a CSR program.
- A . 1, 2, and 3 only
- B . 1, 2, and 4 only
- C . 1, 3, and 4 only
- D . 2, 3, and 4 only
A software that translates hypertext markup language (HTML) documents and allows a user to view a remote web page is called:
- A . A transmission control protocol/Internet protocol (TCP/IP).
- B . An operating system.
- C . A web browser.
- D . A web server.
Which of the following is the most appropriate test to assess the privacy risks associated with an organization’s workstations?
- A . Penetration test.
- B . Social engineering test.
- C . Vulnerability test.
- D . Physical control test.
Which of the following is a disadvantage of selecting a commercial software package rather than developing an application internally?
- A . Lack of flexibility.
- B . Incompatibility with client/server technology.
- C . Employee resistance to change.
- D . Inadequate technical support.
Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?
1) The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2) The IAA must assess whether the IT governance of the organization supports the organization’s strategies and objectives.
3) The IAA may assess whether the IT governance of the organization supports the organization’s strategies and objectives.
4) The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organizationâ™s strategies and objectives.
- A . 1 only
- B . 4 only
- C . 2 and 4
- D . 3 and 4
Which of the following best describes a market signal?
- A . The bargaining power of buyers is forcing a drop in market prices.
- B . There is pressure from the competitor’s substitute products.
- C . Strategic analysis by the organization indicates feasibility of expanding to new market niches.
- D . The competitor announces a new warranty program.
Which of the following statements about COBIT is not true?
- A . COBIT helps management understand and manage the risks associated with information technology (IT) processes.
- B . Management needs to determine the cost-benefit ratio of adopting COBIT control objectives.
- C . COBIT control objectives are specific to various IT platforms and help determine minimum controls.
- D . COBIT provides management with the capability to conduct self-assessments against industry best practices.
During which phase of disaster recovery planning should an organization identify the business units, assets, and systems that are critical to continuing an acceptable level of operations?
- A . Scope and initiation phase.
- B . Business impact analysis.
- C . Plan development.
- D . Testing.
Which of the following conflict resolution methods should be applied when the intention of the parties is to solve the problem by clarifying differences and attaining everyone’s objectives?
- A . Accommodating.
- B . Compromising.
- C . Collaborating.
- D . Competing.
The economic order quantity can be calculated using the following formula:
Which of the following describes how the optimal order size will change if the annual demand increases by 36 percent?
- A . Decrease by about 17 percent.
- B . Decrease by about 7 percent.
- C . Increase by about 7 percent.
- D . Increase by about 17 percent.
Which of the following is true regarding an organization’s relationship with external stakeholders?
- A . Specific guidance must be followed when interacting with nongovernmental organizations.
- B . Disclosure laws tend to be consistent from one jurisdiction to another.
- C . There are several internationally recognized standards for dealing with financial donors.
- D . Legal representation should be consulted before releasing internal audit information to other assurance
According to the Standards, which of the following is based on the assertion that the quality of an organization’s risk management process should improve with time?
- A . Process element.
- B . Key principles.
- C . Maturity model.
- D . Assurance.
Which of the following local area network physical layouts is subject to the greatest risk of failure if one device fails?
- A . Star network.
- B . Bus network.
- C . Token ring network.
- D . Mesh network.
Which of the following statements is in accordance with COBIT?
1) Pervasive controls are general while detailed controls are specific.
2) Application controls are a subset of pervasive controls.
3) Implementation of software is a type of pervasive control.
4) Disaster recovery planning is a type of detailed control.
- A . 1 and 4 only
- B . 2 and 3 only
- C . 2, 3, and 4 only
- D . 1, 2, and 4 only
The percentage of sales method, rather than the percentage of receivables method, would be used to estimate uncollectible accounts if an organization seeks to:
- A . Use an aging schedule to more closely estimate uncollectible accounts.
- B . Eliminate the need for an allowance for doubtful accounts.
- C . Emphasize the accuracy of the net realizable value of the receivables on the balance sheet.
- D . Use a method that approximates the matching principle.
In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?
- A . It uses the same products in all countries.
- B . It centralizes control with little decision-making authority given to the local level.
- C . It is an effective strategy when large differences exist between countries.
- D . It provides cost advantages, improves coordinated activities, and speeds product development.
Which is the least effective form of risk management?
- A . Systems-based preventive control.
- B . People-based preventive control.
- C . Systems-based detective control.
- D . People-based detective control.
All of the following are possible explanations for a significant unfavorable material efficiency variance except:
- A . Cutbacks in preventive maintenance.
- B . An inadequately trained and supervised labor force.
- C . A large number of rush orders.
- D . Production of more units than planned for in the master budget.
Which of the following is useful for forecasting the required level of inventory?
1) Statistical modeling.
2) Information about seasonal variations in demand.
3) Knowledge of the behavior of different business cycles.
4) Pricing models linked to seasonal demand.
- A . 1 and 2 only
- B . 2 and 3 only
- C . 1, 2, and 3 only
- D . 1, 2, 3, and 4
Which of the following is useful for forecasting the required level of inventory?
1) Statistical modeling.
2) Information about seasonal variations in demand.
3) Knowledge of the behavior of different business cycles.
4) Pricing models linked to seasonal demand.
- A . 1 and 2 only
- B . 2 and 3 only
- C . 1, 2, and 3 only
- D . 1, 2, 3, and 4
Which of the following is useful for forecasting the required level of inventory?
1) Statistical modeling.
2) Information about seasonal variations in demand.
3) Knowledge of the behavior of different business cycles.
4) Pricing models linked to seasonal demand.
- A . 1 and 2 only
- B . 2 and 3 only
- C . 1, 2, and 3 only
- D . 1, 2, 3, and 4
Which of the following is useful for forecasting the required level of inventory?
1) Statistical modeling.
2) Information about seasonal variations in demand.
3) Knowledge of the behavior of different business cycles.
4) Pricing models linked to seasonal demand.
- A . 1 and 2 only
- B . 2 and 3 only
- C . 1, 2, and 3 only
- D . 1, 2, 3, and 4
Which of the following is useful for forecasting the required level of inventory?
1) Statistical modeling.
2) Information about seasonal variations in demand.
3) Knowledge of the behavior of different business cycles.
4) Pricing models linked to seasonal demand.
- A . 1 and 2 only
- B . 2 and 3 only
- C . 1, 2, and 3 only
- D . 1, 2, 3, and 4
They are helpful but limited in value in a rapidly changing environment.
- A . 1 and 2 only
- B . 1 and 4 only
- C . 2 and 3 only
- D . 3 and 4 only
Which of the following is not a common feature of cumulative preferred stock?
- A . Priority over common stock with regard to dilution of shares.
- B . Priority over common stock with regard to earnings.
- C . Priority over common stock with regard to dividend payment.
- D . Priority over common stock with regard to assets.
Which of the following borrowing options is an unsecured loan?
- A . Second-mortgage financing from a bank.
- B . An issue of commercial paper.
- C . Pledged accounts receivable.
- D . Asset-based financing.
What are the objectives of governance as defined by the Standards?
- A . Inform, direct, manage, and monitor.
- B . Identify, assess, manage, and control.
- C . Organize, assign, authorize, and implement.
- D . Add value, improve, assure, and conform.
Which of the following is a characteristic of an emerging industry?
- A . Established strategy of players.
- B . Low number of new firms.
- C . High unit costs.
- D . Technical expertise.
For an engineering department with a total quality management program, important elements of quality management include all of the following except:
- A . Basing performance evaluations on the number of projects completed.
- B . Comparing results with those of other engineering departments.
- C . Creating a quality council within the engineering department.
- D . Conducting post-project surveys on performance.
Organizational activities that complement each other and create a competitive advantage are called a:
- A . Merger.
- B . Strategic fit.
- C . Joint venture.
- D . Strategic goal.
Which of the following is a limiting factor for capacity expansion?
- A . Government pressure on organizations to increase or maintain employment.
- B . Production orientation of management.
- C . Lack of credible market leader in the industry.
- D . Company diversification.
Which of the following statements accurately describes one of the characteristics that distinguishes a multinational company from a domestic company?
- A . A multinational company has stockholders in other countries.
- B . A multinational company exports its products to other countries.
- C . A multinational company operates outside of its country of origin.
- D . A multinational company uses raw materials and components from more than one country.
Which of the following costs would be incurred in an inventory stockout?
- A . Lost sales, lost customers, and backorder.
- B . Lost sales, safety stock, and backorder.
- C . Lost customers, safety stock, and backorder.
- D . Lost sales, lost customers, and safety stock.
Which of the following is a key characteristic of a zero-based budget?
- A . A zero-based budget provides estimates of costs that would be incurred under different levels of activity.
- B . A zero-based budget maintains focus on the budgeting process.
- C . A zero-based budget is prepared each year and requires each item of expenditure to be justified.
- D . A zero-based budget uses input from lower-level and middle-level managers to formulate budget plans.
Which of the following is a type of network in which an organization permits specific users (such as existing customers) to have access to its internal network through the Internet by building a virtual private network?
- A . Intranet.
- B . Extranet.
- C . Digital subscriber line.
- D . Broadband.
Which of the following is not a barrier to effective communication?
- A . Filtering.
- B . Communication overload.
- C . Similar frames of reference.
- D . Lack of source credibility.
Which of the following does not provide operational assurance that a computer system is operating properly?
- A . Performing a system audit.
- B . Making system changes.
- C . Testing policy compliance.
- D . Conducting system monitoring.
According to IIA guidance, which of the following corporate social responsibility (CSR) activities is appropriate for the internal audit activity to perform?
- A . Determine the optimal amount of resources for the organization to invest in CSR.
- B . Align CSR program objectives with the organization’s strategic plan.
- C . Integrate CSR activities into the organization’s decision-making process.
- D . Determine whether the organization has an appropriate policy governing its CSR activities.
Which of the following statements about matrix organizations is false?
- A . In a matrix organization, conflict between functional and product managers may arise.
- B . In a matrix organization, staff under dual command is more likely to suffer stress at work.
- C . Matrix organizations offer the advantage of greater flexibility.
- D . Matrix organizations minimize costs and simplify communication.
A company’s financial balance sheet is presented below:
The company has net working capital of:
- A . $160
- B . $210
- C . $350
- D . $490
An organization produces two products, X and Y. The materials used for the production of both products are limited to 500 kilograms (kg) per month.
All other resources are unlimited and their costs are fixed. Individual product details are as follows:
Product X
Product Y
Selling price per unit
$10
$13
Materials per unit (at $1/kg)
2 kg
6 kg
Monthly demand
100 units
120 units
In order to maximize profit, how much of product Y should the organization produce each month?
- A . 50 units.
- B . 60 units.
- C . 100 units.
- D . 120 units.
Which of the following must be adjusted to index a progressive tax system to inflation?
- A . Tax deductions, exemptions, and tax filings.
- B . Tax deductions, exemptions, and tax brackets.
- C . Tax brackets, tax deductions, and tax payments.
- D . Tax brackets, exemptions, and nominal tax receipts.
Which of the following are appropriate functions for an IT steering committee?
1) Assess the technical adequacy of standards for systems design and programming.
2) Continually monitor of the adequacy and accuracy of software and hardware in use.
3) Assess the effects of new technology on the organization`s IT operations.
4) Provide broad oversight of implementation, training, and operation of new systems.
- A . 1, 2, and 3
- B . 1, 2, and 4
- C . 1, 3, and 4
- D . 2, 3, and 4
Import quotas that limit the quantities of goods that a domestic subsidiary can buy from its foreign parent company represent which type of barrier to the parent company?
- A . Political.
- B . Financial.
- C . Social.
- D . Tariff.
Which of the following statements is true regarding outsourced business processes?
- A . Outsourced business processes should not be considered in the internal audit universe because the controls are owned by the external service provider.
- B . Generally, independence is improved when the internal audit activity reviews outsourced business processes.
- C . The key controls of outsourced business processes typically are more difficult to audit because they are designed and managed externally.
- D . The system of internal controls may be better and more efficient when the business process is outsourced compared to internally sourced.
Which of the following is the best approach to overcome entry barriers into a new business?
- A . Offer a standard product that is targeted in the recognized market.
- B . Invest in commodity or commodity-like product businesses.
- C . Enter into a slow-growing market.
- D . Use an established distribution relationship.
Which of the following methods, if used in conjunction with electronic data interchange (EDI), will improve the organization’s cash management program, reduce transaction data input time and errors, and allow the organization to negotiate discounts with EDI vendors based on prompt payment?
- A . Electronic funds transfer.
- B . Knowledge-based systems.
- C . Biometrics.
- D . Standardized graphical user interface.
Refer to the exhibit.
The figure below shows the network diagram for the activities of a large project .
What is the shortest number of days in which the project can be completed?
- A . 21 days.
- B . 22 days.
- C . 27 days.
- D . 51 days.
An organization is considering the outsourcing of its business processes related to payroll and information technology functions .
Which of the following is the most significant area of concern for management regarding this proposed agreement?
- A . Ensuring that payments to the vendor are appropriate and timely for the services delivered.
- B . Ensuring that the vendor has complete management control of the outsourced process.
- C . Ensuring that there are means of monitoring the efficiency of the outsourced process.
- D . Ensuring that there are means of monitoring the effectiveness of the outsourced process.
A key advantage of developing a computer application by using the prototyping approach is that it:
- A . Does not require testing for user acceptance.
- B . Allows applications to be portable across multiple system platforms.
- C . Is less expensive since it is self-documenting.
- D . Better involves users in the design process.
According to IIA guidance, which of the following steps are most important for an internal auditor to perform when evaluating an organization’s social and environmental impact on the local community?
1) Determine whether previous incidents have been reported, managed, and resolved.
2) Determine whether a business contingency plan exists.
3) Determine the extent of transparency in reporting.
4) Determine whether a cost/benefit analysis was performed for all related projects.
- A . 1 and 3.
- B . 1 and 4.
- C . 2 and 3.
- D . 2 and 4.
At what point during the systems development process should an internal auditor verify that the new application’s connectivity to the organization’s other systems has been established correctly?
- A . Prior to testing the new application.
- B . During testing of the new application.
- C . During implementation of the new application.
- D . During maintenance of the new application.
Which of the following techniques would be least effective in resolving the conflict created by an internal audit client’s perception of the audit report as a personal attack on his management performance?
- A . The auditor should focus on the audit client as a person and understand him, rather than just concentrating on the problem.
- B . The auditor should make recommendations based on objective criteria, rather than based on a subjective assessment.
- C . The auditor should explore alternative solutions to address the audit problem, so the audit client has options.
- D . The auditor should take a flexible position on the recommendations and focus on resolving the issue by addressing the interests of the people concerned.
In an organization where enterprise risk management practices are mature, which of the following is a core internal audit role?
- A . Giving assurance that risks are evaluated correctly.
- B . Developing the risk management strategy for the board’s approval.
- C . Facilitating the identification and evaluation of risks.
- D . Coaching management in responding to risk.
A global business organization is selecting managers to post to various international (expatriate) assignments.
In the screening process, which of the following traits would be required to make a manager a successful expatriate?
1) Superior technical competence.
2) Willingness to attempt to communicate in a foreign language.
3) Ability to empathize with other people.
- A . 1 and 2 only
- B . 1 and 3 only
- C . 2 and 3 only
- D . 1, 2, and 3
Which of the following standards would be most useful in evaluating the performance of a customer-service group?
- A . The average time per customer inquiry should be kept to a minimum.
- B . Customer complaints should be processed promptly.
- C . Employees should maintain a positive attitude when dealing with customers.
- D . All customer inquiries should be answered within seven days of receipt.
Technological uncertainty, subsidy, and spin-offs are usually characteristics of:
- A . Fragmented industries.
- B . Declining industries.
- C . Mature industries.
- D . Emerging industries.
Which of the following statements best describes the frameworks set forth by the International Standards Organization?
- A . Globally accepted standards for industries and processes.
- B . Bridging the gaps among control requirements, technical issues, and business risks.
- C . Practical guidance and benchmarks for all organizations that use information systems.
- D . Frameworks and guidance on enterprise risk management, internal control, and fraud deterrence.
Which of the following distinguishes the added-value negotiation method from traditional negotiating methods?
- A . Each party’s negotiator presents a menu of options to the other party.
- B . Each party adopts one initial position from which to start.
- C . Each negotiator minimizes the information provided to the other party.
- D . Each negotiator starts with an offer, which is optimal from the negotiator’s perspective.
When developing an effective risk-based plan to determine audit priorities, an internal audit activity should start by:
- A . Identifying risks to the organization’s operations.
- B . Observing and analyzing controls.
- C . Prioritizing known risks.
- D . Reviewing organizational objectives.
Which of the following best describes an objective for an audit of an environmental management system?
- A . To assess whether an annual control review is necessary.
- B . To determine conformance with requirements and agreements.
- C . To evaluate executive management oversight.
- D . To promote environmental awareness.
An internal auditor performed a review of IT outsourcing and found that the service provider was failing to meet the terms of the service level agreement .
Which of the following approaches is most appropriate to address this concern?
- A . The organization should review the skill requirements and ensure that the service provider is maintaining sufficient expertise and retaining skilled resources.
- B . The organization should proactively monitor the performance of the service provider, escalate concerns, and use penalty clauses in the contract where necessary.
- C . The organization should ensure that there is a clear management communication strategy and path for evaluating and reporting on all outsourced services concerns.
- D . The organization should work with the service provider to review the current agreement and expectations relating to objectives, processes, and overall performance.
Which of the following describes the result if an organization records merchandise as a purchase, but fails to include it in the closing inventory count?
- A . The cost of goods sold for the period will be understated.
- B . The cost of goods sold for the period will be overstated.
- C . The net income for the period will be understated.
- D . There will be no effect on the cost of goods sold or the net income for the period.
If legal or regulatory standards prohibit conformance with certain parts of The IIA’s Standards, the auditor should do which of the following?
- A . Conform with all other parts of The IIA’s Standards and provide appropriate disclosures.
- B . Conform with all other parts of The IIA’s Standards; there is no need to provide appropriate disclosures.
- C . Continue the engagement without conforming with the other parts of The IIA’s Standards.
- D . Withdraw from the engagement.
The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?
- A . Risk acceptance.
- B . Risk sharing.
- C . Risk avoidance.
- D . Risk reduction.
Which of the following is the best reason for considering the acquisition of a nondomestic organization?
- A . Relatively fast market entry.
- B . Improved cash flow of the acquiring organization.
- C . Increased diversity of corporate culture.
- D . Opportunity to influence local government policy.
According to the ISO 14001 standard, which of the following is not included in the requirements for a quality management system?
- A . Key processes across the entity which impact quality must be identified and included.
- B . The quality management system must be documented in the articles of incorporation, quality manual, procedures, work instructions, and records.
- C . Management must review the quality policy, analyze data about quality management system performance, and assess opportunities for improvement and the need for change.
- D . The entity must have processes for inspections, testing, measurement, analysis, and improvement.
According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity?
- A . Access system security.
- B . Policy development.
- C . Change management.
- D . Operations processes.
For a multinational organization, which of the following is a disadvantage of an ethnocentric staffing policy?
1) It significantly raises compensation and staffing costs.
2) It produces resentment among the organization’s employees in host countries.
3) It limits career mobility for parent-country nationals.
4) It can lead to cultural myopia.
- A . 1 and 4 only
- B . 2 and 3 only
- C . 1, 2, and 3 only
- D . 1, 2, and 4 only
In order to provide useful information for an organization’s risk management decisions, which of the following factors is least important to assess?
- A . The underlying causes of the risk.
- B . The impact of the risk on the organization’s objectives.
- C . The risk levels of current and future events.
- D . The potential for eliminating risk factors.
Which of the following strategies would most likely prevent an organization from adjusting to evolving industry market conditions?
- A . Specializing in proven manufacturing techniques that have made the organization profitable in the past.
- B . Substituting its own production technology with advanced techniques used by its competitors.
- C . Forgoing profits over a period of time to gain market share from its competitors.
- D . Using the same branding to sell its products through new sales channels to target new markets.
Which of the following budgets must be prepared first?
- A . Cash budget.
- B . Production budget.
- C . Sales budget.
- D . Selling and administrative expenses budget.
Which of the following statements is false regarding the internal audit approach when a set of standards other than The IIA’s Standards is applicable to a specific engagement?
- A . The internal auditor may cite the use of other standards during audit communications.
- B . If the other standards are government-issued, the internal auditor should apply them in conjunction with The IIA’s Standards.
- C . If there are inconsistencies between the other standards and The IIA’s Standards, the internal auditor must use the more restrictive standards.
- D . If there are inconsistencies between the other standards and The IIA’s Standards, the internal auditor must use the less restrictive standards.
Which of the following statements regarding organizational governance is not correct?
- A . An effective internal audit function is one of the four cornerstones of good governance.
- B . Those performing governance activities are accountable to the customer.
- C . Accountability is one of the key elements of organizational governance.
- D . Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.