IIA IIA-CIA-Part1 Exam Dumps

IIA IIA-CIA-Part1 Sample Question Answers

Question # 1

Some of a company's payroll transactions were batch posted to the payroll file but were not uploaded correctly to the general ledger file on the mainframe. The best control to detect this type of error would be. 

A. Edit controls on the payroll file.
B. Appropriate segregation of duties for batch approval.
C. Validation of hash totals.
D. Reconciliation of paychecks to the bank account.

Show Answer

Question # 2

Which of the following should be the primary objective of an audit of an entity's business continuity plan?

A. Cost of testing and updating the plan.
B. Delegation of responsibilities for the plan.
C. Relationship of the plan to risk exposures.
D. Efficiency of the planning procedures.

Show Answer

Question # 3

A daily report which lists unsuccessful attempts to log on to a computer system is A.  

A. Corrective control.
B. Preventive control.
C. Detective control.
D. Compensating control.  

Show Answer

Question # 4

Which of the following controls would most likely prevent the input of an unreasonable number oflabor hours into a costing system?

A. Recalculation tests during processing.
B. Programmed limit tests of input fields.
C. Reconciliation of input control totals.
D. Consistency checks of data in input fields.

Show Answer

Question # 5

Which of the following internal controls is likely to prevent pollution from waste disposal before it occurs, rather than detect it after it occurs? 

A. Identification of large budget variances in disposal costs for hazardous chemicals.
B. Restricted access to environmental department files.
C. Formal on-the-job training program conducted by the environmental staff.
D. Samples of water and solid waste taken daily with the results recorded in a log.

Show Answer

Question # 6

Which of the following is most likely to be an element of an effective compliance program? 

A. The internal audit activity is assigned responsibility for overseeing the program.
B. The program is communicated to employees in a video format on a one-time basis.
C. The organization uses monitoring systems designed to detect improper activity.
D. The organization obtains as much information as possible when performing background checks on employees.

Show Answer

Question # 7

Which of the following best describes the procedures used by the representatives of anorganization's stakeholders to provide oversight of the processes administered by management?

A. Governance
B. Control
C. Risk management
D. Monitoring

Show Answer

Question # 8

In assessing the independence of the internal audit activity, a member of a peer review teamshould consider all of the following factors except:

A. Access to and frequency of communications with the board of directors or its audit committee.
B. The criteria of education and experience considered necessary when filling vacant positions onthe audit staff.
C. The degree to which auditors assume operating responsibilities.
D. The scope and depth of engagement objectives for the audit engagements included in thereview.

Show Answer

Question # 9

Which of the following actions by a chief audit executive is most likely to prevent exaggeratedsales reports by division management?I. Hire a new internal auditor who has fraud investigation credentials.II. Assist the controller in developing and monitoring a series of business process indicators whichare historically correlated with, but independent of, sales.III. Announce a series of internal audit engagements focusing on compliance with corporate salesreporting policies.IV. Ask the president and the board to issue a statement of corporate policy stressing theimportance of accurate management reporting and the negative consequences of intentionalmisreporting.

A. I and IIonly
B. II and IIIonly
C. III and IVonly
D. I,II,III,and IV. 

Show Answer

Question # 10

It is important for a chief audit executive to seek formal approval from the board regarding an internal audit charter so that: 

A. The effectiveness of the internal audit activity can be measured.
B. The status of the internal audit activity can be more clearly established.
C. There is assurance that all internal audit activities will be completed.
D. Improvements can be implemented in internal audit processes.

Show Answer

Question # 11

When planning the work program for an assurance engagement, an internal auditor should first review the department's business objectives and then:

A. Identify risks.
B. Review controls.
C. Determine scope. 
D. Evaluate vulnerabilities.  

Show Answer

Question # 12

According to the International Professional Practices Framework, risk is:I. Defined as the negative effect of events that are expected to occur.II. Measured in terms of consequences.III. Measured in terms of likelihood.

A. Ionly
B. I and IIonly
C. II and IIIonly
D. I,II,and III.

Show Answer

Question # 13

The percentage of orders that are rush orders and the percentage of returns to total orders are examples of which of the following types of control activities? 

A. Quality control monitoring.
B. Direct functional management.
C. Benchmarking.
D. Performance indicators.

Show Answer

Question # 14

Risk within an internal audit engagement is defined as the:  

A. Probability that a balance or class of transactions and related assertions contain misstatementsthat could be material to the financial statements.
B. Uncertainty of an event occurring that could have an impact on the achievement of objectives.
C. Failure to adhere to organizational policies,plans,and procedures,or the failure to comply withrelevant laws and regulations.
D. Failure to accomplish established objectives and goals for operations or programs.

Show Answer

Question # 15

Reportable audit findings must be:I. Documented by facts.II. Supported by relevant evidence.III. Agreed to by management of the audited area.IV. Convincing enough to compel corrective action.

A. I and IVonly
B. II and IIIonly
C. I,II,and IVonly
D. I,II,III,and IV.

Show Answer

Question # 16

A dental insurance provider has implemented an electronic claim submission process and is concerned that dentists are submitting claims for services that were not provided. Which of the following control procedures would be most effective in preventing this type of fraud? 

A. Develop a program that identifies procedures performed on an individual which are either inexcess of expectations based on the age of the insured or are similar to other procedures recentlyperformed on the individual.
B. Require all submitted claims to be followed by a signed statement by the dentist testifying to thefact that the claimed procedures were performed.
C. Send confirmations to the dentists requesting them to confirm the exact nature of the claimssubmitted to the insurance provider. 
D. Develop an integrated test facility and submit false claims to verify that the system is detecting such claims on a consistent basis.  

Show Answer

Question # 17

Which of the following elements is important for an internal auditor to consider when performing aprivacy risk assessment of an organization?I. Areas where personal information is collected, used, stored, and disseminated.II. Inherent risk.III. Privacy practices of competitors.IV. Third-party recipients of information.

A. IIIonly
B. I and IIonly
C. I,II,and IVonly
D. I,II,III,and IV.

Show Answer

Question # 18

When developing an effective risk-based plan to determine audit priorities, an internal audit activity should start by: 

A. Identifying risks to the organization's operations.
 B. Observing and analyzing controls. 
C. Prioritizing known risks.
D. Reviewing organizational objectives.

Show Answer

Question # 19

Which of the following audit findings would have the least impact (either positive or negative) on a department's control environment? 

A. The department makes long-term investment risk decisions to maximize return on investment.
B. The department manager sets and demonstrates a tone of honesty and integrity in all businessdealings.
C. Many department functions are duplicated or verified by other department employees.
D. Deficiencies were found in the appropriate authorization of transactions.

Show Answer

Question # 20

If management has not established a risk management process, the internal audit activity could.  

A. Take a proactive role that supplements traditional assurance activities.
B. Identify and mitigate risks to the organization.
C. Assume responsibility for the management of identified risks.
D. Assume primary responsibility for determining if adequate and effective processes are in place.

Show Answer

Question # 21

According to the Standards, which of the following must an internal auditor take into considerationwhen performing an assurance engagement of treasury operations?I. The audit committee has requested assurance of the treasury department's compliance with anew policy on the use of financial instruments.II. Treasury management has not instituted any risk management policies.III. Due to the recent sale of a division, the amount of cash and marketable securities managed bythe treasury department has increased by 350 percent.IV. The external auditors have indicated some difficulties in obtaining account confirmations

A. I and IIonly
B. I and IVonly
C. I,II,and IIIonly
D. II,III,and IVonly

Show Answer

Question # 22

Which of the following is the primary concern of an internal auditor in a comprehensive audit of an organization? 

A. Accuracy of reports on the source and use of funds.
B. Extent of achievement of the organization's mission.
C. Confirmation of compliance with policies and procedures.
D. Appropriateness of procedures related to the budgeting process.

Show Answer

Question # 23

The main reason to establish internal controls in an organization is to:  

A. Encourage compliance with policies and procedures.
B. Safeguard the resources of the organization.
C. Ensure the accuracy,reliability,and timeliness of information.
D. Provide reasonable assurance on the achievement of objectives.

Show Answer

Question # 24

The best reason for separating the cash-receiving function from the related record-keepingfunction is to: 

A. Segregate cash payments from cash receipts.
B. Provide accountability for cash received.
C. Minimize misappropriations in cash receipts.
D. Improve physical security over the cash-receiving function.

Show Answer

Question # 25

The chief commodity trader for a large energy company learns from a friend that a competitor willlikely fail its upcoming regulatory audit and will be forced to temporarily decrease production. If theinformation is true, the trader has short-term opportunities to make trades that will financiallybenefit the trader's company and will lead to a substantial increase in the trader's performancebonus. However, if the information is not true, making the trades will significantly increase thecompany's risk of being caught in a long position. From an ethical perspective, which of thefollowing would be the most appropriate course of action for the trader to take?

A. Make the trade because the company and the trader will both benefit.
B. Have another trader on staff make the trade in order to avoid a conflict of interest.
C. Disclose the information to the risk oversight committee but proceed with the trade to capitalizeon the opportunity.
D. Defer the decision to management and risk the loss of the trading opportunity.

Show Answer

Question # 26

Which of the following elements should an auditor recommend for inclusion in an organization'scode of ethics?I. Ethics should vary with local customs in the organization's foreign operations.II. Whistle-blowing should be discouraged because it can cause distrust among employees andfalse accusations which waste organizational resources on investigations.III. Ethical behavior should not be incorporated into performance evaluations because it is toosubjective and controversial.

A. Ionly
B. IIonly
C. I,II,and III. 
D. None of the above.  

Show Answer

Question # 27

Which of the following statements is correct regarding corporate compensation systems andrelated bonuses?I. A bonus system should be considered part of the control environment of an organization andshould be considered in formulating a report on internal control.II. Compensation systems are not part of an organization's control system and should not bereported as such.III. An audit of an organization's compensation system should be performed independently of anaudit of the control system over other functions that impact corporate bonuses.

A. Ionly
B. IIonly
C. IIIonly
D. II and IIIonly

Show Answer

Question # 28

The primary reason that a chief audit executive (CAE) reviews external audit management letters and management response is to: 

A. Select areas to emphasize in future internal audit engagements.
B. Check the effectiveness of external audit resources used.
C. Ensure that comments in the letter are supported by evidence.
D. Verify that there has been no duplication of internal audit work. 

Show Answer

Question # 29

Management should be included in the development of the audit plan in order to:  

A. Provide assurance that past audit recommendations have been properly implemented.
B. Select the audit tests that will be used for each engagement.
C. Verify that the highest risks are included in the risk-based audit plan.
D. Guarantee access to the organization's sites and records for audit work.

Show Answer

Question # 30

Which fraudulent act is designed primarily to benefit the organization? 

A. Fictitious sale or assignment of assets.  
B. Authorization of payment for hours not worked.  
C. Theft or misappropriation of funds.  
D. Acceptance of bribes or kickbacks.  

Show Answer

Question # 31

While conducting an audit, an internal auditor notices an unusual increase in sales among a small number of units within the organization. The units also experienced persistent negative cash flows despite reported earnings and earnings growth. Which type of fraud do the auditor's findings most likely indicate? 

A. Employee collusion with customer organizations.  
B. Improper asset valuation.  
C. Inventory theft.  
D. Fictitious revenues.  

Show Answer

Question # 32

The chief audit executive (CAE) routinely provides activity reports to the board during quarterly board meetings. Senior management has asked to review the CAE's board presentation before each board meeting so that any issues or questions can be discussed beforehand. The CAE should: 

A. Provide the activity reports to senior management as requested and discuss any issues thatmay require action to be taken.
B. Not provide activity reports to senior management because such matters are the sole provinceof the board.
C. Disclose only those matters in the activity reports that pertain to expenditures and financialbudgets of the internal audit activity.
D. Provide information to senior management that pertains only to completed audit engagementsand observations available in published engagement final communications. 

Show Answer

Question # 33

An internal auditor for a large computer company suspects that returned computer systems are being repackaged as new products and shipped to other customers before the defects have been 138 repaired. Which of the following would be the most persuasive piece of evidence in support of the auditor's suspicions?

A. Credit memos issued after year end for goods shipped before year end.  
B. Evidence of returned goods in the shipping and receiving area.  
C. An unusual number of customer complaints.  
D. The results of a complete physical inventory taken at year end.  

Show Answer

Question # 34

A product manager occasionally overrides established purchasing policies in order to expedite the introduction of new products in a competitive industry. The manager's overrides are:

A. Unacceptable as they are not consistent with the purchasing policy.  
B. Only acceptable if the override is within the manager's spending limit.  
C. Only acceptable if a policy governing such overrides is in place and they are reported.  
D. Acceptable due to the highly competitive nature of the industry.  

Show Answer

Question # 35

Which of the following is accomplished by the internal audit charter? 

A. It establishes the audit committee’s position within the organization.  
B. It authorizes access to records,personnel and physical properties relevant to the performance of engagements. 
C. It defines the scope of internal and external audit activities.  
D. It states the nature of the chief audit executive’s administrative reporting relationship with the board.

Show Answer

Question # 36

Which of the following is the responsibility of an internal auditor? 1. Assist operating management in implementing audit recommendations.2. Provide management with value-added analysis to improve operations. 3. Become an advocate for changes to the internal audit activity charter. 4. Disclose non-financial risks that may be identified during the course of an engagement.  

A. 1 and 3 only  
B. 2 and 4 only  
C. 1,2,and 4 only  
D. 1,2,3,and 4  

Show Answer

Question # 37

COBIT is primarily designed to: 

A. Define auditing standards for information technology auditors.`  
B. Satisfy information technology regulatory requirements.  
C. Provide guidance to govern information technology activities.  
D. Assist technology professionals in interpreting technological specifications.  

Show Answer

Question # 38

An internal auditor is testing the controls of a large and complex food production process where quality assurance is critical. Management provides process charts and documentation, but the auditor quickly determines that this information is incomplete and out of date. Which of the following would be the most appropriate course of action for the auditor to follow?

A. Use the documentation but meet with the production supervisor to obtain updated information before proceeding. 
C. Defer the audit until management can provide updated charts and documentation as this is their responsibility.
D. Use the documentation but use observation during the engagement to provide missing information. 

Show Answer

Question # 39

Management has decided to invest significant capital in a new and innovative large computer system. They understand that they are one of the first organizations to implement this system, but they believe the benefits outweigh the uncertainty over the performance and reliability of the software. This decision best describes which aspect of risk management? 

A. Risk appetite.  
B. Risk tolerance.  
C. Residual risk.  
D. Inherent risk.  

Show Answer

Question # 40

An internal auditor is gathering evidence for an organization's internal audit engagement and requests a sample of vendor invoices from the organization. Which of the following is true regarding the reliability of this evidence? 

A. The invoices have zero reliability.  
B. The invoices have low reliability.  
C. The invoices have medium reliability.  
D. The invoices have high reliability.  

Show Answer

Question # 41

Which of the following processes should be included in a benchmarking activity?I. Identify key measures.II. Collect data on performances and practices.III. Identify opportunities for improvement.

A. IIonly
B. I and IIIonly
C. II and IIIonly
D. I,II,and III.

Show Answer

Question # 42

In a well-developed management environment, the internal audit activity would.  

A. Report the results of audit engagements to line management as well as to senior management.
B. Conduct regularly scheduled audits of existing systems and initial audits of new computersystems after they have begun operating.
C. Interface primarily with senior management,minimizing interactions with line managers who arethe subjects of internal audit work.
D. Focus on the maintenance of accounting controls (such as segregation of the duties ofauthorization,recording,and custody) and report results to the audit committee. 

Show Answer

Question # 43

An internal auditor is assessing the risk of employees falsifying reimbursement requests for business-related meals or travel. Which of the following procedures would the internal auditor most likely perform first?

A. Review the supplemental documentation provided for a sample of reimbursement requests.  
B. Interview the payroll/accounting supervisor to determine what controls exist to prevent fraud.  
C. Determine whether or not the payroll/accounting department has been subject to regular review
D. Establish a flowchart of the payroll/accounting functions that include any controls currently in place.

Show Answer

Question # 44

In order to effectively handle conflict between audit team members, an audit team leader should:  

A. Avoid addressing the conflict until the leader is sure that there is a problem.  
B. Be assertive and keep the team members focused on a resolution.
C. Ask one of the team members to resolve the issue by being more conciliatory.
D. Transfer one of the team members to another assignment.

Show Answer

Question # 45

Which of the following is a key performance indicator for an internal audit function? 

A. Audit expenditures compared to financial budgets.
B. Percent of required continuing education hours completed.
C. Implementation of new audit computer software.
D. Frequency of meetings with the board members.

Show Answer

Question # 46

Which of the following is the most important limitation on the effectiveness of audit committees?

A. Audit committees may be composed of independent directors; however,those directors mayhave close personal and professional friendships with management.
B. Audit committee members are compensated by the organization and thus favor a stockholderview.
C. Audit committees devote most of their efforts to external audit concerns and do not pay muchattention to internal auditing and the overall control environment.
D. Audit committee members do not normally have degrees in the accounting or auditing fields.

Show Answer

Question # 47

A chief audit executive (CAE) is obtaining information required by a regulatory oversight body and discovers a situation that requires management to take immediate corrective action. What is the best course of action for the CAE to take?

A. Wait until all of the information has been gathered and reported to the oversight body beforereporting the situation to management.
B. Check with legal counsel to determine whether the situation can be reported to managementbefore all information has been submitted to the oversight body.
C. Report the situation to management immediately. 
D. Schedule an engagement to explore the situation in depth,before reporting to eithermanagement or the oversight body.

Show Answer

Question # 48

The primary role of the internal audit activity in regard to an organization's ethical climate is to:  

A. Participate as chief ethics officer.
B. Periodically assess the ethical climate.
C. Utilize surveys to evaluate employee ethics.
D. Demonstrate ethical behavior.

Show Answer

Question # 49

Which of the following statements, if true, could justify an auditor's decision not to report governance-related control deficiencies to the audit committee? 

A. Management plans to initiate corrective action.
B. The board of directors has a separate corporate governance committee.
C. The amounts and the potential risks associated with the deficiencies are not material to theoverall organization.
D. Governance issues are complex and the auditor should rely on management's analysis of theextent of the problem.

Show Answer

Question # 50

According to the International Professional Practices Framework, a primary purpose of evaluating the adequacy of an organization's risk management, control, and governance processes is to determine if it: 

A. Was designed to ensure compliance with policies,plans,procedures,laws,and regulations.
B. Provides reasonable assurance that the organization's objectives will be met.
C. Mitigates inherent risk.
D. Assures the reliability and integrity of information used by management.

Show Answer

Question # 51

In addition to data protection, which of the following is a control that is typically used by companiesto safeguard the privacy rights of their customers?I. End-user computing.II. Encryption of data.III. Spyware.IV. Intrusion detection.

A. IIonly
B. I and IIIonly
C. II and IVonly
D. I,II,and IVonly

Show Answer

Question # 52

A company has established its environmental audit activity as part of its legal department rather than part of its internal audit activity, which reports to the audit committee. The board has requested that the chief audit executive (CAE) provide an annual opinion on whether environmental risks are being properly addressed. In these circumstances, the CAE should recommend to the audit committee that the internal audit activity:

A. Review the recommendations in all environmental audit reports.
B. Discuss with the environmental auditors the results of their reviews.
C. Periodically carry out a quality assessment of the environmental audit activity.
D. Include a review of environmental issues in some internal audit engagements.

Show Answer

Question # 53

Which statement most accurately describes how criteria are established for use by internal auditors in determining whether goals and objectives have been accomplished? 

A. Management is responsible for establishing the criteria.
B. Internal auditors should use professional standards or government regulations to establish thecriteria.
C. The industry in which a company operates establishes criteria for each member company through benchmarks and best practices for that industry. 
D. Appropriate accounting or auditing standards,including international standards,should be used as the criteria.

Show Answer

Question # 54

An internal audit activity encounters a scope limitation from senior management that will affect its ability to meet its goals and objectives for a potential engagement client. The nature of the scope limitation should be. 

A. Noted in the audit workpapers,but the engagement should be carried out as scheduled,with anynecessary adjustments made based on the scope limitation.
B. Communicated to the external auditors so that they can investigate the area in more detail.
C. Communicated,preferably in writing,to the board.
D. Communicated to management,stating that the limitation will not be accepted because it wouldimpair the audit activity's independence.

Show Answer

Question # 55

A major difference between enterprise risk management and traditional risk management lies inthe narrow focus of traditional risk management on:I. Property and liability risks.II. Risks with insurance solutions.III. Risks impacting organizational objectives.

A. I and IIonly
B. I and IIIonly
C. II and IIIonly
D. I,II,and III.

Show Answer

Question # 56

When performing benchmarking during the planning phase of a performance audit, an internal auditor should: 

A. Determine the current performance gap.
B. Project future performance levels.
C. Develop functional action plans.
D. Identify comparative organizations.

Show Answer

Question # 57

Which of the following would provide the best assessment of an organization's ethical climate? 

A. Number of years that directors have been appointed to the board.
B. Evidence of training provided to the board of directors on ethical issues.
C. Clarity and consistency of consequences imposed by the board of directors for ethicalviolations. 
D. Frequency of fraud reported and results of subsequent investigations.  

Show Answer

Question # 58

Which of the following would be the most effective action for an internal audit activity to take inorder to assist in improving an organization's ethical climate?I. Review formal and informal processes within the organization that could promote unethicalbehavior.II. Conduct surveys of employees, suppliers, and customers regarding ethics.III. Assess the employees' knowledge of and compliance with the organization's code of conduct.

A. Ionly
B. I and IIonly
C. II and IIIonly
D. I,II,and III.

Show Answer

Question # 59

A chief audit executive used risk assessment to prepare the audit work schedule. Which of the following would be the least appropriate reason to modify the schedule? 

A. Need for coordination of audit activities with the external auditors.
B. Request for postponement since the audit would be too complicated.
C. Change in the relative risk of auditable activities during the year.
D. Budget constraints or expansions.

Show Answer

Question # 60

Which of the following factors related to an organization's performance management system would not contribute to the organization's success?

A. Performance management is linked to competence and knowledge management.
B. Subordinates and superiors have shared responsibility for the performance managementprocess.
C. Staff members own the performance management process,thereby ensuring implementationand accountability.
D. Performance management is integrated into other organizational processes and humanresource processes.

Show Answer

Question # 61

When reviewing operational risk for a department whose manager adopts a laissez-faire style of leadership, it is most important for the internal auditor to verify that:

A. Employee decisions follow department and company guidelines.
B. The manager considers employees' input when designing new procedures.
C. Employees are empowered to deal with unusual or emergency situations.
D. Management has adopted an open-door policy to assist with communication.

Show Answer

Question # 62

A chief audit executive (CAE) is planning to issue an annual report concluding on the overall effectiveness of the organization's internal control system. According to the Standards, which of the following is likely the most significant challenge facing the CAE when creating the report? 

A. The opinion must include difficult to measure risks such as the risks of management override of controls,and collusion among dishonest personnel. 
B. The opinion is dependent on complex analyses of numerous internal audit engagements carried out over the prior year. 
C. The opinion is only issued once a year,limiting its usefulness. 
D. Assessing control effectiveness is complicated by inherent risks.  

Show Answer

Question # 63

Which of the following situations would most likely result in the auditor in charge (AIC) recommending that the staff auditor further investigate non-compliant items? 

A. A staff auditor conducted a test of 25 non-statistical sample items,selected judgmentally,and 5 are not in compliance with organizational policy. 
B. A staff auditor conducted a test of 85 non-statistical sample items,selected randomly,and 5 are not in compliance with organizational policy. 
C. Before the staff auditor conducted a test of statistical sample items,the AIC was already aware of underlying control weaknesses. 
D. A staff auditor conducted a test of statistical sample items,the results of which fall below the acceptable error rate by less than one percentage point. 

Show Answer

Question # 64

Which of the following represents the most useful function of inventory turnover analysis?

A. Identifying excess inventory,including obsolete inventory.  
B. Determining the best supplier of raw materials based on cost comparison.  
C. Creating new staffing positions for inventory support.  
D. Developing more efficient methods for manufacturing finished products.  

Show Answer

Question # 65

Which of the following represents the most useful function of inventory turnover analysis?

A. Identifying excess inventory,including obsolete inventory.  
B. Determining the best supplier of raw materials based on cost comparison.  
C. Creating new staffing positions for inventory support.  
D. Developing more efficient methods for manufacturing finished products.  

Show Answer

Question # 66

Which of the following should be the first step that an internal auditor takes to establish data integrity when building an audit working copy of a large database?

A. Search for anomalies in the extracted information.
B. Verify that all required data was downloaded.
C. Review the data for statistical patterns.
D. Ensure that the data is efficiently organized within the database.

Show Answer

Question # 67

Which of the following is a limitation of using observation as a manual audit procedure? 

A. Observation provides information at a certain time and makes it difficult to draw representative conclusions. 
B. Observation is not as persuasive as inquiry due to a lack of direct evidence.  
C. Observation is performed specifically to test the validity of documented or recorded information.  
D. Observation may cause individuals to behave less critically or carefully if they are aware that other forms of manual audit procedures have already taken place. 

Show Answer

Question # 68

An internal auditor is planning an operational audit of the accounts payable function. Which of the following best mitigates the risk of the organization being a victim of disbursement fraud by employees?

A. Accounts payable payment records are checked against supplier invoices.  
B. Accounts payable are aged by vendors.  
C. The accounts payable trial balance is reconciled to the general ledger.  
D. The accounts payable function is properly segregated from the cash custody function.  

Show Answer

Question # 69

According to IIA guidance, which of the following best describes how risks are measured? 

A. Likelihood and probability.  
B. Impact and relevance.  
C. Velocity and rate of occurrence.  
D. Likelihood and impact.  

Show Answer