IIA IIA-ACCA ACCA CIA Challenge Exam Exam Practice Test

$1.480.000

$1 500 000

$1,610.000

$1650 000

Determining the trends that will influence key factors in the organization's environment.

Selecting the issue or decision that will impact how the organization conducts future business.

Selecting leading indicators to alert the organization of future developments.

Identifying how customers, suppliers, competitors, employees, and other stakeholders will react.

Cash discounts.

Quantity discounts.

Functional discounts.

Seasonal discounts.

A sense of achievement.

Promotion.

Recognition.

An incremental increase in salary.

Management assurance on risks.

Implementing risk responses on behalf of management.

Providing assurance that risks assessed are correctly evaluated.

Setting the risk appetite.

The distorted unit cost of a service is 50 percent lower than the true cost, while the true cost is 50 percent higher than the competition's cost.

The organization is losing $1,000,000 annually because it incorrectly outsourced an operation based on information from its current system.

The cost of rework, hidden by the current system, is 50 percent of the total cost of all services.

50 percent of total organizational cost has been allocated on a volume basis.

Lack of flexibility.

Incompatibility with client/server technology.

Employee resistance to change.

Inadequate technical support.

Users determine the optimal level of safety stocks.

They are applicable only to large organizations.

They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

They rely heavily on high quality materials.

1 only

4 only

1 and 4 only

1, 2, and 3 only

Unrealized expectations can be avoided with open and honest discussion.

Reorganization would probably not help ambiguous or overlapping jurisdictions.

Deferring action should be used until there is sufficient time to fully deal with the issue.

Timely and unambiguous clarification of roles and responsibilities will eliminate most interpersonal conflict.

Empathetic listening.

Reframing.

Reflective listening.

Dialogue.

$34,000

$51,000

$60,000

$320,000

Giving assurance that risks are evaluated correctly.

Developing the risk management strategy for the board's approval.

Facilitating the identification and evaluation of risks.

Coaching management in responding to risk.

Y should be listed as an investment asset on X's balance sheet

X must consolidate the financial statements for both organizations

Y should be reported as a footnote to X's financial statements

Y should not be reported by X as X does not have a controlling interest

That do not have to be repaid for over one year.

That appear to be too risky for most lenders to consider.

Granted on the basis of a company's credit standing.

Backed by mortgaged assets.

1 and 2 only

1 and 3 only

2 and 3 only

1, 2, and 3

Embryonic, focused.

Fragmented, decline.

Mature, fragmented.

Competitive, embryonic.

Authorization.

Identification.

Verification.

Validation.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

1 only

4 only

2 and 4

3 and 4

The framework categorizes an organization's objectives to distinct, non overlapping objectives.

Control environment is one of the framework's eight components.

The framework facilitates effective risk management, even if objectives have not been established.

The framework integrates with, but is not dependent upon, the corresponding internal control framework.

Avoidance.

Reduction.

Elimination.

Sharing.

There is a greater need Kr organizations to rely on users to comply with policies and procedures.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

Incident response times are less critical in the BYOD environment. compared to a traditional environment

There is greater sharing of operational risk in a BYOD environment.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

The business continuity management charter.

The business continuity risk assessment plan

The business impact analysis plan

The business case for business continuity planning

Lack of awareness of the state of processing.

Increased cost and complexity of network traffic.

Interference of the mirrored data with the original source data.

Confusion about where customer data are stored.

A zero-based budget provides estimates of costs that would be incurred under different levels of activity.

A zero-based budget maintains focus on the budgeting process.

A zero-based budget is prepared each year and requires each item of expenditure to be justified.

A zero-based budget uses input from lower-level and middle-level managers to formulate budget plans.

Filtering.

Communication overload.

Similar frames of reference.

Lack of source credibility.

Systems-based preventive control.

People-based preventive control.

Systems-based detective control.

People-based detective control.

Full cost

Full cost plus a markup.

Market price of the product

Variable cost plus a markup

To gain access to a wider variety of skills, competencies and best practices.

To complement existing expertise with a required skill and competency for a particular audit engagement.

To focus on and strengthen core audit competencies.

To provide the organization with appropriate contingency planning for the internal audit function.

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

Operational management, because they are responsible for the day-to-day management of the operational risks.

The CRO, because he is responsible for coordinating and project managing risk activities based on his specialized skills and knowledge.

The chief audit executive, although he is not accountable for risk management in the organization.

The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed tolerance limits set by the board.

1 and 3 only

1 and 4 only

2 and 3 only

2 and 4 only

Assert whether the described and reported control processes and systems exist.

Assess whether senior management adequately supports and promotes the internal control culture described in the report.

Evaluate the completeness of the report and management's responses to identified deficiencies.

Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.

Improper segregation of duties.

Incentives and bonus programs.

An employee's reported concerns.

Lack of an ethics policy.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

The amount of experience the auditors have conducting audits in the specific area of the organization.

The availability of the auditors in relation to the availability of key client staff.

Whether the budgeted hours are sufficient to complete the audit within the current scope.

Whether outside resources will be needed, and their availability.

1 and 2

1 and 3

2 and 3

2 and 4

Verify that amounts are correct.

Verify that payments are on time.

Verify that recipients are valid employees.

Verify that benefits deductions are accurate.

All assurance engagement observations should be communicated to the audit committee.

All assurance engagement observations should be included in the main section of the engagement communication.

During the "communicate" phase of an assurance engagement, it is best to define the methods and timing of engagement communications.

A detailed escalation process should be developed during the planning stage of an assurance engagement.

The internal audit risk assessment and audit plan for the next fiscal year.

The internal audit budget and resource plan for the coming fiscal year.

A request for an increase of the CAE's salary for the next fiscal year.

The evaluation and compensation of the internal audit team.

1 and 2 only

1 and 3 only

2 and 3 only

1, 2, and 3

Scheme.

Opportunity.

Rationalization.

Pressure.

To help develop process maps.

To determine segregation of duties.

To identify residual risks.

To test the adequacy of controls.

Independently evaluating conflicts of interests.

Assessing contracts for relevant terms and conditions.

Performing statistical analysis for data anomalies.

Preparing evidentiary documentation.

1 only

4 only

1 and 3

2 and 4

Coach management in responding to risks.

Develop risk management strategies for board approval.

Facilitate identification and evaluation of risks.

Evaluate risk management processes.

1 and 2

2 and 4

1, 2, and 3

2, 3, and 4

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

CSA allows management to have input into the audit plan.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

CSA can improve the control environment.

CSA increases control consciousness.

Audit criteria should be consistent across audit assignments.

Audit criteria should represent reasonable standards against which to assess existing conditions.

Audit criteria should provide flexibility but allow identification of nonadherence.

Audit criteria should equate to good or acceptable management practices.

Risks are discussed with audit client.

All available information from the risk-based plan is used.

Client efforts to affect risk management are considered.

Prior risk assessments are considered.

1 only

1 and 2 only

1 and 3 only

1, 2, 3, and 4

The audit committee of the board.

The environmental, health, and safety manager.

The organization's external environmental lawyers.

The organization's insurance department.

The organization's audit universe is extensive and diverse.

There has been an increase in unanticipated requests for advisory work.

Previous work provided by the external service provider has been of great quality and value.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

The CAE should send the final report to operational and senior management and the audit committee.

The CAE should send the final report to operational management only, as there is no need to communicate this information to higher levels.

The CAE should notify operational and senior management that the audit engagement was completed with no significant findings to report.

The CAE should send the final report to operational management and notify senior management and the audit committee that no significant findings were identified.

The CAE has no role to play, because the chief health and safety officer reports to a senior executive.

The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.

The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.

The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.

To evaluate controls regarding the computer security of an oil refinery.

To examine the processes involved in exploring, developing, and operating a gold mine.

To assess the likelihood and impact of events associated with operating a finished goods warehouse.

To link a financial institution's business objectives to a work unit responsible for the associated risk.

Due professional care.

Individual independence.

Individual objectivity.

Organizational independence.

The auditor performs thorough reviews and provides absolute assurance of regulatory compliance.

The auditor is alert to the possibility of fraud and activities where irregularities are most likely to occur.

The auditor recommends improvements for all of the organization's procedures and practices.

The auditor is cognizant of reducing travel expenses by combining a personal vacation with a business trip.

It replaces primary controls that are either ineffective or cannot fully mitigate a risk.

It partially reduces the residual risk level when a key control does not operate effectively.

lt combines with other controls to help reduce significant risk exposures to an acceptable level.

It helps to ensure the completeness and accuracy of automated controls in a system environment.

Higher inventory turnover.

Higher operating margin.

Lower obsolete stock disposal.

Lower sales volume.

Internal auditor integrity enables stakeholders to constantly question the work of the internal audit activity.

Internal auditor integrity enables the internal auditor to avoid being challenged by any party in the organization.

Internal auditor integrity enables the internal audit activity to be able to demonstrate independence.

Internal auditor integrity enables users of internal auditors' work to make important business decisions.

The sample to be representative of the population.

The sample to be selected haphazardly.

A smaller sample size than if selected using statistical sampling.

Projecting the results to the population.

The external assessment results are reported upon completion in confidence directly to the board, and senior management is advised only of the recommendations and improvement action plans.

The results of self-assessments with independent external validation are shared with the board upon completion, and monitoring of recommended improvements must be reported monthly.

The external assessment results are communicated upon completion to senior management and the board, but action plans for recommended improvements do not have to be reported.

The requirements for reporting quality assessment results are the same for external assessments and self-assessments with independent external validation.

Communication.

Persuasion and collaboration.

Business acumen.

Governance, risk, and control.

Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization's risk appetite.

Evaluate the organization's governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization's risk appetite.

Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.

Assess whether governance activities are aligned with the organization's risk appetite and take into consideration emerging risks.

The chief audit executive (CAE) should review all work performed by the auditor during her temporary assignment to ensure no impairments.

The CAE may conduct audits in the purchasing department during the auditor's temporary assignment.

The auditor should obtain the CAE's approval as to the nature and scope of the duties she is permitted to perform during her temporary assignment.

Any work performed by the auditor during her temporary assignment must conform to the internal audit charter.

Act as an adviser to the committee responsible for reviewing violations of the code.

Review and adjudicate all violations of the code of conduct.

Lead the committee responsible for the oversight of the code.

Implement a system of procedures to inform all employees of the code.

An internal auditor assessed the effectiveness of controls over payroll software, which he had helped implement with a previous employer.

An internal auditor participated in an audit of controls around absenteeism, despite providing some consultation on controls in this area earlier in the year.

An internal auditor performed an assurance engagement for the effectiveness of accounts payable access controls, one of which he previously helped to design.

An internal auditor, previously employed in the quality assurance operations area, performed a consulting engagement for the operations manager.

1 and 4 only

2 and 3 only

1, 2, and 3 only

1, 2, 3, and 4

An employee includes a faked receipt in his expense claim, and the claim is signed by the employee's manager.

A vendor inflates the price of an item and remits a portion of the excess to the purchasing manager.

A vendor sends a duplicate invoice with a new invoice number, and the accounts payable system fails to detect the duplication.

An employee works with the IT manager to develop a program for identifying duplicate invoice payments.

An internal auditor reports both functionally and administratively to the chief financial officer (CFO).

An internal auditor, who was an accounts receivable intern for the organization three years prior, performs an audit of the accounts receivable cycle.

According to policy, the internal auditor must obtain approval from the CFO prior to requesting information for internal audit purposes.

An internal auditor performs an audit in a department that is led by the auditor's close friend.

Unauthorized overtime.

Fictitious employees.

Unearned bonuses or commissions.

Skimming.

Adequate signs are in place to assist in locating safety equipment.

Servers are secured individually to their racks by locks.

Foam fire extinguishers are operable to protect against electrical fires.

Swipe card access is required to gain access to the server room.

Manage and support a quality assurance and improvement program.

Maintain industry-specific knowledge appropriate to the audit engagements

Set clear performance standards for internal auditors and the internal audit activity.

Apply problem-solving techniques for routine situations.

Variability tolerance.

Ratio estimation.

Stratification.

Acceptance sampling.

1 and 2.

1 and 3.

2 and 3.

3 and 4.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees.

Review the investigation and implement any improvements to the process.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

Determine why The fraud was not detected earlier and design controls to strengthen early detection.

Exiting a marketplace.

Recalling a product.

Obtaining product insurance.

Outsourcing production.

The core competencies outlined in the framework are not expected of a person undertaking an entry-level position as an internal auditor.

The framework is designed to be used primarily by chief audit executives that are developing indicators to measure the performance of the internal audit activity for which they are responsible.

The framework lists the core competencies internal auditors should possess before attempting to attain The IIA's Certified Internal Auditor certification.

The framework describes competencies needed for individual internal auditors, but not those necessary at the chief audit executive level.

Disclose the deficiency, and request that the investigation be reassigned to the first line of defense.

Proceed with the investigation, as internal auditors are not required to have fraud expertise.

Outsource the sensitive investigation to a third-party consultant with fraud expertise.

Select a member of the accounting department who is not involved in the fraud to join the investigation team in a consulting capacity.

Attending annual professional conferences and seminars.

Participating in on-the-job training in various departments of the organization.

Pursuing as many professional certifications as possible.

Maintaining membership in The HA and similar professional organizations and subscribing to relevant email updates or news feeds.

Conduct anti-fraud training.

Perform background investigations.

Implement process controls.

Activate a whistleblower hotline.

1 and 2.

1 and 4.

2 and 3.

3 and 4.

Postpone the audit until the CAE hires internal audit staff with the required knowledge.

Ask the audit committee to decide the course of action.

Select the most experienced auditors in the department to perform the engagement.

Hire consultants who possess the required knowledge to perform the engagement.

Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions.

The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff.

Security cameras that monitor cash handling at the register are not functioning.

The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff.

A budget.

A risk assessment.

The board of directors.

The control environment.