Multiple Choice. Select the letter of the correct answer.

1. The decisions and actions of an auditor are most likely to affect which of the following types of
risks:
a. Inherent
b. Detection
c. Control
d. Business
2. In planning an audit, the most critical step is the identification of
a. Areas of significant risk
b. Skill sets of the audit staff
c. Test steps in the audit
d. Time allotted for the audit
3. The auditor reviews an organizational chart PRIMARILY for:
a. Understanding the complexity of the organizational structure
b. Investigating various communication channels
c. Understanding the responsibilities and authority of individuals
d. Investigating the network connected to different employees
4. Which of the following responsibilities would most likely compromise the independence of an
auditor?
a. Participating in the design of the risk management framework
b. Advising on the different implementation techniques
c. Facilitating risk awareness training
d. Performing a due diligence review of the risk management process
5. An auditor is reviewing a project assessment and notices that the overall risk level is high due to
the confidentiality requirements. Which of the following types of risk is normally high due to the
number of users and business areas the project may affect:
a. Controls Risk
b. Compliance Risk
c. Inherent Risk
d. Residual Risk
6. In a risk-based audit, where both inherent and control risk have been assessed as high, an
auditor would most likely compensate for this scenario by performing additional
a. Stop-or-go sampling
b. Substantive testing
c. Compliance testing
d. Discovery Sampling
7. A financial institution with multiple branch offices has an automated control that requires the
branch manager to approve transactions more than a certain amount. What type of audit
control is this?
a. Detective
b. Preventive
c. Corrective
d. Directive
8. When auditing the archiving of the company’s email communications, the auditor should pay
the most attention to
a. The existence of data retention policy
b. The storage capacity of the archiving solution
c. Th level of user awareness concerning email use
d. The support and stability of the archiving solution manufacturer
9. The COSO framework consists of 5 components. Which is the exception?
a. Risk Assessment
b. Control Activities
c. Identification and Communication
d. Monitoring
e. Control Environment
10. The fraud triangle outlines three components that contribute to increasing the risk of fraud.
Which is not one of the three components?
a. Opportunity
b. Incentive
c. Conflict
d. Rationalization