Professional Documents
Culture Documents
II. A level of assurance that is supported by generally accepted auditing procedures and judgments.
III. A body of guiding principles that form a template against which organizations can evaluate a
multitude of business practices.
IV. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain
whether the components of internal control are present and functioning.
A. I only
B. I and IV only
C. II and IV only
D. I, II, III, and IV
40. When assessing the risk associated with an activity, an internal auditor should:
A.Determine how the risk should best be managed
B.Provide assurance on the management of the risk
C.Update the risk management process based on risk exposures
D.Design controls to mitigate the identified risks
41. Internal auditors provide their financial reporting assurance services primarily for the benefit
of: (Select all correct answers)
A. Third parties
B. Management
C. Board of directors
D. Employees
42. An effective system of internal controls is most likely to detect a fraud perpetrated by a:
A. Group of employees in collusion
B. Single employee
C. Group of managers in collusion
D. Single manager
43. Enterprise risk management
A. Guarantees achievement of business objectives
B. Requires establishment of risk and control activities by internal auditors
C. Includes selection of best risk response for the organization
D. Involves the identification of events with negative impacts on business objectives.
44. What is residual risk?
A. Impact of risk.
B. Risk that is under control
C. Underlying risk in the environment
D. Risk that is not managed.
45. Which of the following best describes an internal auditor’s purpose in reviewing the
organization’s existing governance, risk management, and control processes?
A. To help determine the nature, timing, and extent of tests necessary to achieve engagement objectives.
B. To ensure that weaknesses in the internal control system are corrected.
C. To provide reasonable assurance that the processes will enable the organization’s objectives and goals
to be met eficiently and economically.
D. To determine whether the processes ensure that the accounting records are correct and that financial
statements are fairly stated
46. Which of the following is a preventive control?
A.credit check before approving a sale on account
B.bank reconciliation
C.physical inventory count
D.comparing the accounts receivable subsidiary
47. The bank reconciliation uncovered a transposition error in the books. This is an example of a
A. detective control
B. preventive control
C. corrective control
D. feedforward control
48. Reasonable assurance, as it pertains to internal control, means that:
A. The objectives of internal control vary depending on the method of data processing used
B. A well-designed system of internal controls will prevent or detect all errors and fraud
C. Inherent limitations of internal control preclude a system of internal control from providing absolute
assurance that objectives will be achieved
D. Management cannot override controls, and employees cannot circumvent controls through collusion
49. Which of the following best exemplifies a control activity referred to as independent
verification?
A. Reconciliation of bank accounts by someone who does not handle cash or record cash transactions
B. Identification badges and security codes used to restrict entry to the production facility
C. Accounting records and documents that provide a trail of sales and cash receipt transactions
D. Separating the physical custody of inventory from inventory accounting
50. The risk assessment component of internal control involves the:
A. Independent outside auditor’s assessment of residual risk.
B. Internal audit function’s assessment of control deficiencies.
C. Organization’s identification and analysis of the risks that threaten the achievement of its objectives.
D. Organization’s monitoring of financial information for potential material misstatements.
51. Which of the following is not an element of the internal control environment?
A. management philosophy and operating style
B. organizational structure of the firm
C. well-designed documents and records
D. the functioning of the board of directors and the audit committee
52. Which of the following is not an internal control procedure?
A. authorization
B. management's operating style
C. independent verification
D. physical control
53. Which of the following is NOT a risk response strategy for a positive risk?
A. Exploiting
B. Enhancing
C. Transferring
D. Acceptance
54. According to COSO, the difference between inherent risk and residual risk is management's?
A. inability to reduce the inherent risk
B. actions to reduce the inherent risk
C. inability to share the residual risk
D. actions to reduce the residual risk
55. Management has careful evaluated the likelihood and impact of events on its foreign operations.
In the event 3% variation in exchange rate, the impact is estimated at $10 million without any action
taken by management and $6 million if the company purchases a hedge instrument. The impact of the
residual risk of changes in foreign currency exchange on achieving company's business objectives is:
A. $10 M
B. $16 M
C. $6 M
D. $4 M
56. According to COSO ERM, which of the following is not an inherent challenge that arises as
part of establishing strategy and business objectives?
A. Ensuring culture is clearly articulated by the board.
B. Possibility of strategy not aligning.
C. Implications from the strategy chosen.
D. Risk to achieving the strategy
57. Which of the following is one of the 5 Cs essential to success as an internal auditor?
(1) Courage.
(2) Collaboration.
(3) Candidness.
(4) Competence
A. (1) and (2) only
B. (1) and (4) only
C. (3) and (4) only
D. (1), (2), (3) and (4)
58. Governance should help ensure that the objectives of an entity's stakeholders are met.
Stakeholders include
1. Employees
2. Regulators
3. Suppliers
4. Customers
A. (1) and (4) only
B. (2) and (3) only
C. (2), (3) and (4) only
D. (1), (2), (3) and (4)
59. Which of the following is not a goal of corporate governance
A. Complying with society's legal and regulatory rules
B. Providing an overall benefit to society
C. Maximizing executive compensation
D. Reporting fully and truthfully to stakeholders
60. The internal audit activity most directly contributes to an organization's governance process by
A. Identifying significant exposures to risk
B. Evaluating the effectiveness of internal control over financial reporting.
C. Evaluating the design of ethics-related activities.
D. Promoting continuous improvement of controls.
61. Who is responsible for implementing ERM?
A. The chief financial oficer
B. The chief audit executive
C. Management throughout the organization
D. The chief compliance oficer
62. Which of the following is not a potential value driver for implementing ERM?
A. Financial results will improve in the short run.
B. The chief audit executive
C. There will be fewer surprises from year to year.
D. An organization's risk appetite can be aligned with strategic planning
63. When assessing the risk associated with an activity, an internal auditor should
A. Determine how the risk should best be managed.
B. Provide assurance on the management of the risk.
C. Update the risk management process based on risk exposures.
D. Design controls to mitigate the identified risks.
64. From an organization's standpoint, because internal auditors are seen tobe "internal control
experts," they also are:
a. Fraud risk management process owners, and hence, the first and mostimportant line of defense
against fraudulent financial reporting or assetmisappropriation.
b. The best resource for audit committees, management, and others toconsult in-house when
setting up anti-fraud programs and controls, evenif they may not have any fraud investigation
experience.
c. The best candidates to lead an investigation of a fraud incidentinvolving the potential violation
of laws and regulations.
d. The primary decision-maker in terms of determining punishment orother consequences for
fraud perpetrators.
65. An organization that manufactures and sells computers is trying to boost salesbetween now and the
end of the year. It decides to offer its salesrepresentatives a bonus based on the number of units they
deliver to customersbefore the end of the year. The price of all computers is determined by the
vicepresident of sales and cannot be changed by sales representatives. Which of thefollowing presents
the greatest reason a sales representative may commit fraudwith this incentive program?
A. Sales representative may sell units that have a lower margin than other units.
B. Customers have the right to return a laptop for up to 90 days after purchase.
C. The units delivered may be defective.
D. The customers may not pay for the computers timely
66. A payroll clerk increased the hourly pay rate of a friend and shared theresulting overpayment with
the friend. Which of the following controlswould have best served to prevent this fraud?
A. Requiring that all changes to pay records be recorded on a standardform.
B. Limiting the ability to make changes in payroll system personnelinformation to authorized
HR department supervisors.
C. Periodically reconciling pay rates per personnel records with those ofthe payroll system.
D. Monitoring payroll costs by department supervisors monthly
67. The internal audit function's responsibilities with respect to fraud are limited to:
A. The organization's operational and compliance activities only becausefinancial reporting
matters are the responsibility of the independent outsideauditor.
B. Monitoring any calls received through the organization's whistleblowerhotline but not
necessarily conducting a follow-up investigation.
C. Being aware of fraud indicators, including those relating to financialreporting fraud, but
not necessarily possessing the expertise of a fraudinvestigation specialist.
D. Ensuring that all employees have received adequate fraud awareness training
68. Which of the following types of companies would most likelyneed the strongest anti-fraud controls?
A. A manufacturer of popular athletic shoes.
B. A grocery store.
C. A bank.
D. An internet-based electronics retailer