CHAPTER 1 - INTRODUCTION TO INTERNAL AUDIT

1. Which of the following are components of the definition of internal auditing?

a. Independence and objectivity.
b. A systematic & disciplined approach.
c. Helping the organization accomplish its objectives.
d. All of the above.

2. Assurance, Insight, and Objectivity comprise?

a. The mission of internal audit.
b. The three lines of defense model.
c. The objectives of internal auditing.
d. The value proposition.

3. Independent outside auditors provide financial reporting assurance services primarily

for:
a. The benefit of third parties.
b. Management.
c. Board of directors.
d. The CEO.

4. Which of the following statements is not true about business objectives?

a. Business objectives represent targets of performance.
b. Establishing meaningful business objectives is a prerequisite to effective
internal control.
c. Establishing meaningful business objectives is a key component of the
management process.
d. Business objectives are management's means of employing resources and
assigning responsibilities.

5. Within the context of internal auditing, assurance services are best defined as:
a. Objective examinations of evidence for the purpose of providing independent
assessments.
b. Advisory service intended to add value and improve an organization's
operations.
c. Professional activities that measure and communicate financial and business
data.
d. Objective evaluations of compliance with policies, plans, procedures, laws and
regulations.

6. Which of the following is mandatory guidance within the IPPF?

 a. Implementation guidance.
b. Supplemental guidance.
c. The value proposition.
d. The core principles.

7. Which of the following is recommended guidance within the IPPF?

a. The Definition of Internal Auditing.
b. The Standards.
c. Supplemental guidance.
d. None of the above.

8. The Internal Audit Foundation exists to help audit leaders, practitioners, students and
academics experience continuous growth in their careers to propel them to become:
a. Strong assurance providers.
b. Trusted advisors.
c. Independent outside auditions.
d. CAEs.

9. While planning an internal audit, the internal auditor obtains knowledge about the
auditee to, among other things:
a. Develop an attitude of professional skepticism about management's assertions.
b. Develop an understanding of the auditee's objectives and risks.
c. Make constructive suggestions to management concerning internal control
improvements.
d. Evaluate whether misstatements in the auditee's performance reports should be
communicated to senior management and the audit committee.

10. Which of the following is the premier certification sponsored by The IIA?
a. Certification in Control Self-Assessment.
b. Certified Internal Auditor.
c. Certification in Risk Management Assessment.
d. Certified Information Systems Auditor.

CHAPTER 2 - STANDAR INTERNAL AUDIT

1. A primary purpose of the Standards is to:

a. Promote coordination of internal and external audit efforts.
b. Establish a basis for evaluating internal audit performance.
 c. Develop consistency in internal audit practices.
d. Provide a codification of existing practices.

2. Which of the following are "mandatory guidance" in the IIA's IPPF?

I. Implementation Guides.
II. The Code of Ethics.
III. The Definition of Internal Auditing.
IV. The Standards.
a. I, II, and IV
b. II and IV
c. II, III and IV
d. I, II, III and IV

3. An internal auditor is auditing a division in which the division’s chief financial officer
(CFO) is a close, personal friend. The auditor learns that the friend is to be replaced
after a series of critical contract negotiations with the Department of Defense. The
auditor relays this information to the friend. Which principle of The IIA’s Code of
Ethics has been violated?
a. Integrity.
b. Objectivity.
c. Confidentiality.
d. Privacy.

4. The IIA's Standards require internal auditors to exercise due professional care while
conducting assurance engagements. Which of the following is not something an
internal auditor is required to consider in determining what constitutes the exercise of
due care in an assurance engagement of treasury operations?
a. The audit committee has requested assurance on the treasury function’s
compliance with a new policy on use of financial instruments.
b. Treasury management has not instituted any risk management policies.
c. The independent outside auditors have requested to see the engagement report
and working papers.
d. The treasury function just completed implementation of a new real-time
investment tracking system.

5. In which of the following situations does the internal auditor potentially lack
objectivity?
a. A payroll accounting employee assists an internal auditor in verifying the
physical inventory of small motors.
b. An internal auditor discusses a significant issue with the vice president to
whom the auditee reports prior to drafting the audit report.
 c. An internal auditor recommends standards of control and performance
measures for a contract with a service organization for the processing of
payroll and employee benefits.
d. A former purchasing assistant performs a review of internal controls over
purchasing four months after being transferred to the internal audit
department.

6. According to the Standards, which the following must the internal audit manager
think about when considering appropriate due care while planning an assurance
engagement?
a. The opportunity to cross-train internal audit staff.
b. The cost of assurance in relationship to potential benefits.
c. Job openings in the area that may be of interest to internal auditors assigned to
the engagement.
d. The potential to deliver consulting services to the auditee.

7. Which of the following are required of the internal audit function per the Standards?
a. Evaluate the effectiveness of the audit committee annually.
b. Issue an overall opinion on the adequacy of the organization's system of
internal controls annually.
c. Obtain an annual representation from management acknowledging
management's responsibility for the design and implementation of internal
controls to prevent illegal acts.
d. Assess whether the IT governance of the organization sustains and supports
the organization’s strategies and objectives.

8. Which of the following is a Core Principle for the Professional Practice of Internal
Auditing?
a. Maintain confidentiality.
b. Promote an ethical culture in the internal audit profession.
c. Develop consistency in internal audit practices.
d. Is appropriately positioned and adequately resourced.

9. According to the Standards, how is the independence of the internal audit function
achieved?
a. Staffing and supervision.
b. Organizational status and objectivity.
c. Human relations and communications.
d. Quality assurance and internal review.

10. To determine what needs to be done regarding follow-up on an assurance engagement

the internal audit staff just completed, one would consult:
 a. The Attribute Standards: Assurance Services Implementation Standards.
b. The Performance Standards: Consulting Services Implementation Standards.
c. The Attribute Standards: Consulting Services Implementation Standards.
d. The Performance Standards: Assurance Services Implementation Standards.

MULTIPLE-CHOICE QUESTIONS (CHAPTER 3 & 4)

1. The independence of the internal audit department will most likely be assured if it
reports to the
A President D shareholders
. .
B Controller E. vice president of finance
.
C Treasurer
.

2. Internal auditors apply the knowledge, skills, and experience needed in the performance of
internal audit services. This statement describes one of the ethical principles about:
A integrity D competency
. .
B Objectivity E. skepticism
.
C confidentiality
.

3. The purpose of operational auditing is :

A to assess the comply with applicable laws and regulations
.
B to provides an opinion on whether the financial statements are in accordance with
. accepted accounting standard
C to determine the effectiveness or efficiency of any part of an organization
.
D to investigate fraud or irregulation
.
E. No correct answer

4. Internal auditors must have competent interpersonal skills. Which of the following does
not represent an attribute of interpersonal skills?
A Communication D Team capabilities
. .
B Leadership E. discussion
.
 C Project management
.

5. Within the context of internal auditing, assurance services are best defined as:
A Objective examinations of evidence for the purpose of providing independent
. assessments
B Advisory services intended to add value and improve an organization’s operations
.
C Professional activities that measure and communicate financial and business data
.
D Objective evaluations of compliance with policies, plans, procedures, laws, and
. regulations
E. No correct answer

6. A primary purpose of the Standards audit is to:

A Promote coordination of internal and D Provide a codification of existing
. external audit efforts. . practices.
B Establish a basis for evaluating internal
. audit performance.
C Develop consistency in internal audit
. practices.

7. Which of the following are "mandatory guidance in The IIAS IPPF? I. Implementation
Guides. II. The Code of Ethics. III. The Definition of Internal Auditing. IV. The
Standards.
A I, II, and IV. D I, II, III, and IV.
. .
B II and IV.
.
C II, III, and IV.
.

8. An internal auditor is auditing a division in which the division's chief financial officer
(CFO) is a close, personal friend. The auditor learns that the friend is to be replaced after a
series of critical contract negotiations with the Department of Defense. The auditor relays
this information to the friend. Which principle of The IIA's Code of Ethics has been
violated?
A. Integrity.
B. Objectivity
C. Confidentiality
D. Privacy
 9. In addition to the Standards, some internalaudit departments follow other standards in
conducting their work, either because of regulatory requirements or by choice. When
these other standards are inconsistent with IIA Standards, what should the audit
department do?
A. Follow IIA Standards.
B. Follow the other standards
C. Follow the standard that is least restrictive
D. Follow the standard that is most restrictive.

10 Which of the following are typically governance responsibilities of senior

. management?
I. Delegating its tolerance levels to risk managers processes.
II. Monitoring day-to-day performance of specific risk management activities.
III. Establishing a governance committee of the board,
IV. Ensuring that sufficient information is gathered to support reporting to the board.

A. I and IV C. I, II, and IV

B. II and III D. I, II, III, and IV

11. ABC utility company sells electricity to residential customers and is a member of an
industry association that provides guidance to electric utilities, lobbies on behalf of
the industry, and facilitates sharing among its members. From ABC’s perspective,
what type of stakeholder is this industry association?
A. Directly involved in the operation of the company.
B. Interested in the success of the company.
C. Influences the company.
D. Not a stakeholder

12. Who is responsible for establishing the strategic objectives of an organization?

A. The board of directors.
B. Senior management
C. Consensus among all levels of management.
D. The board and senior management jointly.

13. Which of the following statements regarding corporate governance is NOT correct?
A. Corporate control mechanisms include internal and external mechanisms.
B. The compensation scheme for management is part of the corporate control
mechanisms.
C. The dilution of shareholders’ wealth resulting from employee stock options or
employee stock bonuses is an accounting issue rather than a corporate governance
issue.
D. The internal audit function of a company has more responsibility than the board for
the company’s corporate governance.

14. Providing strategic direction and guidance to the establishment of key business
objectives, includes in
 A governance strategic direction D Setting objectives
. .
B governance oversight E. Internal control process
.
C Risk management process
.

15. After business risks have been identified, they should be assessed
A Impact and likelihood D Significance and control
. . effectiveness
B Likelihood and probability E. No correct answer
.
C Significance and severity
.

16. COSO identified five interrelated components of internal control. Which of the following
is NOT one of those five?
A risk assessment D Control activities
. .
B internal control policies E. information and communication
.
C monitoring
.