IIA-ACCA Practice Exam Questions and Answers

A.  

She may participate, but only after she has completed one year with the IA

A.  

B.  

She may participate, because she did not previously work in the Human Resources Department.

C.  

She may participate, but she must be supervised by the auditor in charge.

D.  

She may participate for training purposes, to build her knowledge of the IA

A.  

A.  

Human rights and the environment.

B.  

Organizational governance and financial reporting.

C.  

Fair operating practices and government regulation.

D.  

Consumer issues and return on investment.

A.  

1 only

B.  

2 only

C.  

1 and 3.

D.  

2 and 4.

A.  

Comprehensive supervisory and verification procedures.

B.  

A well-designed system of internal controls.

C.  

A culture of integrity and transparency.

D.  

Unique operating environments with varying complexity.

A.  

Statistical sampling only

B.  

Nonstatistical sampling only

C.  

A combination of both statistical and nonstatistical sampling.

D.  

Neither approach to testing the audit theory would be cost effective.

A.  

From sharing to reduction.

B.  

From acceptance to reduction.

C.  

From sharing to avoidance.

D.  

From acceptance to avoidance.

A.  

The internal audit activity's responsibility for imposing risk management processes.

B.  

The internal audit activity's responsibility for the organization's governance framework.

C.  

The nature of consulting services provided by the internal audit activity.

D.  

The budgeting process for the internal audit activity.

A.  

Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization's risk appetite.

B.  

Evaluate the organization's governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization's risk appetite.

C.  

Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.

D.  

Assess whether governance activities are aligned with the organization's risk appetite and take into consideration emerging risks.

A.  

An internal auditor evaluates the significant risks arising from a consulting engagement.

B.  

An internal auditor declares that he would have a conflict of interest in providing planned audit support.

C.  

An internal auditor has been given sufficient authority to access documents needed to make an appraisal of an issue.

D.  

An internal auditor uses technology-based audit techniques to ensure that all significant risks are identified.

A.  

Proceed with the audit engagement, but do not include the relative's information.

B.  

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.  

Disclose in the engagement final communication that the relative is a customer.

D.  

Immediately withdraw from the audit engagement.

A.  

Management sells the product division to a competitor.

B.  

Management outsources the product division to a third party.

C.  

Management allows the product division to remain unchanged.

D.  

Management modifies the product division to minimize errors.

A.  

An auditor is appropriately able to communicate results.

B.  

An auditor performs his work free from interference.

C.  

An auditor is unrestricted in determination of scope.

D.  

An auditor avoids conflicts of interest.

A.  

Conduct anti-fraud training.

B.  

Perform background investigations.

C.  

Implement process controls.

D.  

Activate a whistleblower hotline.

A.  

The sample to be representative of the population.

B.  

The sample to be selected haphazardly.

C.  

A smaller sample size than if selected using statistical sampling.

D.  

Projecting the results to the population.

A.  

Communication.

B.  

Persuasion and collaboration.

C.  

Business acumen.

D.  

Governance, risk, and control.

A.  

Graph A only

B.  

Graph B only

C.  

Both A and

B.  

D.  

Neither A nor

B.  

A.  

Control activities.

B.  

Information and communication.

C.  

Commitment.

D.  

Control environment.

A.  

Higher inventory turnover.

B.  

Higher operating margin.

C.  

Lower obsolete stock disposal.

D.  

Lower sales volume.

A.  

A budget.

B.  

A risk assessment.

C.  

The board of directors.

D.  

The control environment.

A.  

The services must be aligned with those defined in the internal audit charter.

B.  

The services must not be performed by the same internal auditor who performed assurance services, in order to maintain objectivity.

C.  

The services may preclude assurance services from the consulting engagement.

D.  

The services impose no responsibility to communicate information other than to the engagement client.

A.  

Security dogs.

B.  

Alert employees.

C.  

Insurance claims.

D.  

Cycle counts.

A.  

Fraud open on the books.

B.  

Fraud hidden on the books.

C.  

Fraud off the books.

D.  

Fraud on the balance sheet.

A.  

The CAE would need to procure external services to deliver the internal audit assurance program.

B.  

There is no expertise within the internal audit team for detecting and investigating fraud.

C.  

There is no expertise within the internal audit team for auditing an IT engagement.

D.  

There is no available expertise on the internal audit team to perform a consulting engagement.

A.  

Internal auditors shall continually improve their proficiency and effectiveness and quality of their services.

B.  

Internal auditors shall respect and contribute to legitimate and ethical objectives of the organization.

C.  

Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.

D.  

Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.

A.  

Senior management.

B.  

Internal audit activity.

C.  

All employees.

D.  

Board of directors.

A.  

It replaces primary controls that are either ineffective or cannot fully mitigate a risk.

B.  

It partially reduces the residual risk level when a key control does not operate effectively.

C.  

lt combines with other controls to help reduce significant risk exposures to an acceptable level.

D.  

It helps to ensure the completeness and accuracy of automated controls in a system environment.

A.  

Objectivity.

B.  

Proficiency.

C.  

Independence.

D.  

Due professional care.

A.  

An independent third party has assessed the organization's system of internal controls to be adequate and effective.

B.  

The chief audit executive reports both functionally and administratively to the CEO.

C.  

The internal audit charter is drafted properly and approved by the appropriate parties.

D.  

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

A.  

Attending annual professional conferences and seminars.

B.  

Participating in on-the-job training in various departments of the organization.

C.  

Pursuing as many professional certifications as possible.

D.  

Maintaining membership in The HA and similar professional organizations and subscribing to relevant email updates or news feeds.

A.  

Rating each engagement record to assess its relevance and accessibility for the organization's board.

B.  

Controlling access to engagement records, including access by senior management.

C.  

Developing retention requirements for engagement records that are consistent with organizational guidelines.

D.  

Forming policies governing the custody and retention of consulting engagement records before their release to other parties.

A.  

1 and 3 only

B.  

1 and 4 only

C.  

2 and 3 only

D.  

2 and 4 only

A.  

1 and 2

B.  

1 and 4

C.  

2 and 3

D.  

3 and 4

A.  

1 and 3 only

B.  

2 and 4 only

C.  

1, 2, and 4

D.  

2, 3, and 4

A.  

The accounts payable supervisor, accounts payable manager, and controller.

B.  

The accounts payable manager, purchasing manager, and receiving manager.

C.  

The accounts payable supervisor, controller, and treasurer.

D.  

The accounts payable manager, chief financial officer, and audit committee.

A.  

Evaluate and verify management's response, and determine the need and scope for additional work.

B.  

Evaluate and verify management's response, and establish timelines for corrective action by management.

C.  

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.  

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

A.  

Scheme.

B.  

Opportunity.

C.  

Rationalization.

D.  

Pressure.

A.  

Align organizational activities to internal audit activities and measure according to the approved IAA performance measures.

B.  

Establish a periodic review of monitoring and reporting processes to help ensure relevant IAA reporting.

C.  

Use the results of IAA engagement and advisory reporting to guide current and future internal audit activities.

D.  

Establish a format and frequency for IAA reporting that is appropriate and aligns with the organization's governance structure.

A.  

Disclose the information in a separate report.

B.  

Distribute the information in a confidential report to the board only

C.  

Distribute the reports through the use of blind copies.

D.  

Exclude the results from the report and verbally report the conditions to senior management and the board.

A.  

The review should focus on the efficiency of the controls in place to prevent fraud.

B.  

The scope of the review does not need to include all operating areas of the organization.

C.  

The cost of the control should be compared to the benefit of mitigating the related risk.

D.  

The review should assess whether the internal controls can be circumvented.

A.  

1 and 2

B.  

1 and 3

C.  

2 and 4

D.  

3 and 4

A.  

1 and 2

B.  

1 and 3 only

C.  

2 and 4

D.  

1, 3, and 4

A.  

Opportunity.

B.  

Rationalization.

C.  

Pressure.

D.  

Incentives.

A.  

1 and 3

B.  

1 and 4

C.  

2 and 3

D.  

2 and 4

A.  

Senior management is charged with overseeing the establishment risk management and control processes.

B.  

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.  

Operating managers are responsible for assessing risks and controls in their departments.

D.  

Internal auditors provide assurance about risk management and control process effectiveness.

A.  

Integrity.

B.  

Flexibility.

C.  

Initiative.

D.  

Curiosity.

A.  

Customers, innovation, growth, and internal processes.

B.  

Business objectives, critical success factors, innovation, and growth.

C.  

Customers, support, critical success factors, and learning.

D.  

Financial measures, learning and growth, customers, and internal processes.

A.  

1, 2, and 3

B.  

1, 2, and 4

C.  

1, 3, and 4

D.  

2, 3, and 4

A.  

1 and 3 only

B.  

2 and 4 only

C.  

1, 3, and 4 only

D.  

1, 2, 3, and 4

A.  

Informal, soft controls are omitted, and greater focus is placed on hard controls.

B.  

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

C.  

Internal auditors become involved in and knowledgeable about the self-assessment process.

D.  

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

A.  

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.  

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.  

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.  

Monitor customer quality complaints compared to the prior period to identify vendor issues.

A.  

Risks are discussed with audit client.

B.  

All available information from the risk-based plan is used.

C.  

Client efforts to affect risk management are considered.

D.  

Prior risk assessments are considered.

A.  

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

B.  

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

C.  

Reassign information systems auditors to assist in implementing management's action plan.

D.  

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

A.  

1 only

B.  

1 and 2 only

C.  

1, 2, and 3

D.  

1, 2, and 4

A.  

1 and 2

B.  

1 and 3

C.  

2 and 4

D.  

3 and 4

A.  

Communication of any internal ethics violations to external parties may occur with appropriate safeguards.

B.  

Cultural impacts are less critical where the organization practices uniform polices around the globe.

C.  

Cross-cultural differences should always be handled by the staff of the same cultural background.

D.  

Local law enforcement should be involved as they are more familiar with the applicable local laws.

A.  

The CAE can release prior internal audit reports with the approval of the board and senior management.

B.  

The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

C.  

The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

D.  

The CAE can release prior information provided it is as originally published and distributed within the organization.

A.  

1 and 2 only

B.  

1 and 4 only

C.  

2 and 3 only

D.  

3 and 4 only

A.  

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B.  

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

C.  

The exit conference provides only anticipated results for inclusion in the final audit communication.

D.  

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

A.  

Define the duties and responsibilities needed from management to perform the engagement.

B.  

Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of the review.

C.  

Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee.

D.  

Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.

A.  

The complexity of deficiency findings.

B.  

The adequacy of preliminary survey information.

C.  

The organization and content of workpapers.

D.  

The method and amount of supporting detail used for the audit report.

A.  

Full cost

B.  

Full cost plus a markup.

C.  

Market price of the product

D.  

Variable cost plus a markup

A.  

Database management systems handle data manipulation inside the tables, rather than it being done by the operating system itself in files.

B.  

The database management system acts as a layer between the application software and the operating system.

C.  

Applications pass on the instructions for data manipulation which are then executed by the database management system.

D.  

The data within the database management system can only be manipulated directly by the database management system administrator.

A.  

Has the longest duration in time.

B.  

Costs the most money.

C.  

Requires the largest amount of labor

D.  

Is deemed most important to the project.

A.  

In a matrix organization, conflict between functional and product managers may arise.

B.  

In a matrix organization, staff under dual command is more likely to suffer stress at work.

C.  

Matrix organizations offer the advantage of greater flexibility.

D.  

Matrix organizations minimize costs and simplify communication.

A.  

Motivation.

B.  

Performance.

C.  

Organizational structure.

D.  

Communication.

A.  

A zero-based budget provides estimates of costs that would be incurred under different levels of activity.

B.  

A zero-based budget maintains focus on the budgeting process.

C.  

A zero-based budget is prepared each year and requires each item of expenditure to be justified.

D.  

A zero-based budget uses input from lower-level and middle-level managers to formulate budget plans.

A.  

Improved integrity of programs and processing.

B.  

Enhanced ongoing maintenance of the system.

C.  

Greater accuracy of the testing phase.

D.  

Reduced need for unexpected software changes.

A.  

2 only

B.  

3 and 4 only

C.  

1, 3, and 4 only

D.  

1, 2, 3, and 4

A.  

Increase shareholder value.

B.  

Maximize market share.

C.  

Improve operational efficiency.

D.  

Mitigate losses.

A.  

1, 2, and 3

B.  

1, 2, and 4

C.  

1, 3, and 4

D.  

2, 3, and 4

A.  

Production controls weakness.

B.  

Application controls weakness.

C.  

Authorization controls weakness.

D.  

Change controls weakness.

A.  

Zone that separates an organization's servers from outside forces.

B.  

Area in which messages are scrutinized to determine if they are authorized.

C.  

Area where communication and transactions occur between trusted parties.

D.  

Zone where data is encrypted, users are authenticated, and user traffic is filtered.

A.  

Full or near capacity in processes.

B.  

Smooth workflow among processes.

C.  

Few or no defects.

D.  

Lowered inventory levels.

A.  

The distorted unit cost of a service is 50 percent lower than the true cost, while the true cost is 50 percent higher than the competition's cost.

B.  

The organization is losing $1,000,000 annually because it incorrectly outsourced an operation based on information from its current system.

C.  

The cost of rework, hidden by the current system, is 50 percent of the total cost of all services.

D.  

50 percent of total organizational cost has been allocated on a volume basis.

A.  

Review and acquire the external audit service.

B.  

Assess the appraisal and actuarial services.

C.  

Determine the selection criteria.

D.  

Identify regulatory requirements to be considered.

A.  

PKI uses an independent administrator to manage the public key.

B.  

The public key is authenticated against reliable third-party identification.

C.  

PKI's public accessibility allows it to be used readily for e-commerce.

D.  

The private key uniquely authenticates each party to a transaction.

A.  

Political.

B.  

Financial.

C.  

Social.

D.  

Tariff.

A.  

A debit to office supplies on hand for S2.500

B.  

A debit to office supplies on hand for $11,500

C.  

A debit to office supplies on hand for S20.500

D.  

A debit to office supplies on hand for S42.500

A.  

Filtering.

B.  

Communication overload.

C.  

Similar frames of reference.

D.  

Lack of source credibility.

A.  

Identify redundant controls.

B.  

Improve budgeting accuracy.

C.  

Enhance assurance provided to management.

D.  

Assist in developing audit programs.

A.  

Export strategy

B.  

Transnational strategy.

C.  

Multi-domestic strategy

D.  

Globalization strategy.

A.  

Set clear objectives.

B.  

Engage the various communities of practice within the organization.

C.  

Demonstrate support from senior management.

D.  

Establish key competencies.

A.  

Government pressure on organizations to increase or maintain employment.

B.  

Production orientation of management.

C.  

Lack of credible market leader in the industry.

D.  

Company diversification.

A.  

Application control.

B.  

IT general control

C.  

Data input control

D.  

Data output control

A.  

Internally encrypted passwords

B.  

System access privileges.

C.  

Logon passwords

D.  

Protocol controls.

A.  

Draws positive attention to the writing style.

B.  

Treats all receivers with respect.

C.  

Suits the method of presentation and delivery.

D.  

Develops ideas without overstatement.

A.  

The lack of legal and industry frameworks on privacy.

B.  

The absence of generally accepted privacy principles.

C.  

The rapid growth and evolution of technology.

D.  

The legislated need to retain sensitive personal information.

A.  

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

B.  

Review the password length, frequency of change, and list of users for the workstation's login process.

C.  

Review the list of people who attempted to access the workstation and failed, as well as error messages.

D.  

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.

A.  

Determine the optimal amount of resources for the organization to invest in CSR.

B.  

Align CSR program objectives with the organization's strategic plan.

C.  

Integrate CSR activities into the organization's decision-making process.

D.  

Determine whether the organization has an appropriate policy governing its CSR activities.

A.  

$170,000

B.  

$280,000

C.  

$300,000

D.  

$540,000