IIA-ACCA ACCA CIA Challenge Exam Questions and Answers

An organization's balance sheet indicates that the total asset amount and the total capital stock amount remained unchanged from one year to the next, and no dividends were declared or paid. However, the organization reported a loss of $200,000. Which of the following describes the most likely year-over-year change to the organization's total liabilities and total stockholder equity?

Which of the following authentication controls combines what a user knows with the unique characteristics of the user respectively?

An organization has started allowing employees to use their personal smart devices to accept vendor payments. What should the organization's bring-your-own-device (BYOD) policy include to specifically address security and privacy required by the Payment Card Data Security Standard (PCI DSS)?

Which of the following statements is true regarding the resolution of interpersonal conflict?

Which of the following application software features is the least effective control to protect passwords?

Data encryption is an example of which of the following controls?

All of the following are true with regard to the first-in, first-out inventory valuation method except:

Which of the following is a characteristic of just-in-time inventory management systems?

Which mindset promotes the most comprehensive risk management strategy?

The first stage in the development of a crisis management program is to:

According to IIA guidance, which of the following statements is true regarding analytical procedures?

Which of the following statements is true regarding the relationship between an individual’s average tax rate and marginal tax rate?

According to the Standards, which of the following is based on the assertion that the quality of an organization's risk management process should improve with time?

Division A produces a product with a variable cost of $5 per unit and an allocated fixed cost of S3 per unit The market price of the product is S15 plus 20 percent selling cost. Division B currently purchases this product from an external supplier but is going to purchase it from division A for S18 Which of the following methods of transfer pricing is being used?

Preferred stock is less risky for investors than is common stock because:

A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software.

Copy 1 was solely for backup purposes.

Copy 2 was for use by another member of the department.

In terms of software licenses and copyright law, which of the following is correct?

What kind of strategy would be most effective for an organization to adopt in order to implement a unique advertising campaign for selling identical product lines across all of its markets?

An internationally recognized brand name is an entrance barrier to new competitors because new competitors would:

An organization is considering the outsourcing of its business processes related to payroll and information technology functions. Which of the following is the most significant area of concern for management regarding this proposed agreement?

Which of the following is a strategy that organizations can use to stimulate innovation?

1. Source from the most advanced suppliers.

2. Establish employee programs that reward initiative.

3. Identify best practice competitors as motivators.

4. Ensure that performance targets are always achieved.

Which of the following application controls checks the integrity of data entered into a business application?

Which audit approach should be employed to test the accuracy of information housed in a database on an un-networked computer?

An internal auditor is reviewing physical and environmental controls for an IT organization. Which control activity should not be part of this review?

According to Porter's model of competitive strategy, which of the following is a generic strategy?

1. Differentiation.

2. Competitive advantage.

3. Focused differentiation.

4. Cost focus.

Which of the following describes a typical desktop workstation used by most employees in their daily work?

Which of the following would provide the most relevant assurance that the application under development will provide maximum value to the organization?

Within an enterprise, IT governance relates to the:

1. Alignment between the enterprise's IT long term plan and the organization's objectives.

2. Organizational structures of the company that are designed to ensure that IT supports the organization's strategies and objectives.

3. Operational plans established to support the IT strategies and objectives.

4. Role of the company's leadership in ensuring IT supports the organization's strategies and objectives.

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?

Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?

After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?

Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?

According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?

1. Coordinate post-engagement conferences to discuss the final audit report with management.

2. Include management's responses in the final audit report.

3. Review and approve the final audit report.

4. Determine who will receive the final audit report.

Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?

1. The hedge documentation designating the hedge.

2. The spot exchange rate on the transaction date.

3. The terms of the forward contract.

4. The amount of fuel purchased.

An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?

Which of the following components should be included in an audit finding?

1. The scope of the audit.

2. The standard(s) used by the auditor to make the evaluation.

3. The engagement's objectives.

4. The factual evidence that the internal auditor found in the course of the examination.

Which of the following is a detective control for managing the risk of fraud?

According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?

An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?

Which of the following statements is true pertaining to interviewing a fraud suspect?

1. Information gathered can be subjective as well as objective to be useful.

2. The primary objective is to obtain a voluntary written confession.

3. The interviewer is likely to begin the interview with open-ended questions.

4. Video recordings always should be used to provide the highest quality evidence.

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?

According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?

1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.

2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.

3. Provide structured learning opportunities for engagement auditors when possible.

4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.

According to IIA guidance, which of the following statements are true regarding the internal audit plan?

1. The audit plan is based on an assessment of risks to the organization.

2. The audit plan is designed to determine the effectiveness of the organization's risk management process.

3. The audit plan is developed by senior management of the organization.

4. The audit plan is aligned with the organization's goals.

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?

According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?

1. Use an external service provider.

2. Conduct a self-assessment with independent validation.

3. Arrange for a review by qualified employees outside of the IAA.

4. Arrange for reciprocal peer review with another CAE.

Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?

Which of the following is an appropriate role for the internal audit activity with regard to the organization's risk management program?

An organization's internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?

1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.

2. The AIC should notify HR management before the planning stage begins.

3. The AIC should schedule formal status meetings with HR management at the start of the engagement.

4. The AIC should finalize the scope of the engagement before communicating with HR management.

With regard To IT governance, which of the following is the most effective and appropriate role for the internal audit activity?

Which segregation of duties would best reduce the risk of payroll fraud?

Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?

A medical insurance provider uses an electronic claims-submission process and suspects that a number of physicians have submitted claims for treatments that were not performed. Which of the following control procedures would be most effective to detect this type of fraud?

According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?

A new director was hired to lead the internal audit activity at a small start-up company. Which of the following assignments would impair the director's independence?

A multinational organization has asked the internal audit activity to assist in setting up the organization's risk management system. The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?

Management is developing and implementing a risk and control framework for use throughout the organization. Which of the following elements should be included in the organization's control framework?

1. Appropriate levels of authority and responsibility.

2. Supervision of staff and appropriate review of work.

3. The seniority of management in the organization.

4. The ability to trace each transaction to an accountable and responsible individual.

Which of the following is an example of collusion?

According to IIA guidance, which of the following statements about working papers is false?

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annua snowfall for the coming winter. Which of the following best describes this type of risk?

According to The MA Code of Ethics, which of the following is one of the rules of conduct for objectivity?

Which of the following techniques would provide the most compelling evidence that a safety hazard exists within a manufacturing facility?

Which of the following is not an objective of internal control?

According to IIA guidance, when preparing the charter for the internal audit activity, the chief audit executive (CAE), board, and senior management should agree on which of the following?

1. The standards to be used by the internal audit activity.

2. The internal audit activity's code of ethics.

3. The CAE's reporting line.

4. The internal audit activity's responsibilities.

Which of the following best explains why integrity is a necessary personal quality for internal auditors at all levels?

An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank's IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?

An organization invests its savings in a volatile stock with the potential for high gains rather than a mutual fund with a lower expected return and lower volatility. This best describes which of the following risk concepts?

According to IIA guidance, which of the following must the internal auditor consider to meet the requirements for due professional care?

When auditing the award of a major contract, which of the following should an internal auditor suspect as a red flag for a bidding fraud scheme?

1. Subsequent change orders increase requirements for low-bid items.

2. Material contract requirements are different on the actual contract than on the request for bids.

3. A high percentage of employees are charged to indirect accounts.

4. Losing bidders are hired as subcontractors.

Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

An internal audit charter should do which of the following?

A new internal audit activity is creating its first charter. According to IIA guidance, which of the following objectives would be appropriate for inclusion in the charter?

Which of the following are generally recognized as essential elements of a corporate social responsibility program?

According to the COSO enterprise risk management framework, which of the following best describes the activity that helps ensure risk responses are carried out effectively?

Faced with a complex, highly technical construction audit engagement, the chief audit executive (CAE) considered complementing the current internal audit resources by engaging the services of a civil engineer.

Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?

1. Professional certification, license, or other recognition of the engineer's competence in the relevant discipline.

2. Experience of the engineer in the type of work being considered.

3. Compensation or other incentives that the engineer may receive.

4. The extent of other ongoing services that the engineer may be performing for the organization.

The manager for an organization's accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?

An internal auditor uses a predefined macro provided in a popular spreadsheet application to verify the present value of the organization's investments. Which of the following is the most appropriate course of action regarding the auditor's use of this functionality?

Which of the following must be in existence as a precondition to developing an effective system of internal controls?