IIA-CIA-PART1 Online Practice Questions and Answers

During a payroll audit of a large organization, an auditor noted that the assistant personnel director is responsible for many aspects of the computerized payroll system, including adding new employees in the system; entering direct-deposit information for employees; approving and entering all payroll changes; and providing training for system users. After discussions with the director of personnel, the auditor concluded that the director was not comfortable dealing with information technology issues and felt obliged to support all actions taken by the assistant director. The auditor should:

A. Continue to follow the engagement program because the engagement scope and objectives have already been discussed with management.

B. Review the engagement program to ensure testing of direct deposits to employee bank accounts is adequately covered.

C. Recommend to the chief audit executive that a fraud investigation be started.

D. Test a sample of payroll changes to ensure that they were approved by the assistant director before being processed.

Which of the following describes a control weakness?

A. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor.

B. Pre-numbered blank purchase orders are secured within the purchasing department.

C. Normal operational purchases fall in the range from $500 to $1, 000 with two signatures required for purchases over $1, 000.

D. The purchasing agent invests in a publicly traded mutual fund that lists the stock of one of the company's suppliers in its portfolio.

According to the International Professional Practices Framework, a primary purpose of evaluating the adequacy of an organization's risk management, control, and governance processes is to determine if it:

A. Was designed to ensure compliance with policies, plans, procedures, laws, and regulations.

B. Provides reasonable assurance that the organization's objectives will be met.

C. Mitigates inherent risk.

D. Assures the reliability and integrity of information used by management.

Which of the following types of information would an internal auditor expect to find in the supporting documentation for a high-level accounts payable process flowchart?

A. A copy of the new customer request form.

B. An overview of the steps for validating invoices.

C. The number of payments paid before the due date of the invoice.

D. The payment terms and credit limit of the vendor to be paid.

An internal auditor is gathering evidence for an organization's internal audit engagement and requests a sample of vendor invoices from the organization. Which of the following is true regarding the reliability of this evidence?

A. The invoices have zero reliability.

B. The invoices have low reliability.

C. The invoices have medium reliability.

D. The invoices have high reliability.

An internal auditor is testing whether payments to outside contractors have been charged to the proper account. Which of the following sampling methods would be most useful in completing this task?

A. Haphazard sampling.

B. Probability-proportional-to-size sampling.

C. Attribute sampling.

D. Judgmental sampling.

Which of the following would provide the best guidance to a chief audit executive who is setting internal audit staff requirements?

A. A review of audit staff education and training records.

B. Information about the audit staff size and composition of comparable organizations.

C. Results from discussions of audit needs with executive management and the audit committee.

D. The results of the audit staff's most recent performance reviews.

Which of the following is a common type of payroll fraud?

A. Unauthorized overtime.

B. Fictitious employees.

C. Unearned bonuses or commissions.

D. Skimming.

Which of the following is the best way to detect fraud?

A. Conduct anti-fraud training.

B. Perform background investigations.

C. Implement process controls.

D. Activate a whistleblower hotline.

Which of the following controls could an internal auditor reasonably conclude is effective by observing the physical controls of a large server room?

A. Adequate signs are in place to assist in locating safety equipment.

B. Servers are secured individually to their racks by locks.

C. Foam fire extinguishers are operable to protect against electrical fires.

D. Swipe card access is required to gain access to the server room.