When developing the organization's first risk universe, which of the following would the chief audit executive be least likely to consider?
Which of the following best ensures the independence of the internal audit activity?
1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis.
2. The audit committee reviews the performance of the chief audit executive (CAE) periodically.
3. The internal audit charter requires the CAE to report functionally to the audit committee.
An auditor in charge was reviewing the workpapers submitted by a newly hired internal auditor. She noted that the new auditor's analytical work did not include any rating or quantification of the risk assessment results, and she returned the workpapers for correction. Which section of the workpapers will the new auditor need to modify?
According to the COSO enterprise risk management framework, which of the following best describes the activity that helps ensure risk responses are carried out effectively?
Which of the following is an example of a directive control?
Which of the following statements is true about The IIA Global Internal Audit Competency Framework?
A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to MA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?
Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit?
1. Acceptance of CAATs findings by entity management.
2. Computer knowledge and expertise of the auditor.
3. Time constraints.
4. Level of audit risk.
Which of the following is the most common method of fraud detection?
According to IIA guidance, which of the following must the internal auditor consider to meet the requirements for due professional care?
Which two of the following are preventive controls in a check disbursement process?
1. Daily reconciliation of the bank account used for check disbursements and prompt follow-up of un-reconciled items.
2. Segregation of the following duties: establishing new vendors, approving checks, and reconciling the bank account.
3. An activity report detailing who accesses the check disbursement system and the nature of any action taken in the system.
4. Evidence of strong access controls ensuring that authorized individuals have access only to the functions related to their responsibilities.
According to the HA Code of Ethics, which of the following statements best describes the principle of competency?
If appropriate safeguards exist, which of the following is considered a legitimate internal audit role within risk management at an organization?
An internal auditor is conducting an assessment of the organization's fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?
1. The organization uses an automated authority approval matrix to control payments.
2. The organization has a whistleblower hotline that is available to employees.
3. Annually, every manager completes a comprehensive fraud assessment of his or her department.
4. Annually, the organization reviews and communicates the code of expected behavior.
Which of the following control activities is the most effective to ensure users' levels of access are appropriate for their current roles?
