Suspecting fraud, the chief financial officer (CFO) asked the internal audit activity to investigate a significant increase in travel related expenditures. Work was performed by a qualified internal auditor. Following the completion of the engagement, the chief audit executive (CAE) reported to the CFO that no violations were found and no fraud had occurred.
According to the Standards, which of the following principles did the CAE violate?
A new chief audit executive (CAE) of a large internal audit activity (IAA) is dissatisfied with the current amount and quality of training being provided to the staff and wishes to implement improvements. According to IIA guidance, which of the following actions would best help the CAE reach this objective?
If appropriate safeguards exist, which of the following is considered a legitimate internal audit role within risk management at an organization?
Which of the following documents is most appropriate in promoting the objectivity of the internal audit activity?
Which of the following is an example of a risk management avoidance response?
An assurance mapping exercise helps an organization do which of the following?
1. Provide assurance to stakeholders that risks are managed and reported, and regulatory and legal obligations are met.
2. Fulfill best practices in the industry.
3. Identify and address any gaps in the risk management process.
4. Identify fraud.
According to IIA guidance, which of the following should be formally documented in the internal audit charter?
Which two of the following are preventive controls in a check disbursement process?
1. Daily reconciliation of the bank account used for check disbursements and prompt follow-up of un-reconciled items.
2. Segregation of the following duties: establishing new vendors, approving checks, and reconciling the bank account.
3. An activity report detailing who accesses the check disbursement system and the nature of any action taken in the system.
4. Evidence of strong access controls ensuring that authorized individuals have access only to the functions related to their responsibilities.
According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?
According to The IIA's Code of Ethics, which of the following is true?
