Question 1

What is the primary reason that audit supervision includes approval of the engagement report?

Options :

A : To ensure the objectives of the area under review are met.

B : To ensure senior management supports the report-s conclusions.

C : To ensure report style and grammar are appropriate.

D : To ensure report findings are substantiated.

Answer: D

Question 2

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management's compliance with privacy laws for safeguarding customer information stored on the organization's servers. Which course of action is appropriate for this phase of the engagement?

Options :

A : Solicit the services of a specialist information systems auditor

B : Obtain the most current approved copies of the organization-s privacy policy

C : Consult with legal counsel about new privacy laws to establish appropriate criteria

D : Consider the detection risk of noncompliance with the laws

Answer: B

Question 3

Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?

Options :

A : To evaluate controls regarding the computer security of an oil refinery.

B : To examine the processes involved in exploring, developing, and operating a gold mine.

C : To assess the likelihood and impact of events associated with operating a finished goods warehouse.

D : To link a financial institution-s business objectives to a work unit responsible for the associated risk.

Answer: D

Question 4

An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?

Options :

A :

The CAE would automatically sand a copy of the report to the service provider as many of the findings relate to Via area managed by the service provider

B :

The CAE may distribute the report to tie service provider at no cost, after consulting with legal counsel and tie chief compliance officer

C :

The CAE may provide a copy of the audit report to the service provider If an agreement & signed and the service provider agrees to reimburse the cost of the audit

D :

D, The CAE should benchmark with other organization in the industry by consorting with colleagues and distribute the report only I it is an acceptable practice m the industry

Answer: B

Question 5

An internal auditor used a risk and control matrix to prepare a work program for testing a software release.

During the engagement planning stage, he tested the design of

the release procedure as a key control and concluded that the control was not designed well. During the

performance stage, he tested the operation of this control and

concluded that it was implemented as designed. Which of the following statements is true regarding this

scenario?

Options :

A : The test of the control design should have occurred at the performance stage.

B : The test of the operating effectiveness of the control was not necessary.

C : A risk and control matrix is not appropriate for this type of engagement.

D : The test of the operating effectiveness of the control should have occurred at the planning stage.

Answer: B