Question 1

Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?

Options :

A :

Decline the audit engagement, because the Standards prohibit internal auditors from performing engagements where they lack the necessary competencies.

B :

Accept the audit engagement and use the engagement as an opportunity to develop the audit team-s IT expertise while performing the audit work.

C :

Temporarily hire an experienced and knowledgeable IT analyst from the organization-s IT department to lead the audit.

D : Outsource the audit engagement to a reputable IT audit consulting firm.

Answer: D

Question 2

According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?

Options :

A :

Communication of any internal ethics violations to external parties may occur with appropriate safeguards.

B : Cultural impacts are less critical where the organization practices uniform polices around the globe.

C : Cross-cultural differences should always be handled by the staff of the same cultural background.

D : Local law enforcement should be involved as they are more familiar with the applicable local laws.

Answer: A

Question 3

Which of the following is the primary reason for internal auditors to conduct interim communications with management of the area under review?

Options :

A : To demonstrate good project oversight

B : To provide timely discussion of results

C : To demonstrate internal auditor proficiency

D : To follow up on previously requested information

Answer: B

Question 4

Which of the following would be most likely found in an internal audit procedures manual?

Options :

A : A summary of the strategic plan of the area under review.

B : Appropriate response options for when findings are disputed by management.

C : An explanation of the resources needed for each engagement.

D : The extent of the auditor-s authority to collect data from management.

Answer: D

Question 5

An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?

Options :

A :

The CAE would automatically sand a copy of the report to the service provider as many of the findings relate to Via area managed by the service provider

B :

The CAE may distribute the report to tie service provider at no cost, after consulting with legal counsel and tie chief compliance officer

C :

The CAE may provide a copy of the audit report to the service provider If an agreement & signed and the service provider agrees to reimburse the cost of the audit

D :

D, The CAE should benchmark with other organization in the industry by consorting with colleagues and distribute the report only I it is an acceptable practice m the industry

Answer: B