Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
46 Cards in this Set
- Front
- Back
The primary purpose of a fishbone diagram is to
|
Identify the possible causes of adverse conditions
|
|
According to IIA guidance, the best example of a system application control is
|
An input control over data integrity
|
|
The objectives that can be best described as broad goals that promote the effective and efficient use of resources are
|
Operational objectives
|
|
The audit technique used to evaluate control design while also embodying auditing's analytical process is |
A risk and control matrix
|
|
According to IIA guidance, the responsibility for periodically assessing the IAA lies with
|
The board
|
|
The decision made during the testing phase of a compliance audit that requires the most judgement by an internal auditor is
|
What level of noncompliance is acceptable |
|
According to IIA guidance, the internal audit charter should be approved by senior management |
Before it is submitted to the board
|
|
What is the underlying premise of the COSO enterprise risk management framework?
|
Every entity exists to provide value for its stakeholders |
|
What would not be a factor for senior management to consider when determining the IIA's role in an organisation's risk management process? |
The extent to which the internal audit activity is outsourced |
|
What could be indicated by a company's profitability being lower than the industry norm? |
High risk |
|
According to IIA guidance, who approves the audit charter before it is submitted to the board?
|
Senior management |
|
If an organisation has improved its internal controls due to an unsatisfactory report, when planning a follow up audit, the level of detection risk is [A] although the control risk is [B] |
A = unchanged B = lower |
|
When would you use risk assessment software?
|
When developing an annual audit plan |
|
What would have the strongest negative impact in determining the scope?
|
Inadequate risk assessment |
|
Why does a CAE review external audit management letters and management response?
|
To select areas to emphasise in future internal audit engagements |
|
Why is it important for a CAE to seek formal approval from the board regarding an internal audit charter?
|
So that the status of the internal audit activity can be more clearly established
|
|
What is the primary advantage of using computer assisted audit techniques (CAAT) to provide a higher level of assurance?
|
The CAAT can examine the whole population of transactions rather than a sample, in order to identify exceptions and trends |
|
What is a characteristic of embezzlement?
|
Unlawful conversion of assets that are in the possession of an employee |
|
What is a role of the board of directors in the governance process?
|
Obtain assurance concerning the effectiveness of the organisation's governance systems |
|
What is the least effective form of risk management?
|
People-based detective control |
|
What would provide the most reliable information on the risk associated with an auditable activity?
|
Management assessment and corroboration by the internal audit activity |
|
What contributes to the effectiveness of the internal audit activity in an organisation?
|
Appropriate terms of internal audit scope and responsibility in the charter |
|
The primary objective of risk-based auditing is to assess the
|
Adequacy of controls |
|
What would be most relevant regarding the internal control environment? |
Documenting the organisational structure |
|
Who is responsible for establishing criteria for use by internal auditors in determining whether goals and objectives have been accomplished?
|
Management is responsible for establishing the criteria
|
|
What is a KPI for an internal audit function?
|
Percent of required continuing education hours completed |
|
Should a bonus system be considered part of the control environment of an organisation and be considered in formulating a report on internal control?
|
Yes |
|
What control would most likely prevent the input of an unreasonable number of labour hours into a costing system?
|
Programmed limit tests of input fields |
|
Who would not be responsible for implementing significant organisational changes to a major corporation?
|
Common stockholders |
|
According to the IPPF, what must a review team express an opinion on when performing an external assessment of an internal audit activity?
|
Conformance with the standards |
|
What aspect of the audit function would be most impacted by a lack of coordination between an organisation's internal and external auditors? |
Efficiency
|
|
The CAE should report functionally to the [A] and administratively to the [B] to facilitate independence.
|
A = Board B = CEO |
|
What is the primary purpose of a risk management programme?
|
Reduce risk to a tolerable level
|
|
What two internal auditor attributes are affected by a conflict of interest?
|
Independence and objectivity |
|
What is true of a horizontal flowchart as compared to a vertical flowchart?
|
It brings into sharper focus the assignment of duties and independent checks on performance
|
|
which data collection strategy systematically tests the effects of various factors of an outcome? |
Modeling |
|
Can an auditor provide consulting services relating to operations for which they had previous responsibilities?
|
Yes |
|
Are the structures of governance distinct from the structures of risk management?
|
No |
|
What will have the greatest impact on the effectiveness of the internal audit activity? |
Appropriate definition of internal audit scope and responsibility in the charter |
|
An organisation references a customer order with an approved customer file and credit limit before accepting an order. Which type of control does this process exemplify?
|
Information processing |
|
What is an advantage of email surveys compared with face-to-face interviews?
|
They are less expensive |
|
Which type of objectives can be described as broad goals that promote the effective and efficient use of resources?
|
Operational objectives
|
|
According to IIA guidance, who is responsible for periodically assessing the IIA?
|
The CAE
|
|
Which of the following is a weakness of observation as audit evidence?
|
It cannot b used to test the completeness assertion |
|
Which aspect of the audit function would be most impacted by a lack of coordination between an organisation's internal and external auditors? |
Efficiency |
|
Non-statistical sampling does not require |
A smaller sample size than if selected using statistical sampling |