• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

46 Cards in this Set

  • Front
  • Back
The primary purpose of a fishbone diagram is to
Identify the possible causes of adverse conditions
According to IIA guidance, the best example of a system application control is
An input control over data integrity
The objectives that can be best described as broad goals that promote the effective and efficient use of resources are
Operational objectives

The audit technique used to evaluate control design while also embodying auditing's analytical process is
A risk and control matrix
According to IIA guidance, the responsibility for periodically assessing the IAA lies with
The board
The decision made during the testing phase of a compliance audit that requires the most judgement by an internal auditor is

What level of noncompliance is acceptable

According to IIA guidance, the internal audit charter should be approved by senior management
Before it is submitted to the board
What is the underlying premise of the COSO enterprise risk management framework?

Every entity exists to provide value for its stakeholders

What would not be a factor for senior management to consider when determining the IIA's role in an organisation's risk management process?

The extent to which the internal audit activity is outsourced

What could be indicated by a company's profitability being lower than the industry norm?

High risk
According to IIA guidance, who approves the audit charter before it is submitted to the board?

Senior management

If an organisation has improved its internal controls due to an unsatisfactory report, when planning a follow up audit, the level of detection risk is [A] although the control risk is [B]

A = unchanged

B = lower

When would you use risk assessment software?

When developing an annual audit plan
What would have the strongest negative impact in determining the scope?

Inadequate risk assessment
Why does a CAE review external audit management letters and management response?

To select areas to emphasise in future internal audit engagements
Why is it important for a CAE to seek formal approval from the board regarding an internal audit charter?
So that the status of the internal audit activity can be more clearly established
What is the primary advantage of using computer assisted audit techniques (CAAT) to provide a higher level of assurance?

The CAAT can examine the whole population of transactions rather than a sample, in order to identify exceptions and trends
What is a characteristic of embezzlement?

Unlawful conversion of assets that are in the possession of an employee
What is a role of the board of directors in the governance process?

Obtain assurance concerning the effectiveness of the organisation's governance systems
What is the least effective form of risk management?

People-based detective control
What would provide the most reliable information on the risk associated with an auditable activity?

Management assessment and corroboration by the internal audit activity
What contributes to the effectiveness of the internal audit activity in an organisation?

Appropriate terms of internal audit scope and responsibility in the charter

The primary objective of risk-based auditing is to assess the

Adequacy of controls

What would be most relevant regarding the internal control environment?

Documenting the organisational structure
Who is responsible for establishing criteria for use by internal auditors in determining whether goals and objectives have been accomplished?
Management is responsible for establishing the criteria
What is a KPI for an internal audit function?

Percent of required continuing education hours completed
Should a bonus system be considered part of the control environment of an organisation and be considered in formulating a report on internal control?

What control would most likely prevent the input of an unreasonable number of labour hours into a costing system?

Programmed limit tests of input fields
Who would not be responsible for implementing significant organisational changes to a major corporation?

Common stockholders
According to the IPPF, what must a review team express an opinion on when performing an external assessment of an internal audit activity?

Conformance with the standards

What aspect of the audit function would be most impacted by a lack of coordination between an organisation's internal and external auditors?
The CAE should report functionally to the [A] and administratively to the [B] to facilitate independence.

A = Board


What is the primary purpose of a risk management programme?
Reduce risk to a tolerable level
What two internal auditor attributes are affected by a conflict of interest?

Independence and objectivity
What is true of a horizontal flowchart as compared to a vertical flowchart?
It brings into sharper focus the assignment of duties and independent checks on performance

which data collection strategy systematically tests the effects of various factors of an outcome?

Can an auditor provide consulting services relating to operations for which they had previous responsibilities?

Are the structures of governance distinct from the structures of risk management?


What will have the greatest impact on the effectiveness of the internal audit activity?

Appropriate definition of internal audit scope and responsibility in the charter
An organisation references a customer order with an approved customer file and credit limit before accepting an order. Which type of control does this process exemplify?

Information processing
What is an advantage of email surveys compared with face-to-face interviews?

They are less expensive
Which type of objectives can be described as broad goals that promote the effective and efficient use of resources?
Operational objectives
According to IIA guidance, who is responsible for periodically assessing the IIA?
Which of the following is a weakness of observation as audit evidence?

It cannot b used to test the completeness assertion

Which aspect of the audit function would be most impacted by a lack of coordination between an organisation's internal and external auditors?


Non-statistical sampling does not require

A smaller sample size than if selected using statistical sampling