Professional Documents
Culture Documents
Internal Auditing Wiley TestBank PDF
Internal Auditing Wiley TestBank PDF
Internal Auditing Wiley TestBank PDF
Question 1:
(1E2-AT47)
Managing and mitigating organization-wide risks finally rests with which of the
following management concepts?
Chain of authority.
Chain of accountability.
Chain of responsibility.
Chain of delegation.
Question 2:
(1E2-AT13)
It is true that internal auditors cannot guarantee that they can prevent, detect, or
correct fraud in their organization, because management is fully responsible for
doing such things. The main reason is that internal auditors test internal controls
through sampling tests, compliance tests, and substantive tests, not examining
every transaction in full detail, which would be cost prohibitive, ineffective,
inefficient, and unnecessary.
Usually fraud occurs when internal controls fail or failed to detect. It is difficult to
detect, especially when management disguises it.
Question 3:
(1E2-AT48)
Which of the following will not help in identifying the overall risks to the internal audit
function?
Barrier analysis.
Root-cause analysis.
Assurance maps.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 1/15
12/27/2015 Wiley CMA Test Bank Part 1
Risk maps.
Question 4:
(1E2-AT59)
Question 5:
(1E2-AT12)
Internal audit's scope gap can be minimized or reduced in which of the following
phases of an audit process?
Audit program.
Audit fieldwork.
Audit preliminary survey.
Audit reporting.
A scope gap is the difference between the expected scope and the actual scope. The
audit scope and audit objectives are developed during the preliminary survey phase,
which is the first phase of the audit process. Potential risks and exposures, goals, and
standards for the audited area are also identified and gathered during the
preliminary survey phase. The audit scope should indicate what is included in and
what is excluded from the audit work, thus minimizing and reducing the scope gap.
Question 6:
(1E2-AT32)
Question 7:
(1E2-AT19)
Audits and controls reduce risks and protect assets. By definition, high-impact and
high-visibility activities are high risk due to their nature. Hence, they require a risk-
based review approach to ensure that all potential and possible risks are managed
properly.
Question 8:
(1E2-AT61)
Budgets are a common item between feed-forward controls and feedback controls
because budgets work as proactive controls and reactive controls.
Question 9:
(1E2-AT40)
Question 10:
(1E2-AT49)
The real success of an internal audit engagement depends on which of the following?
Audit evidence.
Audit scope.
Audit working papers.
Audit testing.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 3/15
12/27/2015 Wiley CMA Test Bank Part 1
Establishing an audit scope is a make-or-break point because the entire audit work is
based on the audit scope. Scope is a guiding light to a specific audit work. An audit
will be successful when the audit scope is complete; otherwise, it will fail.
Question 11:
(1E2-AT58)
Question 12:
(1E2-AT50)
Which of the following is not a leading practice to protect the reputation risk of an
internal audit function?
Performing a risk assessment exercise.
Implementing a quality assurance program.
Protecting the internal audit brand.
Establishing management review of audit findings.
Question 13:
(1E2-AT56)
Which of the following is required when the collected internal audit evidence does not
meet the standards of evidence?
Sufficiency evidence.
Competence evidence.
Corroborative evidence.
Relevance evidence.
When the collected audit evidence does not meet the standards of evidence,
additional (corroborative) evidence is required before expressing an audit opinion.
Question 14:
(1E2-AT33)
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 4/15
12/27/2015 Wiley CMA Test Bank Part 1
Management assertions.
Management assurances.
Question 15:
(1E2-AT14)
The best way to develop the scope of a specific internal audit engagement is through
a:
Standard design.
Custom design.
General design.
Detail design.
The scope of internal auditing is flexible in that it can be custom designed to fit the
specific needs of a company's management.
Question 16:
(1E2-AT29)
The internal audit charter does not include which of the following?
Audit's role and position.
Chief audit executive's reporting relationship.
Coordination with external auditors.
Access to organization's records.
Coordinating the external auditors and other auditors (e.g., regulatory auditors) with
the internal auditors is a routine responsibility of the chief audit executive. As such, it
would not be included in the internal audit charter.
Question 17:
(1E2-AT53)
Which of the following risk protection concepts of internal audit deal with layered
protections going horizontally?
Defense in depth.
Defense in breadth.
Defense in technology.
Defense in time.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 5/15
12/27/2015 Wiley CMA Test Bank Part 1
approach provides a stronger defense for the audit function in the eyes of auditees
and others.
Question 18:
(1E2-AT57)
One cannot say or assume that all current controls are legacy controls, although
some current controls could be legacy controls. If never revisited for improvement,
legacy controls could be ineffective, inefficient, or simply outdated. Hence, legacy
controls need to be improved for better controls.
Question 19:
(1E2-AT27)
Annual budget plans of internal audit are administrative reporting items between
the CAE and his or her superior (chief executive officer) to obtain the latter's
approval.
Question 20:
(1E2-AT41)
Which of the following is not a contributing factor leading to internal audit failures?
Management gap.
Data gap.
Competency gap.
Communication gap.
A gap is the difference between expected outcomes and actual outcomes. Data gaps
identify problems in data-quality attributes, such as accuracy, completeness,
availability, timeliness, and usefulness of data. As such, data gaps cannot contribute
to internal audit failures.
Question 21:
(1E2-AT5)
Which of the following is the most important risk factor to consider when internal
auditors are performing a detailed risk assessment of auditable activities in an
organization?
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 6/15
12/27/2015 Wiley CMA Test Bank Part 1
The quality of the internal control system is the most important risk factor to
consider when internal auditors are performing a detailed risk assessment of
auditable activities in an organization. This is because the internal control system
forms a nucleus and guides all the activities of an organization where the former
affects the latter.
Question 22:
(1E2-AT15)
Management controls are also known as internal controls due to their broader
perspective and to their effect on the entire organization.
Question 23:
(1E2-AT60)
Question 24:
(1E2-AT18)
Budget controls are not usually reviewed during which of the following audits?
Compliance audit.
Operational audit.
Financial audit.
Consulting audit.
Consulting audits are advisory in nature and specific to meet the needs of customers
and clients. Hence, budget controls, which are financial in nature, are not reviewed
in consulting audits.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 7/15
12/27/2015 Wiley CMA Test Bank Part 1
Question 25:
(1E2-AT38)
Question 26:
(1E2-AT34)
A fully approved internal audit plan for the current year is already in place for a large
internal auditing department. Which of the following offers a final approval of the
specific scope of an internal audit engagement?
Audit director.
Senior auditor.
Audit supervisor.
Audit manager.
The audit manager can approve the scope of a specific audit engagement because
he or she might be managing the audit supervisor, senior auditor, and audit staff
assigned to the specific audit. The audit manager is responsible and accountable for
the successful completion of the specific audit engagement work.
Question 27:
(1E2-AT46)
Internal auditors can add a greater value to their organizations by doing more:
Compliance audits.
Operational audits.
Financial audits.
Consulting audits.
More of consulting audits add greater value to their organizations because those
audit results will improve an organization's governance, risk management, and
control processes.
Question 28:
(1E2-AT30)
Which of the following gives the final approval of the internal audit charter document?
Board of directors.
Chief executive officer.
Executive committee.
External auditors.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 8/15
12/27/2015 Wiley CMA Test Bank Part 1
The board of directors gives the final approval of the internal audit charter document
to establish its official status in the organization.
Question 29:
(1E2-AT16)
Assurance audits result when compliance audits, operational audits, and financial
audits are combined into one big audit, yielding reduced audit results due to
summarized audit scope; this is called the dilution effect (2+2 = 3). Combined audits
may not achieve the same audit results as separate audits, because separate audits
have detailed scope.
Question 30:
(1E2-AT52)
Although internal auditors use the judgment sampling method during their audit
work when other methods are not applicable, judgment sampling does not lend
itself to quantitative analysis by standard statistical methods. Judgment sampling is
a qualitative sampling method, not a quantitative sampling method.
Question 31:
(1E2-AT45)
When an internal auditor with education and experience in law works with the human
resource department of a company about employee lawsuits, the auditor is
conducting a(n):
Compliance audit.
Operational audit.
Financial audit.
Consulting audit.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 9/15
12/27/2015 Wiley CMA Test Bank Part 1
Question 32:
(1E2-AT22)
Which of the following is not fully accountable for managing and mitigating risks
throughout the organization?
Board of directors.
Internal audit management.
Executive management.
Functional management.
Internal audit management is fully responsible for reviewing and reporting risks to
an organization's management but is not accountable in the same way as the other
types of management.
Question 33:
(1E2-AT17)
Which of the following represents the extreme level of risk resulting from internal
control breakdowns in an organization?
Lack of employee disciplinary procedures.
Lack of social community involvement.
Lack of competitive advantage.
Lack of management's interest.
Lack or loss of competitive advantage represents the extreme level of risk resulting
from internal control breakdowns in an organization because it could result in
decreased sales, decreased market share, and increased quality problems in
products and services.
Question 34:
(1E2-AT54)
Question 35:
(1E2-AT31)
The chief audit executive (CAE) is required to confirm annually the organizational
independence of the internal audit activity. Which of the following receives that
confirmation?
Governance committee.
Chief executive officer.
Finance committee.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 10/15
12/27/2015 Wiley CMA Test Bank Part 1
Board of directors.
The CAE is required to confirm annually to the full board of directors about the
organizational independence of the internal audit activity from other parts of the
organization for objectivity and independence reasons.
Question 36:
(1E2-AT39)
Question 37:
(1E2-AT55)
Regarding roles and responsibilities, which of the following is different between the
management accounting function and the internal auditing function?
Internal controls.
Staff roles.
Accounting controls.
Independence and objectivity.
Question 38:
(1E2-AT43)
Internal control primarily is a people issue because it is people who install and
deinstall the internal controls.
Question 39:
(1E2-AT26)
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 11/15
12/27/2015 Wiley CMA Test Bank Part 1
CAE compensation.
CAE removal.
Audit staff's compensation.
Audit's scope limitations.
Question 40:
(1E2-AT25)
Which of the following is not a functional reporting item between the chief audit
executive (CAE) and his or her superior?
Approving the audit charter.
Approving the audit manual.
Approving the audit risk assessment program.
Approving the audit plan.
Question 41:
(1E2-AT23)
The CAE should report to a management position at the highest level of the
management hierarchy to obtain an independence status from the rest of the
organization (i.e., CEO). The chief accounting officer, the chief operating officer, and
the chief administrative officer positions are not at the highest level in the
management hierarchy.
Question 42:
(1E2-AT24)
Which of the following is the acceptable reporting relationship of the chief audit
executive (CAE) in a publicly held corporation?
Single reporting.
Dual reporting.
Pseudo-reporting.
Shadow reporting
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 12/15
12/27/2015 Wiley CMA Test Bank Part 1
A dual-reporting relationship occurs when the CAE reports functionally to the board
of directors and administratively to the organization's chief executive officer. This
type of relationship facilitates organizational independence of the internal audit
function.
Time Spent:Due2:52
to its unique missionScore
and vision,
22% the internal
Restartaudit function
End is very
different from that of50 Answered
the other functions in a company. Note that dual reporting
0
violates the unity of command
Unanswered principle, meaning that one subordinate should
report to only one superior. Dual reporting is also called matrix reporting, as found in
a project management environment, where a team member administratively reports
to the project manager and functionally reports to the functional department
manager.
Question 43:
(1E2-AT37)
Self-assessments are examples of tools to evaluate soft controls, which are informal,
intangible, and subjective in nature.
Question 44:
(1E2-AT21)
This represents the last line of defense available either to an internal audit function
or to any other function. A first line of defense is always preferred over the second or
the last defense. The last line of defense can be more costly, less effective, timed
inappropriately, and offer worst results.
Question 45:
(1E2-AT36)
Due diligence reviews can be performed during which of the following audits?
Compliance and consulting audits.
Financial and compliance audits.
Operational and financial audits.
Consulting and operational audits.
complying with laws and regulations, when purchasing land, or when selling a
business in full or in part (i.e., compliance audit). The goal is to assure the company's
senior management and the board of directors that all applicable laws and
regulations are met (e.g., employment and environmental laws and regulations) and
that all potential risks and exposures are addressed and minimized. Hence, due
diligence reviews are performed during compliance and consulting audits.
Question 46:
(1E2-AT42)
All of the following are contributing factors to a false assurance coming from an
internal audit to others except:
Measurement gap.
Communication gap.
Expectation gap.
Competency gap.
Question 47:
(1E2-AT28)
The internal audit charter does not include which of the following?
Audit purpose.
Audit engagement.
Audit authority.
Audit responsibility.
Question 48:
(1E2-AT20)
Question 49:
(1E2-AT35)
Internal auditors can design, develop, implement, and maintain which of the
following?
Control systems.
Computer systems.
Audit systems.
Audit trail systems.
Audit systems (e.g., generalized audit software and test data generator software) are
planned, designed, developed, implemented, maintained, and owned by the internal
audit department for its own use by the audit staff to perform their audit work.
However, internal auditors should not be involve in the planning, designing,
developing, implementing, and maintaining of control systems, computer systems,
and audit trail systems because internal auditors do not own those systems.
Question 50:
(1E2-AT44)
Which of the following is the common item causing overall risks to the internal audit
function?
Management gap.
Competency gap.
Compliance gap.
Expectation gap.
A gap is the difference between what is expected and what is real. A competency gap
is the common item causing audit failures, audit's false assurances, and audit's loss
of reputation, the three broad categories of overall risks to the internal audit
function. A competency gap is the difference between expected competencies in
terms of knowledge, skills, and abilities (KSAs) and the actual KSAs. The audit
director needs to reduce the competency gap in the audit staff, audit supervisors,
and audit managers, including him- or herself, by acquiring the needed KSAs.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 15/15