During which stage of an audit engagement would the engagement supervisor identify the tasks that
were already completed and the remaining tasks to be performed?
C
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
The engagement supervisor identifies tasks that are completed and remaining tasks during the
process of documenting the work program.
Reference to IIA Standards:
According to the IIA's Performance Standards 2200 - Engagement Planning, an internal audit work
program should detail the procedures necessary to achieve the engagement's objectives.
Standard 2240 - Engagement Work Program explicitly states that internal auditors must develop and
document work programs that achieve the objectives of the engagement.
Key Responsibilities:
Documenting the work program involves listing tasks already performed to avoid redundancy and
tasks remaining to ensure coverage of all planned activities.
Supervisors are responsible for overseeing this process and ensuring the work aligns with the overall
engagement plan.
Relevance to Audit Practice:
The work program serves as a roadmap for auditors, detailing specific steps to be taken.
Identifying completed and pending tasks ensures proper time management and resource allocation
during the engagement.
Which of the following is the best audit procedure to determine whether all of a bank's loans are
backed by sufficient collateral, properly aged as to current payments, and properly categorized as
current or noncurrent?
A
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
IIA Performance Standard 1220.A2: Internal auditors must consider using technology-based audit
techniques and other data analysis tools.
Performance Standard 2320 - Analysis and Evaluation: Sufficient and appropriate analysis should be
performed to achieve the engagement's objectives.
Best Audit Practice for the Scenario:
Option A involves using generalized audit software (GAS) to extract relevant data from the loan file
and stratify it based on specific criteria (e.g., age of loans, collateral backing). This ensures a
statistically valid sample.
By examining a stratified sample, the auditor can determine whether each loan is sufficiently
collateralized, aged correctly, and categorized properly.
This method provides comprehensive coverage while maintaining efficiency and adhering to best
practices.
Why Other Options Are Less Effective:
Option B: A block sample only includes loans over a certain dollar threshold, which introduces a
selection bias and overlooks smaller loans, making the sample less representative.
Option C: A discovery sample limited to loan applications focuses on documentation compliance
(e.g., collateral statements) but does not address loan aging or categorization.
Practical Implications:
Generalized audit software automates data analysis, reduces manual effort, and increases the
reliability of audit conclusions.
By selecting a representative statistical sample stratified by population characteristics, auditors gain
insights that are applicable to the entire population.
An internal auditor is planning a business continuity audit engagement at a remote manufacturing
plant. During planning interviews, the plant manager stated that the local Environmental, Health,
and Safety (EHS) Department, which reports to the plant manager, had completed a similar review
six months ago. The EHS review did not find any significant weaknesses. How should the internal
auditor consider the EHS review results in the current audit engagement planning?
C
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
Standard 1220 - Due Professional Care: Internal auditors must consider the reliability of other
assurance providers.
Standard 2050 - Coordination and Reliance: Internal auditors may rely on the work of other
assurance providers if their objectivity, independence, and competency are assessed and deemed
adequate.
Why Evaluate EHS Work:
The EHS review results can be useful if the review process was thorough, objective, and performed
by competent individuals.
Dismissing their results without evaluation (Option A) could lead to inefficiencies or redundant work.
Canceling the engagement entirely (Option B) ignores the internal audit's responsibility for
independent assurance.
Audit Planning Impact:
By leveraging the EHS review where appropriate, the internal auditor can focus resources on other
areas not covered or on verifying key findings.
Which of the following situations is most likely to require a compliance engagement from the
internal audit activity?
C
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
Standard 2130 - Governance: Internal audit must assess compliance with applicable laws,
regulations, and industry standards.
Compliance Auditing: These engagements assess whether the organization adheres to specific rules
and regulations.
Reasoning:
Option C involves newly imposed health and safety regulations, making compliance auditing critical
to ensure the organization avoids penalties or operational disruptions.
Option A pertains to financial reporting, typically addressed in assurance or financial audits.
Option B involves a new service launch, which may require consulting or operational audits but not
necessarily compliance-focused.
Which of the following statements best describes quality audit workpapers?
C
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
Standard 2330 - Documenting Information: Workpapers must be sufficient, reliable, relevant, and
useful to support audit findings and conclusions.
Practice Advisory: Clear and complete documentation enhances understanding and ensures
consistency in audit conclusions.
Characteristics of Quality Workpapers:
They should clearly articulate audit procedures, results, and conclusions in a way that another
auditor or stakeholder can understand and rely on them.
While electronic and indexed workpapers (Option B) are desirable for organization, they are not
defining characteristics of quality.
Which of the following would have the most direct impact on management's decision regarding the
amount of risk that is considered acceptable?
B
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
Standard 2120 - Risk Management: Internal audit should evaluate the organization’s risk appetite
and alignment with decision-making processes.
Definitions:
Risk Appetite (Option B): The level of risk an organization is willing to accept in pursuit of its
objectives, making it the most direct determinant of acceptable risk levels.
Risk Capacity (Option A): The organization’s ability to absorb risk, which is more strategic and long-
term.
Risk Perception (Option C): Subjective views of risk, which can influence decisions but do not directly
determine acceptable risk.
An internal auditor discovers that a vendor had submitted invoices and was paid for services not
rendered. Which of the following controls is most appropriate to address this type of issue?
A
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
Standard 2130 - Control: Internal audit must assess whether controls ensure compliance and prevent
fraud.
Reasoning:
Option A directly addresses the root cause: payment for unrendered services. Requiring
acknowledgment of receipt ensures only valid invoices are paid.
Option B (observing invoice input) ensures data entry accuracy but does not address fraud.
Option C (verifying amounts) ensures correct payments for legitimate invoices but does not prevent
unauthorized payments.
Best Practice:
Verifying acknowledgment of services before payment is a preventive control, reducing fraud risk.
Which of the following describes an internal auditor's use of external benchmarking?
B
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to Benchmarking:
External benchmarking involves comparing the organization's metrics with those of other entities,
typically competitors or industry averages.
Standard 1210 - Proficiency: Internal auditors must have knowledge to evaluate performance against
external benchmarks effectively.
Reasoning:
Option B demonstrates external benchmarking by comparing the organization's return on equity with
a competitor's performance.
Option A and Option C focus on internal analysis within the organization and do not use external
references.
Application in Internal Auditing:
External benchmarking identifies competitive gaps, informs strategic decisions, and supports
recommendations for improvement.
Which of the following best ensures that the internal audit activity is free from undue interference
from management?
C
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
Standard 1110 - Organizational Independence: The chief audit executive (CAE) must report
functionally to the board to ensure independence.
The audit charter must define the CAE’s functional reporting line to the board, securing protection
from undue management influence.
Reasoning:
Option C addresses the foundational document—the audit charter—that establishes the CAE’s
authority and independence.
Option A refers to operational standards, but they do not directly safeguard against interference.
Option B strengthens governance but is secondary to the audit charter in securing independence.
Impact:
A robust audit charter formalizes the CAE’s reporting relationship and ensures organizational
independence, empowering internal audit.
Which of the following describes how the internal audit activity can add the greatest value by
assisting management with internal controls?
C
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
Standard 2130 - Control: Internal audit must evaluate and contribute to the improvement of
governance, risk management, and control processes.
Designing or operating controls (Options A and B) risks impairing internal audit independence
(Standard 1100).
Reasoning:
Option C aligns with internal audit's role of evaluating internal controls objectively.
Option A could involve a management function, which compromises independence.
Option B focuses on monitoring, a management responsibility, and does not leverage internal audit’s
evaluative expertise.
Best Practice:
By evaluating controls, internal auditors provide actionable insights that help improve control
effectiveness and efficiency without compromising independence.
Which of the following is most likely to be considered an internal audit assurance service?
C
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
Definition of Assurance Services: Assurance services involve the objective examination of evidence to
provide an independent assessment of governance, risk management, and control processes.
Compliance engagements align with assurance services by verifying adherence to laws, regulations,
or internal policies.
Reasoning:
Option C qualifies as assurance because it involves assessing whether compliance requirements are
met.
Option A (process design) and Option B (facilitation) are advisory in nature and fall under consulting
services, not assurance.
Impact on the Organization:
Compliance assurance engagements provide critical oversight, helping organizations maintain
accountability and avoid regulatory penalties.
What is the purpose of establishing engagement objectives during the planning phase of an internal
audit?
A
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
Standard 2210 - Engagement Objectives: Internal auditors must establish objectives for each
engagement to align with the organization's goals and address identified risks.
Reasoning:
Option A is correct because engagement objectives focus on ensuring audit procedures target and
mitigate identified risks effectively.
Option B (common understanding) is important for team alignment but is secondary to risk-focused
objectives.
Option C (considering work of other assurance providers) is part of planning but not the primary
purpose of setting objectives.
Importance of Objectives:
Engagement objectives drive the audit’s focus, ensuring that procedures are purposeful and tailored
to mitigate relevant risks.
A newly hired internal auditor has been asked to examine the sales of a specific product over the last
four years. Which of the following analytical review techniques should the auditor employ?
B
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to Analytical Techniques:
Trend Analysis involves examining data over a period to identify patterns, shifts, or anomalies.
This technique is appropriate for longitudinal data like sales over four years.
Reasoning:
Option B (Trend analysis) is correct as it helps the auditor analyze sales performance over time and
identify patterns or deviations.
Option A (Ratio analysis) compares related metrics, such as profitability or liquidity, but does not
focus on changes over time.
Option C (External benchmarking) involves comparing performance to external standards or
competitors, not internal historical data.
Application in Audit:
Trend analysis allows the auditor to assess growth, seasonal patterns, or irregularities in sales data,
providing actionable insights.
Which of the following is an element of a well-formed audit recommendation?
B
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to Audit Recommendations:
According to the IIA Standards, a recommendation must be actionable, specific, and designed to
address the root cause of an identified issue.
Reasoning:
Option B is correct because effective recommendations focus on preventing recurrence by
addressing root causes or implementing control measures.
Option A (factual evidence) supports findings but does not constitute the recommendation itself.
Option C (factors allowing the condition) provides context for findings but does not include
actionable measures to resolve or prevent the issue.
Key Components of a Recommendation:
Recommendations should propose practical solutions to mitigate risks, improve processes, or
enhance controls.
Measures to prevent recurrence align with the goal of sustainable improvements.
Which of the following best describes a compliance audit engagement?
A
Explanation:
Comprehensive and Detailed Step-by-Step Explanation:
Reference to Compliance Auditing:
Definition: Compliance audits assess adherence to external laws, regulations, or internal policies and
procedures.
Standard 2130 - Control: Internal audit must evaluate the adequacy and effectiveness of controls to
ensure compliance with applicable laws and regulations.
Reasoning:
Option A is correct because assessing adherence to safety regulations is a compliance activity
focused on legal and regulatory conformity.
Option B (analyzing economic activity) relates more to financial auditing or accounting standards
compliance, not regulatory compliance.
Option C (reviewing an external service provider’s risk management process) aligns with a risk or
assurance engagement, not compliance.
Impact of Compliance Audits:
Ensuring adherence to legal requirements protects the organization from regulatory penalties and
enhances operational integrity.