1. The internal audit activity of an organization is an integral part of the organizations risk management, control, and governance processes because it evaluates and contributes to the improvement of those processes. Select the type of control provided when the internal audit activity conducts a systems development analysis. (Why?)

A. Feedback control.

B. Strategic plans.

C. Policies and procedures.

D. Feedforward control.

2. Controls may be classified according to the function they are intended to perform, for example, as detective, preventive, or directive. Which of the following is a directive control? Why?

A. Monthly bank statement reconciliations.

B. Dual signatures on all disbursements over a specific amount

C. Recording every transaction on the day it occurs.

D. Requiring all members of the internal audit activity to be CIAs.

3. Which of the following is not an objective of application controls? (Why?)

A.	Maintaining a record to track the process of data from input to storage and to the eventual output.
B.	Processing data as intended in an acceptable time period.
C.	Establishing logical access controls over infrastructure, applications, and data.
D.	Confirming input data are accurate, complete, authorized, and correct.

4. Control activities constitute one of the five components of internal control described in the COSO model. Control activities do not encompass. (Why?)

A. Segregation of duties.

B. Preventive controls.

C. Physical controls.

D. Control revalidation.