1.Internal audit activities follow a risk-based audit approach, where the service provided is driven by the...

a.

way that the organisation perceives and manages risk.

b.

way that the organisation perceives compliance.

c.

perceived credibility of the internal audit activity.

d.

way that the organisation perceives internal controls.

2.An effective relationship between risk level and internal control level is which one of the following?

a.

High risk and weak controls.

b.

Low risk and strong controls.

c.

High risk and strong controls.

d.

Medium risk and weak controls.

3.Which of the following are typically governance responsibilities of senior management?

I. Delegating its tolerance levels to risk managers.

II. Monitoring day-to-day performance of specific risk management activities.

III. Establishing a governance committee of the board.

IV. Ensuring that sufficient information is gathered to support reporting to the board.

a.

I, II and IV.

b.

II and III.

c.

I, II, III and IV.

d.

I and IV.

4.Which one of the following is the primary purpose of the internal auditor's evaluation of the adequacy of an organisation's internal control system according to the Standards for the Professional Practice of Internal Auditing?

a.

Testing to a sufficient detail, to give absolute assurance that non-compliance does not exist.

b.

To ensure that the possibility of material irregularities during every audit assignment is identified.

c.

To ensure infallibility and extraordinary performance when the system of internal controls is known to be weak.

d.

To ensure that controls are designed to meet the organisation's objectives.

5.According to the IIA Standards, the purpose of an internal auditor's review for effectiveness of the system of internal control is to ascertain if ...

a.

the organisation's goals and objectives have been achieved.

b.

the system is functioning efficiently and economically.

c.

financial and operating data are reliable.

d.

the system is functioning as intended.

6.In terms of King IV the members of an audit committee should be appointed by the ...

a.

governing body; and should consist of at least three members, being a mix of only executive and independent non-executive directors.

b.

shareholders, and should consist of at least six members, being independent non-executive directors.

c.

shareholders; and should consist of at least three members, being a mix of executive and non-executive directors.

d.

7.Governing body; and should consist of at least three members, being independent non-executive directors.

External auditors seek to provide an opinion on whether the financial statements present fairly, in all material respects, the financial position of the company and its financial performance and cash flows for the period under review. Internal auditors on the other hand provide assurance on the ...

a.

adequacy and effectiveness of risk management, control and governance processes, which relate primarily to the main accounting systems.

b.

adequacy and effectiveness of risk management, control and governance processes, which fall outside the main accounting systems.

c.

adequacy and effectiveness of compliance with internal control, which fall outside of the main accounting systems.

d.

fairness of the systems of risk management, control and governance processes, which fall outside the main accounting systems.

8.According to COSO ERM, which of the following is not an inherent challenge that arises as part of establishing strategy and business objectives?

a.

Implications from the strategy chosen.

b.

Risk to achieving the strategy,

c.

Ensuring culture is clearly articulated by the board.

d.

Possibility of strategy not aligning.

9.An internal auditor has reported a suspected fraud to the chief audit executive (CAE). The CAE turned the entire case over to the independently functioning forensic department. Forensics failed to investigate or report the case to management. The perpetrator continued to defraud the organisation until accidently discovered by a line manager two years later. Select the most appropriate action for the CAE ensuring compliance with the International Professional Practice Framework (IPPF).

a.

The CAE's actions were correct.

b.

The CAE should have discharged the perpetrator.

c.

The CAE should conducted the investigation.

d.

The CAE should have periodically checked the status of the case with forensics.

10.Which of the following is the most appropriate statement?

a.

Where there is a conflict between consulting and assurance services, then assurance services should prevail.

b.

Where there is a conflict between consulting and assurance services, the the chief audit executive (CAE) should personally monitor the engagements.

c.

Where there is a conflict between consulting and assurance services, the neither should be performed.

d.

Where there is a conflict between consulting and assurance services, then consultancy should prevail.

11.Which of the following is the most appropriate statement?

a.

Where there is a conflict between consulting and assurance services, then assurance services should prevail.

b.

Where there is a conflict between consulting and assurance services, the the chief audit executive (CAE) should personally monitor the engagements.

c.

Where there is a conflict between consulting and assurance services, the neither should be performed.

d.

Where there is a conflict between consulting and assurance services, then consultancy should prevail.

12.Management is concerned with a recent increase in expenditures and lower profits at a division and has asked the internal audit activity to perform an operational audit of the division. Management would like to have the audit completed as quickly as possible and has asked the internal audit activity to allocate all possible resources to the task. The chief audit executive is concerned with the time pressure since the internal audit activity is heavily involved in a major legal compliance audit that had been requested by the audit committee.

Which of the following factors would be considered the least important in deciding whether existing internal audit resources should be moved from the ongoing legal compliance audit to the management-requested audit of a division?

a.

The potential for significant regulatory fines associated with the legal compliance audit.

b.

A financial audit of the division by the external auditor a year ago.

c.

The increase in expenditures at the division for the past year.

d.

The potential of fraud associated with the legal compliance audit.

13.The chief audit executive (CAE) for an organisation has just completed a risk assessment process, identified the areas with the highest risks, and assigned an audit priority to each. Which of the following conclusions logically follows from such a risk assessment and are consistent with the IIA Standards?

(I) Items should be quantified as to risk in the rank order of quantifiable rand exposure to the organisation.

(II) The risk priorities should be in order of major control deficiencies.

(III) The risk process, though quantified, is the result of professional judgement about both exposures and probability of occurrences.

a.

II and III.

b.

I, II and III.

c.

I only.

d.

III only.

14.The chief audit executive (CAE) of a multinational company must select an audit team to examine a newly acquired subsidiary in another country. Consideration should be given to which of the following factors?

(I) Local customs.

(II) Language skills of the auditor.

(III) Experience of the auditor.

(IV) Monetary exchange rate.

a.

I and III.

b.

I, II and III.

c.

II, III and IV.

d.

I and II.

15.Three types of risks that is considered in a risk-based audit approach are...

a.

inherent risk, market risk and detection risk.

b.

finance risk, market risk and product risk.

c.

inherent risk, control risk and detection risk.

d.

credit risk, liquidity risk and market risk.

16.The internal audit manager requires strict adherence by staff to prewritten audit programmes and prescribed audit schedules; no exceptions are tolerated. Audit work is scheduled based on a fixed three-year cycle. Monthly statistics are compiled and mailed to all staff. These statistics are used to evaluate performance, show budget versus actual data on job time, issue reports, and six other measures. This audit manager's management approach is best described as a...

a.

systems approach.

b.

contingency approach.

c.

operational approach.

d.

behavioural approach.

17.According to the IIA Standards, which of the following best describes the nature of opinions that are appropriate for internal audit reports?

a.

Opinions are generally the auditor's subjective judgements concerning why deficiencies exist.

b.

Opinions are the auditor's evaluations of the effects of the findings on the activities reviewed.

c.

Opinions are conclusions that the auditor has reached concerning the appropriateness of the auditee's objectives.

d.

Opinions should only involve the fairness of the auditee's financial statements.

18.In terms of King IV, which one of the following statements about the committee for risk governance is most accurate?

a.

The governing body should consider allocating the oversight of risk governance to a dedicated committee or adding it to the responsibilities of another committee as is appropriate for the organisation.

b.

If the audit and risk committees are separate, the governing body should make sure that there is no overlapping of members between the two committees.

c.

The governing body doesn't need to disclose anything regarding the risk committee in the annual report.

d.

The risk committee should have executive and non-executive members, with a majority being executive members.

19.Which one of the following statements is least appropriate? Internal audit manuals fulfil the following role:

a.

Establishing a base from which to measure the expected performance standards.

b.

Defining standards and audit methodologies.

c.

Communication of the role of internal auditors to management.

d.

Communication of standards ad audit methodologies to audit staff.

20.The scope of enterprise risk management (ERM) encompasses which of the following?

(I) Creating opportunities

(II) De-risking opportunities

(III) Analysing strengths

(IV) Focusing of weaknesses

a.

I and III.

b.

III and IV.

c.

I and II.

d.

I, III and IV.