Need Help in resolving correct answers to muitiple choice questions:

11. An internal audit engagement is considered a moderately high risk audit based on IA's risk model. It is currently on a 2

year cycle. Which of the following will likely have the greatest impact on the scope & approach of the engagement:

a. The activity involves the processing of a high volume of transactions

b. The process affect multiple accounts.

c. Certain components of the process are outsourced.

d. A new system was implement during the year, which changed how transactions are processed.

e. The total dollars processes in this area are material.

12. Which of the following is not generally considered the most critical as it relates to "general IT controls:

a. Information & Physical security controls.

b. Application based controls.

c. System change management controls.

d. Business Continuity & Disaster Recovery controls.

13. Which of the following is the least accurate statement regarding a well-documented business process

a. Contains key objectives for the process.

b. Identifies key risks and controls.

c. Prepared by control owners.

d. Defines areas of responsibilities e. Can use either method to complet

14. Which of the following control(s) is considered to be part of a company's IT "application"controls?

I. Program edit checks

II. Run-to-run totals

III. End user controls

IV. Field checks

a. Only I, II, and III are correct

b. Only I, II, and IV are correct

c. Only II and III are correct

d. I, II, III and IV are all correct.

15. Which of the following is considered to be the "least" reliable when an auditor is evaluating documentary evidence?

a. Inventory test counts by a third party

b. Written policy statements

c. Letter from outside attorneys

d. Vendor invoices

16. Which of the following is the least accurate statement regarding concepts as defined by the COSO framework?

a. Ethical values, delegation of authority and monitoring are part of a company's control environment

b. Control activities occur at two levels within an organization: Entity-wide and process level

c. Business objectives can be categorized into 3 groups-financial, operational & compliance

d. Monitoring occurs in two ways: ongoing activities and separate evaluations.

a. Organizational structure

b. Management's operating style

c. Commitment to competencyagement

d. Risk assessment

17. Which of the following components of IT contingency planning is most important?

a. Verification of systems routines

b. Security over the contingency site

c. Documentation of the plan

d. Integration of the business plans with the system plans.

18. g is not a domain as described in the CoBiT framework?

a. Plan & Organize

b. Deliver/support

c. Control activities

d. Monitor

19. Which of the following is not an effective method to help prevent procurement fraud?

a. Proper segregation of duties

b. Open competition

c. Rotating procurement staff and responsibilities

d. Analysis of unusual inventory levels

e. All of the above are appropriate preventive controls

20. Recommendations should be included in final audit communication to:

a. Provide management with options for addressing audit observations

b. Ensure that problems are resolved in the manner suggest by the auditor

c. Minimize the amount of time required to correct audit observations.

d. Guarantee that audit observations are addressed.

21. The primary reason for having formal audit engagement communications is to

a. Provide an opportunity for the engagement client to respond

b. Document the corrective actions required of management.

c. Provide a formal means by which the external auditor assesses potential reliance on

internal auditor's work

d. Record observations and recommended courses of actions

22. Which of the following is not considered part of a company's "Monitoring"activities (as defined by COSO)?

I. Regluar management & supervisory activities.

II. Comparison activities.

III. Fraud prevention & detection activities.

IV. Management self-control assessment

a. Only iV is not a part of monitoring activities.

b. Only I and III are not a part of monitoring activities.

c. Only II is not part of moiitoring activities.

d. None of the above (all listed activities are part of monitoring)

23. Which of the following is the least accurate regarding risk management?

a. Should consider impact and likelihood to determine "critical" risks

b. Is a fairly subjective process requiring sound judgment

c. Are typically not formally performed by operations management

d. Requires consideration of inherent risk factors and risk control analysis.

e. Residual risk is what remains of inherent risks after internal controls are put in place

24. Evaluation of ICFR includes which of the following financial reporting assertions (objectives):

I. Occurrence

II. Safeguarding

III Completeness

IV. Valuation

a. Only I, II and III are relevant

b. Only I, III and IV are relevant

c. Only II, III and IV are relevant

d. All of the above

25. A major purpose of the International Standards for the Professional Practice of Internal Auditing

is to:

a. Promote the coordination of internal and external audit efforts

b. Develop a consistency in internal audit practices.

c. Establish a basis for the evaluation of internal audit performance

d. Provide a codification of existing practices

26. Appropriate internal control for a multinational corporation's branch office that has a

department responsible for the transfer of money requires that:

a. The individual who initiates wire transfers does not reconcile the bank statement.

b. The branch manager receives all wire transfers.

c. Foreign currency rates be computed separately by two different employees

d. Corporate management approves the hiring of monetary transfer unit employees.

27. If all other factors specified in an attribute sampling plan remain constant, changing the

expected population deviation rate from 1% to 2% and changing the tolerable deviation rate from

7% to 6% would cause the required sample to;

a. Increase

b. Decrease

c. Remain the same

d. Change by 2%

28. The New York Stock Exahange does not requires listed companies to have an internal auditing function.

TRUE

FALSE

29. Sarbanes Oxley Act requires listed companies to disclose whether it has a "financial expert" on its audit committee

TRUE

FALSE

30. The IIA's Professional Practices Framework requires the CAE to periodically report to senior management and the board of

directors on internal audit's activities.

TRUE

FALSE

31. In audits of a business process, there is little value in testing the operating effectiveness of controls that are inadeuately

designed

TRUE

FALSE

32. Which of the following statements about internal control is incorrect, based on the COSO framework?

a. Internal controls starts with a strong set of policies and procedures.

b. Risk assessment and control activities are two of the compoments of the COSO model. .

c. Internal control can be expected to provide only reasonable assurance that business objectives will be achieved.

d. Monitoring of a company's internal controls are acoomplished with ongoing supervision and independent reviews.