Need help with 20 multiple choice questions for graduate level Internal Audit class

Question 1 When senior management accepts a level of residual risk that the CAE believes in unacceptable to the organization, the CAE should: a. Not resign his or her position in the organization, but also not take further action. b. Not report the unacceptable risk level immediately to the chair of the audit committee and the independent outside firm partner, but also not take further action. c. Discuss the matter with knowledgeable members of the senior management and, if not resolved, take it to the audit committee of the Board of Directors. d. Accept senior management's position because it establishes the risk appetite for the organization. e. All of these (ad) are true f. None of these (ad) are true Question 2 The control that would most likely ensure that payroll checks are written only for authorized amounts is to: a. Periodically witness the distribution of payroll checks. b. Conduct periodic floor verification of employees on the payroll. c. Require the return of undelivered checks to the cashier. d. Require supervisory approval of employee time cards. e. All of these "AD" are correct f. None of these "AD" are correct Question 3 An organization's IT governance committee has several important responsibilities. Which of the following is normally such a responsibility? a. Aligning investments in IT with business strategies. b. Overseeing changes to IT systems. c. Monitoring IT security procedures. d. Agreeing to risk levels set by management e. All of these "AD" are correct f. None of these "AD" are correct Question 4 The CAE is asked to lead the enterprise risk assessment as part of an organization's implementation of ERM. Which of the following would be relevant with respect to protecting the internal audit function's independence and objectivity of its internal auditors? a. The internal audit function obtains the level of tolerable risk from the joint decision of the board and management b. Risk owners are assigned responsibility for each key risk. c. A member of senior management presents the results of the risk assessment to the board and communicates that it represents the organization's risk profile. d. A crosssection of management is involved in assessing the impact and likelihood of each risk. e. All of these answers (ad) apply f. None of these answers (ad) apply Question 5 The internal audit function's responsibilities with respect to fraud are limited to: a. Being aware of fraud indicators, including those relating to financial reporting fraud, and also possessing the expertise of a fraud infestation specialist. b. Monitoring any calls received through the organization's whistleblower hotline, but not necessarily conducting a followup investigation. c. The organization's operational and compliance activities only, because financial reporting matters are the responsibility of the independent outside auditor. d. Ensuring that all employees have received adequate fraud awareness training. e. All of these "AD" are correct f. None of these "AD" are correct Question 6 A manufacturing company has identified the following risk: "Failure to meet our lowest sales price advantage will result in loss of sales" To which type of objective does this risk most directly relate? a. Strategic. b. Operations. c. Reporting. d. Compliance. e. All of these answers (ad) are correct f. None of these answers (ad) are correct Question 7 Which of the following symbols in a process map will most likely contain a terminator? a. Oval b. Diamond. c. Arrow. d. Circle e. All of these "AD" are correct f. None of these "AD" are correct Question 8 An organization that manufactures and sells computers is trying to boost sales between now and the end of the year. It decides to offer its sales representatives a bonus based on the number of units they deliver to customers before the end of the year. The price of all computers is determined by the vice president of sales, and cannot be changed by sales representatives. Which of the following presents the greatest reason a sales representative may commit fraud with this incentive program? a. Sales representative may sell units that have a lower margin than other units. b. The customers may not pay for the computer timely. c. The units delivered may be defective. d. Customers have the right to return a laptop for up to 90 days after purchase. In this way a sale can be recorded, and the sales person rewarded unfairly. e. All of these "AD" are correct f. None of these "AD" are correct Question 9 The purpose of logical security controls is to: a. Restrict processing results. b. Require access to hardware. c. Enable complete and accurate processing of data d. Restrict of access to data. e. All of these "AD" are correct f. None of these "AD" are correct Question 10 Which of the following is not true regarding business process outsourcing? a. Outsourcing a core, highrisk business process reduces the overall operational risk. b. Outsourced processes should not be included in the internal audit universe. c. The independent outside auditor is required to audit all significant outsourced business processes. d. Management's controls to ensure the outsourcing provider meets contractual performance requirements should not be tested by the internal audit function. e. All of these "AD" are correct answers...In short, none of them are true. f. None of these "AD" are correct answers ...In short, all of them are true. Question 11 Which of the following statements regarding an internal audit function's continuous auditing responsibility is/are true? I. Then internal audit function is responsible for assessing the effectiveness of management's continuous monitoring activities. II. In areas of the organization in which management has implemented effective monitoring activities, the internal audit function can conduct less stringent continuous assessments of risks and controls. III. In areas of the organization in which management has implemented ineffective monitoring activities, the internal audit function may conduct more stringent continuous assessments of risks and controls, depending on risk. a. Only statement I is true b. Only statement II is true c. Only statements I and II are true d. Neither statement I nor statement II is true. e. All statements (I, II, and II) are true f. No statements (I, II, and II) are true Question 12 An internal audit engagement was included in the approved internal audit plan. This is considered a moderately highrisk audit based on the internal audit function's risk model. It is currently on a twoyear audit cycle. Which of the following will likely have the greatest impact on the scope and approach of the internal audit engagement? a. Certain components of the process are outsourced. b. Changes to the computer system were implemented during the year (from year 1 to year 2), changing how all transactions are now processed. c. The area being audited involves the processing of a high volume of transactions. d. The total dollars processed in this area are material. e. All of these "A D" are correct f. None of these "A D" are correct Question 13 After certain items that could be identified as business risks, they should be assessed in terms of their inherent: a. Impact only b. Likelihood and probability only c. Significance and severity only . d. Significance and control effectiveness only . e. Each one of these "AD" are correct f. None of these "AD" are correct Question 14 Internal audit engagement programs should: a. Audit every business area within the organization. b. Be generalized to fit all situations without regard to department lines. c. Be generalized so as to be usable at various international locations of an organization. d. Reduce costly duplication of effort by ensuring that every aspect of an operation is examined. e. All of these "AD" are correct f. None of these "AD" are correct Question 15 A new computer system does not guarantee data integrity and therefore increases what type of basic business risk? a. Strategic. b. c. d. e. Operations. Reporting. Compliance. All of these answers (ad) are correct f. None of these answers (ad) are correct Question 16 An inappropriate internal control for a multinational corporation's branch office that has a department responsible for the transfer of money requires that: a. The individual who initiates wire transfers does reconcile the bank statement. b. The branch manager must receive all wire transfers. c. Foreign currency rates must be based on one person's opinion d. Corporate management approves the hiring of employees in this department. e. All of these "AD" are inappropriate f. None of these "AD" are inappropriate Question 17 An internal auditor plans to conduct an audit of the adequacy of controls over investments in new financial instruments. Which of the following would likely be required as part of such as engagement? a. Determine whether policies exist that describe the risks the treasurer may take and the types of instruments in which the treasurer may invest. b. Determine the extent of management oversight over investments in sophisticated instruments. c. Determine whether there are policies on whether the investment committee may take on the types of instruments in which the committee may invest. d. Determine the nature of monitoring activities related to the investment portfolio. e. All of these "AD" are correct f. None of these "AD" are correct Question 18 An adequate system of internal controls is most likely to detect a fraud perpetrated by a: a. Group of employees in collusion. b. the collusion of employees. c. Group of managers in collusion. d. Single manager. e. All of these "AD" are correct f. In none of these "AD" will the internal controls likely detect a fraud Question 19 Which of the following best describes an internal auditor's purpose in reviewing the organization's existing governance, risk management, and control processes? a. To help to determine the nature, timing and extent of tests necessary to achieve engagement objectives. b. To ensure that weakness in the internal control system are corrected. c. To provide reasonable assurance that the processes will enable the organization's objectives and goals to be met efficiently and economically. d. To determine whether the processes ensure that the accounting records are correct and that financial statements are fairly stated. e. All of these "AD" are correct f. None of these "AD" are correct Question 20 From an organization's standpoint, because internal auditors are seen to be "internal control experts," they also are: a. Fraud risk management process owners, and hence, the first and most important line of defense against fraudulent financial reporting or asset misappropriation. b. The best resources for audit committees, management, and others to consult inhouse when setting up antifraud programs and controls, because they are also risk managers c. The best candidates to manage risk. d. The secondary decision makers for risk appetites e. All of these answers (ad) are correct f. None of these answers (ad) are correct