some of these answers to multiple choice questiona are incorrect need help to provide the correct answers:

Which of the following statements about internal control is incorrect, based on the COSO framework?

a. Internal controls starts with a strong set of policies and procedures.

b. Risk assessment and control activities are two of the compoments of the COSO model. .

c. Internal control can be expected to provide only reasonable assurance that business objectives will be achieved.

d. Monitoring of a company's internal controls are acoomplished with ongoing supervision and independent reviews.

Flag this Question

Question 22 pts

Which of the following are strategies that an organization can use to respond to risk?

I.. Controlling it

II. Accepting it

III. Transferring it

IV. Avoiding it

a. I, II and III only

b. I, III and IV only

c. I, II, and IV only

d. I and III only

e. All four are valid strategies

Flag this Question

Question 32 pts

When a senior manager accepts a level of residual risk that the CAE believes is unacceptable to the organization, the CAE should:

a. Report the unacceptable risk level to the chairman of the audit committee and the external audit partner.

b. Resign from his/her job

c. Discuss the matter with other knowledgeable members of senior management and if not resolved take it to the audit committee.

d. Notify the appropriate regulatory agency.

e. Accept senior managements position because it establishes the risk appetite for the organization.

Flag this Question

Question 42 pts

Which of the following statements is not true regarding the Sarbanes Oxley Act for public companies?

a. Requires companies to publicly report on its financial reporting controls

b. Requires public company to disclose wthether its audit committee has a member that is a financial expert

c. Requires its internal auditors to test financial reporting controls.

d. Requires their external auditors to assess the company's financial reporting controls

Flag this Question

Question 52 pts

As defined by COSO, which of the following are considered to be part of an organizations control environment?

I. Establishing control consciousness within the organization

II. Setting realistic goals and objectives

III. Assigning authority and responsibility

IV. Distributing a written code of conduct

a. Only II and III are correct

b. Only III and IV are correct

c. Only I, II, and III are correct

d. I, II, III and IV are correct

Flag this Question

Question 62 pts

Which of the following statements is not true about business objectives?

a. Business objectives represent targets of performance

b. Establishment of meaningful business objectives is a prerequisite to effective internal control.

c. Establishing meaningful business objectives is a key component of the management process.

d. Business objectives are managements means of employing resources and assigning responsibilities.

Flag this Question

Question 72 pts

Which of the following would not be considered a primary objectives of a closing conference?

a. To resolve conflicts.

b. To discuss the engagement observations and recommendations.

c. To identify concerns for future audit engagements.

d. To identify managements actions and responses to the engagement observations and recommendations.

Flag this Question

Question 82 pts

In which of the following situations does the internal auditor potentially lack objectivity?

a. A payroll accounting employee assists an internal auditor in verifying the physical inventory of small motors.

b. An internal auditor discusses a significant issue with the VP to whom the auditor reports prior to drafting the audit report.

c. An internal auditor recommends standards of controls and performance measures for a contract with a service organization for the processing of payroll.

d. A former purchasing assistant performs a review or internal controls over purchasing four months after being transferred to the internal audit department.

Flag this Question

Question 92 pts

Which of the following is not an example of a risk-sharing strategy?

a. Outsourcing a non-core, high risk area.

b. Selling a non-strategic business unit.

c. Hedging against interest rate fluctuations

d. Buying an insurance policy to protect against adverse weather

Flag this Question

Question 102 pts

The CAE is asked to conduct the enterprise risk assessment as part of a companys implementation of ERM. Which of the following would be least effective in protecting the internal audit functions independence and the objectivity of its internal auditors from perceived impairment?

a. A cross section of management is involved in assessing the impact and likelihood of each risk.

b. Risk owners are assigned responsibility for each key risk.

c. The IA function defers to management when decisions are made regarding how to best manage each key risk.

d. A member of senior management presents the results of the risk assessment to the board and that it represents the organizations risk profile.

e. The IA function obtains assistance from an outside consultant in conducting the formal risk assessment session.