) Which of the following is not a legitimate role for internal auditing in cloud computing?

A) Reviewing personnel transition and end-user training plans

B) Providing assurance on IT general controls

C) Reviewing service level agreements

D) Ongoing monitoring of vendor performance

E) Implementing the cloud computing strategy

14) In the Three Lines of Defense Model, the CEO is part of the

A) 1^st Line

B) 2^nd Line

C) 3^rd Line

D) All lines

E) None of the above

15) Which of the following is not a category of objectives of internal control per the COSO Internal Control Framework?

A) Reliability of financial reporting

B) Effectiveness and efficiency of operations

C) Compliance with laws and regulations

D) Achievement of strategic objectives

E)All of the above are categories of objectives of internal control

ACCT 436 SECTION 6380

INTERNAL AUDITING EXAM 1

INSTRUCTOR:MR. STEVEN ULMER

16) Which area can risk management and internal auditing not collaborate?

A)Sharing available resources

B)Being jointly accountable for risk management

C)Assessing and monitoring risks

D)Sharing work products

E)Cross-leveraging expertise

17) Without effective general computing controls, reliance on IT systems may not be possible?

A) True

B) False

18) Which of the following best describes internal auditing's primary purpose in reviewing the organization's existing governance, risk management and controls processes?

A)To ensure all weaknesses in the internal control system are corrected

B)To develop the audit plan

C)To provide reasonable assurance that the processes will enable the organization's

objectives and goals to be met

D)To offer an opinion as to whether the financial statements are fairly stated

E) To comply with the IPPF Code of Ethics

19) Which of the following is true about internal vs. external auditing?

A) External auditors cannot rely on any of the work done by internal auditing

B) Both have the same definition of the term "independence."

C) Internal auditing reports to the external auditors

D) Internal auditing is more focused on financial reporting than external auditing

E) Many of the tool and techniques in auditing are common to both internal and external auditing

20)Which of the following is true about GRC?

A)It should be implemented as a technology solution

B)Internal auditing has primary responsibility for ensuring the organization has implemented GRC

C)Each component of GRC must be at the same level of maturity

D)Integrating GRC is a gradual process

E)All of the above are true

21) Based on the IPPF Standards which of the following does internal auditing not have responsibility for around governance?

A) Assessing how well the organization promotes ethical values

B) Assessing information technology governance

C) Being a key sponsor of GRC

D) Making recommendations to ensure effective organizational performance management

E) All of the above are responsibilities of internal auditing

ACCT 436 SECTION 6380

INTERNAL AUDITING EXAM 1

INSTRUCTOR:MR. STEVEN ULMER

22) Differences in internal reporting structures with the third-party outsourcer is an example of what type of risk?

A) Strategy

B) Security and confidentiality

C)Key processes

D)Reputational

E) Organizational

23)The time it takes a risk event to manifest itself is an example of what assessment criteria?

A) Uncertainty

B)Impact

C)Likelihood

D) Vulnerability

E)Velocity

24) Which of the following about how internal auditing adds value is not true?

A) How internal auditing can best add value changes over time

B) What is considered value add in one organization may not be considered value add in another organization

C)Internal auditing is limited by resources, staff size and expertise in where and how they can add value

D) For any organization consulting is higher value add than assurance services

E) Different levels in the organization have different opinions as to how internal auditing can best add value

25) Which of the following is true about the IPPF?

A)Interpretations are not considered to be mandatory guidance

B)The Code of Ethics is part of the Standards

C)Independence as defined in the IPPF is a concept dealing with an unbiased mental attitude

D)By law in the U.S. internal auditing departments must comply with all the IIA Standards

E)None of the above items are true