Question
) Which of the following is not a legitimate role for internal auditing in cloud computing? A) Reviewing personnel transition and end-user training plans B)
) Which of the following is not a legitimate role for internal auditing in cloud computing?
A) Reviewing personnel transition and end-user training plans
B) Providing assurance on IT general controls
C) Reviewing service level agreements
D) Ongoing monitoring of vendor performance
E) Implementing the cloud computing strategy
14) In the Three Lines of Defense Model, the CEO is part of the
A) 1st Line
B) 2nd Line
C) 3rd Line
D) All lines
E) None of the above
15) Which of the following is not a category of objectives of internal control per the COSO Internal Control Framework?
A) Reliability of financial reporting
B) Effectiveness and efficiency of operations
C) Compliance with laws and regulations
D) Achievement of strategic objectives
E)All of the above are categories of objectives of internal control
ACCT 436 SECTION 6380
INTERNAL AUDITING EXAM 1
INSTRUCTOR:MR. STEVEN ULMER
16) Which area can risk management and internal auditing not collaborate?
A)Sharing available resources
B)Being jointly accountable for risk management
C)Assessing and monitoring risks
D)Sharing work products
E)Cross-leveraging expertise
17) Without effective general computing controls, reliance on IT systems may not be possible?
A) True
B) False
18) Which of the following best describes internal auditing's primary purpose in reviewing the organization's existing governance, risk management and controls processes?
A)To ensure all weaknesses in the internal control system are corrected
B)To develop the audit plan
C)To provide reasonable assurance that the processes will enable the organization's
objectives and goals to be met
D)To offer an opinion as to whether the financial statements are fairly stated
E) To comply with the IPPF Code of Ethics
19) Which of the following is true about internal vs. external auditing?
A) External auditors cannot rely on any of the work done by internal auditing
B) Both have the same definition of the term "independence."
C) Internal auditing reports to the external auditors
D) Internal auditing is more focused on financial reporting than external auditing
E) Many of the tool and techniques in auditing are common to both internal and external auditing
20)Which of the following is true about GRC?
A)It should be implemented as a technology solution
B)Internal auditing has primary responsibility for ensuring the organization has implemented GRC
C)Each component of GRC must be at the same level of maturity
D)Integrating GRC is a gradual process
E)All of the above are true
21) Based on the IPPF Standards which of the following does internal auditing not have responsibility for around governance?
A) Assessing how well the organization promotes ethical values
B) Assessing information technology governance
C) Being a key sponsor of GRC
D) Making recommendations to ensure effective organizational performance management
E) All of the above are responsibilities of internal auditing
ACCT 436 SECTION 6380
INTERNAL AUDITING EXAM 1
INSTRUCTOR:MR. STEVEN ULMER
22) Differences in internal reporting structures with the third-party outsourcer is an example of what type of risk?
A) Strategy
B) Security and confidentiality
C)Key processes
D)Reputational
E) Organizational
23)The time it takes a risk event to manifest itself is an example of what assessment criteria?
A) Uncertainty
B)Impact
C)Likelihood
D) Vulnerability
E)Velocity
24) Which of the following about how internal auditing adds value is not true?
A) How internal auditing can best add value changes over time
B) What is considered value add in one organization may not be considered value add in another organization
C)Internal auditing is limited by resources, staff size and expertise in where and how they can add value
D) For any organization consulting is higher value add than assurance services
E) Different levels in the organization have different opinions as to how internal auditing can best add value
25) Which of the following is true about the IPPF?
A)Interpretations are not considered to be mandatory guidance
B)The Code of Ethics is part of the Standards
C)Independence as defined in the IPPF is a concept dealing with an unbiased mental attitude
D)By law in the U.S. internal auditing departments must comply with all the IIA Standards
E)None of the above items are true
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started