CIA P1 Mock Exam and Answers

CIA

Preparatory Program

Part 1

The Internal Audit Activity’s Role In Governance, Risk and Control

Mock Exam

1

CIA Part 1 Mock Exam QUESTIONS 1-100: MULTIPLE CHOICE ESTIMATED TIME: 2HR - 45 MINUTES Select a single answer that best completes the statement or answers the question. Mark your answer by blackening with a soft lead pencil the appropriate answer space on the answer sheet provided.

ANSWER THE FOLLOWING: 1.

Which of the following is not true with regard to the internal audit charter?

a.

It defines the authorities and responsibilities for the internal audit activity.

b.

It specifies the minimum resources needed for the internal audit activity.

c.

It provides a basis for evaluating the internal audit activity.

d.

It should be approved by senior management and the board.

2.

The function of internal auditing, as related to internal financial reports, would be to:

a.

Ensure compliance with reporting procedures.

b.

Review the expenditure items and match each item with the expenses incurred.

c.

Determine if there are any employees expending funds without authorization.

d.

Identify inadequate controls that increase the likelihood of unauthorized expenditures.

3.

Which of the following would be a long-range rather than a short-range planning topic?

a.

Production scheduling.

b.

Inventory policy.

c.

Product quality.

d.

Advertising budget.

4. The status of the internal audit activity should be free from the effects of irresponsible policy changes by management. The most effective way to assure that freedom is to: a.

Have the internal audit charter approved by the board.

b.

Adopt policies for the functioning of the internal audit activity.

c.

Establish an audit committee as a subcommittee of the board.

d.

Develop written policies and procedures to serve as standards of performance for the internal audit activity.

5. As part of a company-sponsored award program, an internal auditor was offered an award of significant monetary value by a division in recognition of the cost savings that resulted from the auditor's recommendations. According to the International Professional Practices Framework (IPPF), what is the most appropriate action for the auditor to take? a.

Accept the gift since the engagement is already concluded and the report issued.

b.

Accept the award under the condition that any proceeds go to charity.

c.

Inform audit management and ask for direction on whether to accept the gift.

d.

Decline the gift and advise the division manager's superior.

2

CIA Part 1 Mock Exam 6. If a department's operating standards are vague and thus subject to interpretation, an auditor should: a.

Seek agreement with the departmental manager as to the criteria needed to measure operating performance.

b.

Determine best practices in the area and use them as the standard.

c.

Interpret the standards in their strictest sense because standards are otherwise only minimum measures of acceptance.

d.

Omit any comments on standards and the department's performance in relationship to those standards, because such an analysis would be inappropriate.

7.

In which of the following would an internal auditor potentially lack objectivity?

a.

The internal auditor reviews the procedures for a new electronic data interchange (EDI) connection to a major customer before it is implemented.

b.

A former purchasing assistant performs a review of the internal controls over purchasing four months after being transferred to the internal audit activity (IAA).

c.

An internal auditor recommends standards of control and performance measures for a contract with a service organization for a processing of payroll and employee benefits.

d.

A payroll accounting employee assists an internal auditor in verifying the physical inventory of small motors.

8. Which of the following would not be considered a stated purpose of the IIA (as listed in the organization’s articles of incorporation)? a.

To cultivate, promote, and disseminate knowledge and information concerning internal auditing and subjects related to internal auditing.

b.

To establish and maintain high standards of integrity, honor, and character among internal auditors.

c.

To publish the technical journal, The Internal Auditor.

d.

To promote social intercourse among the IIA’s members.

9.

An auditor’s objectivity could be compromised in all of the following situations except:

a.

A conflict of interest.

b.

Auditee familiarity with auditor due to lack of rotation in assignment.

c.

Auditor assumption of operational duties on a temporary basis.

d.

Reliance on outside expert opinion when appropriate.

10. An auditor, nearly finished with an engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive but performs no further follow-up. The auditor's actions would: a.

Be in violation of the IIA Code of Ethics for withholding meaningful information.

b.

Be in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud.

c.

Not be in violation of either the IIA Code of Ethics or Standards.

d.

Both a and b.

3

CIA Part 1 Mock Exam 11. A specific objective of an audit of a company's expenditure cycle is to determine if all goods paid for have been received and charged to the correct account. This objective would address which of the following primary objectives identified in the Standards? I.

Reliability and integrity of financial and operational information.

II.

Compliance with laws, regulations, and contracts.

III.

Effectiveness and efficiency of operations.

IV.

Safeguarding of assets.

a.

I and II only.

b.

I and IV only.

c.

I, II, and IV only.

d.

II, III, and IV only.

12.

Independence is most likely impaired by an internal auditor’s:

a.

Continuation on an engagement at a division for which (s)he will soon be responsible as the result of a promotion.

b.

Reduction of the scope of an engagement due to budget restrictions.

c.

Participation on a task force that recommends standards for control of a new distribution system.

d.

Review of a purchasing agent’s contract drafts prior to their execution.

13. One of the purposes of the Standards for the International Professional Practice of Internal Auditing as stated in the Introduction to the current version of the Standards is to: a.

Encourage the professionalization of internal auditing.

b.

Establish the independence of the internal audit activity and emphasize the objectivity of internal auditing.

c.

Encourage external auditors to make more extensive use of the work of internal auditors.

d.

Establish the basis for evaluating internal auditing performance.

14. The Standards require that the chief audit executive (CAE) seek the approval of management and the board of a formal, written internal audit charter. The purpose of the internal audit charter is to: a.

Protect the internal auditing activity from outside influence.

b.

Establish the purpose, authority, and responsibility of the internal auditing activity.

c.

Define the internal auditor’s relationship with the external auditor.

d.

Define the role of the chief audit executive as a member of the audit committee.

15. The best means for the internal auditing activity to determine whether its goal of implementing broader audit coverage of functional activities has been met is through: a.

Accumulation of audit findings by auditable area.

b.

Comparison of the audit plan to actual audit activity.

c.

Surveys of management satisfaction with the internal audit activity.

d.

Implementation of a quality assurance and improvement program.

4

CIA Part 1 Mock Exam 16. Quality program assessments may be performed internally or externally. A distinguishing feature of an external assessment is its objective to: a.

Provide independent assurance.

b.

Set forth the recommendations for improvement.

c.

Determine whether internal auditing services meet professional standards.

d.

Identify tasks that can be performed better.

17. During an engagement to evaluate the organization’s accounts payable function, an internal auditor plans to confirm balances with suppliers. What is the source of authority for such contacts with units outside the organization? a.

Internal audit activity policies and procedures.

b.

The Standards.

c.

The Code of Ethics.

d.

The internal audit activity’s charter.

18.

External assessment of an internal audit activity is not likely to evaluate:

a.

The tools and techniques employed by the internal audit activity.

b.

Detailed cost-benefit analysis of the internal audit activity.

c.

Compliance with the Standards for the International Professional Practice of Internal Auditing.

d.

Adherence to the internal audit activity’s charter.

19. During an internal audit, the internal auditor should exercise due professional care. Due professional care means that the internal auditor should consider: I.

The extent of work needed to achieve the engagement’s objectives.

II.

The relative complexity and materiality to which assurance procedures are applied.

III.

The probability of significant errors, irregularities, or noncompliance.

IV.

The engagement procedures necessary to ensure that all significant risks have been identified.

a.

I and II only.

b.

I, II and IV only.

c.

I, II, III and IV.

d.

I, II and III only.

20. According to the Standards, internal auditors are able to provide both assurance and consulting services. Which of the following would be considered consulting services? I.

Compliance engagements.

II.

Facilitation engagements.

III.

Training engagements.

IV.

Process design engagements.

a.

I and II only.

b.

I, II and III only.

c.

II, III and IV only.

d.

I, II, III and IV.

5

CIA Part 1 Mock Exam 21. The chief audit executive (CAE) routinely presents an activity report to the board as part of the board meeting agenda each quarter. Senior management has asked to review this presentation before each board meeting so that any issues or questions can be discussed beforehand. The CAE should: a.

Provide the activity report to senior management as requested and discuss any issues that may require action to be taken.

b.

Provide information to senior management that pertains only to completed engagements and observations available in published engagement communications.

c.

Disclose to the board only those matters in the activity report that pertain to expenditures and financial budgets of the internal audit activity.

d.

Withhold disclosure of the activity report to senior management because such matters are the sole province of the board.

22.

Internal auditors need have an understanding with respect to which discipline?

a.

Internal auditing procedures and techniques.

b.

Accounting principles and techniques.

c.

Management principles.

d.

Marketing techniques.

23. If a department outside of the internal audit activity (IAA) is responsible for reviewing a function or process, the internal auditor should: a.

Consider the work of the other department when assessing the function or process.

b.

Ignore the work of the other department and proceed with an independent audit.

c.

Reduce the scope of the audit since the work has already been performed by the other department.

d.

Yield the responsibility for assessing the function or process to the other department.

24. Which of the following represent(s) appropriate internal audit action in response to the risk assessment process? a.

The low-risk areas may be delegated to the external auditor, but the high-risk areas should be performed by the internal audit activity.

b.

The high-risk areas should be integrated into an engagement work schedule along with the high-priority requests of senior management and the audit committee.

c.

The risk analysis should be used in determining an annual engagement work schedule; therefore, the risk analysis should be performed only on an annual basis.

d.

All are appropriate actions to be taken by the internal audit activity.

25. Independence from outside pressure is an important factor for the internal audit activity (IAA) to work freely and objectively. Which of the following contributes to the internal auditor’s independence? a.

Management should assist the IAA by reviewing, revising and forwarding engagement communications to the audit committee.

b.

The IAA reports directly to the audit committee, without corroborating engagement communications with management.

c.

Ideally, the IAA functionally reports to the audit committee but reports to the chief operating officer on all engagements relating to operations.

d.

The accuracy of the engagement communications should be verified with management, and the IAA should then report to management and the audit committee.

6

CIA Part 1 Mock Exam 26. Internal audit activity (IAA) policies and procedures should be established to guide the IAA and the individual auditors in their work. Which of the following statements is true with respect to this requirement? a.

A small IAA may be managed informally through close supervision and written memos.

b.

The form and content of written policies and procedures should be the same for all IAAs.

c.

All IAAs should have a detailed policies and procedures manual.

d.

All of the statements above are true.

27. Using the internal audit activity to coordinate regulatory examiners’ efforts is beneficial to the organization because internal auditors can: a.

Influence the regulatory examiners’ interpretation of law to match corporate practice.

b.

Recommend changes in scope to limit bias by the regulatory examiners.

c.

Perform fieldwork for the regulatory examiners and thus reduce the amount of time regulatory examiners are on-site.

d.

Supply evidence of adequate compliance testing through internal audit working papers and reports.

28. Supervision of the work of internal auditors should be carried out continually. Which of the following statements regarding supervision is (are) true? I.

“Continually” indicates that supervision should be performed throughout the engagement.

II.

Supervision should also be extended to training, time reporting, and expense control.

III.

The extent of supervision needs to be documented.

a.

II only.

b.

I only.

c.

I and III only.

d.

I, II, and III.

29. Which of the following statements is true regarding coordination of internal and external auditing efforts? a.

The CAE should determine that appropriate follow-up and corrective action was taken by management when required regarding matters discussed in the external auditor's management letter.

b.

If internal auditors provide assistance to the external auditors in connection with the annual audit, such assistance is not subject to the Standards.

c.

Ownership and the confidentiality of the external auditor's working papers prohibit their review by internal auditors.

d.

The CAE should not give information about illegal acts to an external auditor because external auditors may be required to report the matter to the board or regulatory agencies.

7

CIA Part 1 Mock Exam 30.

The Standards require that internal auditors possess which of the following skills?

I.

Internal auditors should understand human relations and be skilled in dealing with people.

II.

Internal auditors should be able to recognize and evaluate the materiality and significance of deviations from good business practices.

III.

Internal auditors should be experts on subjects such as economics, commercial law, taxation, finance, and information technology.

IV.

Internal auditors should be skilled in oral and written communication.

a.

I and II only.

b.

I, II and III only.

c.

I, II, III and IV.

d.

I, II and IV only.

31. You were appointed the chief audit executive (CAE) of an organization one week ago. An engagement client has come to you complaining vigorously that one of your internal auditors is taking up an excessive amount of the client’s time on an engagement that seems to be lacking a clear purpose. In handling this conflict with the client, you should consider: a.

Promising the client that you will have the internal auditor finish the work within 1 week.

b.

Whether existing procedures within the internal audit activity provide for proper planning and quality assurance.

c.

Presenting an immediate defense of the internal auditor based upon currently known facts.

d.

Discounting what is said, but documenting the complaint.

32.

A chief audit executive (CAE) is reviewing the following enterprise-wide risk map: I

LIKELIHOOD

M P A C T

Remote Critical

Possible Risk B

Major Minor

Probable

Risk D Risk A

Risk C

If the CAE prioritizes probable risks higher than possible risks, regardless of how critical they are, what would be the correct prioritization of risks? a.

Risk B, Risk D, Risk C, Risk A.

b.

Risk A, Risk C, Risk B, Risk D.

c.

Risk D, Risk B, Risk C, Risk A.

d.

Risk D, Risk C, Risk B, Risk A.

8

CIA Part 1 Mock Exam 33. The chief audit executive (CAE) plans to meet with the external auditor to discuss joint efforts regarding an upcoming external audit of the organization's pension plan. The external auditor has performed all external audit work in this area in the past. The CAE's objective is to: a.

Ascertain which account balances have been tested by the external auditor so that the internal auditors may test the internal controls to determine the reliability of these balances.

b.

Coordinate the external audit so as to fulfill professional responsibilities and not duplicate work of the external auditor.

c.

Determine whether the external auditor's techniques, methods, and terminology should be used by internal auditors in this area to conform with past work or to use techniques consistent with those used by other internal auditors.

d.

Determine whether work in this area could not be performed exclusively by the internal auditors.

34.

According to the Standards, the internal audit activity’s goals should specify:

a.

Policies and procedures to guide the internal audit staff.

b.

Engagement work schedules and activities to be reviewed.

c.

Measurement criteria and target dates for completion.

d.

Staffing plans and financial budgets.

35. The internal audit activity (IAA) of a large corporation has established its operating plan and budget for the coming year. The operating plan is restricted to the following categories: a prioritized listing of all engagements, staffing, a detailed expense budget, and the commencement date of each engagement. Which of the following best describes the major deficiency of this operating plan? a.

Requests by management for special projects are not considered.

b.

Opportunities to achieve operating benefits are ignored.

c.

Measurability criteria and targeted dates of completion are not provided.

d.

Knowledge, skills, and disciplines required to perform work are ignored.

36. You are the chief audit executive (CAE) of a heavily regulated institution. Based on the nature of your company’s business, federal agency auditors frequently do compliance testing. Because of the severity of penalties if deemed not to be in compliance, the internal audit activity (IAA) performs its own compliance testing. Recently, the IAA completed a compliance audit. To place reliance on the work performed, the regulatory auditors requested copies of the working papers. What is the most appropriate response to the regulatory auditors? a.

Provide copies of the working papers.

b.

Refuse to provide the working papers under any circumstances.

c.

Ask senior management and/or the board for permission to release the working papers.

d.

Ask your company’s audit firm to release the working papers.

9

CIA Part 1 Mock Exam 37. The internal audit activity should contribute to the organization’s governance process by evaluating the processes through which: I.

Ethics and values are promoted.

II.

Effective organizational performance management and accountability are ensured.

III.

Risk and control information is communicated.

IV.

Activities of the external and internal auditors and management are coordinated.

a.

I only.

b.

I and II only.

c.

I, II and III only.

d.

I, II, III and IV.

38. Which of the following best describes an internal auditor’s purpose in reviewing the organization’s existing risk management, control and governance processes? a.

To help determine the nature, timing, and extent of tests necessary to achieve engagement objectives.

b.

To ensure that weaknesses in the internal control system are corrected.

c.

To provide reasonable assurance that the processes will enable the organization’s objectives and goals to be met efficiently and economically.

d.

To determine whether the processes ensure that the accounting records are correct and that financial statements are fairly stated.

39. Periodic external assessments of an internal audit activity's quality assurance and improvement program should be undertaken. On completion of such an assessment, a formal report or other communication should be issued expressing an opinion as to the: a.

Adequacy of internal control.

b.

Effectiveness of the internal auditing coverage.

c.

Conformance with the internal audit activity's charter.

d.

Internal audit activity's compliance with the Standards.

40. During review of a construction contract, the chief audit executive (CAE) suspects that a construction company was given an unfair advantage in bidding on the contract. After learning that the chief executive officer (CEO) of the company is a member of the construction company’s board of directors, how should the CAE proceed? a.

Submit a draft report to senior management, excluding the CEO.

b.

Contact the organization’s external auditors for assistance.

c.

Obtain supporting documentation and present the finding to the chairperson of the audit committee.

d.

Immediately notify the board of directors.

41.

Of the following activities, which ones are within the scope of internal auditing?

I.

To assess an operating department's effectiveness in achieving stated organizational goals.

II.

To safeguard assets.

III.

To evaluate controls over compliance with laws and regulations.

IV.

To ascertain the extent to which objectives and goals have been established.

10

CIA Part 1 Mock Exam a.

I and III only.

b.

I and IV only.

c.

I, III and IV only.

d.

I, II and IV only.

42.

Which of the following represents the best governance structure? Executive Management

Board and Audit Committee

a.

Responsibility for risk

Oversight role

Advisory role

b.

Oversight role

Responsibility for risk

Advisory role

c.

Responsibility for risk

Advisory role

Oversight role

d.

Oversight role

Advisory role

Responsibility for risk

43.

Internal Auditing

Assessments of the performance of the organization’s external auditors should:

a.

Be carried out only when the external auditor is appointed.

b.

Not include any participation by the internal audit activity.

c.

Include the internal audit activity only when the external auditor is appointed.

d.

Include the internal audit activity at the time of the appointment and regularly thereafter.

44. Contingency plans for information systems should include appropriate backup agreements. Which of the following arrangements would be considered too vendor-dependent when vital operations require almost immediate availability of computer resources? a.

A ‘hot site’ arrangement.

b.

A ‘cold site’ arrangement.

c.

A ‘cold and hot site’ combination arrangement.

d.

Using excess capacity at another data center within the organization.

45. A new chief audit executive (CAE) for a major retail company is questioning the audit activity’s extensive use of store compliance testing, stating that the approach is not responsive to materiality concepts. Which of the following statements are valid in response to the CAE’s claims? I.

Materiality is not based only on the size of individual stores; it is also based on the control structure that affects the whole organization.

II.

Any deviation from a prescribed control procedure is, by definition, material.

III. The only way to ensure that a material amount of the company’s control structure is reviewed is to comprehensively audit all stores.

a.

I only.

b.

III only.

c.

I and II only.

d.

I, II and III.

11

CIA Part 1 Mock Exam 46. Which of the following is the best means of aiding an internal audit activity (IAA) in determining whether its goals are being met? a.

Having external auditors review and evaluate the work of the internal audit activity.

b.

Having the board periodically review the quality of the internal audit activity's work.

c.

Developing measurement criteria to accompany its goals.

d.

Scheduling an external assessment every 3 years.

47.

The interpretation related to quality assurance given by the Standards is that:

a.

The IAA is primarily measured against the Institute's Code of Ethics.

b.

External assessments can provide senior management and the board with independent assurance about the quality of the IAA.

c.

Continual supervision is limited to the planning, examination, evaluation, communication, and follow-up process.

d.

Appropriate follow-up to an external assessment is the responsibility of the chief audit executive's immediate supervisor.

48.

The consultative approach to internal auditing emphasizes:

a.

Participation with engagement clients to improve methods.

b.

Imposition of corrective measures.

c.

Fraud investigation.

d.

Implementation of policies and procedures.

49. As part of the process to improve internal auditor-engagement client relations, it is very important to deal with how the internal audit activity is perceived. Certain types of attitudes in the work performed will help create these perceptions. From a management perspective, which attitude is likely to be the most conducive to a positive perception? a.

Interrogatory.

b.

Investigative.

c.

Consultative.

d.

Objective.

50. Procedures describing how the supervisory review of staff auditors will be accomplished should be fully documented so that the internal audit activity will: a.

Have a basis for promotions, pay raises, or disciplinary actions, if required.

b.

Have substantiation of its quality program.

c.

Comply with the Standards.

d.

Have a consistent framework for evaluating staff performance.

12

CIA Part 1 Mock Exam 51. A CIA, working as the purchasing director, signs a contract to procure a large order from the supplier with the best price, quality, and performance. Shortly after signing the contract, the supplier presents the CIA with a gift of significant monetary value. Which of the following statements regarding the acceptance of the gift is correct? a.

Acceptance of the gift would be prohibited only if it were non-customary.

b.

Acceptance of the gift would violate the IIA Code of Ethics and would be prohibited from a CIA.

c.

Since the CIA is not acting as an internal auditor, acceptance of the gift would be governed only by the organization’s code of conduct.

d.

Since the contract was signed before the gift was offered, acceptance of the gift would not violate either the IIA Code of Ethics or the organization’s code of conduct.

52. A review of an organization’s code of conduct revealed that it contained comprehensive guidelines designed to inspire high levels of ethical behavior. The review also revealed that employees were knowledgeable of its provisions. However, some employees still did not comply with the code. What element should a code of conduct contain to enhance its effectiveness? a.

Periodic review and acknowledgment by all employees.

b.

Employee involvement in its development.

c.

Public knowledge of its contents and purpose.

d.

Provisions for disciplinary action in the event of violations.

53. Which of the following statements is not appropriate to include in a manufacturer’s conflict of interest policy? An employee shall not: a.

Accept money, gifts, or services from a customer.

b.

Participate (directly or indirectly) in the management of a public agency.

c.

Borrow from or lend money to vendors.

d.

Use organizational information for private purposes.

54. An internal auditor, during the course of evaluating the policies & procedures for capitalizing fixed assets, uncovered some information that indicated that management had capitalized some general maintenance costs that should have been expensed. The amount is considered to be material. If the internal auditor failed to disclose this information to senior management or the Audit Committee, the internal auditor would be in violation of which rule of conduct? a.

Integrity.

b.

Objectivity.

c.

Confidentiality.

d.

Competence.

55. Which of the following concurrent occupations could appear to subvert the ethical behavior of an internal auditor? a.

Internal auditor and a well-known charitable organization’s local in-house chairperson.

b.

Internal auditor and part-time business insurance broker.

c.

Internal auditor and adjunct faculty member of a local business college that educates potential employees.

d.

Internal auditor and landlord of multiple housing that publicly advertise for tenants in a local community newspaper listing monthly rental fees.

13

CIA Part 1 Mock Exam 56. An internal auditor is conducting an audit of the use of corporate credit cards. Which of the following are major audit concerns regarding the use of credit cards? I.

Segregation of duties is insufficient.

II.

Enable purchases to be done more quickly.

III.

The credit cards may be used for personal benefit.

IV.

The company is required to make one large payment instead of many small ones.

a.

I and III only.

b.

II and IV only.

c.

III only.

d.

I, II, III, and IV.

57.

Which of the following are reasons to involve employees in the control self-assessment process?

I.

Employees become more motivated to do their jobs correctly.

II.

Employees are objective about their jobs.

III.

Employees can provide an independent assessment of internal controls.

IV.

Managers want feedback from their employees.

a.

I and II only.

b.

III and IV only.

c.

I and IV only.

d.

II and IV only.

58. Which of the following are true concerning responsibility for maintaining a sound system of internal control? I.

The board of directors are responsible for the company’s system of internal control.

II.

The role of management is to implement board policies on risk and control.

III.

All employees have some responsibility for internal control as part of their accountability for achieving objectives.

IV.

Internal auditing has the primary responsibility to establish and maintain the internal control system.

a.

I and II only.

b.

I, II and III only.

c.

II, III and IV only.

d.

I, II, III and IV.

59. In organizations where new product groups are often created, a structure that combines functional and product departmentalization and creates dual lines of authority would be optim al. The best structure for this organization would be: a.

Professional bureaucracy.

b.

Mechanistic.

c.

Matrix.

d.

Machine bureaucracy.

14

CIA Part 1 Mock Exam 60.

A control likely to prevent purchasing agents from favoring specific suppliers is:

a.

Requiring management's review of a monthly report of the totals spent by each buyer.

b.

Requiring buyers to adhere to detailed material specifications.

c.

Rotating buyer assignments periodically.

d.

Monitoring the number of orders placed by each buyer.

61. The results of an audit of cash controls indicated that the bookkeeper signed expense checks and reconciled the checking account. If the cash account reconciliations were current and no cash shortages were found, an internal auditor should conclude that the system of internal controls over: a.

Recording of cash receipts is adequate.

b.

Accounting for cash is inadequate.

c.

Reconciliations of the cash account are adequate.

d.

Physical safeguards of cash are adequate.

62.

Which of the following exemplifies an inherent limitation of internal control?

a.

A controller makes and records cash deposits.

b.

A security guard allows a warehouse employee to remove company property from the premises without authorization.

c.

The company sells to customers on credit without proper credit approval.

d.

An employee who is unable to read is assigned custody of the company’s tape library and run manuals.

63.

Which of the following is true of benchmarking?

a.

It is typically accomplished by comparing an organization’s performance with the performance of its closest competitors.

b.

It can be performed using either qualitative or quantitative comparisons.

c.

It is normally limited to manufacturing operations and production processes.

d.

It is accomplished by comparing an organization's performance to that of the best-performing organizations.

64. Which of the following controls would help an organization from ordering quantities in excess of the organization's needs? I.

User department supervisor reviews all purchase requisitions prior to submitting them to the purchasing department.

II.

Automatic reorder by the purchasing department when low inventory is indicated by the system.

III.

A policy requiring the accounts payable department to match the receiving report with the vendor’s invoice.

a.

I only.

b.

I and II only.

c.

I and III only.

d.

I, II and III.

15

CIA Part 1 Mock Exam 65. The receiving department maintains a purchase orders file. Purchase orders are kept in the file until goods are received. The main purpose of this control function is meant to ensure that: a.

Received goods are released to the appropriate department in a timely manner.

b.

Only approved shipments are accepted.

c.

Goods are accurately counted upon receipt.

d.

Goods are not stolen or lost after receipt.

66.

Which phrase best describes a risk-based control self-assessment process?

a.

Evaluating, updating, and streamlining selected control processes.

b.

Examining how well controls are working in managing key risks.

c.

Listing the risks that might prevent the achievement of an objective.

d.

Determining the cost-effectiveness of controls.

67. The cash receipts function should be separated from the related record-keeping function in an organization to: a.

Physically safeguard the cash receipts.

b.

Establish accountability when cash is first received.

c.

Prevent paying cash disbursements from cash receipts.

d.

Minimize undetected misappropriations of cash receipts.

68.

Which of the following is an example of an effectiveness measure?

a.

The rate of absenteeism.

b.

The goal of becoming a leading manufacturer.

c.

The number of insurance claims processed per day.

d.

The rate of customer complaints.

69. Budgets are generally classified as both planning documents and control devices. An important difference between the budget planning information needed and the budget control information needed is that planning information is more: a.

Likely to be generated using external data.

b.

Detailed.

c.

Likely to be quantifiable.

d.

Likely to be more accurate.

70. Appropriate internal control for a multinational corporation's branch office that has a monetary transfer unit requires that: a.

The individual who initiates wire transfers not reconcile the bank statement.

b.

The branch manager receives all wire transfers.

c.

Foreign currency rates are computed separately by two different employees.

d.

Corporate management approves the hiring of monetary transfer unit employees.

16

CIA Part 1 Mock Exam 71.

The following are steps in a typical control process.

1. Select the times or points at which to collect information about the activities that are being measured and controlled. 2. Set the standards. 3. Observe the process, or collect the samples. 4. Report any significant deviations or problems. 5. Review and revise the standards. 6. Record the information that was collected. 7. Implement whatever corrections to the system or processes are necessary. 8. Evaluate if the performance is satisfactory. What is the correct order of these steps? a.

2, 1, 6, 3, 8, 7, 4, 5.

b.

1, 2, 3, 6, 5, 7, 8, 4.

c.

2, 1, 3, 6, 8, 4, 7, 5.

d.

1, 3, 2, 6, 7, 5, 8, 4.

72. A warehouse employee of a retail company was able to conceal the theft of items of inventory by entering adjustments to the computer-based perpetual inventory records indicating that the items had been damaged or lost. The control that would have prevented the adjustments from being recorded is: a.

Including a check digit in the inventory part number.

b.

Requiring separate authorization for input of adjustment transactions.

c.

Including a parity check on the inventory part number.

d.

Providing an edit check for the validity of the inventory part number.

73. Which of the following internal control procedures would minimize the misuse of corporate credit cards? a.

Establishing a restrictive policy regarding the issuance of the cards.

b.

Reviewing the continued need for each card periodically.

c.

Reconciling the company's monthly credit card statements with cardholder charge slips.

d.

Subjecting credit card charges to the same controls applied to other expenses.

Use the following information to answer questions 74 and 76. The following information applies to an organization’s project. The numbers in the table are the expected times (in days) to perform each activity in the project. Activity

Time (days)

Immediate Predecessor

AB

6

None

AC

5

None

BE

6

AB

CD

2

AC

CE

5

AC

DF

6

CD

EF

2

CE

17

CIA Part 1 Mock Exam 74.

The expected time to complete the project is:

a.

13 days.

b.

11 days.

c.

14 days.

d.

18 days.

75. The process of adding resources to shorten selected activity times on the critical path in project scheduling is called: a.

Crashing.

b.

The Delphi technique.

c.

ABC analysis.

d.

A branch-and-bound solution.

76. If the company wanted to decrease the completion time by 1.5 days, the company should crash activity(ies): a.

AB and DF.

b.

AC.

c.

CE.

d.

AB and EF.

77.

Low standardization of procedures and encouraging innovation characterizes which of the following?

a.

Divisional structure.

b.

Adhocracy.

c.

Machine bureaucracy.

d.

Professional bureaucracy.

78. In which of the following types of leadership does the manager make the decision, but also take into account the opinions of the other members of the team or group? a.

Bureaucratic.

b.

Transformational.

c.

Participative.

d.

Consultative.

79.

Which of the following would not affect a company’s span of control?

a.

The size of the organization.

b.

The manager’s available time to supervise employees.

c.

The communication skill of the manager.

d.

The standardization of tasks to be performed.

18

CIA Part 1 Mock Exam 80. A manager is characterized as very cooperative but not very assertive. Which of the following behaviors will most likely be shown by this manager in conflict situations? a.

Avoiding.

b.

Competing.

c.

Compromising.

d.

Accommodating.

81. Internal auditors should develop and record a plan for each engagement. The planning process should include all the following except: a.

Establishing engagement objectives and scope of work.

b.

Obtaining background information about the activities to be reviewed.

c.

Identifying sufficient information to achieve engagement objectives.

d.

Determining how, when, and to whom the engagement results will be communicated.

82. a. b.

Which of the following would be considered a compliance objective for an organization’s payroll cycle? Employee’s timesheets are validated by an independent party. All employee benefits should be properly calculated and accrued (if not paid by the end of a period).

c.

The employer is deducting the correct amount for employee payroll taxes.

d.

Employees are receiving their wages at the rate agreed upon in their contract.

83. Which of the following is an appropriate objective in an engagement to review a personnel department? Determining whether: a.

Hourly employees are being paid only for hours actually worked as indicated by time cards or similar reports.

b.

An equitable training program exists that provides all employees with approximately the same amount of training each year.

c.

Reference checks of prospective employees are being performed.

d.

Recruitment is being delegated to the various departments that have personnel needs.

84. An internal auditor is reviewing the organization’s policy regarding investing in financial derivatives. The internal auditor normally expects to find all of the following in the policy except: a.

A statement indicating whether derivatives are to be used for hedging or speculative purposes.

b.

A specific authorization limit for the amount and types of derivatives that can be used by the organization.

c.

A specific limit on the amount authorized for any single trader.

d.

A statement requiring board review of each transaction because of the risk involved in such transactions.

85. During a preliminary survey of the accounts receivable function, an internal auditor discovered a potentially major control deficiency while preparing a flowchart. What immediate action should the internal auditor take regarding the weakness? a.

Perform sufficient testing to determine its cause and effect.

b.

Report it to the level of management responsible for corrective action.

c.

Schedule a separate engagement to evaluate that segment of the accounts receivable function.

d.

Highlight the weakness to ensure that procedures to test it are included in the engagement work program.

19

CIA Part 1 Mock Exam 86. In planning an engagement, an internal auditor should establish objectives to address the risk associated with the activity to be audited. Which of the following would be considered potential risks associated with payroll? I.

The company is paying payroll in excess of the time actually spent by employees.

II.

The company is making payroll payments to fictitious employees.

III.

The company is not adhering to applicable laws and regulations.

IV.

The company is properly reporting and disclosing its payroll expenses.

a.

I and II only.

b.

I, II and III only.

c.

I, III and IV only.

d.

I, II, III and IV.

87. Which of the following control agencies function in much the same way as internal auditing and should have their planned activities considered in developing engagement work schedules? a.

Security and purchasing.

b.

Security and maintenance.

c.

Production scheduling and safety.

d.

Quality control and industrial engineering.

88. The internal auditor-in-charge has just been informed of the next engagement, and the engagement team has been assigned. Select the appropriate phase for finalizing the engagement budget. a.

During formulation of the long-range plan.

b.

After the preliminary survey.

c.

During the initial planning meeting.

d.

After the completion of all fieldwork.

89. Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives. When determining the necessary resources needed to perform an engagement, which of following should the auditor consider? I.

The number and experience of the auditing staff.

II.

Knowledge, skills and other competencies of the auditing staff.

III.

Proper sampling technique.

IV.

Probability of errors, irregularities, noncompliance and other exposures.

a.

I and II only.

b.

I and IV only.

c.

II and III only.

d.

III and IV only.

20

CIA Part 1 Mock Exam 90. Engagement work programs should be developed at the beginning of the engagement work. Engagement work programs: I.

State the objectives of the engagement.

II.

Identify and document significant control deficiencies.

III.

Document the auditor’s procedures for collecting, analyzing, interpreting, and documenting information during the engagement.

IV.

State the nature and extent of the testing required to achieve the engagement objectives.

a.

I and II only.

b.

I and IV only.

c.

I, III and IV only.

d.

II, III and IV only.

91. An internal auditor determines that actual procedures differ from prescribed control procedures. The internal auditor should: I.

Require operating personnel to conform to prescribed procedures.

II.

Document the discrepancies and make any appropriate recommendations to management.

III.

Expand all aspects of the engagement to determine other differences from prescribed procedures.

IV.

Modify the engagement work program as warranted by the differences noted.

a.

I and III.

b.

II and III.

c.

I and IV.

d.

II and IV.

92. Of the many tools available to assist an internal auditing supervisor, which of the following would be of least assistance in the supervision of a specific engagement? a.

Assignment board.

b.

Time budget.

c.

Weekly status report.

d.

Time report.

93. An auditor traces individual time tickets to the payroll cost distribution, and also traces totals from the payroll cost distribution to the various work-in-process accounts. If no exceptions are found, this procedure constitutes evidence that: a.

The work-in-process accounts have not been padded by the inclusion of unsupported payroll costs.

b.

Individual time tickets have been properly authorized.

c.

Payroll costs have been accurately distributed to work-in-process accounts.

d.

Employees have been paid only for time actually worked.

21

CIA Part 1 Mock Exam 94. During review of purchasing operations, an auditor found that procedures in use did not agree with stated company procedures. However, audit tests revealed that the procedures in use represented an increase in efficiency and a decrease in processing time, without a discernible decrease in control. The auditor should: a.

Report the lack of adherence to documented procedures as an operational deficiency.

b.

Develop a flowchart of the new procedures and include it in the report to management.

c.

Report the change and suggest that the change in procedures be documented.

d.

Suspend the completion of the engagement until the engagement client documents the new procedures.

95. Underlying accounting data is information that is part of the accounting system. This includes the original documents, journals, ledgers, supporting information and the output from the accounting systems. Is this type evidence sufficient to support an internal auditor’s conclusion? a.

Yes, because this is the most competent type of evidence.

b.

No, because this type of evidence is internally generated and thus, not the most competent.

c.

Yes, because this type of evidence is conclusive evidence.

d.

No, because this type of evidence is externally generated and thus not the most competent.

96. Which of the following best describes an auditor's responsibility after noting some indicators of fraud? a.

Expand activities to determine whether an investigation is warranted.

b.

Report the possibility of fraud to top management and ask how to proceed.

c.

Consult with external legal counsel to determine the course of action to be taken.

d.

Report the matter to the audit committee and request funding for outside specialists to help investigate the possible fraud.

Use the following information to answer questions 97 and 98. The manager of a production line has the authority to order and receive replacement parts for all machinery that require periodic maintenance. The internal auditor received an anonymous tip that the manager ordered substantially more parts than were necessary from a family member in the parts supply business. The unneeded parts were never delivered. Instead, the manager processed receiving documents and charged the parts to machinery maintenance accounts. The payments for the undelivered parts were sent to the supplier, and the money was divided between the manager and the family member. 97.

Which of the following internal controls would have most likely prevented this fraud from occurring?

a.

Establishing predefined spending levels for all vendors during the bidding process.

b.

Segregating the receiving function from the authorization of parts purchases.

c.

Comparing the bill of lading for replacement parts to the approved purchase order.

d.

Using the company’s inventory system to match quantities requested with quantities received.

98. Which of the following tests would best assist the auditor in deciding whether to investigate this anonymous tip further? a.

Comparison of the current quarter’s maintenance expense with prior-period activity.

b.

Physical inventory testing of replacement parts for existence and valuation.

c.

Analysis of repair parts charged to maintenance to review the reasonableness of the number of items replaced.

d.

Review of a test sample of parts invoices for proper authorization and receipt.

22

CIA Part 1 Mock Exam 99. Which of the following fraudulent entries is most likely to be made to conceal the theft of an asset? a.

Debit expenses, and credit the asset.

b.

Debit the asset, and credit another asset account.

c.

Debit revenue, and credit the asset.

d.

Debit another asset account, and credit the asset.

100. Which of the following would not be considered a condition that indicates a higher likelihood of fraud? a.

Management has delegated the authority to make purchases under a certain dollar limit to subordinates.

b.

An individual has held the same cash-handling job for an extended period without any rotation of duties.

c.

An individual handling marketable securities is responsible for making the purchases, recording the purchases, and reporting any discrepancies and gains/losses to senior management.

d.

The assignment of responsibility and accountability in the accounts receivable department is not clear.

END OF PART I EXAM

23

CIA Part 1 Mock Exam

24

Solutions for Part 1 Internal Audit Role in Governance, Risk, & Control The solutions and suggested explanations for Part 1 of the Certified Internal Auditor Model Exam are provided on the following pages.

The chart below cross-references the question numbers for Part 1 with the topics tested:

Topic Tested

Question Number

The IIA’s Attribute Standards, Risk Management & Governance

1 – 50

Code of Ethics

51 – 55

Control

56 – 80

Planning the Engagement

81 – 95

Fraud

96 - 100

25

CIA Part 1 Mock Exam Answers 1. Solution: b a.

Incorrect. The internal audit charter defines the necessary authorities and responsibilities.

b.

Correct. The internal audit manual and annual audit plan help in determining the resource requirements.

c.

Incorrect. The internal audit charter defines the role and responsibility of the internal audit activity and acts as a benchmark for evaluating the audit function.

d.

Incorrect. The internal audit charter should be approved by senior management and the board.

2. Solution: d a.

Incorrect. The Standards do not require internal auditors to ensure compliance with reporting procedures.

b.

Incorrect. There is no expected match of fund flows with expense items in a single time period.

c.

Incorrect. This would be the function of the personnel and/or finance departments.

d.

Correct. Internal auditors are responsible for identifying inadequate controls, for appraising managerial effectiveness, and the pinpointing common risks.

3. Solution: c a.

Incorrect. This would seldom be a long-range topic.

b.

Incorrect. This would rarely be a long-range concern.

c.

Correct. This would be a long-range planning topic because it affects the company’s market position, which entails long-term consideration.

d.

Incorrect. This is a certainly a concern, but usually is not for long-range planning.

4. Solution: a a.

Correct. The purpose, authority, and responsibility of the IAA should be formally defined in the charter, which is approved by management and the board.

b.

Incorrect. Adoption of policies helps guide the internal auditing staff, but with its status.

c.

Incorrect. The establishment of the audit committee does not ensure the status of the IAA without its involvement in matters such as acceptance of the charter.

d.

Incorrect. Written policies and procedures serve to guide the internal auditing staff, not to protect the IAA’s status.

5. Solution: c a.

Incorrect. Audit management should always be informed concerning any such offers.

b.

Incorrect. Audit management should always be informed concerning any such offers.

c.

Correct. Audit management should be consulted for guidance.

d.

Incorrect. This could erode the audit function's relationship with the division in question. Audit management should first be informed and consulted for guidance.

6. Solution: a a.

Correct. Based on Implementation Standard 2210.A3, if control criteria are inadequate, then internal auditors must work with management to develop appropriate evaluation criteria.

b.

Incorrect. The auditor should seek to understand the operating standards as they are applied to the organization. Also, best practices may produce overly high standards.

26

CIA Part 1 Mock Exam Answers c.

Incorrect. The Standards state that if internal auditors must interpret standards, they should seek agreement with the engagement client.

d.

Incorrect. The auditor should first seek to gain an understanding with the departmental manager on the appropriate standards.

7. Solution: b a.

Incorrect. Objectivity is not impaired when the internal auditor reviews procedures before they are implemented.

b.

Correct. According to the Standards, persons transferred to the internal audit activity (IAA) should not be assigned to audit those activities they previously performed until a reasonable period of time (at least one year) has elapsed.

c.

Incorrect. The internal auditor’s objectivity is not adversely affected when the auditor recommends standards of control for systems before they are implemented. This is in fact what the internal auditor should do.

d.

Incorrect. The use of staff from other areas to assist the internal auditor does not impair objectivity, especially when the staff is from outside the area being audited.

8. Solution: c a.

Incorrect. This is part of The IIA’s stated purpose.

b.

Incorrect. This is part of The IIA’s stated purpose.

c.

Correct. According to the articles of incorporation, the objectives of The IIA are: (1) to cultivate, promote, and disseminate knowledge and information concerning internal auditing and subjects related to internal auditing; (2) to establish and maintain high standards of integrity, honor, and character among internal auditors; (3) to promote social intercourse among its members; (4) to furnish information regarding internal auditing and the practice and methods thereof to its members, to other persons interested therein, and to the general public, and (5) to cause the publication of articles related to internal auditing and practices and methods thereof; and others (review all of the stated objectives). Publishing the technical journal, The Internal Auditor, is a method to promote the professionalism of internal auditing, but it is not a specific stated purpose.

d.

Incorrect. This is part of The IIA’s stated purpose.

9. Solution: d a.

Incorrect. A conflict of interest could compromise the internal auditor’s objectivity.

b.

Incorrect. The auditor’s familiarity with the auditee could compromise the internal auditor’s objectivity.

c.

Incorrect. Assuming operational duties could compromise the auditor’s objectivity if the auditor had to then perform an engagement of the operation.

d.

Correct. It is highly likely that an auditor at some time will have to rely on the opinion of an outside expert.

10. Solution: c a.

Incorrect. The auditor is not withholding information because the information has been forwarded to the CAE. The information may be useful in a subsequent engagement in the marketing area.

b.

Incorrect. The auditor has documented a red flag that may be important in a subsequent engagement. This does not violate the Standards.

c.

Correct. There is no violation of either the Code of Ethics or the Standards.

d.

Incorrect. There is no violation of either the Code of Conduct or the Standards.

27

CIA Part 1 Mock Exam Answers 11. Solution: b I.

Correct. According to Implementation Standard 2120.A1: "The internal audit activity should evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the: §

Reliability and integrity of financial and operational information.

§

Effectiveness and efficiency of operations.

§

Safeguarding of assets.

§

Compliance with laws, regulations, and contracts."

The specific engagement objective of determining if goods are charged to the appropriate account would address the objective regarding the reliability and integrity of information. II. Incorrect. The specific engagement objective described does not address compliance. III. Incorrect. The specific engagement objective described may address effectiveness of operations but does not address efficiency. IV. Correct. The specific engagement objective of determining if all goods paid for have been received would address the objective regarding safeguarding of assets.

12. Solution: a a.

Correct. When the IAA or individual internal auditor is responsible for, or management is considering assigning, an operation that it might audit, the internal auditor’s independence and objectivity may be impaired.

b.

Incorrect. Budget restrictions do not constitute impairment of an engagement.

c.

Incorrect. It is acceptable for the internal auditor to recommend standards of control, but the internal auditor is not able to design, install or draft procedures. These functions may impair the internal auditor’s objectivity.

d.

Incorrect. It is acceptable for the internal auditor to review contracts prior to their execution.

13. Solution: d a.

Incorrect. The professionalization of internal auditing is important, but it is not one of the purposes of the Standards.

b.

Incorrect. Independence and objectivity are aspects of the internal audit activity, but not one of the purposes of the Standards.

c.

Incorrect. This is not one of the purposes of the Standards.

d.

Correct. According to the IIA, the Standards are intended to: (1) State basic principles for the practice of internal auditing; (2) Provide a framework for performing and promoting value added internal audit activities; (3) Establish the basis for evaluating internal auditing performance; and (4) Improve organizational processes and operations.

14. Solution: b a.

Incorrect. The IAA charter does not protect the IAA from outside influence.

b.

Correct. The purpose, authority and responsibility of the IAA must be formally defined in the charter.

c.

Incorrect. The IAA charter does not define the relationship between the internal and external auditors.

d.

Incorrect. The CAE should not, under any circumstance, be a member of the audit committee.

28

CIA Part 1 Mock Exam Answers 15. Solution: d a.

Incorrect. This will not help the CAE understand whether any specific IAA goal is being met.

b.

Incorrect. Comparing the audit plan with actual audit activity will not help in determining whether any specific IAA goal is being met.

c.

Incorrect. Surveys of management satisfaction will only tell the IAA how management feels about the services provided by the IAA and not whether any specific IAA goal is being accomplished.

d.

Correct. The best way to assist the CAE in determining whether its goal of implementing broader audit coverage of functional activities is through the implementation of a quality assurance and improvement program (QAIP). The QAIP evaluates and analyzes the effectiveness and efficiency of IAA operations, which has to do with understanding whether stated IAA goals and objectives are being achieved.

16. Solution: a a.

Correct. External assessments of an IAA should appraise and express an opinion as to the IAA’s compliance with the Standards for the International Professional Practice of Internal Auditing and, as appropriate, should include recommendations for improvement. External assessment should be conducted at least once every five years (PA 1312-1).

b.

Incorrect. It will be the internal assessment that will provide recommendations for improvement.

c.

Incorrect. It will be the internal assessment that will determine whether internal auditing services meet professional standards.

d.

Incorrect. It will be the internal assessment that will identify tasks that can be performed better.

17. Solution: d a.

Incorrect. Policies and procedures provide guidance, but will not be the source of authority.

b.

Incorrect. The authority of the internal audit activity is detailed in the charter and approved by the board.

c.

Incorrect. The Code of Ethics is the means of promoting an ethical culture in the internal auditing profession.

d.

Correct. The purpose, authority and responsibility of the internal audit activity should be defined in the charter. The charter should establish the internal audit activity’s position within the organization; authorize access to records, personnel, and physical properties relevant to the performance of engagements; and define the scope of internal audit activities (PA 1000-1).

18. Solution: b a.

Incorrect. The tools and techniques employed by the IAA would be within the broad scope of coverage of the external assessment.

b.

Correct. The external assessment should consist of a broad scope of coverage that includes: (1) Conformance with the Definition of Internal Auditing, Standards, The Code of Ethics and the internal audit activity’s charter, plans, policies, procedures, practices, and applicable legislative and regulatory requirements; (2) the expectations of the IAA expressed by the board, executive management and operational managers; (3) the integration of the IAA into the organization’s governance process, including the relationships between and among the key groups involved in the process; (4) tools and techniques employed by the IAA; (5) the mix of knowledge, experience, and disciplines within the staff, including staff focus on process improvement; and (6) the determination as to whether or not the IAA adds value and improves the organization’s operations (PA 1312-1.10). A detailed cost-benefit analysis of the IAA would not be part of the external assessment.

c.

Incorrect. Compliance of the Standards for the International Professional Practice of Internal Auditing is within the broad scope of coverage of the external assessment.

d.

Incorrect. Adherence with the IAA’s charter is within the broad scope of coverage of the external assessment.

29

CIA Part 1 Mock Exam Answers 19. Solution: d a.

Incorrect. Items I and II are correct.

b.

Incorrect. Items I and II are correct. However, item IV is not correct. Engagement procedures, even exercised with due professional care, cannot guarantee that all significant risks will be identified.

c.

Incorrect. Items I, II and III are correct. Item IV is not correct. Engagement procedures, even exercised with due professional care, cannot guarantee that all significant risks will be identified.

d.

Correct. Only items I, II and III are correct. The internal auditor can only provide reasonable assurance that significant risks will be identified, not a guarantee.

20. Solution: c a.

Incorrect. A compliance engagement.

b.

Incorrect. A engagement.

c.

Correct. Process design, facilitation and training are examples of consulting services.

d.

Incorrect. A process design engagement would be an assurance engagement, not consulting service .

facilitation

engagement

would

be

an

assurance

engagement,

not

consulting

engagement

would

be

an

assurance

engagement,

not

consulting

21. Solution: a a.

Correct. The CAE must report periodically (through activity reports) to senior management and the board on the IAA’s purpose, authority, responsibility, and performance relative to its plan. The reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board (Standard 2060).

b.

Incorrect. Information submitted to senior management should not be limited to only to completed engagements and observations available in published engagement communications.

c.

Incorrect. The board should also be advised of any significant deviations from the engagement.

d.

Incorrect. Senior management should review the activity report.

22. Solution: c a.

Incorrect. The internal auditor needs to be proficient in the auditing procedures and techniques.

b.

Incorrect. The internal auditor needs to have an appreciation of accounting principles and techniques.

c.

Correct. The internal auditor needs to have an understanding of management principles.

d.

Incorrect. Internal auditors generally don’t need to be proficient, or have an understanding, or appreciation of, marketing techniques.

23. Solution: a a.

Correct. Review and testing of the other department’s procedures may reduce necessary audit coverage of the function or process.

b.

Incorrect. Concentrating on the function or process might lead to a duplication of efforts.

c.

Incorrect. The internal auditor cannot rely on the work of others without verifying the results.

d.

Incorrect. The internal audit activity’s overall responsibility for assessing the function or process is not affected by the other department’s coverage.

30

CIA Part 1 Mock Exam Answers 24. Solution: b a.

Incorrect. Work with the external auditor should be coordinated in order to minimize duplication of work effort.

b.

Correct. Risk assessment is part of the planning process. Higher perceived risk areas are generally given higher priority than lower perceived risk areas. Requests by senior management, the audit committee, and the governing body are also considered in establishing engagement work schedule priorities.

c.

Incorrect. Risk analysis should be performed anytime there is a change in the work environment.

d.

Incorrect. Only (b) is correct.

25. Solution: d a.

Incorrect. Engagement communications would go direct to the audit committee, not forwarded by management.

b.

Incorrect. Engagements communications should also communicated with management.

c.

Incorrect. Ideally, the CAE would administratively report to the CEO or high enough officer to maintain independence, and functionally to the audit committee or some other appropriate governing board. Under the ideal situation, all engagement communications are sent to the audit committee as well.

d.

Correct. Internal auditors should first discuss conclusions and recommendations with management so management is able to verify the accuracy of the engagement communications. Final engagement communications would then be sent to the audit committee.

26. Solution: a a.

Correct. A smaller IAA may be managed more informally through close supervision and written memos.

b.

Incorrect. The form and content of written policies and procedures should be appropriate to the size of the IAA.

c.

Incorrect. The form and content of written policies and procedures should be appropriate to the size and structure of the IAA and the complexity of its work (PA 2040-1).

d.

Incorrect. Only (a) is correct.

27. Solution: d a.

Incorrect. Internal auditors should not attempt to influence regulators’ interpretations of law.

b.

Incorrect. Internal auditors should not attempt to influence the scope of work of the regulatory examiners.

c.

Incorrect. Internal auditors should not perform fieldwork for regulatory examiners.

d.

Correct. Internal auditors have immediate access to working papers and reports, which can supply evidence of compliance testing to the regulatory examiners.

28. Solution: d (I, II and III only) I.

Correct. Supervision should be performed from beginning to end of the engagement.

II. Correct. Supervision should also be extended to training, time reporting, and expense control. III. Correct. The extent of supervision needs to be documented. Engagements should be properly supervised to ensure objectives are achieved, quality is assured, and staff is developed (Standard 2340). Supervision starts in the planning stages and continues all of the way through until the issuance of the report.

31

CIA Part 1 Mock Exam Answers 29. Solution: a a.

Correct. Matters discussed in presentation materials and included in management letters need to be understood by the CAE and used as input to internal auditors in planning the areas to emphasize in future internal audit work. After review of management letters and initiation of any needed corrective action by appropriate members of management and the board, the CAE should ensure that appropriate follow-up and corrective action have been taken (PA 2050-1.6).

b.

Incorrect. The Standards apply to all situations that the internal auditor is involved in.

c.

Incorrect. Internal and external auditors can have access to each other’s audit programs and working papers.

d.

Incorrect. The CAE has a responsibility to share all material information with the external auditors. Therefore, the information on illegal acts should be shared with the external auditor.

30. Solution: d (I, II and IV) I.

Correct. Internal auditors need to understand human relations and be skilled in dealing with people.

II. Correct. Internal auditors need to be able to understand what constitutes materiality and significance of deviations from good business practice. III. Incorrect. Internal auditors are not expected to be experts in a wide variety of fields related to their audit responsibilities. IV. Correct. Internal auditors should be skilled in oral and written communication.

31. Solution: b a.

Incorrect. Promising the client to have the internal auditor finish the work within one week without proper background information on the current engagement would jeopardize the authority of the CAE.

b.

Correct. In this situation the CAE would have a responsibility to review the existing procedures to determine whether the IAA had provided for proper planning and quality assurance. Not doing so would jeopardize the authority of the CAE.

c.

Incorrect. Presenting an immediate defense of the internal auditor could potentially harm future communications with the client. It also could jeopardize the authority of the CAE.

d.

Incorrect. The CAE has a responsibility to review the existing procedures to determine whether the IAA had provided for proper planning and quality assurance. But, the CAE also has a responsibility not to discard potentially valid complaints.

32. Solution: c a.

Incorrect. Risk D would take precedence over risk B, as it has a higher probability of occurring despite the lower impact.

b.

Incorrect. This is the opposite of the correct order.

c.

Correct. Since probable risks are given highest risk priority, regardless of how critical they are, Risk D will be prioritized over Risk B.

d.

Incorrect. Risk D would be rated higher than risk B given that probable risks are prioritized higher than critical risks.

33. Solution: b a.

Incorrect. This is an example of duplicate work, which the internal auditor is trying to avoid.

b.

Correct. In coordinating the work of internal auditors with the work of other internal and external providers, the CAE should ensure proper coverage and minimize duplication of work (Standard 2050).

32

CIA Part 1 Mock Exam Answers c.

Incorrect. The objective of coordinating efforts is to ensure adequate engagement coverage and to minimize duplication of work.

d.

Incorrect. The objective of coordinating efforts is to ensure adequate engagement coverage and to minimize duplication of work.

34. Solution: c a.

Incorrect. Goals are statements of activities that are to be accomplished. Policies and procedures are the means in which the goals are achieved.

b.

Incorrect. Goals are statements of activities that are to be accomplished. Engagement work schedules are a means to achieve goals.

c.

Correct. The goals of the IAA should be capable of being accomplished within specified operating plans and budgets and, to the extent possible, should be measurable. They should be accompanied by measurement criteria and targeted dates of accomplishment.

d.

Incorrect. Staffing plans and financial budgets are a means of accomplishing specified goals.

35. Solution: c a.

Incorrect. This factor would be considered when prioritizing the engagements.

b.

Incorrect. By reviewing staffing, prioritization of engagements, and expenses, operating benefits can be achieved.

c.

Correct. The goals of the IAA should include measureable criteria and targeted dates of completion.

d.

Incorrect. Staffing for each engagement would include this consideration.

36. Solution: c a.

Incorrect. Access to audit working papers and reports may be allowed to external auditors and to people within the organization, with the approval of the CAE.

b.

Incorrect. Providing the IAA working papers to the regulatory agency auditors might provide evidence of compliance testing. However, the CAE should still obtain the approval of senior management and/or board before providing the working papers.

c.

Correct. Where people outside the organization seek access to working papers, the CAE should obtain the approval of senior management and/or board.

d.

Incorrect. The working papers are the property of the organization. Therefore, you would not need the permission of the company’s external audit firm.

37. Solution: d (I, II, III and IV) I, II, III and IV. Correct. All items are correct regarding the IAA’s contribution to the governance process. The IAA must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: •

Promoting appropriate ethics and values within the organization.

•

Ensuring effective organizational performance management and accountability.

•

Effectively communicating risk and control information within the organization, and

•

Effectively coordinating the activities of and communicating information among the board, external and internal auditors and management.

38. Solution: c a.

Incorrect. This is the purpose of the audit plan.

33

CIA Part 1 Mock Exam Answers b.

Incorrect. Correcting internal control weaknesses is the function of management, not a function of the internal auditor.

c.

Correct. As described by the IIA, the internal auditors’ primary purpose in reviewing an organization’s existing risk management, control, and governance processes is to provide reasonable assurance that these processes are functioning as intended and will enable the organization’s objectives and goals to be met.

d.

Incorrect. This is a basic objective from a financial accounting and auditing perspective, but is not broad enough to cover the internal auditor’s entire purpose for review.

39. Solution: d a.

Incorrect. External assessments express an opinion on the overall effectiveness of the quality program, not the adequacy of internal controls.

b.

Incorrect. External assessments express an opinion on the overall effectiveness of the quality program, not the effectiveness of the internal auditing coverage.

c.

Incorrect. External assessments express an opinion on the overall effectiveness of the quality program, not conforming to the IAA charter.

d.

Correct. The external assessment should consist of a broad scope of coverage that includes conformance with the Definition of Internal Auditing; the Code of Ethics; and the Standards (PA 1312-1.10).

40. Solution: c a.

Incorrect. The CEO is a member of senior management. Other members of senior management may receive a final report that has been reviewed and approved by legal counsel.

b.

Incorrect. External auditors should not be contacted. External auditors may be given a final report that has been reviewed and approved by legal counsel.

c.

Correct. A draft of the proposed report on fraud or conflict of interest situations should be submitted to the chairperson of the audit committee as a next step in light of the CEO’s position in the company.

d.

Incorrect. Supporting documentation would be necessary before informing the audit committee or the board.

41. Solution: c (I, III and IV only) I.

Correct. Internal auditing should assess an operating department’s effectiveness in achieving its stated goals.

II. Incorrect. The safeguarding of assets is the responsibility of management, not internal auditing. III. Correct. Internal auditors should evaluate controls over compliance with laws and regulations. IV. Correct. Internal auditors should ascertain the extent to which objectives and goals have been established.

42. Solution: a a.

Correct. Executive management is responsible for risk management, board and audit committee provide an oversight function and internal auditor serve in the capacity of oversight and advisory roles.

b.

Incorrect. See correct answer.

c.

Incorrect. See correct answer.

d.

Incorrect. See correct answer.

34

CIA Part 1 Mock Exam Answers

43. Solution: d a.

Incorrect. The IAA could be involved in assessing the performance of the external auditor. This assessment should be done on a regular basis, at least annually.

b.

Incorrect. The IAA could be involved in assessing the performance of the external auditor. This assessment should be done on a regular basis, at least annually.

c.

Incorrect. The IAA could be involved in assessing the performance of the external auditor. This assessment should be done on a regular basis, at least annually.

d.

Correct. Management and the board might request the IAA to participate in the performance of the external auditor, and this may include assessment of the external auditor’s independence. In addition, this assessment should be carried out at least annually.

44. Solution: b a.

Incorrect. A ‘hot site’ has all needed assets in place and is not vendor dependent.

b.

Correct. A ‘cold site’ has all needed assets in place except the needed computer equipment. Therefore, the ‘cold site’ is vendor dependent for timely delivery of equipment.

c.

Incorrect. It is a ‘cold site’ that is vendor dependent.

d.

Incorrect. Excess capacity would ensure that needed assets are available and would not be vendor dependent.

45. Solution: a (I only) I.

Correct. Materiality is defined by the potential impact of an item on the organization and is not limited to items that can be assessed only in qualitative terms.

II. Incorrect. There may be some control failures of a minor nature that would not be considered material. III. Incorrect. Sampling approaches may be used to comprehensively cover the control structure of an organization.

46. Solution: c a.

Incorrect. Having the external auditor review and evaluate the work of the IAA does not help in determining whether its goals are being met.

b.

Incorrect. The board is not involved in the details of the IAA.

c.

Correct. The goals of the IAA should be capable of being accomplished within specified operating plans and budgets and, to the extent possible, should be measurable. They should be accompanied by measurement criteria and targeted dates of accomplishment.

d.

Incorrect. External assessments should be conducted at least every 5 years, not every 3 years.

47. Solution: b a.

Incorrect. Quality assurance is not measured against the IIA’s Code of Ethics.

b.

Correct. External assessments of an internal audit activity appraise and express an opinion as to the IAA’s compliance with the Standards of the Professional Practice of Internal Auditing and, as appropriate, should include recommendations for improvement.

c.

Incorrect. Supervision is not limited to only planning, examination, evaluation, communication, and follow-up process. Also, includes, training, employee performance evaluation, time and expense control, and similar administrative areas.

35

CIA Part 1 Mock Exam Answers d.

Incorrect. Appropriate follow-up is the responsibility of the CAE'.

48. Solution: a a.

Correct. Consultation with the engagement client helps to facilitate good relations. This is important since the engagement client will be more likely to accept recommendations.

b.

Incorrect. This could lead to an adversarial relationship.

c.

Incorrect. Consultation is not likely if it involves a fraud investigation.

d.

Incorrect. Internal auditors are not considered independent if they implement policies and procedures.

49. Solution: c a.

Incorrect. An interrogatory attitude is not likely to enhance the relationship.

b.

Incorrect. An investigative attitude is not likely to enhance the relationship.

c.

Correct. A consultative attitude leads to two-way communication.

d.

Incorrect. Objectivity will not lead to a better, more positive relationship.

50. Solution: d a.

Incorrect. Staff promotions, pay raises, or disciplinary action, results from a proper evaluation of auditor performance.

b.

Incorrect. Substantiating the quality program is significant, but is not the primary purpose of supervisory review.

c.

Incorrect. Internal auditors must also conform to the Code of Ethics, the IAA's charter, and other applicable standards.

d.

Correct. The IAA's quality program should provide reasonable assurance that the internal auditing work conforms to the Standards, the Code of Ethics, the IAA's charter, and other applicable standards

51. Solution: b a.

Incorrect. Acceptance of the gift could easily be presumed to have impaired independence and thus would not be acceptable.

b.

Correct. As long as the individual has the CIA designation, then he or she should be guided by the profession’s Code of Ethics in addition to the organization’s code of conduct. Rule of conduct 2.2 precludes such gifts because it could be presumed to have influenced the individual’s decision.

c.

Incorrect. As long as the individual has the CIA designation, then the CIA should be guided by the IIA’s Code of Ethics.

d.

Incorrect. The action could still easily be perceived as a kickback.

52. Solution: d a.

Incorrect. Periodic review and acknowledgment would not be very helpful, since acceptance of the code is really not an issue with the employees.

b.

Incorrect. Employee involvement in its development would not be very helpful since employee acceptance is really not an issue.

c.

Incorrect. Public knowledge of its contents and purpose might affect a few employees but would not be as affective as provisions for disciplinary action in the event of violations.

d.

Correct. Provisions for disciplinary action in the event of violations would be the most affect method to deter employees from conducting misconduct.

36

CIA Part 1 Mock Exam Answers

53. Solution: b a.

Incorrect. A conflict of interest policy would prohibit the acceptance of money, gifts, or services from a customer.

b.

Correct. A person has the right to participate in the management of a public agency (a government agency). Thus, it would not be included in a manufacture’s conflict of interest policy.

c.

Incorrect. A conflict of interest policy would prohibit financial dealings between an employee and those with whom the organization deals.

d.

Incorrect. The IIA Code of Ethics prohibits use of information for personal gain.

54. Solution: b a.

Incorrect. See correct answer (b).

b.

Correct. The internal auditor would be in violation of the objectivity rule of conduct. According to rule 2.3, internal auditors shall disclose all material facts known to them, that if not disclosed, may distort the reporting of activities under review. In this case, capitalizing general maintenance cost would distort the financial statements.

c.

Incorrect. See correct answer (b).

d.

Incorrect. See correct answer (b).

55. Solution: b a.

Incorrect. Being active in a charitable organization is unlikely to be contrary to the interests of the organization.

b.

Correct. According to the Code, an “Internal auditor shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment.” Thus, an internal auditor and part-time business broker would be considered to be incompatible.

c.

Incorrect. Teaching would be considered to be compatible with internal auditing.

d.

Incorrect. The renting of residential units would not be considered to be a conflict.

56. Solution: a (I and III) I.

Correct. Cardholders effectively approve and execute purchasing transactions. Therefore, there is a lack of segregation of duties.

II.

Incorrect. Credit cards enable purchases to be done more quickly, which enhances the purchasing function.

III. Correct. In the absence of effective monitoring, cards could easily be used for personal benefit. IV. Incorrect. This makes credit cards a more efficient purchasing option.

57. Solution: c (I and IV only) I.

Correct. Motivating employees is a reason to involve them when assessing internal controls.

II. Incorrect. Employees are usually not objective about their jobs. II. Incorrect. Although employees can be involved in assessing internal controls, theirs would not be considered independent assessments. IV. Correct. Getting feedback from the employees is a reason to involve them when assessing internal controls.

37

CIA Part 1 Mock Exam Answers 58. Solution: b (I, II and III only) I.

Correct. The board is ultimately responsible for the company’s system of internal control.

II. Correct. The board delegates authority and responsibility to management to implement board policies on risk and control. III. Correct. All employees do have some responsibly to make sure that controls are operating as they should. IV. Incorrect. Internal auditing only has a responsibility to review the adequacy of internal controls, not to establish and maintain the system of control.

59. Solution: c a.

Incorrect. A professional bureaucracy is a structure with high complexity and low formalization in which professionals are required.

b.

Incorrect. A mechanistic structure is one that is highly formalized and standardized and which has no dual authority structure. It is not the optimal structure.

c.

Correct. A matrix organizational structure combines functional and product departmentalization, creates a dual reporting structure, and is optimal where product groups are necessary.

d.

Incorrect. In a machine bureaucratic structure, rules and regulations permeate the entire structure and tasks are highly routine.

60. Solution: c a.

Incorrect. Total dollars committed would not detect favoritism shown to individual vendors.

b.

Incorrect. Detailed material specifications will not prevent buyer favoritism in placing orders.

c.

Correct. Periodic rotation of buyer assignments will limit the opportunity for any buyer to show favoritism to a particular supplier.

d.

Incorrect. The number of orders placed is not relevant to preventing favoritism.

61. Solution: b a.

Incorrect. The bookkeeper should not sign the checks and reconcile the checking account. These functions should be segregated. Therefore, the recording of cash receipts is inadequate.

b.

Correct. The bookkeeper should not sign the checks and reconcile the checking account. These functions should be segregated. Therefore, the accounting for cash is inadequate.

c.

Incorrect. The bookkeeper should not sign the checks and reconcile the checking account. These functions should be segregated. Therefore, the reconciliation of the cash account is inadequate.

d.

Incorrect. The bookkeeper should not sign the checks and reconcile the checking account. These functions should be segregated. Therefore, physical safeguards of cash are inadequate.

62. Solution: b a.

Incorrect. This situation could be avoided by making sure the controller is not able to make and record cash deposits. These functions should be segregated.

b.

Correct. This is an example of collusion, where the security guard let the employee steal company property. Collusion is an inherent limitation of internal control because no matter how tight controls are, if two or more people get together to circumvent the control, controls aren’t going to work.

c.

Incorrect. This situation could be avoided by making sure that credit sales have proper authorization.

d.

Incorrect. This situation could be avoided by making sure that hired employees are qualified for their positions.

38

CIA Part 1 Mock Exam Answers 63. Solution: d a.

Incorrect. Benchmarking involves a comparison against industry leaders or "world-class" operations. Benchmarking either uses industry-wide figures (to protect the confidentiality of information provided by participating organizations) or figures from cooperating organizations.

b.

Incorrect. Benchmarking requires measurements, which involve quantitative comparisons.

c.

Incorrect. Benchmarking can be applied to all the functional areas in a company. In fact, because manufacturing often tends to be industry-specific whereas things like processing an order or paying an invoice are not, there is a greater opportunity to improve by learning from global leaders.

d.

Correct. Benchmarking involves a comparison against industry leaders or "world-class" operations. Benchmarking either uses industry-wide figures (to protect the confidentiality of information provided by participating organizations) or figures from cooperating organizations.

64. Solution: a (I only) I.

Correct. Supervisory review at the originating department level is one means of control over the number of items ordered.

II. Incorrect. Automatic reordering could lead to purchases of excess material because it does not consider future plans. III. Incorrect. Matching the receiving report with the vendor’s invoice would keep the organization from paying for inventory not received, but would not help the organization from ordering inventory in excess of its needs.

65. Solution: b a.

Incorrect. This would be accomplished by inspecting the goods in a timely manner so they can be released to the appropriate department.

b.

Correct. A shipment should be rejected if it is not documented by a purchase order in the open file.

c.

Incorrect. The company should require such a count to be made when the goods arrive. However, maintenance of the file of purchase orders is not meant to ensure that a count is made.

d.

Incorrect. This is accomplished by adequate security over the receiving activities.

66. Solution: c a.

Incorrect. This phrase best describes a process-based approach, although control processes are not the only processes reviewed in this approach.

b.

Incorrect. A control-based approach concentrates on how well controls are working to manage risks.

c.

Correct. A risk-based approach begins by listing all possible barriers, obstacles, threats and exposures that might prevent achieving an objective and then examining the control procedures to determine if they are sufficient to manage the key risks.

d.

Incorrect. Cost-effectiveness could be discussed in a control-based control self-assessment workshop, but it is not the primary focus of this process.

67. Solution: a a.

Correct. The purpose of separating the functions is to prevent theft of the cash receipts.

b.

Incorrect. Establishing accountability would not prevent the theft of cash receipts.

c.

Incorrect. This would not prevent the theft of cash receipts.

d.

Incorrect. The function of separating the functions is to prevent, not minimize the theft (misappropriation) of cash receipts.

39

CIA Part 1 Mock Exam Answers 68. Solution: b a.

Incorrect. This is not an efficiency measure because there is not any comparison of input to output.

b.

Correct. Effectiveness has to do with meeting goals.

c.

Incorrect. This is an example of efficiency, not effectiveness.

d.

Incorrect. This is not an efficiency measure because there is not any comparison of input to output.

69. Solution: a a.

Correct. Because planning is impacted more strongly by the organization's environment, the planning information is more likely to be generated using external data.

b.

Incorrect. Control information is more detailed.

c.

Incorrect. Both types of information need to be quantifiable, but planning is likely to require less quantification.

d.

Incorrect. This is more likely to be true of control information.

70. Solution: a a.

Correct. Independent reconciliation of bank accounts is necessary for good internal control.

b.

Incorrect. This is not an important internal control consideration.

c.

Incorrect. Foreign currency translation rates are not computed, but instead verified. Having two employees in the same department perform the same task will not significantly enhance internal control.

d.

Incorrect. This is not an important internal control consideration.

71. Solution: c The correct order is: 1. Set the standards. 2. Select the times or points. 3. Observe the process. 4. Record the information. 5. Compare and measure the results against the standard. 6. Evaluate if performance is satisfactory. 6. Report any significant deviations. 8. Implement whatever corrections are necessary. 9. Follow-up to see if the corrections are effective. 10. Review and revise the standards. 72. Solution: b a.

Incorrect. A check digit is primarily used to catch transposition errors. A transposition error is where digits are in the wrong order, for example, 123 becomes 132.

b.

Correct. All adjusting transactions have to have proper segregation of duties. This means that the warehouse employee having custody of inventory should not have authority to initiate or process entries to the inventory records.

c.

Incorrect. A parity check is a hardware control over the internal transfer of data.

d.

Incorrect. An edit check for validity would catch an adjustment of a valid part number.

40

CIA Part 1 Mock Exam Answers 73. Solution: d a.

Incorrect. Establishing a corporate policy regarding the issuance of credit cards does nothing to prevent fraudulent usage by those authorized to use company cards.

b.

Incorrect. This procedure helps ensure the validity of issuance rather than ensuring that usage is within prescribed limitations.

c.

Incorrect. Reconciling the monthly statement with the cardholders' charge slips would determine that the amount of the separate charge items and the vendor code were in agreement. However, amounts charged may exceed authorized limits and amounts incurred may not be business-related. The same expense controls should be applied to charge transactions as those applied to currency.

d.

Correct. Credit card expenses should be subjected to the same controls used in processing similar expense reports for currency. In this way, per diems and authorization limits would be reviewed.

74. Solution: c a.

Incorrect. ACDF is thirteen days (5 + 2 + 6). This is not the critical path.

b.

Incorrect. ACEF is twelve days (5 + 5 + 2). This is not the critical path.

c.

Correct. ABEF is the longest path (6 + 6 + 2). Therefore, this is the critical path.

d.

Incorrect. ABCDEF is not a path.

75. Solution: a a.

Correct. Crashing is the process of adding resources to shorten activity times on the critical path in project scheduling.

b.

Incorrect. The Delphi technique is a qualitative forecasting approach.

c.

Incorrect. ABC analysis is a way to allocate overhead cost to products.

d.

Incorrect. The branch-and-bound solution is an integer programming solution.

76. Solution: a a.

Correct. If the company wants a new completion time of 12.5 days then the company will have to crash the critical path which is ABEF. ABEF is 14 days so the path needs to be crashed by 1.5 days (14 days – 1.5 days = 12.5 days). Therefore, activity AB needs to be crashed. However, if the company crashes path ABEF, then the new critical path becomes ACDF, which is 13 days. Therefore, the company will also have to crash path ACDF by 0.5 days (13 - .5 days = 12.5 days). To do this, activity DF will also need to be crashed.

b.

Incorrect. AC is not on the critical path.

c.

Incorrect. CE is not on the critical path.

d.

Incorrect. AB and EF are both on the critical path. If you crash activities AB and EF, the critical path still remains ACDF which is 13 days. The new completion time needs to be 12.5 days.

77. Solution: b a.

Incorrect. A divisional structure essentially operates as its own company.

b.

Correct. An adhocracy organization has low complexity and is not very formal. There is low vertical differentiation and high horizontal differentiation. The emphasis is on flexibility and response, and it encourages innovation.

c.

Incorrect. A machine bureaucracy is a complex, formal organization that performs highly routine tasks.

d.

Incorrect. A professional bureaucracy is more decentralized than a machine bureaucracy. Power is in the hands of specialist, highly qualified professionals (i.e., doctors, professors, etc.), assisted by a group of support administrators.

41

CIA Part 1 Mock Exam Answers 78. Solution: d a.

Incorrect. Bureaucratic leadership manages by the rules and policies (by the book) of the organization.

b.

Incorrect. A transformational leader is a leader who is a supporter and implementer of change.

c.

Incorrect. A participative leader makes the decision, but must take into account the opinions of the other members of the team or group.

d.

Correct. A consultative manager makes the decision, but does take into account the opinions of the employees.

79. Solution: a a.

Correct. The size of the organization will not directly affect a manager’s span of control.

b.

Incorrect. The available time a manger has to supervise employees will affect a manager’s span of control. The more time the manager has the more employees the manager would be able to supervise.

c.

Incorrect. The communication skill of the manger will directly affect the manager’s ability to supervise employees.

d.

Incorrect. The more standardized the tasks to be performed by the employees, the more employees (wider span of control) the manager would be able to supervise.

80. Solutions: d a.

Incorrect. Avoidance behavior is not assertive and not cooperative.

b.

Incorrect. Competing behavior is assertive and not cooperative.

c.

Incorrect. Compromising behavior represents moderately assertive and moderately cooperative behavior.

d.

Correct. Accommodating is characterized as not very assertive but is very cooperative. Accommodating entails placing another person’s interest above one’s own. However, in doing so, you are not being very assertive.

81. Solution: c a.

Incorrect. The planning process includes establishing engagement objectives and scope of work.

b.

Incorrect. The planning process includes obtaining background information.

c.

Correct. Identifying sufficient information to achieve engagement objectives is done during the fieldwork, not planning stage.

d.

Incorrect. The planning process includes determining how, when, and to whom the engagement results will be communicated.

82. Solution: c a.

Incorrect. This is an operational objective.

b.

Incorrect. This is a financial objective.

c.

Correct. Making sure that the company is deducting the correct amount for employee payroll taxes has to do with being in compliance with regulations. Thus, this is a compliance objective.

d.

Incorrect. This is an operational objective.

42

CIA Part 1 Mock Exam Answers 83. Solution: c a.

Incorrect. This would be an example of an engagement to review payroll, not to review the personnel department.

b.

Incorrect. Not all employees are going to need the same training.

c.

Correct. The personnel department is necessary for hiring, training, and monitoring the organization’s human resources. Thus, reference checks of prospective employees are needed to make sure the prospective employee has the right qualifications.

d.

Incorrect. Recruitment is the responsibility of the personnel department.

84. Solution: d a.

Incorrect. A statement indicating whether derivatives are to be used for hedging or speculative purposes would be an appropriate guideline to be included in the policy.

b.

Incorrect. A specific authorization limit for the amount and types of derivatives that can be used by the organization would be an appropriate guideline to be included in the policy.

c.

Incorrect. A specific limit on the amount authorized for any single trader would be an appropriate guideline to be included in the policy.

d.

Correct. The board is not going to review each transaction because that is management’s responsibility. Polices are developed by the board of directors to provide guidelines for achieving objectives.

85. Solution: d a.

Incorrect. Testing of the control deficiency will be done during the fieldwork phase.

b.

Incorrect. There is no need to report the preliminary findings. Detailed testing is needed before reporting to management.

c.

Incorrect. There is no need for a separate engagement at this time.

d.

Correct. The internal auditor would highlight the weakness to ensure that procedures to test it are included in the engagement work program. When planning the engagement, the internal auditor should identify and assess risks relevant to the activity under review. The engagement objectives should reflect the results of the risk assessment (Standard 2210.A1).

86. Solution: b (I, II and III only) I.

Correct. The company paying payroll in excess of the time actually spent by employees is a risk factor that needs to be considered.

II. Correct. The potential that the company is paying payroll to fictitious employees is a risk factor that needs to be considered. III. Correct. The company not adhering to applicable laws and regulations is a risk factor that needs to be considered. IV. Incorrect. This is not a risk factor. This is a control strength.

87. Solution: d a.

Incorrect. Security is a control agency, but purchasing is not.

b.

Incorrect. Security is a control agency, but maintenance is not.

c.

Incorrect. Safety is a control agency, but production scheduling is not.

d.

Correct. The primary control agencies in an organization are security, quality control, safety and industrial engineering.

43

CIA Part 1 Mock Exam Answers 88. Solution: b a.

Incorrect. A budget is formulated for the long rate plan, but revisions will probably be made during the preliminary survey.

b.

Correct. After the preliminary survey has been completed, the final engagement budget can be prepared.

c.

Incorrect. The final budget is not possible to complete during the planning meeting.

d.

Incorrect. The budget would lose its importance if done at the completion of the fieldwork.

89. Solution: a (I and II only) I and II. Correct. Internal auditors consider the following when determining the appropriateness and sufficiency of resources: •

The number and experience level of the internal auditing staff.

•

Knowledge, skills, and other competencies of the internal auditing staff when selecting internal auditors for the engagement.

•

Availability of external resources where additional knowledge and competencies are required.

•

Training needs of internal auditors as each engagement assignment serves as a basis for meeting the IAA’s developmental needs.

III. Incorrect. Using the proper sampling technique is a means to achieve to the engagement objective. IV. Incorrect. The probability of errors, irregularities, noncompliance, and other exposures should be considered when developing the engagement objectives, not when determining the appropriateness and sufficiency of resources.

90. Solution: c (I, III and IV only) I.

Correct. Work programs need to state the objectives of the engagement.

II. Incorrect. Identifying engagement.

significant

control

deficiencies

would

be

done

when

conducting

the

III. Correct. Work program will document procedures for collecting, analyzing, interpreting and documenting information during the engagement. IV. Correct. Work program will state the nature and content of the testing required to achieve the engagement objectives.

91. Solution: d (II and IV) I.

Incorrect. The internal auditor has no authority to order operating personnel.

II. Correct. Internal auditor’s job is to document discrepancies and make recommendations to management. III. Incorrect. The internal auditor would have no basis to expand the engagement to look for other differences from prescribed procedures. IV. Correct. The internal auditor should modify the engagement work program as warranted by the differences noted.

92. Solution: a a.

Correct. An assignment board would provide only minimal assistance to the engagement supervisor. An assignment board provides an overview of the staff members working on each project.

b.

Incorrect. The time budget is a supervisory tool for specific engagements.

c.

Incorrect. A weekly status report is a supervisory tool for specific engagements.

44

CIA Part 1 Mock Exam Answers d.

Incorrect. A time report is a supervisory tool for specific engagement.

93. Solution: c a.

Incorrect. The direction of testing to establish that the work-in-process accounts have not been padded is to the individual time tickets.

b.

Incorrect. The cost distribution is not relevant to the proper authorization of the time tickets.

c.

Correct. The time tickets contain the total hours worked on each job. An item distributed to an improper WIP account (i.e., one different from that listed on the time ticket) could be discovered by this test.

d.

Incorrect. To establish that employees have been paid only for time actually worked you would also have to reconcile total payroll costs to the payroll cost distribution.

94. Solution: c a.

Incorrect. The procedures do not represent a deficiency since efficiency has improved without diminishing control.

b.

Incorrect. A flowchart is not the best form of documentation because it does not address efficiency.

c.

Correct. This represents a change in process that should be brought to the attention of management and documented.

d.

Incorrect. The engagement should be completed.

95. Solution: b a.

Incorrect. Any information that comes from a company’s accounting system is not the most reliable because it is internally generated. Therefore, it is not sufficient for the auditor’s conclusion.

b.

Correct. Since this information comes from the company’s accounting system, it is not sufficient or reliable. This information would have to be supported by some other corroborative type of information, which could include a 3rd party invoice, a check, contract or similar type of document.

c.

Incorrect. Conclusive evidence is evidence where no other evidence is required to draw a conclusion. Thus, information from a company’s accounting system is not conclusive evidence.

d.

Incorrect. Information from a company’s accounting system is internally generated, not externally generated.

96. Solution: a a.

Correct. If an internal auditor notes that there is a possibility of fraud, then the internal auditor needs to expand activities to determine whether an investigation is warranted.

b, c and d are incorrect. The auditor should first expand work to determine the existence of fraud before reporting the matter to top management. At this point, the auditor only has suspicions of fraud, given the red flags. More work should be performed before consulting with management, external legal counsel, or the audit committee.

97. Solution: b a.

Incorrect. Predefined spending levels would probably already include the fraudulent amounts and would only limit the size of the fraud.

b.

Correct. Additional authorization would be the most likely choice in preventing the fraud.

c.

Incorrect. The bill of lading would agree with the purchase order. The quantity received (verified by a third party) should be compared to both the bill of lading and the purchase order.

d.

Incorrect. The computer matching would only verify the fraudulent paperwork.

45

CIA Part 1 Mock Exam Answers

98. Solution: c a.

Incorrect. The current quarter’s expense would equal the prior period’s activity unless the manager just started this fraud. The auditor has no information on how long this might have been occurring.

b.

Incorrect. Physical testing would not locate nonexistent parts that have already been charged to maintenance.

c.

Correct. An analysis of repair parts charged to maintenance would quantify the excessive number of items and detect that abuse may be occurring.

d.

Incorrect. Lack of segregation of duties allowed the fraud to occur. The manager was authorized to process both the purchase and receipt, so the test would only verify the fraudulent paperwork.

99. Solution: a a.

Correct. Most fraud perpetrators would attempt to conceal their theft by charging it against an expense account.

b.

Incorrect. Debiting the stolen asset account would be going in the wrong direction to conceal an asset theft.

c.

Incorrect. Entry decreasing revenue would be unusual and would stand out.

d.

Incorrect. This entry would not permanently conceal the fraud. It would simply shift the irreconcilable balance to another asset account.

100. Solution: a a.

Correct. This is an acceptable control procedure, which is aimed at limiting risk while promoting efficiency. It is not, by itself, considered a condition that indicates a higher likelihood of fraud (a red flag).

b.

Incorrect. Lack of rotation of duties or cross training for sensitive jobs is an identified red flag.

c.

Incorrect. This would be an example of an inappropriate segregation of duties, which is an identified red flag.

d.

Incorrect. This is an identified red flag.

46