According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor's need for objectivity?

• A.An internal auditor performed an assurance engagement for the effectiveness of accounts payable access controls, one of which he previously helped to design.
• B.An internal auditor assessed the effectiveness of controls over payroll software, which he had helped implement with a previous employer.
• C.An internal auditor, previously employed in the quality assurance operations area, performed a consulting engagement for the operations manager.
• D.An internal auditor participated in an audit of controls around absenteeism, despite providing some consultation on controls in this area earlier in the year.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users?

• A.Interface with corporate systems.
• B.Ability to meet user needs.
• C.Hidden data columns or worksheets.
• D.Increasing complexity over time.

Comment: *

Name: *

Email: *

Verification: *

After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?

• A.The CAE should send the final report to operational management and notify senior management and the audit committee that no significant findings were identified.
• B.The CAE should send the final report to operational and senior management and the audit committee.
• C.The CAE should send the final report to operational management only, as there is no need to communicate this information to higher levels.
• D.The CAE should notify operational and senior management that the audit engagement was completed with no significant findings to report.

Comment: *

Name: *

Email: *

Verification: *

According to MA guidance on IT which of the following best describes a but recovery and restore processes have not been defined?

• A.Cold recovery plan.
• B.Hot recovery plan
• C.Absence of recovery plan
• D.Warm recovery plan

Comment: *

Name: *

Email: *

Verification: *

An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

• A.Become involved in risk oversight committees, monitoring activities, and status reporting.
• B.Accept management's responsibility for risk management without board approval.
• C.Audit risk management processes.
• D.Manage and coordinate risk management processes.

Comment: *

Name: *

Email: *

Verification: *