Which of the following procedures would be most effective in detecting fraud in
electronically-submitted claims to insurance companies?

• A.Creating a monitoring program that detects unusual claims to be investigated by the claims department.
• B.Using generalized audit software to match the claimant identification number with a master list of valid policyholders.
• C.Creating batch controls over all claims arriving from a particular organization and process those claims separately.
• D.Testing the accuracy of processing by using integrated test facilities.

Comment: *

Name: *

Email: *

Verification: *

According to the International Professional Practices Framework, which of the following are allowable activities for an internal auditor?
1. Advocating the establishment of a risk management function.
2. Identifying and evaluating significant risk exposures during audit engagements.
3. Developing a risk response for the organization if there is no chief risk officer.
4. Benchmarking risk management activities with other organizations.
5. Documenting risk mitigation strategies and techniques.

• A.1.2, and 3 only.
• B.4 and 5 only.
• C.2. 3. 4. and 5 only.
• D.1.2. 4. and 5 only.

Comment: *

Name: *

Email: *

Verification: *

A charitable organization provides substantial grants for important medical research.
Assuming marginal controls are in place, which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk?

• A.Grants are made to organizations associated with senior executives.
• B.A payroll clerk has added a fictitious employee.
• C.Senior executives are using company travel and entertainment funds for activities that might be considered questionable.
• D.Purchases of office supplies are made from fictitious vendors.

Comment: *

Name: *

Email: *

Verification: *

In addition to data protection,which of the following is a control that is typically used by companies to safeguard the privacy rights of their customers?
I.End-user computing. II.Encryption of data. III.Spyware. IV.Intrusion detection.

• A.II and IVonly
• B.I,II,and IVonly
• C.IIonly
• D.I and IIIonly

Comment: *

Name: *

Email: *

Verification: *

Which of the following is true for consulting engagements'?

• A.Risks identified from the engagement must be considered when evaluating the organization's risk management processes
• B.The internal audit activity must ensure management actions have been effectively implemented or risk accepted
• C.The nature of consulting services does not have to be in the internal audit charter
• D.A work program for the engagement is not required but may be developed

Comment: *

Name: *

Email: *

Verification: *