A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:

Which of the following statements regarding risk in the department is true?

• A.As compared to departments A and C, department B has a stronger control system to compensate for the greater complexity of the department's transactions and dollar value of its assets.
• B.The internal audit activity should schedule audits of department B more often than audits of department C because of the relative control strength of department C as compared to department B.
• C.The nature of department A's control structure may be justified by the nature of the department's assets and the complexity of its transactions.
• D.The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.

Comment: *

Name: *

Email: *

Verification: *

While performing an audit of the human resources department, an internal auditor discovered unencrypted files containing the personal information of employees stored on a public shared drive. According to IIA guidance, which of the following actions by the auditor would be the most appropriate?

• A.Change permissions to the shared drive to only allow access to human resources personnel.
• B.Communicate the issue to the chief audit executive as well as IT and legal departments.
• C.Remove the files containing the social security numbers and personal information.
• D.Immediately review the audit logs to see if anyone has accessed this information and follow-up.

Comment: *

Name: *

Email: *

Verification: *

When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?

• A.The potential impact of key risks.
• B.The expected outcomes and deliverables.
• C.The need and availability of automated support.
• D.The operational and geographic boundaries.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the best audit procedure to use to determine if a division's unusually high sales and gross margin for November and December were the result of fraudulently recorded sales?

• A.Compare sales and gross margin totals with those of the previous ten months and the first month of the following year.
• B.Use regression analysis techniques to estimate the sales and cost of goods sold for November and December.
• C.Confirm accounts receivable balances with customers.
• D.Trace a sample of shipping documents to related sales invoices to verify proper billing.

Comment: *

Name: *

Email: *

Verification: *

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?

• A.Evaluate and verify management's response, and determine the need and scope for additional work.
• B.Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.
• C.Evaluate and verify management's response, and establish timelines for corrective action by management.
• D.Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

Comment: *

Name: *

Email: *

Verification: *