An internal auditor plans to use an analytical review to verify the correctness of various operating expenses in a division. The use of an analytical review as a verification technique would not be a preferred approach if.

A. The auditor notes strong indicators of a specific fraud involving this account.

B. The company has relatively stable operations which have not changed much over the past year.

C. The auditor would like to identify large, unusual, or non-recurring transactions during the year.

D. The operating expenses vary in relation to other operating expenses, but not in relation to revenue.

Internal auditors who are concerned with potential risks due to the mishandling of records or transactions should take into consideration:

A. The type and nature of the activities to be examined.

B. Whether employees in key positions of trust are bonded.

C. The history of losses suffered by the company.

D. The results of prior risk assessments.

In assessing the independence of the internal audit activity, a member of a peer review team should consider all of the following factors except:

A. Access to and frequency of communications with the board of directors or its audit committee.

B. The criteria of education and experience considered necessary when filling vacant positions on the audit staff.

C. The degree to which auditors assume operating responsibilities.

D. The scope and depth of engagement objectives for the audit engagements included in the review.

Which aspect of the audit function would be most impacted by a lack of coordination between an organization's internal and external auditors?

A. Responsiveness.

B. Timeliness.

C. Effectiveness.

D. Efficiency.

An internal auditor is testing the controls of a large and complex food production process where quality assurance is critical. Management provides process charts and documentation, but the auditor quickly determines that this information is incomplete and out of date. Which of the following would be the most appropriate course of action for the auditor to follow?

A. Use the documentation but meet with the production supervisor to obtain updated information before proceeding.

B. Amend the engagement objectives recognizing that important information is not available to protect the engagement's integrity.

C. Defer the audit until management can provide updated charts and documentation as this is their responsibility.

D. Use the documentation but use observation during the engagement to provide missing information.

Which of the following activities would be most likely to impair the objectivity of an internal auditor?

A. Performing reviews of procedures for a new information systems application before it is installed.

B. Benchmarking controls during the development of a new information systems application.

C. Assisting with the development and installation of a new information systems application.

D. Developing recommended controls for the use of a new information systems application.

In an audit engagement, a group of internal auditors used an integrated test facility to test payroll processing. The auditors identified the key controls and processing steps in the computer software, and then developed test data. Over the course of 24 months, they submitted test transactions on a regular basis but did not find any differences between payroll processing and integrated test facility results. Based on the data, what can the auditors conclude?

A. Payments to employees during the 24-month period were all correct.

B. The computer application and its control procedures correctly processed payroll over the 24- month period.

C. Employees are properly submitting their hours to payroll.

D. The computer software is flawed.

Which of the following would provide the best guidance to a chief audit executive who is setting internal audit staff requirements?

A. A review of audit staff education and training records.

B. Information about the audit staff size and composition of comparable organizations.

C. Results from discussions of audit needs with executive management and the audit committee.

D. The results of the audit staff's most recent performance reviews.

Which of the following is most likely to function as a directive control?

A. Security dogs.

B. Alert employees.

C. Insurance claims.

D. Cycle counts.

Which of the following controls could an internal auditor reasonably conclude is effective by observing the physical controls of a large server room?

A. Adequate signs are in place to assist in locating safety equipment.

B. Servers are secured individually to their racks by locks.

C. Foam fire extinguishers are operable to protect against electrical fires.

D. Swipe card access is required to gain access to the server room.