An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?

A. Investigation of the physical security over access to the components of the LAN.

B. The ability of the LAN application to identify data items at the field or record level and implement user access security at that level.

C. Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise.

D. The level of security of other LANs in the company which also utilize sensitive data.

Insurance companies often receive electronic hospitalization claims directly from hospitals. Which of the following control procedures would be most effective in detecting fraud in such an environment?

A. Use integrated test facilities to test the accuracy of processing in a manner that is transparent to data processing.

B. Develop monitoring programs to identify unusual types of claims or an unusual number of claims by demographic class for investigation by the claims department.

C. Use generalized audit software to match the claimant identification number with a master list of valid policyholders.

D. Develop batch controls over all items received from a particular hospital and process those claims in batches.

Which of the following would provide the greatest assurance of the accuracy of a computer program's computation of freight charges for catalog sales?

A. Use discovery sampling, selecting transactions from invoices which should have freight charges added to them.

B. Use either test data or parallel simulation to test the computer application.

C. Use difference estimation, selecting transactions from invoices which should have freight charges added to them.

D. Use generalized audit software to select a monetary-unit sample of invoices that have been billed to customers.

Which of the following describes an internal auditor's responsibilities to include audit procedures to detect fraud in audits of a multinational organization?

A. International Accounting Standards require the internal auditor to include audit procedures which would detect fraud if it would cause a material misrepresentation of the financial statements.

B. Internal auditors do not have any specific responsibilities with respect to including fraud-related audit procedures.

C. Proper audit procedures, when carried out with due professional care, will guarantee that fraud, if present, will be detected.

D. If significant control weaknesses are detected, additional tests should be directed toward other indicators of fraud.

When conducting a performance appraisal of an internal auditor who has been a below-average performer, it is not appropriate to:

A. Notify the internal auditor of the upcoming appraisal several days in advance.

B. Use objective, impartial language.

C. Use generalizations.

D. Document the appraisal.

What decision-making approach should a facilitator initiate if a group addresses an unfamiliar situation during a control self-assessment session?

A. Spontaneous agreement.

B. Consensus building.

C. Majority voting.

D. Compromise.

While developing a risk based audit plan, which of the following sources of information would provide the least value to the chief audit executive?

A. Results from the organization's business process management program.

B. User acceptance testing of the organization's enterprise resource planning application.

C. Risk assessments conducted by the board.

D. Key business strategies adopted by the organization in the strategic plan.

The chief audit executive of a large publicly held bank is using a risk based approach to update the annual audit plan. Which of the following sources of information will have the least impact on the plan?

A. The 12 month forecast of commercial property values.

B. Recent changes to the bank's strategic plan.

C. Regulatory changes impacting capitalization for all publicly traded banks.

D. Continuous changes in the prime lending rate set by the country's central bank.

An internal auditor completed a review of expenses related to the launch of a new project. The auditor sampled 45 transactions approved by a senior project manager and identified 30 with questionable vendor documentation. Which of the following is the most appropriate conclusion for the auditor to include in the audit report?

A. The organization incurred excessive cost overruns that resulted in significant financial and legal risk to the project.

B. The organization experienced a potential conflict of interest.

C. The organization had weaknesses in its review process, which allowed questionable transactions with some vendors.

D. The organization allowed the project to launch without assurance that all transactions were regularly approved.

An internal auditor's examination of accounts receivable generates the following results:

What is the projected misstatement for the population if ratio estimation is used?

A. $84,000

B. $238,095

C. $700,000

D. $2,100,000