Let’s Connect with Each Other

Web: www.zainacademy.us
Web: www.mzain.org

Email: [email protected]
Email: [email protected]
WhatsApp (Messaging & Call): +92 311 222 4261
International Call: +92 311 222 4261
US & Canada Call: +1 646 979 0865

Facebook: https://www.facebook.com/zainacademy
YouTube: https://www.youtube.com/c/zainacademy
LinkedIn: https://www.linkedin.com/in/mzainhabib/
Twitter: https://twitter.com/mzaincpacmacia
Instagram: https://www.instagram.com/mzain.cpa.cma.cia/
Pinterest: https://www.pinterest.com/mzainhabib/
Amazon: https://www.amazon.com/MUHAMMAD-ZAIN/e/B07K2G2R8M
Telegram: https://t.me/ZainAcademy
Tumblr: https://zainacademy.tumblr.com/ 2
Medium: https://medium.com/@muhammad_zain_cpa_cma_cia
 INDEX
Preface………………………………………………………………………………………………………………..4
Certified Internal Auditor (CIA) – US Basic Information………………………………………..5
Letter from Muhammad Zain…………………………………………..………………………………..18
Section A – Foundation of Internal Auditing…………………..………………………………….22
Section B – Independence and Objectivity…………………………………………………..….143
Section C – Proficiency and Due Professional Care……………………………………….....230
Section D – Quality Assurance and Improvement Program……………………………...513
Section E – Governance, Risk Management and Controls………………………………..763
Section F – Fraud Risks……………………………………………………………………………….…1,241
Books Written By Muhammad Zain……………………………………………………………….1,580
Quotes That Will Change Your Life………………………………………………………………..1,588
About the Mentor………………………………………………………………………………..……….1,596
PREFACE
All the knowledge possessed by me is a gift from Almighty Allah. The Creator of the Heavens and the earth blessed
me with the success of passing Certified Public Accountant (CPA), Certified Management Accountant (CMA),
Certified Internal Auditor (CIA), and Masters of Business Administration (MBA) exams in 1st attempt. I am profoundly
grateful to my family for providing all the resources and time at their disposal for my enrichment morally, physically,
and spiritually. I am also thankful to my teachers, who delivered their knowledge, wisdom, and experience.
The knowledge, resources, views, facts, and information presented in this book are a voice from my heart bestowed
by Allah and my experience gained during my entire lifetime. I capitalized hours searching the Internet, Blogs, Social
media, and Wikipedia to update my knowledge and notebook as part of my continuous learning objective. I am
highly indebted to contributors to Google, Blogs, Social Media, and Wikipedia for presenting me with the ocean of
knowledge and insights. The more I dived deep into the ocean, the more I concluded that we human beings are only
given limited knowledge, which is unexplored and undiscovered entirely to this date. This curiosity of mankind is
bringing innovations, discoveries, and ideas. Any resemblance to any copyrighted material available on the planet is
purely coincidental and unintentional. I allow the readers of this book to use it for any related educational purpose
and reproduce the contents as long as the original text in this book is unaltered. I give reasonable assurance that the
information provided in this book is correct according to my knowledge and belief. There may be circumstances
where potential readers challenge the information presented. I welcome these challenges to correct me for future
updates.
May the Lord, Master of the day of Judgement and to whom the sovereignty belongs, bless me more and my
readers in this world and in particular in life hereafter (Ameen).
4
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
Certified Internal Auditor (CIA) certification is offered by the Institute of Internal Auditors (IIA), US. It is a premium internal
auditing qualification having a global presence. CIA is a symbol of excellence in compliance reporting, risk management,
and consultancy. CIA has three parts. Part 1 is known as Essentials of Internal Auditing, Part 2 is known as Practice of
Internal Auditing, and Part 3 is known as Business Knowledge for Internal Auditing.
Zain Academy’s purpose is to create the best CIA Exam Prep materials at affordable pricing.
The IIA releases the profession's primary guidance, such as the International Professional Practices Framework (IPPF), Code
of Ethics, International Standards for the Professional Practice of Internal Auditing. Membership with IIA is not required to
earn a CIA designation. Candidates can save their earned money by not choosing the membership.
Chapters and affiliated institutes hold regular meetings, seminars, and conferences to develop networking, contacts, and
social bonding. It is advisable to attend these types of events to learn about the current practices in internal auditing.
Why Choose CIA
The Certified Internal Auditor (CIA) credential offers many benefits. CIA certification can help you move forward in a
focused direction. CIA certification gives a message that you are a proficient internal auditor who can bring valuable
insights and experience. CIA holders can be entrusted with significant responsibility. CIA also helps in increasing accounting
knowledge and skill.
CIA holders earning potential is excellent as compared to non-certified peers. Companies retain talented individuals by
giving them market-based remuneration, bonuses, perks, fringe benefits, vacations. Qualified individuals earning is
multiplied if he/she opens consultancy, compliance or internal auditing firm. CIA certified deserves the respect of the
peers. 5
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
Way To Achieve CIA Credential
The candidates must meet the four Es requirements, i.e., Education, Ethics, Examination, and Experience for
achieving the CIA designation. Three years is provided by the Institute to get certified. However, the
candidates can apply for one of the three types of 1-year eligibility extension, i.e., hardship, non-hardship, and
exam eligibility. Each type of extension has its procedures and fees. Please refer to the CIA Candidate
Handbook as available from the IIA website.
Education – At least a Bachelor’s degree from an accredited college or university. If the candidates do not have
a bachelor’s degree, then a verifiable seven years of internal auditing experience can be accepted.
Ethics – Reflect high moral and professional character and agree to abide by the IIA’s Code of Ethics. Submit a
Character Reference Form signed by a CIA certified or supervisor or professor.
Examination – This is the most important of all the requirements. Candidates spend considerable time clearing
the three parts of the CIA exam.
Experience – Bachelor's degree holder has to demonstrate two years of working experience. However, the
requirement is reduced to one year if the candidate is a Master's degree holder. The candidates can fulfill
experience requirements even after passing the CIA exams. The experience gained can be in the accounting,
finance, or internal audit department.
6
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
CIA Examination
Candidates have to pass three parts to become certified. If a candidate cannot pass all three parts within three
years’ time period, then the candidate will lose the credit for any part passed and will have to apply again to
the Institute. The table is necessary to become familiar with the CIA structure.
Part Title MCQs Time
1 Essentials of Internal Auditing 125 2.5 hours (150 mins)
2 Practice of Internal Auditing 100 2 hours (120 mins)
3 Business Knowledge for Internal Auditing 100 2 hours (120 mins)

IIA Retired Questions

Test Bank Questions available with all the publishers are retired questions by IIA. 75% of the questions are the
same with every publisher. The rest, 25%, is their creativity.
REMEMBER that actual CIA exam questions are non-disclosed and are not available to anyone.

7
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
CIA Exam Scoring
The CIA exam is computer-graded. The candidate will receive the result within five minutes of finishing the exam.
Scores are determined by the difficulty level of questions asked and converting the value of questions answered
correctly to a scale that ranges between 250 to 750. A score of at least 600 is required to pass the exam, i.e., 80%. If
the questions are of higher IQ level, the passing score can go below 600, but if the items tested are easy, then
passing criteria can go up from 600.
Whether the questions being asked are easy or difficult, I suggest you target achieving an overall 85% in exams by
accurately attempting the 107 correct questions out of 125 questions in CIA Part 1.
The trend analysis for several years of CIA exam passing ratio is between 40% to 44%.

CIA Exam Dates

CIA exam can be taken at any day and time of your choice subject to two conditions:
The day must be a normal working day except for weekends and public holidays; and
The time of the exam must be within regular working hours.
It is highly recommended to select your exam date and time as early as possible to get the preferred appointment.
8
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
Documents Required By IIA
The following documents are required by the Institute when a candidate makes a profile at the Certification
Candidate Management System (CCMS):
A soft copy of an unexpired official passport or national candidate ID card;
A soft copy of degree and transcripts;
A soft copy of the character reference form duly attested;
A soft copy of the experience reference form verified by a CIA or supervisor.
Once the candidate registers for an exam part and gets the authorization to test email from IIA, he has 180
days to schedule and sit for the exam. This email from IIA must be printed and carried by the candidate when
he takes his exam.
Pearson VUE www.pearsonvue.com/iia conducts CIA examinations globally. Select the testing center location
that is easily reachable for you.

9
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
Investment in CIA
Investment in the CIA is one time if the candidates pass all three parts in the first attempt. Investment in the CIA is advantageous
throughout life.
CIA exam fee is presented in the following table.
S.No Description Member Non-Member Student
1. Application fee $ 115 $ 230 $ 65
1. Part 1 fee $ 280 $ 395 $ 230
1. Part 2 fee $ 230 $ 345 $ 180
1. Part 3 fee $ 230 $ 345 $ 180
TOTAL $ 855 $ 1,315 $ 655

I highly recommend the candidates pay their dues through DEBIT CARD only. This way, you will be free from all claims of the bank
and will be much relieved. The target must be to clear the exams in 1st Attempt so that the examination fee is paid only once, and
benefits of opportunity costs can be derived.
Investment in study materials, test bank questions, and learning videos are separate and vary according to the candidate’s
preferences and study methods.
REMEMBER to subscribe to the study materials and test bank questions that are economical, comprehensive, updated, and
excellent.
ALSO, REMEMBER to subscribe for each part separately to get the time benefit.

10
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
CIA Parts Selection Order
I recommend the candidates to begin their preparation with Part 1 first and then moving to Part 2 and Part 3. The candidates can pass all three parts easily in
seven months.
Difficulty Level of CIA Part 1
CIA Part 1 is the foundation of all three parts. CIA Part 1 exam can be passed quickly if the candidates can exhibit the traits of Excellency, Creativity, Passionate,
and Patience in their preparation and, in particular, on exam day.
The Candidates must have a clear vision of their future. They must be able to define their purpose of life. The will to win, the desire to succeed, the urge to reach
full potential – these are the keys that will unlock the door of CIA certification.
The reason that many candidates find it difficult to achieve the CIA is that they are not able to define their goals or ever seriously consider them as believable or
achievable. Champions can tell you where they are going, what they plan to do along the way, and with whom they will be sharing their adventure.
Keep looking for creativity, and don’t settle for the less. You have that potential. It is just a matter of time that you explore and discover yourself. Once you find
yourself and your capability, you will never be the same again.
CIA Part 1 – Syllabus
There are six sections in CIA Part 1.
a. Section A – Foundations of Internal Auditing – 15% weightage
b. Section B – Independence and Objectivity – 15% weightage
c. Section C – Proficiency and Due Professional Care – 18% weightage
d. Section D – Quality Assurance and Improvement Program – 7% weightage
e. Section E – Governance, Risk Management and Control – 35%
11
f. Section F – Fraud Risks – 10% weightage
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
CIA Part 1 Preparation Time
It is generally observed that many of the CIA candidates are working executives. They have to allocate time for work,
family, studies, and personal leisure. The candidates are ready for Part 1 exam if they can allocate at least 3 hours on
weekdays and at least 6 hours on weekends for two months continuously.
The candidates must follow the steps to understand the concepts being part of the syllabus of CIA Part 1.
Read a whole particular section from the study book first with the questioning mind approach. Mark or highlight
only the important paras or sentences in the book.
Attempt the True / False Questions of that particular section presented in the book to bring clarity on the already
read topics.
Attempt the Multiple Choice Questions of that particular section from the Test Bank without any time constraints.
Focus must be on selecting the right answers in the first place.
If you attempt any question correctly, proceed to the next question. These questions do not need to be reviewed
ever again because a question once attempted successfully will always be correct in the future.
If any question attempted is wrong in the 1st place, then mark or highlight or flag those questions. Furthermore,
there might be instances in which you have selected the right answer, but you are in doubt about the outcome of
the result if attempted later. These questions also need to be marked or highlighted. These marked questions will
form the basis of review, revision, and rehearsal at a later stage.
12
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
CIA Part 1 Preparation Time……(continued)
Read the explanation of the incorrect answers selected and try to understand the logic of the question and correct
answer explanation.
As you complete 80% of the total questions of a particular section, move to the next section, and repeat the steps
from (a) to (d).
Revision of the already learned topics every week is warranted. Dedicate a particular day in a week in which you will
only revise the already learned topics. Read only those paras from the book which have been highlighted. Attempt
only those questions from Test Bank Questions, which have been marked or highlighted. Time Management must
come into effect while re-attempting the questions. Each MCQ has to be attempted in 1.2 minutes. This way you will
revise the entire section smartly and anxiety level will decrease.
As you complete all the sections of the CIA Part 1, then focus on completing the 100% of the MCQs from the Test
Bank Questions.
REMEMBER that each topic has an equal chance of selection in the exam. So you have to be prepared for every
concept.
ALSO REMEMBER that CIA Exams are of continuous 2.5 hour duration. Train your mind to be active for at least 3
hours during MCQs preparation.

13
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
The candidates must have updated study materials and test bank questions. The study materials must be simple, concise, and easy to
understand. The majority of finance graduates and working executives prefer self-studies. Select test bank questions of any comprehensive
publisher. Subscribing for more than one publisher’s test bank questions will not help as most of the questions will be repetitive.
Video Lectures are of great aid. They increase the retention power of the candidates by at least 25%. Furthermore, the candidates can view
them later at their ease and convenience. Many of the candidates prefer live classes or online interactive sessions. This can also increase the
odds in your favor exponentially.
Recommended Study Approach
CIA exams are computer-based. It is recommended that all your preparation, highlighting, and practice must be on the computer or laptop.
The candidates must avoid the traditional method of studying and making notes via pen and paper. Pen and paper shall be used only for
calculation-related purposes while attempting the test bank questions.
The candidates can study at any time of day or night, but my preferable time is an early morning daily at 4:30 am. This is the time where the
human brain is at a high energy level. This is also the time of great silence.
You will be provided with earplugs in the center and must use them to avoid distractions from other candidates' noise. Silence also has its
voice, which you will agree with me on your exam day. Your mind needs to be accustomed to it. Therefore, use good quality foam-based
earplugs from day 1 of your preparation. You can find these earplugs from your local pharmacy.
You will be provided with black pens at the center and two sheets. Start using a black pen from day 1. Your mind must be able to recognize
and work in a black pen.
Please become familiar with the MCQ screens and navigation of the Pearson VUE Testing Environment before the exams. The tour can be
arranged from your computer. This will make you comfortable on your exam day.

14
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
How to Answer the MCQs in preparation and exams?
My preferable way of approaching any MCQ is provided below. Ask yourself three bold phrases in every MCQ.
What are the requirements of the question? The requirements of the question are generally presented in the
second last or last line of the question. Read it thoroughly and then reread the whole question to filter out the
extra information.
What is the answer? Read twice the answer choices carefully and then select the best answer. Numerical
questions require double-checking of formulas and calculations.
If you do not know the answer, make an educated guess. The educated guess is a technique in which you
can filter out the two options out of four based on your insights. Now the two options left to be paid attention
to. Read the requirements of the question again and then the remaining two answer choices. Select the best
one. This way you will increase your odds in favor by 50%.
Attempt all the questions in exams even if the testlet is harder, and time management is crucial. You will not
be penalized for any incorrect choices being made. Your score is determined out of correct questions only.
Mark or Flag all those questions which you want to review in end if the time allows.

15
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
Pearson VUE Testing Site Visit
After you schedule your appointment with Pearson VUE, visit the center at least three days before the exam to
become familiar with the location. If the center is in a building, make yourself familiar with the security
perimeters of the building as well. Make contingency plans to reach the exam center in case of any
unexpected circumstances. Double-check the weather conditions in advance of the exam day.
Day Before Exam Day
This day is also vital in the candidate’s life. Leave all the review, revisions, or attempting the test bank
questions at least 24 hours before the exam day. CIA is a professional paper and the candidate has to be ready
at any time. You have done enough preparation. Trust in Allah and have confidence in your abilities. You have
done enough training. It is now time to showcase your talent.
You will be intimidated to see the materials or revise the test bank questions or watch the lecture videos. Keep
aside all these urges. Divert your mind to the most enjoyable activity. That enjoyable activity can be praying,
meditating, walking in the garden, or even watching a good movie. Arrange all the required documents,
clothes, shoes, calculators, funds, and other items in advance. Charge your cell phone if you plan to travel and
navigate by Apps. Mobile Data Connection package must be active. Sleep for at least 10 hours at night before
the exam day.

16
CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION
Activities on Exam Day
Take a good shower and wear comfortable clothing according to the weather conditions.
Have a comprehensive meal that is easily digestible and consume any necessary medicines.
Bring printouts of Authorization Letter / Confirmation Letter / Notice to Schedule received through email from Pearson VUE and Institute, mentioning
candidate’s name, section part, exam date, time, and venue.
Two original forms of non-expired identification with photograph and signature are required. Therefore, bring an unexpired and signed passport and national
identity card / driver’s license along with you.
Reach the exam center at least 60 minutes’ prior of your appointment time.
Drink coffee or tea before the exam so that you are charged enough.
Visit the washroom before the start of exam.
The mobile phone has to be switched off and placed in a locker along with wallets.
You will not be given any complimentary breaks during the 2.5 hour exam. However, you can take one for taking a slight break for recharging yourself, visiting
the washroom and having water. However, the clock will continue to run.
Do not make noise or stand up from the seat without permission. Raise your hand first. The invigilator will visit you, and then you can ask for pens, extra sheets
for working, or taking a break or any malfunction encountered in exams.
Once you finish your exam, review the mark or flagged questions and try to attempt in the remaining time period. Your score is based on the number of
questions you answer correctly. You are not penalized for selecting the wrong answer.
Make sure to submit your exam and watch for the incoming message from the system for acknowledging your submitted questions.
What To Do after Passing CIA Exams
Hats off to you for passing all three parts. Meet all other program requirements and complete the Certificate Order Form by logging into CCMS to get17your
certificate.
LETTER FROM MUHAMMAD ZAIN
16 August 2021
Dear CIA,
May Peace, Blessings, and Mercy of Allah be upon you, to all the Messengers of Allah and, in particular, on the Noble and
Final Messenger Prophet Muhammad (Peace Be Upon Him), his Family, and his Companions.
Be a symbol of excellence in your life. Always dream big and think beyond the dimensions of the Universe. Man is made to
conquer the seven Heavens. Explore the purpose of your existence and discover the enormous potential that is within
oneself. Having faith and trust in Creator will give you the light in the darkness and unchartered territories. There is always
a silver lining beneath the dark skies. A creative mindset makes life simple. Work on your passion by synchronizing your
soul, heart, and mind. We all will die one day, but only a few dare to live the life they wish for.
The Creator has created the entire Universe in six days. There is a great potential to discover the magnificent beauty that
remains unexplored to date. This is only possible by seeking knowledge and applying them in our daily lives.
We are living in end times and witnessing a moment that humanity has not ever experienced before. This is the digital
transformation age. Artificial Intelligence, Blockchain Technology, Cryptocurrency, Business Intelligence, and Big Data are
business norms.
All the information is available in the blink of an eye. Whatever we think in mind comes in front of our screens. These
advancements will change the dynamics of the whole world we live in today. All the traditional and so-called “modern”
methods of doing work will be replaced by cloud computing. The work of accountants, doctors, engineers, pilots will no
longer exist. The irredeemable paper money will be replaced by electronic money. Central Governments will only exist in
name only. Universal Government and a unified taxation system will emerge. Virtual reality will be ordinary. Blind will be
able to see, deaf will be able to hear, without limbs persons will be able to run, and mentally disabled people will utilize the
18
maximum brain capacity through mental chip implants. Teleportation of humans will be done in a blink of an eye.
LETTER FROM MUHAMMAD ZAIN
My advice to all readers around the world is to focus on entrepreneurship after the certification. This is the only way of
survival. Only those businesses are operational who have inelastic demand for their products or services and who are on
cloud computing / virtual workplaces. Furthermore, invest surplus funds in real assets such as Gold, Silver, and property.
They are the effective hedges against inflation and devaluation. They generate positive returns even in times of economic
distress.
I highly recommend that my potential readers pay their interest-bearing debt at the earliest to avoid the debt trap and
never go for this easy money for the foreseeable future, even in the form of credit cards. Housing loans are the blood-
sucking predator. These are all the means to enslave the human race to limit their thinking and imagination capability.
Always spend out of your realized income. Save some funds for your family as a contingency measure.
Allow me the opportunity to present to you the 2022 edition of CIA Part 1 Test Bank Questions. This Test Bank contains the
700+ MCQs with explanation to the correct and incorrect choices to help you prepare for CIA exams conducted by IIA.
This CIA Exam Prep is ideal for all persons working in internal auditing, risk management and compliance reporting
positions. It also equally suitable for those candidates who wish to learn the concepts and principles of Internal Audit.
Aspiring entrepreneurs can also benefit from this CIA review course.
Study with complete dedication and commitment. Make the goal of learning something new and different each day.
Replace your fear with curiosity.

19
LETTER FROM MUHAMMAD ZAIN
Let’s work together towards the common goal of earning a Certified Internal Auditor (CIA) credential. My support and
guidance will be with you TILL YOU PASS THE EXAMS. Furthermore, you can ask as many questions as you wish to either
through WhatsApp (+92 311 222 4261) or email ([email protected] and [email protected]), and I will answer to the best
of my ability.
Your work is going to fill a large part of your life and the only way to be truly satisfied is to do what you believe is great
work. The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with
all matters of the heart, you will know when you find it.
Have the courage to follow your heart and intuition. They somehow already know what you truly want to become.
Everything else is secondary.
Your imagination is everything. It is the preview of life’s coming attractions. Only those who believe anything is possible can
achieve things most would consider impossible.
Don’t let the noise of others’ opinions drown out your own inner voice.
Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose. You
are already naked. There is no reason not to follow your heart.

20
LETTER FROM MUHAMMAD ZAIN
Your time is limited, so don’t waste it living someone else’s life.
I dedicate this work to the Prophet Muhammad (Peace Be Upon Him), Mercy to all the Creation, who has been the source
of inspiration and guidance to humanity.
May the Knowledge delivered by me shall be a continuing blessing for me in the Life Hereafter (Ameen).

With Love and Care,

Muhammad Zain

21
22
Section A – Foundations of Internal Auditing
MULTIPLE CHOICE QUESTION NO. 1
Today’s internal auditor will often encounter a wide range of potential
ethical dilemmas, not all of which are explicitly addressed by The IIA’s
Code of Ethics. If the internal auditor encounters such a dilemma, the
internal auditor should always

A. Seek the counsel of the board before deciding on an action

B. Act consistently with the code of ethics adopted by the organization
even if such action is not consistent with The IIA's Code of Ethics.
C. Seek counsel from an independent attorney to determine the personal
consequences of potential actions.
D. Apply and uphold the principles embodied in The IIA Code of Ethics.
23
Section A – Foundations of Internal Auditing
ANSWER TO QUESTION NO. 1
CORRECT ANSWER IS D . Its Explanation is

The internal auditor should always apply and uphold the principles of The IIA Code of
Ethics. The core principles of the Code are integrity, objectivity, confidentiality, and
competency.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The internal auditor should always apply and uphold the principles of The IIA Code of Ethics. It does not seem practical for the
internal auditor to seek counsel of the board concerning all ethical issues.
Explanation for Choice B:
The internal auditor should always apply and uphold the principles of The IIA Code of Ethics. If the standards of the organization
are not consistent with the profession’s standards, the internal auditor will first be held to the standards of the profession.
Explanation for Choice C:
The internal auditor should always apply and uphold the principles of The IIA Code of Ethics. It does not seem practical for the
internal auditor to seek counsel from an independent attorney concerning all ethical issues. 24
Section A – Foundations of Internal Auditing
MULTIPLE CHOICE QUESTION NO. 3
The proper organizational role of internal auditing is to

A. Serve as the investigative arm of the board of directors.

B. Perform studies to assist in the attainment of more efficient operations.
C. Assist the external auditor in order to reduce external audit fees.
D. Serve as an appraisal function to examine and evaluate activities as a
service to the
organization.

27
Section A – Foundations of Internal Auditing
ANSWER TO QUESTION NO. 3
CORRECT ANSWER IS D . Its Explanation is

The primary role of the internal audit activity is to assist the management of a company in
its responsibility of maintaining effective controls by evaluating the effectiveness of those
controls. In this role, it serves as an appraisal function that adds value to operations.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The role of internal auditing is not limited to serving as the investigative arm of the board. The internal audit activity assists the
management of a company in its responsibility of maintaining effective controls by evaluating the effectiveness of those controls.
Explanation for Choice B:
One of the roles of internal auditing is the performance of studies to assist in the attainment of more efficient operations.
However, primary role of internal auditing is much more than this.
Explanation for Choice C:
Although external audit fees may be reduced as a result of the internal auditing activities, this is not the primary role of internal
auditing. 28
Section A – Foundations of Internal Auditing
MULTIPLE CHOICE QUESTION NO. 5
The benefits from internal auditing include all of the following except

A. Employees benefit because the internal audit activity can help them
effectively perform their jobs.
B. Management benefits because the internal audit activity is able to help
them identify and minimize risks.
C. The external auditor benefits because the internal audit activity is able
to provide an opinion about the accuracy and completeness of the annual
financial statements.
D. Society benefits from internal auditing because the internal auditor
promotes the efficient and effective use of resources.
31
Section A – Foundations of Internal Auditing
ANSWER TO QUESTION NO. 5
CORRECT ANSWER IS C . Its Explanation is

Internal auditors are not able to provide an opinion about the accuracy and
completeness of the annual financial statement. This is solely the responsibility of the
external auditor.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
This is a true statement about the benefit of internal auditing.
Explanation for Choice B:
This is a true statement about the benefit of internal auditing.
Explanation for Choice D:
This is a true statement about the benefit of internal auditing.
32
Section A – Foundations of Internal Auditing
MULTIPLE CHOICE QUESTION NO. 7
The authority of the internal audit activity is limited to that granted by

A. The audit committee and the chief financial officer.

B. Management and the board.
C. Senior management and the Standards.
D. The board and the controller.

35
Section A – Foundations of Internal Auditing
ANSWER TO QUESTION NO. 7
CORRECT ANSWER IS B . Its Explanation is

Management and the board of directors grant authority to the internal

audit activity by means of the internal audit activity's charter.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
No single officer and no single committee grant authority to the internal audit activity.
Explanation for Choice C:
The Standards do not grant authority to the internal audit activity.
Explanation for Choice D:
No single manager grants authority to the internal audit activity.
36
Section A – Foundations of Internal Auditing
MULTIPLE CHOICE QUESTION NO. 9
To avoid being the apparent cause of conflict between an organization's senior
management and the audit committee, the chief audit executive (CAE) should

A. Discuss all reports to senior management with the audit committee first.
B. Strengthen the independence of the internal audit activity through
organizational status.
C. Request board approval of policies that include internal audit activity
relationships with the audit committee.
D. Communicate all engagement results to both senior management and the
audit committee.

39
Section A – Foundations of Internal Auditing
ANSWER TO QUESTION NO. 9
CORRECT ANSWER IS C . Its Explanation is

The purpose, authority and responsibility of the internal audit activity should be defined
in the charter. The charter should establish the internal audit activity's position within the
organization.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The audit committee provides an oversight role, not an operational.
Explanation for Choice B:
Strengthening the independence of the internal audit activity would not necessarily eliminate a conflict
between senior management and audit committee.
Explanation for Choice D:
Communicating all engagement results to both senior management and the audit committee is not necessary
and would be inefficient. 40
Section A – Foundations of Internal Auditing
MULTIPLE CHOICE QUESTION NO. 11
Internal auditors should be prudent in their relationships with persons
and organizations external to their employers. Which of the following
activities will most likely not adversely affect internal auditors’ ethical
behavior?

A. Discussing engagement plans or results with external parties.

B. Serving as consultants to competitor organizations.
C. Accepting compensation from professional organizations for consulting
work.
D. Serving as consultants to suppliers.
43
Section A – Foundations of Internal Auditing
ANSWER TO QUESTION NO. 11
CORRECT ANSWER IS C . Its Explanation is
Accepting compensation from professional organizations for consulting work is not
likely to impair, or be presumed to impair the internal auditors’ professional judgment.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Rule of Conduct 3.1 states that internal auditors shall be prudent in the use and protection of
information in the course of their duties.
Explanation for Choice B:
Serving as consultants to competitor organizations might create a conflict of interest.
Explanation for Choice D:
Serving as consultants to suppliers might create a conflict of interest.
44
Section A – Foundations of Internal Auditing
MULTIPLE CHOICE QUESTION NO. 51
Which of the following is an element of authority that should be included in the
internal audit activity's charter?

A. Access to the external auditors' engagement records.

B. Access to records, personnel, and physical properties relevant to the
performance of engagements.
C. Identification of the organizational units in which engagements are to be
performed.
D. Samples of the types of disclosures that should be made to the audit
committee.
123
Section A – Foundations of Internal Auditing
ANSWER TO QUESTION NO. 51
CORRECT ANSWER IS B . Its Explanation is

This would be included in the internal audit activity's charter.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
This would not be included in the internal audit activity's charter.
Explanation for Choice C:
This would not be included in the internal audit activity's charter.
Explanation for Choice D:
This would not be included in the internal audit activity's charter. 124
Section A – Foundations of Internal Auditing
MULTIPLE CHOICE QUESTION NO. 53
According to the IIA Code of Ethics, which of the following are four principles
relevant to the professional care that internal auditors should apply in their
practice of internal auditing?

A. Judgment, interest, authority, and experience.

B. Trust, communication, value, and performance.
C. Integrity, objectivity, confidentiality, and competency.
D. Reliance, evaluation, information, and service.

127
Section A – Foundations of Internal Auditing
ANSWER TO QUESTION NO. 53
CORRECT ANSWER IS C . Its Explanation is

These are the four principles that are included in the IIA's Code of Ethics.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
These are not the four principles that are included in the IIA's Code of Ethics.
Explanation for Choice B:
These are not the four principles that are included in the IIA's Code of Ethics.
Explanation for Choice D:
These are not the four principles that are included in the IIA's Code of Ethics. 128
Section A – Foundations of Internal Auditing
MULTIPLE CHOICE QUESTION NO. 55
According to the IIA Code of Ethics, the principle of integrity requires internal
auditors to do which of the following?

A. Be prudent in the use and protection of the information acquired in the course
of their duties.
B. Respect and contribute to the legitimate and ethical objectives of the
organization.
C. Continually improve their proficiency, effectiveness, and quality of services.
D. Not accept anything that may impair or be presumed to impair their
professional judgment.

131
Section A – Foundations of Internal Auditing
ANSWER TO QUESTION NO. 55
CORRECT ANSWER IS B . Its Explanation is

This is a requirement of the principle of Integrity.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
This is a requirement of the principle of Confidentiality.
Explanation for Choice C:
This is a requirement of the principle of Competency.
Explanation for Choice D:
This is a requirement of the principle of Objectivity
132
Section A – Foundations of Internal Auditing
MULTIPLE CHOICE QUESTION NO. 57
An internal auditor who encounters an ethical dilemma not explicitly addressed by
The IIA’s Code of Ethics should always:

A. Seek the counsel of the audit committee before deciding on an action.

B. Act consistently with the employing organization’s code of ethics, even if such
action would not be consistent with The IIA’s Code of Ethics.
C. Take action consistent with the principles embodied in The IIA’s Code of Ethics.
D. Seek counsel from an independent attorney to determine the personal
consequences of potential actions.

135
Section A – Foundations of Internal Auditing
ANSWER TO QUESTION NO. 57
CORRECT ANSWER IS C . Its Explanation is

This is consistent with the concepts embodied in The IIA’s Code of Ethics.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
It would not be practical to seek the audit committee’s advice for all potential dilemmas. Further, the advice might not be
consistent with the profession’s standards.
Explanation for Choice B:
If the organization’s standards are not consistent with, or as high as, the profession’s standards, the professional internal
auditor should abide by the standards of the profession.
Explanation for Choice D:
The auditor must act consistently with the spirit embodied in The IIA’s Code of Ethics. It would not be practical to seek the
advice of legal counsel for all ethical decisions. Ethics is a moral and professional concept, not just a legal concept. 136
Section A – Foundations of Internal Auditing
MULTIPLE CHOICE QUESTION NO. 59
The function of internal auditing, as related to internal financial reports,
would be to:

A. Identify inadequate controls that increase the likelihood of unauthorized

expenditures.
B. Determine if there are any employees expending funds without authorization.
C. Review the expenditure items and match each item with the expenses incurred.
D. Ensure compliance with reporting procedures.

139
Section A – Foundations of Internal Auditing
ANSWER TO QUESTION NO. 59
CORRECT ANSWER IS A . Its Explanation is

Internal auditors are responsible for identifying inadequate controls.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
This would be a function of the personnel and/or finance departments.
Explanation for Choice C:
There is no expected match of funds flows with expense items in a single time period.
Explanation for Choice D:
The Standards do not require internal auditors to ensure compliance with reporting procedures.
140
143
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 1
An appropriate internal auditing role in a feasibility study is to

A. Ascertain if the feasibility study addresses cost-benefit relationships.

B. Participate in the drafting of recommendations for the computer
acquisition and implementation.
C. Serve on the task force for the preliminary survey.
D. Determine the requirements for preparing a manual of specifications.

144
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 1
CORRECT ANSWER IS A . Its Explanation is
Internal auditors must consider standards of control and review procedures before
implementation. But objectivity would be considered to be impaired if they would design, install,
draft procedures, or operate systems (PA 1120-1). Therefore, ascertaining if the feasibility study
addresses cost-benefit relationships would be an appropriate role for the internal auditor.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
It would be most appropriate for this task to be assigned to a trained technician.
Explanation for Choice C:
Serving on a task force for a preliminary survey would be an appropriate role for management.
Explanation for Choice D:
Determining the requirements for preparing a manual of specifications would be a task for
management. 145
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 3
In which of the following situations does an internal auditor potentially lack
objectivity?

A. An internal auditor recommends standards of control and performance

measures for a contract with a service organization for the processing of payroll
and employee benefits.
B. An internal auditor reviews the procedures for a new electronic data
interchange (EDI) connection to a major customer before it is implemented.
C. A payroll accounting employee assists an internal auditor in verifying the
physical inventory of small motors.
D. A former purchasing assistant performs a review of internal controls over
purchasing 4 months after being transferred to the internal auditing activity.
148
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 3
CORRECT ANSWER IS D . Its Explanation is
Persons transferred to, or temporarily engaged by, the internal audit activity should not be
assigned to audit those activities they previously performed or for which they had management
responsibility until at least one year has elapsed. Such assignments are presumed to impair
objectivity, and additional consideration should be exercised when supervising the engagement
work and communicating engagement results (PA 1130.A1-1).

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Objectivity is not impaired when the internal auditor recommends standards of control and performance standards for
systems.
Explanation for Choice B:
In this situation objectivity is not affected when the internal auditor reviews the procedures before they are implemented.
Explanation for Choice C:
It is acceptable for the internal auditor to be assisted by staff that does not work in areas where the engagement is being
performed.
149
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 5
The organizational status of the internal audit activity

A. Is guaranteed when the charter specifically defines its independence.

B. Requires the board's annual approval of the engagement work
schedule, staffing plan, and financial budget.
C. Should be sufficient to permit the accomplishment of its
responsibilities.
D. Is best when the reporting relationship is direct to the board of
directors.

152
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 5
CORRECT ANSWER IS C . Its Explanation is

The IAA should be independent, and internal auditors must be objective in

performing their work.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The charter outlines the reporting structure, but it does not guarantee independence.
Explanation for Choice B:
Senior management will approve the IIA's work schedule, staffing plan, and financial budget. The board will play
a support and oversight role.
Explanation for Choice D:
The IAA will still need to report to management. Ideally, the CAE should administratively report to the CEO.
153
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 7
Which of the following activities would not be presumed to impair the
independence of an internal auditor?
I. Recommending standards of control for a new computer application.
II. Drafting procedures for running a new computer application to ensure that
proper controls are installed.
III. Performing reviews of procedures for a new computer application before it is
installed.

A. I only.
B. II only.
C. I and III.
D. III only.
156
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 7
CORRECT ANSWER IS C . Its Explanation is
These activities (I and III) are presumed not to impair independence. However, designing, installing,
and operating systems are not audit functions and should not be done by internal auditors. In
addition, the drafting of procedures for systems is not an audit function. Performing such activities
is presumed to impair audit objectivity.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
See the correct answer for the explanation.
Explanation for Choice B:
See the correct answer for the explanation.
Explanation for Choice D:
See the correct answer for the explanation.
157
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 9
A service organization is currently experiencing a significant downsizing and process reengineering. Its board of
directors has redefined the business goals and established initiatives using in-house developed technology to
meet these goals. As a result, a more decentralized approach has been adopted to run the business functions by
empowering the business branch managers to make decisions and perform functions traditionally done at a
higher level. The internal auditing staff is made up of the chief audit executive (CAE), two managers, and five
staff auditors, all with financial background. In the past, the primary focus of successful internal audit activities
(IAA) has been the service branches and the six regional division headquarters, which support the branches.
These division headquarters are the primary targets for possible elimination. The support functions such as
human resources, accounting, and purchasing will be brought into the national headquarters, and technology
will be enhanced to enable and augment these operations.
Up to this point, the IAA has reported to the chief operating officer. Due to the significant changes, there has
been some discussion as to changing this reporting relationship. What would be the best reporting relationship?
A. Administratively to the chief financial officer and functionally to the president.
B. Administratively and functionally to the president.
C. Administratively to the president, functionally to the board.
D. Administratively and functionally to the chief operating officer. 160
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 9
CORRECT ANSWER IS C . Its Explanation is
The CAE should report to a level within the organization that allows the IAA to fulfill its
responsibility. Ideally, the CAE should report administratively the chief executive officer and
functionally to the audit committee, board of directors, or other equivalent governing authority.
This reporting system is best to ensure the independence of the IAA.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The CAE should communicate directly with the audit committee, board of directors, or other governing authority.
Explanation for Choice B:
The CAE should communicate directly with the audit committee, board of directors, or other governing authority.
Explanation for Choice D:
This type of reporting system may impair independence of the IAA. The CAE should communicate directly with the
audit committee, board of directors, or other governing authority.

161
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 11
Which of the following statements is an appropriate reason for the internal
audit activity not to participate in the systems development process?

A. Participation will affect independence, and the internal auditors will not be
able to perform an objective evaluation after the system is implemented.
B. Participation will cause the internal auditors to be labeled as partial owners
of the application, and they will then have to share the blame for any problems
that remain in the system.
C. Participation will delay implementation of the project.
D. None of the answers are correct.

164
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 11
CORRECT ANSWER IS D . Its Explanation is

Objectivity is not impaired as long as participation is restricted to recommending

standards of control, or reviewing procedures. The auditor's objectivity is considered
to be impaired if the auditor designs, installs, or drafts procedures for, or operates
such systems (PA 1120-1).
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
The IAA is able to recommend standards of control or review procedures during systems development.
Objectivity would be impaired if the IAA were to design, install or operate the system.
Explanation for Choice B:
The IAA is able to participate in system's development as long as this participation is not involved in the design,
installation or systems operations.
Explanation for Choice C:
IAA's participation in the project would not delay the implementation. 165
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 31
The internal audit activity (IAA) of an organization has been in existence for 10 years, but the board has not yet approved its charter.
However, the board is chaired by the chief executive officer (CEO) and includes the controller and one outside board member. The
chief audit executive (CAE) reports directly to the controller who approves the IAA's work schedule. Thus, the IAA has never felt the
need to push for a formal approval of the charter. The organization is publicly held and has nine major divisions. The previous CAE was
recently dismissed following a dispute between the CAE and a major engagement client. A new CAE with significant experience in both
public accounting and internal auditing has just been hired. Within the first month, the new CAE encountered substantial resistance
from an engagement client regarding the nature of the work and the IAA's access to records. Moreover, the CEO accused the CAE of
not operating "in the best interests of the organization."
From the perspective of the internal audit activity, which of the following facts, by themselves, could contribute to a lack of
independence?
I. The CEO accused the new director of not operating "in the best interests of the organization."
II. The majority of audit committee members come from within the organization.
III. The IAA's charter has not been approved by the board.
A. II and III only.
B. I only.
C. I, II, and III.
D. II only. 204
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 31
CORRECT ANSWER IS C . Its Explanation is
The statement of the CEO indicates a lack of support of the IAA position. Also, the lack of audit
committee members from the outside could contribute to a loss of independence. The charter
enhances the independence of the IAA because it specifies the purpose, authority and responsibility of
the IAA.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Any one of the three instances could contribute to a lack of independence.
Explanation for Choice B:
Any one of the three instances could contribute to a lack of independence.
Explanation for Choice D:
Any one of the three instances could contribute to a lack of independence.
205
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 33
The audit committee may serve several important purposes, some of which
directly benefit the internal audit activity. The most significant benefit provided by
the audit committee to the internal audit activity is

A. Reviewing copies of the procedures manuals for selected organizational

operations and meeting with organizational officials to discuss them.
B. Protecting the independence of the internal audit activity from undue
management influence.
C. Reviewing annual engagement work schedules and monitoring engagement
results.
D. Approving engagement work schedules, scheduling, staffing, and meeting with
the internal auditors as needed.
208
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 33
CORRECT ANSWER IS B . Its Explanation is

The most important function of the audit committee is to protect the independence of
the internal audit activity from undue management influence.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
None of the mentioned activities is as important as protecting the independence of the internal audit activity.
Explanation for Choice C:
None of the mentioned activities is as important as protecting the independence of the internal audit activity.
Explanation for Choice D:
None of the mentioned activities is as important as protecting the independence of the internal audit activity.
209
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 35
Organizational independence exists if the CAE reports [Blank A] to the CEO or similar level
of the organization as long as the internal audit activity [Blank B] without interference

A. Blank A: functionally; Blank B: controls the scope and performance of work and
reporting of results.
B. Blank A: functionally; Blank B: approves the internal audit budget and risk-based
internal audit plan.
C. Blank A: administratively; Blank B: controls the scope and performance of work and
reporting of results.
D. Blank A: administratively; Blank B: approved the internal audit budget and risk-based
internal audit plan.

212
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 35
CORRECT ANSWER IS C . Its Explanation is
IIA Standard 1110 states that the CAE “must confirm to the board, at least annually, the organizational independence of
the internal audit activity.” Organizational independence exists if the CAE: Reports functionally to the board, has direct and
unrestricted access to the board, reports administratively to the CEO or a similar head of the organization, or reports
administratively to some other organizational level so long as the internal audit activity controls the scope of work,
performance of the work, and the reporting of results without interference.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
See the correct answer for an explanation.
Explanation for Choice B:
See the correct answer for an explanation.
Explanation for Choice D:
See the correct answer for an explanation.

213
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 37
The independence of the internal audit department may be impaired in which
of the following situations?

A. The CAE reports functionally to the board of directors.

B. The CAE has an established reporting relationship with the audit committee.
C. The internal audit department has responsibility for the organization’s risk
and compliance areas.
D. The internal audit department has unrestricted access to information,
people, and records throughout the organization.

216
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 37
CORRECT ANSWER IS C . Its Explanation is
The interpretation of Standard 1112 notes that organizational independence may be impaired or appear to
be impaired if the CAE assumes roles/responsibilities outside of internal auditing. Standard 1112 states that if
this occurs, safeguards must be in place to limit impairments to independence or objectivity.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Standard 1110 interpretation states: “Organizational independence is effectively achieved when the CAE reports functionally to the board.”
Explanation for Choice B:
According to IIA Practice Guide, Independence and Objectivity, direct and unrestricted access to the governing body allows the internal
activity to be insulated form possible threats to independence.
Explanation for Choice D:
This would not impair the independence of the internal audit department.

217
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 39
An internal auditor assigned to audit a vendor’s compliance with product quality
standards is the brother of the vendor’s controller. The auditor should:

A. Notify the CAE of the potential conflict of interest.

B. Accept the assignment, but disclose the relationship in the engagement final
communication.
C. Notify the vendor of the potential conflict of interest.
D. Accept the assignment, but avoid contact with the controller during fieldwork.

220
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 39
CORRECT ANSWER IS A . Its Explanation is

Practice Advisory 1130-1 states that internal auditors should report to the CAE any
situations in which a conflict of interest or bias is present or may reasonably be inferred.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
Situations of potential conflict of interest or bias should be avoided, not merely disclosed.
Explanation for Choice C:
Conflicts of interest should be reported to the CAE, not the vendor or engagement client.
Explanation for Choice D:
Even if the auditor avoided contact with the controller, there would still be the appearance of conflict of interest.

221
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 41
In which of the following situations does the internal auditor potentially lack
objectivity?

A. An internal auditor recommends standards of control and performance

measures for contracting with a service organization.
B. Four months after being transferred to the internal audit activity, a former
purchasing assistant performs a review of internal controls over purchasing.
C. A payroll accounting employee assists an internal auditor in verifying the
physical inventory of small motors.
D. An internal auditor reviews the procedures for a new electronic data
interchange connection for a customer before itis implemented.
224
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 41
CORRECT ANSWER IS B . Its Explanation is
In order to maintain objectivity, an internal auditor should not be involved in an engagement in
an area where they have worked in the past 12 months. In this situation, the internal auditor's
objectivity would be impaired in respect to the purchasing department.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
This is not a potential impairment to the objectivity of the internal auditor.
Explanation for Choice C:
This is not a potential impairment to the objectivity of the internal auditor.
Explanation for Choice D:
This is not a potential impairment to the objectivity of the internal auditor. 225
Section B – Independence and Objectivity
MULTIPLE CHOICE QUESTION NO. 43
According to the International Professional Practices Framework, the
independence of the internal audit activity is achieved through:

A. Human relations and communications.

B. Organizational status and objectivity.
C. Staffing and supervision.
D. Continuing professional development and due professional care.

228
Section B – Independence and Objectivity
ANSWER TO QUESTION NO. 43
CORRECT ANSWER IS B . Its Explanation is
According to Practice Advisory 1110-1, organizational status and objectivity permit members
of the internal audit activity to render the impartial and unbiased judgments essential to the
proper conduct of engagements.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Human relations and communications relate to the professional proficiency of the internal auditor.
Explanation for Choice C:
Staffing and supervision relate to the professional proficiency of the internal audit activity.
Explanation for Choice D:
Continuing professional development and due professional care relate to the professional proficiency of the internal auditor.

229
230
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 1
If a review of the working papers of the last audit of cash operations revealed that
a recently discovered fraudulent transaction was not included in a properly
designed statistical sample of transactions tested, which of the following is a valid
conclusion?

A. Extraordinary care is required in the performance of a cash operations audit and

the auditor should be held responsible for the oversight.
B. Since cash operations are a high-risk area, a test of all transactions should have
been performed.
C. The audit was performed with due professional care since an appropriate
statistical sample of material transactions was tested.
D. Fraud should not have gone undetected in a recently audited area. 231
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 1
CORRECT ANSWER IS C . Its Explanation is

Due professional care implies reasonable care and competence, not infallibility.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Due care implies reasonable care and competence, not infallibility or extraordinary performance.
Explanation for Choice B:
Due professional care requires the auditor to conduct examinations and verifications to a reasonable
extent, but does not require detailed audits of all transactions.
Explanation for Choice D:
Internal auditors cannot give absolute assurance that noncompliance or irregularities do not exist.
232
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 3
What is the most appropriate solution to resolve staff communication problems
with engagement clients?

A. Avoid unnecessary communication with engagement clients.

B. Provide staff with sufficient training to enhance communication skills.
C. Meet with engagement clients to resolve communication problems.
D. Discuss communication problems with staff auditors.

235
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 3
CORRECT ANSWER IS B . Its Explanation is
Internal auditors must have skills in oral and written communications so that they can clearly and
effectively convey such matters as engagement objectives, evaluations, conclusions, and
recommendations (PA 1210-1). In this case the CAE should provide staff with sufficient training to
enhance communication skills.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The issue is with quality of communication, rather than quantity of communication.
Explanation for Choice C:
Poor staff communication skills can be resolved with training, not by meeting with the engagement
clients.
Explanation for Choice D:
Staff communication problems can be resolved with training. 236
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 5
A chief audit executive (CAE) has reviewed credentials, checked references, and
interviewed a candidate for a staff position. The CAE concludes that the candidate has a
thorough understanding of internal auditing techniques, accounting, and finance.
However, the candidate has limited knowledge of economics and information technology.
Which action is most appropriate?

A. Encourage the candidate to obtain additional training in economics and information

technology and then reapply.
B. Reject the candidate because of the lack of knowledge required by the Standards.
C. Offer the candidate a position despite lack of knowledge in certain essential areas.
D. Offer the candidate a position if other staff members possess sufficient knowledge in
economics and information technology.
239
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 5
CORRECT ANSWER IS D . Its Explanation is

It is not necessary for each member of the IAA to be qualified in all areas as long as they
collectively possess or obtain the knowledge, skills, and other competencies needed to
perform its responsibilities.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Encouraging the candidate to obtain additional training will not fulfill the current staffing
needs.
Explanation for Choice B:
The Standards do not require that the internal auditor possess all knowledge on all subjects.
Explanation for Choice C:
The needs of the department may not be adequately fulfilled.
240
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 7
An internal auditor is assigned to perform an engagement to evaluate the organization's insurance
program, including the appropriateness of the approach to minimizing risks. The organization self-
insures against large casualty losses and health benefits provided for all its employees. It is a large
national entity with over 15,000 employees located in various parts of the country. It uses an outside
claims processor to administer its health care program. The organization's medical costs have been
rising by approximately 8% per year for the past five years, and management is concerned with
controlling these costs.
When the engagement was assigned, management asked the internal auditor to evaluate the
appropriateness of using self-insurance to minimize risk to the organization. Given the scope of the
engagement requested by management, should the internal auditor engage an actuarial consultant to
assist in the engagement if these skills do not exist on staff?
A. Yes. An actuary is essential to determine whether the health care costs are reasonable.
B. No. It is a normal internal auditor function to assess risk; this engagement is therefore not unique.
C. Yes. The actuary has skills, not usually found among internal auditors, to identify and quantify self-
insurance risks.
D. No. The internal audit activity is skilled in assessing controls, and the insurance control concepts are
not distinctly different from other control concepts.
243
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 7
CORRECT ANSWER IS C . Its Explanation is
It would be appropriate to engage the services of an actuary, since these skills are generally outside the scope of
the IAA. External service providers include actuaries, accountants, appraisers, culture or language experts,
environmental specialists, fraud investigators, lawyers, engineers, geologists, security specialists, statisticians,
informational technology specialists, the organization's external auditors, and other audit organizations. An
external service provider may be engaged by the board, senior management, or the chief audit executive (CAE) (PA
1210.A1-1).
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
The function of the actuary would be to assess risk and cost, not determine if health care costs are reasonable. The internal
auditor might be able to determine if health care costs are reasonable.
Explanation for Choice B:
Assessing risk related to self-insurance is generally outside the scope of the IAA. Therefore, an actuary may need to be engaged.
Explanation for Choice D:
Assessing risk related to self-insurance is generally outside the scope of the IAA. Therefore, an actuary may need to be engaged.

244
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 9
An internal auditor has some suspicion of, but no information about, of potential
misstatement of financial statements. The internal auditor has failed to exercise due
professional care if he or she

A. Did not test for possible misstatement because the engagement work program had
already been approved by engagement management.
B. Identified potential ways in which a misstatement could occur and ranked the items
for investigation.
C. Expanded the engagement work program, without the engagement client's
approval, to address the highest ranked ways in which a misstatement may have
occurred.
D. Informed the engagement manager of the suspicions and asked for advice on how
to proceed. 247
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 9
CORRECT ANSWER IS A . Its Explanation is
It is expected that engagement work programs can be modified if changes in the work
environment have changed. Thus, the internal auditor would not be exercising due
professional care if he or she failed to investigate a possible misstatement based on the fact
that the work program had already been approved.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
Identifying potential ways in which a misstatement could occur and ranking them is exercising
due professional care on part of the internal auditor.
Explanation for Choice C:
Approval from the engagement client is not needed in this case.
Explanation for Choice D:
Asking for advice is exercising due professional care.
248
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 11
Use of outside service providers with expertise in health care benefits is
appropriate when the internal audit activity is

A. Training its staff to conduct an audit of health care costs in a major division of
the organization.
B. All of the answers are correct.
C. Evaluating the organization's estimate of its liability for postretirement
benefits, which include health care benefits.
D. Comparing the cost of the organization's health care program with other
programs offered in the industry.

251
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 11
CORRECT ANSWER IS B . Its Explanation is
Calculating health care benefits can be very complex, and the internal auditor may not possess
all of the necessary knowledge or skills to adequately complete the engagement. In this case,
it would be appropriate to employ an outside consulting service company who has the
necessary skills to perform all or some of the engagement.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Due to the complexity of calculating health care costs an outside consulting service may be required to assist the internal auditor
perform all or some of the engagement.
Explanation for Choice C:
Due to the complexity of calculating health care costs an outside consulting service may be required to assist the internal auditor
perform all or some of the engagement.
Explanation for Choice D:
Due to the complexity of calculating health care costs an outside consulting service may be required to assist the internal auditor
perform all or some of the engagement. 252
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 125
Which of the following most likely constitutes a violation of The IIA’s Code of Ethics?
A. Auditor D discovered an internal financial fraud during the year. The books were adjusted to
properly reflect the loss associated with the fraud. Auditor D discussed the fraud with the external
auditor when the external auditor reviewed working papers detailing the incident.
B. Auditor A has accepted an assignment to perform an engagement at the electronics
manufacturing division. Auditor A has recently joined the internal audit activity. But Auditor A was
senior auditor for the external audit of that division and has audited many electronics
organizations during the past 2 years.
C. Auditor B has been assigned to perform an engagement at the warehousing function 6 months
from now. Auditor B has no expertise in that area but accepted the assignment anyway. Auditor B
has signed up for continuing professional education courses in warehousing that will be completed
before the assignment begins.
D. Auditor C is content as an internal auditor and has come to look at it as a regular 9-to-5 job.
Auditor C has not engaged in continuing professional education or other activities to improve
477
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 125
CORRECT ANSWER IS D . Its Explanation is
Rule of Conduct 4.3 under the competency principle states, “Internal auditors shall continually
improve their proficiency and the effectiveness and quality of their services.”

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The information was disclosed as part of the normal process of cooperation between the internal and external auditor.
Because the books were adjusted, the external auditor was expected to inquire as to the nature of the adjustment.
Explanation for Choice B:
No professional conflict of interest exists per se, especially given that the internal auditor was previously in public
accounting. However, the internal auditor should be aware of potential conflicts.
Explanation for Choice C:
An internal auditor must possess the necessary knowledge, skills, and competencies at the time an engagement is
conducted, not the time it is accepted. 478
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 127
Under The IIA’s Code of Ethics, an entity that provides internal auditing services is
specifically required to

A. Maintain certain predetermined staffing requirements for engagements.

B. Comply with the International Standards for the Professional Practice of Internal
Auditing.
C. Participate in a formal continuing education program.
D. Comply with organizational policy.

481
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 127
CORRECT ANSWER IS B . Its Explanation is
The IIA’s Code of Ethics applies not only to individuals but also to entities that provide internal auditing
services. Rule of Conduct 4.2 under the competency principle states, “Internal auditors shall perform internal
audit services in accordance with the International Standards for the Professional Practice of Internal
Auditing.”
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
Staffing requirements must be determined based on the circumstances of each engagement.
Explanation for Choice C:
The Code requires compliance with the Standards, and the Standards require internal auditors to enhance their
knowledge, skills, and other competencies through continuing professional development, but neither the Code nor
the Standards require formal continuing education.
Explanation for Choice D:
The Code requires internal auditors to respect and contribute to the legitimate and ethical objectives of the
organization and not engage in acts discreditable to the organization. However, the Code does not specifically
mention compliance with organizational policy. 482
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 129
The chief audit executive meets with the members of the internal audit activity at
scheduled staff meetings. Which of the following is the most appropriate function
of such a staff meeting?

A. Revising travel, promotion, and compensation policies.

B. Explaining administrative policies and obtaining suggestions from the staff.
C. Developing long-range training programs that will meet the staff’s needs.
D. Developing the engagement work schedule.

485
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 129
CORRECT ANSWER IS B . Its Explanation is
One reason for staff meetings is to explain routine administrative matters, to teach new
techniques, and even to let off steam. For example, staff members should be able to raise
questions about ineffective procedures, promotions, salaries, or other problems.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Management of the internal audit activity should revise travel, promotion, and compensation policies.
Explanation for Choice C:
Developing long-range training programs that will meet the staff’s needs should be done by
management of the internal audit activity.
Explanation for Choice D:
Management of the internal audit activity should develop engagement work schedules. 486
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 131
Which one of the following is not included in the internal audit charter?

A. Risk assessment of the internal audit activity.

B. Authority of the internal audit activity.
C. Responsibility of the internal audit activity.
D. Purpose of the internal audit activity.

489
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 131
CORRECT ANSWER IS A . Its Explanation is

A risk assessment is not appropriate for inclusion in the internal audit

charter.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
The appropriate contents of the internal audit charter are the purpose, authority, and responsibility of the internal audit
activity.
Explanation for Choice C:
The appropriate contents of the internal audit charter are the purpose, authority, and responsibility of the internal audit
activity.
Explanation for Choice D:
The appropriate contents of the internal audit charter are the purpose, authority, and responsibility of the internal audit
activity. 490
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 133
The internal audit charter includes all of the following except

A. The nature of the chief audit executive’s relationship with the board.
B. The internal auditor’s responsibility to provide assurance and consulting
services.
C. The organization’s core values, mission, and vision statements.
D. A formal definition of the purpose, authority, and responsibility of the
internal audit activity.

493
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 133
CORRECT ANSWER IS C . Its Explanation is
The core values, mission, and vision statements of the organization are not included in the internal audit charter. The
interpretation of Standard 1000, defines the internal audit charter as “a formal document that defines the internal audit activity’s
purpose, authority, and responsibility. The internal audit charter establishes the internal audit activity’s position within the
organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access
to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal
audit activities. Final approval of the internal audit charter resides with the board.”
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
The nature of the chief audit executive’s functional reporting relationship with the board is defined in the internal audit charter. This
includes the CAE’s functional and administrative reporting lines and the level of authority required for the internal audit activity to perform
engagements and fulfill its agreed-upon objectives and responsibilities.
Explanation for Choice B:
The internal audit charter for the internal audit activity defines the internal audit activity’s purpose, authority, and responsibility. The
internal audit activity’s responsibility to provide the organization with assurance and consulting services is defined in the internal audit
charter.
Explanation for Choice D:
The internal audit charter includes a formal definition of the purpose, authority, and responsibility of the internal audit activity. 494
The
internal audit charter should be discussed among the CAE, senior management, and the board to mutually agree upon (1) the internal
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 135
Which of the following is not appropriate for inclusion in the internal audit
charter?

A. The nature of the chief audit executive’s functional reporting relationship

with the board.
B. Authorization of internal audit access to records, personnel, and physical
properties.
C. Authorization of the board to approve the charter.
D. Definition of the scope of internal audit activities.

497
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 135
CORRECT ANSWER IS C . Its Explanation is

Final approval of the internal audit charter resides with the board. The board has
this power inherently.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The nature of the chief audit executive’s functional reporting relationship with the board is one of the
elements to be included in the internal audit charter.
Explanation for Choice B:
Authorization of internal audit access to records, personnel, and physical properties is one of the elements to
be included in the internal audit charter.
Explanation for Choice D:
Definition of the scope of internal audit activities is one of the elements to be included in the internal audit
charter. 498
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 137
Which one of the following must be included in the internal audit charter?

A. Number of full-time internal audit employees deemed to be the necessary

minimum.
B. Internal audit responsibility.
C. Internal audit objectivity.
D. Chief audit executive’s compensation plan.

501
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 137
CORRECT ANSWER IS B . Its Explanation is

The purpose, authority, and responsibility of the internal audit activity must be formally
defined in an internal audit charter.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The staffing of the internal audit activity is determined by the CAE and the board; it is not an
appropriate matter to include in the internal audit charter.
Explanation for Choice C:
Objectivity is an attribute of individual auditors and is not included in the internal audit charter.
Explanation for Choice D:
The CAE’s compensation plan is not an appropriate matter to include in the internal audit charter. 502
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 139
Internal auditing has planned an engagement to evaluate the effectiveness of the quality assurance
function as it affects the receipt of goods, the transfer of the goods into production, and the scrap
costs related to defective items. The engagement client argues that such an engagement is not
within the scope of the internal audit activity and should come under the purview of the quality
assurance department only. What is the most appropriate response?

A. Because quality assurance is a new function, seek the approval of management as a mediator to
set the scope of the engagement.
B. Terminate the engagement because it will not be productive without the client’s cooperation.
C. Indicate that the engagement will evaluate the function only in accordance with the standards
set by, and approved by, the quality assurance function before beginning the engagement.
D. Refer to the internal audit activity’s charter and the approved engagement plan that includes the
area designated for evaluation in the current time period.
505
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 139
CORRECT ANSWER IS D . Its Explanation is

The written charter, approved by the board, defines the scope of internal audit
activities.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The engagement client does not determine the scope of this type of assurance engagement. A scope limitation
imposed by the client might prevent the internal audit activity from achieving its objectives.
Explanation for Choice B:
The internal auditors must conduct the engagement and communicate any scope limitations to management and
the board.
Explanation for Choice C:
Other objectives may be established by management and the internal auditors. The engagement is not limited to
the specific standards set by the quality assurance department. It considers such standards in the development of
the engagement program. 506
Section C – Proficiency and Due Professional Care
MULTIPLE CHOICE QUESTION NO. 141
The transportation department of a publicly held company has asked the internal audit
activity to review the design specifications for a proposed new warehouse and repair
facility. The best reason for the internal audit activity to decline the request is

A. The CEO and the head of the transportation department are neighbors and belong
to the same social clubs.
B. The transportation department’s budget is immaterial to the organization’s total
budget.
C. Such a review does not fall within the authority granted in the internal audit charter.
D. The internal audit activity performed a thorough review of the transportation
department the previous year.
509
Section C – Proficiency and Due Professional Care
ANSWER TO QUESTION NO. 141
CORRECT ANSWER IS C . Its Explanation is
The internal audit activity’s purpose, authority, and responsibility are specifically granted in the form of a
written charter approved by the board.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
An attitude of independence is required for internal auditors, not for auditees and management.
Explanation for Choice B:
Internal audit engagements are scheduled based on a risk assessment, only one of the elements of
which is monetary materiality.
Explanation for Choice D:
Internal audit engagements are scheduled based on a risk assessment, not simply time elapsed since
the last engagement.
510
513
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 1
An internal audit activity (IAA) is currently undergoing its first external quality assurance review since its formation
three years ago. From interviews, the review team is informed of certain internal auditor activities over the past
year. Which of the following activities could affect the quality assurance review team's evaluation of the objectivity
of the internal auditors?
A. One internal auditor told the review team that, during an engagement to review the payroll function, he was
approached by the payroll manager. The manager indicated he was looking for an accountant to prepare his
financial statements for his part-time business. The internal auditor agreed to perform this work for a reduced fee
during non-work hours.
B. An internal auditor's participation was requested on a task force to reduce the organization's inventory losses
from theft and shrinkage. This is the first consulting assignment undertaken by the internal audit activity. The
internal auditor's role is to advise the task force on appropriate control techniques.
C. During an engagement to review the construction of a building addition to the organization's headquarters, the
vice president of facilities management gave the internal auditor a commemorative mug with the organization's
logo. These mugs were distributed to all employees present at the ground-breaking ceremony.
D. After reviewing the installation of a data processing system, the internal auditor made recommendations on
standards of control. Three months after completion of the engagement, the engagement client requested the
internal auditor's review of certain procedures for adequacy. The internal auditor agreed and performed this
review.

514
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 1
CORRECT ANSWER IS A . Its Explanation is
It is unethical for an internal auditor to accept a fee or gift from an employee, client, customer, supplier,
or business associate. Accepting a fee or gift may create the appearance that the auditor's objectivity
has been impaired. The appearance that objectivity has been impaired may apply to current and future
engagements conducted by the auditor.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
As long as the internal auditor does not take on operating responsibility it is acceptable to recommend
standards of control or review procedures before implementation.
Explanation for Choice C:
The receipt of the mug would not be considered an impairment to objectivity.
Explanation for Choice D:
Recommending standards of control or reviewing procedures before implementation will not impair
objectivity. 515
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 3
A quality assurance program of a company's internal audit activity (IAA) provides
reasonable assurance that audit work conforms with applicable standards. Which of
the following activities are designed to provide feedback on the effectiveness of the
IAA?
I. Proper supervision.
II. Proper training.
III. Internal assessments.
IV. External assessments.

A. I, II, III, IV.

B. II, III, IV.
C. I, III, IV.
D. I, II, III.
518
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 3
CORRECT ANSWER IS C . Its Explanation is
The purpose of a quality assurance program is to evaluate the operations of the IAA. The CAE is responsible to implementing
processes designed to provide reasonable assurance to the various stakeholders that that the IAA: Performs in accordance with
the IAA charter, which is consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards. Operates in an
effective and efficient manner. Is perceived by those stakeholders as adding value and improving the organization's operations.
These processes include appropriate supervision, periodic internal assessments and ongoing monitoring of quality assurance, and
periodic external assessments (PA 1300-1.2).

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Proper training is an important component in maintaining current staff, but it does not provide feedback.
Explanation for Choice B:
Proper training is an important component of maintaining current staff, but it does not provide feedback.
Explanation for Choice D:
Proper training is an important component of maintaining current staff, but does not provide feedback.

519
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 5
Periodic external assessments of an internal audit activity's quality assurance
and improvement program (QAIP) should be undertaken. On completion of
such an assessment, a formal report or other communication should be issued
expressing an opinion as to the

A. Adequacy of internal control.

B. Internal audit activity's compliance with the Standards.
C. Effectiveness of the internal audit coverage.
D. Conformance with the internal audit activity's charter.

522
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 5
CORRECT ANSWER IS B . Its Explanation is

External assessments of the IAA should be performed to appraise and express an opinion
on the IAA's compliance with the Standards and, as appropriate, should include
recommendations for improvement. The CAE must communicate the results of the
assessment to senior management and the board.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
An external or internal assessment assesses the overall effectiveness of the quality program, not the
adequacy of the organization's controls.
Explanation for Choice C:
The scope of an external assessment embraces more than the effectiveness of the internal audit coverage.
Explanation for Choice D:
An opinion should be expressed on compliance with the Standards.
523
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 7
Ordinarily, those conducting internal quality program assessments should
report to

A. The chief audit executive.

B. The internal auditing staff.
C. Senior management.
D. The board.

526
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 7
CORRECT ANSWER IS A . Its Explanation is
The CAE establishes a structure for reporting results of internal assessments that maintains
appropriate creditability and objectivity. Generally, those assigned responsibility for conducting
ongoing and periodic reviews, report to the CAE while performing the reviews and communicates
results directly to the CAE (PA 1311-1)

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
The CAE should share the results of internal assessment and necessary action plans with appropriate persons outside the activity,
such as senior management, the board, and external auditors.
Explanation for Choice C:
The CAE should share the results of internal assessment and necessary action plans with appropriate persons outside the activity,
such as senior management, the board, and external auditors.
Explanation for Choice D:
The CAE should share the results of internal assessment and necessary action plans with appropriate persons outside the activity,
such as senior management, the board, and external auditors. 527
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 9
Of the following statements, which are true concerning the reporting of the internal audit activity's
(IAA) quality assurance and improvement program (QAIP).
I. The QAIP report should evaluate compliance with the Definition of Internal Auditing, the Code of
Ethics and the Standards.
II. The QAIP report should address compliance with the internal audit activity's charter.
III. The QAIP report should include contribution to the organization's governance, risk management and
control processes.
IV. The QAIP report should be addressed to all members of the internal audit activity.

A. I, III and IV only.

B. All of the above are true.
C. I and II only.
D. I, II and III only.

530
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 9
CORRECT ANSWER IS D . Its Explanation is
All three items are correct. The IAA's QAIP report should evaluate: Compliance with the Definition of Internal Auditing,
the Code of Ethics and the Standards. Adequacy of the IAA's charter, goals, objectives, policies, and procedures.
Contribution to the organization's governance, risk management and control processes. Compliance with applicable
laws, regulations, and other governmental or industry standards. Effectiveness of continuous improvement activities
and adoption of best practices. The extent to which the IAA adds value and improves the organization's operations.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Items I and III are true concerning the IAA's quality program. However, item IV is not true. The QAIP report should be addressed to those
requesting the assessment, which is normally senior management and the board.
Explanation for Choice B:
Items I, II and III are true. However, item IV is not true. The QAIP report should be addressed to the people who requested the assessment,
which are normally senior management and the board.
Explanation for Choice C:
Items I and II are true. In addition, the report should include how the internal audit activity contributed to the organization's governance,
risk management and control processes.

531
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 11
Why should a chief audit executive recommend that the results of an
external quality assessment be shared with the board?

A. To increase communications between the IAA and the audit committee.

B. To provide accountability and transparency for the IAA's operations.
C. To emphasize the importance of the IAA's charter.
D. To motivate staff in the internal audit activity (IAA) to accept the need
for external assessment.

534
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 11
CORRECT ANSWER IS B . Its Explanation is

By sharing the results of an external quality assessment be shared with the board the CAE
is showing the accountability of the IAA to the board and being transparent about the
results and effectiveness of the IAA as a whole.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Increasing communication between the IAA and the audit committee is not a reason to share the results of an
external quality assessment be shared with the board?
Explanation for Choice C:
Sharing the results of the external quality assessment will not emphasize the importance of the IAA's charter.
Explanation for Choice D:
Sharing the results of the external quality assessment will not motivate staff to accept the need for external
assessment. 535
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 101
Internal assessments of the internal audit activity consist of all of the following except

A. Evaluation of the establishment and achievement of key performance indicators.

B. An independent assessment team identifies areas for improvement.
C. Evaluation of the quality and supervision of the audit work performed.
D. Evaluation of conformance with the mandatory elements of the IPPF.

717
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 101
CORRECT ANSWER IS B . Its Explanation is
According to Implementation Guide 1310, “Internal assessments consist of ongoing monitoring and periodic
self-assessments . . . , which evaluate the internal audit activity’s conformance with the mandatory elements
of the IPPF, the quality and supervision of audit work performed, the adequacy of internal audit policies and
procedures, the value the internal audit activity adds to the organization, and the establishment and
achievement of key performance indicators.” External assessments provide an opportunity for an
independent assessment team to identify areas for improvement for the internal audit activity.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Internal assessments by the internal audit activity consist of ongoing monitoring and periodic self assessments that
evaluate the establishment and achievement of key performance indicators.
Explanation for Choice C:
Internal assessments by the internal audit activity consist of ongoing monitoring and periodic self assessments that
evaluate the internal audit activity’s quality and supervision of the audit work performed.
Explanation for Choice D:
Internal assessments by the internal audit activity consist of ongoing monitoring and periodic self assessments that
evaluate the internal audit activity’s conformance with the mandatory elements of the IPPF. 718
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 103
Which of the following is an example of the "Act” step in the Deming Cycle?

A. Undertaking improvement initiatives and documenting lessons learned.

B. Assessing and reviewing product or process quality.
C. Developing activities to define quality and build staff awareness of standards and
expectations.
D. Formally documenting standards and expected practices.

721
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 103
CORRECT ANSWER IS A . Its Explanation is
The Deming Cycle is a continuous improvement model that can be used to establish a quality assurance and
improvement program. The Deming Cycle consists of four steps: Plan, Do, Check, and Act. “Act” provides
feedback by identifying and implementing improvements to the process. Undertaking improvement
initiatives and documenting lessons learned is an example of the “Act” step in the Deming Cycle.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
The “Check” step compares actual results with expected results and analyzes the difference. Various forms of assessment and
review to measure product or process quality is an example of the “Check” step in the Deming Cycle.
Explanation for Choice C:
The “Do” step of the Deming Cycle executes the process and collects data for further analysis in the following steps. Developing
activities to define quality and build staff awareness of standards and expectations is an example of the “Do” step.
Explanation for Choice D:
The “Plan” step establishes standards and expectations for operating a process to meet goals. Formal documentation of standards
and expected practices is an example of the “Plan” step in the Deming Cycle.
722
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 105
What are the four key steps of the Deming Cycle?

A. Perform, Design, Act, and Review.

B. Examine, Act, Check, and Verify.
C. Plan, Do, Check, and Act.
D. Perform, Diagnose, Calculate, and Act.

725
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 105
CORRECT ANSWER IS C . Its Explanation is
Plan, Do, Check, and Act are the four key steps of the Deming Cycle that operate in an interactive manner. The
Deming Cycle can be used to establish an organization’s quality assurance and improvement program (QAIP)
in a planned and methodological manner. The steps are (1) Plan, establish standards and expectations for
operating a process to meet goals; (2) Do, execute the process and collect data for further analysis in the
latter steps; (3) Check, compare actual results with expected results and analyze the difference; and (4) Act,
provide feedback by identifying and implementing improvements to the process.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Perform, Design, Act, and Review are not the four key steps of the Deming Cycle.
Explanation for Choice B:
Examine, Act, Check, and Verify are not the four key steps of the Deming Cycle.
Explanation for Choice D:
Perform, Diagnose, Calculate, and Act are not the four key steps of the Deming Cycle.
726
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 107
The internal audit activity’s quality assurance and improvement program is the
responsibility of

A. External auditors.
B. The board.
C. The chief audit executive.
D. The audit committee.

729
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 107
CORRECT ANSWER IS C . Its Explanation is
The chief audit executive must develop and maintain a quality assurance and improvement
program that covers all aspects of the internal audit activity.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
External auditors may perform an external assessment, but the CAE is responsible for it.
Explanation for Choice B:
The CAE may report results to the board, but the program is the CAE’s responsibility.
Explanation for Choice D:
The CAE may report results to the audit committee, but the program is the CAE’s responsibility.
730
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 109
According to The IIA’s International Professional Practices Framework, when may a
self-assessment be performed in lieu of a full external assessment?

A. When the internal audit activity has conducted an external assessment within the
past two years.
B. A self-assessment may not be performed in lieu of a full external assessment of the
internal audit activity’s conformance with the Standards.
C. When ongoing monitoring of the internal audit activity has not identified any
weaknesses or areas in need of improvement.
D. When the self-assessment has been validated by a qualified, independent,
competent, and professional external assessor.
733
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 109
CORRECT ANSWER IS D . Its Explanation is
Implementation Guide 1310 states, “External assessments provide an opportunity for an independent assessor or
assessment team to conclude as to the internal audit activity’s conformance with the Standards and whether internal
auditors apply the Code of Ethics and to identify areas for improvement. The CAE is responsible for ensuring that the
internal audit activity conducts an external assessment at least once every five years. A self-assessment may be performed
in lieu of a full external assessment, provided it is validated by a qualified, independent, competent, and professional
external assessor.”

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Completion of an external assessment within the past two years is not a criterion for performance of a self-assessment.
Explanation for Choice B:
A self-assessment may be performed in lieu of a full external assessment when certain criteria are met.
Explanation for Choice C:
Ongoing monitoring is an internal assessment and is achieved primarily through continuous activities such as engagement planning and
supervision, standardized work practices, work paper procedures and signoffs, report reviews, as well as identification of any weaknesses
or areas in need of improvement and action plans to address them (Implementation Guide 1310). External assessments are still required
even if the internal audit activity has not identified any weaknesses or areas in need of improvement.
734
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 111
As a part of a quality program, internal assessment teams most likely will
examine which of the following to evaluate the quality of engagement planning
and documentation for individual engagements?

A. The long-range engagement work schedule.

B. Project assignment documentation.
C. Measures of project budgets and audit plan completion.
D. Weekly status reports.

737
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 111
CORRECT ANSWER IS C . Its Explanation is
Internal assessments must include ongoing monitoring of the performance of the internal audit activity
and periodic self-assessments or assessments by other persons within the organization with sufficient
knowledge of internal auditing practices (Attr. Std. 1311). The processes and tools used in ongoing
internal assessments include, among other things, measures of project budgets, timekeeping systems,
and audit plan completion. These may help to determine whether the appropriate amount of time was
spent on all parts of the engagement (IG 1311).
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
The long-range engagement work schedule does not relate to planning and documentation for individual engagements.
Explanation for Choice B:
Project assignment documentation contains less relevant information for assessment purposes than work programs.
Explanation for Choice D:
Status reports do not bear directly on planning.

738
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 113
Quality program assessments may be performed internally or externally. A
distinguishing feature of an external assessment is its objective to

A. Determine whether internal audit services meet professional standards.

B. Set forth the recommendations for improvement.
C. Provide independent assurance.
D. Identify tasks that can be performed better.

741
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 113
CORRECT ANSWER IS C . Its Explanation is
External assessments must be conducted at least once every 5 years by a qualified, independent
reviewer or review team from outside the organization. Individuals who perform the external
assessment are free of any obligation to, or interest in, the organization whose internal audit activity is
assessed.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
An internal assessment will determine whether internal audit services meet professional standards.
Explanation for Choice B:
An internal assessment will set forth recommendations for improvement.
Explanation for Choice D:
An internal assessment will identify tasks that can be performed better.
742
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 115
An external assessment of an internal audit activity contains an expressed opinion.
The opinion may apply to

A. Only to the effectiveness of the internal auditing coverage.

B. Only to the internal audit activity’s conformance with the Standards.
C. Only to the adequacy of internal control.
D. Conformance with the Standards and an assessment for each standard.

745
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 115
CORRECT ANSWER IS D . Its Explanation is
External assessments of an internal audit activity contain an expressed opinion or conclusion on overall
conformance with the Standards and possibly an assessment for each standard or series of standards.
An external assessment also includes, as appropriate, recommendations (corrective action plans) for
improvement.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The scope of an external assessment extends to more than the effectiveness of the internal auditing coverage.
Explanation for Choice B:
An opinion may be expressed on the Standards and an assessment may be made for each standard or series of
standards.
Explanation for Choice C:
An external assessment addresses the internal audit activity, not the adequacy of the organization’s controls.
746
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 117
The interpretation related to quality assurance given by the Standards is that

A. External assessments can provide senior management and the board with
independent assurance about the quality of the internal audit activity.
B. Appropriate follow-up to an external assessment is the responsibility of the chief
audit executive’s immediate supervisor.
C. Supervision is limited to the planning, examination, evaluation, communication,
and follow-up process.
D. The internal audit activity is primarily measured against The IIA’s Code of Ethics.

749
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 117
CORRECT ANSWER IS A . Its Explanation is

External assessments provide an independent and objective evaluation of the

internal audit activity’s compliance with the Standards and Code of Ethics.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
The communication of final results of an external assessment should include the CAE’s responses. These include
corrective action plans.
Explanation for Choice C:
Supervision begins with planning and continues throughout the engagement.
Explanation for Choice D:
The external assessment considers the internal audit activity’s conformance with the Standards and the Code of
Ethics. 750
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 119
Following an external assessment of the internal audit activity, who is (are)
responsible for communicating the results to the board?

A. Chief audit executive.

B. Audit committee.
C. External auditors.
D. Internal auditors.

753
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 119
CORRECT ANSWER IS A . Its Explanation is

The chief audit executive must communicate the results of the QAIP to senior
management and the board

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
The chief audit executive (not the audit committee) is responsible for communicating the results of external
assessments to the board.
Explanation for Choice C:
The chief audit executive (not external auditors) is responsible for communicating the results of external
assessments to the board.
Explanation for Choice D:
The chief audit executive (not internal auditors) is responsible for communicating the results of external
assessments to the board. 754
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 121
Internal auditors may include in their audit report that their activities conform with
The IIA Standards.
They may use this statement only if

A. An independent external assessment of the internal audit activity is conducted

annually.
B. Senior management or the board is accountable for implementing a quality
program.
C. External assessments of the internal audit activity are made by external auditors.
D. It is supported by the results of the quality program.

757
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 121
CORRECT ANSWER IS D . Its Explanation is
The chief audit executive may state that the internal audit activity conforms with the International
Standards for the Professional Practice of Internal Auditing only if the results of the quality assurance
and improvement program support this statement.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
An independent external assessment of the internal audit activity must be conducted at least once
every 5 years.
Explanation for Choice B:
The CAE must develop and maintain a QAIP that covers all aspects of the internal audit activity.
Explanation for Choice C:
Assessments also may be made by others who are (1) independent, (2) qualified, and (3) from outside -
the organization.
758
Section D – Quality Assurance and Improvement Program
MULTIPLE CHOICE QUESTION NO. 123
Which of the following would demonstrate that the internal audit activity is in
compliance with IIA practices?

A. The results of periodic internal assessments are communicated at least twice a year.
B. The results of external assessments are communicated upon their completion.
C. The chief audit executive determines the form and content of the results
communicated.
D. The results of ongoing monitoring are communicated upon their completion.

761
Section D – Quality Assurance and Improvement Program
ANSWER TO QUESTION NO. 123
CORRECT ANSWER IS B . Its Explanation is
“To demonstrate conformance with the Definition of Internal Auditing and the Standards, and
application of the Code of Ethics, the results of external and periodic internal assessments are
communicated upon completion of such assessments and the results of ongoing monitoring are
communicated at least annually. The results include the assessor’s or assessment team’s evaluation
with respect to the degree of conformance”.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
The results of periodic internal assessments are communicated upon their completion.
Explanation for Choice C:
The form, content, and frequency of communicating the results of the quality assurance and improvement program is
established through discussions with senior management and the board and considers the responsibilities of the internal
audit activity and chief audit executive as contained in the internal audit charter.
Explanation for Choice D:
The results of ongoing monitoring are communicated at least annually.
762
763
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 1
A payroll computer system automatically initiated scheduled pay raises for some
employees who failed to meet required performance levels. To prevent this
situation in the future

A. Scheduled pay raises should be initiated by the payroll department

B. The payroll register should be compared to the employee master file.
C. Scheduled pay raises should be delayed pending explicit approval by appropriate
supervisors
D. The payroll master file should be compared to the employee master file.

764
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 1
CORRECT ANSWER IS C . Its Explanation is

After initiation by the personnel department, the functional department should have
approval authority.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The personnel department should initiate scheduled pay raises.
Explanation for Choice B:
This procedure would not prevent or even detect the problem.
Explanation for Choice D:
This procedure would not prevent or even detect the problem.
765
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 3
An organization manufactures mirror frames. Scrap is adequately accounted for
at the point of generation. The scrap is sorted and sold frequently to the
organization's regular buyer at a price negotiated between the scrap manager
and buyer. An exposure caused by these procedures is that

A. The collection of amounts receivable from the scrap buyer is questionable.

B. The production of scrap indicates inefficiencies in production.
C. The price received for scrap may be inadequate.
D. Excessive scrap has been generated.

768
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 3
CORRECT ANSWER IS C . Its Explanation is

There are various problems that arise from this situation. For example, there may be
collusion between the scrap manager and buyer to establish an inadequate price, or the
scrap manager may not be an expert negotiator, or some other factors that lead to an
inadequate price.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
There is nothing that indicates that the scrap buyer is unreliable.
Explanation for Choice B:
There is nothing that indicates that the production process in inefficient.
Explanation for Choice D:
There is nothing that indicates that the production process is inefficient.
769
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 5
What is the appropriate source of information for determining if all goods
shipped are billed to the customer?

A. Accounts receivable files.

B. Pre-numbered customer invoices.
C. Customer purchase orders.
D. Pre-numbered shipping documents.

772
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 5
CORRECT ANSWER IS D . Its Explanation is

This will allow matching all recorded shipments to related billings.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Accounts receivable are established by billings.
Explanation for Choice B:
Invoices constitute bills; therefore, this is the wrong direction for a test to accomplish this objective.
Explanation for Choice C:
Cash receipts from customers may be traceable to shipments, but this is the wrong direction for a test
to accomplish this audit objective.
773
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 7
Which of the following is not a component of the enterprise risk
management framework as defined by COSO in its 2017 publication,
Enterprise Risk Management: Integrating with Strategy and Performance?

A. Review and revision.

B. The control environment.
C. Governance and culture.
D. Information, communication, and reporting.

776
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 7
CORRECT ANSWER IS B . Its Explanation is
The control environment is not a component of the enterprise risk management framework as it is
defined by the 2017 COSO document, Internal Control: Integrating with Strategy and Performance. The
control environment is a component of the internal control framework as defined by COSO in the
document Internal Control – Integrated Framework.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Review and revision is a component of the enterprise risk management framework as defined by COSO in its 2017 publication, Internal Control: Integrating with Strategy and Performance.
Management needs to continually assess changes that may affect its strategy and achievement of its business objectives, review the organization’s performance and risks, and strive to
improve its enterprise risk management.
Explanation for Choice C:
Governance and culture is a component of the enterprise risk management framework as defined by COSO in its 2017 publication, Enterprise Risk Management: Integrating with Strategy
and Performance. Governance sets the organization’s tone and establishes the oversight responsibilities for enterprise risk management. Culture encompasses the ethical values, desired
behaviors, and understanding of risk in the organization.
Explanation for Choice D:
Information, communication, and reporting is a component of the enterprise risk management framework as defined by the 2017 COSO publication. The organization should make use of its
information and technology systems, and information from both internal and external sources should continually be obtained and shared. Reporting on risk, culture, and performance should
take place at multiple levels and across the organization. The communications should flow up, down, and across the organization as necessary to support enterprise risk management.

777
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 9
An employee should not be able to visit the organization's safety deposit box containing
investment securities without being accompanied by another employee. What would be a
possible consequence of an employee's being able to visit the safety deposit box
unaccompanied?

A. It would be impossible to obtain a fidelity bond on the employee.

B. The employee could pledge organizational investments as security for a short-term
personal bank loan.
C. There would be no record of when organizational personnel visited the safety deposit
box.
D. The employee could steal securities and the theft would never be discovered.

780
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 9
CORRECT ANSWER IS B . Its Explanation is

If an employee were able to visit the organizations safety deposit box containing
investment securities then it would be possible for this employee to use the securities as
collateral for a short term personal bank loan.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Obtaining a fidelity bond on the employee would depend on the character of the employee, not
having to do with control of the safety deposit box.
Explanation for Choice C:
The bank would have records of when organizational personnel visited the safety deposit box.
Explanation for Choice D:
The theft of security investments would eventually be uncovered. 781
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 11
Which of the following activities performed by a payroll clerk is a control
weakness rather than a control strength?

A. Has custody of the check signature stamp machine.

B. Draws the paychecks on a separate payroll checking account.
C. Forwards the payroll register to the chief accountant for approval.
D. Prepares the payroll register.

784
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 201
Which of the following are characteristics of a company’s Enterprise Risk Management (ERM)
framework?
I.ERM considers risks individually, not as a portfolio of events.
II.ERM is a process for developing a more bottom-up view of the key risks facing the
organization.
III.ERM attempts to get organizations to coordinate their risk identification, assessment, and
management processes.
IV.ERM attempts to embed risk awareness within the organization.

A.III and IV only

B.I and IV only
C.I and II only
D.II and III only
1165
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 201
CORRECT ANSWER IS A . Its Explanation is

ERM is about getting organizations to embed a risk awareness within the organization so
that employees better understand risks and their responsibility towards managing risks.
ERM also attempts to get organizations to coordinate their risk identification, assessment,
and management processes.
INCORRECT CHOICES EXPLANATION
Explanation for Choice B:
See the correct answer for an explanation.
Explanation for Choice C:
See the correct answer for an explanation.
Explanation for Choice D:
See the correct answer for an explanation 1166
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 203
When conducting risk assessment in engagement planning and management has
already created an assessment of risk as part of an enterprise risk management
(ERM) framework, internal auditors should do which of the following related to this
management assessment?

A. Adopt it without reservations to avoid duplication of effort.

B. Assess its reliability prior to adopting it.
C. Avoid using it because adopting it would hinder independence and objectivity.
D. Avoid using it because its objectives differ significantly from that of an audit risk
assessment.

1169
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 203
CORRECT ANSWER IS B . Its Explanation is

Practice Advisory 2210.A1-1, Risk Assessment in Engagement Planning, states that,

“Internal auditors consider management’s assessment of risks relevant to the activity
under review. The internal auditor also considers the reliability of management’s
assessment of risk…”
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
See the correct answer for an explanation.
Explanation for Choice C:
See the correct answer for an explanation.
Explanation for Choice D:
See the correct answer for an explanation.
1170
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 205
An internal auditor is conducting an evaluation of significant risks that could keep the
organization from achieving its objectives. Which of the following are potential techniques
used by the internal auditor to identify significant risks?
I. The internal auditor compiles a listing of the most common risks facing the company.
II. The internal auditor consults with an outside expert to get an opinion on the marketability
of a new product.
III. The internal auditor conducts interviews and surveys management on potential risks.
IV. The internal auditor puts on a workshop for key managers on identifying risks.

A.I and II only

B.I, II and III only
C.I, II, III and IV
D.II, III and IV only
1173
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 205
CORRECT ANSWER IS C . Its Explanation is

All of the items listed are potential ways that the internal auditor could identify
significant risks.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
See the correct answer for an explanation.
Explanation for Choice B:
See the correct answer for an explanation.
Explanation for Choice D:
See the correct answer for an explanation. 1174
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 207
Which of the following best describes the internal audit activity's role in supporting
the board in enterprise-wide risk assessment?

A. Oversee risk management processes to determine whether they are adequate

and effective.
B. Examine, evaluate, report on, and recommend improvements on the adequacy
and effectiveness of risk processes.
C. Implement risk management methodologies and controls to address risks
identified.
D. Ensure that sound risk management processes are in place and functioning.

1177
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 207
CORRECT ANSWER IS B . Its Explanation is

These are activities that the IAA should perform to support the board in ERM.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
It is not the role of the IAA to oversee the risk management process. That is a responsibility of management.
Explanation for Choice C:
It is not the role of the IAA to implement the risk management methodologies.
Explanation for Choice D:
This is part of the what the IAA may do in supporting the board in ERM, but this is not the best description of
what the IAA should do.
1178
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 209
An internal auditor conducted an audit of the credit-lending process. During the audit,
the internal auditor found that there was a lack of segregation of duties within the
credit-lending process. The internal auditor discovered that sales personnel have, on
occasion, extended credit to customers without proper authorization.
Evaluating and assessing the credit-lending process would include all of the following
except:

A. Determining whether the cost of segregating the functions is more than the
benefits.
B. Understanding the impact that the control deficiency has on bad debts.
C. Understanding the level of residual risk, even if functions are segregated.
D. Requiring proper authorization for all credit sales.
1181
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 209
CORRECT ANSWER IS D . Its Explanation is
Requiring proper authorization for all credit sales is a recommendation. Before recommending, the
internal auditor should assess the impact of the risk on bad debts, determine the cost of
segregating the functions, and assess the residual risk, even if functions are segregated. Only then
would the internal auditor decide how to respond to the risk.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
See the correct answer for an explanation.
Explanation for Choice B:
See the correct answer for an explanation.
Explanation for Choice C:
See the correct answer for an explanation.
1182
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 211
As part of a manufacturing company’s environmental, health, and safety (EHS) self-inspection program,
inspections are conducted by a member of the EHS staff and the operational manager for a given work
area or building. If a deficiency cannot be immediately corrected, the EHS staff member enters it into a
tracking database that is accessible to all departments via a local area network. The EHS manager uses
the database to provide senior management with quarterly activity reports regarding corrective action.
During review of the self-inspection program, an auditor notes that the operational manager enters the
closure information and affirms that corrective action is complete. What change in the control system
would compensate for this potential conflict of interest?

A. After closure is entered into the system, review by the EHS staff member of the original inspection
team should be required to verify closure.
B. No additional control is needed because the quarterly report is reviewed by senior management,
providing adequate oversight in this situation.
C. The EHS department secretary should be responsible for entering all information into the tracking
system based on memos from the operational manager.
D. No additional control is needed because those implementing a corrective action are in the best
position to evaluate the adequacy and completion of that action.
1185
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 211
CORRECT ANSWER IS A . Its Explanation is

If there is a step in the process at which someone independent of the area being
inspected can evaluate the adequacy and completeness of corrective action, the potential
for closure fraud is minimized.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
Although senior management can use the report to question why certain corrective actions may be behind schedule, they have no way of
knowing whether the corrective actions shown as complete were actually completed.
Explanation for Choice C:
There is nothing inappropriate about the environmental, health, and safety staff entering the initial inspection results. Having the secretary
enter closure data does not improve controls because there is still no independent review. It is also less efficient and timely than having
the data entered directly in the field.
Explanation for Choice D:
While the operational managers may in fact be the most knowledgeable about the corrective action, independent verification is
preferable.

1186
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 213
According to the Committee of Sponsoring Organizations of the Treadway
Commission’s (COSO’s) enterprise risk management (ERM)model, the governance
and culture of the company is the basis for all other components of ERM. All of the
following are elements of an organization’s governance and culture except:

A. Having predominantly independent directors on the board.

B. Setting organizational objectives.
C. Establishing risk appetite.
D. Assigning authority and responsibility.

1189
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 213
CORRECT ANSWER IS B . Its Explanation is

Objective setting is one of the components of the five interrelated components of the
COSO ERM Model. The other components include:1) Governance and culture, 2)
Performance, 3) Review and Revision, and 4) Information, Communication, and
Reporting.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
This is part of the governance and culture of the company.
Explanation for Choice C:
This is part of the governance and culture of the company.
Explanation for Choice D:
This is part of the governance and culture of the company. 1190
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 215
The marketing department for a major retailer assigns separate product managers for each product line. Product
managers are responsible for ordering products and determining retail pricing. Each product manager’s purchasing
budget is set by the marketing manager. Products are delivered to a central distribution center where goods are
segregated for distribution to the company’s 52department stores. Because receipts are recorded at the
distribution center, the company does not maintain a receiving function at each store. Product managers are
evaluated on a combination of sales and gross profit generated from their product lines. Many products are
seasonal and individual store managers can require that seasonal products be removed to make space for the next
season’s products. Requests for purchases beyond those initially budgeted must be approved by the marketing
manager. This procedure:
I. Should provide for the most efficient allocation of scarce organizational resources.
II. Is a detective control procedure.
III. Is unnecessary because each product manager is evaluated on profit generated.

A. II and III only.

B. I, II, and III.
C. I only.
D. III only.
1193
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 215
CORRECT ANSWER IS C . Its Explanation is
I. Correct. The organization has two scarce resources to allocate (a) its purchasing budget (constrained by financing ability)
and (b)space available in retail stores. Thus, there is a need for a mechanism to allocate these two scarce resources to
maximize the overall return to the organization. This is the proper mechanism.
II. Incorrect. This is a preventive control, not a detective control.
III. Incorrect. The gross profit evaluation is effective in evaluating the manager but does not address the two major
constraints identified in statement I.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
See the correct answer for an explanation.
Explanation for Choice B:
See the correct answer for an explanation.
Explanation for Choice D:
See the correct answer for an explanation.

1194
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 217
All of the following would be part of a factory’s control system to prevent release of
wastewater that does not meet discharge standards except:

A. Specifying (by policy, training, and advisory signs) which substances may be
disposed of via sinks and floor drains within the factory.
B. Periodically flushing sinks and floor drains with a large volume of clean water to
ensure pollutants are sufficiently diluted.
C. Performing chemical analysis of the water before discharge for components
specified in the permit.
D. Establishing a preventive maintenance program for the factory’s pretreatment
system.
1197
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 217
CORRECT ANSWER IS B . Its Explanation is

Periodic dilution may not always prevent the release of pollutants that exceed the
discharge limits.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
Each of these individual controls, and probably others as well, help management achieve its objective of preventing the release of wastewater that does not
meet permit limits or other conditions. These three controls each approach the risk in different ways. Analytical results are the criteria for the decision to
discharge; keeping pollutants out of the wastewater will help reduce concentrations and the degree of pretreatment needed; and equipment breakdown is less
likely to occur if a preventive maintenance program is in place.
Explanation for Choice C:
Each of these individual controls, and probably others as well, help management achieve its objective of preventing the release of wastewater that does not
meet permit limits or other conditions. These three controls each approach the risk indifferent ways. Analytical results are the criteria for the decision to
discharge; keeping pollutants out of the wastewater will help reduce concentrations and the degree of pretreatment needed; and equipment breakdown is less
likely to occur if a preventive maintenance program is in place.
Explanation for Choice D:
Each of these individual controls, and probably others as well, help management achieve its objective of preventing the release of wastewater that does not
meet permit limits or other conditions. These three controls each approach the risk indifferent ways. Analytical results are the criteria for the decision to
discharge; keeping pollutants out of the wastewater will help reduce concentrations and the degree of pretreatment needed; and equipment breakdown is less
likely to occur if a preventive maintenance program is in place. 1198
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 219
An internal auditor found that employee time cards in one department are not
properly approved by the supervisor. Which of the following could result?

A. The wrong hourly rate could be used to calculate gross pay.

B. Duplicate paychecks might be issued.
C. Payroll checks might not be distributed to the appropriate payees.
D. Employees might be paid for hours they did not work.

1201
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 219
CORRECT ANSWER IS D . Its Explanation is

The approval of the supervisor on time cards of employees supervised should

prevent employees being paid for hours they did not work.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The wrong hourly rate would not be used to calculate gross pay as a result of the supervisor failing to approve
employee time cards.
Explanation for Choice B:
Duplicate paychecks would not be issued as a result of the supervisor failing to approve employee time cards.
Explanation for Choice C:
Payroll checks would not be distributed to the wrong employees as a result of the supervisor failing to approve
employee timecards.

1202
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 221
The marketing department for a major retailer assigns separate product managers for each product line.
Product managers are responsible for ordering products and determining retail pricing. Each product
manager’s purchasing budget is set by the marketing manager. Products are delivered to a central
distribution center where goods are segregated for distribution to the company’s 52department stores.
Because receipts are recorded at the distribution center, the company does not maintain a receiving
function at each store. Product managers are evaluated on a combination of sales and gross profit
generated from their product lines. Many products are seasonal and individual store managers can
require that seasonal products be removed to make space for the next season’s products. Which of the
following is a control deficiency in this situation?

A. The product manager negotiates the purchase price and sets the selling price.
B. Evaluating product managers by total gross profit generated by product line will lead to dysfunctional
behavior.
C. The store manager can require items to be removed, thus affecting the potential performance
evaluation of individual product managers.
D. There is no receiving function located at individual stores.

1205
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 221
CORRECT ANSWER IS D . Its Explanation is
There is the possibility that goods could be diverted from the distribution center and not
delivered to the appropriate retail store.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The product manager is evaluated based on sales and gross profit; thus, there is no conflict with performing both of
these duties.
Explanation for Choice B:
Evaluating the product managers on gross profit and budgeted sales attaches responsibility to the manager.
Explanation for Choice C:
Goods are seasonal and store space is limited. This is a constraint that is consistent with maximizing revenue and
profitability for the organization.

1206
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 223
The Three Lines Model provides an effective way to enhance communications
on risk management and control by clarifying essential roles and duties.
According to this model, which of the following would be considered to be in a
first line role?

A. Risk management function.

B. Internal audit activity.
C. Senior management.
D. Operating management.

1209
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 223
CORRECT ANSWER IS D . Its Explanation is

According to the Three Lines Model, operational management is in the first line
roles. The first line roles are related to the provision of products and services and
managing risk.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The risk management and compliance functions operate in the second line roles. The responsibility of this line is to
provide expertise, support, monitoring and challenge on risk-related matters.
Explanation for Choice B:
The internal audit activity is in the third line roles of providing comprehensive assurance to the governing body and
senior management based on the highest level of independence and objectivity within the organization.
Explanation for Choice C:
Senior management would usually be part of the governing body.

1210
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 225
Which of the following goals sets risk management strategies at the optimum
level?

A. Minimize losses.
B. Minimize costs.
C. Maximize shareholder value.
D. Maximize market share.

1213
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 225
CORRECT ANSWER IS C . Its Explanation is

This is a comprehensive approach and will relate to risk management strategies

across the enterprise.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
This is not a comprehensive approach to risk management.
Explanation for Choice B:
This is not a comprehensive approach to risk management.
Explanation for Choice D:
This is not a comprehensive approach to risk management.
1214
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 227
Which of the following are examples of financial risks?
I. The risk that a company’s database will be hacked.
II. The risk of default due to increases in the level of a company’s debt.
III. The risk that the value of a company’s investment will decrease due to moves in
market factors.
IV. The risk that the reputation of the company will be damaged by selling products
considered unsafe to the public.

A.I and IV only

B.II only
C.II, III and IV only
D.II and III only
1217
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 227
CORRECT ANSWER IS D . Its Explanation is
Financial risks are connected to the financial health of the company. Examples include volatility of
foreign currencies, volatility of interest rates, volatility of commodity prices, credit risk, liquidity
risk, and market risk. Item (II) is a financial risk because the more debt a company takes on, the
greater the risk of default. Item (III) is a financial risk because the value of the company’s
investment decreased due to movements in the market.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
See the correct answer for an explanation.
Explanation for Choice B:
See the correct answer for an explanation.
Explanation for Choice C:
See the correct answer for an explanation.
1218
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 229
It is not uncommon for organizations to develop a formal risk appetite statement.
Which of the following would not be included in the statement?

A. Management compensation packages are regularly reviewed by the board’s

remuneration committee before being approved by the board.
B. The company will use derivative instruments only for hedging purposes.
C. The company will not give additional trade credit to creditors whose accounts
are more than 40 days past due.
D. The company may not keep more than 20% of its cash in a single bank.

1221
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 229
CORRECT ANSWER IS A . Its Explanation is

Formalizing risk appetite means putting it in writing so that there is little confusion
about the board and management’s attitude toward risk. Determining the level of
management remuneration is a function of the company’s remuneration
committee.
INCORRECT CHOICES EXPLANATION
Explanation for Choice B:
See the correct answer for an explanation.
Explanation for Choice C:
See the correct answer for an explanation.
Explanation for Choice D:
See the correct answer for an explanation. 1222
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 231
Many organizations use electronic funds transfer to pay their suppliers instead
of issuing checks. Regarding the risks associated with issuing checks, which of
the following risk management techniques does this represent?

A. Transferring.
B. Controlling.
C. Accepting.
D. Avoiding.

1225
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 231
CORRECT ANSWER IS D . Its Explanation is

By eliminating checks, the organization avoids all risk associated with them.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Risk is not transferred to anyone else; it is eliminated.
Explanation for Choice B:
Eliminating checks does not represent an ongoing control.
Explanation for Choice C:
Eliminating checks avoids instead of accepts the associated risk.
1226
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 233
Which of the following enterprise risk management (ERM) components
influences the risk consciousness of an organization's people and is the basis for
all other ERM components?

A. Governance and culture.

B. Information and communication.
C. Performance.
D. Objective setting.

1229
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 233
CORRECT ANSWER IS A . Its Explanation is

The governance and culture of the organization is what sets the organization's
tone in respect to risk management.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
Information and communication is not the component of ERM that influences the risk consciousness of the
organization.
Explanation for Choice C:
Performance is not the component of ERM that influences the risk consciousness of the organization.
Explanation for Choice D:
Objective setting is not the component of ERM that influences the risk consciousness of the organization.
1230
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 235
Which of the following would be a preventive control?

A. Comparing a bank deposit slip with the total cash received as noted on a
prelisting sheet prepared in the mail room.
B. Approving customer credit prior to shipping merchandise.
C. Reviewing the sequence of pre-numbered documents.
D. Scanning the general ledger for accounts with unusually high or low
balances.

1233
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 235
CORRECT ANSWER IS B . Its Explanation is

Approving a customer before shipping merchandise is a preventive control as it

should prevent shipping merchandise to customers who will not be able to pay.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Comparing a bank deposit slip with the total cash received as noted on a prelisting sheet prepared in the mail room
is not a preventive control.
Explanation for Choice C:
Reviewing the sequence of pre-numbered is not a preventive control.
Explanation for Choice D:
Scanning the general ledger for accounts with unusually high or low balances is detective control, not a preventive
control.

1234
Section E – Governance, Risk Management and Controls
MULTIPLE CHOICE QUESTION NO. 237
Several years ago a senior member in the accounting area developed a software
application that automates a simple, yet time-saving task. Over time, the application
has been adopted by other users in accounting, and these other users have
encouraged the original author to maintain the application, adapting it as needed
when new systems are introduced. Which of the following controls for this situation
would be most effective and efficient?

A. Recommend policy changes that freeze further adoption and work on the software.
B. Recommend that the application be replaced by a commercially developed product.
C. Analyze the application to ensure that it is, in fact, the most efficient solution to the
work problem.
D. Ensure complete, accurate, and updated documentation of the application.
1237
Section E – Governance, Risk Management and Controls
ANSWER TO QUESTION NO. 237
CORRECT ANSWER IS D . Its Explanation is
The application appears to do the task well, so limiting its use, verifying its effectiveness, and replacing it are
probably not the most effective and efficient controls. Ensuring that the application’s design and subsequent
modifications are documented would be most effective. This helps protect the function against the eventual loss of
its author’s expertise if the employee retires or leaves the organization, as well as control the impact of
modifications to the program. If the application does not include application authentication controls, this would
also be a good recommendation.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
See the correct answer for an explanation.
Explanation for Choice B:
See the correct answer for an explanation.
Explanation for Choice C:
See the correct answer for an explanation.
1238
1241
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 1
Which of the following would indicate that fraud may be present in a marketing
department?

A. To encourage creativity, management has adopted a control environment

that can best be described as "very loose."
B. A manager appears to be living a lifestyle that is in excess of what could be
provided by a marketing manager's salary.
C. All of the above.
D. There is no documentation for some fairly large payments made to a new
vendor.

1242
Section F – Fraud Risks
ANSWER TO QUESTION NO. 1
CORRECT ANSWER IS C . Its Explanation is

Unsupported transactions, lavish lifestyles, and loose control environments are all
considered fraud symptoms that should heighten the auditor’s awareness of potential
fraud.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
This is considered a potential fraud symptom, but so are the other items.
Explanation for Choice B:
This is considered a potential fraud symptom, but so are the other items.
Explanation for Choice D:
This is considered a potential fraud symptom, but so are the other items. 1243
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 3
An accounting clerk developed a scheme to enter fraudulent invoices into the
computer system for nonexistent vendors. All the payments were sent to the same
address. The internal auditor suspects a possible fraud. The internal auditor should
test all of the vendor information rather than a sample of the vendor transactions
because

A. The Standards prohibit the use of sampling if fraud is expected.

B. The only effective approach requires performing procedures "through the
computer."
C. The engagement procedures used to compare vendor information require the
reading of all records.
D. Although non-sampling error is reduced, sampling error is larger when computers
are used to draw the sample. 1246
Section F – Fraud Risks
ANSWER TO QUESTION NO. 3
CORRECT ANSWER IS C . Its Explanation is

If fraud is suspected, then all transactions have to be examined.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The Standards do not prohibit the use of sampling.
Explanation for Choice B:
Manually checking the vendor information is effective, but inefficient.
Explanation for Choice D:
Sampling error is not larger when computers are used to draw the sample. In fact, the use of
computers could make possible to check all transactions.
1247
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 5
Which of the following is true about interviewing an individual during the
investigation of suspected fraud?

A. The internal auditor's role involves collecting facts.

B. The internal auditor's role involves attempting to obtain confessions of guilt.
C. Internal auditors should be empowered to confine fraud suspects to the
office but only for the purpose of interviewing them.
D. Internal auditors are authorized to waive punishment of the employee if the
employee restores the item(s) stolen.

1250
Section F – Fraud Risks
ANSWER TO QUESTION NO. 5
CORRECT ANSWER IS A . Its Explanation is

This is true. The internal auditor mainly gathers facts during a fraud
investigation.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
This is the role of an investigator.
Explanation for Choice C:
This is considered false imprisonment.
Explanation for Choice D:
This is considered compounding a felony. The right to punish or forgive a criminal act is
reserved to the state.
1251
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 7
Which of the following gives the internal auditor the authority to investigate
fraud?

A. The Standards.
B. Common law.
C. The Institute of Internal Auditors Code of Ethics.
D. Management.

1254
Section F – Fraud Risks
ANSWER TO QUESTION NO. 7
CORRECT ANSWER IS D . Its Explanation is
The internal auditor may recommend whatever investigation is considered necessary in the
circumstances. Thereafter, the auditor should follow up to see that the IAA's responsibilities
have been met. Generally, a fraud specialist carries out fraud investigations. Management
must authorize any internal auditor involvement in an investigation.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Internal auditors only have the authority to recommend a fraud investigation.
Explanation for Choice B:
Internal auditors only have the authority to recommend a fraud investigation.
Explanation for Choice C:
The IIA Code of Ethics does not specifically mention fraud investigation.
1255
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 9
During an engagement involving a purchasing department, an internal auditor
discovered that many purchases were made (at normal prices) from an office
supplier whose owner was the brother of the director of purchasing. Controls were
in place to restrict such purchases and no fraud appears to have been committed.
In this case, the internal auditor should recommend

A. The development of an approved-vendor file initiated by the buyer and

approved by the director of purchasing.
B. The initiation of a conflict-of-interest policy.
C. Establishment of a price policy (range) for all goods.
D. The inspection of all receipts by receiving inspectors.
1258
Section F – Fraud Risks
ANSWER TO QUESTION NO. 9
CORRECT ANSWER IS B . Its Explanation is

The internal auditor should recommend the initiation of a conflict-of-interest policy. A

conflict-of interest policy is a guideline that restricts business dealings with relatives
unless fully disclosed and approved by senior management.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
The development of an approved-vendor file initiated by the buyer and approved by the director of
purchasing would not necessarily prevent a conflict-of-interest.
Explanation for Choice C:
The establishment of a price policy would not prevent a conflict-of-interest.
Explanation for Choice D:
The inspection of all receipts by receiving inspectors is an appropriate receiving control, but it would not
prevent a conflict-of-interest. 1259
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 11
The following are facts about a subsidiary:
1. The subsidiary has been in business for several years and enjoyed good profit margins although the
general economy was in a recession, which affected competitors.
2. The working capital ratio has declined from a healthy 3 to 0.9.
3. Turnover for the last several years has included three controllers, two supervisors of accounts
receivable, four payables supervisors, and numerous staff in other financial positions.
4. Purchasing policy requires three bids. However, the supervisor of purchasing at the subsidiary has
instituted a policy of sole-source procurement to reduce the number of suppliers.
When conducting a financial audit of the subsidiary, the internal auditor should

A. Most likely not detect 1, 2, or 3.

B. Ignore 2 since the economy had a downturn during this period.
C. Consider 3 to be normal turnover, but be concerned about 2 and 4 as warning signals of fraud.
D. Consider 1, 2, 3, and 4 as warning signals of fraud.

1262
Section F – Fraud Risks
ANSWER TO QUESTION NO. 11
CORRECT ANSWER IS D . Its Explanation is
Items 1, 2, 3 and 4 are all warning signs of potential fraud. If the company is experiencing good profit margins
during a recession, it's possible that management is distorting the financial statements in order to improve results.
The large drop in working capital may indicate that funds were diverted for personal use. The high employee
turnover indicates that employees are not happy in their positions, and maybe, they do not want to disclose
existing problems. The sole procurement practice does not stimulate competition and does indicate favoritism.
Favoritism often results from kickbacks, etc.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
Items 1, 2 and 3 would all be detected during a financial audit.
Explanation for Choice B:
Even though the economy experienced a downturn, the company still experienced good profit margins. Thus,
working capital should not have declined as it did. This might indicate that funds were diverted for personal use.
Explanation for Choice C:
The high employee turnover, the drastic drop in working capital, and sole-source procurement would all be
indicators of potential fraud.

1263
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 151
Which of the following is an example of skimming?
A. Two friends who work together have an arrangement that the first to arrive to work for
the day punches in using the time clock for both of them, and the last one to leave
punches out for both of them.
B. The organization issued payroll checks weekly. However, due to cash flow issues, the
organization kept the amounts withheld from the employee paychecks (federal
withholding, Social Security, Medicare, etc.) for its own use.
C. The auditor discovered one of the managers was including personal items on the
organization’s weekly vendor orders. There was no evidence the manager had reimbursed
the organization for the expense.
D. As an incentive to limo drivers, an organization promised $25 for each $250 helicopter
tour sold. After hearing several customer complaints, the manager discovered that one of
the drivers was charging the customers $300 per tour and pocketing the difference. 1542
Section F – Fraud Risks
ANSWER TO QUESTION NO. 151
CORRECT ANSWER IS D . Its Explanation is
Skimming is a theft of cash before the accounting entry is recorded. Examples include accepting
payment from a customer but not reporting the sale and overcharging the customer for the sale
and keeping the difference. Skimming is very difficult to detect as there is no audit trail.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
Payroll fraud is a false claim for compensation. It can include, for example, falsifying timesheets, claiming overtime for
hours not worked, and payments to fictitious or terminated employees. An employee punching the time clock for another
employee is an example of payroll fraud.
Explanation for Choice B:
The illegal nonpayment or underpayment of tax is considered tax evasion. Intentionally falsifying a tax return, failing to
remit taxes, and failing to report taxes are examples.
Explanation for Choice C:
Payment fraud involves payment for fictitious goods or services, overstatement of invoices, or use of invoices for personal
reasons. The manager was using the organization, through vendor invoices, to purchase items for his or her personal use.
1543
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 153
An upcoming internal audit engagement involves the possibility of fraud. The
Standards require the internal auditors to possess which of the following skills?

A. To be able to identify indicators that fraud may have been committed.

B. To hold a current Certified Fraud Examiner certification.
C. To hold a current Certified Internal Auditor certification.
D. To possess technical expertise in a particular area of fraud examination, such as
computer hacking.

1546
Section F – Fraud Risks
ANSWER TO QUESTION NO. 153
CORRECT ANSWER IS A . Its Explanation is
An internal auditor’s responsibilities for the detection of fraud include (1) having sufficient
knowledge to identify indicators that fraud may have been committed, (2) being alert to
opportunities that could allow fraud (e.g., control weaknesses), and (3) being able to evaluate the
indicators of fraud sufficiently to determine whether a fraud investigation should be conducted.

INCORRECT CHOICES EXPLANATION

Explanation for Choice B:
The Standards do not require an internal auditor to hold a Certified Fraud Examiner certification to serve on an
engagement in which possibility of fraud exists.
Explanation for Choice C:
The Standards do not require an internal auditor to hold a Certified Internal Auditor certification to serve on an
engagement in which possibility of fraud exists.
Explanation for Choice D:
The Standards do not require an internal auditor to have technical expertise in a particular area of fraud examination to
serve on an engagement in which a possibility of fraud exists. 1547
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 155
The internal audit activity’s responsibility for preventing fraud is to

A. Exercise operating authority over fraud prevention activities.

B. Maintain internal control.
C. Establish internal control.
D. Evaluate the system of internal control.

1550
Section F – Fraud Risks
ANSWER TO QUESTION NO. 155
CORRECT ANSWER IS D . Its Explanation is

Control is the principal means of preventing fraud. Management, in turn, is primarily

responsible for the establishment and maintenance of control. In an assurance
engagement, internal auditors are primarily responsible for preventing fraud by examining
and evaluating the adequacy and effectiveness of control
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
Operating authority is a management function.
Explanation for Choice B:
Maintaining internal control is management’s responsibility.
Explanation for Choice C:
Establishing internal control is management’s responsibility.
1551
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 157
Internal auditors and management have become increasingly concerned about
computer fraud.
Which of the following control procedures is least important in preventing
computer fraud?

A. Testing of new applications by users during the systems development process.

B. Program change control requiring a distinction between production programs
and test programs.
C. Segregation of duties between the programmer and systems analyst.
D. Segregation of duties between the applications programmer and the program
librarian function.
1554
Section F – Fraud Risks
ANSWER TO QUESTION NO. 157
CORRECT ANSWER IS C . Its Explanation is
Segregation of the programming and systems analysis functions is of least concern given that
the analyst is responsible for communicating the nature of the design to the programmer.
Programmer-analyst is a common job title.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Testing of new applications by users is one of the most important controls to help prevent computer fraud.
Explanation for Choice B:
A program should be redesigned using a working copy, not the version in use.
Explanation for Choice D:
Adequate control over program changes is one of the most important control procedures in a computerized
environment. Programmers should not have access to operational progress, and librarians should not be able to
program. 1555
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 159
How does fraud awareness training support fraud prevention?

A. Reduces opportunities to commit fraud.

B. Facilitates the testing of controls.
C. Helps develop credible responses to potential risks.
D. Limits rationalization.

1558
Section F – Fraud Risks
ANSWER TO QUESTION NO. 159
CORRECT ANSWER IS D . Its Explanation is
An individual justifies fraudulent actions by rationalization. Fraud awareness training minimizes
rationalization by (1) supporting the ethical tone at the top, (2) promoting an anti-fraud
environment, and (3) emphasizing that the organization does not tolerate misconduct of any
kind.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Fraud awareness training does not reduce opportunities to commit fraud.
Explanation for Choice B:
Fraud awareness training does not facilitate the testing of controls.
Explanation for Choice C:
Controls help develop credible responses to potential risks, not fraud awareness training.
1559
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 161
The primary purpose of operating a fraud hotline within an organization is
to

A. Measure how well organizational units are achieving the organization’s

goals.
B. Reduce total costs of operations.
C. Concentrate on areas that deserve attention.
D. Establish channels of communication for people to report suspected
improprieties.

1562
Section F – Fraud Risks
ANSWER TO QUESTION NO. 161
CORRECT ANSWER IS D . Its Explanation is

Fraud-related information and communication practices promote fraud risk

management. For example, hotlines are a convenient way for employees to report
suspected improprieties.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
The primary purpose of operating a fraud hotline is not to measure how well organizational units are
achieving the organization’s goals.
Explanation for Choice B:
Reducing total costs of operating the organization is not the primary purpose of a fraud hotline.
Explanation for Choice C:
Concentrating on areas that deserve attention and less attention on areas operating as expected is not
the primary purpose of a fraud hotline. 1563
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 163
A chief audit executive (CAE) suspects that several employees have used desktop
computers for personal gain. In conducting an investigation, the primary reason that
the CAE chose to engage a forensic information systems auditor rather than using the
organization’s information systems auditor is that a forensic information systems
auditor would possess

A. Superior analytical skills that would facilitate the identification of computer abuse.
B. Knowledge of what constitutes evidence acceptable in a court of law.
C. Knowledge of the computing system that would enable a more comprehensive
assessment of the computer use and abuse.
D. Superior documentation and organization skills that would facilitate in the
presentation of findings to senior management and the board.
1566
Section F – Fraud Risks
ANSWER TO QUESTION NO. 163
CORRECT ANSWER IS B . Its Explanation is
The distinguishing characteristic of forensic auditing is the knowledge needed to testify as an
expert witness in a court of law. Although a forensic auditor may possess the other attributes
listed, the organization’s information systems auditor may also possess these skills or knowledge
elements.
INCORRECT CHOICES EXPLANATION
Explanation for Choice A:
A forensic auditor would not necessarily have analytical skills that are superior to those of the organization’s
auditor.
Explanation for Choice C:
The organization’s information systems auditor would probably have more knowledge of the organization’s
computing systems than a forensic auditor.
Explanation for Choice D:
A forensic auditor would not necessarily have organizational skills that are superior to those of the organization’s
auditor. 1567
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 165
Why does The IIA’s Code of Ethics in Rule of Conduct 4.2 require that due
professional care be used in obtaining information to support an engagement
opinion?

A. To require honesty in performing work.

B. If internal auditors were permitted to communicate engagement results without
obtaining sufficient information, they would be in a position to accept fees or gifts
from engagement clients.
C. To preclude any conflict of interest.
D. Sufficient, reliable, relevant, and useful information lends credibility to the
opinion.
1570
Section F – Fraud Risks
ANSWER TO QUESTION NO. 165
CORRECT ANSWER IS D . Its Explanation is
Engagements must be performed with proficiency and due professional care (Attr. Std. 1200), and the engagement results must be
communicated (Perf. Std. 2400). Engagement results include observations, conclusions, opinions, recommendations, and action
plans. If internal auditors expressed opinions or otherwise communicated engagement results without substantive investigation
and compliance with the Standards, such communications would be meaningless. The Standards are therefore incorporated by
reference into The IIA’s Code of Ethics by Rule of Conduct 4.2. Thus, internal auditors must identify sufficient, reliable, relevant,
and useful information to achieve the engagement’s objectives

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Rule of Conduct 1.1 requires honesty, diligence, and responsibility in the performance of work.
Explanation for Choice B:
Rule of Conduct 2.2 prohibits accepting anything that may impair or be presumed to impair the professional judgment of an
internal auditor.
Explanation for Choice C:
A separate ethics rule prohibits conflicts of interest. Rule of Conduct 2.1 states, “Internal auditors shall not participate in any
activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those
activities or relationships that may be in conflict with the interests of the organization.” 1571
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 167
When interviewing an individual suspected of fraud, the interviewer should

A. Lock the door to ensure no one will interrupt the interview.

B. Ensure the suspect’s supervisor is present during the interview.
C. Pay attention to the wording choices of the suspect.
D. Ask if the suspect committed the fraud.

1574
Section F – Fraud Risks
ANSWER TO QUESTION NO. 167
CORRECT ANSWER IS C . Its Explanation is
Through his or her choice of words, a suspect can reveal much without meaning to. Excessive
and/or inappropriate use of the passive voice or of impersonal pronouns may indicate a desire
to be detached from the topic.

INCORRECT CHOICES EXPLANATION

Explanation for Choice A:
Although the area in which the fraud interview takes place should be private, the suspect should not feel that (s)he
is in a room in which no one can come to his or her aid.
Explanation for Choice B:
The presence of the suspect’s supervisor may inhibit honest communication on the suspect’s part.
Explanation for Choice D:
Directly asking the suspect if (s)he committed the fraud is not appropriate. The questioner should appear confident
that (s)he already has all the relevant facts and not provide the suspect with an opportunity to deny the fraud.
1575
Section F – Fraud Risks
MULTIPLE CHOICE QUESTION NO. 169
Forensic auditing differs from internal auditing because forensic auditing

A. Relies more heavily on investigative skills.

B. Concentrates less on legal issues.
C. Places less emphasis on communication skills.
D. Focuses on error identification and prevention.

1578
Section F – Fraud Risks
ANSWER TO QUESTION NO. 169
CORRECT ANSWER IS A . Its Explanation is
Forensic auditing is the use of accounting and auditing knowledge and skills in matters having civil
or criminal legal implications. Engagements involving fraud, litigation support, and expert witness
testimony are examples. Forensic auditing requires investigative and accounting skills. The
investigative skills are required to collect, analyze, and evaluate financial evidence. These skills
differentiate forensic auditing from internal auditing.
INCORRECT CHOICES EXPLANATION
Explanation for Choice B:
Forensic auditing applies accounting facts gathered through auditing procedures to legal problems. Thus,
forensic auditing focuses heavily on legal issues.
Explanation for Choice C:
Although both forensic and internal auditing require written and oral communication skills, these skills are
more critical in forensic auditing.
Explanation for Choice D:
Internal auditing, not forensic auditing, focuses on error identification and prevention. 1579
LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017
CIA Part 1 Test Bank Questions 2022 (16 August 2021)
Web: https://zainacademy.us/product/cia-part-1-test-bank-questions-2022/
Web: https://mzain.org/product/cia-part-1-test-bank-questions-2022/

CPA Auditing and Attestation 2021 (26 July 2021)

Web: https://zainacademy.us/product/cpa-auditing-and-attestation-2021/
Web: https://mzain.org/product/cpa-auditing-and-attestation-2021/

CIA Review Complete 2021 (15 June 2021)

Web: https://zainacademy.us/product/cia-review-complete-2021/
Web: https://mzain.org/product/cia-review-complete-2021/

1581
LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017
CIA Part 2 Practice of Internal Auditing 2021 (05 May 2021)
Web: https://zainacademy.us/product/cia-part-2-practice-of-internal-auditing-2021/
Web: https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2021/

CIA Challenge Exam Study Book 2021 (03 May 2021)

Web: https://zainacademy.us/product/cia-challenge-exam-study-book-2021/
Web: https://mzain.org/product/cia-challenge-exam-study-book-2021/

CIA Part 1 Essentials of Internal Auditing 2021 (23 April 2021)

Web: https://zainacademy.us/product/cia-part-1-essentials-of-internal-auditing-2021/
Web: https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2021/

CIA Part 3 Business Knowledge for Internal Auditing 2021 (14 April 2021)
Web: https://zainacademy.us/product/cia-part-3-2021/
1582
Web: https://mzain.org/product/cia-part-3-2021/
LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017
CMA Preparation Pack 2021 (24 March 2021)
Web: https://zainacademy.us/product/cma-preparation-pack-2021/
Web: https://mzain.org/product/cma-preparation-pack-2021/
CMA Part 1 Preparation Pack 2021 (22 March 2021)
Web: https://zainacademy.us/product/cma-part-1-preparation-pack-2021/
Web: https://mzain.org/product/cma-part-1-preparation-pack-2021/
CMA Part 2 Preparation Pack 2021 (12 February 2021)
Web: https://zainacademy.us/product/cma-part-2-preparation-pack-2021/
Web: https://mzain.org/product/cma-part-2-preparation-pack-2021/

CIA Challenge Exam Test Bank Questions 2021 (26 November 2020)
Web: https://zainacademy.us/product/cia-challenge-exam-2021/
Web: https://mzain.org/product/cia-challenge-exam-2021/

1583
LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017
CIA Part 3 Test Bank Questions 2021 (22 November 2020)
Web: https://zainacademy.us/product/cia-part-3-test-bank-questions-2021/
Web: https://mzain.org/product/cia-part-3-test-bank-questions-2021/

CIA Part 1 Test Bank Questions 2021 (28 September 2020)

Web: https://zainacademy.us/product/cia-part-1-test-bank-questions-2021/
Web: https://mzain.org/product/cia-part-1-test-bank-questions-2021/

CIA Part 2 Test Bank Questions 2021 (10 September 2020)

Web: https://zainacademy.us/product/cia-part-2-test-bank-2021/
Web: https://mzain.org/product/cia-part-2-test-bank-questions-2021/

CMA Part 2 Strategic Financial Management 2020 (21 April 2020)

Web: https://zainacademy.us/product/cma-part-2-2020/
Web: https://mzain.org/product/cma-part-2-strategic-financial-management-2020/

1584
LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017
CMA Part 1 Financial Planning, Performance and Analytics 2020 (01 February 2020)
Web: https://zainacademy.us/product/cma-part-1-study-book-2020/
Web: https://mzain.org/product/cma-part-1-financial-planning-performance-and-analytics-2020/

CIA Part 2 Test Bank Questions 2020 (24 December 2019)

Web: https://zainacademy.us/product/cia-part-2-test-bank-2020/
Web: https://mzain.org/product/cia-part-2-test-bank-questions-2020/

CIA Part 3 Test Bank Questions 2020 (14 December 2019)

Web: https://zainacademy.us/product/cia-part-3-test-bank-2020/
Web: https://mzain.org/product/cia-part-3-test-bank-questions-2020/

CIA Part 1 Test Bank Questions 2020 (08 December 2019)

Web: https://zainacademy.us/product/cia-part-1-test-bank-2020/
Web: https://mzain.org/product/cia-part-1-test-bank-questions-2020/

1585
LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017
CIA Part 2 Practice of Internal Auditing 2020 (25 September 2019)
Web: https://zainacademy.us/product/cia-part-2-2020/
Web: https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2020/

CIA Part 1 Essentials of Internal Auditing 2020 (12 September 2019)

Web: https://zainacademy.us/product/cia-part-1-2020/
Web: https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2020/

CPA Business Environment and Concepts (BEC) 2019 (22 July 2019)
Web: https://zainacademy.us/product/cpa-business-environment-and-concepts-bec-2019/
Web: https://mzain.org/product/cpa-business-environment-and-concepts-bec-2019/

CIA Part 2 Practice of Internal Auditing 2019 (11 April 2019)

Web: https://zainacademy.us/product/cia-part-2-practice-of-internal-auditing-2019/
Web: https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2019/

1586
LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017
CIA Part 1 Essentials of Internal Auditing 2019 (17 February 2019)
Web: https://zainacademy.us/product/cia-part-1-essentials-of-internal-auditing-2019/
Web: https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2019/

CIA Part 3 Business Knowledge for Internal Auditing 2019 (05 January 2019)
Web: https://zainacademy.us/product/cia-part-3-business-knowledge-for-internal-auditing-2019/
Web: https://mzain.org/product/cia-part-3-business-knowledge-for-internal-auditing-2019/
Certified Management Accountant (CMA) Part 1 2019 (07 October 2018)
Web: https://zainacademy.us/product/cma-part-1-financial-reporting-planning-performance-and-control-
2019/
Web: https://mzain.org/product/cma-part-1-financial-reporting-planning-performance-and-control-2019/

Certified Management Accountant (CMA) Part 2 2019 (13 September 2018)

Web: https://zainacademy.us/product/cma-part-2-financial-decision-making-2019/
Web: https://mzain.org/product/cma-part-2-financial-decision-making-2019/
1587
1588
QUOTES THAT WILL CHANGE YOUR LIFE
These are the quotes that have made me what I am today. You can also be the one in your
Universe:
• We are born in one day. We die in one day. We can change in one day. And we can fall in love in
one day Anything can happen in just one day.

The finest of the brains are in an extreme level of slavery. For them, career and job are
important than financial freedom and peace of soul. You will be replaced in a day or two when
you leave this world for eternal life. Not understanding this point will lead to a dead-end tunnel.
Seek certification to change your world, well-being, and, most important yourself.
• Excellence, Creativity, Passion, and Patience are key ingredients to become a Star.
• Get up and Hustle. Chase your dreams. Turn your dreams into reality by showing up every day.

1589
QUOTES THAT WILL CHANGE YOUR LIFE
• Have Confidence. You can do it. You have the capacity and potential to reach the top. Just
believe in your abilities and chase your dream.
• Dream is what seen by an open eye, not with the closed one.
• Dreams don’t work unless you do.
• What we learn becomes a part of who we are.
• The right way to start your day is to focus on end goal.
• Sometimes the bad things that happen in our lives put us directly on the path to the best things
that will ever happen to us.
• A creative man is motivated by the desire to achieve, not by the desire to beat others.
• Twenty years from now you will be more disappointed by the things that you didn’t do than by
the ones you did do. So throw off the bowlines. Sail away from the safe harbor. Catch the trade
winds in your sails. Explore. Dream. Discover.

1590
QUOTES THAT WILL CHANGE YOUR LIFE
• It does not matter how slow you go. So long as you don’t stop.
• It is never too late to begin.
• If it scares you, it might be a good thing to try.
• There is only you and your camera. The limitations in your photography are in yourself, for what
we see is what we are.
• Creativity is Intelligence having fun.
• All progress takes place out of comfort zone, so when are you starting.
• Everything you have ever wanted is on the other side of fear.
• When everything seems to be going against you, remember that the airplane takes off against
the wind, not with it.

1591
QUOTES THAT WILL CHANGE YOUR LIFE
• Unexpected kindness is the most powerful, least costly, and most underrated agent of human
change.
• Sometimes courage is the quiet voice at the end of the day saying I will try again tomorrow.
• Sometimes you win, sometimes you learn.
• Do something today that your future self will thank you for.
• The past has no power over the present moment. So forget about your failures and start a new
day.
• Most of the important things in the world have been accomplished by people who have kept on
trying when there seemed to be no help at all.
• Your imagination is everything. It is the preview of life’s coming attractions. Only those who
believe anything is possible can achieve things most would consider impossible.
• Don’t let the noise of others’ opinions drown out your own inner voice.
• Have the courage to follow your heart and intuition. They somehow already know what you
truly want to become. Everything else is secondary.
1592
QUOTES THAT WILL CHANGE YOUR LIFE
• Your time is limited, so don’t waste it living someone else’s life.
• Remembering that you are going to die is the best way I know to avoid the trap of thinking you
have something to lose. You are already naked. There is no reason not to follow your heart.
• Your work is going to fill large part of your life and the only way to be truly satisfied is to do
what you believe is great work. The only way to do great work is to love what you do. If you
haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you will know
when you find it.
• Success doesn’t come from what you do occasionally. It comes from what you do consistently.
• If opportunity doesn’t knock, build a door.
• The things you regret most in life are the risks you didn’t take.
• Every successful person was once an unknown person that refused to give up on their dream.
• Life is too short to be working for someone else’s dream.

1593
QUOTES THAT WILL CHANGE YOUR LIFE
• It always seems impossible until it’s done.
• Innovation distinguishes between a leader and a follower.
• Success is not final; failure is not fatal. It is the courage to continue that counts.
• Every problem is a gift. Without problems, we would not grow.
• There is no shortage of remarkable ideas, what’s missing is the will to execute them.
• Forget past mistakes. Forget failures. Forget everything except what you are going to do now
and do it.
• Many of life’s failure are people who did not realize how close they were to success when they
gave up.
• If something is important enough, or you believe something is important enough, even if you
are scared, you will keep going.

1594
QUOTES THAT WILL CHANGE YOUR LIFE
• The best way to predict the future is to create it.
• The only strategy that is guaranteed to fail is not taking risks.
• Only those who will risk going too far can possibly find out how far one can go.
• Don’t waste words on people who deserve your silence. Sometimes the most powerful thing
you can say is nothing at all.

1595