When interrogating an individual who is suspected of fraud, it is appropriate to:

A.

Tell the individual that any information disclosed in the interrogation will not be disclosed
outside of the company.

B.

Start the interview with questions to which the interviewer already knows the answer.

C.

Discontinue questioning once the individual has confessed to the fraud.

D.

Prepare a list of questions prior to the interrogation and strictly adhere to the list.

Questions used to interrogate individuals suspected of fraud should:

A.

Adhere to a predetermined order.

B.

 Cover more than one subject or topic.

C.

Move from general to specific.

D.

Direct the individual to a desired answer.

A chief audit executive (CAE) suspects that several employees have used desktop computers for
personal gain. In conducting an investigation, the primary reason that the CAE would choose to
engage a forensic information systems auditor rather than using the organization's information
systems auditor is that a forensic information systems auditor would possess:

A.

Knowledge of the computing system that would enable a more comprehensive assessment of
the computer use and abuse.

B.

Knowledge of what constitutes evidence acceptable in a court of law.

C.

Superior analytical skills that would facilitate the identification of computer abuse.

D.

 Superior documentation and organization skills that would facilitate in the presentation of
findings to senior management and the board.

While conducting a payroll audit, an internal auditor in a large government organization found
inadequate segregation in the duties assigned to the assistant director of personnel. When the
auditor explained the risk of fraud, the assistant director became upset, terminated the interview,
and threatened to sue the organization for defamation of character if the audit engagement was
not curtailed. The auditor discussed the situation with the chief audit executive (CAE). The CAE
should then:

A.

Curtail the audit engagement to avoid potential legal action.

B.

 Provide a report to senior management recommending a fraud investigation.

C.

Continue the original engagement program as planned but include a comment about the
assistant director's reaction in the engagement final communication.

D.

Add additional testing to determine whether other indicators of fraud exist.

Which of the following is the most appropriate step for the chief audit executive to take in order to
avoid defamation of character of the principal suspect in a fraud investigation?

A.

Restrict the use of potentially damaging words to privileged reports or discussions.

B.

Label all workpapers, reports, and correspondence of the internal audit activity as private.

C.

Restrict discussions of the fraud to members of management who express an interest in the
investigation.

D.

Destroy all investigation workpapers and reports if the fraud cannot be proven.

The scope of a consulting engagement performed by internal auditors should:

A.

Be sufficient to address the objectives agreed upon with the client.

B.

Exclude areas that might be the subject of subsequent assurance engagements.

C.

Be limited to activities within the current operating period.

D.

Be preapproved in conjunction with the annual plan of consulting engagements

The following are potential sources of evidence regarding the effectiveness of a division's total
quality management program. The least persuasive evidence would be a comparison oF.

A.

Employee morale before and after program implementation.

B.

Scrap and rework costs before and after program implementation.

C.

 Customer returns before and after program implementation.

D.

Manufacturing and distribution costs per unit before and after program implementation.

A chief audit executive (CAE) of a major retailer has engaged an independent firm of information
security specialists to perform specialized internal audit activities. The CAE can rely on the
specialists' work only if it is:

A.

Performed in accordance with the terms of the contract.

B.

Carried out in accordance with the Standards.

C.

Performed under the supervision of the information technology department.

D.

 Carried out using standard review procedures for retailers.

When conducting a performance appraisal of an internal auditor who has been a below-average
performer, it is not appropriate to:

A.

Notify the internal auditor of the upcoming appraisal several days in advance.

B.

Use objective, impartial language.

C.

Use generalizations.

D.

Document the appraisal.

An organization contracted a third party to construct a new facility that was estimated to cost $25
million. Which of the following is the most pertinent reason for the organization to audit the
contractor's records?

A.

 The contract includes a right-to-audit clause.

B.

The contractor will be paid on a cost-plus basis.

C.

The estimated cost is high.

D.

The contractor has subcontracted much of the work.