Which of the following best defines an engagement conclusion?

A.

 An auditor's determination of the cause of an engagement observation

B.

An auditor's professional judgment of the situation which was reviewed.

C.

An opinion that must be included in the engagement final communication.

D.

A recommendation for corrective action.

While investigating a compromised Web server, an auditor found that the Web server logs had
been deleted. The auditor should recommend that the Web server logs bE.

A.

Generated and maintained on a separate secure server.

B.

Accessible by administrative users only

C.

Encrypted to ensure that the logs cannot be deleted.

D.

Restored automatically to the Web server from backup files.

Which of the following actions by management would reduce an employee's opportunity to commit
fraud?

A.

Establishing physical controls over company assets.

B.

Eliminating bonuses tied to sales or other performance goals.

C.

Defining ethical behavior expectations in the company handbook.

D.

Identifying consequences, such as termination, for fraudulent activities

Which of the following are typical steps in the design of an organization's performance
measurement system?

A.

Understand organizational strategy; perform a situational assessment; establish measurement
categories; and take actions based upon measurement results.

B.

Categorize performance measures; establish a data collection plan; analyze data; and predict
future performance.

C.

Establish a measurement plan; create an organizational strategy linked to those
measurements; trend measurement data; and measure data variability.

D.

Perform a situational assessment; generate macro measurements; review measurement data;
and change strategy based upon measurement results

When interviewing an individual suspected of fraud, what type of questions would be asked after
the introductory questions?

A.

Informational questions.

B.

Admission-seeking questions.

C.

Assessment questions.

D.

Closing questions.

Which of the following activities would be performed during a benchmarking consulting
engagement?
I. Collect data relevant to the benchmarking process.
II. Review all business processes.
III. Define critical success factors.
IV. Identify performance gaps.

A.

I and III only

B.

II and IV only

C.

I, II, and III only

D.

I, III, and IV only

Which of the following tests must an internal auditor perform in order to ensure that inbound
electronic data interchange (EDI) transactions are received and translated accurately?
I. Computerized tests to assess transaction reasonableness and validity.
II. Review of log books to ensure that transactions are logged upon receipt.
III. Edit checks to identify unusual transactions.
IV. Verification of limitations on the authority of users to initiate specific EDI transactions

A.

I and IV only

B.

II and III only

C.

I, II, and III only

D.

 I, II, III, and IV.

A chief audit executive has noticed that staff auditors are presenting more oral reports to
supplement written reports. The best reason for the increased use of oral reports is that they:

A.

Reduce the amount of testing required to support audit findings.

B.

Can be delivered in an informal manner without preparation.

C.

 Can be prepared using a flexible format and reduce the information included in the written
report.

D.

Permit auditors to counter arguments and provide additional information that the audience may
require.

Which of the following is a responsibility of the internal auditor once a fraud investigation has been
concluded?

A.

Ascertain the extent to which fraud has been perpetrated.

B.

Notify the appropriate regulatory authorities regarding the outcome of the investigation.

C.

Determine if controls need to be implemented or strengthened to reduce future vulnerability.

D.

Implement controls to prevent future occurrences

A bank is developing an integrated customer information system. The type of audit involvement
that would most likely help avoid implementation of a system that does not cover all types of
accounts would be:

A.

A design review.

B.

An application control review.

C.

A source code review.

D.

An access control review.