What is What?
The main goal of an audit engagement is what?
A. Audit Scope
B. Audit Universe
C. Audit Objective
D. Risk Assessment
C. Audit Objective
Internal audit engagements should be:
A. Risk-based and planned accordingly
B. Randomly assigned
C. Based on the board's intuition
D. Chosen by department heads
A. Risk-based and planned accordingly
How often must the CAE perform a documented risk assessment for the audit plan?
A. Every five years
B. At least annually
C. Only when requested by the board
D. Once during the CAE’s tenure
B. At least annually
Who is responsible of the final approval of all result documents?
A. Executive Board
B. Supervisory Board
C. CAE
D. Auditor
C. CAE
A control was performed 420 times during the time frame of the audited period. What is the minimum number of items to test according to our GA Manual?
A: 15
B: 20
C: 25
D: 30
C: 25
The boundaries or limits of of areas, systems and processes of an audit engagement is what?
A. Audit Scope
B. Audit Universe
C. Audit Objective
D. Risk Assessment
A. Audit Scope
What is the purpose of the rating methodology in reporting?
A. To scare auditees
B. To measure control frequency
C. To provide consistency and transparency
D. To avoid audit trail documentation
C. To provide consistency and transparency
What is a new mandatory element for internal audit management in the 2024 Standards?
A. Internal audit charter
B. Annual risk report
C. Internal audit strategy
D. Annual ethics certification
C. Internal audit strategy
Which of the following is typically considered a fraud red flag during an internal audit?
A. Unexplained lifestyle improvements inconsistent with known income
B. Regular approval of overtime work in finance
C. High staff turnover in the IT department
D. Unreconciled bank accounts with known audit issues
A. Unexplained lifestyle improvements inconsistent with known income
Which controls proactively reduce likelihood of risks materializing?
A. Detective controls
B. Preventive controls
C. Both
D. None
B. Preventive controls
The objectives of a Test of Design are
A. Completeness, Alignment, Adequacy, Efficiency
B. Efficiency, Adequacy, Structure, Completeness
C. Adequacy, Alignment, Classification, Efficiency
D. Efficiency, Ratio, Completeness, Adequacy
A. Completeness, Alignment, Adequacy, Efficiency
An audit observation has no economic implications for the company, no breaches of the ICS and no non-compliance with with (regulatory) law.
However, it is classified as an A-Observation.
Which classification dimension is the observation stemming from?
Strategy
What is not part of our Mandate?
Enhance the organisations
A. Governance
B. Controls
C. Risk Management
D. ROI
D. ROI
Which of these is not a core task of the internal audit function?
A. Implement HR-wide strategic measures
B. Conduct Audits
C. Provide Advisory Services
D. Act as a local audit function
A. Implement HR-wide strategic measures
Audit methods from low to high assurance:
A. Observation, Inquiry, Examination, Reperformance
B. Reperformance, Inquiry, Observation, Examination
C. Inquiry, Examination, Observation, Reperformance
D. Inquiry, Observation, Examination, Reperformance
D. Inquiry, Observation, Examination, Reperformance
Every observation/finding should contain
A. Significance, Adequacy, effectiveness, difference, criteria
B. Cause, Criteria, Effect, Comparison, Condition
C. Criteria, Condition, Cause, Effect, Significance
D. Effectiveness, Significance, Critical Reasoning, Criteria, Condition
C. Criteria, Condition, Cause, Effect, Significance
Q: Which of the following best defines “sufficient” documentation in the context of an internal audit engagement?
A. Documentation that allows the CAE to defend the audit’s budget to senior management.
B. Documentation that would enable an experienced auditor with no prior involvement to understand the work performed, the evidence obtained, and the conclusions reached.
C.Documentation that summarizes the audit steps and documents the auditees agreement with audit observations.
D. Documentation that includes all communications with the auditee and final draft of the report.
B. Documentation that would enable an experienced auditor with no prior involvement to understand the work performed, the evidence obtained, and the conclusions reached.
What does QAIP stand for?
A. Quality Assessment of Internal Personnel
B. Quantitative Assurance & Internal Planning
C. Quality Assurance and Improvement Program
D. Qualified Auditor Internal Plan
C. Quality Assurance and Improvement Program
Which of the following audit techniques is most effective for detecting fraudulent transactions?
A. Control self-assessment workshops
B. Trend and ratio analysis over time
C. Policy compliance checklists
D. Sample testing
B. Trend and ratio analysis over time
What is a practical approach to selecting audit methods for a complex, high-risk process?
A. Apply a single audit method to all processes for consistency
B. Focus on Test of Operating Effectiveness
C. Combine multiple methods, such as data analytics and walkthroughs, based on risk
D. Conduct a walkthrough by inquiry
C. Combine multiple methods, such as data analytics and walkthroughs, based on risk
The objectives of a Test of Operating Effectiveness are
A. Alignment, Consistent Operation, Efficiency, Control Performance
B. Human and System Reliability, Classification, Control Performance, Operational Deficiencies
C. Operational Deficiencies, Adequacy, Structure, Consistent Operation
D. Consistent Operation, Control Performance, Operational Deficiencies, Human and System Reliability
D. Consistent Operation, Control Performance, Operational Deficiencies, Human and System Reliability
An internal auditor finalizes an engagement where significant judgment was applied in concluding that a policy deviation did not result in a control failure. According to the GIAS, which of the following best reflects the documentation requirement in this case?
A. Document the final conclusion and summary of fieldwork since the deviation was deemed low-risk.
B. Retain the working papers for at least 3 years and reference the deviation in the closing meeting minutes.
C. Ensure the rationale for the auditor’s judgment, including alternative considerations and supporting evidence, is clearly documented in the working papers.
D. Include a statement of assurance in the audit report but omit documentation of judgment to protect auditor independence.
C. Ensure the rationale for the auditor’s judgment, including alternative considerations and supporting evidence, is clearly documented in the working papers.
Which one of these is not a key control according to our Group Audit Charter?
A. The Supervisory Board monitors the effectiveness of the internal audit function
B. The Executive Board approves the Annual Report of Group Audit
C. The Supervisory Board monitors the independence of the CAE
D. The Executive Board approves the Annual Audit Plan of Group Audit
C. The Supervisory Board monitors the independence of the CAE
According to the 2024 Global Internal Audit Standards, what is the internal auditor’s responsibility regarding fraud?
A. To conduct criminal investigations into suspected fraud
B. To guarantee that no fraud occurs within the organization
C. To evaluate the adequacy and effectiveness of controls in responding to fraud risks
D. To approve the fraud risk management policy of the organization
C. To evaluate the adequacy and effectiveness of controls in responding to fraud risks
Every month an employee checks a payment file with 45 transactions for their correctly associated bank account numbers.
What should our control sample size be, considering the control is considered low risk?
A. 5 months
B. 20 transactions
C. 2 months or 25 transactions
D. 1 month and additional 20 transactions
C. 2 months or 25 transactions