Risk assessments are valuable to the internal audit activity's planning process because they assist in:

A.

Eliminating all areas with low risk from the audit plan.

B.

Educating management on the importance of keeping the internal audit activity informed
of organizational changes.

C.

Identifying the audit universe or auditable activities that need to be reviewed.

D.

Identifying risks that management and the internal auditors have overlooked.

The chief commodity trader for a large energy company learns from a friend that a
competitor will likely fail its upcoming regulatory audit and will be forced to temporarily
decrease production. If the information is true,the trader has short-term opportunities to
make trades that will financially benefit the trader's company and will lead to a substantial
increase in the trader's performance bonus. However,if the information is not true,making
the trades will significantly increase the company's risk of being caught in a long position.
From an ethical perspective,which of the following would be the most appropriate course of
action for the trader to take?

A.

Make the trade because the company and the trader will both benefit.

B.

Have another trader on staff make the trade in order to avoid a conflict of interest.

C.

Disclose the information to the risk oversight committee but proceed with the trade to capitalize on the opportunity.

D.

Defer the decision to management and risk the loss of the trading opportunity.

All of the following would normally be involved in preparing for and carrying out the internal
audit activity's annual plan except:

A.

Establishing policies and procedures for workpapers and referencing.

B.

Providing periodic activity reports to the audit committee on audit engagements in progress.

C.

Assessing the amount of risk in major departments.

D.

Training audit staff on appropriate audit methodologies for addressing any newly identified risks.

Noncompliance with which of the following would cause a control deficiency related to
privacy protection practices?
I.An organization's internal privacy policies.
II.Financial accounting standards.
III.Privacy laws and regulations.
IV.The Standards.

A.

I and IIIonly

B.

II and IVonly

C.

II,III,and IVonly

D.

I,II,III,and IV.

A chief audit executive would most likely use risk assessment for audit planning because it provides:

A.

A systematic process for assessing and integrating professional judgment about
probable adverse conditions.

B.

A listing of potentially adverse effects on the organization.

C.

A list of auditable activities in the organization.

D.

The probability that an event or action may adversely affect the organization.

An internal audit activity's work schedule should always provide sufficient information to the
audit committee to enable it to determine whether the proposed engagements:

A.

Support the organization's objectives.

B.

Include sufficient fraud awareness.

C.

Will likely result in the detection of any major risk exposures.

D.

Are likely to detect control deficiencies.

When planning the work program for an assurance engagement,an internal auditor should
first review the department's business objectives and then:

A.

Identify risks.

B.

Review controls.

C.

Determine scope.

D.

Evaluate vulnerabilities.

Which of the following would be the most effective action for an internal audit activity to
take in order to assist in improving an organization's ethical climate?
I.Review formal and informal processes within the organization that could promote
unethical behavior.
II.Conduct surveys of employees,suppliers,and customers regarding ethics.
III.Assess the employees' knowledge of and compliance with the organization's code of conduct.

A.

Ionly

B.

I and IIonly

C.

II and IIIonly

D.

I,II,and III.

An internal audit activity encounters a scope limitation from senior management that will
affect its ability to meet its goals and objectives for a potential engagement client. The
nature of the scope limitation shouldbe.

A.

Noted in the audit workpapers,but the engagement should be carried out as
scheduled,with any necessary adjustments made based on the scope limitation.

B.

Communicated to the external auditors so that they can investigate the area in more detail.

C.

Communicated,preferably in writing,to the board.

D.

Communicated to management,stating that the limitation will not be accepted because it
would impair the audit activity's independence.

Which of the following is a key performance indicator for an internal audit function?

A.

Audit expenditures compared to financial budgets.

B.

Percent of required continuing education hours completed.

C.

Implementation of new audit computer software.

D.

Frequency of meetings with the board members.