Which of the following elements is important for an internal auditor to consider when
performing a privacy risk assessment of an organization?
I.Areas where personal information is collected,used,stored,and disseminated.
II.Inherent risk.
III.Privacy practices of competitors.
IV.Third-party recipients of information.

A.

IIIonly

B.

I and IIonly

C.

I,II,and IVonly

D.

I,II,III,and IV.

In a well-developed management environment,the internal audit activitywould.

A.

Report the results of audit engagements to line management as well as to senior management.

B.

Conduct regularly scheduled audits of existing systems and initial audits of new computer systems after they have begun operating.

C.

Interface primarily with senior management,minimizing interactions with line managers
who are the subjects of internal audit work.

D.

Focus on the maintenance of accounting controls (such as segregation of the duties of
authorization,recording,and custody) and report results to the audit committee.

The primary role of the internal audit activity in regard to an organization's ethical climate is to:

A.

Participate as chief ethics officer.

B.

Periodically assess the ethical climate.

C.

Utilize surveys to evaluate employee ethics.

D.

Demonstrate ethical behavior.

Which of the following statements is correct regarding risk analysis?

A.

The extent to which management judgments are required in an area could serve as a
risk factor in assisting the auditor in making a comparative risk analysis.

B.

The highest risk assessment should always be assigned to the area with the largest potential loss.

C.

The highest risk assessment should always be assigned to the area with the highest probability of occurrence.

D.

Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.

According to the International Professional Practices Framework,a primary purpose of
evaluating the adequacy of an organization's risk management,control,and governance
processes is to determine if it:

A.

Was designed to ensure compliance with policies,plans,procedures,laws,and regulations.

B.

Provides reasonable assurance that the organization's objectives will be met.

C.

Mitigates inherent risk.

D.

Assures the reliability and integrity of information used by management.

An internal quality assessment of the internal audit activity should provide the chief audit executivewith.

A.

Recommendations for improvement.

B.

Objectives for internal audit engagements.

C.

Confirmation of action on past audit recommendations.

D.

Appraisals of internal audit staff performance.

According to the Standards,which of the following must an internal auditor take into
consideration when performing an assurance engagement of treasury operations?
I.The audit committee has requested assurance of the treasury department's compliance
with a new policy on the use of financial instruments.
II.Treasury management has not instituted any risk management policies.
III.Due to the recent sale of a division,the amount of cash and marketable securities
managed by the treasury department has increased by 350 percent.
IV.The external auditors have indicated some difficulties in obtaining account confirmations.

A.

I and IIonly

B.

I and IVonly

C.

I,II,and IIIonly

D.

II,III,and IVonly

Management should be included in the development of the audit plan in order to:

A.

Provide assurance that past audit recommendations have been properly implemented.

B.

Select the audit tests that will be used for each engagement.

C.

Verify that the highest risks are included in the risk-based audit plan.

D.

Guarantee access to the organization's sites and records for audit work.

A dental insurance provider has implemented an electronic claim submission process and
is concerned that dentists are submitting claims for services that were not provided. Which
of the following control procedures would be most effective in preventing this type of fraud?

A.

Develop a program that identifies procedures performed on an individual which are
either in excess of expectations based on the age of the insured or are similar to other
procedures recently performed on the individual.

B.

Require all submitted claims to be followed by a signed statement by the dentist
testifying to the fact that the claimed procedures were performed.

C.

Send confirmations to the dentists requesting them to confirm the exact nature of the
claims submitted to the insurance provider.

D.

Develop an integrated test facility and submit false claims to verify that the system is
detecting such claims on a consistent basis.

Which of the following actions by a chief audit executive would be most effective in preventing fraud?

A.

Ensure that the board is aware of all fraud that has been identified or reported.

B.

Train the internal audit staff in identifying fraud indicators.

C.

Review the adequacy of all policies that describe prohibited activities.

D.

Submit an annual report to the board on all fraud that has been detected.