When a risk assessment process has been used to construct an audit engagement
schedule,which of the following should receive attention first?

A.

The external auditors have requested assistance for their upcoming annual audit.

B.

A new accounts payable system is currently undergoing testing by the information
technology department.

C.

Management has requested an investigation of possible lapping in receivables.

D.

The existing accounts payable system has not been audited over the past year.

A major difference between enterprise risk management and traditional risk management
lies in the narrow focus of traditional risk management on:
I.Property and liability risks.
II.Risks with insurance solutions.
III.Risks impacting organizational objectives.

A.

I and IIonly

B.

I and IIIonly

C.

II and IIIonly

D.

I,II,and III.

A chief audit executive used risk assessment to prepare the audit work schedule. Which of
the following would be the least appropriate reason to modify the schedule?

A.

Need for coordination of audit activities with the external auditors.

B.

Request for postponement since the audit would be too complicated.

C.

Change in the relative risk of auditable activities during the year.

D.

Budget constraints or expansions.

The percentage of orders that are rush orders and the percentage of returns to total orders
are examples of which of the following types of control activities?

A.

Quality control monitoring.

B.

Direct functional management.

C.

Benchmarking.

D.

Performance indicators.

The internal audit activity's role in the risk assessment and management processes of an
organization is determined bythe:

A.

Board of directors.

B.

Chief audit executive.

C.

Risk management department.

D.

External auditors.

If management has not established a risk management process,the internal audit activitycould.

A.

Take a proactive role that supplements traditional assurance activities.

B.

Identify and mitigate risks to the organization.

C.

Assume responsibility for the management of identified risks.

D.

Assume primary responsibility for determining if adequate and effective processes are in place.

Which of the following processes should be included in a benchmarking activity?
I.Identify key measures.
II.Collect data on performances and practices.
III.Identify opportunities for improvement.

A.

IIonly

B.

I and IIIonly

C.

II and IIIonly

D.

I,II,and III.

The primary objective of risk-based auditing is to assessthe:

A.

Economy of controls.

B.

Compliance with controls.

C.

Adequacy of controls.

D.

Efficiency of controls.

Which of the following elements should an auditor recommend for inclusion in an
organization's code of ethics?
I.Ethics should vary with local customs in the organization's foreign operations.
II.Whistle-blowing should be discouraged because it can cause distrust among employees
and false accusations which waste organizational resources on investigations.
III.Ethical behavior should not be incorporated into performance evaluations because it is
too subjective and controversial.

A.

Ionly

B.

IIonly

C.

I,II,and III.

D.

None of the above.

Which of the following would have the least impact (either positive or negative) on an
assessment of a department's control environment?

A.

The department managed long-term investments,including investment in derivatives and
other financial instruments,to maximize return.

B.

The department manager sets a tone of honesty and integrity in all business dealings
and this tone is emulated by department personnel.

C.

Many department functions were duplicated or verified by other department employees
as part of the department's normal procedures.

D.

Audit tests designed to verify compliance with control procedures detected a general
failure to follow standard procedures for transaction authorization.