CIA Part 1 mixed MCQ questions First solve & then check yourself.Answers are at the end.
1️⃣ Former Responsibility Threat
Riya, an internal auditor, is assigned to audit the procurement department. She worked as Procurement Manager in the same department six months ago.
What is the MOST appropriate action?
A. Continue audit since she knows the department well
B. Disclose prior role but continue audit
C. Decline the engagement due to impaired objectivity
D. Perform audit but avoid testing her previous decisions
Answer:.
2️⃣ Management Pressure
The CFO asks the internal auditor to remove a significant control weakness from the draft report to avoid negative board reaction.
What should the auditor do FIRST?
A. Remove the finding
B. Discuss with audit committee
C. Ignore CFO’s request and issue report
D. Resign immediately
Answer
3️⃣ Gift from Vendor
An internal auditor receives an expensive gift hamper from a vendor during an ongoing audit.
Best course of action?
A. Accept and disclose
B. Return the gift and inform supervisor
C. Keep it if immaterial
D. Donate it silently
Answer:
4️⃣ Consulting Engagement Conflict
Internal audit helped design a new internal control system. Six months later, they are asked to audit the same system.
What is TRUE?
A. Allowed without restriction
B. Allowed only if different auditor performs review
C. Not allowed under any circumstance
D. Allowed if management approves
Answer:
5️⃣ Reporting Fraud Involving CEO
An internal auditor discovers evidence of fraud involving the CEO.
What is the MOST appropriate reporting line?
A. CFO
B. CEO
C. Audit Committee
D. HR Department
Answer:
6️⃣ Social Relationship Threat
An auditor is assigned to audit payroll where her brother works as payroll supervisor.
What should she do?
A. Continue audit professionally
B. Disclose relationship and request reassignment
C. Avoid auditing brother’s transactions only
D. Ignore conflict
Answer:
7️⃣ Bonus Linked to Company Profit
Internal auditors receive performance bonuses tied to company profit.
This MOST likely impairs:
A. Competency
B. Integrity
C. Independence
D. Confidentiality
Answer:
8️⃣ Withholding Information
Management refuses to provide requested documents during audit.
Best action?
A. Issue clean report
B. Withdraw quietly
C. Report scope limitation to audit committee
D. Reduce audit procedures
Answer:
9️⃣ Internal Auditor Acting as Controller
Due to shortage, CAE temporarily assumes role of Financial Controller.
This primarily affects:
A. Objectivity
B. Integrity
C. Competence
D. Confidentiality
Answer
🔟 Confidential Information Use
An auditor learns confidential information about a potential merger and purchases shares before announcement.
This violates:
A. Due Professional Care
B. Integrity and Confidentiality
C. Competence
D. Independence only
Answer:
1️⃣1️⃣ Limiting Audit Scope by CEO
CEO restricts audit access to overseas subsidiary citing “strategic reasons.”
What should CAE do?
A. Accept limitation
B. Report to audit committee
C. Drop subsidiary from audit plan
D. Delay audit
Answer:
1️⃣2️⃣ Auditor Reviewing Friend’s Work
Internal auditor audits IT controls implemented by close college friend in IT department.
Best resolution?
A. Continue audit with care
B. Disclose and request reassignment
C. Ignore relationship
D. Seek written management approval
Answer:
1️⃣3️⃣ Manipulating Findings for Promotion
Auditor softens findings hoping for promotion from management.
Which ethical principle is violated?
A. Objectivity
B. Integrity
C. Confidentiality
D. Competency
Answer:
1️⃣4️⃣ External Pressure from Regulator
Regulator pressures internal audit to share confidential audit working papers.
Correct response?
A. Provide immediately
B. Refuse outright
C. Seek legal guidance and management authorization
D. Ignore regulator
Answer:
1️⃣5️⃣ Rotational Assignment
Company policy rotates auditors every year across departments.
Primary benefit?
A. Improves efficiency
B. Enhances independence and objectivity
C. Reduces audit cost
D. Increases management control
Answer
Key CIA Exam Concepts Tested
• Organizational Independence (Functional reporting to Audit Committee)
• Individual Objectivity
• Conflict of Interest
• Management Interference
• Escalation Procedures
• IIA Code of Ethics Principles:
o Integrity
o Objectivity
o Confidentiality
SECTION B…
1️⃣ Dual Reporting Conflict
The CAE functionally reports to the Audit Committee but administratively to the CFO. The CFO reduces the internal audit budget after unfavorable findings.
What is MOST impaired?
A. Individual objectivity
B. Organizational independence
C. Integrity
D. Due professional care
Answer
2️⃣ Self-Review After Promotion
An auditor is promoted to operations manager. Six months later, she returns to internal audit and is assigned to audit her previous department.
Best action?
A. Perform audit with disclosure
B. Decline assignment due to impairment
C. Accept since not within one year
D. Audit only new transactions
Answer:
3️⃣ Fraud Suppression by Audit Committee Member
An audit committee member privately asks CAE to delay fraud reporting involving a board member.
What should CAE do?
A. Delay reporting
B. Report to full board
C. Consult CEO
D. Withdraw from engagement
Answer:
4️⃣ Consulting + Assurance Overlap
Internal audit designs cybersecurity framework and immediately performs assurance review.
This creates primarily:
A. Advocacy threat
B. Familiarity threat
C. Self-review threat
D. Intimidation threat
Answer:
5️⃣ Performance-Based Incentive
Internal audit compensation tied to achieving “zero major findings.”
Primary violation?
A. Confidentiality
B. Competency
C. Objectivity
D. Due care
ANSWER
6️⃣ Management Scope Restriction
Management denies access to legal expense files citing attorney-client privilege.
CAE should FIRST:
A. Accept limitation
B. Seek legal clarification and escalate if needed
C. Issue adverse opinion
D. Remove from audit plan
Answer:
7️⃣ Social Media Disclosure
An auditor posts vague message: “Major compliance issues found today.”
Which principle violated?
A. Objectivity
B. Confidentiality
C. Integrity only
D. Competency
Answer:
8️⃣ Rotation of CAE
CAE has served 15 years in same organization and built close executive relationships.
Primary risk?
A. Self-interest threat
B. Familiarity threat
C. Advocacy threat
D. Competency threat
Answer:
9️⃣ Whistleblower Suppression
Management disciplines employee who reported fraud to internal audit.
CAE should:
A. Stay neutral
B. Escalate retaliation to audit committee
C. Withdraw
D. Inform HR only
Answer:
🔟 Auditor Accepting Future Job Offer
Auditor negotiating employment with auditee department while auditing them.
Required action?
A. Continue work until offer confirmed
B. Disclose and remove from engagement
C. Keep confidential
D. Finish audit first
Answer:
1️⃣1️⃣ CAE Performing Operational Role
During crisis, CAE approves vendor payments temporarily.
This MOST affects:
A. Confidentiality
B. Integrity
C. Organizational independence
D. Objectivity
ANSWER
1️⃣2️⃣ Audit Committee Interference
Audit committee instructs CAE not to investigate politically sensitive issue.
Best response?
A. Comply
B. Document interference and escalate to full board
C. Resign immediately
D. Seek CEO approval
ANSWER
1️⃣3️⃣ Biased Sampling
Auditor intentionally selects smaller sample to avoid detecting errors.
Violation primarily of:
A. Integrity
B. Due professional care
C. Objectivity
D. Confidentiality
ANSWER
1️⃣4️⃣ Internal Audit Outsourcing
External firm provides internal audit services but also external audit.
Primary risk?
A. Competency threat
B. Self-review threat
C. Familiarity threat
D. Intimidation threat
Answer:
1️⃣5️⃣ Personal Investment Conflict
Internal auditor owns shares in supplier being audited.
Best course?
A. Sell shares quietly
B. Continue audit objectively
C. Disclose conflict and recuse
D. Inform supplier
Answer:
1️⃣6️⃣ Fraud Involving Audit Committee Chair
Evidence suggests audit committee chair involved in financial manipulation.
CAE should report to:
A. CEO
B. Entire board excluding chair
C. External auditor only
D. Regulators directly
Answer:
1️⃣7️⃣ Excessive Consulting Services
Internal audit spends 80% time on consulting, minimal assurance work.
Primary concern?
A. Reduced competency
B. Loss of independence perception
C. Confidentiality breach
D. Budget risk
Answer:
1️⃣8️⃣ Management Threatening Job Security
CFO states: “If this finding stays, your appraisal suffers.”
Threat type?
A. Advocacy
B. Familiarity
C. Intimidation
D. Self-review
ANSWER
1️⃣9️⃣ Modifying Working Papers Post Review
Auditor alters documentation after quality review comments.
Violation of:
A. Integrity
B. Objectivity
C. Confidentiality
D. Competency
ANSWER
2️⃣0️⃣ Direct Reporting to CEO Only
Internal audit reports only to CEO, no functional reporting to board.
Primary weakness?
A. Individual objectivity
B. Organizational independence
C. Due professional care
D. Confidentiality
Answer:
SECTION C….
1️⃣ Audit Charter Approval Trap
The internal audit charter is drafted by the CAE. Who should APPROVE it to ensure proper authority?
A. CEO
B. CFO
C. Audit Committee / Board
D. Senior Management
Answer:
Trap: CEO approval alone does NOT ensure organizational independence.
2️⃣ Charter Revision Scenario
A major change occurs in company risk profile. The charter has not been updated for 5 years.
What is MOST appropriate?
A. No action required
B. Update charter periodically and seek board approval
C. Management can modify informally
D. Update only audit plan
Answer:
Trap: Charter must be periodically reviewed and formally approved.
3️⃣ Scope Restriction in Charter
Management proposes adding clause: “Internal audit shall not review executive compensation.”
This primarily affects:
A. Audit program
B. Organizational independence
C. Due professional care
D. Engagement planning
ANSWER
4️⃣ Audit Purpose Confusion
Which BEST describes the purpose of internal audit?
A. Detect fraud
B. Provide absolute assurance
C. Add value and improve operations
D. Replace management controls
Answer:
Trap: Fraud detection is secondary, not primary purpose
5️⃣ Assurance vs Consulting
Internal audit is asked to facilitate risk workshop.
This engagement is:
A. Assurance
B. Consulting
C. Compliance
D. External audit
ANSWER
6️⃣ Audit Program Definition Trap
An audit program is BEST described as:
A. The annual audit plan
B. A list of audit procedures for a specific engagement
C. Audit universe listing
D. Internal audit charter
Answer:
Trap: Annual plan ≠ audit program.
7️⃣ Audit Procedure vs Program
Which is an audit procedure?
A. Risk-based audit plan
B. Sampling 50 invoices for approval testing
C. Audit charter
D. Control environment assessment
ANSWER
8️⃣ Audit Universe Confusion
Audit universe refers to:
A. All audit staff
B. All potential auditable entities
C. Risk assessment results
D. Annual audit budget
ANSWER
9️⃣ Risk-Based Planning Trap
When preparing annual plan, CAE should PRIMARILY consider:
A. Management preference
B. Prior audit findings only
C. Risk assessment results
D. Staff availability
ANSWER
Administrative vs Functional Reporting
Functional reporting of CAE should be to:
A. CFO
B. CEO
C. Audit Committee
D. HR Head
ANSWER
1️⃣1️⃣ Engagement Objective Setting
Who is responsible for establishing engagement objectives?
A. Audit Committee
B. Management
C. Engagement Supervisor / Internal Auditor
D. CEO
ANSWER
1️⃣2️⃣ Scope Determination Trick
Management requests limited scope review to “save time.”
Final decision on scope rests with:
A. CFO
B. Audit Committee
C. CAE
D. Engagement client
ANSWER
1️⃣3️⃣ Audit Evidence Sufficiency
Which determines sufficiency of evidence?
A. Number of pages in working papers
B. Auditor’s judgment based on risk
C. Management approval
D. Budget constraints
ANSWER
1️⃣4️⃣ Charter Content Confusion
Which should NOT normally be included in audit charter?
A. Authority
B. Responsibility
C. Detailed audit procedures
D. Reporting lines
ANSWER
1️⃣5️⃣ Independence Impairment Scenario
CAE approves annual audit plan prepared by CFO.
Primary concern?
A. Competency issue
B. Organizational independence
C. Audit program flaw
D. Documentation issue
ANSWER
1️⃣6️⃣ Engagement Program Change
During audit, new risk identified. Auditor should:
A. Ignore and stick to plan
B. Modify audit program
C. Stop audit
D. Wait for next year
ANSWER
1️⃣7️⃣ Internal Audit Authority
Authority of internal audit to access records comes from:
A. CFO approval
B. Audit Charter
C. HR Manual
D. Engagement letter
ANSWER
1️⃣8️⃣ Audit Plan Approval
Annual audit plan must be approved by:
A. CEO
B. Senior management
C. Board / Audit Committee
D. Engagement client
ANSWER
1️⃣9️⃣ Engagement Work Program Approval
Who approves the detailed engagement work program?
A. Audit Committee
B. CAE or delegated supervisor
C. CEO
D. External auditor
ANSWER
2️⃣0️⃣ Purpose of Audit Charter (Conceptual Trap)
Primary purpose of audit charter is to:
A. Detail sampling techniques
B. Grant formal authority and define role
C. List annual audit engagements
D. Evaluate controls
ANSWER
SECTION D….
1️⃣ Preventive vs Detective Trap
A system rejects sales orders exceeding customer credit limit automatically.
This is a:
A. Detective control
B. Corrective control
C. Preventive application control
D. Monitoring control
ANSWER
2️⃣ Control Efficiency Concept
An automated 3-way match prevents duplicate payments instantly.
This control is considered efficient because it:
A. Detects fraud after payment B. Minimizes manual effort and cost
C. Requires supervisory approval D. Operates quarterly
Answer:
Note: Efficiency = cost-benefit & resource optimization.
3️⃣ Effectiveness vs Efficiency
A reconciliation control detects all errors but requires excessive manual hours.
The control is:
A. Efficient and effective
B. Effective but inefficient
C. Ineffective but efficient
D. Neither
ANSWER
4️⃣ Application Control Example
Which is an application control?
A. IT disaster recovery plan
B. Password policy
D. Segregation of duties policy
ANSWER
5️⃣ Operating Effectiveness Test
Internal auditor re-performs bank reconciliation to verify accuracy.
This tests:
A. Control design
B. Control efficiency
C. Operating effectiveness
D. Inherent risk
ANSWER
6️⃣ Control Design Evaluation
A control exists requiring manager approval, but manager has no review guidelines.
Primary weakness relates to:
A. Operating effectiveness
B. Control design deficiency
C. IT general control
D. Monitoring failure
ANSWER
7️⃣ Detective Control Scenario
Monthly review of exception reports identifying unusual transactions is:
A. Preventive
B. Corrective
C. Detective
D. Directive
ANSWER
8️⃣ Automated vs Manual Control Efficiency
Why are automated controls generally more efficient?
A. Eliminate risk entirely
B. Require no monitoring
C. Consistent execution with lower long-term cost
D. Replace management
ANSWER
9️⃣ Segregation of Duties Failure
One employee handles authorization, recording, and custody.
Risk primarily increases in:
A. Control efficiency
B. Control effectiveness
C. Inherent risk
D. Detection risk
ANSWER
1️⃣1️⃣ Batch Totals
Use of batch totals during data entry primarily ensures:
A. Authorization
B. Completeness
C. Segregation
D. Monitoring
ANSWER
1️⃣2️⃣ Reasonableness Check
System flags payroll entries exceeding standard working hours.
This is:
A. Output control
B. Input validation control
C. ITGC
D. Directive control
ANSWER
1️⃣3️⃣ Control Efficiency Evaluation
When assessing efficiency, auditor should consider:
A. Whether control eliminates all risk
B. Cost of control relative to risk reduction
C. Management’s preference
D. Auditor’s experience
ANSWER
1️⃣4️⃣ Continuous Monitoring
Real-time fraud detection software increases:
A. Detection lag
B. Control effectiveness
C. Inherent risk
D. Residual risk
ANSWER
1️⃣5️⃣ Key Control Identification
A control is considered “key” when it:
A. Is expensive
B. Is automated
C. Addresses significant risk
D. Is approved by CEO
ANSWER
1️⃣6️⃣ IT General Control vs Application Control
Which is IT General Control (ITGC)?
A. Field format check
B. Logical access restriction
C. Edit check
D. Check digit verification
ANSWER
1️⃣7️⃣ Control Failure Rate
Control operates but fails 40% of time due to human override.
This impacts primarily:
A. Design effectiveness
B. Operating effectiveness
C. Efficiency only
D. Inherent risk
ANSWER
1️⃣8️⃣ Output Review Control
Supervisor reviews system-generated aging report monthly.
This is:
A. Output application control
B. Preventive ITGC
C. Directive control
D. Authorization control
Answer:
1️⃣9️⃣ Control Redundancy
Two controls mitigate same minor risk, increasing cost without added benefit.
This reflects:
A. Effective design
B. Control inefficiency
C. Operating deficiency
D. Fraud risk
Answer:
2️⃣0️⃣ Residual Risk Concept
If preventive control reduces risk by 70%, remaining 30% represents:
A. Inherent risk
B. Detection risk
C. Residual risk
D. Control risk
Answer:
www.gmsisuccess.in
ANSWERS......
1️⃣ Former Responsibility Threat
Riya, an internal auditor, is assigned to audit the procurement department. She worked as Procurement Manager in the same department six months ago.
What is the MOST appropriate action?
A. Continue audit since she knows the department well
B. Disclose prior role but continue audit
C. Decline the engagement due to impaired objectivity
D. Perform audit but avoid testing her previous decisions
Answer: C
Explanation: IIA Standards prohibit auditing areas where the auditor had responsibility within the past year. Objectivity is impaired.
2️⃣ Management Pressure
The CFO asks the internal auditor to remove a significant control weakness from the draft report to avoid negative board reaction.
What should the auditor do FIRST?
A. Remove the finding
B. Discuss with audit committee
C. Ignore CFO’s request and issue report
D. Resign immediately
Answer: B
Explanation: Independence requires escalation to those charged with governance (Audit Committee). Integrity prohibits suppressing material facts.
3️⃣ Gift from Vendor
An internal auditor receives an expensive gift hamper from a vendor during an ongoing audit.
Best course of action?
A. Accept and disclose
B. Return the gift and inform supervisor
C. Keep it if immaterial
D. Donate it silently
Answer: B
Explanation: Accepting gifts impairs objectivity and independence under IIA Code of Ethics.
4️⃣ Consulting Engagement Conflict
Internal audit helped design a new internal control system. Six months later, they are asked to audit the same system.
What is TRUE?
A. Allowed without restriction
B. Allowed only if different auditor performs review
C. Not allowed under any circumstance
D. Allowed if management approves
Answer: B
Explanation: Self-review threat exists. Objectivity can be preserved if another independent auditor conducts the audit.
5️⃣ Reporting Fraud Involving CEO
An internal auditor discovers evidence of fraud involving the CEO.
What is the MOST appropriate reporting line?
A. CFO
B. CEO
C. Audit Committee
D. HR Department
Answer: C
Explanation: To maintain independence, report to the highest governance authority (Audit Committee).
6️⃣ Social Relationship Threat
An auditor is assigned to audit payroll where her brother works as payroll supervisor.
What should she do?
A. Continue audit professionally
B. Disclose relationship and request reassignment
C. Avoid auditing brother’s transactions only
D. Ignore conflict
Answer: B
Explanation: Familiarity threat impairs objectivity
7️⃣ Bonus Linked to Company Profit
Internal auditors receive performance bonuses tied to company profit.
This MOST likely impairs:
A. Competency
B. Integrity
C. Independence
D. Confidentiality
Answer: C
Explanation: Financial incentives linked to company performance threaten independence and objectivity
8️⃣ Withholding Information
Management refuses to provide requested documents during audit.
Best action?
A. Issue clean report
B. Withdraw quietly
C. Report scope limitation to audit committee
D. Reduce audit procedures
Answer: C
Explanation: Scope limitation must be communicated to governance level to preserve integrity
9️⃣ Internal Auditor Acting as Controller
Due to shortage, CAE temporarily assumes role of Financial Controller.
This primarily affects:
A. Objectivity
B. Integrity
C. Competence
D. Confidentiality
Answer: A
Explanation: Assuming operational responsibility impairs objectivity and independence.
🔟 Confidential Information Use
An auditor learns confidential information about a potential merger and purchases shares before announcement.
This violates:
A. Due Professional Care
B. Integrity and Confidentiality
C. Competence
D. Independence only
Answer: B
Explanation: Insider trading violates integrity and confidentiality principles.
1️⃣1️⃣ Limiting Audit Scope by CEO
CEO restricts audit access to overseas subsidiary citing “strategic reasons.”
What should CAE do?
A. Accept limitation
B. Report to audit committee
C. Drop subsidiary from audit plan
D. Delay audit
Answer: B
Explanation: Organizational independence requires reporting interference to the board
1️⃣2️⃣ Auditor Reviewing Friend’s Work
Internal auditor audits IT controls implemented by close college friend in IT department.
Best resolution?
A. Continue audit with care
B. Disclose and request reassignment
C. Ignore relationship
D. Seek written management approval
Answer: B
Explanation: Familiarity threat impairs objectivity.
1️⃣3️⃣ Manipulating Findings for Promotion
Auditor softens findings hoping for promotion from management.
Which ethical principle is violated?
A. Objectivity
B. Integrity
C. Confidentiality
D. Competency
Answer: B
Explanation: Integrity requires honesty and not subordinating judgment.
1️⃣4️⃣ External Pressure from Regulator
Regulator pressures internal audit to share confidential audit working papers.
Correct response?
A. Provide immediately
B. Refuse outright
C. Seek legal guidance and management authorization
D. Ignore regulator
Answer: C
Explanation: Confidentiality must be maintained unless legally required.
1️⃣5️⃣ Rotational Assignment
Company policy rotates auditors every year across departments.
Primary benefit?
A. Improves efficiency
B. Enhances independence and objectivity
C. Reduces audit cost
D. Increases management control
Answer: B
Explanation: Rotation reduces familiarity and self-review threats.
Key CIA Exam Concepts Tested
• Organizational Independence (Functional reporting to Audit Committee)
• Individual Objectivity
• Conflict of Interest
• Self-review Threat
• Familiarity Threat
• Management Interference
• Escalation Procedures
• IIA Code of Ethics Principles:
o Integrity
o Objectivity
o Confidentiality
SECTION B…
1️⃣ Dual Reporting Conflict
The CAE functionally reports to the Audit Committee but administratively to the CFO. The CFO reduces the internal audit budget after unfavorable findings.
What is MOST impaired?
A. Individual objectivity
B. Organizational independence
C. Integrity
D. Due professional care
Answer: B
Explanation: Budget control by CFO can impair organizational independence.
2️⃣ Self-Review After Promotion
An auditor is promoted to operations manager. Six months later, she returns to internal audit and is assigned to audit her previous department.
Best action?
A. Perform audit with disclosure
B. Decline assignment due to impairment
C. Accept since not within one year
D. Audit only new transactions
Answer: B
Explanation: IIA requires at least one-year cooling-off period.
3️⃣ Fraud Suppression by Audit Committee Member
An audit committee member privately asks CAE to delay fraud reporting involving a board member.
What should CAE do?
A. Delay reporting
B. Report to full board
C. Consult CEO
D. Withdraw from engagement
Answer: B
Explanation: Governance-level interference must be escalated to the full board
4️⃣ Consulting + Assurance Overlap
Internal audit designs cybersecurity framework and immediately performs assurance review.
This creates primarily:
A. Advocacy threat
B. Familiarity threat
C. Self-review threat
D. Intimidation threat
Answer: C
5️⃣ Performance-Based Incentive
Internal audit compensation tied to achieving “zero major findings.”
Primary violation?
A. Confidentiality
B. Competency
C. Objectivity
D. Due care
ANSWER C
6️⃣ Management Scope Restriction
Management denies access to legal expense files citing attorney-client privilege.
CAE should FIRST:
A. Accept limitation
B. Seek legal clarification and escalate if needed
C. Issue adverse opinion
D. Remove from audit plan
Answer: B
7️⃣ Social Media Disclosure
An auditor posts vague message: “Major compliance issues found today.”
Which principle violated?
A. Objectivity
B. Confidentiality
C. Integrity only
D. Competency
Answer: B
8️⃣ Rotation of CAE
CAE has served 15 years in same organization and built close executive relationships.
Primary risk?
A. Self-interest threat
B. Familiarity threat
C. Advocacy threat
D. Competency threat
Answer: B
9️⃣ Whistleblower Suppression
Management disciplines employee who reported fraud to internal audit.
CAE should:
A. Stay neutral
B. Escalate retaliation to audit committee
C. Withdraw
D. Inform HR only
Answer: B
🔟 Auditor Accepting Future Job Offer
Auditor negotiating employment with auditee department while auditing them.
Required action?
A. Continue work until offer confirmed
B. Disclose and remove from engagement
C. Keep confidential
D. Finish audit first
Answer: B
1️⃣1️⃣ CAE Performing Operational Role
During crisis, CAE approves vendor payments temporarily.
This MOST affects:
A. Confidentiality
B. Integrity
C. Organizational independence
D. Objectivity
ANSWER D
1️⃣2️⃣ Audit Committee Interference
Audit committee instructs CAE not to investigate politically sensitive issue.
Best response?
A. Comply
B. Document interference and escalate to full board
C. Resign immediately
D. Seek CEO approval
ANSWER B
1️⃣3️⃣ Biased Sampling
Auditor intentionally selects smaller sample to avoid detecting errors.
Violation primarily of:
A. Integrity
B. Due professional care
C. Objectivity
D. Confidentiality
ANSWER B
1️⃣4️⃣ Internal Audit Outsourcing
External firm provides internal audit services but also external audit.
Primary risk?
A. Competency threat
B. Self-review threat
C. Familiarity threat
D. Intimidation threat
Answer: B
1️⃣5️⃣ Personal Investment Conflict
Internal auditor owns shares in supplier being audited.
Best course?
A. Sell shares quietly
B. Continue audit objectively
C. Disclose conflict and recuse
D. Inform supplier
Answer: C
1️⃣6️⃣ Fraud Involving Audit Committee Chair
Evidence suggests audit committee chair involved in financial manipulation.
CAE should report to:
A. CEO
B. Entire board excluding chair
C. External auditor only
D. Regulators directly
Answer: B
1️⃣7️⃣ Excessive Consulting Services
Internal audit spends 80% time on consulting, minimal assurance work.
Primary concern?
A. Reduced competency
B. Loss of independence perception
C. Confidentiality breach
D. Budget risk
Answer: B
1️⃣8️⃣ Management Threatening Job Security
CFO states: “If this finding stays, your appraisal suffers.”
Threat type?
A. Advocacy
B. Familiarity
C. Intimidation
D. Self-review
ANSWER C
1️⃣9️⃣ Modifying Working Papers Post Review
Auditor alters documentation after quality review comments.
Violation of:
A. Integrity
B. Objectivity
C. Confidentiality
D. Competency
ANSWER A
2️⃣0️⃣ Direct Reporting to CEO Only
Internal audit reports only to CEO, no functional reporting to board.
Primary weakness?
A. Individual objectivity
B. Organizational independence
C. Due professional care
D. Confidentiality
Answer: B
SECTION C….
1️⃣ Audit Charter Approval Trap
The internal audit charter is drafted by the CAE. Who should APPROVE it to ensure proper authority?
A. CEO
B. CFO
C. Audit Committee / Board
D. Senior Management
Answer: C
Trap: CEO approval alone does NOT ensure organizational independence.
2️⃣ Charter Revision Scenario
A major change occurs in company risk profile. The charter has not been updated for 5 years.
What is MOST appropriate?
A. No action required
B. Update charter periodically and seek board approval
C. Management can modify informally
D. Update only audit plan
Answer: B
Trap: Charter must be periodically reviewed and formally approved.
3️⃣ Scope Restriction in Charter
Management proposes adding clause: “Internal audit shall not review executive compensation.”
This primarily affects:
A. Audit program
B. Organizational independence
C. Due professional care
D. Engagement planning
ANSWER B
4️⃣ Audit Purpose Confusion
Which BEST describes the purpose of internal audit?
A. Detect fraud
B. Provide absolute assurance
C. Add value and improve operations
D. Replace management controls
Answer: C
Trap: Fraud detection is secondary, not primary purpose
5️⃣ Assurance vs Consulting
Internal audit is asked to facilitate risk workshop.
This engagement is:
A. Assurance
B. Consulting
C. Compliance
D. External audit
ANSWER B
6️⃣ Audit Program Definition Trap
An audit program is BEST described as:
A. The annual audit plan
B. A list of audit procedures for a specific engagement
C. Audit universe listing
D. Internal audit charter
Answer: B
Trap: Annual plan ≠ audit program.
7️⃣ Audit Procedure vs Program
Which is an audit procedure?
A. Risk-based audit plan
B. Sampling 50 invoices for approval testing
C. Audit charter
D. Control environment assessment
ANSWER B
8️⃣ Audit Universe Confusion
Audit universe refers to:
A. All audit staff
B. All potential auditable entities
C. Risk assessment results
D. Annual audit budget
ANSWER B
9️⃣ Risk-Based Planning Trap
When preparing annual plan, CAE should PRIMARILY consider:
A. Management preference
B. Prior audit findings only
C. Risk assessment results
D. Staff availability
ANSWER C
Administrative vs Functional Reporting
Functional reporting of CAE should be to:
A. CFO
B. CEO
C. Audit Committee
D. HR Head
ANSWER C
1️⃣1️⃣ Engagement Objective Setting
Who is responsible for establishing engagement objectives?
A. Audit Committee
B. Management
C. Engagement Supervisor / Internal Auditor
D. CEO
ANSWER C
1️⃣2️⃣ Scope Determination Trick
Management requests limited scope review to “save time.”
Final decision on scope rests with:
A. CFO
B. Audit Committee
C. CAE
D. Engagement client
ANSWER C
1️⃣3️⃣ Audit Evidence Sufficiency
Which determines sufficiency of evidence?
A. Number of pages in working papers
B. Auditor’s judgment based on risk
C. Management approval
D. Budget constraints
ANSWER B
1️⃣4️⃣ Charter Content Confusion
Which should NOT normally be included in audit charter?
A. Authority
B. Responsibility
C. Detailed audit procedures
D. Reporting lines
ANSWER C
1️⃣5️⃣ Independence Impairment Scenario
CAE approves annual audit plan prepared by CFO.
Primary concern?
A. Competency issue
B. Organizational independence
C. Audit program flaw
D. Documentation issue
ANSWER B
1️⃣6️⃣ Engagement Program Change
During audit, new risk identified. Auditor should:
A. Ignore and stick to plan
B. Modify audit program
C. Stop audit
D. Wait for next year
ANSWER B
1️⃣7️⃣ Internal Audit Authority
Authority of internal audit to access records comes from:
A. CFO approval
B. Audit Charter
C. HR Manual
D. Engagement letter
ANSWER B
1️⃣8️⃣ Audit Plan Approval
Annual audit plan must be approved by:
A. CEO
B. Senior management
C. Board / Audit Committee
D. Engagement client
ANSWER C
1️⃣9️⃣ Engagement Work Program Approval
Who approves the detailed engagement work program?
A. Audit Committee
B. CAE or delegated supervisor
C. CEO
D. External auditor
ANSWER B
2️⃣0️⃣ Purpose of Audit Charter (Conceptual Trap)
Primary purpose of audit charter is to:
A. Detail sampling techniques
B. Grant formal authority and define role
C. List annual audit engagements
D. Evaluate controls
ANSWER B
PL READ…
SECTION D….
1️⃣ Preventive vs Detective Trap
A system rejects sales orders exceeding customer credit limit automatically.
This is a:
A. Detective control
B. Corrective control
C. Preventive application control
D. Monitoring control
ANSWER C
2️⃣ Control Efficiency Concept
An automated 3-way match prevents duplicate payments instantly.
This control is considered efficient because it:
A. Detects fraud after payment B. Minimizes manual effort and cost
C. Requires supervisory approval D. Operates quarterly
Answer: B
Note: Efficiency = cost-benefit & resource optimization.
3️⃣ Effectiveness vs Efficiency
A reconciliation control detects all errors but requires excessive manual hours.
The control is:
A. Efficient and effective
B. Effective but inefficient
C. Ineffective but efficient
D. Neither
ANSWER B
4️⃣ Application Control Example
Which is an application control?
A. IT disaster recovery plan
B. Password policy
C. Input validation check
D. Segregation of duties policy
ANSWER C
5️⃣ Operating Effectiveness Test
Internal auditor re-performs bank reconciliation to verify accuracy.
This tests:
A. Control design
B. Control efficiency
C. Operating effectiveness
D. Inherent risk
ANSWER C
6️⃣ Control Design Evaluation
A control exists requiring manager approval, but manager has no review guidelines.
Primary weakness relates to:
A. Operating effectiveness
B. Control design deficiency
C. IT general control
D. Monitoring failure
ANSWER B
7️⃣ Detective Control Scenario
Monthly review of exception reports identifying unusual transactions is:
A. Preventive
B. Corrective
C. Detective
D. Directive
ANSWER C
8️⃣ Automated vs Manual Control Efficiency
Why are automated controls generally more efficient?
A. Eliminate risk entirely
B. Require no monitoring
C. Consistent execution with lower long-term cost
D. Replace management
ANSWER C
9️⃣ Segregation of Duties Failure
One employee handles authorization, recording, and custody.
Risk primarily increases in:
A. Control efficiency
B. Control effectiveness
C. Inherent risk
D. Detection risk
ANSWER B
1️⃣1️⃣ Batch Totals
Use of batch totals during data entry primarily ensures:
A. Authorization
B. Completeness
C. Segregation
D. Monitoring
ANSWER B
1️⃣2️⃣ Reasonableness Check
System flags payroll entries exceeding standard working hours.
This is:
A. Output control
B. Input validation control
C. ITGC
D. Directive control
ANSWER B
1️⃣3️⃣ Control Efficiency Evaluation
When assessing efficiency, auditor should consider:
A. Whether control eliminates all risk
B. Cost of control relative to risk reduction
C. Management’s preference
D. Auditor’s experience
ANSWER B
1️⃣4️⃣ Continuous Monitoring
Real-time fraud detection software increases:
A. Detection lag
B. Control effectiveness
C. Inherent risk
D. Residual risk
ANSWER B
1️⃣5️⃣ Key Control Identification
A control is considered “key” when it:
A. Is expensive
B. Is automated
C. Addresses significant risk
D. Is approved by CEO
ANSWER C
1️⃣6️⃣ IT General Control vs Application Control
Which is IT General Control (ITGC)?
A. Field format check
B. Logical access restriction
C. Edit check
D. Check digit verification
ANSWER B
1️⃣7️⃣ Control Failure Rate
Control operates but fails 40% of time due to human override.
This impacts primarily:
A. Design effectiveness
B. Operating effectiveness
C. Efficiency only
D. Inherent risk
ANSWER B
1️⃣8️⃣ Output Review Control
Supervisor reviews system-generated aging report monthly.
This is:
A. Output application control
B. Preventive ITGC
C. Directive control
D. Authorization control
Answer: A
1️⃣9️⃣ Control Redundancy
Two controls mitigate same minor risk, increasing cost without added benefit.
This reflects:
A. Effective design
B. Control inefficiency
C. Operating deficiency
D. Fraud risk
Answer: B
2️⃣0️⃣ Residual Risk Concept
If preventive control reduces risk by 70%, remaining 30% represents:
A. Inherent risk
B. Detection risk
C. Residual risk
D. Control risk
Answer: C
www.gmsisuccess.in
No comments:
Post a Comment