Q1 –

In applying the standards of conduct set forth in The IIA's Code of Ethics, internal
auditors are expected to

A. compare them to standards in other professions.

B. use discretion in deciding whether to use them or not.
C. exercise their individual judgment.
D. be guided by the desires of the audit client.

RATIONALE

The IIA's Code of Ethics contains basic principles which require individual judgment to
apply; however, judgment may not be used to decide whether or not to use the code.

For more information, refer to Part 1, Section I, Chapter B, Topic 1.

Q2 –

During an audit, an employee with whom you have developed a good working
relationship informs you that she has some information about top management which
would be damaging to the organization and may concern illegal activities. The employee
does not want to go public with the information and does not want her name associated
with the release of the information. Which of the following actions would be considered
inconsistent with the Code of Ethics and the Standards?

A. Inform the individual that you will attempt to keep the source of the information confidential
and will look into the matter further.
B. Suggest the person consider talking to legal counsel.
C. Inform the employee of other methods of communicating this type of information.
D. Assure the employee that you can maintain her anonymity and listen to the information.

RATIONALE

The Code of Ethics and Standards do not provide for strict confidentiality of information.
The other options are allowable.

For more information, refer to Part 1, Section I, Chapter B, Topic 1.

Q3 –

In the final report for an internal audit, the internal auditor states that security controls
are at the same level of effectiveness as the last audit. There is no mention that control
activities in the previous audit were found to be unsatisfactory. According to the Code of
Ethics, this communication is

A. balanced and objective.

B. specific but unethical.
C. potentially biased.
D. prudent and competent.

RATIONALE

Rule 2.3 in the Code of Ethics prohibits the potential biasing of communication of the
message in an internal auditor’s report. All information necessary for the user to
correctly understand the report must be disclosed.

For more information, refer to Part 1, Section I, Chapter B, Topic 1.

 Q4 –
In which of the following instances does the internal auditor violate The IIA's Code of
Ethics in regard to confidentiality?
I. As a witness in court, the internal auditor reveals facts discovered during a fraud
investigation that implicate an organization's vice president and family members in
a fraud against the organization.
II. The internal auditor, while researching a supplier's quarterly reports, decides to
purchase shares of the supplier's stock.
III. In an interim report to the audit committee, the internal auditor describes
discoveries not related to the audit's objectives that indicate a need to investigate
possible criminal acts committed by someone who is friends with an organization
member but otherwise has no connection to the organization.
IV. In the midst of an audit interview with the internal auditor, a client staff member
breaks down and begins discussing personal problems, including plans to declare
personal bankruptcy. No one in the staff member's family knows about these
problems and plans. The internal auditor sends an anonymous warning to the staff
member's spouse.

A. I and II only
B. III and IV only
C. II and IV only
D. II, III, and IV only

RATIONALE

The auditor may have recognized a red flag in the staff member's situation and should
have made discreet inquiries to look for any further indications of potential fraud, but the
interim report was not necessary and the note to the spouse, while understandable, was
a violation of confidentiality. Buying stock on public information in a quarterly report is
not insider trading, but acquiring stock in an operation under audit does compromise the
auditor's objectivity. It is therefore not a "prudent use" of information acquired during the
audit and is use of information for personal gain (or may be perceived as such).
Criminal acts, no matter who may have committed them, require action. Providing
information related to a legal proceeding does not violate confidentiality.
For more information, refer to Part 1, Section I, Chapter B, Topic 1.
Q5 –

Which of the following would be permissible under The IIA's Code of Ethics?

A. In response to a subpoena, an auditor appeared in a court of law and disclosed confidential,

audit-related information that could potentially damage the auditor’s organization.
B. An auditor did not report significant observations about illegal activity to the board because
management indicated that it would resolve the issue.
C. After praising an employee in a recent audit engagement communication, an auditor
accepted a gift from the employee.
D. An auditor used audit-related information in a decision to buy stock issued by the employer
corporation.

RATIONALE

Auditors must exhibit loyalty to the organization, but they must not be a party to any
illegal activity. Thus, auditors must comply with legal subpoenas. The other options are
prohibited by the Rules of Conduct (1.2, 2.3, and 3.2).

For more information, refer to Part 1, Section I, Chapter B, Topic 1.

Q6 –

During a consulting engagement, the internal auditor discovers that materials are being
used against contractual requirements. The finding is not related to the scope of the
engagement so the auditor does not include the information in the final audit report.
According to the Code of Ethics, this behavior is

A. incompetent, because it is in violation of the Standards.

B. unethical, because disclosure is expected by the profession.
C. prudent, as it maintains confidentiality.
D. appropriate, based on the auditor’s judgment.

RATIONALE

Through nondisclosure, the internal auditor would be lying about what he or she found.
This behavior violates the Code's integrity principle. Rule 1.2 in the Code of Ethics
states, internal auditors shall observe the law and make disclosures expected by the
law and the profession. In other words, internal auditors are expected to perform their
work with diligence and truthfulness and in accordance with the law and ethical values
of their organization and the profession.

For more information, refer to Part 1, Section I, Chapter B, Topic 1.

 Q7 –

During the course of work on an operations audit, the internal auditor learns that the
organization is about to purchase one of its suppliers, which is a public company. There
is no public discussion of this matter as yet. Which of the following actions by the
internal auditor would be a violation of The IIA's Code of Ethics?

I. The auditor buys stock in the supplier but tells no one of the potential acquisition.
II. The auditor does not buy stock in the supplier and only mentions the talk of a
takeover to family members.
III. The auditor tells a friend that the supplier has many good qualities and would be a
good addition to the friend's portfolio but does not mention the takeover possibility.
IV. The auditor takes no investment action on the information but documents the
confidential information in the working papers to include in the final report.

A. I only
B. II and III only
C. I, II, and III only
D. I, II, III, and IV

RATIONALE

Trading on insider (nonpublic) information is a violation of securities law and so is giving

advice based on that information (even if the information itself is held confidential).
Passing the information on to others is also a violation, whether they act on it or not.
The breach of confidentiality should be reported to senior management.

For more information, refer to Part 1, Section I, Chapter B, Topic 1.

Q8–

An auditor with special expertise in financial statement analysis would most likely risk
violating The IIA's Code of Ethics by doing which of the following activities without
consulting senior management and the chief audit executive (CAE)?

A. Providing pro bono investment guidance to a local nonprofit organization

B. Teaching investment seminars for a fee at a local college
C. Charging a fee for evaluating financial risk in a division manager's personal portfolio
D. Founding and administering a charitable foundation with family-owned investments

RATIONALE

Performing paid services for a division manager of the organization would create a
potential conflict of interest and therefore requires the consent of senior management
and the CAE. Even though the internal auditor is providing a personal service that may
seem unrelated to the work of the organization, the auditor's interest in promoting the
personal financial success of the executive and the executive's interest in providing
compensation for the auditor's outside work could impair the independence of both in
discharging their responsibilities in the organization.

For more information, refer to Part 1, Section I, Chapter B, Topic 1.

Q9 –

An auditor, nearing the end of an engagement, discovers that the director of marketing
has a gambling habit. The gambling issue is not directly related to the existing
engagement, and there is pressure to complete the current engagement. The auditor
notes the problem and forwards the information to the chief audit executive but performs
no further follow-up. The auditor’s actions would

A. be in violation of The IIA Code of Ethics for withholding meaningful information.

B. be in violation of the Standards because the auditor did not properly follow up on a red flag
that might indicate the existence of fraud.
C. not be in violation of either The IIA Code of Ethics or the Standards.
D. be in violation of both The IIA Code of Ethics and the Standards.

RATIONALE

There is no violation of either The IIA Code of Ethics or the Standards. The auditor is
not withholding information because the auditor has documented a red flag and has
forwarded the information to the chief audit executive.

For more information, refer to Part 1, Section I, Chapter B, Topic 1.

Q10 –

A CIA, working as the director of purchasing, signs a contract to procure a large order
from the supplier with the best price, quality, and performance. Shortly after signing the
contract, the supplier presents the CIA with a gift of significant monetary value. Which of
the following statements regarding the acceptance of the gift is correct?

A. Since the CIA is not acting as an internal auditor, acceptance of the gift would be governed
only by the organization’s code of conduct.
B. Since the contract was signed before the gift was offered, acceptance of the gift would not
violate either The IIA Code of Ethics or the organization’s code of conduct.
C. Acceptance of the gift would be prohibited only if it were noncustomary.
D. Acceptance of the gift would violate The IIA Code of Ethics and would be prohibited for a
CIA.

RATIONALE

As long as an individual is a Certified Internal Auditor, he or she should be guided by

the profession’s Code of Ethics in addition to the organization’s code of conduct. Rule of
Conduct 2.2 of The IIA Code of Ethics would preclude such a gift because it could be
presumed to have influenced the individual’s decision.

For more information, refer to Part 1, Section I, Chapter B, Topic 1.

Q11 –

Which of the following would constitute a violation of The IIA's Code of Ethics?

A. George has been assigned to do an audit of the warehousing function six months from now.
George has no expertise in that area, but he accepted the assignment anyway. He has
signed up for continuing professional education courses in warehousing which will be
completed before his assignment begins.
B. Janice has accepted an assignment to audit the electronics manufacturing division. Janice
has recently joined the internal auditing department. However, she was senior auditor for the
external audit of that division and has audited many electronics companies during the past
two years.
C. John discovered an internal financial fraud during the year. The books were adjusted to
properly reflect the loss associated with the fraud. John discussed the fraud with the external
auditor when the external auditor reviewed working papers detailing the incident.
D. Jane is content with her career as an internal auditor and has come to look at it as a regular
9-to-5 job. She has not engaged in continuing professional education or other activities to
improve her effectiveness during the last three years. However, she feels she is performing
the same quality work she always has.

RATIONALE

This scenario would be a violation of the Competency Rule of Conduct of the Code of
Ethics, which requires auditors to continually strive for improvement in their proficiency
and in the effectiveness of their audits.

For more information, refer to Part 1, Section I, Chapter B, Topic 1.