Академический Документы
Профессиональный Документы
Культура Документы
Preparatory Program
Part 1
Mock Exam
CIA Part 1 Mock Exam
1. Which of the following is not true with regard to the internal audit charter?
a. It defines the authorities and responsibilities for the internal audit activity.
b. It specifies the minimum resources needed for the internal audit activity.
2. The function of internal auditing, as related to internal financial reports, would be to:
b. Review expenditure items and match each item with expenses incurred.
3. The status of the internal audit activity should be free from the effects of irresponsible policy changes
by management. The most effective way to assure that freedom is to:
d. Develop written policies and procedures to serve as standards of performance for the internal audit
activity.
4. If a department's operating standards are vague and thus subject to interpretation, an auditor should:
a. Seek agreement with the departmental manager on the criteria needed to measure operating perfor-
mance.
b. Determine best practices in the area and use them as the standard.
c. Interpret the standards in their strictest sense because standards are otherwise only minimum measures
of acceptance.
d. Omit any comments on standards and the department's performance in relation to those standards,
because such an analysis would be inappropriate.
1
CIA Part 1 Mock Exam
b. Establish the independence of the internal audit activity and emphasize the objectivity of internal au-
diting.
c. Encourage external auditors to make more extensive use of the work of internal auditors.
7. The Standards require that the chief audit executive (CAE) have a formal, written internal audit charter
approved by management and the board. The purpose of the internal audit charter is to:
b. Establish the purpose, authority, and responsibility of the internal auditing activity.
d. Define the role of the chief audit executive as a member of the audit committee.
8. The best means for the internal auditing activity to determine whether it has achieved its goal of im-
plementing broader audit coverage of functional activities is through:
9. If a department outside of the internal audit activity (IAA) is responsible for reviewing a function or
process, the internal auditor should:
a. Consider the work of the other department when assessing the function or process.
b. Ignore the work of the other department and proceed with an independent audit.
c. Reduce the scope of the audit because the work has already been performed by the other department.
d. Yield the responsibility for assessing the function or process to the other department.
10. During an engagement to evaluate the organization’s accounts payable function, an internal auditor
plans to confirm balances with suppliers. What is the source of authority for the auditor’s contact with
units outside the organization?
b. The Standards.
2
CIA Part 1 Mock Exam
11. Which of the following is not one of the ten Core Principles:
12. According to the Standards, the internal audit activity’s goals should specify:
13. Which of the following best describes an internal auditor’s purpose in reviewing the organization’s ex-
isting risk management, control, and governance processes?
a. To help determine the nature, timing, and extent of tests necessary to achieve engagement objectives.
c. To provide reasonable assurance that the processes will enable the organization’s objectives and goals
to be met efficiently and economically.
d. To determine whether the processes ensure that the accounting records are correct and that financial
statements are fairly stated.
14. Of the following activities, which ones are within the scope of internal auditing?
IV. To ascertain the extent to which objectives and goals have been established.
b. I and IV only.
d. I, II and IV only.
c. Fraud investigation.
3
CIA Part 1 Mock Exam
16. A CIA, working as the purchasing director, signs a contract to procure a large order from the supplier
with the best price, quality, and performance. Shortly after signing the contract, the supplier presents
the CIA with a gift of significant monetary value. Which of the following statements regarding the ac-
ceptance of the gift is correct?
b. Acceptance of the gift would violate the IIA Code of Ethics and would be prohibited.
c. Because the CIA is not acting as an internal auditor, acceptance of the gift would be governed only by
the organization’s code of conduct.
d. Because the contract was signed before the gift was offered, acceptance of the gift would not violate
either the IIA Code of Ethics or the organization’s code of conduct.
17. A review of an organization’s code of conduct revealed that it contained comprehensive guidelines de-
signed to inspire high levels of ethical behavior. The review also revealed that employees were knowl-
edgeable of its provisions. However, some employees still did not comply with the code. What element
should a code of conduct contain to enhance its effectiveness?
18. Which of the following statements is not appropriate to include in a manufacturer’s conflict of interest
policy? An employee shall not:
19. An internal auditor, during the course of evaluating the policies & procedures for capitalizing fixed as-
sets, uncovered some information that indicated that management had capitalized some general
maintenance costs that should have been expensed. The amount is considered to be material. If the
internal auditor failed to disclose this information to senior management or the audit committee, the
internal auditor would be in violation of which rule of conduct?
a. Integrity.
b. Objectivity.
c. Confidentiality.
d. Competence.
4
CIA Part 1 Mock Exam
20. Which of the following concurrent occupations could appear to subvert the ethical behavior of an internal
auditor?
a. Internal auditor and local in-house chairperson for a well-known charitable organization.
c. Internal auditor and adjunct faculty member of a local business college that educates potential employ-
ees.
d. Internal auditor and landlord of multiple housing units that publicly advertise for tenants in a local
community newspaper.
21. As part of a company-sponsored award program, an internal auditor was offered an award of significant
monetary value by a division in recognition of the cost savings that resulted from the auditor's recom-
mendations. According to the International Professional Practices Framework (IPPF), what is the most
appropriate action for the auditor to take?
a. Accept the gift because the engagement is already concluded and the report issued.
b. Accept the award under the condition that any proceeds go to charity.
c. Inform audit management and ask for direction on whether or not to accept the gift.
22. Towards the end of an engagement, the auditor discovers that the director of marketing has a gambling
habit. The gambling issue is not directly related to the existing engagement and there is pressure to
complete the current engagement. The auditor notes the problem and forwards the information to the
chief audit executive but performs no further follow-up. The auditor's actions would:
b. Be in violation of the Standards because the auditor did not properly follow up on a red flag that might
indicate the existence of fraud.
d. Both a and b.
23. In which of the following would an internal auditor potentially lack objectivity?
a. The internal auditor reviews the procedures for a new electronic data interchange (EDI) connection to
a major customer before it is implemented.
b. A former purchasing assistant performs a review of the internal controls over purchasing four months
after being transferred to the internal audit activity.
c. An internal auditor recommends standards of control and performance measures for a contract with a
service organization for the processing of payroll and employee benefits.
d. A payroll accounting employee assists an internal auditor in verifying the physical inventory of small
motors.
5
CIA Part 1 Mock Exam
24. An auditor’s objectivity could be compromised in all of the following situations except:
a. A conflict of interest.
a. Continuation of an engagement at a division for which (s)he will soon be responsible as the result of a
promotion.
c. Participation on a task force that recommends standards for control of a new distribution system.
26. Independence from outside pressure is an important factor for the internal audit activity to work freely
and objectively. Which of the following contributes to the internal auditor’s independence?
a. Management should assist the IAA by reviewing, revising, and forwarding engagement communications
to the audit committee.
b. The IAA reports directly to the audit committee, without corroborating engagement communications
with management.
c. Ideally, the IAA functionally reports to the audit committee but reports to the chief operating officer on
all engagements relating to operations.
d. The accuracy of the engagement communications should be verified with management, and the IAA
should then report to management and the audit committee.
27. Internal auditors must distinguish carefully between a scope limitation and other limitations. Which of
the following is not considered a scope limitation?
a. The divisional manager of an engagement client has indicated that the division is in the process of
converting a major computer system and that the information systems portion of the planned engage-
ment will have to be postponed until next year.
b. The board reviews the engagement work schedule for the year and deletes an engagement that the
CAE thought was important to conduct.
c. The engagement client has indicated that certain customers cannot be contacted because the organi-
zation is in the process of negotiating long-term contracts and does not want to upset the customers.
6
CIA Part 1 Mock Exam
28. Which of the following combinations best illustrates a scope limitation and the appropriate response by
the CAE?
a. Engagement client limits scope based upon pro- Report only to the controller
prietary information.
b. Engagement client will not provide access to rec- Report to the board.
ords needed for approved work schedule.
c. Engagement client requests that the engage- Report directly to the CEO and controller.
ment be delayed for 2 weeks to allow it to
close its books.
d. Engagement client will not allow the internal au- No reporting is required because the opera-
ditor to contact major customers as part of tional engagement concerns operational
an engagement to evaluate the efficiency efficiency.
of operations.
29. In practice, internal auditing should have a dual reporting process. The CAE must report to a level within
the organization that allows internal auditing to fulfill its responsibilities. The ideal reporting situation
for a company’s CAE is to:
a. Functionally report to the CFO and administratively report to the audit committee.
d. Administratively report to upper management and functionally report to the external auditor.
30. Administrative reporting would typically include all of the following except:
31. Internal auditors are expected to be objective when conducting their work. Which of the following cir-
cumstances would not cause an internal auditor’s objectivity to be impaired?
I. The internal auditor audited an area for which they were responsible more than one year ago.
II. The internal auditor accepted a sizable gift from a client after the successful completion of an audit.
III. The internal auditor designed some control procedures for an engagement client.
IV. The internal auditor was given a small token of appreciation from a client after the completion of an
audit.
a. I and II only
c. I and IV only
d. II and IV only
7
CIA Part 1 Mock Exam
32. An internal auditor’s involvement in the evaluation of the organization’s accounts payable function
should include all of the following except:
a. The auditor provides an assessment and states an opinion about whether or not something with the
company is operating or performing correctly.
b. The auditor does not need to be independent but does need to be objective.
c. The auditor should be objective in the investigation and independent in the decision.
a. Internal auditors must make conclusions based on facts without being influenced by feeling, emotions,
relationships, bribes, or any other outside influence.
b. Internal auditors must report to a level within the organization that allows the internal audit activity to
fulfill its responsibilities.
35. To be effective, internal auditors need to have organizational independence. Organizational independ-
ence is achieved largely through the status of the internal audit activity and the authority that the
board gives it. Based on this, the board authorizes the internal audit activity to:
I. Have unrestricted access to all functions, records, property, and personnel pertinent to carrying out
any engagement.
a. I only.
d. I and II only.
8
CIA Part 1 Mock Exam
36. A company has seen tremendous growth in its sales revenue the past few years and management is
considering replacing its legacy system with an ERP system. Management believes that an ERP system
will allow the company to integrate applications to better manage the business. Which of the following
would be an appropriate internal auditing role in purchasing the ERP system?
37. Which of the following is not a true statement concerning a conflict of interest?
b. A conflict of interest can create an appearance of impropriety that undermines confidence in the inter-
nal auditor.
d. A conflict of interest could impair an auditor’s ability to perform his or her duties and responsibilities
objectivity.
38. There are a number of procedures that the chief audit executive can follow in order to maintain objec-
tivity within the internal audit activity. Which of the following would not be a procedure for maintain-
ing objectivity?
d. Periodically rotate internal auditing assignments so relationships do not develop between the auditor
and the auditee that might impair the auditor’s judgment.
39. During an internal audit, the internal auditor should exercise due professional care. Due professional
care means that the internal auditor should consider:
II. The relative complexity and materiality to which assurance procedures are applied.
IV. The engagement procedures necessary to ensure that all significant risks have been identified.
a. I and II only.
b. I, II and IV only.
9
CIA Part 1 Mock Exam
40. As part of the process to improve the relationship between the internal auditor and engagement client,
it is very important to deal with how the internal audit activity is perceived. Certain types of attitudes
in the work performed will help create these perceptions. From a management perspective, which atti-
tude is likely to be the most conducive to a positive perception?
a. Interrogatory.
b. Investigative.
c. Consultative.
d. Objective.
c. Management principles.
d. Marketing techniques.
42. The Standards require that internal auditors possess which of the following skills?
I. Internal auditors should understand human relations and be skilled in dealing with people.
II. Internal auditors should be able to recognize and evaluate the materiality and significance of deviations
from good business practices.
III. Internal auditors should be experts on subjects such as economics, commercial law, taxation, finance,
and information technology.
a. I and II only.
d. I, II and IV only.
43. Your organization has selected you to develop an internal audit activity. Your approach will most likely
be to hire:
a. Internal auditors who possess all of the skills required to handle all engagements.
b. Inexperienced personnel and train them in the way that the organization wants them trained.
c. Individuals with accounting degrees because most internal audit work is accounting-related.
d. Internal auditors who collectively have the knowledge and skills needed to perform the responsibilities
of the IAA.
10
CIA Part 1 Mock Exam
44. The IIA Standards require internal auditors to have the knowledge, skills, and disciplines essential to
performing an audit. Which of the following is true considering the level of knowledge or skill required
by the Standards? Internal auditors must:
I. Be proficient in the application of auditing standards and procedures to specific situations without ex-
tensive recourse to technical research and assistance.
II. Be proficient in accounting principles when auditing the financial records and reports of the organization.
III. Be proficient in applying knowledge of accounting and computerized information systems to specific or
potential problems.
a. I only.
b. I and II only.
d. I, II and III.
45. Within the context of quality control, the primary purpose of continuing professional education and
training is to enable the internal audit activity to provide its personnel with:
b. Professional education that is required in order to perform engagements with due professional care.
46. When an internal auditor is not qualified to perform an engagement, the internal auditor should:
47. When hiring a prospective internal auditor, reasonable assurance should be obtained as to the candi-
date’s qualifications and proficiency. Which of the following is the least useful application of this prin-
ciple?
11
CIA Part 1 Mock Exam
48. The internal audit activity (IAA) can perform an important role in preventing and detecting significant
fraud by being assigned all but which one of the following tasks?
b. Review sensitive expenses such as legal fees, consultant fees, and foreign sales commissions.
49. A new chief audit executive (CAE) for a major retail company is questioning the audit activity’s extensive
use of store compliance testing, stating that the approach is not responsive to materiality concepts.
Which of the following statements are valid in response to the CAE’s claims?
I. Materiality is not based only on the size of individual stores; rather it is also based on the control
structure that affects the whole organization.
II. Any deviation from a prescribed control procedure is, by definition, material.
III. The only way to ensure that a material amount of the company’s control structure is reviewed is a
comprehensive audit of all stores.
a. I only.
b. III only.
c. I and II only.
d. I, II and III.
50. An internal auditor issues a final report that had to do with evaluating the client’s procedures for in-
creasing the diversity of the organization’s workforce. In this regard, the internal auditor made several
recommendations for changes in hiring and retaining practices. Regarding due professional care, the
internal auditor would conduct a follow-up to ensure which of the following actions by the client?
a. To ascertain whether the client has carried out the internal auditor’s recommendations.
b. To ascertain whether the organization is in line with the organization’s diversity policies.
c. To ascertain whether the client has considered the audit findings and has taken action to improve di-
versity within the organization.
b. Infallibility and extraordinary performance when the system of internal control is known to be weak.
d. Testing in sufficient detail to give an absolute assurance that noncompliance does not exist.
12
CIA Part 1 Mock Exam
52. Due professional care is concerned with the work that is done by the internal auditor. For example,
due professional care in the matter of a review of internal controls over financial reporting would con-
sider all of the following except:
a. The content of the working papers is sufficient to provide support for the internal auditor's opinion.
b. The audit evidence in the working papers is principally performed to protect the company in the case
of a lawsuit by investors.
53. When using the services of an outside service provider, the CAE must:
54. An internal auditor should have an appreciation with respect to which discipline?
a. Quantitative methods.
b. Auditing techniques.
c. Auditing procedures.
55. An internal auditor is employed by a large department store. During a planned engagement the inter-
nal auditor performed an audit of the store's cash operations. Which of the following actions would be
deemed lacking in due professional care?
a. A flowchart of the entire cash operation was developed but only a sample of transactions was tested.
b. The report included a well-supported recommendation for the reduction in staff although it was known
that such a reduction would adversely impact morale.
c. Because of a highly developed system of internal controls over cash operations, the audit report as-
sured top management that no irregularities existed.
d. The auditor informed appropriate authorities within the organization about suspected wrongdoing. No
report was made to external authorities.
13
CIA Part 1 Mock Exam
56. The CAE is concerned that a recently-disclosed fraud was not uncovered during the last engagement
to evaluate cash operations. A review of the working papers indicated that the fraudulent transaction
was not included in a properly-designed statistical sample of transactions tested. Which of the follow-
ing applies to this situation?
a. Because cash operations are a high-risk area, 100% testing of transactions should have been per-
formed.
b. The internal auditor acted with due professional care because an appropriate statistical sample of ma-
terial transactions was tested.
d. Extraordinary care is necessary for the performance of a cash operations engagement, and the inter-
nal auditor should be held responsible for the oversight.
57. The CAE of a manufacturing company has interviewed an individual for a staff position. The CAE has
reviewed the individual’s credentials and has performed a detailed background check. The individual
has a strong knowledge of accounting and finance; however, the individual has limited knowledge of
environmental management systems (EMS). What is the most appropriate action for the CAE to take?
c. Encourage the individual to obtain additional training in EMS and then reapply.
d. Offer the individual a position if other staff members have sufficient knowledge of EMS.
58. A recently-hired internal auditor's first assignment is to review the cash management operations of
the organization. The internal auditor has no background in cash management. Under which of the
following conditions would this arrangement be appropriate?
I. The senior internal auditor is skilled in the area and closely supervises the staff internal auditor.
II. The staff internal auditor performs the work and prepares an engagement communication that is re-
viewed in detail by the CAE.
a. I only.
c. II only.
59. If internal auditors fail to maintain their proficiency through continuing professional education they
could be found to be in violation of:
14
CIA Part 1 Mock Exam
60. An internal auditor suspects that the company’s financial statements are misstated; however, the in-
ternal auditor does not have conclusive evidence to prove his suspicion. The internal auditor has failed
to exercise due professional care if he:
a. Identified potential ways in which a misstatement could occur and ranked the items for investigation.
b. Did not test for possible misstatement because the engagement work program had already been ap-
proved by engagement management.
c. Informed the engagement manager of the suspicions and asked for advice on how to proceed.
d. Expanded the engagement work program without the engagement client's approval to address the
highest-ranked ways in which a misstatement may have occurred.
61. Quality program assessments may be performed internally or externally. A distinguishing feature of an
external assessment is its objective to:
c. Compliance with the Standards for the International Professional Practice of Internal Auditing.
63. You were appointed the chief audit executive (CAE) of an organization one week ago. An engagement
client has come to you complaining vigorously that one of your internal auditors is taking up an excessive
amount of the client’s time on an engagement that seems to be lacking a clear purpose. In handling this
conflict with the client, you should consider:
a. Promising the client that you will have the internal auditor finish the work within 1 week.
b. Whether existing procedures within the internal audit activity provide for proper planning and quality
assurance.
c. Presenting an immediate defense of the internal auditor based upon currently-known facts.
64. Periodic external assessments of an internal audit activity's quality assurance and improvement program
should be undertaken. On completion of such an assessment, a formal report or other communication
should be issued expressing an opinion as to the:
15
CIA Part 1 Mock Exam
c. Include the internal audit activity only when the external auditor is appointed.
d. Include the internal audit activity at the time of the appointment and regularly thereafter.
66. The interpretation related to quality assurance given by the Standards is that:
b. External assessments can provide senior management and the board with independent assurance about
the quality of the IAA.
c. Continuous supervision is limited to the planning, examination, evaluation, communication, and follow-
up process.
d. Appropriate follow-up to an external assessment is the responsibility of the chief audit executive's im-
mediate supervisor.
67. Which of the following persons might be considered when conducting a periodic external review of the
IAA in an organization’s regional office?
III. A tax consultant who has no audit experience but will review only technical matters related to tax audits.
IV. An external chartered accountant with internal auditing experience who has been an external auditor of
the organization’s external financial reports.
a. I and II only.
d. I, II and IV only.
68. Procedures describing how the supervisory review of staff auditors will be accomplished should be fully
documented so that the internal audit activity will:
16
CIA Part 1 Mock Exam
69. An internal audit activity is currently undergoing its first external quality assurance review since its
formation three years ago. From interviews, the review team is informed of certain internal auditor
activities over the past year. Which of the following activities could affect the quality assurance review
team's evaluation of the objectivity of the internal auditors?
a. One internal auditor told the review team that, during an engagement to review the payroll function,
he was approached by the payroll manager who indicated that he was looking for an accountant to
prepare his financial statements for his part-time business. The internal auditor agreed to perform this
work for a reduced fee during non-work hours.
b. During an engagement to review the construction of a building addition to the organization's headquar-
ters, the vice president of facilities management gave the internal auditor a commemorative mug with
the organization's logo. These mugs were distributed to all employees present at the ground-breaking
ceremony.
c. After reviewing the installation of a data processing system, the internal auditor made recommendations
on standards of control. Three months after completion of the engagement, the engagement client
requested the internal auditor's review of certain procedures for adequacy. The internal auditor agreed
and performed this review.
d. An internal auditor's participation was requested on a task force to reduce the organization's inventory
losses from theft and shrinkage. This is the first consulting assignment undertaken by the internal audit
activity. The internal auditor's role is to advise the task force on appropriate control techniques.
70. The Institute of Internal Auditing developed a position paper titled The Three Lines of Defense in Effec-
tive Risk Management and Control. Which of the following best describes the purpose of the paper?
a. To provide a simple and effective way to enhance communications on risk management and control.
d. A means of alerting operational management to emerging issues and changing regulatory and risk
scenarios.
a. Organizational governance is the way in which companies are planned and directed.
b. Organizational governance is the combination of processes and structures implemented by the board to
inform, direct, manage, and monitor the achievement of its objectives.
72. An internal auditor should play a vital role in the assessment and improvement of a company’s govern-
ance process. Internal auditing’s role would include all of the following except:
17
CIA Part 1 Mock Exam
73. A company’s control environment is the foundation of an effective system of internal control. Which of
the following is not a component of a company’s control environment?
d. Competence of personnel.
75. Internal auditors can play an important role in assessing the ethical climate of an organization. Methods
to assess an organization’s ethical climate include all of the following except:
a. Reviewing ethics-related policies and processes.
b. Conducting an ethics-related survey.
c. Facilitating an ethics-related training program.
d. Conducting audits of specific ethics-related functions.
a. Companies have a responsibility for their impact on society and the environment.
77. One of the biggest challenges with corporate social responsibility (CSR) is:
a. Identifying the different groups that have a legitimate interest in the corporation.
18
CIA Part 1 Mock Exam
a. It is too costly.
79. The IAA’s role in an organization’s risk management process can, and often does, change over time.
The IAA’s role within an organization may encompass all of the following except:
a. Auditing the risk management process as part of the internal audit plan.
b. Managing and coordinating the risk of a business operation.
c. Providing continuous support and involvement in the risk management process, such as monitoring
activities, providing status reports, and participating on an oversight committee.
d. No role.
80. Which of the following statements is most accurate concerning inherent risk?
b. Inherent risk is the level of risk that remains after management has taken actions to mitigate the risk.
81. A company’s board of directors is concerned that a new children’s toy is not as safe as it should
be. The board is concerned that if word gets out that the toy is not safe, the reputation of the
company could suffer. The board’s concern has to do with:
a. Financial risk.
b. Operating risk.
c. Strategic risk.
d. Hazard risk.
82. The first step in the risk management process is the identification of risks. Risk events can be either
internal or external. Which of the following would be an internal risk event?
b. New regulations.
c. Changing demographics.
d. Rising inflation.
19
CIA Part 1 Mock Exam
84. It is common for insurance policies to include a deductible clause, which means that the insured party
will have to pay some portion of the repair or replacement. The amount paid by the insured party is
referred to as what type of risk?
a. Operational risk.
b. Inherent risk.
c. Residual risk.
d. Transactional risk.
85. There are four general terms used to express the measurement of potential loss that could occur from
a specific risk. The difference between expected loss and unexpected loss is:
a. Expected loss is the maximum potential loss that could occur, whereas unexpected loss is the mini-
mum potential loss.
b. Expected loss is the loss that management expects to be lost during the period, whereas unexpected
loss is the loss that management thinks could be lost in excess of the budgeted amount.
c. Expected loss is the loss that management expects to occur during the period, whereas unexpected
loss is the worst-case scenario loss.
d. Expected loss is the loss that is expected to occur during the short-term, whereas unexpected loss is
the loss that is expected to occur during the long term.
86. Value at Risk (VaR) is a quantitative risk assessment tool used by financial managers for all of the fol-
lowing reasons except:
a. To measure and control the level of risk that the firm undertakes.
c. To give management a level of confidence that the loss level will not be exceeded during a certain pe-
riod of time.
d. To ensure that risks are not taken beyond the firm’s ability to absorb the losses of a probable worst
outcome.
87. It is possible for some risks to be negatively correlated with one another. When this situation occurs
the best course of action is to:
d. Do nothing.
20
CIA Part 1 Mock Exam
88. The risk management process includes all of the following except:
b. Risk avoidance.
d. Risk assessment.
89. A risk response that entails eliminating the threat of the risk is referred to as:
a. Risk mitigation.
b. Risk deflection.
c. Risk avoidance.
d. Residual risk.
90. A firm has a valuable project that has many hazards that could potentially cause bodily injury. Given
the nature of the project, there is no way to avoid the potential risk for damages. To deflect the risk,
the project manager should consider:
91. Risk appetite is the level of risk that an organization is willing to pursue, retain, or take. Factors that
could influence an organization’s risk appetite might include:
c. External factors, such as changing economic considerations, changes in technology, changes in the
industry, etc.
21
CIA Part 1 Mock Exam
93. ERM is a risk management program that is used to assist management in the achievement of its ob-
jectives. The benefits of establishing an ERM process include all of the following except:
94. The development of a strategic plan is intended to increase a company’s long-term performance.
Which of the following would most likely not be a strategic objective?
a. Financial growth.
c. Product innovation.
95. The ERM model has five components. Under which component would the company identify specific risk
events?
c. Control Activities.
d. Performance.
96. There are numerous benefits to implementing a well-developed ERM system. These benefits include:
I. The entity will anticipate every risk that could result in a loss.
a. I and II only.
d. II and IV only.
97. Concerning ERM, which of the following is not a role that internal auditing should undertake?
22
CIA Part 1 Mock Exam
c. The IAA’s guidance and oversight of management’s performance is accomplished economically and
efficiently.
100. Which of the following is true regarding the difference between corporate-level and operational-level
controls?
a. Corporate-level controls are mostly automated, whereas operational-level controls are mostly manual.
b. Operational-level controls include both manual and automated controls, whereas corporate–level con-
trols are mostly manual and include general policy statements that concern ethics and corporate val-
ues.
c. Corporate-level controls are mostly manual, whereas operational-level controls are mostly automated,
consisting of complying with specific control procedures and making sure financial information is accu-
rate and complete.
d. Operational-level controls include both manual and automated controls, whereas corporate-level con-
trols are mostly manual and encompass planning and performance monitoring, the system of ac-
countability to superiors, and risk evaluation.
101. Which of the following types of controls is often difficult to evaluate because they may lack established
criteria or standards?
a. Operating controls.
b. Financial controls.
c. Directive controls.
d. Preventive controls.
c. The accounts receivable subsidiary ledger is reconciled against the general ledger accounts receivable
control total.
d. Customer numbers are verified by the computer before a sales order is accepted to ensure the sales
order is from an established company.
23
CIA Part 1 Mock Exam
103. The control process can be divided into feedforward, concurrent, and feedback controls. Which of the
following is a concurrent control?
105. Budgets are generally classified as both planning documents and control devices. An important differ-
ence between the budget planning information needed and the budget control information needed is
that planning information is more:
b. Detailed.
c. Likely to be quantifiable.
d. Likely to be accurate.
b. A security guard allows a warehouse employee to remove company property from the premises without
authorization.
d. An employee who is unable to read is assigned custody of the company’s tape library and run manuals.
24
CIA Part 1 Mock Exam
1) Select the times or points at which to collect information about the activities that are being meas-
ured and controlled.
a. 2, 1, 6, 3, 8, 7, 4, 5.
b. 1, 2, 3, 6, 5, 7, 8, 4.
c. 2, 1, 3, 6, 8, 4, 7, 5.
d. 1, 3, 2, 6, 7, 5, 8, 4.
108. An internal auditor was evaluating the company’s application controls over financial reporting. Which
of the following would not be an application control objective?
109. A control likely to prevent purchasing agents from favoring specific suppliers is:
a. Requiring management's review of a monthly report of the totals spent by each buyer.
110. The results of an audit of cash controls indicated that the bookkeeper signed expense checks and rec-
onciled the checking account. If the cash account reconciliations were current and no cash shortages
were found, an internal auditor should conclude that the system of internal controls over:
25
CIA Part 1 Mock Exam
111. Which of the following is a control weakness rather than a control strength with regards to the payroll
clerk? The payroll clerk:
112. Which of the following situations would cause an internal auditor to question the adequacy of controls
over a purchasing function?
a. The original and one copy of the purchase order are mailed to the vendor. The copy on which the vendor
acknowledges acceptance is returned to the purchasing department.
b. Receiving reports are forwarded to purchasing where they are matched with the purchase orders and
sent to accounts payable.
d. Unpaid voucher files and perpetual inventory records are independently maintained.
113. Proper segregation of duties reduces the opportunities in which a person could both:
114. Internal auditors use the COSO model to evaluate the strength of a company’s internal control system
over financial reporting. Which of the following is not a core principle of the control environment?
115. An effective control system should have all of the following characteristics except:
a. The control system should actually reflect what the organization is trying to measure and control.
b. The control system must be understandable by all persons using the system.
d. The information provided by the control system must be available in a timely manner.
26
CIA Part 1 Mock Exam
116. Which of the following actions can help reduce the ability of an individual to rationalize fraud?
117. Which of the following are examples of fraud that would not benefit an organization?
b. Tax fraud.
c. Claims submitted for services or goods not actually provided to the organization.
118. Which of the following best describes an auditor's responsibility after noting indicators of fraud?
b. Report the possibility of fraud to top management and ask how to proceed.
c. Consult with external legal counsel to determine the course of action to be taken.
d. Report the matter to the audit committee and request funding for outside specialists to help investigate
the possible fraud.
The manager of a production line has the authority to order and receive replacement parts for all machinery
that requires periodic maintenance. The internal auditor received an anonymous tip that the manager ordered
substantially more parts than were necessary from a family member in the parts supply business. The un-
needed parts were never delivered. Instead, the manager processed receiving documents and charged the
parts to machinery maintenance accounts. The payments for the undelivered parts were sent to the supplier,
and the money was divided between the manager and the family member.
119. Which of the following internal controls would most likely have prevented this fraud from occurring?
a. Establishing predefined spending levels for all vendors during the bidding process.
c. Comparing the bill of lading for replacement parts to the approved purchase order.
d. Using the company’s inventory system to match quantities requested with quantities received.
120. Which of the following tests would best assist the auditor in deciding whether to investigate this anon-
ymous tip further?
c. Analysis of repair parts charged to maintenance to review the reasonableness of the number of items
replaced.
d. Review of a test sample of parts invoices for proper authorization and receipt.
27
CIA Part 1 Mock Exam
121. Which of the following fraudulent entries is most likely to be made to conceal the theft of an asset?
122. Which of the following would not be considered a condition that indicates a higher likelihood of fraud?
a. Management has delegated the authority to make purchases under a certain dollar limit to subordinates.
b. An individual has held the same cash-handling job for an extended period without any rotation of duties.
c. Individual handling marketable securities is responsible for making the purchases, recording the pur-
chases, and reporting any discrepancies and gains/losses to senior management.
d. The assignment of responsibility and accountability in the accounts receivable department is not clear.
123. Which of the following statements is (are) true regarding the prevention of fraud?
I. The primary means of preventing fraud is through internal controls established and maintained by
management.
II. Internal auditors are responsible for assisting in the prevention of fraud by examining and evaluating
the adequacy of the internal control system.
III. Internal auditors should assess the operating effectiveness of fraud-related communication systems.
a. I only.
b. II only.
c. I and II only.
d. I, II and III.
124. Internal auditors are more likely to detect fraud by developing and strengthening their ability to:
125. In some cases of fraud, it is necessary to use the services of a forensic auditor. Which of the following
is generally not a type of investigation that is conducted by forensic auditors?
b. Management compensation.
c. Acts of extortion.
28