IIA-CHAL-QISA Free Practice Test

Which of the following is most likely to be considered a control weakness?

1. A. Vendor invoice payment requests are accompanied by a purchase order and receiving report.
2. B. Purchase orders are typed by the purchasing department using prenumbered forms
3. C. Buyers promptly update the official vendor listing as new supplier sources become known.
4. D. Department managers initiate purchase requests that must be approved by the plant superintendent

Correct Answer: C
A control weakness occurs when there is a deficiency in internal controls that could allow errors or fraud to occur. While the act of buyers promptly updating the vendor listing might seem efficient, it could bypass necessary oversight and approval processes. This could lead to unauthorized or inappropriate vendors being added, increasing the risk of fraud or favoritism. Effective internal control requires that such updates be reviewed and approved by an independent party to ensure accuracy and appropriateness.
: Best practices in internal control recommend segregation of duties and independent
review processes to prevent unauthorized changes and ensure control integrity.

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?

1. A. The review notes may be cleared from the final documentation once the engagement supervisors concerns have been addressed
2. B. Management of the area under review must address the engagement supervisors review notes before the audit report can be finalized.
3. C. The chief audit executive must initial or sign the engagement supervisors review notes to provide evidence of appropriate engagement supervision.
4. D. Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program

Correct Answer: A
✑ Introduction:
✑ IIA Guidance on Review Notes:
✑ Options Analysis:
✑ Conclusion:
:IIA??s International Professional Practices Framework (IPPF).

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

1. A. Report the monitoring status to senior management when requested.
2. B. Assist management with implementing corrective actions.
3. C. Determine the frequency and approach to monitoring
4. D. Include all types of observations in the monitoring process

Correct Answer: C
✑ Introduction:
✑ Responsibilities in Monitoring:
✑ Options Analysis:
✑ Conclusion:
:
Internal Audit Standards and Practice Guides .

An internal auditor observed that sales staff are able to modify or cancel an order in the system prior to shipping She wonders whether they can also modify orders after shipping. Which of the following types of controls should she examine?

1. A. Batch controls.
2. B. Application controls
3. C. General IT controls.
4. D. Logical access controls

Correct Answer: B
Application controls are specific to software applications and ensure that transactions are processed correctly and accurately. They include controls over input, processing, and output. In this scenario, examining application controls will help determine if sales staff can modify orders after shipping, as these controls directly impact how data is handled within the system.
References:
✑ "Information Technology Auditing," which explains the role of application controls in maintaining data integrity and security.

The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?

1. A. Contract with the software vendor to provide an appropriate resource
2. B. Ask for a knowledgeable resource from the IT department
3. C. Make use of an external service provider.
4. D. Request audit resources through the external auditor.

Correct Answer: C
If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, the most appropriate course of action is to use an external service provider. This helps preserve the independence and objectivity of the internal audit function.
✑ Expertise: External service providers bring specialized knowledge and expertise
that may not be available within the internal team.
✑ Independence: Utilizing an external provider ensures that the audit maintains its independence and objectivity, avoiding any potential conflicts of interest.
✑ Quality: Ensures that the audit engagement is conducted with the highest standards, leveraging the external provider's experience and skills.
References:
✑ "Internal Audit and Assurance," which outlines the benefits and considerations of engaging external service providers for specialized audit tasks.