IIA IIA-CIA-Part1 Quiz 126 Topic 6 Questions 626-630

Question: 1

Which of the following would not be a factor for senior management to consider when determining the internal audit activity's role in an organization's risk management process?

AThe extent to which the internal audit activity is outsourced.

BThe maturity level of risk management practices in the organization.

CThe competency of the internal auditors in risk management.

DThe nature of the business and the environment in which the organization operates.

Show Answer

Question: 2

Which of the following best describes the underlying premise of the COSO enterprise risk management framework?

AManagement should set objectives before assessing risk.

BEvery entity exists to provide value for its stakeholders.

CPolicies are established to ensure that risk responses are performed effectively.

DEnterprise risk management can minimize the impact and likelihood of unanticipated events.

Show Answer

Question: 3

An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?

AInvestigation of the physical security over access to the components of the LAN.

BThe ability of the LAN application to identify data items at the field or record level and implement user access security at that level.

CInterviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise.

DThe level of security of other LANs in the company which also utilize sensitive data.

Show Answer

Question: 4

When internal auditors perform consulting services that add value and improve an organization's operations, these services:

AImpair the internal auditors' objectivity with respect to an assurance service involving the same engagement client.

BWould preclude the achievement of assurance from the consulting engagement.

CShould be consistent with the internal audit activity's empowerment reflected in the charter.

DImpose no responsibility to communicate information other than to the engagement client.

Show Answer

Question: 5

A manufacturing firm uses hazardous materials in the production of its products. An audit of the firm's processes related to hazardous materials should include.

I . Recommending an environmental management system as part of policies and procedures.

II . Verifying the existence of tracking records for these materials from creation to destruction.

III . Using consultants to avoid self-incrimination of the firm in the event illegalities were detected in an environmental audit.

IV . Evaluating the cost provided for in an environmental liability accrual account.

AII only

BIII and IV only

CI, II, and IV only

DI, III, and IV only

Show Answer

IIA IIA-CIA-Part1 Quiz:126 Topic:6 Questions:626-630