The mission of internal audit: to provide objective confirmation, advice and insights based on risk to increase and protect organizational value

Mandatory guidance: the basis for internal auditors to perform their duties, applicable to individuals or organizations that provide internal audit accuracy;

Recommended guidance: Contributes to the interpretation of mandatory guidance or the application of mandatory guidance to a specific internal audit environment.

organizational independence

personal objectivity

Impairment of independence or objectivity

Professional ability

due professional prudence

continuing professional development

Quality Assurance and Improvement Program Requirements

Report on quality assurance and improvement procedures

governance

governance activities

Governance roles and responsibilities

Governance and corporate culture

Corporate Social Responsibility (car)

The role of internal audit in governance

risk terminology

risk factors

Risk Management: The process of identifying, assessing, managing and controlling potential events or situations The purpose of the process is to provide reasonable assurance for the achievement of the organization’s stated goals.

The role of internal audit in risk management

The internal audit function must assess the following risks related to the organization's governance, operations, and information systems

COSO internal control framework

Other internal control frameworks

Information Technology Control Model

The role of internal audit in control

The strategic positioning of the three lines of defense

Internal controls and risk management maturity assessment

change management

Provide training

Evaluation business evaluation system

fraud triangle

Types of fraud

fraud signal

Fraud risk assessment

Fraud and internal controls

Fraud investigation business

Where does internal audit play a role in an organization: risk management controls and governance processes

Reference answer: D The assessment of the independence of the organization’s external auditors should: involve the internal audit function when assigned and should be conducted regularly

Reference answer: B A is incorrect. There is an obvious upward trend in subsequent data and continues to exceed the control upper limit. B is correct. This model is based on averages, upper and lower limits, and excludes repeated breaches of upper control limits; an investigation is required. C is incorrect and the upper limit has been breached repeatedly. According to the planned model, this situation is not normal. D is incorrect. Some of the data in the chart show cyclicity, but the more important feature is the abnormality of breaking through the upper limit of control.

Reference answer: B A is incorrect. Independence is achieved through the organization's status and objectivity. The organization's status is enhanced through direct communication with the board of directors, audit committee, or other regulatory authorities. B is correct. These standards relate to professional proficiency, not independence. The chief audit officer should establish appropriate education and experience requirements for each position in the internal audit activity, taking full consideration of the scope of work and level of responsibilities of each position. C is incorrect. Taking on operational responsibilities compromises objectivity and thus independence. D is incorrect. The scope of work of the internal audit activity is a functional reflection of its organizational status and therefore promotes independence.

Reference answer: D A. Incorrect, this is not a comprehensive risk management approach. B. Incorrect, this is not a comprehensive approach to risk management. C. Incorrect, this is not a comprehensive approach to risk management. D. Correct. It is a comprehensive approach that enables risk management strategies to be integrated throughout the organization. Personal Note: Which of the following objectives positions a risk management strategy at an optimal level: Maximizing shareholder value

Reference answer: B B is correct. Quality assurance and improvement programs include reasonable oversight, internal assessment and ongoing monitoring, and periodic external evaluations. The evaluation of internal auditors' personal performance falls within the scope of employee management.

Reference answer: C A is incorrect, the observed condition puts the organization at risk unless the situation changes or the situation is corrected. The situation in which B is incorrect and has not been corrected is not unique and does not require a special solution. C is correct. Internal auditors should confirm that relevant corrective actions have been taken and are achieving the desired results, or that management or the board of directors has assumed the risk of not taking corrective actions in response to reported findings. Furthermore, a discussion of the conclusions and recommendations should take place at the appropriate level of management before issuing the audit report. Account management's ability to obtain customer cooperation (or at least understanding) at the "appropriate" level is a critical component in resolving any problem. D is incorrect. Internal auditors do not have direct authority over clients, and exercising such authority would compromise objectivity.

Reference answer: D A is incorrect. The Standards do not require internal auditors to ensure that reporting procedures are followed. B is incorrect. The Standards do not require that fund flows be consistent with actual expense items within a certain period. C is incorrect, this is a function of the HR or Finance department. D is correct. Internal auditors have the responsibility to identify inadequate controls, evaluate the effectiveness of management, and flag common risks. For controls with insufficient identification of responsibilities, follow-up procedures for evaluating management effectiveness and identifying problems may include observation, verification, etc. Look at the audit level corresponding to the matter

Reference answer: A

Reference answer: A A.Correct. According to the Framework, controls are activities carried out by management, the board of directors and other parties to enhance risk management and increase the likelihood that stated goals and objectives will be achieved. Management is responsible for planning, organizing and directing the implementation of actions sufficient to provide reasonable assurance that goals and objectives are achieved.

Reference answer: C C. Correct. Quality assurance procedures include appropriate supervision, internal evaluation, and external evaluation.

Reference answer: D A is incorrect. It is expensive to conduct random inspections on all policyholders, and it is easy to miss errors. B is incorrect. It is inappropriate to sample from the archived claim sheets because some claims were not compensated and the scope of the inspection was too large. C is incorrect. Sampling from rejected claims does not demonstrate the approval and documentation of the portion of compensation paid and fails to achieve the audit objectives. D is correct. By taking a sample of paid claims and following file processing, the scope of the inspection is appropriate and effective in achieving the audit objectives.

Reference answer: D A is incorrect. The integrated testing method's audit of information systems only focuses on programs and data. B is incorrect, parallel simulation is mainly for programs. C is incorrect, the test data is undoubtedly mainly for the data. D is correct. If you want to achieve continuous detection and analysis, the embedded audit module (also known as the "built-in audit module") can be said to be the best way.

Reference answer: C C. Correct. Under the Code of Ethics, internal auditors should not engage in or have any activities or relationships that may impair, or be presumed to impair, their unbiased assessment. This involvement includes activities or relationships that may conflict with the interests of the organization. Accordingly, serving on the board of directors of a local bank would constitute a conflict of interest and could impair the internal auditor's ability to perform the engagement objectively regarding the potential acquisition.

Reference answer: C A is incorrect. Many secured loans do not provide insurance for the mortgaged property, which is a serious risk exposure for the bank and can have a significant impact on the bank's financial statements. B is incorrect and the loan officer cannot be allowed to prepare disbursement checks and grant loans to bank customers. These two positions should be separated to prevent possible employee fraud. C is correct. For the main issues under consideration, deficiencies should be significant and require correction; non-important issues can be pointed out but do not require correction. The bank's failure to combine customer-specific reconciliation emails with monthly statements and incur unnecessary mailing costs does not constitute a serious risk exposure. D is incorrect. Restricting access to cash violates applicable internal control policies.

Reference answer: D D is correct. Risk management is the result of economic and social units optimizing and combining various risk management technologies to effectively control risks and properly handle risks on the basis of identifying, estimating, and evaluating risks in their production and life. , in order to achieve the process of maximum security at the minimum cost.

Reference answer: B A is incorrect. The Framework does not provide for reporting when evaluation criteria are missing. B is correct. Internal auditors cannot unilaterally set standards. Evaluating controls requires appropriate standards, and internal auditors should ascertain the adequacy of the standards established by management to determine whether goals and objectives have been achieved. If the criteria are appropriate, internal auditors should use the above criteria in their assessments. If the criteria are not appropriate, internal auditors should work with management to develop evaluation criteria. Internal auditors should evaluate established operational objectives and expected results and determine whether operational standards are acceptable and adhered to. If management objectives and standards are vague, auditors should seek authoritative explanations. If internal auditors need to interpret or select operational standards, they should agree with the business client on the standards required to measure operational performance. C is incorrect. This is a practice stipulated in the Framework. With new standards, new standards must be used for evaluation. D is incorrect. This is a recommended practice regarding the evaluation criteria for cooperative development stipulated in the Framework.

Reference answer: A A is the job of the investment department, which does not reflect too much or too little. Others embody behavior that is different from the basic

Reference answer: C

Reference answer: A A is correct. Separation of functions This control reduces the risk that each employee may make a mistake and hide errors or fraud. Custody functions for transactions, records and assets should be delegated to different persons. The finance department should safeguard assets but should not authorize or record transactions. Since the Assistant Treasurer reports to the Treasurer, the Treasurer rarely delegates tasks related to the custody of assets. Use of the check signing machine does not conflict with the Treasurer's Assistant's other duties and it does not involve the authorization or recording of transactions. B is incorrect because authority to handle damaged merchandise would conceal theft of inventory by warehouse staff. Trading authority and asset custody are incompatible. C is incorrect. The sales manager can approve credit sales to a controllable company and then write off the account as bad debt. The sales manager's authority to sell on credit is incompatible with his authority to have indirect access to assets. D is incorrect because the attendance clerk can conceal an employee's departure and hold on to that employee's paycheck. Recordkeeping duties are incompatible with asset custody duties.

Reference answer: D

Reference answer: D

Reference answer: D A is incorrect. Questionnaires usually provide "whether" answers, so the evidence provided by questionnaires is not as detailed as that provided by other audit procedures. B is incorrect. Questionnaires are usually long and time-consuming to complete. C is incorrect, the auditor does not need to be present. D is correct. The internal control questionnaire consists of a series of questions about internal controls, which are used to prevent or detect errors or irregularities. The answers to these questions will help internal auditors identify the internal control policies and procedures relevant to specific audit assertions and design tests of controls to evaluate the effectiveness of internal control procedures and operations. Questionnaires provide a framework to ensure that certain aspects are not overlooked; however, this approach is not sufficient to understand the entire system. Therefore, the information obtained in this way is indirect and needs to be confirmed through other procedures, such as observation, inspection, flow chart, inspection documents, etc.

Reference answer: A A is correct. In the current situation, in order to find out the reasons, the auditor should interview people who know the situation to obtain relevant information and then analyze it, which should be said to be the most appropriate course of action. B is incorrect. Due to limited time, it is not appropriate to expand the sample size for testing. C is incorrect. The audit objective is about accounts payable, and the audit of cash payments has nothing to do with this audit objective. D is incorrect. The audit report should include the audit conclusion and the reasons for the problems, otherwise it will be incomplete.

Reference answer: D A. Incorrect. The Standards do not require each internal auditor to have knowledge in all relevant areas. B. Incorrect, internal audit activities may require experts in economics or information technology. C. Incorrect, encouraging applicants to participate in additional training is insufficient to meet the current needs of internal audit activities. D. Correct. The internal audit activity should generally possess or acquire the knowledge, skills and other competencies to perform its responsibilities. The above attributes include proficiency in applying internal auditing standards, procedures and techniques. The internal audit activity should have some in-house personnel or engage outside service providers with accounting, auditing, economics, finance, statistics, information technology, engineering, taxation, legal, environmental affairs and other relevant skills necessary to perform the internal audit responsibilities. Subject knowledge. However, each member of the internal audit activity does not need to be qualified in all disciplines. There are various assessment methods, depending on the knowledge points of the assessment. If it is B alone, it is likely that the knowledge point of the assessment is whether each internal auditor is required to master knowledge in all relevant fields. If BD is put together it is an assessment, do you need someone to guide you in order to meet the competency standards? Even if you are not familiar with a certain area, you can still audit this area if you have the assistance of experienced experts or external resources.

Reference answer: A A is correct. Business working papers can usually: provide in-principle support for business communication, contribute to the formulation, implementation and review of business plans, form documents to demonstrate whether business objectives have been achieved, facilitate third-party review, and provide a basis for evaluating the quality of internal audit activities. By providing a basis, it can provide relevant support for events such as insurance claims, fraud cases and litigation, which is helpful for the career development of all internal auditors, and can show that internal audit activities comply with the Standards. B is incorrect. Working papers cannot be used as a means of preparing financial statements. C is incorrect. Documenting internal control weaknesses is only an example of the content of the work papers and is not the primary goal of preparing the work papers. D is incorrect. The preparation of appropriate working papers is a requirement of standards of professional practice but is not the primary purpose of their existence.

Reference answer: A A.Correct. This information is collected by external parties and has not experienced the business activities in the audited area, so it is the most probative. B. Incorrect, this is internal and external evidence, generated by the audit business client, and may be tampered with. C. Incorrect, this is internal evidence, generated by the audit client, and may be subject to tampering. D. Incorrect, this is external and internal evidence. Although it is generated externally, it is retained by the audit engagement client and therefore may be tampered with.

Reference answer: C Ⅰ. Violation of the Standards because not all draft reports can be reviewed with the audit client. Ⅱ. Violation of the "Standards" because the standards stipulate that auditors should avoid evaluating work they have previously been responsible for to avoid affecting objectivity. Ⅲ. Violation of the "Standards" because resource constraints may affect independence. When resources are limited, the first thing the chief audit officer should do is evaluate the possible consequences of resource limitations and communicate and report to the audit committee. So choose C. Pay special attention to "III. In view of limited resources, the chief audit officer conducted a risk analysis to determine which departments should be audited." It is confusing. The first half of the sentence is correct, but the risk analysis should support reporting to the audit committee. So it's not right either. .

Reference answer: C A. Incorrect, the risk management process cannot fully guarantee that organizational goals will be achieved. B. Incorrect, having internal auditors determine control activities would compromise their independence and objectivity. C. Correct. The content described in this selection is the content of the risk management framework. D. Incorrect. Enterprise risk management is not concerned with selecting the best risk response, but rather selecting a risk response that is consistent with the enterprise's risk appetite. And selection activities are conducted by the management team, not the audit committee. This kind of question is too confusing. The goal is to ensure the realization of organizational goals, but it cannot completely guarantee the realization of organizational goals.

Reference answer: A A.Correct. As an auditor engaged in a prudential review of an acquisition, the scope of the audit is least likely to include assessing the impact of recent litigation against a scrap company.

Reference answer: D A is incorrect. The Code of Ethics states that internal auditors should respect the value and ownership of the information they obtain and should not disclose information without appropriate authorization except in the context of legal or professional obligations. B is incorrect. There is nothing wrong with the part-time job because you are not dealing with competitors or suppliers. C is incorrect. Giving a speech does not violate the Code of Professional Ethics. On the contrary, the purpose of IIA is to "make progress through knowledge sharing." D is correct. The Code of Professional Ethics stipulates that IIA members and internal auditors may not use confidential information for any personal gain. Several knowledge points for the assessment: 1- Internal audit will not disclose information to the outside world, except for court or other legal obligations; 2- There is no problem with part-time work, but you need to be careful not to deal with competitors or suppliers. 3-No problem giving a speech

Reference answer: D Auditors are not required to complete an internal control questionnaire for each engagement

Reference answer: D

Reference answer: A A.Correct. Helping achieve the organization's goals is the ultimate goal of internal audit activities. Without goals, there is no direction to achieve the training guidance strategy. B. Incorrect. Without setting specific goals for training activities based on organizational goals, the content of training cannot be outlined. C. Incorrect. Students' desire to learn should be considered after determining the training objectives. D. Incorrect, budget constraints should not be considered first but rather later in the training program process.

Reference answer: D D is correct. Establishing a common risk management language is often the responsibility of the risk management officer. Other functions fall within the scope of the CEO's responsibilities.

Reference answer: D A is incorrect. Ongoing physical control of work papers while in the field is appropriate. B is incorrect. Workpapers may be presented to business clients with approval from the chief audit officer. C is incorrect. Internal and external auditors usually have access to each other's work programs and work papers. D is correct. Work papers should always be properly protected. They should remain in the possession and control of the internal auditor or stored in a secure location throughout the field work. In offices where internal audit activities occur, people should lock their work papers in cabinets and sign when they are removed. Internal auditors sometimes misplace work papers, violating confidentiality requirements. In the internal audit activity office, people should keep their working papers in a locked cabinet.

Reference answer: D A is incorrect, attribute sampling does not produce relevant quantitative values. B is incorrect. Discovery sampling is used to discover attributes with extremely low probability of occurrence in the population and cannot be used to estimate a certain variable. C is incorrect. The individual book values ​​are summed to obtain the overall book value, which is used in PPS sampling. D is correct. Unit mean sampling is the only variable sampling method used to estimate variables when individual book values ​​from which to infer the overall value are not available.

Reference answer: A A is correct. The flow chart uses diagrams to represent the step-by-step process of the business, including voucher (information) preparation, authorization, process, storage, etc. Flowcharts enable internal auditors to analyze the system and determine the so-called strengths and weaknesses of internal controls and the appropriate areas for audit focus. B is incorrect. The questionnaire only provides an agenda for evaluation. C is incorrect. The matrix diagram method cannot provide an intuitive understanding of the system. Only flow charts can do this. D is incorrect. The detailed description method cannot provide a way to evaluate complex business, only the flow chart can.

Reference answer: A A is correct. The purchasing department makes purchases based on purchase requisitions reviewed by the relevant business department managers, which can effectively prevent excessive purchasing. B is incorrect. If there is no participation from relevant business departments and the purchasing department only purchases according to computer prompts, over-purchasing may still occur when the demand cannot be determined. C is incorrect. When the goods enter the acceptance department, the ordering behavior has already occurred, and there is no way to prevent the order quantity from exceeding the demand. D is incorrect. The ordering behavior has already occurred at this time and there is no way to prevent the order quantity from exceeding the demand quantity. B cannot determine if the level is low, it means purchasing

Reference answer: C A is incorrect, work papers are the assets of the organization, and only work papers dealing with government contracts are affected by guidance issued by the government. B is incorrect. There is no specific storage period required. C is correct. The chief audit officer should establish custody requirements for business records that are consistent with the organization's policies, management requirements, and other relevant requirements. Therefore, work papers should be kept or handled in accordance with the policies of the organization.

Reference answer: B A. Incorrect, the timing of the audit, related activities that were not audited, and the nature and extent of the work performed should be included in the statement of scope. B. Correct. The scope statement should identify the activities to be audited and, where appropriate, include supporting information such as the timing of the audit. If necessary, related unaudited activities should also be identified to outline the boundaries of the business. The nature and scope of the business being conducted should also be described. Not required for business goals. . Statement including the time of the audit, related activities that were not audited, and the nature and extent of the work performed incorrectly

Reference answer: A A is correct. This information is collected by external parties and has not experienced the business activities in the audited area, so it is the most probative. B is incorrect. This is internal and external evidence, generated by the audit business client, and may be tampered with. C is incorrect. This is internal evidence, generated by the audit client, and may have been tampered with. D is incorrect, this is external and internal evidence. Although it is generated externally, it is retained by the audit engagement client and therefore may be tampered with.

Reference answer: C The sample may include pre-policy investments, which certainly do not meet the new requirements. Others are matters that can be determined related to the new requirements

Reference answer: D A. Incorrect. Project results audit focuses on whether the results comply with the contract. B. Incorrect, external auditors focus on financial audits. C. Incorrect, compliance audits focus on compliance. D. Correct. Operational audits focus on costs. I was confused between B financial audit and D operational audit, and finally chose D. The analysis is that external auditors focus on financial auditing. My understanding is that financial audit pays more attention to financial reports and other content, and costs will also affect financial reports, but it is closer to operational audit.

Reference answer: D D. Correct. The internal audit activity should generally possess or acquire the knowledge, skills and other competencies to perform its responsibilities. For assurance engagements, the chief audit executive should obtain competent advice and assistance if the internal auditor lacks the knowledge, skills, or other competence to perform all or part of the engagement. For consulting engagements, if the internal auditor lacks the knowledge, skills, or other competencies to perform all or part of the engagement, the chief audit executive should decline the engagement or obtain expert advice and assistance. Accordingly, if the internal audit function lacks expertise regarding health care costs, it should engage an outside service provider who can provide the required knowledge, skills, and other competencies. These outside service providers can help in estimating a company's retirement benefit expenses, in conducting comparative analyzes of health care costs, and in training personnel to audit health care costs.

Reference answer: B A is incorrect. Regardless of whether the chief auditor's time permits, the chief audit officer cannot participate in activities that may affect the impartial practice of practice. B is correct. The IIA's Code of Ethics stipulates that internal auditors should not engage in activities or relationships that may impede or be perceived to impede their impartial evaluation. This involvement includes activities and relationships that conflict with the organization's goals. The chief audit officer's participation as a judge in the activities of the person being evaluated will obviously hinder his fair evaluation and is therefore inappropriate. C is incorrect. Internal auditors cannot engage in activities that may affect the fair performance of the engagement, whether or not it is during business hours. D is incorrect. The chief accountant (sometimes translated as "comptroller") has no authority to judge whether this activity violates the company's ethics.

Reference answer: C A is incorrect. The amount involved in travel and entertainment funds is small due to limitations in the scope of expenses. B is incorrect. The amount involved in purchasing supplies from fictitious suppliers is small due to limitations in the scope of expenses. C is correct. The standard for measuring the level of risk is the amount and the possibility of occurrence. In the case of very weak internal controls, the funding is provided to an organization that may be related to the president or is not used for the purpose stipulated in the organization's charter. The amount involved may be large, and very weak internal controls can easily lead to fraudulent pretexts. The "funding" was used for fraudulent purposes. D is incorrect. The amount involved in adding fictitious employees is not large due to the limitation of the scope of expenses.

Reference answer: D A is incorrect, comparison to industry standards does not test the accuracy of internal reports. B Incorrect, comparison to industry standards does not test inventory security design controls. C is incorrect. Comparison with industry standards does not test policy compliance. D is correct. This analytical procedure will provide an evaluation of the effectiveness and efficiency of subsidiary inventory management.

Reference answer: C A. Incorrect, this is not the best technique because it only uses a two-factor analysis method to conduct wind (i.e. event and impact). B. Incorrect, this is not an optimal technique because it does not take a comprehensive approach to risk management. C. Correct. This is best practice because it takes a comprehensive approach to risk management that considers not just the event and impact, but also the reasons why the event occurred. D. Incorrect, this option also uses a two-factor analysis method and also talks about eliminating risks rather than mitigating them. You still have to read the question carefully. The error in option D lies in the word "eliminate". It does not eliminate the risk, it can only mitigate the risk.

Reference answer: A Ⅰ.Correct. Importance is defined as items that are potentially harmful to the organization. Importance includes both quantity and nature, and is not limited to items that are determined in quantity. II. Incorrect, there are some control errors that are minor in nature and are not considered important. III. Incorrect, sampling methods can be used to provide comprehensive coverage of the entire organization's control structure. Therefore choose A.

Reference answer: B B is correct. Monitoring is the evaluation of the quality of internal controls. Management considers whether internal controls are appropriately designed and operating as intended, and modifies it to reflect changed circumstances. Monitoring can take the form of individual, periodic evaluations or ongoing monitoring. Ongoing monitoring can be part of daily operations and includes managerial and supervisory reviews, comparisons, verifications and other actions taken by department personnel as part of their daily activities. Thus, monitoring the number and nature of claims can detect lapses in internal controls.

Reference answer: B A is incorrect. Regular rotation of payroll department personnel is a good internal control. B is correct. The lack of segregation of duties when salary checks are issued by the employee's direct manager is a weak link in internal controls. Paychecks are issued by the employee's immediate manager, and there may be instances where an employee leaves the company without reporting it. Direct managers may use time clocks to record employees' arrival and departure times and fraudulently collect paychecks. Only people not affiliated with Payroll Records or the business unit can send paychecks. C is incorrect. It is good internal control to reconcile cash records with tax reports quarterly. D is incorrect. The time recording function is independent of the payroll department, which is good internal control.

Reference answer: C

Reference answer: A A is correct. Comparing current production requirements with the total inventory on hand and ordered can tell whether the total inventory greatly exceeds the actual demand, thus obtaining evidence of excess inventory. B is incorrect. Counting inventory and comparing the count with the perpetual inventory records only obtains evidence of the existence and actual quantity of the inventory, but does not reveal whether it is excessive. C is incorrect. The review of the purchase order was not compared with existing inventory and actual needs, and no evidence of excess could be obtained. D is incorrect. Analyzing last quarter's excess inventory report does not provide evidence of whether the current inventory is excessive.

Reference answer: A A is correct. The internal auditor's practice of taking over part-time accounting for the payroll audit created a conflict of interest between him and the audit client, thereby compromising his objectivity and affecting the review team's evaluation. B is incorrect. Under the Framework, acceptance of promotional items that are publicly available or of minimal value should not impede the internal auditor's professional judgment. Therefore, accepting a commemorative mug engraved with the company's name does not compromise the auditor's objectivity. C is incorrect. Internal auditors audit the audit object, make audit recommendations, and conduct follow-up audits. These are appropriate audit behaviors and will not damage their objectivity. D is incorrect. The provision of the above consulting services by internal auditors is a normal audit work and will not damage their objectivity.

Reference answer: B A is incorrect and prompt reporting will not resolve the issue. B is correct. The existence of such an agreement will prevent disputes regarding fee reimbursement. C is incorrect. There is no evidence in the statement of the problem that an incompatible position exists. D is incorrect. Comparing monthly reports may identify an issue but will not prevent disputes over expenses. D is discovered after the fact and cannot be prevented.

Reference answer: A A is correct. Sampling risk is the probability that a sample conclusion, while correctly drawn, does not fully represent the population; that is, the conclusion drawn from the sample may be different from the conclusion drawn from examining each element in the population. Type I and Type II errors are major aspects of sampling risk. The first type of error is the risk of false rejection or insufficient reliance, that is, the possibility that the sampling results indicate that there is a major error but in fact there is no major error. This risk is related to the efficiency of the business. The second type of error is error risk or excessive reliance risk, that is, the possibility that the sampling results indicate that there is no major error but in fact there is a major error. This risk is related to the effectiveness of the business. In comparison, Type 2 errors are more serious. B is incorrect. Non-sampling risk depends on the quality of business procedures. C is incorrect. The size of sampling risk does not entirely depend on the economic consequences of incorrect conclusions. D is incorrect. Audit risk includes control risk and inspection risk.

Reference answer: B

Reference answer: C A. Incorrect. Expert bureaucracy is an organizational structure with high complexity and low standardization in which experts must exist. B. Incorrect. The mechanistic organizational structure is a highly formalized and standardized organizational structure, and this structure does not implement dual authorization. This is not the best organizational structure. C. Correct. The matrix organizational structure combines departments divided by functions and departments divided by products to establish a dual reporting structure, and this structure is most suitable for organizations where it is necessary to frequently establish product development groups; D. Incorrect, in mechanical bureaucracy In a traditional organizational structure, rules and regulations are ubiquitous and tasks are highly routine.

Reference answer: B A is incorrect, delaying the audit of some major computer systems is a scope limitation. This delay limits the conduct of business. Internal auditors report scope limitations to senior management and the board of directors so that they can determine whether the limitations are justified. B is correct. The audit committee's decision to remove an engagement from the annual engagement schedule is not a scope limitation. The responsibility of the Audit Committee is to review and approve the scope of internal audit activities planned for the year. C is incorrect. The prohibition on contact with specific clients is a scope restriction. This prohibition limits the conduct of specific audit procedures. D is incorrect, answers A and C already point out the scope limitations.

Reference answer: D D. Correct. Internal auditors are expected to recognize good business practices, understand interpersonal relationships, and have excellent oral and written communication skills. Auditors are not required to be experts in a broad field relevant to their audit responsibilities.

Reference answer: B

Reference answer: C

Reference answer: D D. Correct. According to the Framework, external auditors may utilize the results of internal audit work when auditing, and the chief audit executive should discuss the audit work planned by internal and external auditors to ensure appropriate audit coverage and minimize duplication of work. Internal audit reports are available to external auditors to help them decide and adjust the scope and timing of the work.

Reference answer: C A. Incorrect. The logging system can only record the behavior of accessing the program library for subsequent accountability, and cannot guarantee the immediate security of the program. B. Incorrect, supervising physical access to library media controls only the physical media. C. Correct. In order to ensure the security of the program library, control should be carried out from both the physical media and logical access aspects. Restricting transaction and logical access exactly meets the requirements of these two aspects. D. Incorrect, denying remote access through the terminal controls only logical access.

Reference answer: B A is incorrect. The board of directors should determine the chief audit officer's compensation. B is correct. Objectivity may be compromised when the bonus is based on the monetary amount received or proposed future savings as a result of the audit. Bonuses based on the above circumstances may unduly influence the business conducted or the recommendations made. C is incorrect. The scope of the internal audit activity includes evaluating and promoting improvements in risk management, control, and governance processes. D is incorrect. Objectivity is not compromised if the board of directors determines the chief audit officer's compensation or if the scope of the internal audit activity is to evaluate controls rather than account balances.

Reference answer: A

Reference answer: B A.Incorrect. This procedure is used only to determine whether the cause is inventory overvaluation. B. Correct. Analyzing operating conditions is related to evaluating operating efficiency. C.Incorrect. Changes in equipment may be a signal of improved operating efficiency, but option B is more relevant. D.Incorrect. This procedure is relevant for evaluating the correctness of raw material procurement but does not provide information on operational efficiency.

Reference answer: A A is correct. Because the conduct rules prohibit internal auditors from knowingly participating in illegal activities. Internal auditors should disclose any material facts of which they are aware that, if not disclosed, might misrepresent their reported audit activities. It was also apparent that the internal auditors did not conduct their work prudently. B is incorrect because the IIA's Code of Ethics does not impose a duty to the public. C is incorrect because internal auditors should not use information in any way that would compromise the organization's legal status and ethical objectives and are expected to respect and be committed to the organization's legal status and ethical objectives. However, illegal dumping of toxic waste is neither legal nor ethical. D is incorrect because internal auditors should collect and report this type of information in accordance with the Standards for the Professional Practice of Internal Auditing.

Reference answer: A A is correct. When analytical audit procedures identify the existence of unexpected results or relationships, the internal auditor should examine and evaluate such results or relationships. The inspection and evaluation should include questioning management, applying other audit procedures to verify supporting evidence, etc., until the internal auditor obtains a satisfactory and adequate explanation. Unexplained results and relationships may indicate the existence of an important risk, such as potential errors, irregularities and illegal activities, and the auditor should pay special attention; the situation should be reported to the relevant management and appropriate actions should be recommended based on the specific circumstances. measure. B is incorrect. The audit plan is a work guide and cannot restrict the auditor's access to information that was unknown at the time of preparation of the plan. C is incorrect. This fact does not support the conclusion that fraud has occurred. D is incorrect and the risk of material misstatement of inventory should be addressed immediately. The department adjusted this question, but it did not indicate that there was an obvious problem. There can be various doubts, but normal inspection is still required to draw corresponding conclusions.

Reference answer: B In terms of risk, management judgment overriding a well-designed control system amounts to no control. AD is definitely not true. If you are struggling with BC, there is a good analysis for choice B: in terms of risk, management judgment overriding a well-designed control system is equivalent to no control. Excellent analysis

Reference answer: C C. Correct. Self-insurance is risk retention.

Reference answer: D A is incorrect. According to the Code of Ethics Rules of Conduct, "internal auditors are expected to conduct their work honestly, prudently and responsibly." B is incorrect. According to the Code of Ethics Rules of Conduct, "internal auditors should continually improve the proficiency, efficiency, and quality of their services." C is incorrect. According to the Code of Ethics Rules of Conduct, "internal auditors shall perform internal audit services in accordance with the Standards of Professional Practice for Internal Auditing." The standard requires that supporting information be sufficient, reliable, relevant and useful. D is correct. According to the Rules of Conduct of the Code of Ethics, "internal auditors should be careful to use and protect information obtained in the course of their work." According to the rules of conduct, "internal auditors should avoid using work information for the benefit of any individual or in any way that would violate the law or undermine the legal standing and ethical objectives of the organization." Therefore, under internal business rules, it may be illegal for the chief auditor to use the company's operating information.

Reference answer: D

Reference answer: B B. Correct. Things that should be considered when prioritizing engagement work include: the date and results of the most recent engagement, the most recent assessment of risks, the effectiveness of risk management and control processes, the requirements of senior management, audit committees and regulatory bodies, current and Issues related to organizational governance, major changes in the company's business, operations, programs, systems and controls, opportunities to realize operating benefits, changes and capabilities of the auditor's personnel. Work arrangements should be sufficiently flexible to cover unexpected requirements for the internal audit activity. New employees with expertise in one department may not be as important as factors in another department.

Reference answer: D

Reference answer: A A.Correct. Internal auditors should determine appropriate resources to achieve engagement objectives. Staffing should be based on an evaluation of the nature and complexity of each engagement, time constraints, and available resources. Therefore, the knowledge, skills, and other competencies of the internal auditor should be considered when selecting an internal auditor for an engagement. Therefore, when conducting audits of foreign operations, the internal auditor's language skills and knowledge of local customs must be considered. For example, in some countries, sexual and moral issues are important due to religious restrictions and incompatibilities. B. Incorrect, exchange rates are irrelevant in determining the characteristics required of team members. C. Incorrect, the internal auditor's language skills must be considered. D. Incorrect, experience must be considered.

Reference answer: A A is correct. Employees can temporarily borrow securities without detection because the company still receives dividends and interest. B is incorrect. The thief will always be discovered by audit. C is incorrect. Sincere cooperation is based on the individual's personality and previous record. D is incorrect and the bank will have records.

Reference answer: C A is incorrect. PPS sampling is effective when testing bank accounts if large-amount items are more important than smaller-amount items (which is usually the case in variable sampling). B is incorrect, PPS sampling allows for statistical inference. C is correct. Monetary unit sampling assigns more weight to larger, more important items. If all items are of equal importance, PPS is not applicable. D is incorrect. PPS sampling is effective if large-amount items are more important than small-amount items.

Reference answer: C A is incorrect. If there are similar rewards, the audit manager should be informed at any time. B is incorrect. If there are similar rewards, the audit manager should be informed at any time. C is correct. The audit manager may decide whether to accept the gift or not. D is incorrect. This approach will damage the relationship between the audit department and the branch being audited. The audit manager should be informed first and his opinion should be sought.

Reference answer: B

Reference answer: A A.Correct. Organizations such as brokerages, banks, and insurance companies often consider risks important to ensure ongoing monitoring. B. Incorrect. An independent compliance audit function can help strengthen controls through recommendations, but this is not the primary purpose of the function. C. Incorrect, management is not independent because risk management is the responsibility of management. D. Incorrect, this function will help respond to shareholder needs, but this is not the primary reason for establishing this function. One bank advocated for the establishment of an independent compliance audit function, with the main reason being: to better manage perceived high risks

Reference answer: B B. Correct. Internal auditors who evaluate the adequacy of a company's risk management program should seek assurance that the primary objectives of the risk management program are being achieved.

Reference answer: A I. Incorrect. The existence of a set of corporate ethics rules, by itself, does not guarantee the existence of a higher standard of ethical behavior. Supported follow-up policy and monitoring activities must be undertaken to ensure compliance. Ⅱ, correct. A formal set of corporate ethics provides objective standards for evaluating behavior and, by extension, various activities. Ⅲ. Incorrect. In addition to corporate ethics, standards that affect personal behavior can exist in other forms. For example, there may be a clearly stated policy regarding procurement activities, which may have the same effect as a code of ethics. These policies can also serve as standards against which behavior can be evaluated. Therefore choose A. There are only standards, but it does not say how good the standards are. The level of possible constraints is very low

Reference answer: B A. Incorrect, not necessarily every employee who is new to internal auditing activities already has knowledge of internal auditing standards. B. Correct. The engineer can learn about internal auditing standards in future work. C. Incorrect, not necessarily every new employee in the internal audit activity needs to have accounting and tax knowledge. D. Incorrect, hiring the engineer based solely on his interest in internal auditing through observation is not a sufficient reason.

Reference answer: A A is correct. Working papers should record the following aspects of the business process: formulation of plans, inspection and evaluation of the adequacy and effectiveness of the internal control system, business procedures implemented, information obtained and conclusions drawn, review, communication and follow-up. B is incorrect, many of the original credentials examined may not be relevant to the business objectives and these credentials need not be included. C is incorrect. In many cases, the precise wording of a business procedure will not necessarily support a business observation or recommendation. D is incorrect. Some previous workpapers may expire; however, some previous workpapers can be placed into current workpapers that have been updated.

Reference answer: C A is incorrect. The "whether" question format and question ordering designed by the department are conducive to questionnaire management, but other formats and methods of organizing questions are also possible. B is incorrect. The questionnaire is a tool to help understand and demonstrate internal controls, but it is not sufficient as the only source of information to support the assessment of control risks. C is correct. An internal controls questionnaire consists of a series of questions about the controls an organization has designed to prevent or detect errors and fraud. The answers to these questions help internal auditors identify the specific controls relevant to specific statements and design examinations to evaluate the design and implementation effectiveness of those controls. D is incorrect. Internal control questionnaires must be designed to achieve business objectives.

Reference answer: A A.Correct. The first mechanism to curb fraud is controls. Management has the primary responsibility for establishing and maintaining control. Internal auditors help curb fraud by examining and evaluating the adequacy and effectiveness of an organization's internal control systems. B. Incorrect, it is management's responsibility to establish and maintain a department's internal control system. C.Incorrect, planning fraud containment activities is management's responsibility. D.Incorrect, it is management's responsibility to control fraud suppression activities. As a separate department within an organization, the primary responsibility of the internal audit activity in curbing fraud is to: Examine and evaluate the adequacy and effectiveness of the measures taken by the department to curb fraud

Reference answer: A A is correct. The difference between the return on a risky asset and the expected return on a risk-free asset is the risk premium.

Reference answer: D A. Incorrect. Canceling a check payment does not indicate that ongoing controls are in place. Control is more reflected in the system, such as establishing the separation of powers and responsibilities. B. Incorrect, canceling a check payment is not accepting the risk associated with a check payment, but rather avoiding that risk. C. Incorrect, the risk associated with a check payment is not transferred to any other person, but rather ceases to exist. D. Correct. By eliminating check payments, organizations sidestep the risks associated with them. The key point in distinguishing transfer and avoidance is whether the original risk still exists. Choosing risk avoidance means that the original risk does not exist, but it will also create new risks. As the title states, although the risk of issuing a check no longer exists, there are new risks associated with using electronic transfers. There is no need for checks, which avoids this risk; it is about the risk of issuing checks, and electronic exchange avoids issuing checks.

Reference answer: C A is incorrect. Internal auditors should effectively communicate engagement objectives, conclusions, evaluations, and recommendations. C is correct. Internal auditors should possess excellent oral and written communication skills in order to communicate clearly and effectively such matters as engagement objectives, engagement evaluations, conclusions and recommendations. However, it is not necessary to communicate such things as risk assessments to business customers. C Risk assessment belongs to internal audit work and does not need to be communicated to customers. Internal auditors should effectively communicate engagement objectives, conclusions, evaluations, and recommendations

Reference answer: D A is incorrect. Random number sampling is a sample selection method, not a sampling method. B is incorrect. Interval sampling is a selection method, not a sampling method. C is incorrect. Stop-and-go sampling is an attribute sampling technique that is used to prevent unnecessary selection of large-scale samples. D is correct. When I find a piece of data to be false, I can conclude that "there is false data in it", so this is a typical discovery sampling method.

Reference answer: D

Reference answer: B A is incorrect. Internal auditors have an obligation to obtain information. This deficiency could jeopardize the value of the company's securities, so internal auditors should not simply avoid the issue. B is correct. Indirect questions allow internal auditors to obtain information without making the employee feel reprimanded, and a cooperative attitude is more likely to be adopted with an interviewee who feels relaxed and non-threatening. C is incorrect. It is unlikely that the staff will provide sufficient information for the internal auditor to judge whether the observation should be communicated immediately. D is incorrect and the second interview is likely to be invalid. The internal auditor should learn as much information as possible from the first interview, talk to those who may have additional information, and return to the original staff member only when necessary to address specific questions about his or her responsibilities.

Reference answer: B A is incorrect. The retention period of working papers should be determined based on their usefulness. B is correct. For assurance engagements and consulting engagements, the chief audit officer should establish retention requirements for engagement records (working papers). These custody requirements should be consistent with the organization's policies, management requirements and other relevant requirements. Although workpapers covering fraud investigations should be kept separate from other workpapers, no workpaper should be retained indefinitely. C is incorrect and approval by legal counsel is appropriate. D is incorrect. Legal and contractual requirements can determine the storage period.

Reference answer: D A is incorrect. Determining the confidence level and defining sample units requires judgment. B is incorrect, statistical sampling may have smaller or larger sample sizes. C is incorrect and it is impossible to determine which sampling is more accurate. D is correct. The only way to measure reliability is with statistical samples. The only way to measure reliability is with statistical samples.

Reference answer: A

Reference answer: B

Reference answer: B A. Incorrect, research shows that changing organizational culture, using communication, bringing in outsiders, restructuring the organization, and appointing a faultfinder are effective techniques for stimulating functional conflict. This technology can solve short-term conflict problems, but it is not a technology that stimulates beneficial conflicts. B. Correct. Structural variables are one of the sources of conflict. Centralizing decision-making, regrouping work groups, increasing standardization, and enhancing interdependence between organizational units are all changes in structural mechanisms. Doing so disrupts the status quo and raises the level of conflict. C. Incorrect. This technology can resolve short-term conflicts, but it is not a technology that stimulates beneficial conflicts. D. Incorrect. This technology can resolve short-term conflicts, but it is not a technology that stimulates beneficial conflicts.

Reference answer: A

Reference answer: A A.Correct. Senior management and the audit committee generally expect the chief audit executive to conduct sufficient engagement work during the year and collect other available information to form a judgment on the adequacy and effectiveness of the control processes. The chief audit executive should communicate the overall judgment of the organization's control systems to senior management and the audit committee. An increasing number of organizations are including management's reporting on their internal control systems in annual or periodic reports submitted to external stakeholders. Therefore, the chief audit executive typically reports to senior management and the audit committee on an annual basis. B. Incorrect. Senior management has the responsibility for overseeing the establishment of internal control processes. C.Incorrect, the board of directors is responsible for establishing and maintaining the organization's governance processes. D. Incorrect. The challenge for the internal audit activity is to evaluate the effectiveness of the organization's control systems based on the combination of many individual assessments, primarily those derived from the internal audit engagement, management's self-assessments, and external auditors' Work.

Reference answer: B

Reference answer: A A.Correct. Evaluating controls needs to follow appropriate standards. Internal auditors should examine the adequacy of the criteria that management has established for judging whether objectives have been achieved. If this criterion is appropriate, the internal auditor should apply it in the evaluation. If not appropriate, internal auditors should work with management to develop appropriate evaluation criteria.

Reference answer: C A. Incorrect. Risk D should take priority over risk A. Although risk D has a lower impact, its probability of occurrence is high. C. Correct. The sequence ranks risks based on likelihood and impact. Risk D has a high probability of occurrence and a minor impact, so it is ranked first. Risk A has serious impact but low probability of occurrence, ranking at the bottom relatively speaking. Risk B is as likely to occur as risk C, but the impact of the former is more serious than that of the latter, so risk B takes priority over risk C. D. Incorrect. Considering the two factors of possibility and impact on the procedure, risk D should take priority over risk C.

Reference answer: B A is incorrect. The criteria for assigning tasks to internal auditors are important and can affect the auditor's independence. B is correct. An internal auditor's interpersonal skills do not affect his or her independence. C is incorrect. The relationship between audit working papers and audit reports will affect the independence of auditors. D is incorrect. Unbiased audit judgment is the fundamental condition for ensuring independence. Trainer competencies and standards - an ethical matter. Independence is a matter of business

Reference answer: A A is correct. According to the Framework, internal auditors' objectivity will not be negatively affected if they recommend control standards for systems or review procedures before they are implemented. However, if the internal auditor is involved in the design, installation, drafting of procedures, or operation of these systems, his or her objectivity can be considered compromised. Therefore, once information system auditors actively participate in the development, acceptance and implementation process of application systems, their independence will be damaged. B is incorrect and will not affect the independence of the internal auditors. D is incorrect. Internal auditors' recommendations on generally accepted best practices do not affect their independence.

Reference answer: D A is incorrect. It is impractical to review journal entries for the purpose of producing an insurance policy inventory. Furthermore, some premiums paid in the current period are carried forward to this period and possibly subsequent periods, and insurance premiums paid in this period may cover subsequent periods. B is incorrect, the charter approved by management is broad and general rather than detailed and procedural, which would be delegated to insurance employees. C is incorrect. The budget for this fiscal year is just a plan, which may or may not be realized; or it may or may not fully meet the best-case scenario that insurance employees hope for. Moreover, some insurance premiums paid in the early period may be covered in the current period. D is correct. File documents containing insurance policies are a source of information about coverages, conditions, premiums, restrictive endorsements, etc.

Reference answer: C A.Incorrect, mechanistic organizational structures are best suited to organizations that focus on minimizing costs through tight control, extensive division of labor, and a high degree of formalization. B. Incorrect, imitation is a strategy, not an organizational structure. C. Correct. The organic organizational structure is a loose, flexible and highly adaptable organizational structure with low complexity, low formalization and decentralization. The company mentioned in the title is a company with innovation as its strategy, and it can operate best only in an organic organization. D. Incorrect, the simple form is not an organizational structure.

Reference answer: B A is incorrect. Discovery sampling is neither compatible with nor as effective as the computer audit technology mentioned in question B. B is correct. This question concerns whether a computer program is appropriate in calculating shipping costs. Test data and parallel simulations allow timely compatibility testing of computer programs on this issue and provide more data than sampling programs can provide. C is incorrect. Gap estimates are often used to estimate the amount of errors in the population without being able to detect whether the error has occurred. The auditor is interested in whether an error occurred. D is incorrect. Computer audit tools are used, but the basic technique is to sample monetary units to test assumptions about material errors in account balances. But the purpose of this question is to determine whether this error has occurred. Various inspections, it is better to calculate again to be more accurate

Reference answer: B A is incorrect. Difference estimation is a type of variable sampling plan. It first calculates the average difference between the audit value and book value of the sample, and then multiplies it by the number of items in the population. Difference estimates cannot be used to estimate standard deviations. B is correct. Internal auditors can use the standard deviation of the pilot sample to estimate the population standard deviation. When using a variable sampling method, calculating the sample size requires knowing the estimate of the population standard deviation, the required confidence level, and the specified precision. C is incorrect. Internal auditors use regression (an extension of correlation analysis) to analyze the balances of accounts or other populations. D is incorrect. Discovery sampling is a type of attribute sampling and is used to find major deviations.

Reference answer: A A is correct. The control environment of an organization is a whole. Individual control parts contribute to the whole, but the interaction of the parts creates the control environment. B is incorrect, the transaction processing system uses discrete controls. C is incorrect, soft control is the subjective aspect of control, such as tone at the top. D is incorrect, hard controls are implemented in traditional audit work.

Reference answer: D D is correct. Negative confirmation is generally suitable for audit matters that have a low possibility of error, a small balance, and a relatively small impact on the overall situation. When internal controls are weak, account balances are large, or when internal auditors suspect errors or violations, it indicates a higher risk and proactive and prudent audit procedures, namely affirmative confirmation procedures, should be adopted; and when internal controls are strong, And when many account balances are small, it indicates that the risk is low. At this time, it is appropriate to use negative confirmation audit procedures. Negative confirmation = Negative confirmation, used when the expected risk is low, the amount involved is small, there are few errors, and there is little chance of non-reply to the letter.

Reference answer: C A. Incorrect, internal auditors' requests for assistance with their field work are secondary to the fraud investigation. B. Incorrect, since the new system has not yet been officially put into operation, the audit can be carried out later. C. Correct. Management's request to investigate possible fraud in the accounts receivable department should take precedence over those in other departments. D. Incorrect. Management requires that investigations into fraud should prioritize auditing systems that have not been audited for more than one year.

Reference answer: D

Reference answer: B

Reference answer: A A is correct. The best way to review the internal control questionnaire completed by the personnel of the audited unit is to conduct interviews. Because during the interview, the internal auditor can ask and understand the specific situation of the audited unit's control activities one by one to determine whether there are problems with these controls. B is incorrect. Interviews are probative evidence, which is weak and therefore not the most effective way to raise information to a level of objectivity. C is incorrect. Interviews also require labor and time costs. Therefore, the internal control questionnaire is not the lowest-cost audit technology. D is incorrect. Interviews with auditees are less effective than evidence obtained using analytical procedures, observations, and interviews with independent third parties. Therefore, evidence obtained from interviews needs to be corroborated by collecting other objective data.

Reference answer: D D is correct. None of the above are features that an automated system should have.

Reference answer: C A is incorrect. Increasing the tolerable risk will reduce the sample size. B is incorrect. Doubling the overall rate of change will cause the sample size to increase more than doubling. C is correct. To determine the sample size for testing controls, internal auditors should consider the following: (1) the tolerable error rate for testing of internal controls; (2) the expected value of actual error; (3) the acceptable level of excessive reliance risk (i.e. 1-confidence level). The tolerable error rate and sample size are inversely related. If the tolerable error rate increases, the sample size will decrease. D is incorrect. When sampling risk increases, the sample size will decrease.

Reference answer: D A. Incorrect. When conducting audit services, the techniques and methods used to detect and verify risks should be able to reflect the significance and likelihood of occurrence of risks, and the chief audit executive sets different weights for each factor. The risk calculation system can reflect the degree of risk, so the risk analysis in the question is reasonable. B. Incorrect, risk is quantifiable, and the risk estimation procedure of measuring each risk factor at discrete levels such as high, medium, and low is reasonable. C. Incorrect. Any audit process is inseparable from the auditor's judgment, and multiple regression analysis is not suitable here. D. Correct. This option is appropriate because collective input prevents individual errors in judgment.

Reference answer: A A is correct. Preventive controls are steps taken before a transaction occurs to prevent errors from occurring. Using an approved seller list is one control that prevents purchasing from unapproved vendors. B is incorrect. Checkative control is a control that confirms an error after it occurs. C is incorrect. Corrective controls correct problems identified by inspection controls. D is incorrect. Supervisory controls are designed to ensure that the operation of the control system is continuous and effective.

Reference answer: C A is incorrect. Internal auditors generally have no responsibility to notify external parties of suspected matters. B is incorrect. Internal auditors should evaluate risk exposures and controls related to compliance with laws, regulations, and contracts. C is correct. Internal auditors should notify the appropriate authority within the organization when they suspect an incident of error. Certified internal auditors also have clear responsibilities for disclosing material facts in accordance with the IIA's "Professional Ethics Code". If they are not disclosed, illegal events will be concealed. Interim reports can be used to report information that requires immediate attention. D is incorrect. Standards of practice require reporting of violations of laws, regulations and contracts.

Reference answer: D D is correct. This question falls under the category of personnel control. Organizations usually set qualification standards for different jobs. If false information is included in employment applications, it is very likely that the organization will recruit people it should not recruit, which will pose a serious threat to the development of the organization. Therefore, when the company verifies the authenticity of the application form, it can only ensure that the contents of the application form are authentic by conducting legal verification of the applicant's name, date of birth, place of origin, etc., and by verifying the applicant's education information and long-term work experience. reliable.

Reference answer: C A. Incorrect. The Standard does not require a written report. The corrected information should be communicated to all persons who received the original information. C. Correct. If the final communication contains material errors or omissions, the chief audit executive should communicate the corrected information to all persons who received the original communication. Therefore, the Standards do not require written reporting.

Reference answer: A A is correct. According to the provisions of the Framework, the chief audit officer shall ensure the appropriateness, adequacy and effective use of internal audit resources to complete the approved audit plan. The chief audit officer should develop a program for selecting and developing human resources for the internal audit function. The program should provide for the development of written job descriptions for each level of auditors. But there are no plans for competitive salary increases. Select personnel who are qualified and able to do the job. Train each internal auditor and provide them with opportunities for follow-up education. The performance of each internal auditor is evaluated at least annually. Provides performance and professional development consulting advice to internal audit staff.

Reference answer: C There is no need to consider time, budget and other cost issues when formulating audit objectives.

Reference answer: B The "Code of Professional Ethics" is the minimum ethical standard

There have been some disasters around the world in recent years. Given the devastating impact disasters can have on their organizations, internal auditors should encourage managers to develop crisis management procedures. What is the first step in identifying and developing a crisis management procedure? A Make an emergency plan B Carry out risk analysis C Create a crisis management team D Practice responses to crises

1. If a review of audit work papers related to cash transactions reveals that recently discovered fraudulent transactions were not included in a tested and appropriately designed statistical sample of transactions, which of the following is a correct inference?

2. When conducting an audit of a bank's investment and lending activities, which of the following procedures should be included as part of the preliminary investigation?

3. For employees whose department managers intend to limit their salary increases, the payroll computer system will automatically postpone their salary increases. To prevent this from happening in the future:

4. Preliminary investigation shows that the large reduction in business client employees has caused accounting staff to work overtime for a long time. The staff in the accounting department feel obvious pressure and complain about the impact of the reduction. Accounting department salaries are virtually the same as before, and many key controls, such as segregation of duties, no longer exist. The accounting supervisor now performs all the cash receipts and posting procedures and does not have time to review and approve transactions handled by others in the department. The journal entries for the six months since the downsizing show an increase in the number of adjustments and corrections recorded in these months, including incorrect or omitted recording of revenue, cost of sales, and accounts receivable in the month-end closing. Internal auditors should:?

5. Perpetual inventory systems use minimum inventory quantities to determine when to begin the restocking process. When reviewing the reasonableness of the minimum inventory levels established by the warehousing department, the internal auditors are least likely to consider:

6. The following

8. The internal audit activity of a chain of retail stores recently audited the sales of all stores in the Southeast region. The audit found that many stores were incurring approximately $85,000 more in costs per quarter by double-crediting customers' credit accounts. The audit report, completed eight weeks after the audit, included the internal auditor's recommendations to management to prevent double crediting of customer accounts. Which standard regarding audit reporting is not considered in the above case?

9. An internal auditor is reviewing a savings and loan business and determines that a loan secured by real estate is collectible. Which of the following audit procedures would provide the most convincing information about the collectability of this loan? ( )

10. Among the following environmental control risks, which one is more likely to occur in a stand-alone computer environment rather than a host environment:?

11.Which of the following common tasks would undermine the ethical behavior of internal auditors? ( )

12.Which of the following best describes how the standards used by internal auditors to measure whether goals and objectives are achieved are developed?

13. An internal auditor spent his own money to participate in his company's annual golf tournament, which was played outside normal business hours. The internal auditor won the putting zone competition and received the following reward: a weekend getaway, all expenses paid by the company. In accordance with the objectivity provisions of the Code of Ethics, the internal auditor's best practice is to:

14. The transportation department stores car storage and maintenance records in a database on an off-network computer in its director's office. The following are the most appropriate audit procedures for assessing the accuracy of data information: ( )

15. If the company's internal audit department's annual audit plan is reviewed only by the audit committee. In this situation, which of the following actions would be most appropriate for the chief audit executive to take to gain management support for the audit plan?

16. Based on the annual audit plan and risk assessment focus areas developed by the internal audit department, the CAE should at all times consider:

17.Which of the following statements about the relationship between internal auditors and external auditors is inaccurate?

Professional ethics

Internal Audit Charter

Confirmation services and consulting services

Professional ability! !

Due Professional Care (Professional Skepticism)

continuing professional development

internal assessment

external evaluation

Report

All aspects of the internal audit activity should be evaluated, including validation consultation

Objectives of Internal Audit Quality Assurance Reviews

Roles and Responsibilities

corporate social responsibility

Risk Management

The role of internal audit in risk management

Types of internal controls

COSO internal control framework

✅Establish strategic direction and oversight of all organizational activities; ❌Policies and procedures for establishing board authority; (only a small part) ❌Establish and manage sustainable activities to achieve organizational goals; (Continuous activities are relatively low-level and are only part of the strategy. Strategy also includes development direction, not just sustainable management;) ❌Ensure that shareholders’ opinions and requirements are fully reflected; (a small part of knowledge)

The combination of processes and structures implemented by the board to inform, direct, manage and oversee the activities of the organization to achieve organizational goals;

fraud triangle theory

Types of fraud

fraud signal

Fraud prevention and control

other problems

GAIT Framework Principles

GOBIT framework

CSR Corporate Social Responsibility

COSO Internal Control Framework Objectives

ISO 31000 Evaluation Method

Main differences

Internal audit competency framework

International Organization for Standardization

conflict of interest

code of ethics

Risk assessment tools best facilitate matching controls to risks

Warning signs that asset valuation work has not been carried out properly

internal audit activities

Audit business follow-up

Audit Committee Responsibilities

problem appear

Certificate benefits

respective theories

Determining the audit plan and formulating the audit plan are two independent procedures; audit plan Not in the audit plan! ! ! ! !

Difference analysis

Variable test sample considerations

Minimum requirements for implementing final communications

Which information should not be used when making an acquisition:

Horizontal flowchart vs. vertical flowchart

Internal audit programs primarily benefit CEOs

The model has relatively high capability maturity and may start consulting business

Internal controls are the responsibility of everyone in the organization

During the inquiry process, questions after the opening remarks

Interpersonal skills

Internal audit operations

Internal audit annual plan

Internal audit engagement types

coordination

Reporting to the Board of Directors and Senior Management

Target audit method questions

Key risks and controls

Sequence question

Audit Report

Audit business communication

Follow-up supervision and improvement

Replenish

Tool technology

audit evidence

Audit papers

Four elements of audit findings