1.

The IIA Standards define relevant evidence as

a. Factual, adequate, and convincing
b. Reliable and the best attainable through the use of appropriate audit techniques
c. Consistent with the audit objectives and supports audit findings and recommendations
d. Information that helps the organization meets its goals

2. The IIA Code of Ethics does not require

a. Contribution to the legitimate and ethical objectives of the organization
b. Objectivity, honesty, and diligence
c. Continual improvement in proficiency
d. A report on each engagement

3. One of the purposes of the International Standards for the Professional Practice of Internal
Auditing as stated in the introduction to the current version of the Standards is to:
a. Encourage the professionalization of internal auditing
b. Establish the independence of the internal audit activity and emphasize the objectivity
of internal auditing
c. Encourage external auditors to make more extensive use of the work of internal auditors
d. Establish the basis for evaluating internal auditing performance

4. Which of the following is incorrect regarding professional competence?

a. Internal auditors may portray themselves as having expertise or experience they do not
possess
b. Professional competence requires to maintain professional knowledge and skill at the
level required to ensure that the client receive competent professional service
c. The attainment of professional competence requires initially a high standard of general
education
d. The maintenance of professional competence requires a continuing awareness of
development in the accountancy profession

5. What is the most accurate term for the procedures used by the board to oversee activities
performed to achieve organizational objectives?
a. Governance
b. Control
c. Risk Management
d. Monitoring

6. The policies and procedures helping to ensure that management directives are executed and
actions are taken to address risks to the achievement of objectives describes
a. Risk assessments
b. Control environment
c. Control activities
d. Monitoring
7. Statement 1: The internal audit activity collectively must possess or obtain the knowledge,
skills, and other competencies needed to perform its responsibilities
Statement 2: Internal auditors must have sufficient knowledge to evaluate the risk of fraud
and the manner in which it is managed by the organization, and are expected to have the
expertise of a person whose primary responsibility is detecting and investigating fraud
a. True, True
b. True, False
c. False, True
d. False, False

8. Due professional care implies reasonable care and competence, not infallibility or
extraordinary performance. Thus, which of the following is unnecessary?
a. The conduct of examinations and verifications to a reasonable extent
b. The conduct of extensive examinations
c. The reasonable assurance that compliance does exist
d. The consideration of the possibility of material irregularities

9. Statement 1: Internal auditors respect the value and ownership of information they receive
and do not disclose information without appropriate authority unless there is a legal or
professional obligation to do so
Statement 2: Internal auditors apply the knowledge, skills, and experience needed in the
performance of internal audit services
a. True, True
b. True, False
c. False, True
d. False, False

10. The internal audit activity has a role in an organizations governance process. The internal
audit activity most directly contributes to this process by:
a. Identifying significant exposures to risk
b. Evaluating the effectiveness of the risk management system
c. Promoting continuous improvement of controls
d. Recommending standards of control for new information system application

11. All of the following are primary objectives of the overall management process except:
a. Improving the effectiveness of risk management, control, and governance processes
b. Compliance with laws, regulations, ethical and business norms, and contracts
c. Identification of risk exposures and use of effective strategies to control them
d. Safeguarding of the organizations assets

12. A written charter approved by the board that formally defines the internal audit activitys
purpose, authority, and responsibility enhances its
a. Exercise of due professional care
b. Proficiency
c. Relationship with management
d. Independence
13. The term risk is best defined as the possibility that
a. An internal auditor will fail to detect a material misstatement that causes financial
statements or internal reports to be misstated or misleading
b. An event could occur affecting the achievement of objectives
c. Management will, either knowingly or unknowingly, make decisions that increase the
potential liability of the organization
d. Financial statements or internal records will contain material misstatements

14. Which of the following activities undertaken by the internal auditor might be in conflict with
the standard of independence?
a. Risk management consultant
b. Product development team leader
c. Ethics advocate
d. External audit liaison

15. The standards consist of three types. Which standards apply to the characteristics of
organizations and parties providing internal auditing services?
a. Implementation Standards
b. Performance Standards
c. Attribute Standards
d. Independence Standards

16. Which group is charged with overseeing the establishment, administration, and evaluation of
the processes of risk management and control?
a. Operating managers
b. Internal auditors
c. External auditors
d. Senior management

17. Risk management is responsibility of management. The role of the BOD in the ERM process
may include which of the following?

I. Being aware of and concurring with the organizations risk appetite

II. Guiding integration of ERM with other business planning and management activities
III. Establishing a common risk management language
IV. Coaching management in responding to risk

a. I only
b. II only
c. I, II, and III only
d. I, II, III, and IV
18. Internal auditors can play a more proactive role in assisting with the initial establishment of
a risk management process for the organization. However, if such assistance exceeds normal
assurance and consulting activities conducted by internal auditors, independence may be
impaired. Which of the following impairs the independence of an internal auditor who had
participated in the initial establishment of a risk management process?
a. Developing assessments and reports on the risk management process
b. Managing the identified risks
c. Evaluating the adequacy and effectiveness of managements risk processes
d. Implementing controls to address the risks