MULTIPLE CHOICE
CHAPTER 3
1. Which of the following is not an appropriate
governance role for an organization’s board of
directors?
a. Evaluating and approving strategic objectives.
b.Infuencing the organization’s risk-taking
philosophy.
c. Providing assurance directly to third
parties that the organization’s governance
processes are effective.
d. Establishing broad boundaries of conduct,
outside of which the organization should not
operate.
2. Which of the following are typically governance
responsibilities of senior management?
I. Delegating risk tolerance levels to risk
managers.
II. Monitoring day-to-day performance of
specific risk management activities
III. Establishing a governance committee of the
board.
IV. Ensuring that sufficient information is
gathered to support reporting to the board.
a. I and IV
b. II and III
c. I, II, and IV
d. I, II, III and IV
3. ABC utility company sells electricity to
residential customers and is a member of an
industry association that provides guidance to
electric utilities, lobbies on behalf for the
industry and facilitates sharing among its
members. From ABC's perspective, what type of
stakeholder is the industry association?
a. Directly involved the operation of the
company.
b. Interested in the success of the company.
c. Influences the company
d. Not a stakeholder
4. Who is responsible for establishing the strategic
objectives of an organization ?
a. The board of directors
b. Senior management
c. Consensus among all levels of management
d. The board and senior management jointly
5. Who is ultimately responsible for identifying new
or emerging key risk areas that should be
covered by the organization's governance
process?
a. the board of directors
b. senior management
c. risk owners
d. the internal audit function
6. The Internal Audit function should not:
a. Assess the organization's governance and risk
management processes
b. Provide advice about how to improve the
organization's governance and risk management
processes.
c. Oversee the organization's governance and
risk management processes
d. Coordinate its governance and risk
management-related activities with those of the
independent outside auditor.
7. Which of the following would not be considered
a First line of defense in the Three Lines of
Defense model?
a. A divisional controller conducts a peer
review of compliance with financial control
standards.
b. An accounts payable clerk reviews supporting
documents before processing an invoice for
payment.
c. An accounting supervisor conducts a monthly
review to ensure all reconciliations were
completed properly.
d. A production line worker inspects finished
goods to ensure the company's quality standards
are met.
8. Which of the following would be considered a
first line of defense in the Three Lines of Defense
model?
a. An accounts payable supervisor conducting
a weekly review to ensure all payments were
issued by the required payment date
b. A divisional compliance and ethics officer
conducting a review of employee training
records to ensure that all marketing and sales
staff have completed the required FCPA training
c. The external audit team observes the counting
of inventory on December 31
d. An internal audit team conducting an
engagement to provide assurance on the
company's Sarbanes-Oxley compliance with
internal controls over financial reporting
9. Which of the following would be considered a
second line of defense in the Three Lines of
Defense Model?
a. An accounts payable supervisor conducting a
weekly review to ensure all payments were
issued by the required payment date
b. A divisional compliance and ethics officer
conducting a review of employee training
records to ensure that all marketing and sales
staff have completed the required FCPA
training
c. A shift supervisor inspecting a sample of
finished goods to ensure quality standards are
met
d. An internal audit team conducting an
engagement to provide assurance on the
company's Sarbanes-Oxely compliance with
internal controls over financial reporting.
10. Companies in industries that are heavily
regulated may be subject to audits by the
regulators auditors. while not specifically
covered in the tree lines of defense model, such
auditors would most likely be considered:
a. part of the first line of defense
b. part of the second line of defense
c. part of the third line of defense
d. not a line of defense
11. Which of the following is not a role of the
internal audit function in best practice
governance activities ?
a. support the board in enterprise wide risk
assessment
b. ensure the timely implementation of audit
recommendations
c. monitor compliance with the corporate code
of conduct
d. discuss areas of significant risks
12. Which of the following statements regarding
corporate governance is not correct?
a. corporate control mechanisms include
internal and external mechanisms
b. the compensation scheme for management is
part of the corporate control mechanisms
c. the dilution of shareholders' wealth resulting
from employee stock options or employee
stock bonuses is an accounting issue rather
than a corporate governance issue
d. the internal audit function of a company
has more responsibility than the board for
company's corporate governance.
13. What types of business events tend to drive new
legislation and guidance?
a. economic downturns
b. fraud or other corporate wrongdoing
c. elections or other political changes
d. economic growth
14. Which of the following represents the best
governance structure ?
Operating Executive Internal
Management Management Auditing
a. responsibility for risk; oversight role;
advisory role
b. oversight role; responsibility for risk;
advisory role
c. responsibility role; advisory role; oversight
role
d. oversight role; advisory role; responsibility
for risk
CHAPTER 2
1. A primary purpose of the standards is to:
a. Promote coordination of internal and external
audit efforts
b. Establish a basis for evaluating internal audit
performance
c. Develop consistency in internal audit practices
d. Provided a codification of existing practices
2. Which of the following are "mandatory guidance"
in The IIA's IPPE?
I. Implementation Guides
II. The code of ethics
III. The definition of internal auditing
IV. The Standards
a. I, II, and IV
b. II and IV
c. II, III, and IV
d. I, II, III, and IV
3. An internal auditor provides income tax services
during the tax season. Which activity would the
auditor most likely be considered in violation of the
IIA's Code of Ethics?
A) Preparing, for a fee, a division manager's
personal tax returns
B) Appearing on a local radio show to discuss
retirement planning and tax issues.
C) Receiving a stipend for teaching an evening tax
class at the local junior college
D) Working on weekends for friend who has a small
CPA firm
4. An internal auditor is auditing a division in which
the division's CFO is a close personal friend. The
auditor learns that the friend is to be replaced after a
series of critical contract negotiations with the
Department of Defense. The auditor relays this
information to the friend. Which principle of The
IIA's Code of Ethics has been violated?
a. Integrity
b. Objectivity
c. Confidentiality
d. Privacy
5. The IIA's Standards require internal auditors to
exercise due professional care while conducting
assurance engagements. Which of the following is not
something an internal auditor is required to consider in
determining what constitutes the exercise of due care
in an assurance engagement of treasury operations?
a. the audit committee has requested assurance on the
treasury function's compliance with a new policy on
use of financial instruments
b. treasury management has not instituted any risk
management policies
c. the independent outside auditors have requested
to see the engagement report and working papers.
d. the treasury function just completed implementation
of a new real-time investment tracking system
6. In which of the following situations does the
internal auditor potentially lack objectivity?
a. A payroll accounting employee assists an internal
auditor in verifying the physical inventory of small
motors
b. An internal auditor discusses a significant issue
with the vice president to whom the auditee reports
prior to drafting the audit report
c. A former purchasing assistant performs a review
of internal controls over purchasing four months
after being transferred to the internal audit
department
d. An internal auditor recommends standards of
control and performance measures for a contract
with a service organization for the processing of
payroll and employee benefits.
7. Which of the following is/are components of the
Standards?
I. Statements
II. Interpretations
III.The glossary
a. I only
 b. I and II d. I, II, III, and IV

c. I and III
d. I, II, and III
8. According to the standards, which of the following
must the internal audit manager think about when
considering appropriate due care while planning an
assurance engagement?
a. the opportunity to cross-train internal audit staff
b. the cost of assurance in relationship to
potential benefits
c. job openings in the area that may be of interest to
internal auditors assigned to the engagement
d. the potential to deliver consulting services to the
auditee
10. Which of the following are required of the internal
audit function per the Standards?
a.Evaluate the effectiveness of the audit committee
annually?
b. Issue an overall opinion on the adequacy of the
organization's system, of internal controls
annually
c.Obtain an annual representation from management
acknowledging management's responsibility for the
design and implementation of internal controls to
prevent illegal acts.
d.Assess whether the IT governance of the
organization sustains and supports the organization's
strategies and objectives

9. Which of the following types of IPPF guidance 11. Which of the following is a core principle for the
require(s) an exposure? professional practice of internal auditing?

I. A new Implementation Guide a. Maintain Confidentiality

II. A new Standard b. Promote an ethical culture in the internal audit
III. A new supplemental Guidance for auditing profession
cbyersecurity
IV. A new definition in the Standards Glossary c. Develop consistency in internal audit practices
a. III only
d. Is appropriately positioned and adequately
b. II and IV resourced

c. II, III, and IV