IIA-IAP Exam Practice Test Instant Access

Question 1

What are the typical elements of a risk and control matrix used in the engagement planning process?

AExperience level of key management personnel, susceptibility of the process to fraud, and process automation.

BInherent process risks, as defined in a globally accepted risk and control framework.

CBusiness objectives, risks to the objectives, and impact and likelihood of the risk occurring.

Answer : C

Comprehensive and Detailed Step-by-Step Explanation:

Risk and Control Matrix: A risk and control matrix links business objectives, the risks threatening those objectives, and the likelihood and impact of the risks. It is used to prioritize areas for review and identify necessary controls.

Other Options:

Option A: While relevant factors for assessment, these do not represent the structure of a typical risk and control matrix.

Option B: Inherent process risks are part of the matrix but need to be contextualized with objectives and controls.

Thus, the correct answer is C. Business objectives, risks to the objectives, and impact and likelihood of the risk occurring.

Question 2

In a standard process mapping document, a diamond shape typically represents which of the following?

AProcess or operation.

BDecision.

CFlow line.

Answer : B

Comprehensive and Detailed Step-by-Step Explanation:

Diamond Shape: In process mapping, a diamond typically represents a decision point where a choice must be made based on conditions or criteria (e.g., 'Yes' or 'No').

Example: 'Is the invoice valid?' If yes, the process continues to payment; if no, it is rejected.

Other Options:

Option A: A process or operation is typically represented by a rectangle.

Option C: A flow line (arrow) indicates the direction of process flow, not a decision.

Thus, the correct answer is B. Decision.

Question 3

Which of the following would best support the overall risk assessment?

APolicies and process procedures provided by the manager of the process under review.

BProcess narratives and process maps with descriptions of risks and controls.

CDetailed organizational charts to understand roles and reporting lines in the area under review.

Answer : B

Comprehensive and Detailed Step-by-Step Explanation:

Process Narratives and Maps: These provide a comprehensive view of the process, including descriptions of risks and controls, making them the most relevant for supporting risk assessments. They help identify gaps or weaknesses in the control environment.

Other Options:

Option A: Policies and procedures provide general guidance but lack the specificity needed for risk assessments.

Option C: Organizational charts are helpful for understanding roles but do not directly address risks and controls.

Thus, the correct answer is B.

Question 4

During an accounts payable audit engagement, the internal auditor identified a risk that vendor invoices may be paid multiple times. Which of the following would be appropriate preventive controls to mitigate this risk?

ASystem controls to identify identical invoice amounts from the same vendor that prohibit payment after the initial invoice.

BSystem controls to identify identical invoice numbers and dates from the same vendor prior to payment.

CManual controls requiring the reconciliation of paid vendor invoices to monthly invoice statements provided by the vendor.

Answer : B

Comprehensive and Detailed Step-by-Step Explanation:

Preventive System Controls: Identifying duplicate invoice numbers and dates is a robust preventive control, as it helps flag duplicate invoices before payment is processed.

Other Options:

Option A: Identical invoice amounts alone may not always indicate duplicates, as different invoices can share the same amount.

Option C: Manual reconciliations are detective controls, not preventive ones.

Thus, the correct answer is B.

Question 5

Which of the following tools would assist with the coordination of efforts between the internal audit team and operational management?

AAutomated workpapers.

BContinuous auditing.

CControl self-assessment.

Answer : C

Comprehensive and Detailed Step-by-Step Explanation:

Control Self-Assessment (CSA): This tool involves management and staff in evaluating controls and risks, fostering collaboration between operational teams and internal audit. CSA supports shared responsibility for risk management and control improvement.

Other Options:

Option A: Automated workpapers improve audit documentation but do not directly coordinate efforts with management.

Option B: Continuous auditing focuses on ongoing monitoring rather than collaborative efforts with management.

Thus, the correct answer is C.

Question 6

Which sampling technique uses a nonrandom selection process that is expected to be representative of the population as a whole?

AJudgmental sampling.

BHaphazard sampling.

CAttribute sampling.

Answer : A

Comprehensive and Detailed Step-by-Step Explanation:

Definition of Sampling Techniques:

Judgmental Sampling: A nonrandom method where the auditor uses their professional judgment to select items expected to be representative of the population.

Haphazard Sampling: A nonrandom approach without systematic methodology, relying on arbitrary selection.

Attribute Sampling: A statistical sampling method used to test for specific attributes or characteristics in a population.

Reasoning:

Option A is correct because judgmental sampling intentionally selects items based on the auditor's knowledge and expectations, aiming for representation.

Option B (haphazard sampling) lacks intentionality and may not reliably represent the population.

Option C (attribute sampling) involves random, statistical selection rather than a nonrandom process.

When to Use Judgmental Sampling:

It is appropriate when the auditor has sufficient expertise to select representative items and when statistical sampling is not feasible.

Question 7

An internal auditor is conducting a human resources audit engagement. Which of the following observations would increase the probability of fraud?

AVague job descriptions.

BLack of background checks.

CPoor interview skills.

Answer : B

Comprehensive and Detailed Step-by-Step Explanation:

Fraud Risk Factors:

Lack of proper vetting processes, such as background checks, significantly increases the likelihood of hiring individuals who may pose a fraud risk.

Reasoning:

Option B is correct because failing to conduct background checks creates opportunities for hiring individuals with a history of unethical behavior, increasing fraud risk.

Option A (vague job descriptions) may lead to inefficiencies or unclear expectations but does not directly relate to fraud risk.

Option C (poor interview skills) might affect hiring quality but does not increase fraud probability.

Best Practice:

Conducting thorough background checks is a critical control to reduce fraud risk in human resources processes.

IIA-IAP Internal Audit Practitioner Exam Practice Test