Operations Auditing – Situational A.

2130-Control
B. 1210.A3
CHAPTER 1 C. 1220.A2
D. 2120.A1
9. Which audit type is future-oriented and
1. An auditor is asked to evaluate whether a evaluates organizational activities?
department follows internal procedures. A. Financial Audit
What type of audit is this? B. Compliance Audit
A. Financial Audit C. Operational Audit
B. Compliance Audit D. Internal Audit
C. Operational Audit 10. You are conducting an audit of a company’s
D. Internal Control Audit procurement process. Which audit type is
2. You are reviewing a company’s logistics most appropriate?
process to identify inefficiencies. What is A. Financial Audit
your primary audit objective? B. Compliance Audit
A. Compliance C. Operational Audit
B. Financial accuracy D. Strategic Audit
C. Operational effectiveness 11. An internal auditor evaluates risk exposure
D. Risk mitigation and control effectiveness. Which standard
3. A company requests an audit to improve its applies?
customer service operations. What role A. 2120
does the auditor play? B. 2130
A. Assurance provider C. 1210
B. Consultant D. 1220
C. Regulator 12. Which IA-CM level is characterized by ad
D. Investigator hoc audits and limited planning?
4. An auditor is evaluating whether the A. Level 1
company’s internal controls are adequate to B. Level 2
prevent fraud. Which standard applies? C. Level 3
A. 2130-Control D. Level 4
B. 2120-Risk Management 13. An audit team is recognized as a change
C. 1210-Proficiency agent and strategic partner. What IA-CM
D. 2010-Planning level is this?
5. The internal audit team is asked to assess A. Level 3
the efficiency of a new inventory system. B. Level 4
What type of audit is this? C. Level 5
A. Financial Audit D. Level 2
B. Operational Audit 14. Which stakeholder can boycott products to
C. Compliance Audit express dissatisfaction?
D. IT Audit A. Customers
6. Which stakeholder has the power to B. Employees
influence audit scope through regulatory C. Suppliers
requirements? D. Investors
A. Investors 15. Which stakeholder seeks fair pay and safe
B. Creditors working conditions?
C. Government A. Customers
D. Employees B. Employees
7. An auditor reports directly to the audit C. Creditors
committee. What principle is being upheld? D. Suppliers
A. Confidentiality 16. A supplier refuses to meet orders due to
B. Independence delayed payments. What power is being
C. Objectivity exercised?
D. Professionalism A. Legal authority
8. A company wants to evaluate its internal B. Bargaining power
controls for safeguarding assets. Which C. Publicity
standard applies? D. Operational control
17. Which stakeholder promotes economic A. 2410.A2
development and raises taxes? B. 2420
A. Media C. 2130.A1
B. Governments D. 1220.A3
C. Communities 27. Which competency helps auditors adapt to
D. Business support groups organizational changes?
18. Which group provides research to improve A. Change management
competitiveness? B. Staff development
A. Activist groups C. Negotiation
B. Business support groups D. Cultural fluency
C. General public 28. Which skill is essential for writing clear audit
D. Creditors reports?
19. Which stakeholder has voting rights and can A. Judgment
inspect company records? B. Communication
A. Creditors C. Confidentiality
B. Employees D. Influence
C. Investors 29. Which trait helps auditors work well with all
D. Customers management levels?
20. Which stakeholder ensures local A. Team building
development and employment? B. Relationship building
A. Communities C. Governance sensitivity
B. Governments D. Communication
C. Media 30. Which competency involves understanding
D. Suppliers industry regulations?
21. Which standard requires internal auditors to A. Organization skills
possess sufficient IT knowledge? B. Knowledge of standards
A. 1210.A3 C. Staff training
B. 1220.A2 D. IT frameworks
C. 2130.A1 31. Which behavioral skill supports ethical
D. 2120 decision-making?
22. An auditor uses data analytics to detect A. Leadership
anomalies. Which standard supports this? B. Governance sensitivity
A. 1210-Proficiency C. Facilitation
B. 1220.A2 D. Teamwork
C. 2010-Planning 32. Which skill allows auditors to lead and
D. 2310-Identifying Information inspire their teams?
23. Which standard emphasizes planning based A. Influence
on organizational goals? B. Leadership
A. 2010 C. Facilitation
B. 2120 D. Staff management
C. 2130 33. Which competency helps auditors manage
D. 2201 audit schedules and resources?
24. Which standard requires identifying A. Organization skills
sufficient and relevant information? B. Negotiation
A. 2310 C. Change catalyst
B. 2330 D. Analytical thinking
C. 2410.A2 34. Which skill helps auditors build trust with
D. 2201 stakeholders?
25. Which standard emphasizes documenting A. Relationship building
engagement results? B. Objectivity
A. 2310 C. Communication
B. 2330 D. Judgment
C. 2130 35. Which skill involves resolving disputes
D. 2120 during audit engagements?
26. Which standard encourages acknowledging A. Analytical thinking
satisfactory performance? B. Conflict resolution
 C. Communication C. 1210
D. Staff training D. 1220
36. Which behavioral trait ensures unbiased 45. Which standard requires auditors to assess
audit findings? control adequacy?
A. Leadership A. 2120
B. Objectivity B. 2130
C. Facilitation C. 1210
D. Influence D. 1220
37. Which IA-CM level involves advisory 46. Which standard requires auditors to be
services and team building? proficient in their field?
A. Level 1 A. 2120
B. Level 2 B. 2130
C. Level 3 C. 1210
D. Level 4 D. 1220
38. An internal auditor gives advice to improve 47. Which standard requires auditors to
a department’s flexibility. What role is this? exercise due professional care?
A. Assurance A. 1220
B. Consulting B. 2130
C. Compliance C. 1210
D. Governance D. 2120
39. Which audit type focuses on adherence to 48. Which standard requires auditors to
government regulations? communicate results clearly?
A. Operational Audit A. 2410
B. Compliance Audit B. 2330
C. Financial Audit C. 2420
D. Internal Audit D. 2310
40. Which audit type is most likely to use 49. Which standard requires auditors to follow
process mapping and performance metrics? up on recommendations?
A. Financial Audit A. 2500
B. Compliance Audit
B. 2130
C. Operational Audit
D. Government Audit C. 1220
41. A community group lobbies for D. 2330
environmental regulations. What type of
50. Which standard requires auditors to
stakeholder is this?
A. Primary maintain objectivity?
B. Secondary A. 1100
C. Internal B. 1120
D. External C. 1210
42. Which stakeholder can influence public D. 1220
perception through media coverage?
A. Activist groups 51. An operations auditor is assigned to
B. Governments evaluate a manufacturing process. What
C. Media should be the auditor’s first step?
D. General public
A. Review the financial statements
43. Which skill is essential for analyzing audit
evidence? B. Understand the process flow and
A. Analytical thinking objectives
B. Communication C. Interview the production staff
C. Leadership D. Inspect the final product quality
D. Negotiation
44. Which standard requires auditors to 52. During an audit of a logistics department,
evaluate risk exposures? the auditor notices frequent delays in
A. 2120 deliveries. What is the most appropriate
B. 2130 action?
A. Analyze the scheduling and routing
 procedures B. High employee turnover
B. Recommend hiring more drivers C. Poor customer service
C. Suggest outsourcing the delivery function D. Inaccurate pricing strategy
D. Ignore the issue if customer complaints
59. An auditor is evaluating the efficiency of a
are low
payroll system. Which of the following would
53. A department consistently exceeds its be most concerning?
budget. What should the auditor investigate A. Payroll is processed bi-weekly
first? B. Employees receive pay stubs
A. Employee attendance records electronically
B. Budget planning and variance reports C. The system integrates with HR software
C. Customer satisfaction surveys D. There are frequent manual
D. Inventory turnover ratios adjustments to payroll entries

54. Purchases are made without proper 60. Frequent machine breakdowns are
authorization. What control is most likely observed on a production line. What should
missing? be the focus of the audit?
A. Purchase order approval procedures A. Preventive maintenance schedules
B. Segregation of duties B. Product design specifications
C. Periodic inventory checks C. Marketing strategies
D. Supplier performance reviews D. Employee morale

55. An auditor is assessing the effectiveness of 61. A company’s travel expenses exceed
a customer service call center. Which metric budget without justification. What does this
is most relevant? indicate?
A. Number of calls received A. Employees use corporate credit cards
B. Employee turnover rate B. Travel is booked through a preferred
C. Customer satisfaction rating vendor
D. Average call duration C. Travel expenses exceed budget
without justification
56. While auditing a warehouse, the auditor
D. Employees submit receipts with expense
notices frequent stockouts. What should be
reports
examined to address this issue?
A. Inventory management system 62. Call center agents frequently transfer calls.
B. Warehouse lighting conditions What might this indicate?
C. Employee shift schedules A. Lack of agent training or unclear
D. Sales commission structure protocols
B. Efficient customer service
57. Employees are unclear about their roles.
C. High call volume
What recommendation should the auditor
D. Strong teamwork
make?
A. Reduce the number of employees 63. A company does not track project
B. Develop clear job descriptions and milestones. What risk does this pose?
training programs A. Delayed project completion and lack
C. Increase salaries of accountability
D. Implement a performance bonus system B. Improved budget control
C. Increased employee satisfaction
58. Discrepancies are found between sales
D. Enhanced team collaboration
records and inventory. What is the likely
cause? 64. Vendor selection is not documented in the
A. Lack of inventory reconciliation procurement process. What is the
procedures implication?
 A. Improved vendor relationships C. Advertising budget
B. Reduced procurement costs D. Employee uniforms
C. Faster procurement cycle
71. A company’s procurement cycle is slow.
D. Lack of transparency and potential
What is the likely cause?
favoritism
A. High vendor quality
65. An operations auditor is assessing a training B. Inefficient approval processes
program. Which indicator best reflects its C. Low demand
effectiveness? D. Fast delivery times
A. Improvement in employee
72. A department has overlapping
performance metrics
responsibilities. What should be
B. Number of training sessions held
recommended?
C. Employee attendance rate
A. Increase staffing
D. Training budget utilization
B. Clarify roles and restructure
66. A company’s internal audit team lacks workflows
independence. What is the primary C. Reduce budget
concern? D. Outsource tasks
A. Biased audit findings
73. A company’s audit trail is incomplete. What
B. Increased audit costs
is the risk?
C. Delayed audit reports
A. Faster reporting
D. Poor documentation
B. Inability to detect fraud or errors
67. A retail store has high employee turnover. C. Improved efficiency
What should the auditor examine? D. Better teamwork
A. Inventory levels
74. A firm’s KPIs are not aligned with strategic
B. Employee satisfaction and
goals. What does this affect?
onboarding practices
A. Employee morale
C. Marketing campaigns
B. Performance measurement accuracy
D. Store layout
C. Office layout
68. A manufacturing firm has excessive waste. D. Vendor relations
What should be reviewed?
75. A company lacks a formal risk management
A. Sales targets
process. What is the consequence?
B. Production efficiency and quality
A. Lower insurance costs
control
B. Increased vulnerability to operational
C. Employee bonuses
disruptions
D. Supplier contracts
C. Better flexibility
69. A company’s IT system is frequently down. D. Faster decision-making
What is the most relevant audit focus?
A. System maintenance and backup
protocols
B. Employee training
C. Software licensing
D. Internet speed

70. A business has declining customer CHAPTER 1 CONTINUATION

retention. What should the auditor assess?
A. Product pricing 76. A company’s performance reviews are
B. Customer feedback and service inconsistent across departments. What
quality should the auditor recommend?
 A. Increase salaries C. Better team bonding
B. Standardize evaluation criteria and D. Lower training costs
procedures
83. A department uses outdated software. What
C. Reduce review frequency
should the auditor recommend?
D. Outsource HR functions
A. Increase overtime
77. A firm’s customer complaints are rising. B. Upgrade systems and provide training
What should be the first step in the audit?
A. Review marketing materials C. Reduce staff
B. Analyze complaint logs and resolution D. Delay audits
times
84. A business has frequent data entry errors.
C. Interview senior management
What control should be reviewed?
D. Increase advertising
A. Marketing strategy
78. A company’s production targets are B. Input validation and review
frequently missed. What should be procedures
investigated? C. Office design
A. Employee benefits D. Employee incentives
B. Production planning and resource
85. A company’s strategic goals are unclear to
allocation
staff. What should be implemented?
C. Office cleanliness
A. More meetings
D. Supplier discounts
B. Clear communication and goal
79. A business lacks documentation for its alignment programs
internal controls. What is the risk? C. Salary increases
A. Improved flexibility D. Flexible work hours
B. Increased exposure to fraud and
86. A firm’s suppliers often deliver late. What
errors
should be audited?
C. Faster operations
A. Employee morale
D. Better employee morale
B. Supplier contracts and performance
80. A company’s audit reports are delayed. metrics
What is the likely cause? C. Office rent
A. High profitability D. Advertising budget
B. Inefficient audit planning and
87. A company lacks segregation of duties.
execution
What is the risk?
C. Strong internal controls
A. Improved efficiency
D. Low employee turnover
B. Increased potential for fraud
81. A firm’s inventory turnover is low. What C. Better teamwork
should be examined? D. Lower costs
A. Employee training
88. A department has no backup procedures.
B. Stock management and sales
What is the consequence?
forecasting
A. Faster processing
C. Office layout
B. Data loss during system failure
D. Vendor contracts
C. Improved security
82. A company has no formal onboarding D. Lower IT costs
process. What is the impact?
89. A business has no formal budgeting
A. Higher salaries
process. What should be recommended?
B. Increased employee confusion and
A. Increase spending
turnover
 B. Implement structured budgeting and B. Difficulty measuring success
forecasting C. Better morale
C. Outsource accounting D. Lower costs
D. Reduce staff
97. A company’s audit team lacks technical
90. A company’s training is not evaluated. What expertise. What should be done?
is the risk? A. Increase salaries
A. Lower training costs B. Provide specialized training or hire
B. Ineffective skill development experts
C. Improved morale C. Delay audits
D. Faster onboarding D. Reduce scope

91. A firm’s internal audit lacks follow-up 98. A firm’s risk assessment is outdated. What
procedures. What is the impact? is the impact?
A. Faster audits A. Lower insurance premiums
B. Unresolved issues and recurring B. Inaccurate risk mitigation strategies
problems C. Better flexibility
C. Better documentation D. Improved morale
D. Lower costs
99. A company’s controls are not tested
92. A company’s KPIs are not reviewed regularly. What is the risk?
regularly. What should be done? A. Lower audit costs
A. Increase bonuses B. Undetected control failures
B. Schedule periodic KPI reviews and C. Faster reporting
updates D. Better teamwork
C. Reduce reporting
100. A department lacks clear
D. Hire more analysts
performance metrics. What should be
93. A department has no formal communication implemented?
channels. What is the result? A. Reduce workload
A. Improved creativity B. Define and track relevant KPIs
B. Misunderstandings and inefficiencies C. Increase salaries
C. Lower costs D. Improve office design
D. Better morale
OBJECTIVES AND PHASES OF OPERATIONAL
94. A company’s audit scope is too narrow. AUDITING
What is the risk?
1. An auditor is tasked with evaluating a
A. Faster audits
department’s efficiency. What should be
B. Missed critical issues
their first step?
C. Better focus
A. Interview department heads
D. Lower costs
B. Understand the department’s
95. A firm’s documentation is inconsistent. What objectives and processes
should be recommended? C. Review financial statements
A. Reduce paperwork D. Conduct surprise inspections
B. Standardize documentation practices
2. A company wants to improve operational
C. Increase staff
effectiveness. What should the audit focus
D. Outsource filing
on?
96. A business lacks performance benchmarks. A. Employee satisfaction
What is the consequence? B. Marketing strategies
A. Improved flexibility C. Alignment of operations with strategic
 goals A. Office layout
D. Office aesthetics B. Operational objectives and strategic
alignment
3. An audit reveals redundant steps in a
C. Employee uniforms
workflow. What should be recommended?
D. Vendor contracts
A. Increase staffing
B. Streamline the process to eliminate 10. A company’s audit trail is incomplete. What
inefficiencies is the risk?
C. Outsource the function A. Faster reporting
D. Add more checkpoints B. Inability to detect fraud or errors
C. Improved efficiency
4. A department has unclear performance
D. Better teamwork
metrics. What is the risk?
A. Lower costs 11. A firm’s internal audit lacks follow-up
B. Inability to measure effectiveness procedures. What is the impact?
C. Improved morale A. Faster audits
D. Faster reporting B. Unresolved issues and recurring
problems
5. An auditor finds that employees are
C. Better documentation
unaware of company goals. What should be
D. Lower costs
implemented?
A. More meetings 12. A company’s controls are not tested
B. Clear communication of strategic regularly. What is the risk?
objectives A. Lower audit costs
C. Salary increases B. Undetected control failures
D. Flexible work hours C. Faster reporting
D. Better teamwork
6. A firm’s operations are not documented.
What is the consequence? 13. A department lacks clear performance
A. Faster decision-making metrics. What should be implemented?
B. Lack of consistency and A. Reduce workload
accountability B. Define and track relevant KPIs
C. Improved creativity C. Increase salaries
D. Lower costs D. Improve office design

7. A company’s KPIs are outdated. What 14. A company’s strategic goals are unclear to
should be done? staff. What should be implemented?
A. Increase bonuses A. More meetings
B. Update KPIs to reflect current goals B. Clear communication and goal
C. Reduce reporting alignment programs
D. Hire more analysts C. Salary increases
D. Flexible work hours
8. A business lacks performance benchmarks.
What is the impact? 15. A firm’s suppliers often deliver late. What
A. Improved flexibility should be audited?
B. Difficulty measuring success A. Employee morale
C. Better morale B. Supplier contracts and performance
D. Lower costs metrics
C. Office rent
9. A department’s activities are not aligned
D. Advertising budget
with company strategy. What should be
audited?
16. An auditor observes that a department lacks B. Missed opportunities for improvement
documentation for its procedures. What is
the most appropriate recommendation? C. Better documentation
A. Increase staffing D. Lower costs
B. Develop and implement standard
23. A company does not conduct post-audit
operating procedures
evaluations. What should be
C. Reduce departmental budget
recommended?
D. Outsource the function
A. Increase audit frequency
17. A company’s internal controls are not clearly B. Implement a post-audit review
defined. What is the potential risk? process
A. Improved flexibility C. Outsource audits
B. Increased vulnerability to fraud and D. Reduce audit scope
errors
24. A department’s objectives are not aligned
C. Faster operations
with its activities. What should the auditor
D. Better employee morale
assess?
18. An audit reveals that employees are A. Office layout
performing tasks outside their job B. Operational planning and goal
descriptions. What should be alignment
recommended? C. Employee uniforms
A. Increase salaries D. Vendor contracts
B. Clarify roles and responsibilities
25. A company lacks a formal audit plan. What
C. Reduce workload
is the consequence?
D. Implement flexible scheduling
A. Lower audit costs
19. A department has no formal performance B. Inefficient and inconsistent audit
review system. What is the consequence? execution
A. Higher employee satisfaction C. Faster reporting
B. Lack of accountability and D. Better teamwork
performance tracking
26. An auditor finds that a department does not
C. Improved teamwork
track its performance indicators. What
D. Lower training costs
should be recommended?
20. A company’s operational goals are not A. Reduce workload
measurable. What should be implemented? B. Establish and monitor KPIs
A. More meetings C. Increase salaries
B. SMART goal-setting framework D. Improve office design
C. Salary increases
27. A company’s audit team does not
D. Flexible work hours
coordinate with other departments. What is
21. An auditor finds that a department does not the risk?
monitor its resource usage. What is the A. Improved independence
risk? B. Lack of collaboration and incomplete
A. Improved efficiency findings
B. Waste and inefficiency C. Faster audits
C. Better morale D. Better morale
D. Lower costs
28. A firm’s operational audit does not include
22. A firm’s audit reports are not shared with risk assessment. What is the impact?
management. What is the impact? A. Lower insurance premiums
A. Faster audits B. Incomplete understanding of
 vulnerabilities B. Difficulty measuring success
C. Better flexibility C. Better morale
D. Improved morale D. Lower costs

29. A department has no system for tracking 36. A company’s risk assessment is outdated.
corrective actions. What should be What is the impact?
implemented? A. Lower insurance premiums
A. Reduce reporting B. Inaccurate risk mitigation strategies
B. Corrective action tracking system C. Better flexibility
C. Increase staffing D. Improved morale
D. Outsource the function
37. A company’s controls are not tested
30. A company’s audit findings are not linked to regularly. What is the risk?
strategic decisions. What is the result? A. Lower audit costs
A. Improved morale B. Undetected control failures
B. Missed opportunities for strategic C. Faster reporting
improvement D. Better teamwork
C. Lower costs
38. A department lacks clear performance
D. Better teamwork
metrics. What should be implemented?
31. A company’s audit team lacks technical A. Reduce workload
expertise. What should be done? B. Define and track relevant KPIs
A. Increase salaries C. Increase salaries
B. Provide specialized training or hire D. Improve office design
experts
39. A company’s strategic goals are unclear to
C. Delay audits
staff. What should be implemented?
D. Reduce scope
A. More meetings
32. A department has no formal communication B. Clear communication and goal
channels. What is the result? alignment programs
A. Improved creativity C. Salary increases
B. Misunderstandings and inefficiencies D. Flexible work hours
C. Lower costs
40. A firm’s suppliers often deliver late. What
D. Better morale
should be audited?
33. A company’s audit scope is too narrow. A. Employee morale
What is the risk? B. Supplier contracts and performance
A. Faster audits metrics
B. Missed critical issues C. Office rent
C. Better focus D. Advertising budget
D. Lower costs
41. A company lacks segregation of duties.
34. A firm’s documentation is inconsistent. What What is the risk?
should be recommended? A. Improved efficiency
A. Reduce paperwork B. Increased potential for fraud
B. Standardize documentation practices C. Better teamwork
C. Increase staff D. Lower costs
D. Outsource filing
42. A department has no backup procedures.
35. A business lacks performance benchmarks. What is the consequence?
What is the consequence? A. Faster processing
A. Improved flexibility B. Data loss during system failure
 C. Improved security 49. A company does not track audit
D. Lower IT costs recommendations. What should be
recommended?
43. A business has no formal budgeting
A. Reduce audit scope
process. What should be recommended?
B. Implement a recommendation tracking
A. Increase spending
system
B. Implement structured budgeting and
C. Increase audit frequency
forecasting
D. Outsource audit follow-up
C. Outsource accounting
D. Reduce staff 50. A department’s processes are not
standardized. What is the risk?
44. A company’s training is not evaluated. What
A. Improved creativity
is the risk?
B. Inconsistent performance and quality
A. Lower training costs
C. Lower costs
B. Ineffective skill development
D. Better morale
C. Improved morale
D. Faster onboarding 51. A company’s audit team does not use
checklists. What is the consequence?
45. A firm’s internal audit lacks follow-up
A. Faster audits
procedures. What is the impact?
B. Missed audit steps and inconsistent
A. Faster audits
coverage
B. Unresolved issues and recurring
C. Improved flexibility
problems
D. Lower costs
C. Better documentation
D. Lower costs 52. A firm’s audit objectives are not clearly
defined. What should be done?
46. A department does not monitor its
A. Increase audit staff
operational risks. What should be
B. Establish clear and measurable audit
implemented?
objectives
A. Increase staffing
C. Reduce audit frequency
B. Risk identification and assessment
D. Delay audit execution
procedures
C. Reduce reporting frequency 53. A company’s audit team does not validate
D. Outsource internal audit data sources. What is the risk?
A. Improved efficiency
47. A company’s audit team does not document
B. Inaccurate audit conclusions
its findings. What is the consequence?
C. Better teamwork
A. Improved flexibility
D. Lower costs
B. Lack of accountability and traceability
54. A department does not review its
C. Faster audits operational performance regularly. What
D. Lower costs should be implemented?
A. Reduce workload
48. A firm’s operational audit does not include
B. Periodic performance reviews and
stakeholder feedback. What is the impact?
analysis
A. Improved independence
C. Increase salaries
B. Incomplete understanding of
D. Improve office layout
operational challenges
C. Faster reporting 55. A company’s audit team does not assess
D. Better morale compliance with policies. What is the
impact?
A. Improved morale
 B. Increased risk of violations and findings
penalties C. Improved flexibility
C. Faster reporting D. Lower costs
D. Lower costs
62. A department does not analyze root causes
56. A firm’s audit process lacks stakeholder of recurring issues. What should be
involvement. What is the result? recommended?
A. Improved independence A. Increase staff
B. Limited buy-in and implementation of B. Implement root cause analysis
recommendations procedures
C. Faster audits C. Reduce reporting
D. Better documentation D. Outsource the function

57. A company does not evaluate the cost- 63. A company’s audit team does not verify the
effectiveness of its operations. What should implementation of recommendations. What
be recommended? is the risk?
A. Increase spending A. Improved independence
B. Conduct cost-benefit analysis of key B. Unresolved issues and ineffective
processes improvements
C. Outsource operations C. Faster audits
D. Reduce staff D. Better morale

58. A department does not track its corrective 64. A firm’s operational audit does not include
actions. What is the risk? performance comparisons. What is the
A. Improved flexibility impact?
B. Recurrence of previously identified A. Lower costs
issues B. Lack of benchmarking and
C. Better morale improvement insights
D. Lower costs C. Better teamwork
D. Improved morale
59. A company’s audit team does not assess
operational risks. What is the consequence? 65. A department does not maintain records of
A. Improved efficiency its activities. What is the consequence?
B. Incomplete audit coverage and A. Improved flexibility
exposure to threats B. Lack of accountability and audit trail
C. Better teamwork C. Better morale
D. Lower costs D. Lower costs

60. A firm’s audit findings are not communicated 66. A company’s audit team does not assess
to relevant departments. What is the the efficiency of resource usage. What is
impact? the result?
A. Improved independence A. Improved morale
B. Lack of corrective action and B. Missed opportunities for cost savings
accountability and optimization
C. Faster audits C. Faster reporting
D. Better morale D. Better teamwork

61. A company’s audit team does not follow a 67. A firm’s audit process does not include
structured methodology. What is the likely feedback from audited departments. What is
outcome? the risk?
A. Faster audits A. Improved independence
B. Inconsistent audit results and missed B. Limited engagement and resistance to
 change 74. A company’s audit team does not assess
C. Faster audits compliance with industry standards. What is
D. Better documentation the risk?
A. Improved independence
68. A company does not monitor the timeliness
B. Regulatory penalties and reputational
of corrective actions. What should be
damage
implemented?
C. Faster audits
A. Reduce reporting
D. Better documentation
B. Corrective action tracking with
deadlines 75. A firm’s audit process does not include
C. Increase staffing periodic review of audit procedures. What
D. Outsource the function should be implemented?
A. Reduce audit frequency
69. A department’s audit findings are not
B. Regular updates and reviews of audit
prioritized. What is the impact?
methodology
A. Improved morale
C. Increase staffing
B. Delayed resolution of critical issues
D. Outsource the audit function
C. Lower costs
D. Better teamwork RISK ASSESSMENT

70. A company’s audit team does not assess 1. An auditor is assessing operational risk in a
the impact of operational changes. What is logistics company. What should be reviewed
the consequence? first?
A. Improved flexibility A. Employee satisfaction surveys
B. Unanticipated risks and inefficiencies B. Delivery schedules and incident
C. Better morale reports
D. Lower costs C. Marketing strategies
D. Office layout
71. A firm’s audit process lacks documentation
standards. What should be recommended? 2. A company has no formal risk register. What
A. Reduce paperwork is the consequence?
B. Establish consistent documentation A. Improved flexibility
protocols B. Inability to track and manage risks
C. Increase staff effectively
D. Outsource filing C. Lower costs
D. Better morale
72. A company does not evaluate the
effectiveness of its internal controls. What is 3. A department does not conduct risk
the risk? assessments before launching new
A. Improved efficiency projects. What is the impact?
B. Exposure to fraud and operational A. Faster implementation
failures B. Increased exposure to unforeseen
C. Better teamwork risks
D. Lower costs C. Improved creativity
D. Lower training costs
73. A department does not track audit-related
costs. What is the impact? 4. A firm’s risk mitigation strategies are
A. Improved flexibility outdated. What should be recommended?
B. Inability to assess audit cost- A. Increase staffing
effectiveness B. Update and test mitigation plans
C. Better morale regularly
D. Lower reporting burden
 C. Reduce reporting frequency A. Lower audit costs
D. Outsource risk management B. Failure to capture emerging risks
C. Better morale
5. A company does not classify risks by
D. Improved independence
severity. What is the result?
A. Improved morale 12. A firm does not assign ownership for
B. Difficulty prioritizing risk responses identified risks. What is the impact?
C. Faster audits A. Improved teamwork
D. Lower insurance premiums B. Lack of accountability in risk
management
6. An auditor finds that a department does not
C. Faster reporting
monitor key risk indicators (KRIs). What
D. Lower costs
should be implemented?
A. Reduce reporting 13. A company’s risk matrix is overly complex.
B. Establish and track KRIs What is the result?
C. Increase salaries A. Improved accuracy
D. Improve office design B. Difficulty in decision-making and
communication
7. A business does not evaluate the likelihood
C. Better morale
of operational risks. What is the
D. Lower costs
consequence?
A. Improved flexibility 14. A department does not align its risk
B. Inaccurate risk prioritization management with organizational goals.
C. Better teamwork What should be audited?
D. Lower costs A. Office layout
B. Strategic alignment of risk practices
8. A company’s risk assessment process lacks
C. Employee uniforms
stakeholder input. What is the impact?
D. Vendor contracts
A. Improved independence
B. Limited understanding of operational 15. A company’s risk reporting is inconsistent
realities across departments. What should be
C. Faster reporting recommended?
D. Better documentation A. Reduce reporting frequency
B. Standardize risk reporting formats
9. A firm does not document its risk responses.
and schedules
What is the risk?
C. Increase staffing
A. Improved efficiency
D. Outsource reporting
B. Lack of accountability and follow-
through 16. A company does not regularly update its risk
C. Better morale register. What is the consequence?
D. Lower costs A. Improved flexibility
B. Outdated risk information and poor
10. A department does not test its contingency
decision-making
plans. What should be recommended?
C. Lower costs
A. Reduce planning time
D. Better morale
B. Conduct regular drills and simulations
17. A department does not assign risk owners.
C. Increase staffing What is the impact?
D. Outsource emergency response A. Improved teamwork
B. Lack of accountability for risk
11. A company’s risk assessment is conducted
mitigation
only once a year. What is the limitation?
 C. Faster reporting 24. A company’s risk assessments are not
D. Lower training costs reviewed by internal audit. What is the
impact?
18. A firm’s risk assessments are conducted
A. Improved independence
without historical data. What is the risk?
B. Lack of validation and oversight
A. Improved independence
C. Faster reporting
B. Inaccurate risk forecasting and
D. Better documentation
planning
C. Better morale 25. A firm does not track emerging risks. What
D. Lower costs should be implemented?
A. Reduce reporting frequency
19. A company does not include operational
B. Horizon scanning and trend analysis
risks in its strategic planning. What is the
C. Increase staffing
result?
D. Outsource risk monitoring
A. Improved flexibility
B. Misalignment between strategy and 26. A department does not include operational
risk exposure staff in risk workshops. What is the result?
C. Better teamwork A. Improved independence
D. Lower insurance premiums B. Limited practical insights and
engagement
20. A department does not monitor the
C. Faster workshop completion
effectiveness of its risk controls. What
D. Lower costs
should be recommended?
A. Reduce control activities 27. A company’s risk mitigation plans are not
B. Implement control performance tested. What is the consequence?
reviews A. Improved flexibility
C. Increase staffing B. Uncertainty about plan effectiveness
D. Outsource risk management during crises
C. Better morale
21. A company’s risk communication is limited
D. Lower insurance premiums
to senior management. What is the impact?
A. Improved confidentiality 28. A firm does not document lessons learned
B. Lack of awareness and preparedness from past risk events. What is the impact?
among staff A. Improved creativity
C. Faster decision-making B. Repetition of avoidable mistakes
D. Lower costs C. Better teamwork
D. Lower costs
22. A firm does not use risk heat maps. What is
the consequence? 29. A department does not assess
A. Improved accuracy interdependencies between risks. What is
B. Difficulty visualizing and prioritizing the risk?
risks A. Improved efficiency
C. Better morale B. Underestimation of compound risk
D. Lower reporting burden effects
C. Better morale
23. A department does not evaluate the cost of
D. Lower reporting burden
risk mitigation strategies. What is the risk?
A. Improved flexibility 30. A company’s risk assessments are not
B. Inefficient use of resources aligned with its business continuity plans.
C. Better teamwork What should be recommended?
D. Lower costs A. Increase audit frequency
B. Integrate risk and continuity planning
 C. Outsource continuity planning 37. A company does not monitor external risks
D. Reduce risk documentation such as regulatory changes. What should
be recommended?
31. A company does not evaluate the impact of
A. Reduce compliance staff
risk events on operations. What is the
B. Implement external risk monitoring
consequence?
systems
A. Improved flexibility
C. Increase advertising
B. Inadequate response and recovery
D. Outsource legal review
planning
C. Better morale 38. A department does not assess the financial
D. Lower costs impact of risks. What is the result?
A. Improved budgeting
32. A department does not maintain a risk log.
B. Inability to allocate resources
What is the result?
effectively
A. Improved efficiency
C. Better morale
B. Loss of historical data and tracking
D. Lower costs
C. Better teamwork
D. Lower reporting burden 39. A company does not integrate risk data into
decision-making. What is the consequence?
33. A firm does not include financial risks in its
A. Improved creativity
operational audit. What is the impact?
B. Decisions may ignore critical
A. Improved independence
vulnerabilities
B. Incomplete risk coverage
C. Better teamwork
C. Better documentation
D. Lower reporting burden
D. Faster audits
40. A firm does not train staff on risk
34. A company does not assess the probability
awareness. What is the impact?
of risk occurrence. What is the risk?
A. Improved morale
A. Improved flexibility
B. Increased likelihood of risk incidents
B. Poor prioritization of mitigation efforts
C. Better documentation
D. Lower training costs
C. Better morale
D. Lower costs 41. A company does not assess reputational
risks. What is the potential outcome?
35. A department does not update its risk
A. Improved branding
controls after process changes. What is the
B. Damage to public image and
consequence?
stakeholder trust
A. Improved efficiency
C. Better morale
B. Controls may become ineffective or
D. Lower marketing costs
irrelevant
C. Better teamwork 42. A department does not include risk
D. Lower training costs indicators in its dashboard. What should be
implemented?
36. A firm does not involve cross-functional
A. Reduce dashboard complexity
teams in risk assessments. What is the
B. Add key risk indicators to
impact?
performance dashboards
A. Improved independence
C. Increase staffing
B. Limited perspectives and incomplete
D. Outsource dashboard design
analysis
C. Faster reporting 43. A firm does not review risk mitigation
D. Better morale effectiveness. What is the risk?
A. Improved flexibility
 B. Continued exposure to unresolved 50. A company does not evaluate the timeliness
risks of its risk responses. What should be
C. Better morale recommended?
D. Lower costs A. Outsource risk management
B. Reduce reporting frequency
44. A company does not align its risk appetite
C. Increase staffing
with operational decisions. What is the
D. Implement response tracking with
impact?
deadlines
A. Improved independence
B. Decisions may exceed acceptable risk 51. A firm does not assess the impact of risk
levels events on financial performance. What is
C. Better documentation the consequence?
D. Faster audits A. Improved budgeting
B. Inability to plan for financial
45. A department does not communicate risk
contingencies
updates to stakeholders. What is the result?
C. Better morale
A. Improved confidentiality
D. Lower costs
B. Lack of awareness and delayed
responses 52. A department does not include risk
C. Better morale management in its performance reviews.
D. Lower reporting burden What is the result?
A. Improved morale
46. A company does not conduct periodic risk
B. Lack of accountability for risk-related
reviews. What is the likely consequence?
outcomes
A. Failure to identify emerging risks
C. Better teamwork
B. Reduced operational costs
D. Lower reporting burden
C. Better employee morale
D. Improved flexibility 53. A company does not update its risk register
after major changes. What is the impact?
47. A department does not document its risk
A. Improved flexibility
mitigation strategies. What is the impact?
B. Misalignment between current risks
A. Improved efficiency
and controls
B. Lower training costs
C. Better morale
C. Better teamwork
D. Lower costs
D. Lack of accountability and continuity
54. A firm does not involve senior leadership in
48. A firm does not include operational risk
risk planning. What is the risk?
analysis in its audit reports. What is the
A. Improved independence
risk?
B. Lack of strategic oversight and
A. Incomplete audit findings
support
B. Improved independence
C. Better documentation
C. Better documentation
D. Faster audits
D. Lower audit costs
55. A department does not evaluate the
49. A department does not assign responsibility
effectiveness of its risk training programs.
for managing specific risks. What is the
What should be recommended?
result?
A. Increase training frequency
A. Lack of ownership and ineffective
B. Conduct post-training assessments
mitigation
C. Reduce training costs
B. Lower costs
D. Outsource training
C. Improved teamwork
D. Faster reporting
56. A company does not track the cost of risk 62. A department does not include risk-related
incidents. What is the impact? goals in its annual planning. What is the
A. Improved flexibility impact?
B. Inability to justify investments in A. Improved flexibility
mitigation B. Lack of integration between strategy
C. Better morale and risk management
D. Lower reporting burden C. Better teamwork
D. Lower reporting burden
57. A firm does not include risk metrics in its
operational dashboards. What should be 63. A firm does not evaluate the impact of risk
implemented? mitigation on performance. What should be
A. Reduce dashboard complexity recommended?
B. Integrate key risk indicators into A. Increase staffing
dashboards B. Link mitigation outcomes to
C. Increase staffing performance indicators
D. Outsource dashboard design C. Reduce reporting
D. Outsource performance reviews
58. A department does not review lessons
learned from past audits. What is the 64. A company does not include third-party risks
consequence? in its assessments. What is the risk?
A. Improved creativity A. Improved vendor relations
B. Repetition of avoidable mistakes B. Exposure to external vulnerabilities
C. Better teamwork C. Better morale
D. Lower costs D. Lower costs

59. A company does not align its risk 65. A department does not track the status of
management with compliance requirements. risk action plans. What is the result?
What is the risk? A. Improved flexibility
A. Improved independence B. Delays and lack of accountability
B. Regulatory violations and penalties C. Better morale
C. Better documentation D. Lower reporting burden
D. Faster audits
66. A firm does not assess the interrelationship
60. A firm does not monitor the effectiveness of between strategic and operational risks.
its risk communication strategy. What is the What is the impact?
result? A. Improved independence
A. Improved confidentiality B. Fragmented risk management and
B. Misunderstanding and poor response missed synergies
coordination C. Better documentation
C. Better morale D. Faster audits
D. Lower reporting burden
67. A company does not include risk tolerance
61. A company does not assess the levels in its planning. What is the
effectiveness of its risk governance consequence?
structure. What is the consequence? A. Improved creativity
A. Improved independence B. Decisions may exceed acceptable risk
B. Poor coordination and oversight of boundaries
risk activities C. Better morale
C. Better morale D. Lower costs
D. Lower costs
68. A department does not review risk trends
over time. What should be implemented?
 A. Reduce reporting frequency C. Increase salaries
B. Trend analysis and historical D. Outsource onboarding
comparisons
75. A firm does not evaluate the effectiveness of
C. Increase staffing
its risk escalation procedures. What is the
D. Outsource risk tracking
result?
69. A firm does not include operational risk in its A. Improved independence
internal audit scope. What is the result? B. Delayed response to critical issues
A. Improved independence C. Better morale
B. Incomplete audit coverage and D. Lower reporting burden
missed vulnerabilities
76. A company does not assess the impact of
C. Better documentation
risk on employee productivity. What is the
D. Lower audit costs
consequence?
70. A company does not assess the impact of A. Improved morale
risk on customer satisfaction. What is the B. Missed opportunities to improve
risk? performance
A. Improved branding C. Lower training costs
B. Decline in customer trust and loyalty D. Better teamwork
C. Better morale
77. A department does not include risk factors
D. Lower marketing costs
in its project planning. What is the result?
71. A department does not include risk metrics A. Faster project completion
in its performance dashboard. What should B. Increased likelihood of delays and
be recommended? failures
A. Reduce dashboard complexity C. Better morale
B. Integrate risk indicators with D. Lower costs
operational metrics
78. A firm does not monitor the effectiveness of
C. Increase staffing
its risk reporting system. What is the
D. Outsource dashboard design
impact?
72. A firm does not evaluate the effectiveness of A. Improved confidentiality
its risk workshops. What is the impact? B. Inaccurate or delayed risk
A. Improved morale communication
B. Limited learning and engagement C. Better morale
C. Better documentation D. Lower reporting burden
D. Lower training costs
79. A company does not assess the impact of
73. A company does not assess the impact of risk on innovation initiatives. What is the
risk on supply chain operations. What is the risk?
consequence? A. Improved creativity
A. Improved vendor relations B. Failure to anticipate barriers and
B. Disruptions and delays in delivery setbacks
C. Better morale C. Better morale
D. Lower costs D. Lower R&D costs

74. A department does not include risk 80. A department does not include risk
awareness in its onboarding process. What considerations in its budgeting process.
should be implemented? What is the consequence?
A. Reduce onboarding time A. Improved flexibility
B. Integrate risk training into orientation B. Underfunding of critical risk
programs mitigation efforts
 C. Better morale C. Increase staffing
D. Lower costs D. Outsource reporting

81. A firm does not evaluate the impact of risk 87. A firm does not evaluate the impact of risk
on IT systems. What is the result? on regulatory compliance. What is the risk?
A. Improved system speed A. Improved independence
B. Increased vulnerability to cyber B. Legal penalties and reputational
threats damage
C. Better morale C. Better documentation
D. Lower IT costs D. Lower audit costs

82. A company does not include risk factors in 88. A company does not assess the impact of
its vendor selection criteria. What is the risk on stakeholder confidence. What is the
risk? consequence?
A. Improved vendor relationships A. Improved branding
B. Exposure to unreliable or non- B. Loss of trust and support
compliant suppliers C. Better morale
C. Better morale D. Lower marketing costs
D. Lower procurement costs
89. A department does not include risk analysis
83. A department does not assess the impact of in its performance reviews. What is the
risk on service delivery. What is the result?
consequence? A. Improved morale
A. Improved customer satisfaction B. Missed opportunities for improvement
B. Service disruptions and client
dissatisfaction C. Better teamwork
C. Better morale D. Lower reporting burden
D. Lower operating costs
90. A firm does not assess the impact of risk on
84. A firm does not monitor the effectiveness of organizational culture. What is the
its risk training programs. What should be consequence?
recommended? A. Improved creativity
A. Reduce training frequency B. Resistance to change and poor
B. Conduct post-training evaluations engagement
C. Increase salaries C. Better morale
D. Outsource training D. Lower training costs

85. A company does not assess the impact of THE 7 E’s

risk on strategic partnerships. What is the
1. A department is using outdated equipment
result?
that slows down production. Which “E” is
A. Improved collaboration
most affected?
B. Potential breakdowns in joint
A. Effectiveness
initiatives
B. Efficiency
C. Better morale
C. Economy
D. Lower legal costs
D. Ethics
86. A department does not include risk metrics
2. A company achieves its goals but at a high
in its monthly reports. What should be
cost. Which “E” should be reviewed?
implemented?
A. Efficiency
A. Reduce reporting frequency
B. Economy
B. Add key risk indicators to monthly
reports
 C. Ethics A. Efficiency
D. Environment B. Effectiveness
C. Economy
3. Employees are unclear about their
D. Environment
responsibilities, leading to duplicated efforts.
What is the issue? 10. A firm achieves its goals using the least
A. Ethics resources possible. Which “E” is
B. Environment demonstrated?
C. Efficiency A. Effectiveness
D. Effectiveness B. Ethics
C. Efficiency
4. A firm meets its objectives but violates
D. Environment
environmental regulations. Which “E” is
compromised? 11. A department meets its targets but uses
A. Efficiency expensive suppliers unnecessarily. What
B. Economy should be reviewed?
C. Environment A. Efficiency
D. Ethics B. Ethics
C. Economy
5. A department spends more than necessary
D. Environment
for basic supplies. What should be audited?
A. Effectiveness 12. A company’s staff follow all procedures but
B. Economy fail to deliver results. Which “E” is lacking?
C. Efficiency A. Efficiency
D. Ethics B. Ethics
C. Effectiveness
6. A company’s operations are fast but fail to
D. Environment
meet customer expectations. Which “E” is
lacking? 13. A firm’s operations are cost-effective but
A. Effectiveness lack transparency. What is the concern?
B. Efficiency A. Efficiency
C. Economy B. Environment
D. Ethics C. Ethics
D. Effectiveness
7. A manager uses company funds for
personal expenses. What is the concern? 14. A department reduces waste and energy
A. Efficiency use. Which “E” is being addressed?
B. Effectiveness A. Ethics
C. Ethics B. Economy
D. Environment C. Efficiency
D. Environment
8. A department uses minimal resources but
fails to achieve its goals. Which “E” is 15. A company’s decisions are fair and comply
missing? with laws. Which “E” is demonstrated?
A. Economy A. Efficiency
B. Ethics B. Environment
C. Effectiveness C. Ethics
D. Environment D. Economy

9. A company’s operations are well-organized CONTROL FRAMEWORK

but harm the local community. What is the
1. A company lacks separation of duties in its
issue?
cash handling process. What is the primary
 risk? 8. A firm does not review vendor invoices
A. Increased efficiency before payment. What control is missing?
B. Fraud and unauthorized transactions A. Budget control
C. Lower operating costs B. Verification and approval
D. Improved morale C. Risk assessment
D. Performance evaluation
2. An auditor finds that access to financial
systems is unrestricted. What control is 9. A department does not track inventory
missing? movement. What is the risk?
A. Physical security A. Improved efficiency
B. Logical access controls B. Theft and loss of assets
C. Budgetary control C. Better morale
D. Performance monitoring D. Lower costs

3. A department does not reconcile its 10. A company does not restrict access to
accounts monthly. What is the sensitive data. What control should be
consequence? implemented?
A. Improved flexibility A. Budgetary control
B. Undetected errors and misstatements B. Data access control
C. Better teamwork C. Performance review
D. Lower costs D. Risk scoring

4. A company does not require supervisor 11. A firm does not conduct periodic control
approval for expense claims. What control is reviews. What is the consequence?
lacking? A. Improved independence
A. Performance review B. Outdated controls and increased
B. Authorization control exposure
C. Risk assessment C. Better morale
D. Budget control D. Lower audit costs

5. A firm does not document its control 12. A department does not maintain logs of
procedures. What is the risk? system changes. What is the risk?
A. Improved creativity A. Improved flexibility
B. Inconsistent application and audit B. Lack of accountability and traceability
difficulty
C. Better morale C. Better teamwork
D. Lower training costs D. Lower reporting burden

6. A department uses outdated software for 13. A company does not train staff on control
financial reporting. What control principle is procedures. What should be
affected? recommended?
A. Authorization A. Increase salaries
B. Segregation of duties B. Implement control training programs
C. Reliability of systems C. Reduce reporting
D. Physical safeguards D. Outsource internal audit

7. A company does not monitor employee 14. A firm does not evaluate the effectiveness of
compliance with policies. What is the result? its controls. What is the impact?
A. Improved morale A. Improved morale
B. Increased risk of violations B. Continued exposure to operational
C. Better teamwork risks
D. Lower costs
 C. Better documentation A. Improved independence
D. Lower costs B. Unauthorized access to sensitive
systems
15. A department does not document control
C. Better documentation
failures. What is the result?
D. Lower training costs
A. Improved creativity
B. Repetition of unresolved issues 22. A company does not enforce password
C. Better morale policies. What control is lacking?
D. Lower training costs A. Budgetary control
B. IT security control
16. A company does not separate duties
C. Performance monitoring
between purchasing and receiving. What is
D. Risk scoring
the risk?
A. Improved efficiency 23. A department does not monitor compliance
B. Increased potential for procurement with internal procedures. What is the result?
fraud A. Improved morale
C. Better teamwork B. Increased risk of operational errors
D. Lower costs C. Better teamwork
D. Lower costs
17. A department does not verify the accuracy
of payroll before disbursement. What control 24. A firm does not conduct background checks
is missing? on new hires. What is the risk?
A. Budget control A. Improved onboarding speed
B. Review and reconciliation B. Hiring individuals with potential for
C. Risk assessment misconduct
D. Authorization C. Better morale
D. Lower HR costs
18. A firm does not maintain physical security
for its inventory. What is the consequence? 25. A company does not review system access
A. Improved accessibility logs. What is the consequence?
B. Increased risk of theft and loss A. Improved system performance
C. Better morale B. Undetected unauthorized activities
D. Lower insurance premiums C. Better morale
D. Lower IT costs
19. A company does not log user activity in its
financial system. What is the risk? 26. A department does not reconcile bank
A. Improved system speed statements monthly. What is the risk?
B. Lack of audit trail and accountability A. Improved cash flow
C. Better morale B. Undetected discrepancies and fraud
D. Lower IT costs C. Better morale
D. Lower audit costs
20. A department does not perform variance
analysis on budget vs. actual spending. 27. A firm does not document control objectives.
What is the impact? What is the impact?
A. Improved flexibility A. Improved flexibility
B. Missed identification of overspending B. Lack of clarity and inconsistent
or inefficiencies implementation
C. Better morale C. Better morale
D. Lower reporting burden D. Lower reporting burden

21. A firm does not review access rights after 28. A company does not test its backup
employee role changes. What is the risk? systems. What is the risk?
 A. Improved system speed execution
B. Data loss during system failure C. Better morale
C. Better morale D. Lower training costs
D. Lower IT costs
35. A department does not maintain
29. A department does not track corrective documentation of control failures. What is
actions from control failures. What is the the risk?
result? A. Improved creativity
A. Improved creativity B. Repetition of unresolved issues
B. Recurrence of unresolved issues C. Better morale
C. Better morale D. Lower reporting burden
D. Lower training costs
36. A firm does not include IT controls in its
30. A firm does not include control objectives in operational audits. What is the
its audit scope. What is the consequence? consequence?
A. Improved independence A. Improved independence
B. Incomplete audit coverage and B. Missed vulnerabilities in system
missed risks security
C. Better documentation C. Better documentation
D. Lower audit costs D. Lower audit costs

31. A company does not conduct periodic 37. A company does not monitor changes in
reviews of its control framework. What is the regulatory requirements. What is the risk?
risk? A. Improved flexibility
A. Improved independence B. Non-compliance and legal penalties
B. Controls may become outdated and C. Better morale
ineffective D. Lower reporting burden
C. Better morale
38. A department does not review the
D. Lower audit costs
effectiveness of its control activities. What
32. A department does not track user should be recommended?
permissions across systems. What is the A. Increase staffing
consequence? B. Conduct periodic control evaluations
A. Improved system speed C. Reduce reporting frequency
B. Unauthorized access and data D. Outsource control monitoring
breaches
39. A firm does not align its control objectives
C. Better teamwork
with business goals. What is the impact?
D. Lower IT costs
A. Improved independence
33. A firm does not include control testing in its B. Controls may not support strategic
audit procedures. What is the impact? priorities
A. Faster audits C. Better morale
B. Inability to verify control effectiveness D. Lower costs

40. A company does not include risk

C. Better documentation
assessment in its control framework. What
D. Lower costs
is the result?
34. A company does not define roles and A. Improved creativity
responsibilities for control activities. What is B. Controls may not address key
the result? vulnerabilities
A. Improved flexibility C. Better teamwork
B. Confusion and inconsistent control D. Lower training costs
41. A department does not maintain audit trails C. Better documentation
for financial transactions. What is the risk? D. Lower audit costs
A. Improved efficiency
48. A firm does not include control weaknesses
B. Difficulty detecting fraud and errors
in its management reports. What is the risk?
C. Better morale
A. Improved confidentiality
D. Lower reporting burden
B. Lack of awareness and delayed
42. A firm does not review the design of its corrective action
controls. What is the consequence? C. Better morale
A. Improved independence D. Lower reporting burden
B. Controls may be ineffective or
49. A company does not assign responsibility
misaligned
for control implementation. What is the
C. Better documentation
result?
D. Lower audit costs
A. Improved teamwork
43. A company does not include control B. Lack of accountability and
monitoring in its daily operations. What is inconsistent execution
the impact? C. Better morale
A. Improved flexibility D. Lower training costs
B. Delayed detection of control failures
50. A department does not evaluate the cost-
C. Better morale
effectiveness of its controls. What should be
D. Lower costs
recommended?
44. A department does not train staff on control A. Increase control activities
responsibilities. What should be B. Conduct cost-benefit analysis of
implemented? control measures
A. Increase salaries C. Reduce staffing
B. Conduct control awareness training D. Outsource control review
C. Reduce reporting
51. A firm does not include control risks in its
D. Outsource internal audit
strategic planning. What is the
45. A firm does not document its control consequence?
framework. What is the risk? A. Improved independence
A. Improved creativity B. Misalignment between strategy and
B. Lack of consistency and auditability risk exposure
C. Better morale C. Better documentation
D. Lower training costs D. Lower audit costs

46. A company does not assess risks before 52. A company does not update its control
implementing new controls. What is the framework after organizational changes.
consequence? What is the impact?
A. Improved flexibility A. Improved flexibility
B. Controls may not address actual B. Controls may become irrelevant or
vulnerabilities ineffective
C. Better morale C. Better morale
D. Lower costs D. Lower training costs

47. A department does not monitor the 53. A department does not track the status of
performance of its control activities. What is control-related action plans. What is the
the impact? result?
A. Improved independence A. Improved efficiency
B. Ineffective controls may go unnoticed B. Delays and unresolved control issues
 C. Better morale C. Better morale
D. Lower reporting burden D. Lower reporting burden

54. A firm does not include control performance 60. A firm does not assess the interrelationship
indicators in its dashboards. What should be between controls and business processes.
implemented? What is the consequence?
A. Reduce dashboard complexity A. Improved flexibility
B. Add key control metrics to B. Controls may hinder operational
dashboards efficiency
C. Increase staffing C. Better morale
D. Outsource dashboard design D. Lower training costs

55. A company does not assess the impact of 61. A company does not assess the
control failures on operations. What is the effectiveness of its control environment.
risk? What is the consequence?
A. Improved creativity A. Improved independence
B. Operational disruptions and financial B. Weak governance and increased risk
loss exposure
C. Better morale C. Better morale
D. Lower costs D. Lower audit costs

56. A department does not include control 62. A department does not include control-
objectives in its training programs. What related goals in its operational plans. What
should be recommended? is the impact?
A. Reduce training frequency A. Improved flexibility
B. Integrate control awareness into staff B. Lack of integration between strategy
development and control activities
C. Increase salaries C. Better teamwork
D. Outsource training D. Lower reporting burden

57. A firm does not evaluate the effectiveness of 63. A firm does not evaluate the impact of
automated controls. What is the control activities on performance. What
consequence? should be recommended?
A. Improved system speed A. Increase staffing
B. Potential system vulnerabilities and B. Link control outcomes to performance
errors indicators
C. Better morale C. Reduce reporting
D. Lower IT costs D. Outsource performance reviews

58. A company does not include control risks in 64. A company does not include third-party risks
its compliance reviews. What is the impact? in its control framework. What is the risk?
A. Improved independence A. Improved vendor relations
B. Missed regulatory issues and B. Exposure to external vulnerabilities
penalties C. Better morale
C. Better documentation D. Lower costs
D. Lower audit costs
65. A department does not track the status of
59. A department does not document changes control implementation. What is the result?
to control procedures. What is the result? A. Improved flexibility
A. Improved creativity B. Delays and lack of accountability
B. Confusion and inconsistent C. Better morale
application D. Lower reporting burden
66. A firm does not assess the interrelationship 72. A firm does not evaluate the effectiveness of
between strategic goals and control its control workshops. What is the impact?
activities. What is the impact? A. Improved morale
A. Improved independence B. Limited learning and engagement
B. Fragmented control management and C. Better documentation
missed synergies D. Lower training costs
C. Better documentation
73. A company does not assess the impact of
D. Faster audits
control failures on supply chain operations.
67. A company does not include control What is the consequence?
tolerance levels in its planning. What is the A. Improved vendor relations
consequence? B. Disruptions and delays in delivery
A. Improved creativity C. Better morale
B. Decisions may exceed acceptable D. Lower costs
control boundaries
74. A department does not include control
C. Better morale
awareness in its onboarding process. What
D. Lower costs
should be implemented?
68. A department does not review control trends A. Reduce onboarding time
over time. What should be implemented? B. Integrate control training into
A. Reduce reporting frequency orientation programs
B. Trend analysis and historical C. Increase salaries
comparisons D. Outsource onboarding
C. Increase staffing
75. A firm does not evaluate the effectiveness of
D. Outsource control tracking
its control escalation procedures. What is
69. A firm does not include control effectiveness the result?
in its internal audit scope. What is the A. Improved independence
result? B. Delayed response to critical control
A. Improved independence issues
B. Incomplete audit coverage and C. Better morale
missed vulnerabilities D. Lower reporting burden
C. Better documentation
D. Lower audit costs

70. A company does not assess the impact of

control weaknesses on customer
satisfaction. What is the risk?
A. Improved branding
B. Decline in customer trust and loyalty
C. Better morale
D. Lower marketing costs

71. A department does not include control

metrics in its performance dashboard. What
should be recommended?
A. Reduce dashboard complexity
B. Integrate control indicators with
operational metrics
C. Increase staffing
D. Outsource dashboard design