IIA IIA-CIA-Part1 Practice Test - Questions Answers, Page 73

Segregation of personnel duties is a control that is designed to prevent an undesired activity from happening, such as errors, fraud, or misuse of resources.It means dividing the tasks and responsibilities related to a process or activity among different people, so that no one person has complete control over it2.This reduces the opportunity and incentive for anyone to manipulate or falsify the data or transactions, and increases the chances of detection if they do3.

1: Preventive Controls: What Are They & Why Are They Important?32: Segregation of Duties - The Institute of Internal Auditors or The IIA3: Segregation of Duties - Wikipedia

Organizational governance is the combination of processes and structures that help the organization achieve its objectives2.Ethics activities are part of organizational governance, as they reflect the organization's values, culture, and ethical standards3.Internal audit can assess the ethics activities by evaluating the design and effectiveness of the ethics program, policies, and procedures, and providing assurance and advice on how to improve them4.

1: CIA Exam Practice Questions - Certified Internal Auditor 20192: IIA Audit Tool - The Institute of Internal Auditors or The IIA13: Internal Audit Governance: Effective Governance through Internal Auditing4: Corporate Governance & Internal Audit | Ideagen

If fraud is suspected during an audit engagement, the internal audit activity should first expand audit testing to gather sufficient and appropriate evidence to confirm or dispel the suspicion2.This may involve applying additional or alternative audit procedures, such as data analysis, interviews, observations, or confirmations3.The internal audit activity should also document the results of the expanded audit testing and communicate them to the appropriate parties in accordance with the organization's policies and procedures4.

1: CIA Exam Practice Questions - Certified Internal Auditor 20192: Fraud and Internal Audit | Grant Thornton53: FRAUD AND INTERNAL AUDIT IIA POSITION PAPER FRAUD AND INTERNAL AUDIT Assurance Over Fraud Controls Fundamental to Success Introduction Every year billions of dollars are lost to fraud and corruption resulting in inefficiencies, aborted projects, financial challenges, organizational failure, and, in extreme cases, humanitarian disaster. Often fraud occurs because of poorly designed controls and weak governance undermining the organization's processes. Organizations should have robust internal control procedures to limit the risk of fraud, and internal audit's role is to assess these controls. Fundamental Fraud Facts Fraud can be defined as any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. Fraud is not unique to any organization type. It occurs in public and privately owned businesses, not-for-profit, in organizations that seek to contribute to economic and social well-being, such as government departments, financial institutions, and public and private utilities (water, electricity, education, health care, etc.). In short, the opportunity to commit fraud exists everywhere. How organizations deal with the risk of fraud may be influenced by legal jurisdiction and the organization's own risk assessment and appetite. Fraud can often lead to litigation, dismissal, and recovery of assets. It is essential, therefore, that any investigation is undertaken by suitably qualified individuals to reduce the risk of compromising evidence, accusing wrongfully, or undermining prospective legal actions. Consistent with The IIA's International Standards for the Professional Practice of Internal Auditing on proficiency (1210.A2), internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization. KEY TAKEAWAYS Organizations should have robust internal control procedures to limit the risk of fraud, and internal audit's role is to assess these controls. The organization should have a suitable fraud prevention and response plan in place allowing effective limitation and swift response to the identification of fraud and management of the situation. This should include digital data. The chief audit executive should consider how the risk of fraud is managed across the organization and assess the fraud risk exposure periodically. The risk of fraud should be included in the audit plan and each audit assignment to evaluate the adequacy of anti-fraud controls. Internal auditors should not investigate fraud unless they have the specific experience and expertise required to do so. The IIA's Perspective Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations.Its role includes detecting, preventing, and monitoring fraud risks and addressing those risks in audits and investigations.1, p.44: Standard 2400 -- Communicating Results - The Institute of Internal Auditors or The IIA

Computer forensic auditing is the process of collecting and analyzing digital evidence from electronic devices, such as computers, mobile phones, or tablets2.The purpose of computer forensic auditing is to investigate and resolve cases involving cybercrime, fraud, or other illegal or unethical activities3.One of the examples of computer forensic auditing is recovering deleted communications and emails, which can help to reveal the identity, motive, or modus operandi of the perpetrators or suspects4.

1: Forensic Audit Guide - Definition, Steps, Reasons3, p.22: What Is Computer Forensics?Types, Techniques, and Careers2, p.13: What Is a Forensic Audit, How Does It Work, and What Prompts It?5, p.14: IT Audit & Digital Forensics: How to use an IT audit to prepare for a computer forensics investigation6, p. 1

One of the possible reasons for the failure to identify transactions between the parent organization and a subsidiary is that the auditor did not have sufficient knowledge of the group structure, the consolidation process, and the related party disclosure requirements2.The auditor should obtain an understanding of the entity and its environment, including its internal control, as part of the risk assessment procedures3.This would help the auditor to identify and assess the risks of material misstatement due to related party transactions, and design and perform appropriate audit procedures to address those risks4.

1: IAS 24 --- Related Party Disclosures5, p.12: Group audit issues | P7 Advanced Audit and Assurance | ACCA ...2, p.13: INTERNATIONAL STANDARD ON AUDITING 315 (REVISED) IDENTIFYING AND ... - IFAC1, p.14: ISA 550 Related Parties - IAASB, p. 1

Objectivity is one of the ethics principles for internal auditors, which means that they should not allow bias, conflict of interest, or undue influence to impair their professional judgment2.By attending a weekend social event paid for by the head of procurement, the engagement supervisor is potentially violating this principle, as it may create a personal or professional relationship that could compromise their objectivity in the procurement assurance engagement3.

1: CIA Exam Practice Questions - Certified Internal Auditor 20192: Global Internal Auditing Code of Ethics | The IIA1, p.13: Code of Ethics - The Institute of Internal Auditors or The IIA2, p. 1

IIA standards require that external quality assessments be conducted at least once every five years by an independent assessor. This ensures adherence to quality standards and strengthens the objectivity of the internal audit function.

Reconciling claims with business trip requests approved by supervisors is effective in detecting unauthorized or personal travel claims, as it ensures travel expenses align with actual business needs, per IIA guidelines on fraud detection and control validation.

IIA standards require that internal auditors avoid engagements in areas where they recently held operational responsibility, typically within a one-year period, to maintain independence and objectivity.