IIA IIA-CIA-Part2 Practice Test - Questions Answers

According to the IIA guidance, when determining the need to follow-up on recommendations, the internal audit activity should consider factors such as the degree of effort and cost needed to correct the reported condition, the complexity of the corrective action, and the impact that may result should the corrective action fail. These factors are critical in assessing the importance and urgency of follow-up. However, the amount of resources required to conduct the follow-up activities should not be a primary consideration, as the focus should be on the significance of the issues and the potential risks associated with them.

Reference: IIA Standard 2500 -- Monitoring Progress, IIA Practice Advisory 2500.A1-1

The internal audit activity's role in regard to the organization's risk management program includes ensuring that a proper and effective risk management process is in place. This involves evaluating the risk management processes and providing assurance that risks are identified and managed effectively. The internal audit activity should not be responsible for managing risks (Option A), but should ensure there is a systematic process (Option B). Attaining an adequate understanding of key mitigation strategies (Option C) and identifying appropriate controls (Option D) are part of the audit process, but ensuring the existence of a proper process is the primary responsibility.

Reference: IIA Standard 2120 -- Risk Management

Detective controls are designed to identify and detect errors or fraud after they have occurred. Receipts for employee expenses serve as a detective control by providing evidence of transactions, enabling verification and review of expenses to identify any fraudulent or unauthorized activities. Awareness of prior incidents of fraud (Option A) is more of a preventive control, contractor non-disclosure agreements (Option B) are preventive controls to mitigate risks of information leakage, and verification of currency exchange rates (Option C) is more of a transaction control.

Reference: IIA Glossary -- Detective Controls, COSO Framework

Omitting advance client notice when planning an audit engagement is justifiable if the engagement includes audit assurance procedures that involve sensitive or restricted assets. Providing advance notice in such cases could compromise the integrity of the audit, as it may give management an opportunity to conceal or alter the status of these assets. The goal is to ensure that the auditors can observe the actual condition and handling of sensitive assets without any prior alteration.

Reference: IIA Standard 2201 -- Planning Considerations, IIA Practice Advisory 2201-1

According to the Institute of Internal Auditors (IIA) guidance, organizations have the most influence over the 'opportunity' aspect of the fraud triangle. The fraud triangle consists of three elements: pressure, opportunity, and rationalization. While pressure and rationalization are largely influenced by personal and external factors beyond the organization's direct control, opportunity refers to the circumstances that allow fraud to occur, which can be directly managed and controlled by the organization through internal controls, policies, and procedures.

Reference: = IIA's 'Managing the Business Risk of Fraud: A Practical Guide' and the IIA's Practice Guide on 'Internal Audit's Role in Preventing and Detecting Fraud'.

According to the IIA's guidance, internal audit can accept consulting engagements, including providing training, as long as it does not impair their independence and objectivity. In this scenario, the most appropriate action for the chief audit executive (CAE) is to accept the engagement and hire an external specialist to deliver the training. This ensures that the internal audit activity does not compromise its independence by training on areas where they might later need to provide objective assurance. By using an external expert, the CAE ensures the training is conducted by someone with the requisite expertise and without any conflict of interest.

The Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 1130: Impairment to Independence or Objectivity.

IIA Practice Guide, 'Independence and Objectivity.'

The primary reasons for outsourcing internal audit activities typically include accessing a wider range of skills and competencies, complementing existing expertise for specific engagements, and strengthening core audit functions. Contingency planning, while beneficial, is not a primary reason for outsourcing internal audit activities as it pertains more to risk management strategies rather than the core objectives of outsourcing.

Reference: = IIA's Practice Advisory 1210.A1-1: Obtaining External Service Providers to Support or Complement the Internal Audit Activity.

According to the IIA Standards, particularly Standard 2500 - Monitoring Progress, internal auditors are responsible for monitoring the disposition of results communicated to management. They need to assess whether management has taken appropriate action to address audit findings or has consciously accepted the risk of not taking action. The follow-up process is crucial to ensure that identified risks are managed effectively.

Reference: = IIA's Standard 2500 - Monitoring Progress and Practice Guide on Follow-up Processes.

The accounting treatment should reflect the actual costs incurred. Training costs are recognized as they are completed, regardless of the delivery status of the aircraft. For the aircraft production, the costs should be accounted for based on the actual production hours completed to date. This ensures that the financial records accurately represent the work performed and the expenses incurred.

Reference: = Generally Accepted Accounting Principles (GAAP) and International Financial Reporting Standards (IFRS) on contract accounting and cost recognition.