IIA IIA-CIA-Part2 Practice Test - Questions Answers, Page 19
List of questions
Related questions
Question 181
What is the primary purpose of issuing a preliminary communication to management of the area under review?
Explanation:
The primary purpose of issuing a preliminary communication to management of the area under review is to help them develop more responsive and timely action plans. Preliminary communications, such as interim reports or discussions, inform management about the audit's progress, preliminary findings, and potential issues. This early communication allows management to begin addressing identified issues before the final report, leading to more timely and effective corrective actions. It also fosters collaboration and ensures management is engaged in the remediation process from the outset.
Reference: The IIA's International Standards for the Professional Practice of Internal Auditing, Standard 2410.A1 - Communication Criteria.
Question 182
An internal auditor for a regional bank suspects that the head of commercial lending has been granting loans without the required collateral Which of the following sampling techniques will be most effective for investigating the auditor's suspicion?
Explanation:
Discovery sampling is most effective for investigating the auditor's suspicion that the head of commercial lending has been granting loans without the required collateral. This sampling technique is designed to detect at least one occurrence of a specific characteristic (in this case, loans without collateral) within a population. It is particularly useful for identifying fraud or non-compliance with specific policies and procedures. Discovery sampling focuses on finding exceptions, making it suitable for the auditor's investigation into potential misconduct.
Reference: The IIA's Global Technology Audit Guide (GTAG) and The IIA's International Standards for the Professional Practice of Internal Auditing.
Question 183
Which of the following statements is true regarding internal control questionnaires?
Explanation:
Internal control questionnaires (ICQs) are useful tools for internal auditors to guide interviews with auditees. They help ensure that all relevant aspects of internal controls are covered systematically during the interview process. While ICQs can help in evaluating the design and existence of controls, they primarily provide a structured format for gathering information from auditees about controls in place, rather than serving as direct audit evidence themselves. Therefore, they aid in the interview process by ensuring comprehensive coverage of control-related inquiries.
Reference: The IIA's International Standards for the Professional Practice of Internal Auditing, Standard 2201 - Planning Considerations.
Question 184
According to HA guidance, which of the following statements regarding audit workpapers is true?
Explanation:
According to the Institute of Internal Auditors (IIA) guidance, workpapers are crucial for documenting the evidence that supports audit findings and conclusions. They serve as the primary reference for any reported control deficiencies, providing detailed documentation and justification for the audit results. Workpapers must be thorough and clearly demonstrate the basis for audit observations and recommendations. While audit reports summarize findings, the detailed support for these findings is found within the workpapers.
The Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2330: Documenting Information.
IIA Practice Guide, 'Audit Workpapers.'
Question 185
Which of the following are advantages of flowcharts over internal control questionnaires''
1 Flowcharts reduce the need to test whether employees are observing internal control processes
2 Flowcharts provide a visual depiction of the processes in the area under review 3. Flowcharts identify and prioritize internal control design weaknesses.
4 Flowcharts highlight the control points to help internal auditors evaluate control design
Explanation:
Flowcharts provide a visual depiction of the processes in the area under review, helping internal auditors and stakeholders understand the workflow and identify key control points. Additionally, flowcharts highlight control points, which assist auditors in evaluating the design of controls. These visual tools make it easier to identify potential gaps or weaknesses in the control design and understand how different processes and controls interact. They do not reduce the need for testing whether employees are observing internal control processes or directly prioritize internal control design weaknesses.
Reference: The IIA's International Standards for the Professional Practice of Internal Auditing, Standard 2201 - Planning Considerations.
Question 186
Which of the following statements about including consulting engagements in the annual internal audit plan is true?
Explanation:
According to the International Standards for the Professional Practice of Internal Auditing (Standards) set by the Institute of Internal Auditors (IIA), internal audit functions are allowed flexibility in including consulting engagements in their annual plans. Standard 2010 -- Planning states that 'the chief audit executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organization's goals.' This risk-based plan should consider the potential value-add of consulting engagements. Consulting engagements that are expected to add significant value or align with strategic objectives are often included, but not all requests need to be automatically included unless they meet these criteria.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2010 -- Planning.
Question 187
An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management's compliance with privacy laws for safeguarding customer information stored on the organization's servers. Which course of action is appropriate for this phase of the engagement?
Explanation:
In the initial risk assessment phase, it is critical for the internal auditor to understand the current policies and procedures in place. By obtaining the most current approved copies of the organization's privacy policy, the auditor can assess whether these policies are in compliance with privacy laws and are effectively implemented. This approach provides a solid foundation for understanding the existing controls and identifying areas where there may be gaps or weaknesses. Consulting with legal counsel or a specialist can be subsequent steps if further expertise is needed, but understanding the internal policies is the primary and essential first step.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2210 -- Engagement Objectives.
Question 188
An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable pacts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor's theory?
Explanation:
To test the theory that shutdowns are occurring due to outdated purchasing requirements that have not been updated for changes in production techniques, the auditor should compare the parts needed based on the most current production estimates and the revised materials requirements plan (MRP) with the purchase orders generated from the system. This comparison will help identify discrepancies between what is needed and what is being ordered, highlighting whether the system is failing to update purchasing requirements correctly. This method directly addresses the suspected cause of the shutdowns and provides clear evidence for or against the auditor's theory.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2310 -- Identifying Information.
Question 189
An internal auditor uses a data query tool in the purchasing process to review the vendor master file for authorizations Which of the following describes the control objective likely being tested?
Explanation:
In internal auditing, reviewing the vendor master file for authorizations is a test to ensure that only authorized vendors are in the system, which directly relates to the effectiveness of control measures in place. This means verifying that the controls are effective in preventing unauthorized or fraudulent vendors from being added, thereby safeguarding the organization against potential risks such as fraud, unauthorized transactions, or compliance violations.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2120 -- Risk Management.
Question 190
Which of the following statements is true regarding the final assurance engagement report issued to management?
Explanation:
According to the International Standards for the Professional Practice of Internal Auditing, particularly Standard 2420 -- Quality of Communications, internal audit communications should be accurate, objective, clear, concise, constructive, complete, and timely. Ensuring that communications are relevant, logical, and free from errors is essential for maintaining the credibility and effectiveness of the internal audit function and for providing management with reliable information for decision-making.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2420 -- Quality of Communications.
Question