IIA IIA-CIA-Part2 Practice Test - Questions Answers, Page 20
List of questions
Related questions
Question 191
An internal auditor collected several employee testimonials Which of the following is the best action for the internal auditor to take before drawing a conclusion?
Explanation:
Internal auditors must corroborate employee testimonials with tangible evidence to ensure the reliability and validity of the findings. Relying solely on testimonials without supporting evidence can lead to inaccurate conclusions. Standard 2310 -- Identifying Information of the International Standards for the Professional Practice of Internal Auditing emphasizes that sufficient, reliable, relevant, and useful information should be obtained to achieve the engagement's objectives.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2310 -- Identifying Information.
Question 192
Which of the following statements concerning workpapers is the most accurate?
Explanation:
The organization and content of workpapers should be based on the professional judgment of the internal auditor. Workpapers should provide sufficient detail to support the audit findings and conclusions but do not need to answer every conceivable question. Standard 2330 -- Documenting Information states that internal auditors must document relevant information to support the conclusions and engagement results. This allows for flexibility and professional judgment in determining what is necessary and appropriate to include.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2330 -- Documenting Information.
Question 193
Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?
Explanation:
Best practices in internal auditing emphasize the importance of follow-up on engagement outcomes to ensure that agreed-upon actions are implemented and effective. According to Standard 2500 -- Monitoring Progress, the chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management. This ensures that corrective actions are taken and that the internal audit function fulfills its role in improving the organization's governance, risk management, and control processes. Allocating resources for follow-up is crucial to maintain accountability and support continuous improvement.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2500 -- Monitoring Progress.
Question 194
An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?
Explanation:
Before developing the audit work program, it is essential to review the contract for evidence of authorization. This step ensures that the contract is valid and approved by the appropriate parties, forming a critical basis for the compliance audit. By confirming authorization, the auditor can ascertain that the contract is legitimate and enforceable, and understand its key terms and conditions, which is necessary for planning and executing the audit effectively. Other steps, such as selecting a sample or assessing risks, are important but should follow after understanding the contract's validity and scope.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2201 -- Planning Considerations.
Question 195
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
Explanation:
During engagement planning, an internal auditor uses a flowchart to evaluate the design of controls. A flowchart visually represents the processes and controls within the organization, helping the auditor identify control points, weaknesses, and potential risks. This understanding is critical for planning the audit, as it allows the auditor to design tests that effectively assess whether the controls are properly designed and implemented to mitigate risks.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2210 -- Engagement Objectives.
Question 196
A chief audit executive (CAE) reviews the supervision of an internal audit engagement Which of the following would most likely assure the CAE that the engagement had adequate supervision?
Explanation:
Reviewing and initialing internal audit workpapers ensures that the engagement has adequate supervision. This practice demonstrates that the supervisor has reviewed the work performed by the audit team, verified the accuracy and completeness of the documentation, and provided necessary guidance. It is a critical step in the quality assurance process, ensuring that the audit findings and conclusions are supported by sufficient and appropriate evidence.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2340 -- Engagement Supervision.
Question 197
Which of the following would present the most critical external risk to an organization?
Explanation:
Broad legislative reforms present the most critical external risk to an organization because they can fundamentally change the regulatory environment in which the organization operates. Such changes can impact compliance requirements, operational processes, and strategic planning. The organization must quickly adapt to remain compliant and avoid penalties or legal issues. This type of risk is external and largely uncontrollable, making it particularly critical compared to internal changes or new market entries.
Reference:
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2120 -- Risk Management.
Question 198
Which of the following computerized audit tools or techniques should be used if the internal auditor wants to extract specific files and records in the database?
Explanation:
Generalized audit software (GAS) is specifically designed to assist auditors in performing various audit tasks, including extracting specific files and records from databases. GAS tools, such as ACL and IDEA, allow auditors to import data from various systems, query databases, perform data analysis, and generate reports. This makes them ideal for tasks that require the extraction and examination of specific records or data sets within a database. Other options, such as expert systems or system utility programs, do not offer the same targeted capabilities for data extraction relevant to auditing tasks.
Reference:
Institute of Internal Auditors (IIA), Global Technology Audit Guide (GTAG) -- Generalized Audit Software (GAS).
Question 199
In which of the following situations would an internal control questionnaire best suit the internal auditor's purpose?
Explanation:
An internal control questionnaire (ICQ) is designed to gather detailed information about the operation of specific controls within an organization. It is particularly useful for understanding whether controls, such as adherence to approval matrices, are being followed consistently across different units. ICQs provide a structured way to collect this information from respondents, ensuring that all relevant aspects of the control environment are considered. This method is effective for assessing compliance with established procedures and identifying areas for improvement.
Reference:
Institute of Internal Auditors (IIA), Practice Guide -- Internal Control Questionnaire.
Question 200
Which of the following is a disadvantage of using flowcharts during a risk assessment?
Explanation:
One disadvantage of using flowcharts during a risk assessment is that they may not capture serious risks that are not part of the linear process flow. Flowcharts are excellent tools for visualizing processes and identifying control points within a structured workflow. However, they might overlook risks that arise from non-linear interactions, external factors, or complex interdependencies that are not easily represented in a flowchart format. This limitation can result in an incomplete risk assessment if the auditor relies solely on flowcharts without considering other methods to identify all potential risks.
Reference:
Institute of Internal Auditors (IIA), Practice Guide -- Auditing the Control Environment.
Question