ExamGecko
Search Search Login
Home Home / IIA / IIA-CIA-Part2

IIA IIA-CIA-Part2 Practice Test - Questions Answers, Page 21

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

How should an internal auditor approach preparing a detailed risk assessment during engagement planning?
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority? 1. Graded positive opinion. 2. Negative assurance opinion. 3. Limited assurance opinion. 4. Third-party opinion.
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate option for the chief audit executive?
According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?
According to an internal audit observation, the organization's rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?
A code of business conduct should include which of the following to increase its deterrent effect? 1. Appropriate descriptions of penalties for misconduct. 2. A notification that code of conduct violations may lead to criminal prosecution. 3. A description of violations that injure the interests of the employer. 4. A list of employees covered by the code of conduct.
The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?

Question 201

Report
Export
Collapse

While planning for an accounts payable audit an internal auditor performs an entity level controls analysis. Which of the following statements is true regarding me approach used by the auditor?

A.
It enables the auditor to identify the inherent risks to the effective operation of accounts payable process controls.
A.
It enables the auditor to identify the inherent risks to the effective operation of accounts payable process controls.
Answers
B.
It enables the auditor to understand the framework of the activities and associated accounts payable subprocesses
B.
It enables the auditor to understand the framework of the activities and associated accounts payable subprocesses
Answers
C.
it enables the auditor to understand the accounts payable process and its flow, including key steps and systems.
C.
it enables the auditor to understand the accounts payable process and its flow, including key steps and systems.
Answers
D.
It enables the auditor to categorize the population of transactions within the accounts payable process
D.
It enables the auditor to categorize the population of transactions within the accounts payable process
Answers
Suggested answer: B

Explanation:

Performing an entity-level controls analysis helps the auditor understand the overarching framework of activities and subprocesses within the accounts payable function. This approach provides a high-level view of the control environment and how different processes interrelate and contribute to the overall control objectives. By understanding the framework, the auditor can identify key controls, assess their design and implementation, and determine areas of potential risk. This foundational understanding is crucial before delving into more detailed, transaction-level testing.

Reference:

Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2130 -- Control.

Question 202

Report
Export
Collapse

The chief audit executive was asked to define me internal audit activity s key performance indicators (KPIs) tor the upcoming year. The KPIs must measure efficiency and effectiveness. Which of the following is an example of a KPI that measures effectiveness?

A.
Internal audit reports are consistently submitted prior to the audit report deadline
A.
Internal audit reports are consistently submitted prior to the audit report deadline
Answers
B.
Post engagement surveys completed by management indicate a 'meets or exceeds expectations' idling
B.
Post engagement surveys completed by management indicate a 'meets or exceeds expectations' idling
Answers
C.
There is a significant reduction of travel costs per project over the next fiscal year
C.
There is a significant reduction of travel costs per project over the next fiscal year
Answers
D.
Internal auditors identify a minimum number of issues and provide recommendations to address them for each audit
D.
Internal auditors identify a minimum number of issues and provide recommendations to address them for each audit
Answers
Suggested answer: B

Explanation:

A key performance indicator (KPI) that measures effectiveness reflects how well the internal audit activity achieves its objectives and meets stakeholder expectations. Post-engagement surveys completed by management, indicating a 'meets or exceeds expectations' rating, directly measure the perceived value and impact of the audit work. This KPI shows whether the internal audit function is providing useful insights, recommendations, and assurance that align with management's needs and expectations, thus demonstrating the effectiveness of the audit activity.

Reference:

Institute of Internal Auditors (IIA), Practice Guide -- Measuring Internal Audit Effectiveness and Efficiency.

Question 203

Report
Export
Collapse

An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?

A.
The CAE would automatically sand a copy of the report to the service provider as many of the findings relate to Via area managed by the service provider
A.
The CAE would automatically sand a copy of the report to the service provider as many of the findings relate to Via area managed by the service provider
Answers
B.
The CAE may distribute the report to tie service provider at no cost, after consulting with legal counsel and tie chief compliance officer
B.
The CAE may distribute the report to tie service provider at no cost, after consulting with legal counsel and tie chief compliance officer
Answers
C.
The CAE may provide a copy of the audit report to the service provider If an agreement & signed and the service provider agrees to reimburse the cost of the audit D, The CAE should benchmark with other organization in the industry by consorting with colleagues and distribute the report only I it is an acceptable practice m the industry
C.
The CAE may provide a copy of the audit report to the service provider If an agreement & signed and the service provider agrees to reimburse the cost of the audit D, The CAE should benchmark with other organization in the industry by consorting with colleagues and distribute the report only I it is an acceptable practice m the industry
Answers
Suggested answer: B

Explanation:

According to internal auditing standards and best practices, the distribution of audit reports, especially those involving third-party service providers, must be handled with caution. The CAE should consult with legal counsel and the chief compliance officer before distributing the audit report to ensure that the organization's legal and compliance obligations are met. This ensures that any sensitive information is protected and that the distribution is aligned with the organization's policies and contractual agreements with the service provider.

The Institute of Internal Auditors (IIA) Standards

Internal Audit Guidelines on Confidentiality and Distribution of Audit Reports

Question 204

Report
Export
Collapse

As a result of server managements assumption of risk there is residual risk that exceeds me organisation's risk appetite. Which of the following actions would be most appropriate for the chief audit executive to take?

A.
ignore the responsibility of addressing the residual risk
A.
ignore the responsibility of addressing the residual risk
Answers
B.
Assume the responsibility of addressing the residual risk
B.
Assume the responsibility of addressing the residual risk
Answers
C.
Ensure senior management acknowledges residual risk
C.
Ensure senior management acknowledges residual risk
Answers
D.
Communicate with the board the issue of residual risk
D.
Communicate with the board the issue of residual risk
Answers
Suggested answer: D

Explanation:

The CAE has a responsibility to communicate significant risks to the board, particularly when the residual risk exceeds the organization's risk appetite. By communicating with the board, the CAE ensures that the highest level of governance is aware of the risk and can make informed decisions about how to address it. Ignoring the risk, assuming responsibility without authority, or only ensuring senior management's acknowledgment without further action would be insufficient and not in line with the CAE's duties.

The Institute of Internal Auditors (IIA) Standards

Internal Audit's Role in Risk Management

Question 205

Report
Export
Collapse

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

A.
Inform senior management that the branch manager deeded to cancel the committed action plan without any previous communication
A.
Inform senior management that the branch manager deeded to cancel the committed action plan without any previous communication
Answers
B.
Discuss the issue with the board which has ultimate responsibility to resolve the risk
B.
Discuss the issue with the board which has ultimate responsibility to resolve the risk
Answers
C.
Have another discussion with the branch manager attempt to change his view, and encourage him to movement the recommendations
C.
Have another discussion with the branch manager attempt to change his view, and encourage him to movement the recommendations
Answers
D.
Document the branch manager's decision to accept the risk otherwise, no other speak: course of action is required.
D.
Document the branch manager's decision to accept the risk otherwise, no other speak: course of action is required.
Answers
Suggested answer: B

Explanation:

If the branch manager decides not to act on a significant risk that was previously acknowledged, the CAE should escalate the issue to the board. The board has ultimate responsibility for risk management and needs to be informed about significant risks and the decisions made by management regarding these risks. This ensures transparency and allows the board to take appropriate action if necessary.

The Institute of Internal Auditors (IIA) Standards

Risk Management Frameworks and Reporting

Question 206

Report
Export
Collapse

In which of the following ways can the internal audit activity new engagement opportunities?

A.
By defining activities by business processes.
A.
By defining activities by business processes.
Answers
B.
By looking external factors such as product complaints.
B.
By looking external factors such as product complaints.
Answers
C.
By looking at activities by businesses cost centers.
C.
By looking at activities by businesses cost centers.
Answers
D.
By defining activities by the organization chart.
D.
By defining activities by the organization chart.
Answers
Suggested answer: A

Explanation:

Defining activities by business processes is a structured approach that allows the internal audit activity to identify engagement opportunities effectively. This method ensures that all critical processes are reviewed systematically and that risks are identified and assessed in the context of how they affect the entire business process. This approach is comprehensive and aligns with best practices in internal auditing.

The Institute of Internal Auditors (IIA) Standards

Internal Audit Planning and Engagement Standards

Question 207

Report
Export
Collapse

For an action plan to be effective, it should be designed primarily to address which of the following elements of an observation?

A.
Condition
A.
Condition
Answers
B.
Root cause
B.
Root cause
Answers
C.
Criteria
C.
Criteria
Answers
D.
Recommendation
D.
Recommendation
Answers
Suggested answer: B

Explanation:

For an action plan to be effective, it must address the root cause of an observation. The root cause is the underlying reason why a problem or issue has occurred. By targeting the root cause, the action plan can help prevent the recurrence of the issue and ensure long-term resolution. Addressing only the condition or the symptoms of the problem may lead to temporary fixes, whereas understanding and resolving the root cause leads to more sustainable improvements.

Reference:

Institute of Internal Auditors (IIA), Practice Guide -- Root Cause Analysis.

Question 208

Report
Export
Collapse

Which of the following statements is true regarding internal controls?

A.
For assurance engagements internal auditors should plan to assess the effectiveness of all entity-level controls
A.
For assurance engagements internal auditors should plan to assess the effectiveness of all entity-level controls
Answers
B.
Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.
B.
Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.
Answers
C.
During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review to prevent tipping off probable audit lasts
C.
During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review to prevent tipping off probable audit lasts
Answers
D.
Reviewing process maps and flowcharts is an appropriate method for the internal a auditor to identify all key risks and controls during engagement planning
D.
Reviewing process maps and flowcharts is an appropriate method for the internal a auditor to identify all key risks and controls during engagement planning
Answers
Suggested answer: B

Explanation:

Entity-level controls set the tone and establish the framework for the overall control environment within an organization. If these controls are poorly designed or deficient, they can undermine the effectiveness of process-level controls, even if those controls are well-designed. Entity-level controls include governance, risk management, and compliance controls that influence the entire organization. Therefore, deficiencies at this level can have a widespread impact, preventing lower-level controls from functioning properly.

Reference:

Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2130 -- Control.

Question 209

Report
Export
Collapse

An engagement work program o of greatest value to audit management when which of the following is true?

A.
The work program provides more detailed support for the audit report
A.
The work program provides more detailed support for the audit report
Answers
B.
The work program helps determined the required amount of audit resources
B.
The work program helps determined the required amount of audit resources
Answers
C.
The work program helps ensure tie achievement of the engagement objectives
C.
The work program helps ensure tie achievement of the engagement objectives
Answers
D.
The work program assists the auditor n developing and managing audit tests
D.
The work program assists the auditor n developing and managing audit tests
Answers
Suggested answer: C

Explanation:

An engagement work program is of greatest value to audit management when it helps ensure the achievement of the engagement objectives. The work program outlines the audit procedures and tests that need to be performed to gather sufficient and appropriate evidence to support the audit findings and conclusions. By aligning the work program with the engagement objectives, auditors can focus their efforts on the most critical areas, ensure that all necessary steps are taken, and ultimately achieve the intended outcomes of the audit.

Reference:

Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2240 -- Engagement Work Program.

Question 210

Report
Export
Collapse

According to IIA guidance, which of re following actions should the internal auditor take immediately after having considered fraud scenarios and identified and prioritized fraud risks?

A.
Determine which controls if any are in place to mitigate the fraud risks
A.
Determine which controls if any are in place to mitigate the fraud risks
Answers
B.
Follow protocol for internal reporting and investigating fraud allegations
B.
Follow protocol for internal reporting and investigating fraud allegations
Answers
C.
Research frauds that nave occurred t\ similar organizations
C.
Research frauds that nave occurred t\ similar organizations
Answers
D.
Incorporate the fraud risk assessment into the engagement plan
D.
Incorporate the fraud risk assessment into the engagement plan
Answers
Suggested answer: A

Explanation:

After considering fraud scenarios and identifying and prioritizing fraud risks, the next immediate action for the internal auditor is to determine which controls are in place to mitigate those risks. This step involves assessing the effectiveness of existing controls and identifying any gaps where controls may be insufficient or absent. Understanding the control environment is crucial for developing a comprehensive fraud risk assessment and ensuring that appropriate measures are in place to prevent and detect fraud.

Reference:

Institute of Internal Auditors (IIA), Practice Guide -- Internal Auditing and Fraud.

Total 461 questions
Go to page: of 47
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms