IIA IIA-CIA-Part2 Practice Test - Questions Answers, Page 23

Vouching is the manual audit approach that involves testing the validity of a document by following it backward to a previously prepared record. This method helps auditors verify the authenticity and accuracy of transactions by tracing them back to their source documents, such as invoices, receipts, or purchase orders. Vouching is commonly used to detect errors or fraud.

The Institute of Internal Auditors (IIA) Standards

Auditing Techniques and Procedures

Trend analysis is the analytics procedure that an internal auditor would use to compare performance information from one quarter to another. This technique involves analyzing data over a specific period to identify patterns, trends, and changes in performance metrics. Trend analysis helps auditors understand the direction of key performance indicators and assess whether performance is improving, declining, or remaining stable.

The Institute of Internal Auditors (IIA) Standards

Data Analytics Techniques in Internal Auditing

In internal auditing, when assessing the accuracy and completeness of employee time reporting, auditors often use sampling to determine the overall compliance of the process. In this scenario, the internal auditor sampled 30 employee time reports and found 5 incorrect and 4 unsupported reports. This indicates that a majority (21 out of 30) were accurate, suggesting that the organization generally ensures accurate reporting. However, the presence of incorrect and unsupported reports indicates deficiencies that need to be addressed, but do not point to systemic fraud or abuse. Thus, option D accurately reflects the findings by acknowledging both the general accuracy and the instances of errors.

Reference:

The Institute of Internal Auditors (IIA) - Standards for the Professional Practice of Internal Auditing

COSO Framework - Control Activities and Monitoring

The chief audit executive (CAE) has the responsibility to communicate audit results, including residual risks, to senior management. According to IIA Standard 2410 - Criteria for Communicating, the CAE should communicate the engagement's objectives, scope, conclusions, recommendations, and action plans. Residual risk, being a part of the audit outcome, should be reported at the same time as the audit results to ensure that senior management is fully informed of all aspects of the engagement. This allows senior management to understand the remaining risks after control measures have been applied.

Reference:

The Institute of Internal Auditors (IIA) - Standards for the Professional Practice of Internal Auditing, Standard 2410 - Criteria for Communicating

Coordinating audit plans with other internal and external assurance providers is critical to ensure coverage and avoid duplication of efforts. According to IIA Practice Advisory 2050-1, sharing high-level information such as objectives, scope, and timing supports effective coordination and minimizes the risk of conflicts of interest, while still maintaining confidentiality. Detailed sharing of risk assessments, planned tests, and past results might breach confidentiality and independence standards.

Reference:

The Institute of Internal Auditors (IIA) - Practice Advisory 2050-1: Coordination of Internal and External Audit Activities

When the rate of deviations discovered in the sample equals the tolerable deviation rate, it means that the control is functioning at the level deemed acceptable by the auditor's predefined criteria. This does not necessarily imply that the control is flawless, but rather that its effectiveness meets the minimum standards set by the audit plan. Therefore, the internal auditor can conclude that the control is acceptably effective, but should also note the potential need for improvement.

Reference:

The Institute of Internal Auditors (IIA) - Standards for the Professional Practice of Internal Auditing, Standard 2320 - Analysis and Evaluation

COSO Framework - Control Activities

For a one-person audit function, the primary focus is on ensuring that there is a clear understanding of the audit policies and procedures without the need for extensive documentation. According to the IIA's guidance, a memorandum stating the policies and procedures would suffice for a one-person audit function, providing a concise yet comprehensive outline of the necessary protocols to follow. This approach ensures that the sole auditor has clear directives while avoiding the administrative burden of maintaining a more extensive manual that might be necessary for larger audit teams.

Reference:

The Institute of Internal Auditors (IIA) - Practice Advisory 2040-1: Policies and Procedures

During the planning phase of an assurance engagement, gaining an understanding of how the area under review is accomplishing its objectives is crucial. Reviewing key performance indicators (KPIs) is a primary technique because KPIs are directly tied to the objectives and provide measurable data on performance. This review helps the auditor understand whether the objectives are being met effectively and highlights areas that may require further investigation.

Reference:

The Institute of Internal Auditors (IIA) - Standards for the Professional Practice of Internal Auditing, Standard 2201 - Planning Considerations

An internal control questionnaire (ICQ) is a tool used by auditors to gather detailed information about the internal control system of an audited area. The primary purpose of an ICQ is to identify and assess risks that could prevent the area from achieving its objectives. By systematically covering various control points, the questionnaire helps the auditor evaluate the adequacy and effectiveness of controls in place and identify areas where controls may be lacking or need improvement.

Reference:

The Institute of Internal Auditors (IIA) - Practice Guide: Internal Control Questionnaire