ExamGecko
Search Search Login
Home Home / IIA / IIA-CIA-Part2

IIA IIA-CIA-Part2 Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

How should an internal auditor approach preparing a detailed risk assessment during engagement planning?
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?
Senior management wants assurance that third-party contractors are following procedures as agreed with the organization. Which type of audit would be most appropriate to achieve this objective?
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate option for the chief audit executive?
According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?
According to an internal audit observation, the organization's rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?
An examination of the accounts payable function evidenced multiple findings with respect to segregation of duties. After management's response and action plan are received and documented in the final report, which of the following is most appropriate?
According to IIA guidance which of the following statements is true regarding heat maps?
An internal auditor wants to identity potential ghost employees in the organization's payroll system The auditor extracts the following data - Human resources data with employees' names addresses employment conditions and identification codes - Payroll data - Logs from entrance systems With this data, which of the following types of ghost employees will the auditor be able to identify?
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority? 1. Graded positive opinion. 2. Negative assurance opinion. 3. Limited assurance opinion. 4. Third-party opinion.

Question 21

Report
Export
Collapse

When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

A.
Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.
A.
Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.
Answers
B.
Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.
B.
Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.
Answers
C.
Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.
C.
Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.
Answers
D.
Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.
D.
Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.
Answers
Suggested answer: A

Explanation:

When setting the scope for identifying and assessing key risks and controls in a process, developing the scope of the audit based on a bottom-up perspective is the least appropriate approach. A bottom-up perspective typically focuses on individual controls and processes without necessarily aligning with the organization's critical business objectives and risk appetite. Effective risk assessment should begin with a top-down approach, identifying key business objectives and the associated risks, and then determining the necessary controls to manage these risks.

Reference: IIA Practice Guide -- Auditing Key Risk Management, IIA Standard 2200 -- Engagement Planning

Question 22

Report
Export
Collapse

According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?

A.
Communication of any internal ethics violations to external parties may occur with appropriate safeguards.
A.
Communication of any internal ethics violations to external parties may occur with appropriate safeguards.
Answers
B.
Cultural impacts are less critical where the organization practices uniform polices around the globe.
B.
Cultural impacts are less critical where the organization practices uniform polices around the globe.
Answers
C.
Cross-cultural differences should always be handled by the staff of the same cultural background.
C.
Cross-cultural differences should always be handled by the staff of the same cultural background.
Answers
D.
Local law enforcement should be involved as they are more familiar with the applicable local laws.
D.
Local law enforcement should be involved as they are more familiar with the applicable local laws.
Answers
Suggested answer: A

Explanation:

According to IIA guidance, when the internal audit activity investigates potential ethics violations in a foreign subsidiary, communication of any internal ethics violations to external parties may occur, but only with appropriate safeguards. This ensures that sensitive information is protected and that the organization complies with both local and international legal requirements. Cross-cultural differences and local laws must be considered, but the primary focus is on maintaining appropriate safeguards during communication.

Reference: IIA Practice Guide -- Auditing Ethics Programs, IIA Standard 2440 -- Disseminating Results

Question 23

Report
Export
Collapse

The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?

* The annual audit plan should include audits that are consistent with the skills of the IAA.

* Audits of high-risk areas of the organization should be conducted by internal audit staff.

* External resources may be hired to provide subject-matter expertise but should be supervised.

* Auditors should develop their skills by being assigned to complex audits for learning opportunities.

A.
1 and 2 only
A.
1 and 2 only
Answers
B.
1 and 4 only
B.
1 and 4 only
Answers
C.
2 and 3 only
C.
2 and 3 only
Answers
D.
3 and 4 only
D.
3 and 4 only
Answers
Suggested answer: D

Explanation:

According to IIA guidance, to maximize the value of the current internal audit activity (IAA) resources, it is appropriate to hire external resources to provide subject-matter expertise while ensuring they are supervised (3). Additionally, assigning auditors to complex audits for learning opportunities helps in skill development and enhances the overall capability of the IAA (4). These strategies ensure that the IAA can address complex and high-risk areas effectively while also fostering professional growth among internal auditors.

Reference: IIA Practice Guide -- Staffing the Internal Audit Activity, IIA Standard 2030 -- Resource Management

Question 24

Report
Export
Collapse

It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?

A.
The internal audit risk assessment and audit plan for the next fiscal year.
A.
The internal audit risk assessment and audit plan for the next fiscal year.
Answers
B.
The internal audit budget and resource plan for the coming fiscal year.
B.
The internal audit budget and resource plan for the coming fiscal year.
Answers
C.
A request for an increase of the CAE's salary for the next fiscal year.
C.
A request for an increase of the CAE's salary for the next fiscal year.
Answers
D.
The evaluation and compensation of the internal audit team.
D.
The evaluation and compensation of the internal audit team.
Answers
Suggested answer: C

Explanation:

According to IIA guidance, a request for an increase in the Chief Audit Executive's (CAE) salary for the next fiscal year should be submitted only to the CEO. Compensation matters typically fall under the purview of executive management rather than the board, as the board focuses on broader governance issues, including risk assessment, audit plans, and resource allocation.

Reference: IIA Standard 1100 -- Independence and Objectivity, IIA Practice Advisory 1110-1 -- Organizational Independence

Question 25

Report
Export
Collapse

An internal control questionnaire would be most appropriate in which of the following situations?

A.
Testing controls where operating procedures vary.
A.
Testing controls where operating procedures vary.
Answers
B.
Testing controls in decentralized offices.
B.
Testing controls in decentralized offices.
Answers
C.
Testing controls in high risk areas.
C.
Testing controls in high risk areas.
Answers
D.
Testing controls in areas with high control failure rates.
D.
Testing controls in areas with high control failure rates.
Answers
Suggested answer: B

Explanation:

An internal control questionnaire is most appropriate in situations where controls need to be assessed across decentralized offices. This tool helps gather consistent information on the presence and effectiveness of controls in multiple locations, ensuring a standardized approach to control assessment. It allows for efficient data collection and comparison, which is critical in decentralized environments where processes and controls may vary.

Reference: IIA Practice Guide -- Evaluating Internal Controls, IIA Standard 2130 -- Control

Question 26

Report
Export
Collapse

According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?

A.
The CAE can release prior internal audit reports with the approval of the board and senior management.
A.
The CAE can release prior internal audit reports with the approval of the board and senior management.
Answers
B.
The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.
B.
The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.
Answers
C.
The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.
C.
The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.
Answers
D.
The CAE can release prior information provided it is as originally published and distributed within the organization.
D.
The CAE can release prior information provided it is as originally published and distributed within the organization.
Answers
Suggested answer: A

Explanation:

According to IIA guidance, the release of prior internal audit reports to external parties must be carefully managed to protect the confidentiality and integrity of the information. The CAE must obtain approval from the board and senior management before releasing such reports. This ensures that sensitive information is disclosed appropriately and in alignment with the organization's governance and compliance policies.

Reference: = IIA Standard 2060 - Reporting to Senior Management and the Board.

Question 27

Report
Export
Collapse

An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?

A.
Express an opinion on the participants' inputs and conclusions as the assessment progresses.
A.
Express an opinion on the participants' inputs and conclusions as the assessment progresses.
Answers
B.
Provide appropriate techniques and guidelines on how the exercise should be undertaken.
B.
Provide appropriate techniques and guidelines on how the exercise should be undertaken.
Answers
C.
Evaluate and report on all issues that may be uncovered during the exercise.
C.
Evaluate and report on all issues that may be uncovered during the exercise.
Answers
D.
Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.
D.
Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.
Answers
Suggested answer: B

Explanation:

When facilitating a risk and control self-assessment (RCSA) workshop, the internal auditor's most appropriate role is to provide the necessary techniques and guidelines for conducting the exercise. This involves guiding participants on the methodology and framework for identifying and assessing risks and controls without influencing their inputs or conclusions, thereby ensuring an objective and effective self-assessment process.

Reference: = IIA Practice Guide: 'Facilitation Skills for Auditors'.

Question 28

Report
Export
Collapse

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

A.
Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.
A.
Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.
Answers
B.
Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.
B.
Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.
Answers
C.
Reassign information systems auditors to assist in implementing management's action plan.
C.
Reassign information systems auditors to assist in implementing management's action plan.
Answers
D.
Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.
D.
Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.
Answers
Suggested answer: D

Explanation:

The most appropriate course of action for the CAE is to evaluate the robustness and feasibility of the management's action plan to address the identified weaknesses. The CAE should monitor the implementation progress, key dates, and deliverables to ensure that corrective actions are on track and will effectively mitigate the risks within the stipulated timeline.

Reference: = IIA Standard 2500 - Monitoring Progress.

Question 29

Report
Export
Collapse

Which of the following is not an outcome of control self-assessment?

A.
Informal, soft controls are omitted, and greater focus is placed on hard controls.
A.
Informal, soft controls are omitted, and greater focus is placed on hard controls.
Answers
B.
The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.
B.
The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.
Answers
C.
Internal auditors become involved in and knowledgeable about the self-assessment process.
C.
Internal auditors become involved in and knowledgeable about the self-assessment process.
Answers
D.
Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.
D.
Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.
Answers
Suggested answer: A

Explanation:

Control self-assessment (CSA) processes typically emphasize the inclusion and evaluation of both formal (hard) and informal (soft) controls. The exclusion of informal, soft controls is not an outcome of an effective CSA process. Instead, CSA encourages a comprehensive review of all control types to enhance risk management and control effectiveness.

Reference: = IIA's Practice Guide on Control Self-assessment.

Question 30

Report
Export
Collapse

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

A.
1 and 2
A.
1 and 2
Answers
B.
1 and 3
B.
1 and 3
Answers
C.
2 and 4
C.
2 and 4
Answers
D.
3 and 4
D.
3 and 4
Answers
Suggested answer: A

Explanation:

To increase the deterrent effect of a code of business conduct, it should include appropriate descriptions of penalties for misconduct and notifications that violations may lead to criminal prosecution. These elements clearly communicate the serious consequences of unethical behavior, thus reinforcing the importance of adhering to the code.

Reference: = IIA Practice Guide on 'Evaluating Ethics-related Programs and Activities'.

Total 461 questions
Go to page: of 47
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms