IIA IIA-CIA-Part2 Practice Test - Questions Answers, Page 3
List of questions
Related questions
Question 21
When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?
Explanation:
When setting the scope for identifying and assessing key risks and controls in a process, developing the scope of the audit based on a bottom-up perspective is the least appropriate approach. A bottom-up perspective typically focuses on individual controls and processes without necessarily aligning with the organization's critical business objectives and risk appetite. Effective risk assessment should begin with a top-down approach, identifying key business objectives and the associated risks, and then determining the necessary controls to manage these risks.
Reference: IIA Practice Guide -- Auditing Key Risk Management, IIA Standard 2200 -- Engagement Planning
Question 22
According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?
Explanation:
According to IIA guidance, when the internal audit activity investigates potential ethics violations in a foreign subsidiary, communication of any internal ethics violations to external parties may occur, but only with appropriate safeguards. This ensures that sensitive information is protected and that the organization complies with both local and international legal requirements. Cross-cultural differences and local laws must be considered, but the primary focus is on maintaining appropriate safeguards during communication.
Reference: IIA Practice Guide -- Auditing Ethics Programs, IIA Standard 2440 -- Disseminating Results
Question 23
The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?
* The annual audit plan should include audits that are consistent with the skills of the IAA.
* Audits of high-risk areas of the organization should be conducted by internal audit staff.
* External resources may be hired to provide subject-matter expertise but should be supervised.
* Auditors should develop their skills by being assigned to complex audits for learning opportunities.
Explanation:
According to IIA guidance, to maximize the value of the current internal audit activity (IAA) resources, it is appropriate to hire external resources to provide subject-matter expertise while ensuring they are supervised (3). Additionally, assigning auditors to complex audits for learning opportunities helps in skill development and enhances the overall capability of the IAA (4). These strategies ensure that the IAA can address complex and high-risk areas effectively while also fostering professional growth among internal auditors.
Reference: IIA Practice Guide -- Staffing the Internal Audit Activity, IIA Standard 2030 -- Resource Management
Question 24
It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?
Explanation:
According to IIA guidance, a request for an increase in the Chief Audit Executive's (CAE) salary for the next fiscal year should be submitted only to the CEO. Compensation matters typically fall under the purview of executive management rather than the board, as the board focuses on broader governance issues, including risk assessment, audit plans, and resource allocation.
Reference: IIA Standard 1100 -- Independence and Objectivity, IIA Practice Advisory 1110-1 -- Organizational Independence
Question 25
An internal control questionnaire would be most appropriate in which of the following situations?
Explanation:
An internal control questionnaire is most appropriate in situations where controls need to be assessed across decentralized offices. This tool helps gather consistent information on the presence and effectiveness of controls in multiple locations, ensuring a standardized approach to control assessment. It allows for efficient data collection and comparison, which is critical in decentralized environments where processes and controls may vary.
Reference: IIA Practice Guide -- Evaluating Internal Controls, IIA Standard 2130 -- Control
Question 26
According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?
Explanation:
According to IIA guidance, the release of prior internal audit reports to external parties must be carefully managed to protect the confidentiality and integrity of the information. The CAE must obtain approval from the board and senior management before releasing such reports. This ensures that sensitive information is disclosed appropriately and in alignment with the organization's governance and compliance policies.
Reference: = IIA Standard 2060 - Reporting to Senior Management and the Board.
Question 27
An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?
Explanation:
When facilitating a risk and control self-assessment (RCSA) workshop, the internal auditor's most appropriate role is to provide the necessary techniques and guidelines for conducting the exercise. This involves guiding participants on the methodology and framework for identifying and assessing risks and controls without influencing their inputs or conclusions, thereby ensuring an objective and effective self-assessment process.
Reference: = IIA Practice Guide: 'Facilitation Skills for Auditors'.
Question 28
An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?
Explanation:
The most appropriate course of action for the CAE is to evaluate the robustness and feasibility of the management's action plan to address the identified weaknesses. The CAE should monitor the implementation progress, key dates, and deliverables to ensure that corrective actions are on track and will effectively mitigate the risks within the stipulated timeline.
Reference: = IIA Standard 2500 - Monitoring Progress.
Question 29
Which of the following is not an outcome of control self-assessment?
Explanation:
Control self-assessment (CSA) processes typically emphasize the inclusion and evaluation of both formal (hard) and informal (soft) controls. The exclusion of informal, soft controls is not an outcome of an effective CSA process. Instead, CSA encourages a comprehensive review of all control types to enhance risk management and control effectiveness.
Reference: = IIA's Practice Guide on Control Self-assessment.
Question 30
A code of business conduct should include which of the following to increase its deterrent effect?
1. Appropriate descriptions of penalties for misconduct.
2. A notification that code of conduct violations may lead to criminal prosecution.
3. A description of violations that injure the interests of the employer.
4. A list of employees covered by the code of conduct.
Explanation:
To increase the deterrent effect of a code of business conduct, it should include appropriate descriptions of penalties for misconduct and notifications that violations may lead to criminal prosecution. These elements clearly communicate the serious consequences of unethical behavior, thus reinforcing the importance of adhering to the code.
Reference: = IIA Practice Guide on 'Evaluating Ethics-related Programs and Activities'.
Question