IIA IIA-CIA-Part2 Practice Test - Questions Answers, Page 31
List of questions
Related questions
Question 301

An internal audit team leader is having difficulties completing the planning phase of an assurance engagement because the business unit lacks a system of internal controls. Which of the following is the most appropriate course of action for the internal audit team leader?
Explanation:
When an internal audit team leader encounters difficulties due to the lack of a system of internal controls, the most appropriate course of action is to add a consulting component to the scheduled assurance engagement. This approach allows the internal audit team to provide advice and recommendations on establishing internal controls while still fulfilling their assurance responsibilities. By integrating consulting activities, the auditors can help the business unit improve its control environment, which can then be assessed in the assurance engagement.
The Institute of Internal Auditors (IIA) Practice Guide: Consulting Engagements
IIA Standard 1130 - Impairment to Independence or Objectivity
Question 302

The head of customer service asked the chief audit executive (CAE) whether internal auditors could assist her staff with conducting a risk self-assessment in the customer service department The CAE promised to meet with customer service managers analyze relevant business processes and come up with a proposal Who is most likely to be the final approver of the engagement objectives and scope?
Explanation:
The chief audit executive (CAE) is responsible for the approval of the engagement objectives and scope. While the head of customer service and other stakeholders may provide input, it is ultimately the CAE's responsibility to ensure that the engagement aligns with the internal audit plan and meets the organization's overall objectives. The CAE's approval ensures the independence and objectivity of the internal audit function.
The Institute of Internal Auditors (IIA) Standard 2010 - Planning
IIA Standard 2200 - Engagement Planning
Question 303

According to IIA guidance which of the following best describes reliable information?
Explanation:
According to IIA guidance, reliable information must be factual, adequate, and convincing to ensure that a prudent and informed person would reach the same conclusions as the internal auditor. This means that the information should be supported by sufficient and appropriate evidence that can be independently verified and substantiated. Reliability of information is crucial for the credibility of audit findings and for making informed decisions based on those findings.
The Institute of Internal Auditors (IIA) Standard 2310 -- Identifying Information: 'Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement's objectives.'
IIA Practice Guide on 'Audit Evidence'
Question 304

Which of the following statements is true regarding the audit objective for an assurance engagement?
Explanation:
According to IIA guidance, the audit objective for an assurance engagement must consider the possibility of fraud and noncompliance. This consideration is essential for ensuring that the audit adequately addresses potential risks that could impact the organization. Assessing the possibility of fraud and noncompliance helps in identifying areas where controls might be deficient and where significant risks might be present, thus enabling the internal audit activity to provide meaningful and relevant recommendations.
The Institute of Internal Auditors (IIA) Standard 2120 -- Risk Management: 'The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.'
IIA Practice Guide on 'Fraud Risk Assessment'
Question 305

Which of the following best exemplifies having effective risk management and internal control processes?
Explanation:
Effective risk management and internal control processes are best exemplified by having relevant risk indicators and mitigation plans in place. This demonstrates that the organization not only identifies and assesses risks but also actively monitors and manages these risks through appropriate mitigation strategies. The presence of risk indicators and mitigation plans indicates a proactive approach to risk management, ensuring that potential issues are addressed before they can impact the organization significantly.
The Institute of Internal Auditors (IIA) Standard 2100 -- Nature of Work: 'The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach.'
COSO Enterprise Risk Management Framework
Question 306

Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?
Explanation:
External benchmarking using trend analysis involves comparing a company's performance metrics with industry standards or averages over a certain period to identify trends and areas for improvement. Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods allows for a normalized comparison by expressing financial statement items as a percentage of a common base figure (e.g., total assets or sales). This method highlights the subsidiary's financial structure and performance trends in relation to industry norms, facilitating a comprehensive analysis.
Reference:
'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)
'Benchmarking: An Essential Tool for Assessment, Improvement, and Market Leadership' (Michael J. Spendolini)
Question 307

An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?
Explanation:
The key issue here is the risk associated with non-compliance to document management policies, particularly in terms of legal exposure. If sales contracts are not stored systematically in the electronic document management database, it can lead to difficulties in retrieving these documents, especially in the case of litigation. This can pose significant legal risks because the organization might struggle to prove the agreed pricing terms and conditions, which could potentially result in financial losses or legal penalties. The consequence highlighted in option C directly addresses this critical risk.
Reference:
'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)
'Document Management in Internal Auditing: Best Practices' (The Institute of Internal Auditors)
Question 308

The audit committee has asked the chief audit executive (CAE) to conduct an ad hoc forensic investigation of the purchasing department within a month due to the significance and urgency of a recently discovered risk The internal audit activity currently has no available staff with relevant experience or qualifications Which of the following is the CAE's best option for fulfilling the internal audit activity's responsibilities in this case?
Explanation:
Given the urgency and the lack of internal expertise in forensic investigation, the most effective and immediate solution is to outsource the investigation to independent professional consultants. This approach ensures that the investigation is conducted by individuals with the necessary skills and experience, thereby maintaining the integrity and quality of the investigation. Training internal staff or recruiting new auditors would take time and may not address the immediate need, while declining the engagement would not fulfill the audit committee's request.
Reference:
'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)
'Forensic Accounting and Fraud Investigation for Non-Experts' (Howard Silverstone and Michael Sheetz)
Question 309

Which of the following statements is true regarding a drawback of using internal control questionnaires (ICQs)?
Explanation:
A drawback of using Internal Control Questionnaires (ICQs) is that they can be less efficient than conducting observations and inspections when many control procedures need to be covered. ICQs can be time-consuming to complete and may not provide the depth of understanding that direct observation and inspection can achieve. They often require follow-up to clarify responses, which can further increase the time and resources needed to obtain the necessary assurance.
The Institute of Internal Auditors (IIA) Practice Guide on 'Audit Evidence Collection'
IIA Standard 2310 -- Identifying Information: 'Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement's objectives.'
Question 310

While conducting a review of the logistics department the internal audit team identified a crucial control weakness. The chief audit executive (CAE) decided to prepare an audit memorandum for management of the logistics department followed by an informal meeting What is the most likely reason the CAE decided to prepare the audit memorandum?
Explanation:
The most likely reason the Chief Audit Executive (CAE) decided to prepare an audit memorandum for management of the logistics department is to allow management to address the identified weakness timely. An audit memorandum serves as a formal communication that highlights the issue and provides management with the necessary details to understand and address the control weakness promptly. This approach facilitates immediate corrective action, thereby reducing the risk associated with the identified weakness.
The Institute of Internal Auditors (IIA) Standard 2420 -- Quality of Communications: 'Communications must be accurate, objective, clear, concise, constructive, complete, and timely.'
IIA Practice Guide on 'Engagement Communication'
Question