ExamGecko
Search Search Login
Home Home / IIA / IIA-CIA-Part2

IIA IIA-CIA-Part2 Practice Test - Questions Answers, Page 32

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

How should an internal auditor approach preparing a detailed risk assessment during engagement planning?
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority? 1. Graded positive opinion. 2. Negative assurance opinion. 3. Limited assurance opinion. 4. Third-party opinion.
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate option for the chief audit executive?
According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?
According to an internal audit observation, the organization's rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?
The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?
An examination of the accounts payable function evidenced multiple findings with respect to segregation of duties. After management's response and action plan are received and documented in the final report, which of the following is most appropriate?

Question 311

Report
Export
Collapse

Which of the following is one of the five attributes that internal auditors include when documenting a deficiency?

A.
The criteria used to make the evaluation
A.
The criteria used to make the evaluation
Answers
B.
The methodology used to analyze data
B.
The methodology used to analyze data
Answers
C.
The proposed follow-up engagement work to be performed
C.
The proposed follow-up engagement work to be performed
Answers
D.
The scope of work performed during the engagement
D.
The scope of work performed during the engagement
Answers
Suggested answer: A

Explanation:

One of the five attributes that internal auditors include when documenting a deficiency is the criteria used to make the evaluation. The criteria represent the standards, measures, or expectations used in the evaluation process. Documenting the criteria is essential as it provides a benchmark against which the actual conditions can be compared, thereby helping to identify and explain deficiencies in controls or processes.

The Institute of Internal Auditors (IIA) Standard 2410 -- Criteria for Communicating: 'Final communication of engagement results must, where appropriate, contain the internal auditors' overall opinion and/or conclusions, as well as the criteria used for evaluation.'

IIA Practice Guide on 'Documenting Internal Audit Observations'

Question 312

Report
Export
Collapse

An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization's board under which of the tollowing circumstances'?

1. In the opinion of the CAE the level of residual risk assumed by senior management is too high

2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales

3. The cost of modifying the sales system to include a preventive control is less than S100.000

A.
1 only
A.
1 only
Answers
B.
3 only
B.
3 only
Answers
C.
1 and 3 only
C.
1 and 3 only
Answers
D.
1, 2, and3
D.
1, 2, and3
Answers
Suggested answer: A

Explanation:

The Chief Audit Executive (CAE) would be justified in reporting the situation to the organization's board if, in the opinion of the CAE, the level of residual risk assumed by senior management is too high (1). Even though the new process of obtaining written approval by the vice president of sales addresses the issue, if the CAE believes that the residual risk remains too high, it is their duty to report it to the board. The cost of implementing a preventive control or the compliance with the new process does not change the responsibility of the CAE to report significant residual risks to the board.

The Institute of Internal Auditors (IIA) Standard 2600 -- Communicating the Acceptance of Risks: 'When the chief audit executive believes that senior management has accepted a level of residual risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management. If the decision regarding residual risk is not resolved, the chief audit executive must report the matter to the board for resolution.'

IIA Practice Guide on 'Communicating Risk Acceptance to the Board'

Question 313

Report
Export
Collapse

In the following risk control map risks have been categorized based on the level of significance and the associated level of control. Which of the following statements is true regarding Risk C?

A.
The level of control is appropriate given the level of risk
A.
The level of control is appropriate given the level of risk
Answers
B.
The level of control is excessive given the level of risk
B.
The level of control is excessive given the level of risk
Answers
C.
The level of control is inadequate given the level of risk
C.
The level of control is inadequate given the level of risk
Answers
D.
There is not enough of information to determine whether the controls are appropriate or not
D.
There is not enough of information to determine whether the controls are appropriate or not
Answers
Suggested answer: C

Explanation:

In the risk control map, Risk C is positioned in the upper left quadrant, indicating it is critical (high risk significance) but with a low level of control. This suggests that the current controls are insufficient to mitigate the high level of risk associated with Risk C. For critical risks, a higher level of control is necessary to ensure that the risk is properly managed and mitigated.

Reference:

'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)

'Risk Management Framework' (COSO)

Question 314

Report
Export
Collapse

In which of the following situations has an internal audit of obtained physical evidence?

A.
An internal auditor made purchases from several of the organization's retail outlets to evaluate customer service
A.
An internal auditor made purchases from several of the organization's retail outlets to evaluate customer service
Answers
B.
An internal auditor interviewed various employees regarding health and safety issues and recorded their answers
B.
An internal auditor interviewed various employees regarding health and safety issues and recorded their answers
Answers
C.
An internal auditor obtained the current quarterly financial report and computed changes in deb-to-equity ratio
C.
An internal auditor obtained the current quarterly financial report and computed changes in deb-to-equity ratio
Answers
D.
An internal auditor received a signed confirmation regarding the terms of a transaction from an independent attorney
D.
An internal auditor received a signed confirmation regarding the terms of a transaction from an independent attorney
Answers
Suggested answer: A

Explanation:

Physical evidence in internal auditing refers to tangible, observable, and verifiable information obtained directly through auditors' activities. Making purchases from retail outlets to evaluate customer service involves direct interaction and observation, which constitutes obtaining physical evidence. This differs from documents, interviews, or confirmations, which are considered documentary or testimonial evidence.

Reference:

'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)

'Audit Evidence' (International Standards on Auditing)

Question 315

Report
Export
Collapse

Which of the following is an appropriate documentation of proper engagement supervision?

A.
A completed engagement workpaper review checklist.
A.
A completed engagement workpaper review checklist.
Answers
B.
The supervisor's review notes on engagement workpapers.
B.
The supervisor's review notes on engagement workpapers.
Answers
C.
The email exchanges between the audit team and the supervisor.
C.
The email exchanges between the audit team and the supervisor.
Answers
D.
A supervisor's approval of resources allocated to the engagement
D.
A supervisor's approval of resources allocated to the engagement
Answers
Suggested answer: A

Explanation:

Proper engagement supervision is documented through formal records that show a systematic review and oversight process. A completed engagement workpaper review checklist provides evidence that the supervisor has reviewed and approved the work done by the audit team. This formal checklist ensures all critical aspects of the engagement are reviewed systematically, meeting the standards for proper supervision documentation.

Reference:

'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)

'International Standards for the Professional Practice of Internal Auditing' (IIA)

Question 316

Report
Export
Collapse

An internal auditor discovered that a new employee was granted inappropriate access to the payroll system Apparently the IT specialist had made a mistake and granted access to the wrong new employee. Which of the following management actions would be most effective to prevent a similar issue from occurring again?

A.
Remove the new employee's excessive access rights and request that he report any future access error.
A.
Remove the new employee's excessive access rights and request that he report any future access error.
Answers
B.
Perform a complete review of all users who have access to the payroll system lo determine whether there are additional employees who were granted inappropriate access
B.
Perform a complete review of all users who have access to the payroll system lo determine whether there are additional employees who were granted inappropriate access
Answers
C.
Review the system activity log of the employee to determine whether he used the inappropriate access to conduct any unauthorized activities in the payroll system
C.
Review the system activity log of the employee to determine whether he used the inappropriate access to conduct any unauthorized activities in the payroll system
Answers
D.
Provide coaching to the IT specialist and introduce a secondary control to ensure system access is granted in accordance with the approved access request.
D.
Provide coaching to the IT specialist and introduce a secondary control to ensure system access is granted in accordance with the approved access request.
Answers
Suggested answer: D

Explanation:

The most effective management action to prevent similar issues in the future involves both corrective and preventive measures. Coaching the IT specialist addresses the immediate knowledge gap and mistake that occurred. Introducing a secondary control, such as a review or verification step, ensures that future access requests are granted correctly, thereby preventing similar errors. This combination addresses the root cause and adds a layer of assurance.

Reference:

'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)

'IT Control Objectives for Sarbanes-Oxley' (IT Governance Institute)

Question 317

Report
Export
Collapse

The audit manager asked the internal auditor to perform additional testing because several irregularities were found in the financial information. Which of the following would be the most appropriate analytical review for the auditor to perform?

A.
Compare the firm's financial performance with organizations in the same industry
A.
Compare the firm's financial performance with organizations in the same industry
Answers
B.
Interview all managers involved in preparing the financial statements
B.
Interview all managers involved in preparing the financial statements
Answers
C.
Perform a bank reconciliation to confirm the cash balance in the financial statements.
C.
Perform a bank reconciliation to confirm the cash balance in the financial statements.
Answers
D.
Trace each financial transaction to the original supporting document
D.
Trace each financial transaction to the original supporting document
Answers
Suggested answer: A

Explanation:

When several irregularities are found in the financial information, it is critical to perform an analytical review that provides a broader perspective on the firm's financial health. Comparing the firm's financial performance with organizations in the same industry helps identify anomalies and trends that may indicate irregularities. This benchmarking approach can highlight unusual deviations from industry norms, which may signal errors or potential fraud.

Reference:

'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)

'Auditing and Assurance Services' (Messier, Glover, Prawitt)

Question 318

Report
Export
Collapse

Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?

A.
End the consulting engagement and report the results to management as planned
A.
End the consulting engagement and report the results to management as planned
Answers
B.
Report the significant control issues to senior management and the board and recommend corrective action
B.
Report the significant control issues to senior management and the board and recommend corrective action
Answers
C.
Mutually agree with the engagement client on corrective actions
C.
Mutually agree with the engagement client on corrective actions
Answers
D.
Focus on the consulting engagement and schedule an assurance engagement next to address the control issues
D.
Focus on the consulting engagement and schedule an assurance engagement next to address the control issues
Answers
Suggested answer: B

Explanation:

When significant control issues are identified during a consulting engagement, it is the responsibility of the chief audit executive to ensure that these issues are communicated to senior management and the board. This ensures that the organization is aware of the risks and can take corrective action. Consulting engagements should not overshadow the priority of addressing critical control issues that may affect the organization's risk profile.

Reference:

'International Standards for the Professional Practice of Internal Auditing' (IIA Standards)

'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)

Question 319

Report
Export
Collapse

The internal auditor and her supervisor are in dispute about a risk that was not tested during an audit of the procurement function. Which of the following tools would best support the auditor's decision not to test the risk?

A.
A spaghetti map
A.
A spaghetti map
Answers
B.
A heat map.
B.
A heat map.
Answers
C.
A process map
C.
A process map
Answers
D.
An assurance map
D.
An assurance map
Answers
Suggested answer: D

Explanation:

An assurance map is a tool that provides a visual representation of the coverage of risks by various assurance providers. It supports the auditor's decision by showing which risks are being addressed by internal audit and other functions, and which risks are not being tested. This can help justify the auditor's decision not to test a particular risk, by demonstrating that it has already been covered or deemed low priority.

Reference:

'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)

'Creating an Assurance Map' (IIA Practice Guide)

Question 320

Report
Export
Collapse

Which of the following factors would be the most critical in determining which engagements should be included in the annual internal audit plan?

A.
Whether an audit is explicitly required by the internal audit charter
A.
Whether an audit is explicitly required by the internal audit charter
Answers
B.
The extent to which the work to be performed is an assurance or consulting engagement
B.
The extent to which the work to be performed is an assurance or consulting engagement
Answers
C.
The organization's annual risk management strategy
C.
The organization's annual risk management strategy
Answers
D.
Risks that are identified by operations staff or senior management
D.
Risks that are identified by operations staff or senior management
Answers
Suggested answer: C

Explanation:

The most critical factor in determining which engagements should be included in the annual internal audit plan is the organization's annual risk management strategy. This strategy identifies the key risks facing the organization and ensures that the internal audit plan aligns with the areas of highest risk. This prioritization helps ensure that internal audit resources are focused on areas that could have the most significant impact on the organization.

Reference:

'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)

'Risk-Based Internal Auditing' (IIA Practice Guide)

Total 461 questions
Go to page: of 47
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms