ExamGecko
Search Search Login
Home Home / IIA / IIA-CIA-Part2

IIA IIA-CIA-Part2 Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

How should an internal auditor approach preparing a detailed risk assessment during engagement planning?
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate option for the chief audit executive?
According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?
According to an internal audit observation, the organization's rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority? 1. Graded positive opinion. 2. Negative assurance opinion. 3. Limited assurance opinion. 4. Third-party opinion.
An examination of the accounts payable function evidenced multiple findings with respect to segregation of duties. After management's response and action plan are received and documented in the final report, which of the following is most appropriate?
Senior management wants assurance that third-party contractors are following procedures as agreed with the organization. Which type of audit would be most appropriate to achieve this objective?
According to IIA guidance which of the following statements is true regarding heat maps?
An internal auditor wants to identity potential ghost employees in the organization's payroll system The auditor extracts the following data - Human resources data with employees' names addresses employment conditions and identification codes - Payroll data - Logs from entrance systems With this data, which of the following types of ghost employees will the auditor be able to identify?

Question 61

Report
Export
Collapse

Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?

A.
The amount of experience the auditors have conducting audits in the specific area of the organization.
A.
The amount of experience the auditors have conducting audits in the specific area of the organization.
Answers
B.
The availability of the auditors in relation to the availability of key client staff.
B.
The availability of the auditors in relation to the availability of key client staff.
Answers
C.
Whether the budgeted hours are sufficient to complete the audit within the current scope.
C.
Whether the budgeted hours are sufficient to complete the audit within the current scope.
Answers
D.
Whether outside resources will be needed, and their availability.
D.
Whether outside resources will be needed, and their availability.
Answers
Suggested answer: C

Explanation:

When assigning tasks to audit team members, the auditor in charge primarily considers factors that directly affect the quality and efficiency of the audit, such as the auditors' experience and availability, as well as the need for outside resources. While the sufficiency of budgeted hours is important for overall audit planning, it is not a direct factor in the assignment of specific tasks to team members. The assignment is more focused on ensuring that the right skills are matched to the tasks and that resources are properly coordinated with client availability.

Reference:

IIA Standards - 1200: Proficiency and Due Professional Care

IIA Practice Guide - Coordination and Reliance: Developing an Assurance Map

Question 62

Report
Export
Collapse

An organization's internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?

1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.

2. The AIC should notify HR management before the planning stage begins.

3. The AIC should schedule formal status meetings with HR management at the start of the engagement.

4. The AIC should finalize the scope of the engagement before communicating with HR management.

A.
1 and 3
A.
1 and 3
Answers
B.
1 and 4
B.
1 and 4
Answers
C.
2 and 3
C.
2 and 3
Answers
D.
2 and 4
D.
2 and 4
Answers
Suggested answer: C

Explanation:

Preliminary communication with HR management is essential to ensure a smooth audit process. According to IIA guidance, the auditor in charge (AIC) should notify HR management before the planning stage begins to facilitate cooperation and alignment. Additionally, scheduling formal status meetings at the start of the engagement helps in setting expectations, clarifying the scope, and ensuring ongoing communication throughout the audit process. These steps foster transparency and collaboration.

Reference:

IIA Standards - 2200: Engagement Planning

IIA Practice Advisory - 2200-1: Engagement Planning

Question 63

Report
Export
Collapse

The final internal audit report should be distributed to which of the following individuals?

A.
Audit client management only
A.
Audit client management only
Answers
B.
Executive management only
B.
Executive management only
Answers
C.
Audit client management, executive management, and others approved by the chief audit executive.
C.
Audit client management, executive management, and others approved by the chief audit executive.
Answers
D.
Audit client management, executive management, and any those who request a copy.
D.
Audit client management, executive management, and any those who request a copy.
Answers
Suggested answer: C

Explanation:

According to the International Standards for the Professional Practice of Internal Auditing, the final audit report should be distributed to those responsible for the functions being audited (audit client management) and to those who oversee or are accountable for the audit function (executive management). Additionally, the chief audit executive (CAE) can approve distribution to other relevant stakeholders as necessary. This ensures that all relevant parties are informed and can take appropriate action based on the audit findings.

Reference:

IIA Standards - 2410: Criteria for Communicating

IIA Practice Guide - Communication with the Board

Question 64

Report
Export
Collapse

According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization's cash disbursements process?

A.
The accounts payable supervisor, accounts payable manager, and controller.
A.
The accounts payable supervisor, accounts payable manager, and controller.
Answers
B.
The accounts payable manager, purchasing manager, and receiving manager.
B.
The accounts payable manager, purchasing manager, and receiving manager.
Answers
C.
The accounts payable supervisor, controller, and treasurer.
C.
The accounts payable supervisor, controller, and treasurer.
Answers
D.
The accounts payable manager, chief financial officer, and audit committee.
D.
The accounts payable manager, chief financial officer, and audit committee.
Answers
Suggested answer: D

Explanation:

For compliance engagements, particularly those related to critical processes such as cash disbursements, it is important to distribute the final audit report to individuals with oversight and decision-making responsibilities. The accounts payable manager oversees the process, the chief financial officer (CFO) has overall financial oversight, and the audit committee provides governance and oversight of the audit function. This ensures that the report is reviewed by those with the authority to implement changes and address any issues identified.

Reference:

IIA Standards - 2440: Disseminating Results

IIA Practice Advisory - 2440-1: Disseminating Results

Question 65

Report
Export
Collapse

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

A.
Acts that may endanger the health or safety of individuals.
A.
Acts that may endanger the health or safety of individuals.
Answers
B.
Acts that favor one party to the detriment of another.
B.
Acts that favor one party to the detriment of another.
Answers
C.
Acts that damage or have an adverse effect on the environment.
C.
Acts that damage or have an adverse effect on the environment.
Answers
D.
Acts that conceal inappropriate activities in the organization.
D.
Acts that conceal inappropriate activities in the organization.
Answers
Suggested answer: B

Explanation:

In the context of internal auditing, activities that pose immediate and significant risks to health, safety, the environment, or that conceal inappropriate activities within an organization are of high importance and typically require formal communication to the chief audit executive (CAE). These activities could have severe legal, financial, and reputational consequences for the organization. While acts that favor one party to the detriment of another are concerning and may indicate ethical or procedural issues, they are generally considered less critical compared to the other options, as they do not necessarily imply immediate and severe risks to individuals or the organization as a whole.

Reference:

The Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing (Standards), specifically Standard 2060: Reporting to Senior Management and the Board.

IIA Practice Guide on Communicating Unacceptable Risk.

Question 66

Report
Export
Collapse

An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?

A.
Observe corrective measures.
A.
Observe corrective measures.
Answers
B.
Seek a management assurance declaration.
B.
Seek a management assurance declaration.
Answers
C.
Follow up during the next scheduled audit.
C.
Follow up during the next scheduled audit.
Answers
D.
Conduct appropriate testing to verify management responses.
D.
Conduct appropriate testing to verify management responses.
Answers
Suggested answer: D

Explanation:

To ensure that recommendations for enhancing internal controls have been effectively implemented, the internal auditor should conduct appropriate testing to verify management responses. This involves re-performing procedures, reviewing documentation, and possibly observing operations to confirm that the corrective actions have been adequately executed and are effective. Simply seeking a management assurance declaration (Option B) or observing corrective measures (Option A) may not provide sufficient evidence of proper implementation. Following up during the next scheduled audit (Option C) may delay the verification process, potentially allowing risks to persist.

Reference:

IIA Standard 2500: Monitoring Progress.

IIA Practice Guide on Follow-up Processes in Internal Auditing.

Question 67

Report
Export
Collapse

Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?

A.
Improper segregation of duties.
A.
Improper segregation of duties.
Answers
B.
Incentives and bonus programs.
B.
Incentives and bonus programs.
Answers
C.
An employee's reported concerns.
C.
An employee's reported concerns.
Answers
D.
Lack of an ethics policy.
D.
Lack of an ethics policy.
Answers
Suggested answer: A

Explanation:

Improper segregation of duties is a fundamental control weakness that significantly increases the risk of fraud. When one individual has control over multiple stages of a financial transaction or operational process, it creates opportunities for fraudulent activities to occur and remain undetected. While incentives and bonus programs (Option B), employee concerns (Option C), and lack of an ethics policy (Option D) are also important indicators of potential fraud risk, they do not present as direct and immediate a vulnerability as improper segregation of duties.

Reference:

IIA Practice Guide on Fraud Prevention and Detection in an Automated World.

IIA Standard 2120: Risk Management.

Question 68

Report
Export
Collapse

Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?

A.
A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.
A.
A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.
Answers
B.
A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.
B.
A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.
Answers
C.
A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.
C.
A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.
Answers
D.
A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.
D.
A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.
Answers
Suggested answer: A

Explanation:

Strengthening password policies and ensuring unique passwords are used within a specified period are key measures in preventing unauthorized access and reducing the risk of fraud. Password management is a critical aspect of IT security and can significantly mitigate the risk of cyber fraud. The other recommendations (Options B, C, and D) address operational issues but do not directly impact fraud prevention as effectively as enhancing password security does.

Reference:

IIA Standard 2110: Governance.

IIA Practice Guide on IT Controls and Cybersecurity.

Question 69

Report
Export
Collapse

An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

A.
Manage and coordinate risk management processes.
A.
Manage and coordinate risk management processes.
Answers
B.
Audit risk management processes.
B.
Audit risk management processes.
Answers
C.
Become involved in risk oversight committees, monitoring activities, and status reporting.
C.
Become involved in risk oversight committees, monitoring activities, and status reporting.
Answers
D.
Accept management's responsibility for risk management without board approval.
D.
Accept management's responsibility for risk management without board approval.
Answers
Suggested answer: D

Explanation:

According to IIA guidance, the chief audit executive (CAE) should maintain independence and objectivity in their role. While the CAE can manage and coordinate risk management processes, audit those processes, and be involved in risk oversight committees, they should not accept management's responsibility for risk management without the board's approval. This ensures that there is no conflict of interest and maintains the CAE's independence.

Reference:

IIA Standards - 1110: Organizational Independence

IIA Practice Advisory - 2060-1: Reporting to Senior Management and the Board

Question 70

Report
Export
Collapse

When creating the internal audit plan, the chief audit executive should prioritize engagements based primarily on which of the following?

A.
The last available risk assessment.
A.
The last available risk assessment.
Answers
B.
Requests from senior management and the board.
B.
Requests from senior management and the board.
Answers
C.
The longest interval since the last examination of each audit universe item.
C.
The longest interval since the last examination of each audit universe item.
Answers
D.
The auditable areas required by regulatory agencies.
D.
The auditable areas required by regulatory agencies.
Answers
Suggested answer: A

Explanation:

The IIA Standards emphasize that the chief audit executive (CAE) should develop the internal audit plan based on a thorough assessment of risks facing the organization. This risk-based approach ensures that the most significant and relevant areas are prioritized. While input from senior management and regulatory requirements are also important, the primary driver should be the most recent and comprehensive risk assessment.

Reference:

IIA Standards - 2010: Planning

IIA Practice Guide - Developing the Risk-based Internal Audit Plan

Total 461 questions
Go to page: of 47
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms