ExamGecko
Search Search Login
Home Home / IIA / IIA-CIA-Part2

IIA IIA-CIA-Part2 Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

How should an internal auditor approach preparing a detailed risk assessment during engagement planning?
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority? 1. Graded positive opinion. 2. Negative assurance opinion. 3. Limited assurance opinion. 4. Third-party opinion.
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate option for the chief audit executive?
According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?
According to an internal audit observation, the organization's rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?
An examination of the accounts payable function evidenced multiple findings with respect to segregation of duties. After management's response and action plan are received and documented in the final report, which of the following is most appropriate?
Senior management wants assurance that third-party contractors are following procedures as agreed with the organization. Which type of audit would be most appropriate to achieve this objective?
According to IIA guidance which of the following statements is true regarding heat maps?
An internal auditor wants to identity potential ghost employees in the organization's payroll system The auditor extracts the following data - Human resources data with employees' names addresses employment conditions and identification codes - Payroll data - Logs from entrance systems With this data, which of the following types of ghost employees will the auditor be able to identify?

Question 81

Report
Export
Collapse

When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?

1. The competency and qualifications of the audit staff for specific assignments.

2. The effectiveness of IAA staff performance measures.

3. The number of training hours received by staff auditors compared to the budget.

4. The geographical dispersion of audit staff across the organization.

A.
1 and 3
A.
1 and 3
Answers
B.
1 and 4
B.
1 and 4
Answers
C.
2 and 3
C.
2 and 3
Answers
D.
2 and 4
D.
2 and 4
Answers
Suggested answer: B

Question 82

Report
Export
Collapse

When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?

A.
The need and availability of automated support.
A.
The need and availability of automated support.
Answers
B.
The potential impact of key risks.
B.
The potential impact of key risks.
Answers
C.
The expected outcomes and deliverables.
C.
The expected outcomes and deliverables.
Answers
D.
The operational and geographic boundaries.
D.
The operational and geographic boundaries.
Answers
Suggested answer: A

Explanation:

When developing the scope of an audit engagement, the internal auditor typically considers factors that directly impact the audit's objectives, risks, and execution. This includes the potential impact of key risks (Option B), the expected outcomes and deliverables (Option C), and the operational and geographic boundaries (Option D). While the need and availability of automated support (Option A) may be a practical consideration for how the audit is conducted, it is not fundamental to defining the scope of the audit engagement itself. The scope is primarily concerned with what is to be audited and why, rather than how the audit will be performed.

Reference:

IIA Standard 2200: Engagement Planning.

IIA Practice Guide on Audit Engagement Planning.

Question 83

Report
Export
Collapse

Which of the following situations would justify the removal of a finding from the final audit report?

A.
Management disagrees with the report findings and conclusions in their responses.
A.
Management disagrees with the report findings and conclusions in their responses.
Answers
B.
Management has already satisfactorily completed the recommended corrective action.
B.
Management has already satisfactorily completed the recommended corrective action.
Answers
C.
Management has provided additional information that contradicts the findings.
C.
Management has provided additional information that contradicts the findings.
Answers
D.
Management believes that the finding is insignificant and unfairly included in the report.
D.
Management believes that the finding is insignificant and unfairly included in the report.
Answers
Suggested answer: C

Explanation:

A finding can be removed from the final audit report if management provides additional information that accurately contradicts the initial findings. This indicates that the initial findings may have been based on incomplete or incorrect information. Disagreements (Option A) or beliefs about the insignificance (Option D) of the finding do not justify removal unless they are supported by new, contradicting evidence. Even if corrective actions are already taken (Option B), the original finding may still be relevant for documentation and historical context.

Reference:

IIA Standard 2410: Criteria for Communicating.

IIA Practice Guide on Communicating Results.

Question 84

Report
Export
Collapse

According to IIA guidance, which of the following activities is most likely to enhance stakeholders' perception of the value the internal audit activity (IAA) adds to the organization?

1. The IAA uses computer-assisted audit techniques and IT applications.

2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.

3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.

4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.

A.
1 and 2
A.
1 and 2
Answers
B.
1 and 3
B.
1 and 3
Answers
C.
2 and 4
C.
2 and 4
Answers
D.
3 and 4
D.
3 and 4
Answers
Suggested answer: D

Explanation:

Enhancing stakeholders' perception of the value added by the internal audit activity (IAA) involves demonstrating strong relationships with audit clients (Option 3) and participating in project teams and task forces in an advisory capacity (Option 4). These activities show the IAA's active involvement in the organization's operations and its commitment to adding value beyond traditional auditing roles. While the use of computer-assisted audit techniques (Option 1) and a consistent risk-based approach (Option 2) are important, they are more related to internal audit efficiency and effectiveness rather than directly enhancing stakeholder perception of value.

Reference:

IIA Practice Guide on Demonstrating Value.

IIA Standard 2100: Nature of Work.

Question 85

Report
Export
Collapse

A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?

A.
Integrity.
A.
Integrity.
Answers
B.
Flexibility.
B.
Flexibility.
Answers
C.
Initiative.
C.
Initiative.
Answers
D.
Curiosity.
D.
Curiosity.
Answers
Suggested answer: D

Explanation:

According to IIA guidance, curiosity is a key attribute that indicates a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior. Curiosity drives the auditor to ask deeper questions, seek out underlying causes, and thoroughly investigate anomalies. While integrity (Option A), flexibility (Option B), and initiative (Option C) are important qualities for an internal auditor, curiosity specifically relates to the propensity to investigate and uncover the truth behind incidents.

Reference:

IIA Standard 1200: Proficiency and Due Professional Care.

IIA Practice Guide on Competency Framework for Internal Auditing.

Question 86

Report
Export
Collapse

According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?

A.
The employee's name listed on organization's payroll is compared to the personnel records.
A.
The employee's name listed on organization's payroll is compared to the personnel records.
Answers
B.
Payroll time sheets are reviewed and approved by the timekeeper before processing.
B.
Payroll time sheets are reviewed and approved by the timekeeper before processing.
Answers
C.
Employee access to the payroll database is deactivated immediately upon termination.
C.
Employee access to the payroll database is deactivated immediately upon termination.
Answers
D.
Changes to payroll are validated by the personnel department before being processed.
D.
Changes to payroll are validated by the personnel department before being processed.
Answers
Suggested answer: B

Explanation:

According to the IIA guidance, reviewing and approving payroll timesheets by the timekeeper before processing is considered least effective in managing the risk of payroll fraud. While this procedure might detect some errors or irregularities, it does not provide a robust control against fraud because the timekeeper can collude with employees or fail to review timesheets adequately. On the other hand, procedures such as comparing payroll lists to personnel records, deactivating payroll database access upon termination, and validating changes to payroll by the personnel department involve checks and balances that are more effective at preventing or detecting fraudulent activities.

IIA Practice Guide: Managing the Business Risk of Fraud: A Practical Guide

IIA Standards and Guidance: IPPF -- Practice Guide

Question 87

Report
Export
Collapse

During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?

A.
The audit supervisor should include the new contracts in the finding for the final audit report.
A.
The audit supervisor should include the new contracts in the finding for the final audit report.
Answers
B.
The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.
B.
The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.
Answers
C.
The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.
C.
The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.
Answers
D.
The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.
D.
The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.
Answers
Suggested answer: B

Explanation:

According to the IIA guidance, the most appropriate next step when discovering a sales manager approving contracts beyond their authorization limit is to communicate the finding to the supervisor of the sales manager through an interim report. This approach ensures that the issue is addressed promptly and management can take immediate corrective actions to prevent further unauthorized activities. Including new contracts under negotiation in the final report would delay action, while reminding the sales manager of their authority limits does not escalate the issue appropriately.

IIA Standards: 2440 - Disseminating Results

IIA Practice Guide: Communicating Audit Results

Question 88

Report
Export
Collapse

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

A.
The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.
A.
The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.
Answers
B.
The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.
B.
The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.
Answers
C.
The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.
C.
The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.
Answers
D.
The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.
D.
The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.
Answers
Suggested answer: D

Explanation:

When an internal auditor finds that the incidents of noncompliance exceed the organization's acceptable tolerance level, this should be included in the final engagement report. In this case, the 8 out of 90 desks found with sensitive information represent an 8.9% noncompliance rate, which exceeds the organization's tolerance limit of 4%. Reporting this observation in the final engagement report ensures that management is informed and can take necessary corrective actions to address the noncompliance.

IIA Standards: 2410 - Criteria for Communicating

IIA Practice Guide: Reporting and Monitoring

Question 89

Report
Export
Collapse

Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?

A.
Strategic plans reflect the organization's business objectives and overall attitude toward risk.
A.
Strategic plans reflect the organization's business objectives and overall attitude toward risk.
Answers
B.
Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.
B.
Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.
Answers
C.
Strategic plans are likely to show areas of weak financial controls.
C.
Strategic plans are likely to show areas of weak financial controls.
Answers
D.
The strategic plan is a relatively stable document on which to base audit planning.
D.
The strategic plan is a relatively stable document on which to base audit planning.
Answers
Suggested answer: A

Explanation:

The primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan is that strategic plans reflect the organization's business objectives and overall attitude toward risk. Understanding the strategic direction of the organization helps the internal audit function align its activities with the key risks and objectives, ensuring that the audit plan is relevant and adds value to the organization by focusing on areas that could impact the achievement of strategic goals.

IIA Standards: 2010 - Planning

IIA Practice Guide: Developing the Internal Audit Strategic Plan

Question 90

Report
Export
Collapse

An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization's health and safety program?

A.
The CAE has no role to play, because the chief health and safety officer reports to a senior executive.
A.
The CAE has no role to play, because the chief health and safety officer reports to a senior executive.
Answers
B.
The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.
B.
The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.
Answers
C.
The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.
C.
The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.
Answers
D.
The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.
D.
The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.
Answers
Suggested answer: B

Explanation:

The role of the CAE includes ensuring that all significant risks, including those related to health and safety, are properly managed. Even though the chief health and safety officer reports directly to the CEO, the CAE should still coordinate with and review the work of this officer to understand and evaluate the management of health and safety risks. This helps ensure a comprehensive risk management approach within the organization and supports the overall assurance framework. It is not appropriate for the CAE to have no role (Option A), report directly to the regulator (Option C), or hire an external specialist annually without internal coordination (Option D).

Reference:

IIA Standard 2010: Planning.

IIA Practice Guide on Coordinating Risk Management and Assurance.

Total 461 questions
Go to page: of 47
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms