ExamGecko
Search Search Login
Home Home / IIA / IIA-CIA-Part2
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

How should an internal auditor approach preparing a detailed risk assessment during engagement planning?
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority? 1. Graded positive opinion. 2. Negative assurance opinion. 3. Limited assurance opinion. 4. Third-party opinion.
According to an internal audit observation, the organization's rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
What is the primary reason that audit supervision includes approval of the engagement report?
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate option for the chief audit executive?
According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?
During follow-up. the internal auditor discovered that operational management did not implement effective actions to address a significant control breach If the issue is left unresolved it may result in regulatory sanctions and damage the organization's reputation What is the most appropriate next step for the chief audit executive to lake?
A code of business conduct should include which of the following to increase its deterrent effect? 1. Appropriate descriptions of penalties for misconduct. 2. A notification that code of conduct violations may lead to criminal prosecution. 3. A description of violations that injure the interests of the employer. 4. A list of employees covered by the code of conduct.

Question 213 - IIA-CIA-Part2 discussion

Report
Export

A healthcare organization's chief audit executive (CAE) noted that the organization's IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization's chief information officer (ClO) does not agree with the audit team's recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?

A.
Write a risk acceptance memo for the CIO to sign acknowledging the observation and indicating a willingness to accept the risk.
Answers
A.
Write a risk acceptance memo for the CIO to sign acknowledging the observation and indicating a willingness to accept the risk.
B.
Provide an example of the attestation form that vendors must use. Then, recommend that the IT team require vendors to submit the attestation form on a regular basis.
Answers
B.
Provide an example of the attestation form that vendors must use. Then, recommend that the IT team require vendors to submit the attestation form on a regular basis.
C.
Escalate the issue to the audit committee, as the CIO is unwilling to implement the recommended action plan.
Answers
C.
Escalate the issue to the audit committee, as the CIO is unwilling to implement the recommended action plan.
D.
Escalate the issue to the CAE to assess whether the ClO's reasoning is acceptable.
Answers
D.
Escalate the issue to the CAE to assess whether the ClO's reasoning is acceptable.
Suggested answer: C

Explanation:

When there is a disagreement between the audit team and management, and if the disagreement concerns a significant risk, the issue should be escalated to the audit committee. The audit committee has the authority to review and resolve such disputes. Escalating the issue ensures that the concern is addressed at the highest governance level, maintaining the integrity and effectiveness of the internal audit function.

The Institute of Internal Auditors (IIA) Standards

Internal Audit Governance and Escalation Procedures

Show Answer
asked 18/09/2024
Mounir Mrabet
41 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms