PDF Only
$35.00 Free Updates Upto 90 Days
- IIA-CIA-Part2 Dumps PDF
- 482 Questions
- Updated On November 18, 2024
PDF + Test Engine
$60.00 Free Updates Upto 90 Days
- IIA-CIA-Part2 Question Answers
- 482 Questions
- Updated On November 18, 2024
Test Engine
$50.00 Free Updates Upto 90 Days
- IIA-CIA-Part2 Practice Questions
- 482 Questions
- Updated On November 18, 2024
How to pass IIA IIA-CIA-Part2 exam with the help of dumps?
DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest IIA IIA-CIA-Part2 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.
How Do I Know IIA IIA-CIA-Part2 Dumps are Worth it?
Did we mention our latest IIA-CIA-Part2 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.
You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just IIA Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!
IT Students Are Using our Practice of Internal Auditing Dumps Worldwide!
It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Practice of Internal Auditing Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.
How to Get IIA-CIA-Part2 Real Exam Dumps?
Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the IIA-CIA-Part2 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!
Frequently Asked Questions
Question # 1
A manufacturing organization is considering a merger with a similar firm, and requests that the chief audit executive (CAE) perform a due diligence audit. During the preliminary survey, the CAE notes that inventory management is a high risk area. In consultation with the external auditors and legal advisors, the CAE learns that they share those concerns. Which of the following is the CAE's best course of action?
A. Perform an independent audit of the merging firm's inventory management practices to
verify the concerns and to provide relevant and reliable results to management for their
consideration and action.
B. Advise management that internal audit, external audit, and legal advisors all have
concerns about inventory management and, given the high materiality of inventory,
management should not proceed with the merger.
C. Coordinate a review of inventory management with external auditors and legal advisors
and ensure each group focuses on their area of expertise to ascertain the extent of the
problems, if any
Question # 2
According to the Standards, which of the following should be the basis for scheduling follow-up of engagement recommendations?
A. The follow-up manual procedures.
B. The internal audit charter.
C. The agreement made between internal auditors and management.
D. The risks and exposures involved.
Question # 3
According to the Standards, which of the following control strategies would be the most effective in helping to prevent fraud?
A. Have employees annually sign a code of conduct requiring that they report any known
violations.
B. Implement a whistleblower hotline where individuals can make anonymous phone calls
to report fraudulent activities
C. Provide periodic fraud awareness training to employees and test their understanding of
the training through online surveys.
D. Conduct routine employee surveys to solicit their knowledge of fraud and unethical
behavior within the organization.
Question # 4
Which of the following would not include recommendations for process improvements?
A. Due diligence engagement.
B. Forensic investigation.
C. Internal audit engagement.
D. Consulting engagement.
Question # 5
Which of the following events would most likely cause the chief audit executive to considerchanging the current year's audit plan?The government announced that new regulatory requirements will be introduced in thecoming years which may significantly impact the organization's primary product.A major competitor unexpectedly introduced a new model at a lower price point to competewith the organization's market leading product.The organization announced a new joint venture with a long time corporate partner tointroduce a new product with development costs and sales beginning next fiscal year.An equal joint venture partner filed a lawsuit against the organization and requested thatthe court issue an immediate suspension of future product shipments.
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 4 only
D. 3 and 4 only
Question # 6
An internal auditor was assigned to conduct an inventory control and stock room area engagement. During the audit, the auditor observed that there were some items that have a shelf life expiration date requirement based on a certificate of conformance received with the product. The certificates of conformance are kept on file in the inventory area office and the expiration date is verified at the time the item is taken from stock. The auditor reviewed the items in the stock room and also on the production floor for the expiration dates to see if there was any expired product. All items with a shelf life requirement were found to be within the expiration date requirement. Which of the following recommendations would be appropriate?
A. Take no action, because all the items were within the expiration date requirement, and
no corrective action is needed
B. Permit production staff the access to files where the certificates of conformity are kept,
so they can choose the items with the closest expiration date.
C. Determine the cost of inventory for the items that have a shelf life and apply a new
policy regarding inventory levels to be maintained (i.e., minimums, maximums, reorder
points etc.).
D. Add to the product label a "use by date" line, enter the expiration at the time of receipt,
and perform periodic inventory checks.
Question # 7
According to IIA guidance, which of the following are potential benefits of using an assurance map?
A. Indication of any gaps in assurance coverage, and improved relevance of assurance
recommendations.
B. Identification of duplicate or overlapping assurance activities, and improved relevance of
assurance recommendations.
C. Indication of gaps in assurance coverage, and enhanced effectiveness of assurance
providers.
D. Enhanced effectiveness of assurance providers, and improved relevance of assurance
recommendations.
Question # 8
The chief audit executive (CAE) is adding a new audit position to the team. According to the International Professional Practices Framework, which of the following candidates would the CAE be least likely to accept for the position?
A. The candidate is applying for an IT audit position, while originally coming from an IT
background, but has only experiences of financial and compliance audits in the previous
position.
B. The candidate is knowledgeable about potential indicators of fraud including typical
risks, but has only participated as a staff auditor in one investigative fraud audit.
C. The candidate meets the minimum educational requirements established by the chief
audit executive, but has less formal education than any of the other candidates being
considered.
D. The candidate provides examples of previous reports demonstrating excellent writing
skills, but lacks ability to clearly communicate ideas and conclusions in a meeting.
Question # 9
If the chief audit executive believes that senior management has accepted a level of residual risk that is unacceptable to the organization, they should:
A. Accept the decision of senior management as they are ultimately responsible for risk
management.
B. Report the concern directly to the board.
C. Discuss the concern with management and if not resolved, escalate it to the board.
D. Disclose the issue in the audit report when auditing the area where the risk was
identified.
Question # 10
An internal auditor for a large telecommunications organization identified potential risk factors related to a planned billing system conversion. Which of the following risk factors would present the least potential exposure to the organization?
A. Critical customer support functions are not available for a short period.
B. Invoice generation disruptions due to required maintenance.
C. Inaccurate billing of telephone calls due to database error.
D. End user criticism and lack of support for the new system.
Question # 11
Which of the following topics must the internal audit staff discuss with management duringthe exit conference?1. Issues identified during the audit.2. Evaluation criteria used to select controls for testing.3. Staff who were interviewed during the audit.4. The reporting process for the draft and final report.
A. 1 and 3 only
B. 1 and 4 only
C. 2 and 3 only
D. 2 and 4 only
Question # 12
An organization does not have a formal risk management function. According to theStandards, which of the following are conditions where the internal audit activity (IAA) mayprovide risk management consulting?1. There is a clear strategy and timeline to migrate risk management responsibility back tomanagement.2. The IAA has the final approval on any risk management decisions.3. The IAA does not give objective assurance on any part of the risk managementframework for which it is responsible.4. The nature of services provided to the organization is documented in the internal auditcharter.
A. 1, 2, and 3 only
B. 1, 2, and 4 only
C. 1, 3, and 4 only
D. 2, 3, and 4 only
Question # 13
When establishing the internal audit activity's annual plan, which of the following would be the best source of potential audit engagement topics?
A. The organization's budget.
B. Operations involving cash transactions.
C. Recent changes in management objectives.
D. Risk factors utilized in the organization's risk models.
Question # 14
Due to the expanded role of internal audit in the organization, the chief audit executive (CAE) of a construction company decides to employ the services of an outsourced audit service provider to augment the internal audit staff. What does the CAE need to consider in determining whether the outsourced audit service provider possesses the necessary knowledge, skills and other competencies to perform an audit engagement?
A. Specific matters expected to be covered in the engagement communications.
B. The financial interest that the external service provider may have in the organization.
C. The extent of other ongoing services the external service provider may be performing for the organization.
D. The reputation of the external service provider.
Question # 15
During the audit of a large decentralized supply chain function, the chief audit executive(CAE) receives serious allegations of fraud concerning the vice president responsible forthis function. The CAE engages a third party to provide forensic audit services and lead theinvestigation portion of the engagement. As part of this team, which of the following wouldbe an appropriate role for the investigator?1. Authenticate the original approval signatures on contracts.2. Interview personnel to understand the supply chain processes.3. Provide certified copies of relevant original documents for the audit file.4. Identify variances in pixels on original electronic documents.
A. 1 and 2 only
B. 1 and 4 only
C. 2 and 3 only
D. 3 and 4 only
Question # 16
When approving the final engagement report, which of the following is most critical?
A. Opinions are adequately supported.
B. Conclusions are reached for all objectives.
C. Report is distributed to appropriate parties.
D. Report is clear and concise.
Question # 17
An organization has acquired a new line of business. None of the organization's internal auditors have the required expertise to perform an internal audit of the new business line; therefore, the chief audit executive (CAE) has contracted the services of an external audit firm to perform the engagement. The CAE has assigned a member of the internal audit team to assist the external team with the engagement. According to the Standards, which of the following statements is true regarding supervision of the engagement?
A. The CAE may rely upon the external firm's auditor in charge to supervise the
engagement.
B. The external firm's auditor in charge must defer to the judgment of the CAE for any
disputes.
C. The CAE is not responsible for the quality of an audit performed by an external firm.
D. The CAE should not assign an inexperienced staff member to assist with the
engagement.
Question # 18
Which of the following is correct with respect to roles within an enterprise-wide riskmanagement process?1. The board provides oversight to the risk management process.2. Executive management owns the risk management framework.3. Senior management is assigned ownership of risks.4. Internal audit modifies the risk assessment determined by management.
A. 1 and 2 only
B. 3 and 4 only
C. 1, 2, and 3 only
D. 1, 2, 3, and 4
Question # 19
Which of the following is a preventive control for fraud?
A. Determining if the number of manually prepared disbursement checks is high.
B. Reconciling the purchase orders with the requisitions.
C. Verifying that new vendors appear on the vendor pre-approved list.
D. Conducting an inventory count of the warehouse.
Question # 20
Which two of the following considerations must an internal auditor take into account whileplanning an audit of an accounting system/application that has been in use for the last fiveyears?• The level and manner of linkages between the business' mission, objectives, andstructure and the accounting system/application.• Presence or absence of computerized and manual controls that address risks.• Identification of risks at the application level, e.g. availability and security of the system.• Testing of the system/application for bugs and errors.
A. 1 and 3 only
B. 2 and 3 only
C. 2 and 4 only
D. 3 and 4 only
Question # 21
An organization has an opening for an entry-level internal audit position. When interviewing for the position, which of the following is the least important skill for an entry-level internal auditor?
A. Conflict resolution skills.
B. Communication skills.
C. Time management skills.
D. Interpersonal skills.
Question # 22
Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailed audit work begins?
A. The objectives of the audit should be set.
B. The organization's management should be informed about the work to be performed.
C. Attention should be devoted toward the key audit areas.
D. The timing of the audit should be set.
Question # 23
Which of the following documents should the chief audit executive review and approve?1. Workpaper retention policy.2. Audit committee meeting minutes.3. Internal audit handbook.4. Quarterly financial statements
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 4 only
D. 1, 3, and 4 only
Question # 24
While reviewing the draft report of an audit engagement, the chief audit executive (CAE) isnot in agreement with management's acceptance of the potential risk exposure resultingfrom an observed key control weakness. Which of the following actions by the CAE wouldbe appropriate for addressing this concern?• Meet with the auditor-in-charge.• Discuss with senior management.• Monitor the result of the accepted risk.• Report the matter to the board.
A. 1, 2, and 3 only
B. 1, 2, and 4 only
C. 1, 3, and 4 only
D. 2, 3, and 4 only
Question # 25
Which of the following is the least relevant when preparing the internal audit activity's annual engagement plan?
A. Senior management's requests for internal audit engagements.
B. A rotation of internal audit engagements selected on a time basis.
C. The organization's current risk priority and exposure.
D. Coordination with the audit plans of the external auditor.
Question # 26
Controls are implemented to:
A. Eliminate risk and reduce the potential for loss.
B. Mitigate risk and eliminate the potential for loss.
C. Mitigate risk and reduce the potential for loss.
D. Eliminate risk and eliminate potential for loss.
Question # 27
Which of the following is not true regarding the management of internal audit resources?
A. A minimum level of information technology knowledge is necessary.
B. The adequacy of internal audit resources is ultimately a board responsibility.
C. Resources include external service providers and computer-assisted audit techniques.
D. Skills availability must be aligned with financial constraints.
Question # 28
Which of the following is an advantage to using the questionnaire approach when conducting risk and control self assessments?
A. Responses can easily be quantified and analyzed.
B. Follow-up for clarification is efficient.
C. It is educational for participants.
D. It allows for in-depth probing of issues.
Question # 29
During the planning phase of an audit of the treasury function, an internal auditor conducted a risk assessment of the function in order to:
A. Report any high-risk exposures of the treasury function to management and the board.
B. Determine whether appropriate resources are present to carry out the treasury function.
C. Comply with the internal audit charter and applicable regulatory requirements.
D. Identify areas of the treasury function that should be considered for potential
engagement objectives.
Question # 30
According to the International Professional Practices Framework, which of the following should be excluded from a final communication for a performance audit engagement?
A. Recommendations and conclusions.
B. The internal auditor's unbiased opinion.
C. Timely and relevant information.
D. Legal opinions related to illegal acts.
Question # 31
According to the Standards, which of the following best describes the responsibility of thechief audit executive (CAE) for approving the final engagement report?• The CAE is responsible for obtaining management approval before issuing the finalreport.• The CAE has overall responsibility for the report but can delegate the review andapproval of the report.• The CAE is responsible for obtaining senior management's approval before releasing thefinal report.• The CAE is responsible for approving to whom and how the final report will bedisseminated.
A. 1 and 3 only
B. 1 and 4 only
C. 2 and 3 only
D. 2 and 4 only
Question # 32
The chief executive officer has requested that the chief audit executive (CAE) coordinate the establishment of an enterprise risk management (ERM) program for the organization. Which of the following would be the most appropriate action for the CAE?
A. Accept the request as the role of coordinating ERM is a core function of internal audit.
B. Decline the request as this role compromises the CAE's objectivity.
C. Accept the request after consulting with the board and adhering to proper safeguards.
D. Decline the request as internal audit has limited knowledge and experience of risk at the enterprise level to undertake the assignment.
Question # 33
The chief audit executive (CAE) of a large retail operation believes that senior managementhas accepted a level of risk that exceeds the organization's current risk tolerance withrespect to a major expansion. The CAE plans to meet with senior management to discussthese concerns. According to IIA guidance, which of the following would be an appropriatecourse of action in preparation for this meeting?• Understand management's basis for the decision.• Advise the board of the concern and upcoming meeting.• Ascertain which members of management have accepted the risk.• Determine if management has the authority to accept the risk.
A. 1 and 2 only
A. 1 and 2 only
C. 2 and 3 only
D. 3 and 4 only
Question # 34
Why should internal auditors develop a strong relationship with the external auditors?
A. External auditors offer an additional layer of approval to internal auditors' reports.
B. External auditors can help improve the effectiveness of internal control sampling techniques.
C. External auditors can offer an independent and knowledgeable viewpoint.
D. External auditors can share information gained from work with similar clients.
Question # 35
During an engagement the internal auditors reported that the organization was paying suppliers without receiving the merchandise. Management responded that it would immediately establish the use of receiving reports. As part of the follow-up activity, which of the following procedures would be the most appropriate in determining that management action was implemented?
A. Ask management if the new policy related to the receiving reports is in place.
B. Select a sample of receiving reports and determine if payments were made.
C. Interview warehouse employees to ascertain adherence to new policy.
D. Select a sample of payments and determine if a receiving report exists.
Question # 36
An internal auditor has just undertaken an organization-wide risk assessment. In identifying potential audit engagements the internal auditor should consider least:
A. Focusing on the high risk areas as sources of potential engagements.
B. Focusing in areas not audited last year.
C. Factoring in management requests.
D. Focusing on those risks highlighted by the external auditor.
Question # 37
Which of the following statements is true?
A. Consulting engagements provide the internal audit activity with flexibility to add value
and do not need to be included in the long-range audit plan.
B. The internal audit activity's plan of engagments must be based on a formal quantitative
risk assessment.
C. The chief audit executive should consider changes to the long-range audit plan based
on the requests of business unit managers.
D. A risk assessment on which to base the internal audit activity's long-range plan must be
undertaken at least once every three years.
Question # 38
According to the International Professional Practices Framework, which of the following statements is true regarding the use of the statement, "Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing," when communicating results of a seven-year-old internal audit activity?
A. The statement may be used only when conducting international engagements.
B. The statement may be used only if the results of the quality assurance and improvement program support the statement.
C. The statement may be used whether or not the internal audit department has an external quality assessment review or an independent validation of a self assessment.
D. The statement should not be used for a consulting engagement.
Question # 39
Which of the following statements is true regarding the communication of audit engagement observations?
A. Criteria, condition, cause, and effect must be communicated for material observations
only
B. Criteria, condition, cause, and effect must be communicated for material observations
and significant deficiencies only
C. Criteria, condition, cause, and effect must be communicated for all engagement
observations.
D. Criteria, condition, cause, and effect do not need to be communicated for insignificant
observations with adquate compensating key controls
Question # 40
Which of the following statements is correct regarding the use of a program evaluation andreview technique (PERT) model?• It makes use of a probability model to arrive at a realistic estimate of time necessary forcompletion of the audit engagement.• It requires that activities are performed in sequence such that each task is completedbefore the commencement of the next activity.• It remains fixed once completed to act as a baseline for measuring the performance of theaudit staff following completion of the engagement.• It begins with the auditor-in-charge identifying the overall scope and then breaking downthe audit engagement into identifiable activity units.
A. 1 and 3 only
B. 1 and 4 only
C. 2 and 3 only
D. 2 and 4 only
Question # 41
To furnish useful and timely information and promote improvements in operations, internal auditors should provide:
A. Senior management with reports that emphasize the operational details of defective conditions.
B. Operating management with reports that emphasize general concerns and risks.
C. Information in written form before it is discussed with the engagement client.
D. Reports that meet the expectations of both operational and senior management.
Question # 42
Which of the following are key characteristics of enterprise risk management?1. It considers risk in the formulation of strategy.2. It applies risk management in some units of an entity.3. It takes a portfolio view of risks throughout the enterprise.4. It restricts the organization's ability to seize opportunities inherent in future events.
A. 2 and 3 only
B. 1 and 3 only
C. 2 and 4 only
D. 1 and 4 only
Question # 43
An internal auditor has completed an audit of an organization's activities and is ready to issue a report. However, the client disagrees with the internal auditor's conclusions. The auditor should:
A. Withhold the issuance of the audit report until agreement on the issues is obtained.
B. Issue the audit report and state both the auditor and client positions and the reasons for the disagreement.
C. Issue the audit report and omit the client's conclusion as it is not the opinion of the internal auditor.
D. Perform additional work, with the client's concurrence, to resolve the areas of disagreement and delay the issuance of the report until an agreement is reached.
Question # 44
According to IIA guidance, which of the following strategies would be the least effective in helping a chief audit executive build a stronger relationship with the board?
A. Consider formality and tone of communications to ensure they are appropriate.
B. Minimize instances of ad hoc communications with board members.
C. Consider the possible repercussions created by commentary on deficiencies.
D. Avoid making presumptuous comments without sufficient facts.
Question # 45
As part of a preliminary survey of the purchasing function, an internal auditor reads the department's policies and procedures manual and concludes that the manual describes the processing steps clearly and contains an appropriate internal control design. The next engagement objective is to evaluate the operating effectiveness of internal controls. Which procedure would fulfill this objective most effectively?
A. Perform a design test.
B. Perform a compliance test.
C. Perform a systems test.
D. Perform an efficiency test.
Question # 46
According to the Standards, which of the following describes the condition attribute when applied to the observations and recommendations contained in the audit report?
A. The standards, measures, or expectations used in making an evaluation or verification.
B. The reason for the difference between the expected state and the actual state.
C. The factual evidence that the internal auditor found in the course of the examination.
D. The risk or exposure the organization encounters because the actual state is not consistent with the criteria.
Question # 47
Management has asked the internal audit activity to perform an operational audit of a division that recently reported an increase in expenditures in addition to a decrease in profits. However, existing internal audit resources are currently engaged in a legal compliance audit. Which factor would be considered least important in deciding whether resources should be removed from the legal compliance audit to the operational audit?
A. The increase in expenditures at the division over the past year.
B. The probability that the legal compliance audit will detect fraud.
C. The results of the external auditor's most recent financial audit.
D. The potential for regulatory fines associated with the legal compliance audit.
Question # 48
Inadequate risk assessment would have the strongest negative impact in which of the following phases of an audit engagement?
A. Determining the scope.
B. Reviewing internal controls.
C. Testing.
D. Evaluating findings.
Question # 49
Which of the following examples of audit evidence is the most persuasive?
A. Real estate deeds, which were properly recorded with a government agency.
B. Canceled checks written by the treasurer and returned from a bank.
C. Time cards for employees, which are stored by a manager.
D. Vendor invoices filed by the accounting department.
Question # 50
An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels. A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of $1 million. The chief audit executive (CAE) would be justified in reporting this situation to the organization's board iF.I. In the opinion of the CAE, the level of residual risk assumed by senior management is too high.II. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales.III. The cost of modifying the sales system to include a preventive control is less than $100,000.
A. I only
B. III only
C. I and III only
D. I, II, and III
Question # 51
A code of business conduct provides:
A. A fraud avoidance plan that does not explicitly describe punishments for violations.
B. A passive method of fraud deterrence.
C. A program to anonymously report irregularities to authorities.
D. An alternative to "tone at the top" programs.
Question # 52
In a payroll audit, a staff auditor suspects that signatures on some of the documents being sampled for examination are not authentic. What action should the auditor take before proceeding with the examination?
A. Suggest to the payroll manager that the suspicious documents should be sent to the
organization's security department for forensic review.
B. Keep the suspicious documents in the workpaper file until the end of the engagement, and then discuss the suspicions with the payroll manager.
C. Discuss the suspicious documents with payroll staff to seek their views on the authenticity of the signatures.
D. Review the suspicious documents with the chief audit executive and seek advice concerning further examination.
Question # 53
According to the International Professional Practices Framework, which of the following would not be considered when performing an initial risk assessment in engagement planning?
A. The reliability of management’s assessment of risk.
B. Management’s process for monitoring, reporting, and resolving risk issues.
C. Management's methodology for defining risk criteria.
D. Risks in related activities relevant to the activity under review.
Question # 54
Which of the following is an advantage of an interim report?I.An interim report provides timely feedback to the audit engagement client.II.An interim report provides a mechanism for communicating information on red flags promptly while they are being investigated.III.An interim report provides an opportunity for auditor follow-up of findings before the engagement is completed.IV.An interim report increases the probability that corrective action will be initiated more quickly.
A. I and IV only
B. II and III o
C. I, III, and IV only
D. I, II, III, and IV.
Question # 55
Which role is not considered a change agent when an organization wants to implement structural changes?
A. Senior management.
B. Line management.
C. Independent consultant.
D. Shareholder.
Question # 56
According to the International Professional Practices Framework, which of the following is not an objective of the exit conference?
A. Receive client feedback and clarification.
B. Review audit recommendations.
C. Plan future engagements.
D. Resolve disagreements.
Question # 57
Information gathered in a forensic investigation of business fraud is usually gathered with which of the following standards in mind?
A. Generally Accepted Auditing Standards.
B. Generally Accepted Accounting Principles.
C. The International Professional Practices Framework.
D. Legal evidence.
Question # 58
During a payroll audit of a large organization, an internal auditor noted that the assistant personnel director is responsible for many aspects of the computerized payroll system, including adding new employees in the system; entering direct-deposit information for employees; approving and entering all payroll changes; and providing training for system users. After discussions with the director of personnel, the auditor concluded that the director was not comfortable dealing with information technology issues and felt obliged to support all actions taken by the assistant director. The auditor should:
A. Continue to follow the engagement program because the engagement scope and objectives have already been discussed with management.
B. Review the engagement program to ensure testing of direct deposits to employee bank accounts is adequately covered.
C. Recommend to the chief audit executive that a fraud investigation be started.
D. Test a sample of payroll changes to ensure that they were approved by the assistant director before being processed.
Question # 59
Management requested the chief audit executive (CAE) to include an audit of the organization's health and safety program in next year's annual audit plan. However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?
A. With management's agreement, amend the scope of the audit to ensure that areas
examined do not require specialized knowledge and expertise
B. Meet with management to explain that the audit cannot be undertaken and discuss
alternative strategies that can be implemented until internal audit can develop its capability
in the area
C. Accept the request provided management has conducted a thorough risk assessment
prior to the engagement to help guide the audit.
D. Advise management that compliance audits of this type should only be conducted by the
corresponding regulatory agency to ensure independence.
Question # 60
Which of the following is the correct ratio to use in calculating the dollar value of the population if the auditor is using ratio estimationNumber of ItemsAudited ValueCarrying AmountSample300$500,000$480,000Population3,000$5,000,000
A. 0.10
B. 0.96
C. 1.04
D. 10.00
Question # 61
Which of the following situations justifies the release of an interim report to managementand the board?• The internal auditor is convinced that the audit observations require immediate attention.• The internal auditor would like to communicate a change in engagement scope for theactivity under review.• The internal auditor notes that the engagement may extend over a longer time period.• The audit supervisor believes that issuing interim reports eases supervisory review andcontrols over working papers.
A. 1 and 3 only
B. 2 and 3 only
C. 1, 2, and 3 only
D. 2, 3, and 4 only
Question # 62
An organization's policies allow buyers to authorize expenditures up to $50,000 without any other approval. Which of the following audit procedures would be most effective in determining if fraud in the form of payments to fictitious companies has occurred?
A. Use generalized audit software to list all purchases over $50,000 to determine whether they were properly approved.
B. Develop a snapshot technique to trace all transactions by suspected buyers.
C. Use generalized audit software to take a random sample of all expenditures under $50,000 to determine whether they were properly approved.
D. Use generalized audit software to select a sample of paid invoices to new vendors and examine evidence that shows that services or goods were received.
Question # 63
Confirmation would be most effective in addressing the existence assertion for:
A. The addition of a milling machine to a machine shop.
B. Sales of merchandise during the regular course of business.
C. Inventory held on consignment.
D. The granting of a patent for a special process developed by the organization.
Question # 64
The internal auditor's opinion in terms of due professional care should be:
A. Limited to the effectiveness of internal controls.
B. Expressed only when consensus with top management has been achieved.
C. Based on experience and free of all bias.
D. Based on sufficient factual evidence.
Question # 65
In response to an audit finding, senior management informed the auditor that the issue would be investigated and resolved when time permitted. According to the International Professional Practices Framework, this action was not acceptable because:
A. The appropriate level of management was not involved in the review and resolution of
the issue
B. Responses should include sufficient information to evaluate the adequacy and
timeliness of corrective action.
C. The board had not reviewed management's responses to the engagement observations
and recommendations.
D. Other departments should have been contacted to determine if they shared
responsibility for corrective action.
Question # 66
The best method for assessing the relative importance of risk factors is to:
A. Change the rating of the factors from a 1-3 scale to a 1-5 scale.
B. Assign weights to the factors based on the comparative impact.
C. List the risk factors in a priority order. D. Use data from an independent source.
Question # 67
According to IIA guidance, which of the following are acceptable strategies for an internal audit activity (IAA) to establish or build relationships?
A. Assist executives with their administrative and governance responsibilities, and encourage all IAA members to develop relationships with the organization's executives.
B. Assist executives with their administrative and governance responsibilities, and ensure that all communications with the board are formal audit reports or preset agendas.
C. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and encourage all IAA members to develop relationships with the organization's executives.
D. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and ensure that all communications with the board are formal audit reports or preset agendas.
Question # 68
When interviewing an individual in relation to a fraud investigation, which course of action should the internal auditor follow?
A. Assure the individual that the results of the interview will remain confidential.
B. Establish a rapport with the subject to encourage openness.
C. Discontinue questioning once the individual has confessed to the fraud.
D. Refrain from deviating from the list of questions prepared before the interview.
Question # 69
With which of the following would the internal audit activity discuss findings, conclusions and recommendations prior to issuance of internal audit report?1. Business unit management. 2. Chief audit executive. 3. Audit committee. 4. Chief executive officer.
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 3 only
D. 1, 2, 3, and 4
Question # 70
Which of the following is an effective way for an internal auditor to improve communications with the client during a contentious audit?
A. Encourage the client to participate as a partner in the decision-making process to determine the changes that need to be made.
B. Clearly explain to the client the role of the internal audit activity in the change process.
C. Obtain the support of the board of directors for proposed changes before discussing the changes with operating management.
D. Speak privately with key client personnel immediately after proposed changes are announced to address their concerns.
Question # 71
Which of the following audit planning activities adds the least value in understanding the current risk exposures facing the corporation?
A. Review of organizational strategic plans and operational plans.
B. Consultation with senior management and the audit committee.
C. Review of the external auditor's risk assessment.
D. Review of corporate performance reporting and benchmarking.
Question # 72
The internal audit activity performs the following sequence of risk management activities: identification, analysis, and evaluation. According to IIA guidance, which of the following assurance approaches does this describe?
A. Process elements approach.
B. Enterprise-wide risk management approach.
C. Key principles approach.
D. Maturity model approach.
Question # 73
According to IIA guidance, which of the following should be considered when creating policies and procedures for the internal audit activity (IAA)?
A. Number of auditors, complexity of audit activities, and structure of the IAA.
B. Number of auditors, complexity of audit activities, and audit staff skills and competencies.
C. Number of auditors, structure of the IAA, and audit staff skills and competencies.
D. Complexity of audit activities, structure of the IAA, and audit staff skills and competencies.
Question # 74
A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an internal auditor look for as an indicator of employee theft of food from a specific store?
A. On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.
B. On a sunny day, total sales are less than expected when compared to the cost of ingredients used.
C. Both total sales and cost of ingredients used are greater than expected.
D. Both total sales and cost of ingredients used are less than expected.
Question # 75
During an audit of a contract for computer security, a governmental auditor finds that a contractor has developed a system that could be the most advanced in the industry. If it seems that the contractor is charging the government for developmental cost of a system that might be sold to other organizations, what is the auditor's best course of action?
A. Estimate the cost to develop the advanced security system and inform the contractor that it will be a disallowed cost.
B. Exclude the observation from the engagement final communication because the contract was vague and the level of security is clearly acceptable.
C. Estimate the added cost, report it to management, and suggest that management meet with its lawyers and the contractor to resolve differences.
D. Compare the cost of the security program with previous costs incurred by governmental operations and inform the contractor that the difference will be a disallowed cost.
Question # 76
Given the scarcity of internal audit resources, a chief audit executive (CAE) decides not to schedule a follow-up of audit recommendations when developing engagement work schedules. Why does the CAE’s decision violate the Standards?
A. It is not the CAE's responsibility to establish a process for a follow-up.
B. Lack of resources is not a sufficient reason to forgo a follow-up.
C. Follow-up actions should take priority over new engagements in scheduling.
D. When resources are scarce, the follow-up can be incorporated into the next engagement.
Question # 77
An auditor-in-charge is preparing her audit team for a consulting engagement at one of the organization's foreign subsidiaries. According to the Standards, which of the following would not be a necessary step prior to beginning the engagement?
A. Verify that none of the audit team worked for the foreign subsidiary within the last year to ensure independence.
B. Agree, in writing, with the subsidiary's senior management regarding the scope of the engagement.
C. Communicate a time frame as well as a contingency plan in the event the engagement may take longer than expected.
D. Communicate what logistical support will be provided by the subsidiary for the duration of the engagement.
Question # 78
An internal audit manager is supervising an engagement. A senior auditor deviates from the approved engagement plan but meets all deadlines in the approved time schedule. Which activity is not required for the audit manager to provide proper engagement supervision?
A. Actively participate in audit procedures.
B. Ensure that all engagement objectives are met.
C. Approve the deviation from the engagement plan.
D. Ensure compliance with the time schedule.
Question # 79
In reviewing the appropriateness of the minimum quantity level of inventory established by a department, an auditor would be least likely to consider:
A. Stockout costs, including lost customers.
B. Seasonal variations in forecasting inventory demand.
C. Optimal order sizes determined by an economic order quantity model.
D. The potential for obsolescence of inventory items.
Question # 80
Under what circumstances would internal audit not become involved when intentional misconduct is suspected?
A. Management is involved in wrongdoing.
B. Management is running a parallel investigation.
C. Management does not believe a trusted employee could be guilty.
D. Management does not maintain strong internal controls.
Question # 81
While performing an audit of the human resources department, an internal auditor discovered unencrypted files containing the personal information of employees stored on a public shared drive. According to IIA guidance, which of the following actions by the auditor would be the most appropriate?
A. Remove the files containing the social security numbers and personal information.
B. Communicate the issue to the chief audit executive as well as IT and legal departments.
C. Change permissions to the shared drive to only allow access to human resources personnel.
D. Immediately review the audit logs to see if anyone has accessed this information and follow-up.
Question # 82
When determining the nature, timing, and extent of follow up, the chief audit executive considers all of the following factors except:
A. Significance of the reported observation or recommendation, degree of effort, and cost needed to correct the reported condition.
B. Impact that may result should the corrective action fail.
C. Authority and responsibility of the person required to take corrective action.
D. Complexity of the corrective action and time period involved.
Question # 83
Which of the following is not likely to be included as an audit step when assessing vendor performance policies?
A. Determine whether agreed-upon lot sizes were sent by vendors.
B. Determine whether only authorized items were received from vendors.
C. Determine whether the balances owed to vendors are correct.
D. Determine whether the quality of the goods purchased from the vendors has been satisfactory.
Question # 84
An internal auditor notices that a division has recorded uncharacteristically high sales and gross margins for the past three months and now suspects the division is reporting fictitious sales. Which course of action should the auditor follow to determine whether fraud has occurred?
A. Trace a sample of shipping documents to related sales invoices to verify proper billing.
B. Send accounts receivable balance confirmations to customers.
C. Compare the division's sales and gross margins to those of the prior three-month period.
D. Estimate the sales and cost of goods sold for the three-month period by using regression analysis.
Question # 85
Which of the following would be the least desirable criteria against which to judge current operations of an organization's treasury function?
A. The operations of the treasury function as documented during the last audit engagement.
B. Company policies and procedures delegating authority and assigning responsibilities.
C. Finance textbook illustrations of generally accepted good treasury function practices.
D. Codification of best practices of the treasury function in relevant industries.
Question # 86
Which of the following is least likely to vary when conducting audit engagements in different regions of an international organization?
A. Application of governmental regulations to business activities.
B. Work schedules and holidays of the individual regions.
C. Level of workpaper documentation needed to support audit observations.
D. Availability of technology and technical support.
Question # 87
An internal auditor has been assigned to perform a quality audit on a manufacturing plant. Which course of action should the auditor perform first?
A. Compare the planned outputs with the actual outputs.
B. Ascertain the costs of materials purchased.
C. Evaluate the plant's ability to meet production quotas.
D. Review the levels of scrap and rework.
Question # 88
What type of analysis is performed when an auditor tests for unusual variations in information by comparing the number of employees working at a factory site with the direct cost of production each month over a period of one year?
A. Trend analysis.
B. Ratio analysis.
C. Regression analysis.
D. Horizontal analysis.
Question # 89
A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:Which of the following statements regarding risk in the department is true?
A. As compared to departments A and C, department B has a stronger control system to compensate for the greater complexity of the department's transactions and dollar value of its assets.
B. The internal audit activity should schedule audits of department B more often than audits of department C because of the relative control strength of department C as compared to department B.
C. The nature of department A's control structure may be justified by the nature of the department's assets and the complexity of its transactions.
D. The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.
Question # 90
The chief audit executive (CAE) notes that management has adopted the option of not taking action on an audit issue involving a sizeable risk which has been accepted in the past. Which would be an appropriate action by the CAE?
A. Close the issue by noting that follow-up will be completed as part of the next
engagement.
B. Discuss the matter with management to determine a resolution.
C. Accept management's decision as the same risk has been accepted in the past.
D. Report the situation to the board for immediate resolution.
Question # 91
Which of the following would most likely contribute to discrepancies between receiving reports and the number of units in a shipment?
A. Failing to compare the quality of goods received with specifications.
B. Using inadequate vendor selection procedures.
C. Accepting improper authorization for purchases.
D. Indicating the quantities ordered on the receiving department's copy of the purchase order.
Question # 92
Because of a new marketing initiative, an organization has reduced requirements for extending credit to new customers. As a result, outstanding accounts receivable as a percentage of revenue has increased significantly during the past two years. Which of the following would be least useful in monitoring this finding?
A. Updates from the manager of accounts receivable regarding collection of outstanding receivables.
B. Updates from the information technology division regarding development of a new accounts receivable system.
C. Updates from the controller regarding the status of corrective actions.
D. Updates from the credit and marketing personnel tasked with reevaluating credit policies.
Question # 93
Persuasive evidence indicates that a member of senior management has been involved in insider trading that would be considered fraudulent. However, the evidence was encountered during an operational audit and is not considered relevant to the audit. Which of the following is the most appropriate action for the chief audit executive to take?
A. Report the evidence to external legal counsel for investigation. Report the legal counsel findings to management.
B. Report the evidence to the chairperson of the audit committee and recommend an investigation.
C. Conduct sufficient audit work to conclude whether fraudulent activity has taken place, then report the findings to the chairperson of the audit committee and to government officials if appropriate action is not taken.
D. Discontinue audit work associated with the insider trading since it is not relevant to the existing audit.
Question # 94
The chief audit executive (CAE) of a multinational entity with highly automated and complex operations has just completed the update of the risk-based audit plan. Interviews with management revealed the introduction of new technology and a significant increase in both the number and severity of technology-based risk exposures. According to the International Professional Practices Framework, which of the following would be the best course of action for the CAE to undertake next?
A. Develop a detailed audit plan that makes the most efficient use and reallocation of
existing internal audit resources.
B. Arrange for the outsourcing of some technology intensive audit processes and procedures based on the plan changes.
C. Evaluate whether appropriate skills and knowledge required to perform the necessary audit work currently exist in the department.
D. Begin planning to recruit information technology audit specialists and other expert personnel into the internal audit activity.
Question # 95
An audit engagement objective at a manufacturer is to determine the quality of raw materials purchased. Which of the following actions would best enable an internal auditor to satisfy this objective?
A. Analyze the provision for sales allowances.
B. Analyze the percentage of scrap incurred during production.
C. Research the rationale for customer returns.
D. Evaluate the volume and characteristics of products rejected during processing.
Question # 96
Which of the following risks assumes an absence of compensating controls in the area being reviewed?
A. Control risk.
B. Detection risk.
C. Inherent risk.
D. Sampling risk
Leave a comment
Your email address will not be published. Required fields are marked *