IIA-CRMA-ADV Sample Questions Answers

The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.

The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.

The assigned internal auditor must not assume management responsibilities while performing the engagement.

The assigned internal auditor must maintain objectivity while performing the engagement.

Risk identification.

Risk appetite.

Risk capacity.

Risk tolerance.

1 and 2 only

3 and 4 only

1, 2, and 4 only

1, 2, 3, and 4

Internal assessments are conducted to benchmark the internal audit activity's performance against industry best practices.

Internal assessments must be performed at least once every five years by a qualified assessor.

An internal auditor may perform a peer review of a colleague's workpapers, as long as the auditor wasn't involved in the audit under review.

Follow-up to ensure appropriate improvements are implemented is a recommended, but not mandatory, element of internal assessments.

To help the internal audit activity complete its annual assurance plan.

To identify inefficiencies within the internal audit team.

To help improve the overall quality of the internal audit activity's work.

To identify key risks and areas of concern within the organization.

An employee includes a faked receipt in his expense claim, and the claim is signed by the employee's manager.

A vendor inflates the price of an item and remits a portion of the excess to the purchasing manager.

A vendor sends a duplicate invoice with a new invoice number, and the accounts payable system fails to detect the duplication.

An employee works with the IT manager to develop a program for identifying duplicate invoice payments.

Internal audits.

Whistleblower hotline.

Key controls.

External audits.

1 and 4.

1 and 3.

2 and 3.

3 and 4.

Internal control checklist.

Procurement employee survey.

Cross-functional flow chart.

Segregation of duties matrix.

1 and 2 only.

2 and 3.

3 and 4.

1,2, and 4.

Internal auditors shall continually improve their proficiency and effectiveness and quality of their services.

Internal auditors shall respect and contribute to legitimate and ethical objectives of the organization.

Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.

Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.

1 and 4

2 and 3 only

1, 2, and 3

2, 3, and 4

Competent, corroborative evidence of future working capital requirements.

Sufficient, analytical evidence of the cash flow position at a given point of time in the future.

Competent, documentary evidence of future cash flow changes within the organization.

Sufficient, circumstantial evidence of the future solvency of the organization.

CAE reviews and approves the annual audit plan.

CAE meets privately with The CEO at least annually.

CAE meets privately with The board at least annually.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Quality assessments and cultural biases of the internal audit activity.

Rotational assignments and familiarity of the internal audit activity.

Employee incentives and self review of the internal audit activity.

Organizational positioning and scope control of the internal audit activity.

The sample to be representative of the population.

The sample to be selected haphazardly.

A smaller sample size than if selected using statistical sampling.

Projecting the results to the population.

Hedging against exchange rate variations.

Limiting access to an organization's data center.

Selling a nonstrategic business unit.

Outsourcing a high-risk activity.

The external assessment results are reported upon completion in confidence directly to the board, and senior management is advised only of the recommendations and improvement action plans.

The results of self-assessments with independent external validation are shared with the board upon completion, and monitoring of recommended improvements must be reported monthly.

The external assessment results are communicated upon completion to senior management and the board, but action plans for recommended improvements do not have to be reported.

The requirements for reporting quality assessment results are the same for external assessments and self-assessments with independent external validation.

The bottom of the pyramid responsibility.

Innovative responsibility.

Ethical responsibility.

Discretionary responsibility.

Manage and support a quality assurance and improvement program.

Maintain industry-specific knowledge appropriate to the audit engagements

Set clear performance standards for internal auditors and the internal audit activity.

Apply problem-solving techniques for routine situations.

Maintaining custody of inventory records.

Collecting payments on accounts.

Approving changes to employee records.

Preparing customer statements.

When planning assurance and consulting engagements, internal auditors must consider the strategies and objectives of the activity being reviewed.

Internal auditors determine the engagement objectives, scope, and work program for both assurance and consulting services.

Internal auditors must not provide assurance or consulting services for an activity for which they had responsibility within the previous year.

Both assurance and consulting services generally involve the internal auditor, the area under review, senior management, and the board.

Condition section.

Criteria section.

Effect section.

Cause section.

She may participate, but only after she has completed one year with the IAA.

She may participate, because she did not previously work in the Human Resources Department.

She may participate, but she must be supervised by the auditor in charge.

She may participate for training purposes, to build her knowledge of the IAA.

Replace the auditor with another audit staff member.

Continue with the present auditor, as more than one year has passed.

Withdraw the audit team and outsource the financial audit of the division.

Work with the division's management to resolve the situation.

Determine the organization's overall risk appetite.

Establish a governance committee.

Delegate authority to members of senior management.

Identify key stakeholders and their expectations.

Suggesting alternatives to decision makers.

Improving the integrity of information.

Determining the scope of internal audit services.

Achieving engagement objectives.

Objective setting.

Control activities.

Information and communication.

Event identification.

Fraudulent statements.

Bribery.

Misappropriation of assets.

Corruption.

The training courses necessary to enhance the internal auditor's knowledge, skills, and other competencies.

The appropriateness of assurance procedures necessary to ensure all significant risks will be identified.

The use of innovative technology and data analysis techniques.

The extent of work needed to achieve the engagement’s objectives.

Planning an engagement of the area in which fraud is suspected.

Employing audit tests to detect fraud.

Interrogating a suspected fraudster.

Completing a process review to improve controls to prevent fraud.

4 and 5 only.

1.2, and 3 only.

1.2. 4. and 5 only.

2. 3. 4. and 5 only.

Leadership.

Documentation.

Analysis.

Reporting.

1 and 2.

1 and 3.

2 and 3.

2 and 4.

To enable Triple Bottom Line reporting capability.

To facilitate the conduct of risk assessment.

To achieve and maintain sustainable development.

To fulfill regulatory and compliance requirements.

Human resources personnel add employees, and payroll personnel process hours and enter employee bank account numbers. Paychecks are automatically deposited in the employee's bank account.

Human resources personnel add employees, payroll personnel process hours, and human resources personnel deliver paychecks to employees.

Human resources personnel add employees, review and submit payroll hours to the payroll department for processing, and deliver paychecks to employees.

Human resources personnel add employees and enter employee bank information. Payroll personnel process hours, and paychecks are automatically deposited in the employee's bank account.

Requesting a private meeting with senior management, without the presence of the chief audit executive.

Intervening during an audit involving ethical wrongdoing.

Discussing periodic reports of ethical breaches.

Authorizing an investigation of an unsafe product.

Statistical sampling only

Nonstatistical sampling only

A combination of both statistical and nonstatistical sampling.

Neither approach to testing the audit theory would be cost effective.

Pressure or incentive.

Opportunity.

Rationalization.

Commitment.

It ensures that all members of the profession possess the same level of competence.

It provides auditors with protection from lawsuits.

It guides internal auditors in their service to others.

It requires auditors to exhibit loyalty to their organizations.

A library control log.

A review of exception reports.

A password lock on a server.

A software scan of financial records for irregularities.

Restrict data-table access from management and line supervisors who have the authority to determine pay rates.

Require a supervisor in the department, who has the ability to change the table, to compare the changes to a signed management authorization.

Ensure that adequate edit and reasonableness checks are built into the automated system.

Require a manager, who is independent of the system and who cannot change the table, to authorize and sign-off on any employee pay changes.

1 only

2 only

3 only

1 and 2 only

Monthly bank reconciliations are performed by the clerk on a timely basis.

Total cash deposits for the month are reconciled to the cash receipts journal.

Names, amounts, and dates on remittance advices are reconciled with the names, amounts, and dates recorded in the cash receipts journal.

Total cash deposits are compared with the bank reconciliation.

Human resource policies.

Tone at the top.

Reconciliations of primary accounts.

Inventory counts.

An internal auditor performing an audit on an operation that they managed less than a year ago.

An internal auditor performing an audit on procedures that they were responsible for creating.

An internal auditor disclosing details of an audit report to colleagues from a different organization.

An internal auditor disclosing confidential information in response to a lawsuit.

1 and 2 only

3 and 4 only

1, 3, and 4 only

2, 3, and 4 only

Management may be concerned about its reputation in the financial markets.

Management is following best-practice protocol, as stipulated by the Standards, which states that internal auditors must review quarterly financial statements.

Management may be concerned about potential penalties that could occur if quarterly financial statements are misstated.

Management may perceive that having quarterly financial information examined by the internal auditors enhances the information's value to internal decision making.

Purchasing department.

Compliance department.

Credit department.

Internal audit department.

Review notes of questions that arise during the review process must be retained.

Dating and initialing each workpaper provides evidence of review.

Workpaper review allows for staff training and development.

Workpapers may be amended during the review process.

Competence.

Flexibility.

Objectivity.

Independence.

The CAE should agree with the audit committee and implement only those standards appropriate to the size of the IAA.

The CAE should request the audit committee to review the Standards to identify specifically which are creating the greatest concern.

The CAE should seek sufficient funding to increase audit resources to meet the minimum requirements of the Standards.

The CAE should explain that conformance with the Standards is essential and not dependent upon the size of the IAA.

A change was implemented requiring the IAA to report administratively to the organization's chief legal counsel rather than the board.

Responsibility for risk management processes were removed from the IAA and placed under a newly created chief risk officer.

The IAA was denied access to expenditure and budget requirement reports because the reports were considered to be financial administrative matters.

An internal auditor was informed by the chief financial officer that client survey results would be unfavorable unless the auditor changed a finding in the report.

A review of audit staff education and training records.

Information about the audit staff size and composition of comparable organizations.

Results from discussions of audit needs with executive management and the audit committee.

The results of the audit staff's most recent performance reviews.

Obtain specific answers and maximize efficiency.

Gather factual data on several different topics.

Determine agreement or disagreement with a stated viewpoint.

Obtain information based on the person's own perspective.

The internal auditor reviews the physical access to merchandise during an inventory count.

The audit manager conducts an internal quality assessment of the internal audit activity’s adherence to the Standards.

The audit manager refrains from assigning an auditor who was a former payroll clerk to conduct a payroll audit.

The board approves the annual performance evaluation of the chief audit executive.

Resource management.

Coordination.

Due professional care.

Engagement supervision.

Creating an audit trail.

Placing controls on physical access to inventory.

Reconciling purchase orders with approvals.

Reviewing expense accounts for irregularities.

The CAE initials and dates every working paper after it has been reviewed.

The CAE completes an engagement working paper checklist.

The CAE prepares a memorandum discussing the results of the working paper review.

The CAE utilizes an external third party to make an objective recommendation after each working paper review.

Because management requires the review to measure effectiveness of the internal audit activity.

So that the individual objectivity of the internal audit staff can be more clearly established.

So that there is assurance of the internal audit staff's proficiency to complete audit activities.

Because changes in the organization may impair the internal audit activity's ability to meet its objectives.

Accept the assignment and use control self-assessment to complete the project.

Do not accept the assignment because the internal audit activity lacks the competency to perform the engagement with due professional care.

Accept the assignment and use an external provider with the necessary knowledge and skills to perform the engagement.

Accept the assignment if the engagement is included in the current audit plan, but inform senior management that the current audit staff does not have the knowledge and skills required.

Analytical review.

Inquiry.

Document verification.

Observation.

Apply antivirus and patch management software.

Utilize dedicated and encrypted network connections.

Install a software inventory management application.

Utilize secure socket layer encryption.

It increases the likelihood of obtaining the audit client's agreement with the results.

It ensures that an appropriate chain of evidence is maintained through the workpapers.

It helps ensure that appropriate professional judgments and conclusions are made.

It is required to demonstrate that effective engagement supervision has occurred.

Customers' orders are recorded promptly.

Goods shipped are matched with valid customer orders.

Goods returned are inspected for damage by the receiving department for proper disposition.

Sales department approval is required for credit sales transactions.

The periodic rotation of procurement officers' assignments to supplier accounts.

A pre-award financial capacity analysis of suppliers.

An automated computer report, organized by supplier, of any invoices for the same amount.

Periodic inventories of kiln-dried wood at the organization's warehouse.

Outsource the audit engagement to a qualified external auditing firm without burdening the audit committee with the decision.

Determine the requisite knowledge needed, and obtain the proper training for auditors, even if the training will significantly push back the project's timeframe as outlined by the audit committee.

Notify the audit committee of the problem, and assign the most competent auditors on staff to perform the audit engagement.

Employ the skills of a financial derivatives expert to consult on the project, and supplement the consulting with a local seminar on financial derivatives.

Governance, risk, and control.

Performance management.

Business acumen.

Internal audit delivery.

The audit report included a well-supported recommendation for a reduction in staff even though such a reduction might adversely impact morale.

The auditor tested samples of transactions to test the cash function's process flows.

After determining that the cash function internal controls were strong, the audit report assured senior management that fraud was not present.

The auditor discovered an instance of potential fraud and reported it immediately to management, but did not alert authorities outside the organization.

An organization lacks a whistleblower hotline for reporting suspicious activity.

A senior manager has been delegating the authority to sign-off on small dollar amount purchases to a subordinate.

An employee in charge of payroll disbursements has rotated these duties with several colleagues.

An employee with significant personal debt is in charge of handling large wire transfers for the organization.

"Completed with the advance certification of the External Assessors Association for Auditing Review."

"Conforms with the International Standards for the Professional Practice of Internal Auditing."

"Certified 100% accuracy, per the International Standards of External Assessment."

"Compliant with all domestic and international legal statutes, and certified quality assured for ten years."

A physical security control over a data center.

A system development life cycle control.

A program change management control.

An input control over data integrity.

The purpose of the IAA.

The IAA's right to have unrestricted access to functions, records, personnel, and physical property.

A detailed audit plan or program for the year.

The job specifications and descriptions of the internal audit staff.

The CAE should not interfere because there is no evidence that a conflict of interest has occurred.

The CAE should remind the senior auditor of his obligation to be objective and impartial.

The CAE should change the senior auditor's assignment and take corrective action for the auditor's failure to disclose the conflict of interest.

The CAE should require the senior auditor to disclose the relationship in writing before continuing his responsibility for monitoring procurement.

To depict the areas of responsibility for departments in an organization.

To plan and control complex projects, such as internal audits.

To represent the frequencies of adverse conditions in a given process.

To identify the possible causes of adverse conditions.

The CFO determines the scope of internal audit work in the accounting department.

The CFO manages the accounting of the budget for the internal audit function.

The CFO administers the annual evaluation process for the internal auditors.

The CFO provides feedback on the CAE's audit reports.

Evaluating risk management processes.

Recommending accountability for risk management.

Providing assurance that risks are evaluated correctly.

Supporting managers to identify ways to mitigate risks.

1 and 3 only

1 and 4 only

2 and 3 only

2 and 4 only

The government's independent auditor.

The external auditors from an accounting firm.

The internal audit activity.

The agency's chief compliance officer.

The audit engagements to be performed during the upcoming year.

The internal audit activity's position within the organization.

The scope of internal audit activities.

Management and the board of directors' agreement regarding the roles and responsibilities of the internal audit activity.

A log from the last year that includes dates of travel, conference titles, and conference objectives, all of which correspond with employee names and costs per trip.

A log that includes titles of conferences that all employees were invited to attend in the last year, along with the dates of those conferences and average costs per traveler.

A log of conferences titles, dates of travel for each employee, and a detailed summary of conference objectives and how they relate to the organization's mission needs.

A log of employee travel requests, which include the title of each conference, the conference objectives, anticipated dates of travel, and estimated costs.