IIA-CIA-Part1 Sample Questions Answers

Risk management ensures the ability to eliminate potential hazards to the organization.

Risk management includes consideration of potential opportunities for the organization.

Risk management aids with the establishment of appropriate key performance indicators.

Risk management increases employees' commitment and belief in strategic goals.

It is best if the mentor is the chief audit executive.

Mentor meeting documentation should be retained in personnel files.

It should target both new hires and highly experienced staff.

Meetings with mentors should be formal and scheduled.

Number of mitigating controls.

Effectiveness of the control environment

Use of computer-assisted auditing techniques.

IT security controls

The organization has identified all applicable operational and financial risks.

The organization has documented its strategic and business objectives.

The organization has selected risk responses aligned with its risk appetite.

The organization has documented risk information pertinent to its business.

Soft controls should not be audited due to subjectivity issues.

There are no effective tools to use for audits of soft controls.

Traditional testing is less suitable for soft controls assessment.

Management input is the best source for assessment of soft controls.

The chief audit executive is well qualified and has responsibilities over operational areas that the internal audit activity assesses.

Periodic self-assessments are assigned to entry-level internal audit staff to support their continuing professional development.

All audit workpapers are reviewed and signed by the engagement supervisor before the audit report is issued.

Employees who rotate into the internal audit activity from other areas of the organization are assigned to audit areas where they previously worked, to take advantage of their operational expertise and experience.

Fraud specialists are better at using computer-assisted audit techniques

Fraud specialists are better equipped to act as an expert witness in court

Fraud specialists are better able to properly apply due professional care

Fraud specialists are better at using crime scene investigation techniques

Becoming a voting member of the organization's internal ethics council.

Performing an annual organizationwide employee survey.

Reviewing all departmental ethics-related policies.

Conducting annual ethics training for all employees.

Integrity

Proficiency

Due Professional Care

Competency

The internal audit activity used a risk-based approach to create the internal audit plan.

The engagement supervisor considered requests from senior management regarding engagements to include in the internal audit plan.

The CAE only accepted engagements that the internal audit activity collectively had the knowledge to perform.

The area under review restricted the internal audit activity's ability to access records, impacting the audit results.

Take no action, as there is no impairment to independence.

Remove the new internal auditor from the engagement team.

Discuss the matter with the appropriate personnel to alleviate concerns.

Closely supervise the new auditor and carefully review his work.

Support of good governance and controls.

Enhancement of organizational value.

Protection of tangible and intangible assets.

Provision of professional advisory and assurance services.

Implement a uniform professional development plan for the internal audit activity.

Create a formal development agreement with each individual staff auditor.

Require each internal auditor to obtain the same professional certifications.

Require training and developmental activities that are sponsored by The HA.

Factitious vendors are entered into the system, possibly resulting in improper disbursements.

Bad debt expense is intentionally omitted from the financial statements.

Certain costs are capitalized, rather than expensed.

A related party receives benefits not appropriate in an arm's-length transaction.

An internal auditor delays reporting material financial statement audit findings until after his parents sell all of their stock in the company

Following the restructuring of the organization, the internal audit activity now reports functionally to the chief financial officer

A new member of the internal audit activity, who was the accounts payable supervisor for two years, is asked to consult on the implementation of a new accounts payable system

Believing there must be errors in a given balance sheet account the internal auditor decides to expand his testing

Auditors must have an IT specialty in at least one of their organization's key information technology systems.

Auditors must be proficient in data analysis and computer assisted audit techniques for their organization.

Auditors must understand their organization's integrated test facilities and generalized audit software.

Auditors must understand their organization's IT governance, risk, and control processes.

Consulting engagements typically involve four or five parties: the internal audit activity, engagement client, senior management, board, and sometimes the external auditor.

The scope of a consulting engagement is determined by either the engagement supervisor or chief audit executive, and it is finalized prior to beginning fieldwork.

According to the Standards, internal auditors are permitted to carry out certain management functions during a consulting engagement.

A preliminary risk assessment may not be needed for consulting engagements, because the expectations and objectives of the engagement are determined by the engagement client.

Internal auditors' level of competencies and skills.

The manner in which the internal audit activity is viewed by the board.

Evaluation of staff certifications and continued development.

Effectiveness of the quality assurance and improvement program.

Documented assessment was performed by the audit committee and confirmed conformance.

Internal and external assessments are performed annually, and nonconformance results are reported to the board.

The independent and objective judgement of the chief audit executive confirmed conformance with the Standards.

Documented internal assessments are performed periodically and confirm conformance.

The length and consistency of the auditor's work experience

The auditor's demonstrated problem-solving skills

The auditor's skills compared to those already possessed by other audit staff

The auditor's ability to be self motivated and a good team player

Report the impairment to senior management

Discuss the impairment with the audit manager

Ascertain the best approach to disclose the impairment.

Decide on the extent of impact of the impairment

Remind the chief audit executive (CAE) that he is responsible for her continuing professional development and needs to address the issue

Contact her professional organization and explain that she does not need formal professional development, as she is being developed sufficiently through undertaking audit engagements.

Accept that she is unlikely to meet continuing professional development requirements but look to attend training courses at the next available time.

Accept that she is responsible for her own continuing professional development, develop a professional plan, and discuss it with the CAE.

Accountability risk.

Communication risk.

Knowledge risk.

Cultural risk.

This situation does not necessitate any action related to the auditor's objectivity.

The auditor should decline to perform the audit because personal conflicts of interest are likely.

The auditor must disclose to the chief audit executive that this situation may impair her objectivity.

The auditor can provide only consulting services, not assurance.

Politely decline the engagement due to a lack of qualified staff available at the time.

Complete the engagement as requested, with the best of the current staffs abilities.

Consider using employees from other departments in the organization on the audit team.

Change the scope of the testing to ensure that only available staff proficiencies are used

Communicating to internal audit staff instructions for completing engagements within shorter time periods.

Requesting additional funding from the board to train internal audit staff on time and resource management.

Implementing the use of agile auditing during engagements to meet expectations.

Encouraging internal audit staff to participate in workshops to further develop their understanding of the organization's strategies.

The internal audit activity uses key performance indicators for all staff members after all audit engagements.

The internal auditors provide assurance to third parties indicating that their work was properly supervised.

The internal auditors demonstrate they have an understanding of engagement objectives and scope.

The internal auditors are heavily involved in training and development to enhance their skills.

Analyzing the results of successful testing of controls and monitoring procedures implemented by management

Determining that there are no gaps between the internal auditors' risk assessment and the risk assessment performed by the organization

Obtaining evidence that employees throughout the organization are aware of the organization s risk appetite

Verifying that previously identified organizational risks were documented in board meeting minutes

Review payments made for the financial services software.

Confront a procurement specialist with the suspicion.

Submit an anonymous tip to the whistleblower hotline.

Analyze technical terms and conditions of the tender.

Monitor and review

Performance measurement.

Setting the context.

Communication.

Risk acceptance.

Risk avoidance.

Risk sharing.

Risk reduction.