IIA IIA-CIA-Part2 Exam Dumps

IIA IIA-CIA-Part2 Sample Question Answers

Question # 1

A manufacturing organization is considering a merger with a similar firm, and requests that the chief audit executive (CAE) perform a due diligence audit. During the preliminary survey, the CAE notes that inventory management is a high risk area. In consultation with the external auditors and legal advisors, the CAE learns that they share those concerns. Which of the following is the CAE's best course of action?

A. Perform an independent audit of the merging firm's inventory management practices to verify the concerns and to provide relevant and reliable results to management for their consideration and action. 
B. Advise management that internal audit, external audit, and legal advisors all have concerns about inventory management and, given the high materiality of inventory, management should not proceed with the merger. 
C. Coordinate a review of inventory management with external auditors and legal advisors and ensure each group focuses on their area of expertise to ascertain the extent of the problems, if any

Show Answer

Question # 2

According to the Standards, which of the following should be the basis for scheduling follow-up of engagement recommendations?

A. The follow-up manual procedures.  
B. The internal audit charter.  
C. The agreement made between internal auditors and management.  
D. The risks and exposures involved.  

Show Answer

Question # 3

According to the Standards, which of the following control strategies would be the most effective in helping to prevent fraud?

A. Have employees annually sign a code of conduct requiring that they report any known violations. 
B. Implement a whistleblower hotline where individuals can make anonymous phone calls to report fraudulent activities
C. Provide periodic fraud awareness training to employees and test their understanding of the training through online surveys. 
D. Conduct routine employee surveys to solicit their knowledge of fraud and unethical behavior within the organization. 

Show Answer

Question # 4

Which of the following would not include recommendations for process improvements? 

A. Due diligence engagement.  
B. Forensic investigation.  
C. Internal audit engagement.
D. Consulting engagement.  

Show Answer

Question # 5

Which of the following events would most likely cause the chief audit executive to considerchanging the current year's audit plan?The government announced that new regulatory requirements will be introduced in thecoming years which may significantly impact the organization's primary product.A major competitor unexpectedly introduced a new model at a lower price point to competewith the organization's market leading product.The organization announced a new joint venture with a long time corporate partner tointroduce a new product with development costs and sales beginning next fiscal year.An equal joint venture partner filed a lawsuit against the organization and requested thatthe court issue an immediate suspension of future product shipments.

A. 1 and 2 only  
B. 1 and 3 only  
C. 2 and 4 only  
D. 3 and 4 only  

Show Answer

Question # 6

An internal auditor was assigned to conduct an inventory control and stock room area engagement. During the audit, the auditor observed that there were some items that have a shelf life expiration date requirement based on a certificate of conformance received with the product. The certificates of conformance are kept on file in the inventory area office and the expiration date is verified at the time the item is taken from stock. The auditor reviewed the items in the stock room and also on the production floor for the expiration dates to see if there was any expired product. All items with a shelf life requirement were found to be within the expiration date requirement. Which of the following recommendations would be appropriate? 

A. Take no action, because all the items were within the expiration date requirement, and no corrective action is needed
B. Permit production staff the access to files where the certificates of conformity are kept, so they can choose the items with the closest expiration date. 
C. Determine the cost of inventory for the items that have a shelf life and apply a new policy regarding inventory levels to be maintained (i.e., minimums, maximums, reorder points etc.).
D. Add to the product label a "use by date" line, enter the expiration at the time of receipt, and perform periodic inventory checks.

Show Answer

Question # 7

According to IIA guidance, which of the following are potential benefits of using an assurance map?

A. Indication of any gaps in assurance coverage, and improved relevance of assurance recommendations.
B. Identification of duplicate or overlapping assurance activities, and improved relevance of assurance recommendations. 
C. Indication of gaps in assurance coverage, and enhanced effectiveness of assurance providers. 
D. Enhanced effectiveness of assurance providers, and improved relevance of assurance recommendations.

Show Answer

Question # 8

The chief audit executive (CAE) is adding a new audit position to the team. According to the International Professional Practices Framework, which of the following candidates would the CAE be least likely to accept for the position?

A. The candidate is applying for an IT audit position, while originally coming from an IT background, but has only experiences of financial and compliance audits in the previous position. 
B. The candidate is knowledgeable about potential indicators of fraud including typical risks, but has only participated as a staff auditor in one investigative fraud audit. 
C. The candidate meets the minimum educational requirements established by the chief audit executive, but has less formal education than any of the other candidates being considered.
D. The candidate provides examples of previous reports demonstrating excellent writing skills, but lacks ability to clearly communicate ideas and conclusions in a meeting.

Show Answer

Question # 9

If the chief audit executive believes that senior management has accepted a level of residual risk that is unacceptable to the organization, they should:

A. Accept the decision of senior management as they are ultimately responsible for risk management. 
B. Report the concern directly to the board.  
C. Discuss the concern with management and if not resolved, escalate it to the board.  
D. Disclose the issue in the audit report when auditing the area where the risk was identified. 

Show Answer

Question # 10

An internal auditor for a large telecommunications organization identified potential risk factors related to a planned billing system conversion. Which of the following risk factors would present the least potential exposure to the organization?

A. Critical customer support functions are not available for a short period.  
B. Invoice generation disruptions due to required maintenance.  
C. Inaccurate billing of telephone calls due to database error.  
D. End user criticism and lack of support for the new system.  

Show Answer

Question # 11

Which of the following topics must the internal audit staff discuss with management duringthe exit conference?1. Issues identified during the audit.2. Evaluation criteria used to select controls for testing.3. Staff who were interviewed during the audit.4. The reporting process for the draft and final report.

A. 1 and 3 only  
B. 1 and 4 only  
C. 2 and 3 only  
D. 2 and 4 only  

Show Answer

Question # 12

An organization does not have a formal risk management function. According to theStandards, which of the following are conditions where the internal audit activity (IAA) mayprovide risk management consulting?1. There is a clear strategy and timeline to migrate risk management responsibility back tomanagement.2. The IAA has the final approval on any risk management decisions.3. The IAA does not give objective assurance on any part of the risk managementframework for which it is responsible.4. The nature of services provided to the organization is documented in the internal auditcharter.

A. 1, 2, and 3 only  
B. 1, 2, and 4 only  
C. 1, 3, and 4 only  
D. 2, 3, and 4 only  

Show Answer

Question # 13

When establishing the internal audit activity's annual plan, which of the following would be the best source of potential audit engagement topics?

A. The organization's budget.  
B. Operations involving cash transactions.  
C. Recent changes in management objectives.  
D. Risk factors utilized in the organization's risk models.  

Show Answer

Question # 14

Due to the expanded role of internal audit in the organization, the chief audit executive (CAE) of a construction company decides to employ the services of an outsourced audit service provider to augment the internal audit staff. What does the CAE need to consider in determining whether the outsourced audit service provider possesses the necessary knowledge, skills and other competencies to perform an audit engagement? 

A. Specific matters expected to be covered in the engagement communications.  
B. The financial interest that the external service provider may have in the organization.
C. The extent of other ongoing services the external service provider may be performing for the organization.  
D. The reputation of the external service provider.  

Show Answer

Question # 15

During the audit of a large decentralized supply chain function, the chief audit executive(CAE) receives serious allegations of fraud concerning the vice president responsible forthis function. The CAE engages a third party to provide forensic audit services and lead theinvestigation portion of the engagement. As part of this team, which of the following wouldbe an appropriate role for the investigator?1. Authenticate the original approval signatures on contracts.2. Interview personnel to understand the supply chain processes.3. Provide certified copies of relevant original documents for the audit file.4. Identify variances in pixels on original electronic documents.

A. 1 and 2 only  
B. 1 and 4 only  
C. 2 and 3 only  
D. 3 and 4 only  

Show Answer

Question # 16

When approving the final engagement report, which of the following is most critical? 

A. Opinions are adequately supported.  
B. Conclusions are reached for all objectives.  
C. Report is distributed to appropriate parties.  
D. Report is clear and concise.  

Show Answer

Question # 17

An organization has acquired a new line of business. None of the organization's internal auditors have the required expertise to perform an internal audit of the new business line; therefore, the chief audit executive (CAE) has contracted the services of an external audit firm to perform the engagement. The CAE has assigned a member of the internal audit team to assist the external team with the engagement. According to the Standards, which of the following statements is true regarding supervision of the engagement?

A. The CAE may rely upon the external firm's auditor in charge to supervise the engagement. 
B. The external firm's auditor in charge must defer to the judgment of the CAE for any disputes.
C. The CAE is not responsible for the quality of an audit performed by an external firm.  
D. The CAE should not assign an inexperienced staff member to assist with the engagement. 

Show Answer

Question # 18

Which of the following is correct with respect to roles within an enterprise-wide riskmanagement process?1. The board provides oversight to the risk management process.2. Executive management owns the risk management framework.3. Senior management is assigned ownership of risks.4. Internal audit modifies the risk assessment determined by management.

A. 1 and 2 only  
B. 3 and 4 only  
C. 1, 2, and 3 only  
D. 1, 2, 3, and 4  

Show Answer

Question # 19

Which of the following is a preventive control for fraud?

A. Determining if the number of manually prepared disbursement checks is high.  
B. Reconciling the purchase orders with the requisitions.  
C. Verifying that new vendors appear on the vendor pre-approved list.  
D. Conducting an inventory count of the warehouse.  

Show Answer

Question # 20

Which two of the following considerations must an internal auditor take into account whileplanning an audit of an accounting system/application that has been in use for the last fiveyears?• The level and manner of linkages between the business' mission, objectives, andstructure and the accounting system/application.• Presence or absence of computerized and manual controls that address risks.• Identification of risks at the application level, e.g. availability and security of the system.• Testing of the system/application for bugs and errors. 

A. 1 and 3 only  
B. 2 and 3 only  
C. 2 and 4 only  
D. 3 and 4 only  

Show Answer

Question # 21

An organization has an opening for an entry-level internal audit position. When interviewing for the position, which of the following is the least important skill for an entry-level internal auditor?

A. Conflict resolution skills.  
B. Communication skills.  
C. Time management skills.  
D. Interpersonal skills.  

Show Answer

Question # 22

Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailed audit work begins?

A. The objectives of the audit should be set.  
B. The organization's management should be informed about the work to be performed.  
C. Attention should be devoted toward the key audit areas.  
D. The timing of the audit should be set.  

Show Answer

Question # 23

Which of the following documents should the chief audit executive review and approve?1. Workpaper retention policy.2. Audit committee meeting minutes.3. Internal audit handbook.4. Quarterly financial statements

A. 1 and 2 only  
B. 1 and 3 only  
C. 2 and 4 only  
D. 1, 3, and 4 only  

Show Answer

Question # 24

While reviewing the draft report of an audit engagement, the chief audit executive (CAE) isnot in agreement with management's acceptance of the potential risk exposure resultingfrom an observed key control weakness. Which of the following actions by the CAE wouldbe appropriate for addressing this concern?• Meet with the auditor-in-charge.• Discuss with senior management.• Monitor the result of the accepted risk.• Report the matter to the board. 

A. 1, 2, and 3 only  
B. 1, 2, and 4 only  
C. 1, 3, and 4 only  
D. 2, 3, and 4 only  

Show Answer

Question # 25

Which of the following is the least relevant when preparing the internal audit activity's annual engagement plan?

A. Senior management's requests for internal audit engagements.  
B. A rotation of internal audit engagements selected on a time basis.
C. The organization's current risk priority and exposure.  
D. Coordination with the audit plans of the external auditor.  

Show Answer

Question # 26

Controls are implemented to: 

A. Eliminate risk and reduce the potential for loss.  
B. Mitigate risk and eliminate the potential for loss.  
C. Mitigate risk and reduce the potential for loss.  
D. Eliminate risk and eliminate potential for loss.  

Show Answer

Question # 27

Which of the following is not true regarding the management of internal audit resources? 

A. A minimum level of information technology knowledge is necessary.  
B. The adequacy of internal audit resources is ultimately a board responsibility.  
C. Resources include external service providers and computer-assisted audit techniques.  
D. Skills availability must be aligned with financial constraints.  

Show Answer

Question # 28

Which of the following is an advantage to using the questionnaire approach when conducting risk and control self assessments?

A. Responses can easily be quantified and analyzed.  
B. Follow-up for clarification is efficient.  
C. It is educational for participants.  
D. It allows for in-depth probing of issues.  

Show Answer

Question # 29

During the planning phase of an audit of the treasury function, an internal auditor conducted a risk assessment of the function in order to: 

A. Report any high-risk exposures of the treasury function to management and the board.  
B. Determine whether appropriate resources are present to carry out the treasury function.  
C. Comply with the internal audit charter and applicable regulatory requirements.  
D. Identify areas of the treasury function that should be considered for potential engagement objectives. 

Show Answer

Question # 30

According to the International Professional Practices Framework, which of the following should be excluded from a final communication for a performance audit engagement?

A. Recommendations and conclusions.  
B. The internal auditor's unbiased opinion.  
C. Timely and relevant information.  
D. Legal opinions related to illegal acts.  

Show Answer

Question # 31

According to the Standards, which of the following best describes the responsibility of thechief audit executive (CAE) for approving the final engagement report?• The CAE is responsible for obtaining management approval before issuing the finalreport.• The CAE has overall responsibility for the report but can delegate the review andapproval of the report.• The CAE is responsible for obtaining senior management's approval before releasing thefinal report.• The CAE is responsible for approving to whom and how the final report will bedisseminated. 

A. 1 and 3 only  
B. 1 and 4 only  
C. 2 and 3 only  
D. 2 and 4 only  

Show Answer

Question # 32

The chief executive officer has requested that the chief audit executive (CAE) coordinate the establishment of an enterprise risk management (ERM) program for the organization. Which of the following would be the most appropriate action for the CAE?

A. Accept the request as the role of coordinating ERM is a core function of internal audit.
B. Decline the request as this role compromises the CAE's objectivity.
C. Accept the request after consulting with the board and adhering to proper safeguards.
D. Decline the request as internal audit has limited knowledge and experience of risk at the enterprise level to undertake the assignment.

Show Answer

Question # 33

The chief audit executive (CAE) of a large retail operation believes that senior managementhas accepted a level of risk that exceeds the organization's current risk tolerance withrespect to a major expansion. The CAE plans to meet with senior management to discussthese concerns. According to IIA guidance, which of the following would be an appropriatecourse of action in preparation for this meeting?• Understand management's basis for the decision.• Advise the board of the concern and upcoming meeting.• Ascertain which members of management have accepted the risk.• Determine if management has the authority to accept the risk.

A. 1 and 2 only  
A. 1 and 2 only  
C. 2 and 3 only  
D. 3 and 4 only  

Show Answer

Question # 34

Why should internal auditors develop a strong relationship with the external auditors?

A. External auditors offer an additional layer of approval to internal auditors' reports.
B. External auditors can help improve the effectiveness of internal control sampling techniques.
C. External auditors can offer an independent and knowledgeable viewpoint.
D. External auditors can share information gained from work with similar clients.

Show Answer

Question # 35

During an engagement the internal auditors reported that the organization was paying suppliers without receiving the merchandise. Management responded that it would immediately establish the use of receiving reports. As part of the follow-up activity, which of the following procedures would be the most appropriate in determining that management action was implemented?

A. Ask management if the new policy related to the receiving reports is in place.  
B. Select a sample of receiving reports and determine if payments were made.  
C. Interview warehouse employees to ascertain adherence to new policy.  
D. Select a sample of payments and determine if a receiving report exists.  

Show Answer

Question # 36

An internal auditor has just undertaken an organization-wide risk assessment. In identifying potential audit engagements the internal auditor should consider least:

A. Focusing on the high risk areas as sources of potential engagements.
B. Focusing in areas not audited last year.
C. Factoring in management requests.
D. Focusing on those risks highlighted by the external auditor.

Show Answer

Question # 37

Which of the following statements is true? 

A. Consulting engagements provide the internal audit activity with flexibility to add value and do not need to be included in the long-range audit plan. 
B. The internal audit activity's plan of engagments must be based on a formal quantitative risk assessment.
C. The chief audit executive should consider changes to the long-range audit plan based on the requests of business unit managers. 
D. A risk assessment on which to base the internal audit activity's long-range plan must be undertaken at least once every three years. 

Show Answer

Question # 38

According to the International Professional Practices Framework, which of the following statements is true regarding the use of the statement, "Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing," when communicating results of a seven-year-old internal audit activity?

A. The statement may be used only when conducting international engagements.
B. The statement may be used only if the results of the quality assurance and improvement program support the statement.
C. The statement may be used whether or not the internal audit department has an external quality assessment review or an independent validation of a self assessment.
D. The statement should not be used for a consulting engagement.

Show Answer