Practice Free IIA-CIA-Part1 Exam Online Questions
Question #100
Which of the following would be considered a primary control to reduce the risk associated with setting up duplicate vendors?
- A . Receipt of a signed and approved vendor setup form.
- B . Segregation of duties between setting up vendors and making vendor payments.
- C . System validation and edit checks on vendor identification number
- D . A vendor setup policy and procedure.
Correct Answer: C
C
Explanation:
System validations and edit checks on vendor identification numbers are primary controls that effectively reduce the risk of setting up duplicate vendors in the system. These controls ensure that each vendor’s information is unique and verified against existing records before a new vendor is entered into the system, thereby preventing duplication.
Reference: Institute of Internal Auditors (IIA) – Risk Control Matrices and Internal Control Frameworks
C
Explanation:
System validations and edit checks on vendor identification numbers are primary controls that effectively reduce the risk of setting up duplicate vendors in the system. These controls ensure that each vendor’s information is unique and verified against existing records before a new vendor is entered into the system, thereby preventing duplication.
Reference: Institute of Internal Auditors (IIA) – Risk Control Matrices and Internal Control Frameworks
Question #102
Which of the following should play a leading role in overseeing the ethical atmosphere of an organization?
- A . Internal audit activity
- B . Operating management
- C . Senior management
- D . Board of directors
Correct Answer: D
D
Explanation:
The board of directors should play a leading role in overseeing the ethical atmosphere of an organization. As the highest governance body, the board has the ultimate responsibility for setting the organization’s tone at the top, including its ethical culture and practices. This responsibility includes overseeing senior management to ensure that ethical policies and practices are developed, communicated, and enforced throughout the organization.
Reference: IIA guidance on governance and ethical oversight.
D
Explanation:
The board of directors should play a leading role in overseeing the ethical atmosphere of an organization. As the highest governance body, the board has the ultimate responsibility for setting the organization’s tone at the top, including its ethical culture and practices. This responsibility includes overseeing senior management to ensure that ethical policies and practices are developed, communicated, and enforced throughout the organization.
Reference: IIA guidance on governance and ethical oversight.
Question #103
Which of the following would be considered advanced expertise which most internal auditors are not expected to possess’?
- A . The ability to evaluate fraud risk
- B . The ability to detect and investigate fraud
- C . The ability to assess risk management strategies
- D . The ability to create test databases
Correct Answer: D
D
Explanation:
Advanced expertise in internal auditing is largely based on the knowledge, skills, and abilities that are generally expected of all internal auditors. According to IIA guidance, all internal auditors should be proficient in risk management, control, and governance processes, including the ability to evaluate fraud risk and the ability to assess risk management strategies. However, creating test databases is a specialized technical skill that goes beyond the typical expertise of internal auditors. This type of skill is more commonly found among IT auditors or those with specific training in information technology, and it is not typically expected of all internal auditors.
Reference: The Institute of Internal Auditors (IIA) – International Professional Practices Framework (IPPF)
D
Explanation:
Advanced expertise in internal auditing is largely based on the knowledge, skills, and abilities that are generally expected of all internal auditors. According to IIA guidance, all internal auditors should be proficient in risk management, control, and governance processes, including the ability to evaluate fraud risk and the ability to assess risk management strategies. However, creating test databases is a specialized technical skill that goes beyond the typical expertise of internal auditors. This type of skill is more commonly found among IT auditors or those with specific training in information technology, and it is not typically expected of all internal auditors.
Reference: The Institute of Internal Auditors (IIA) – International Professional Practices Framework (IPPF)
Question #104
Which of the following tests would most likely help discover a fictitious invoice?
- A . Compare vendor addresses to employee addresses.
- B . Match cancelled checks to invoices.
- C . Search for duplicate payment amounts.
- D . Check employee bank records against invoice amounts.
Correct Answer: A
A
Explanation:
Comparing vendor addresses to employee addresses is a common audit test to detect fictitious invoices. Fictitious invoices are often created by employees who use their addresses or addresses of associates as vendor addresses to facilitate fraud.
Option B: Matching cancelled checks to invoices ensures payment was made but does not specifically detect fictitious invoices.
Option C: Searching for duplicate payments addresses duplicate invoices but not necessarily fictitious ones.
Option D: Checking employee bank records could indicate fraud but is invasive and less direct than
comparing addresses.
Reference: IIA Practice Guide: Fraud Detection.
COSO Fraud Risk Management Guide.
A
Explanation:
Comparing vendor addresses to employee addresses is a common audit test to detect fictitious invoices. Fictitious invoices are often created by employees who use their addresses or addresses of associates as vendor addresses to facilitate fraud.
Option B: Matching cancelled checks to invoices ensures payment was made but does not specifically detect fictitious invoices.
Option C: Searching for duplicate payments addresses duplicate invoices but not necessarily fictitious ones.
Option D: Checking employee bank records could indicate fraud but is invasive and less direct than
comparing addresses.
Reference: IIA Practice Guide: Fraud Detection.
COSO Fraud Risk Management Guide.
Question #105
According to IIA guidance, which of the following actions by the chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity?
- A . The CAE seeks senior management approval of the internal audit charter
- B . The CAE obtains senior management’s approval to hire staff
- C . The CAE reports significant issues to the organization’s CEO
- D . The CAE provides the board with an annual budget for approval
Correct Answer: D
D
Explanation:
The chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity by providing the board with an annual budget for approval. This action emphasizes the independence from management by ensuring the internal audit budget and resource allocations are directly overseen by the board, thus maintaining an independent status within the organization.
Reference: IIA Standard 1110 – Organizational Independence
D
Explanation:
The chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity by providing the board with an annual budget for approval. This action emphasizes the independence from management by ensuring the internal audit budget and resource allocations are directly overseen by the board, thus maintaining an independent status within the organization.
Reference: IIA Standard 1110 – Organizational Independence
Question #106
An internal auditor assessed the controls within his organization’s payroll process and suspects that erroneous payments may have been made to a fraudulent bank account.
What is the best course of action for the auditor to take?
- A . Speak to the payroll manager so he may investigate the auditor’s observations.
- B . Continue to investigate the payments to confirm the accuracy of the observations, and determine whether further fraudulent payments have been made.
- C . Stop the audit and report the findings to senior management immediately.
- D . Escalate the concern to the engagement supervisor.
Correct Answer: D
D
Explanation:
When an internal auditor suspects fraudulent activity, such as erroneous payments to a fraudulent bank account, the appropriate course of action is to escalate the concern to the engagement supervisor (Option D). This step ensures that the issue is handled with the necessary urgency and oversight. According to the IIA Standards, particularly Standard 2060: Reporting to Senior Management and the Board, the CAE must communicate significant risk exposures and control issues, including fraud risks, to senior management and the board. Escalating the concern ensures the appropriate levels of the organization are aware and can take timely action.
Reference: IIA Standards, Standard 2060: Reporting to Senior Management and the Board
IIA Practice Guide: Internal Auditing and Fraud
D
Explanation:
When an internal auditor suspects fraudulent activity, such as erroneous payments to a fraudulent bank account, the appropriate course of action is to escalate the concern to the engagement supervisor (Option D). This step ensures that the issue is handled with the necessary urgency and oversight. According to the IIA Standards, particularly Standard 2060: Reporting to Senior Management and the Board, the CAE must communicate significant risk exposures and control issues, including fraud risks, to senior management and the board. Escalating the concern ensures the appropriate levels of the organization are aware and can take timely action.
Reference: IIA Standards, Standard 2060: Reporting to Senior Management and the Board
IIA Practice Guide: Internal Auditing and Fraud
Question #107
According to IIA guidance, which of the following statements regarding the internal audit charter is true?
- A . The nature of consulting services typically is not included in the charter.
- B . The chief audit executive must formally review the charter at least once a year
- C . The nature of assurances provided to parties outside of the organization typically is not included in the charter.
- D . The charter typically defines the internal audit activity’s position within the organization.
Correct Answer: D
D
Explanation:
According to the IIA’s guidelines, the internal audit charter should clearly define the internal audit activity’s position within the organization. This is essential to establish the authority and scope of the internal audit function, ensuring that it has the necessary independence and resources to fulfill its duties effectively.
Reference: The Institute of Internal Auditors (IIA) guidelines on internal audit charter.
D
Explanation:
According to the IIA’s guidelines, the internal audit charter should clearly define the internal audit activity’s position within the organization. This is essential to establish the authority and scope of the internal audit function, ensuring that it has the necessary independence and resources to fulfill its duties effectively.
Reference: The Institute of Internal Auditors (IIA) guidelines on internal audit charter.
Question #108
Which of the following skills is critical for assessing corporate social responsibility through a self-assessment?
- A . Assessment skills
- B . Assurance skills
- C . Interviewing skills
- D . Facilitation skills
Correct Answer: D
D
Explanation:
Facilitation skills are critical for assessing corporate social responsibility through a self-assessment. Effective facilitation helps guide the participants through the self-assessment process, ensuring that all relevant issues are thoroughly discussed and that contributions from various stakeholders are effectively incorporated. This skill set is essential for eliciting insightful, honest feedback and fostering a constructive dialogue about the organization’s social responsibility practices.
Reference: Institute of Internal Auditors (IIA) – International Professional Practices Framework (IPPF)
D
Explanation:
Facilitation skills are critical for assessing corporate social responsibility through a self-assessment. Effective facilitation helps guide the participants through the self-assessment process, ensuring that all relevant issues are thoroughly discussed and that contributions from various stakeholders are effectively incorporated. This skill set is essential for eliciting insightful, honest feedback and fostering a constructive dialogue about the organization’s social responsibility practices.
Reference: Institute of Internal Auditors (IIA) – International Professional Practices Framework (IPPF)
Question #109
Which of the following is the best example of a risk appetite statement concerning an investment portfolio?
- A . We will request CEO approval for investments greater than S20 million and board approval for investments greater than $50 million.
- B . We will hedge 95 percent of our U S. currency exposure and 100 percent of our European currency exposure.
- C . We have a moderate tolerance for investment earnings volatility with a target value at risk of S50 million.
- D . We will report to the risk committee all credit losses greater than S10 million and all market value losses greater than S20 million.
Correct Answer: C
C
Explanation:
The best example of a risk appetite statement concerning an investment portfolio is one that explicitly states a tolerance level for investment earnings volatility, such as "We have a moderate tolerance for investment earnings volatility with a target value at risk of $50 million." This statement directly addresses the organization’s willingness to accept risk and quantifies it, which is characteristic of effective risk appetite statements.
Reference: IIA best practices on defining risk appetite, which recommend quantifying risk tolerance in financial terms to guide strategic decision-making.
C
Explanation:
The best example of a risk appetite statement concerning an investment portfolio is one that explicitly states a tolerance level for investment earnings volatility, such as "We have a moderate tolerance for investment earnings volatility with a target value at risk of $50 million." This statement directly addresses the organization’s willingness to accept risk and quantifies it, which is characteristic of effective risk appetite statements.
Reference: IIA best practices on defining risk appetite, which recommend quantifying risk tolerance in financial terms to guide strategic decision-making.
Question #110
Review the professional development plans of internal audit staff to ensure all are competent to assess the organization’s risk assessment activity.
- A . 1 and 2 only.
- B . 1.2, and 3 only.
- C . 1.3. and 4 only.
- D . 3 and 4 only.
Correct Answer: B
B
Explanation:
Evaluating the effectiveness of an organization’s risk assessment activity involves multiple strategies to ensure a comprehensive review. Interviewing staff at various levels (Strategy 1) helps understand the organization’s objectives, significant risks, and risk appetite. Reviewing board meeting minutes (Strategy 2) determines whether significant risks are communicated timely to the board. Evaluating the adequacy and timeliness of management remediation actions (Strategy 3) ensures that risks are being effectively managed. Together, these strategies (Option B) provide a robust framework for assessing the effectiveness of the organization’s risk assessment activities.
Reference: IIA Practice Guide: Assessing the Adequacy of Risk Management Using ISO 31000
IIA Standards, Standard 2120: Risk Management
B
Explanation:
Evaluating the effectiveness of an organization’s risk assessment activity involves multiple strategies to ensure a comprehensive review. Interviewing staff at various levels (Strategy 1) helps understand the organization’s objectives, significant risks, and risk appetite. Reviewing board meeting minutes (Strategy 2) determines whether significant risks are communicated timely to the board. Evaluating the adequacy and timeliness of management remediation actions (Strategy 3) ensures that risks are being effectively managed. Together, these strategies (Option B) provide a robust framework for assessing the effectiveness of the organization’s risk assessment activities.
Reference: IIA Practice Guide: Assessing the Adequacy of Risk Management Using ISO 31000
IIA Standards, Standard 2120: Risk Management