Practice Free IIA-CIA-Part2 Exam Online Questions
During a consulting engagement an internal auditor wants to determine whether all principal stakeholders are involved in a project.
Which tool should the auditor use?
- A . RACI (responsible, accountable, consult and inform) chart
- B . Flowchart
- C . SWOT {strengths. weaknesses opportunities, and threats) analysis
- D . Workflow analysis
New environmental regulations require the board to certify that the organization’s reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization’s compliance with the environmental regulations.
Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?
- A . The audit committee of the board.
- B . The environmental, health, and safety manager.
- C . The organization’s external environmental lawyers.
- D . The organization’s insurance department.
An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO.
Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization’s health and safety program?
- A . The CAE has no role to play, because the chief health and safety officer reports to a senior executive.
- B . The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.
- C . The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.
- D . The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.
Which of the following parties is accountable for ensuring adequate support for conclusions and opinions readied by the internal audit activity while relying on external auditors’ work?
- A . Board of directors
- B . External auditors
- C . Chief audit executive
- D . Senior management
For an action plan to be effective, it should be designed primarily to address which of the following elements of an observation?
- A . Condition
- B . Root cause
- C . Criteria
- D . Recommendation
According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?
- A . Degree of effort and cost needed to correct the reported condition.
- B . Complexity of the corrective action.
- C . Impact that may result should the corrective action fail.
- D . Amount of resources required to conduct the follow-up activities.
The internal audit activity has requested that new vendor information be summarized once per week in a single report, and that all invoices each week for these vendors be automatically flagged in the invoice processing system.
Which of the following computerized audit techniques is the internal audit activity most likely applying?
- A . Enabling continuous auditing.
- B . Employing generalized audit software.
- C . Facilitating electronic workpapers.
- D . Using machine learning.
A
Explanation:
The request for new vendor information to be summarized weekly and for invoices to be flagged automatically in the processing system indicates the use of continuous auditing. Continuous auditing involves ongoing, real-time monitoring of transactions and controls, which allows for the early detection of anomalies or issues.
IIA
Reference: IIA Standard 2320: Analysis and Evaluation suggests that internal auditors should use appropriate technology to support their analysis. Continuous auditing tools are designed to monitor transactions continuously, enabling auditors to identify and address risks more proactively.
The Practice Guide on Continuous Auditing outlines the benefits of real-time monitoring and how it can be integrated into the audit process to enhance the timeliness and relevance of audit results.
The internal audit activity has requested that new vendor information be summarized once per week in a single report, and that all invoices each week for these vendors be automatically flagged in the invoice processing system.
Which of the following computerized audit techniques is the internal audit activity most likely applying?
- A . Enabling continuous auditing.
- B . Employing generalized audit software.
- C . Facilitating electronic workpapers.
- D . Using machine learning.
A
Explanation:
The request for new vendor information to be summarized weekly and for invoices to be flagged automatically in the processing system indicates the use of continuous auditing. Continuous auditing involves ongoing, real-time monitoring of transactions and controls, which allows for the early detection of anomalies or issues.
IIA
Reference: IIA Standard 2320: Analysis and Evaluation suggests that internal auditors should use appropriate technology to support their analysis. Continuous auditing tools are designed to monitor transactions continuously, enabling auditors to identify and address risks more proactively.
The Practice Guide on Continuous Auditing outlines the benefits of real-time monitoring and how it can be integrated into the audit process to enhance the timeliness and relevance of audit results.
Which of the following approaches to understanding business processes is conducted from a broad organizational perspective and has the greatest risk of overlooking processes that are ultimately critical?
- A . Process narrative.
- B . Process mapping.
- C . Bottom-up.
- D . Top-down.
D
Explanation:
An The top-down approach to understanding business processes is conducted from a broad organizational perspective, beginning with the overall objectives and strategic goals of the organization and then drilling down into the specific processes that support these goals. While this approach ensures alignment with the organization’s objectives, it has the greatest risk of overlooking critical processes at the lower levels, especially those that might be operationally significant but not directly linked to top-level objectives.
IIA
Reference: IIA Standard 2010: Planning suggests that internal auditors should understand the organization’s business processes in relation to its objectives. The top-down approach aligns with this but can risk missing important operational details that might be captured through a more granular (e.g., bottom-up) approach.
Which of the following should be the focus of the effect section of the preliminary observations document?
- A . Residual risk
- B . Inherent risk
- C . Compensating controls
- D . Control activities