Practice Free IIA-CIA-Part2 Exam Online Questions
According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system.
Which of the following component should be added to this observation?
- A . Criteria
- B . Cause
- C . Effect
- D . Condition
An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for testing.
Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?
- A . Review logs of the vehicles assigned to employees for the delivery of goods during the engagement period.
- B . Visit the home address of the specific employee to see the selected vehicle.
- C . Compare the registered details of the vehicle in the fixed asset register to a date-stamped photograph of the vehicle.
- D . Seek independent confirmation of the vehicle’s details from one of the delivery employees.
C
Explanation:
To confirm the existence of a specific vehicle selected from the fixed asset register, the best indirect evidence would be to compare the registered details of the vehicle with a date-stamped photograph. This method provides a verifiable form of evidence that the vehicle exists and matches the details recorded in the asset register. It ensures that the vehicle is still in possession of the organization and can be indirectly verified without the need for physical presence at an off-site location.
Reference: IIA Practice Guide: "Auditing Fixed Assets"
COSO Internal Control C Integrated Framework
An internal auditor is using attributes sampling to test internal controls. Under which of the following circumstances would the auditor increase the original sample size to estimate error occurrence at a
given precision and confidence level?
- A . The sample rate of occurrence plus the precision exceeds the acceptable error rate.
- B . The sample rate of occurrence is less than the acceptable error rate.
- C . The acceptable rate of occurrence less the precision exceeds the sample rate of occurrence.
- D . The sample rate of occurrence plus the precision equals the acceptable error rate.
A
Explanation:
Step-by-Step Detailed Explanation
An internal auditor is using attributes sampling to test internal controls. Under which of the following circumstances would the auditor increase the original sample size to estimate error occurrence at a
given precision and confidence level?
- A . The sample rate of occurrence plus the precision exceeds the acceptable error rate.
- B . The sample rate of occurrence is less than the acceptable error rate.
- C . The acceptable rate of occurrence less the precision exceeds the sample rate of occurrence.
- D . The sample rate of occurrence plus the precision equals the acceptable error rate.
A
Explanation:
Step-by-Step Detailed Explanation
According to HA guidance on IT, which of the following actions would be performed as part of the "Define IT Universe" stage of the IT audit plan development process?
- A . Identify significant applications that support the business operations
- B . Assess risk and rank subjects using business risk factors
- C . Identify how the organization structures its business operations
- D . Select audit subjects and bundle into distinct audit engagements
During a review of the organization’s waste management processes, the internal auditor discovered that wastewater is being disposed of inappropriately. The auditor’s recommendations, suggested to mitigate the risk of regulatory sanctions and reputational damages, were accepted and timelines for implementation were agreed. However, during the internal audit activity’s periodic follow-up exercise, management indicated that the recommendation was too expensive to implement and the current disposal method has been cost-effective.
What should the chief audit executive do in this case?
- A . Nothing, as the internal audit activity has fulfilled its responsibility of providing recommendations to mitigate the risks to which the organization is exposed.
- B . Contact the regulatory agency responsible for monitoring such matters in order to convince
management to implement the recommendations. - C . Convene a meeting with senior management and discuss the issue and the potential impact it may have on the organization.
- D . Highlight the current exposure to the external auditors so they too can highlight the issue and further pressure management to address the concern.
C
Explanation:
When management decides not to implement a critical recommendation, especially one related to regulatory compliance and potential reputational risk, it is essential for the chief audit executive (CAE) to escalate the issue to senior management. This step ensures that management fully understands the risks involved and can make an informed decision .
Detailed Explanation
IIA Standard 2600 C Communicating the Acceptance of Risks:
This standard requires the CAE to communicate to senior management and the board when management has accepted a level of risk that the CAE believes is unacceptable. The CAE must ensure that the decision-makers are aware of the potential consequences.
Importance of Escalation:
By convening a meeting with senior management, the CAE can discuss the risks of non-compliance, including potential regulatory sanctions and reputational damage. This discussion provides an opportunity for senior management to reassess the decision in light of these risks. IIA Practice Advisory 2600-1:
The advisory suggests that when significant risks are not being addressed by management, the CAE should communicate these concerns to higher levels of the organization. This ensures that the risks are not ignored and that appropriate action can be taken.
Why Not Other Options?
Option A (Do nothing): This is not appropriate, as the CAE has a responsibility to escalate significant risks.
Option B (Contact regulatory agency): This is an extreme step and should not be the first course of action. The issue should be discussed internally before involving external regulators.
Option D (Highlight to external auditors): While external auditors might need to be informed, the issue should first be addressed within the organization.
An organization has a mature control environment but limited internal audit resources Given this scenario, on which of the following should the internal auditors focus their testing?
- A . Detective compensating controls
- B . Preventive compensating controls
- C . Detective Key controls
- D . Preventive key controls
Which of the following actives is an internal auditor most likely to perform when establishing the objectives of an assurance engagement?
- A . Discuss the internal audit risk assessment including applicable risks and objectives with internal audit management
- B . Perform a walk-through of the process under review to determine whether control wore operating, effectively
- C . Identify when controls will be tested and the sampling method to be used based on control risk
- D . Meet with operational management to team about any areas of concern and to agree on the engagement objectives
Which of the following is an example of a properly supervised engagement?
- A . Auditors are asked to keep a daily record of their activity for review by the auditor in charge following the engagement.
- B . The senior internal auditor requires each auditor to review and initial colleagues’ workpapers for completeness and format.
- C . A new internal auditor is accompanied by an experienced auditor during a highly sensitive fraud investigation.
- D . The auditor in charge provides reasonable assurance that engagement objectives were met.
D
Explanation:
A properly supervised engagement ensures that the audit is conducted effectively, efficiently, and in accordance with IIA standards. The auditor in charge has the responsibility to oversee the audit process and ensure that the engagement objectives are achieved .
Detailed Explanation
IIA Standard 2340 C Engagement Supervision:
This standard requires that engagements be supervised to ensure that objectives are achieved, work is performed according to appropriate standards, and the results are supported by sufficient, relevant, and reliable evidence.
Reasonable Assurance:
The auditor in charge must provide reasonable assurance that the audit engagement’s objectives were met. This involves reviewing work performed, ensuring compliance with audit standards, and verifying that conclusions are supported by adequate evidence. IIA Practice Advisory 2340-1:
The advisory emphasizes the role of the auditor in charge in providing oversight throughout the audit engagement. This includes ensuring that auditors follow procedures, apply professional judgment, and that all significant findings are appropriately addressed.
Why Not Other Options?
Option A (Daily record review): While keeping a record is good practice, it does not constitute comprehensive supervision.
Option B (Review by peers): Peer review is useful but does not replace the overarching responsibility of the auditor in charge.
Option C (Accompanying new auditors): This is part of training and guidance but does not alone ensure that engagement objectives are met.
An internal auditor is assessing the organization’s risk management framework.
Which of the following formulas should he use to calculate the residual risk?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D