Practice Free IIA-CIA-Part2 Exam Online Questions
While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the information systems have undergone extensive changes.
Which of the following actions is most appropriate for the auditor to take?
- A . Inform management and request that the plan be tested immediately.
- B . Update the recovery plan for management, as part of the review.
- C . Evaluate the recovery plan and report weaknesses to management.
- D . Recommend that management and users update and test the recovery plan.
D
Explanation:
Step-by-Step Detailed Explanation
Which of the following is the primary reason the chief audit executive should consider the organization’s strategic plans when developing the annual audit plan?
- A . Strategic plans reflect the organization’s business objectives and overall attitude toward risk.
- B . Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.
- C . Strategic plans are likely to show areas of weak financial controls.
- D . The strategic plan is a relatively stable document on which to base audit planning.
According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?
- A . It documents the audit steps and procedures to be performed.
- B . It documents preliminary information useful to the audit team.
- C . It documents events that could hinder the achievement of process objectives.
- D . It documents existing measures that manage risks in the area under review.
B
Explanation:
The purpose of a planning memorandum for an audit engagement, according to IIA guidance, is to document preliminary information that will be useful to the audit team. This includes background information on the area being audited, key risks identified, the scope of the audit, and any initial observations that might impact the audit’s focus. The planning memorandum serves as a foundational document that guides the audit team’s efforts and ensures that everyone involved in the engagement has a clear understanding of the audit’s objectives and context. IIA
Reference: IIA Standard 2200: Engagement Planning and IIA Standard 2201: Planning Considerations require the preparation of documents that summarize the preliminary planning steps, which are critical to ensuring that the audit is well-focused and aligned with the organization’s risks and objectives. The planning memorandum is a key output of this process.
According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?
- A . It documents the audit steps and procedures to be performed.
- B . It documents preliminary information useful to the audit team.
- C . It documents events that could hinder the achievement of process objectives.
- D . It documents existing measures that manage risks in the area under review.
B
Explanation:
The purpose of a planning memorandum for an audit engagement, according to IIA guidance, is to document preliminary information that will be useful to the audit team. This includes background information on the area being audited, key risks identified, the scope of the audit, and any initial observations that might impact the audit’s focus. The planning memorandum serves as a foundational document that guides the audit team’s efforts and ensures that everyone involved in the engagement has a clear understanding of the audit’s objectives and context. IIA
Reference: IIA Standard 2200: Engagement Planning and IIA Standard 2201: Planning Considerations require the preparation of documents that summarize the preliminary planning steps, which are critical to ensuring that the audit is well-focused and aligned with the organization’s risks and objectives. The planning memorandum is a key output of this process.
Which of the following statements is true regarding the final assurance engagement report issued to management?
- A . Ratings are only used to assess the condition of an observation made by an internal auditor.
- B . Audit findings may be communicated to management prior to issuance of the final approved audit report.
- C . Communications must be relevant logical, and free from errors before they are disseminated.
- D . The audit report must present the information in the following order (1) audit scope, (2) engagement objectives, and (3) engagement results
Which of the following statements is true regarding the final assurance engagement report issued to management?
- A . Ratings are only used to assess the condition of an observation made by an internal auditor.
- B . Audit findings may be communicated to management prior to issuance of the final approved audit report.
- C . Communications must be relevant logical, and free from errors before they are disseminated.
- D . The audit report must present the information in the following order (1) audit scope, (2) engagement objectives, and (3) engagement results
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
- A . To prepare for testing the effectiveness of controls
- B . To plan for evaluating potential losses
- C . To prepare a sampling plan for the engagement
- D . To evaluate the design of controls
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
- A . To prepare for testing the effectiveness of controls
- B . To plan for evaluating potential losses
- C . To prepare a sampling plan for the engagement
- D . To evaluate the design of controls
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
- A . To prepare for testing the effectiveness of controls
- B . To plan for evaluating potential losses
- C . To prepare a sampling plan for the engagement
- D . To evaluate the design of controls
Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?
- A . To gain access to a wider variety of skills, competencies and best practices.
- B . To complement existing expertise with a required skill and competency for a particular audit engagement.
- C . To focus on and strengthen core audit competencies.
- D . To provide the organization with appropriate contingency planning for the internal audit function.