Practice Free IIA-CIA-Part2 Exam Online Questions
Which of the following analytical procedures should an internal auditor use to determine whether monthly expenses for the accounting department are reasonable?
- A . Review year-over-year trending of total dollars spent in each period.
- B . Review changes to the vendor master file for suspicious activity.
- C . Review the percentage of on-time payments against prior periods.
- D . Review total expenses for accounting against other department expenses in the organization.
A
Explanation:
Step-by-Step Detailed Explanation
Which of the following analytical procedures should an internal auditor use to determine whether monthly expenses for the accounting department are reasonable?
- A . Review year-over-year trending of total dollars spent in each period.
- B . Review changes to the vendor master file for suspicious activity.
- C . Review the percentage of on-time payments against prior periods.
- D . Review total expenses for accounting against other department expenses in the organization.
A
Explanation:
Step-by-Step Detailed Explanation
Which of the following engagement techniques would be best to meet the objective of denting a personal conflict -of -interest situation affecting an organization’s procurement function?
- A . Inquiry
- B . Analytical review
- C . Observation
- D . Inspection of documents
Which of the following engagement techniques would be best to meet the objective of denting a personal conflict -of -interest situation affecting an organization’s procurement function?
- A . Inquiry
- B . Analytical review
- C . Observation
- D . Inspection of documents
The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed.
How should the internal audit team proceed?
- A . Communicate immediately to the relevant regulatory agency the information regarding the company’s control breaches along with details of recommended corrective actions to address the issue.
- B . Complete the branch reviews, ensure that the issue and impact are adequately detailed in the audit report, hold an exit meeting to discuss the issue with branch management, and provide recommendations for corrective actions.
- C . Have a discussion with branch management on the matter and recommend in an interim audit report that management take appropriate corrective action in order to address the current identified issues.
- D . Expand the audit to include the branches that were not previously selected and determine whether there are similar control breaches at those branches prior to compiling a comprehensive audit report and reporting the issue to senior management and the board.
C
Explanation:
When significant control breaches are identified, IIA Standard 2410: Communicating Results requires auditors to address the issue with appropriate management immediately. Issuing an interim report ensures the organization takes timely corrective action to mitigate risks and potential regulatory sanctions. Delaying communication until the final report (options A, B, or D) may increase the risk of noncompliance or sanctions. Addressing issues promptly reflects adherence to the professional practice standards and helps mitigate harm.
Which of the following statistical sampling approaches is the most appropriate for testing a population for fraud?
- A . Discovery sampling.
- B . Stop-or-go sampling.
- C . Haphazard sampling.
- D . Stratified attribute sampling.
A
Explanation:
Discovery sampling is a statistical sampling method that is specifically designed for detecting fraud or other irregularities. It is most appropriate when the auditor expects that deviations or fraud may be rare but significant if found.
Detailed Explanation
Discovery Sampling:
Discovery sampling is used when the auditor is trying to identify at least one occurrence of a particular event, such as fraud. The sample is designed so that if a single error is found, it suggests that more may exist within the population, warranting further investigation.
Application in Fraud Detection:
Discovery sampling is effective in fraud detection because it focuses on identifying whether any instances of fraud exist within a population. This approach is well-suited for situations where even a small number of fraudulent transactions could have a significant impact.
IIA Practice Guide on Statistical Sampling:
The IIA suggests that discovery sampling is appropriate when the goal is to find the presence of an error or fraud, particularly in populations where such occurrences are expected to be infrequent.
Why Not Other Options?
Option B (Stop-or-go sampling): This method is used to control the risk of over-auditing when errors are expected to be low, but it is not specifically designed for fraud detection.
Option C (Haphazard sampling): This is a non-statistical sampling method and is not appropriate for systematic fraud detection.
Option D (Stratified attribute sampling): This method divides the population into subgroups but is not specifically aimed at discovering fraud.
Conclusion: Option A is correct because discovery sampling is the most appropriate statistical method for testing a population for fraud, as it is designed to detect even a small number of significant deviations, consistent with IIA guidance.
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates.
Which of the following additional information would the auditor need?
- A . Names and work titles of employees
- B . Description of responsibilities of business units.
- C . Average fuel consumption data of vehicles
- D . Location and route data of vehicles
Which of the following statements is true regarding risk assessments, including the evaluation and prioritization of risk and control factors?
- A . A risk-by-process matrix enables the user to determine associations between any of the processes and the risks.
- B . The risk-factor approach for linking business processes and risks is more direct than the use of a risk-by-process matrix.
- C . Internal risk factors are built into the environment and the nature of the process itself.
- D . A risk map is used primarily to depict which risks will be reduced and which will be shared.
A
Explanation:
A risk-by-process matrix is a tool that allows users to identify and analyze the associations between various business processes and the risks that affect them. This matrix helps in understanding how risks are distributed across different processes and can be instrumental in prioritizing audit activities based on risk.
IIA
Reference: IIA Standard 2210: Engagement Objectives suggests that internal auditors should consider risks when setting audit objectives. A risk-by-process matrix is an effective tool for mapping out these risks in relation to processes, providing a clear visual representation of where the most significant risks lie. The Practice Guide on Risk Assessment outlines the use of matrices, including risk-by-process matrices, to facilitate the identification and prioritization of risks within different processes.
According to the Standards, which of the following is true regarding the auditor’s inclusion of management’s satisfactory performance in the final audit report?
- A . Acknowledgement of satisfactory performance is encouraged but not required.
- B . There are no standards to address the inclusion of satisfactory performance.
- C . Satisfactory performance should only be acknowledged with the advice of corporate counsel.
- D . Auditors must include satisfactory performance with the approval of the board.
A
Explanation:
The International Standards for the Professional Practice of Internal Auditing encourage auditors to acknowledge satisfactory performance to provide a balanced report. However, it is not a mandatory requirement. Including positive observations can help foster a constructive relationship with management and provide a more balanced view of the audited area.
Reference: The Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards)
"Internal Auditing: Assurance and Advisory Services" by Urton L. Anderson et al.
Communicate to senior management a summary report on the status and adequacy of audit resources.
- A . 1 and 3 only
- B . 2 and 4 only
- C . 1, 2, and 4
- D . 2, 3, and 4