Practice Free IIA-CIA-Part2 Exam Online Questions
The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable.
When should this be communicated to senior management?
- A . When the CAE reports the audit outcome to senior management.
- B . When the residual risk is identified before the engagement is complete.
- C . Immediately, as residual risk should be communicated as soon as possible
- D . When management of the area under review has resolved and mitigated the residual risk
Which of the following is an advantage of nonstatistical sampling over statistical sampling?
- A . Nonstatistical sampling provides more objective recommendations for management.
- B . Nonstatistical sampling provides an opportunity to select the minimum sample size required to satisfy the objectives of the audit tests.
- C . Nonstatistical sampling provides for the use of subjective judgment in determining the sample size.
- D . Nonstatistical sampling permits the auditor to specify a level of reliability and the desired degree of precision.
C
Explanation:
Nonstatistical sampling allows auditors to use their professional judgment to determine the sample size and select the items to be tested. Unlike statistical sampling, which relies on probabilistic methods to determine the sample size and selection, nonstatistical sampling is more flexible and can be tailored to the specific circumstances of the audit engagement. IIA
Reference: IIA Standard 2320: Analysis and Evaluation suggests that internal auditors should apply appropriate methods to analyze data and draw conclusions. Nonstatistical sampling allows for the application of professional judgment, which can be advantageous in certain audit situations where rigid statistical methods may not be practical or necessary.
The Practice Guide on Sampling discusses the differences between statistical and nonstatistical sampling, highlighting that nonstatistical sampling relies more on the auditor’s judgment, which can be beneficial in certain contexts.
Given this, the correct answer is C. Nonstatistical sampling provides for the use of subjective judgment in determining the sample size.
Which of the following is not an outcome of control self-assessment?
- A . Informal, soft controls are omitted, and greater focus is placed on hard controls.
- B . The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.
- C . Internal auditors become involved in and knowledgeable about the self-assessment process.
- D . Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.
Which of the following is not an outcome of control self-assessment?
- A . Informal, soft controls are omitted, and greater focus is placed on hard controls.
- B . The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.
- C . Internal auditors become involved in and knowledgeable about the self-assessment process.
- D . Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.
Which of the following is not an outcome of control self-assessment?
- A . Informal, soft controls are omitted, and greater focus is placed on hard controls.
- B . The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.
- C . Internal auditors become involved in and knowledgeable about the self-assessment process.
- D . Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident.
Which of the following is the most appropriate option for the chief audit executive?
- A . Appoint an independent fraud investigation specialist to work with the selected internal auditors.
- B . Organize in-house fraud investigation training sessions for selected internal auditors.
- C . Assign an experienced auditor to the engagement for a development opportunity.
- D . Hire a new internal auditor who possesses fraud investigation experience.
A
Explanation:
According to the IIA’s Fraud and Internal Audit position paper1, internal auditors should not investigate fraud unless they have the specific experience and expertise required to do so. Therefore, the most appropriate option for the chief audit executive is to appoint an independent fraud investigation specialist to work with the selected internal auditors. This will ensure that the investigation is conducted in a professional and ethical manner, and that the evidence is not compromised or tainted. The other options are not suitable because they do not address the immediate need for fraud investigation expertise, and they may expose the organization to legal or reputational risks.
Which informal ion- gathering method would be most efficient for an internal auditor to determine whether specified control procedures are in place?
- A . Interviews
- B . Observations
- C . Reperformance
- D . Internal control questionnaires
The AIC should finalize the scope of the engagement before communicating with HR management.
- A . 1 and 3
- B . 1 and 4
- C . 2 and 3
- D . 2 and 4
An internal auditor is planning a consuming engagement and the objective is to identify opportunities to improve the efficiency of the organization’s procurement process. The auditor is preparing to conduct a preliminary survey of the area.
Which of the following approaches would be most useful to obtain relevant information to support the engagement objective?
- A . Complete a transaction walkthrough that focuses on the design and operation of financial reporting controls
- B . Conduct interviews with senior management to obtain their input and insights regarding operational controls.
- C . Perform a comprehensive review of the organization s existing policies and standard operating procedures.
- D . Review the procurement process map with employees who carry out key activities to obtain their input and insights.
Upon completing a follow-up audit engagement, the chief audit executive (CAE) noted that management has not implemented any mitigation measures to address the high risks that were reported in the initial audit report.
What initial step must the CAE take to address this situation?
- A . Communicate the issue to senior management.
- B . Discuss the issue with members of management responsible for the risk area.
- C . Report the situation to the external auditors.
- D . Escalate the issue to the board.
B
Explanation:
The initial step the CAE should take is to discuss the issue with the members of management responsible for the risk area. This discussion allows the CAE to understand the reasons for the lack of action, provide an opportunity for management to explain their position, and encourage them to implement the necessary mitigation measures. If this discussion does not lead to satisfactory action, the CAE would then escalate the issue to senior management or the board as appropriate.
Reference: The Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards)
"Internal Auditing: Assurance and Advisory Services" by Urton L. Anderson et al.