IIA-CIA-PART2 Online Practice Questions and Answers

A chief audit executive (CAE) of a major retailer has engaged an independent firm of information security specialists to perform specialized internal audit activities. The CAE can rely on the specialists' work only if it is:

A. Performed in accordance with the terms of the contract.

B. Carried out in accordance with the Standards.

C. Performed under the supervision of the information technology department.

D. Carried out using standard review procedures for retailers.

Senior management of an organization has requested that the internal audit activity provide ongoing internal control training for all managerial personnel. This is best addressed by:

A. A formal consulting engagement.

B. An informal consulting engagement.

C. A performance assurance engagement.

D. An operational assurance engagement.

Which of the following would have the least impact (either positive or negative) on an assessment of a department's control environment?

A. The department managed long-term investments, including investment in derivatives and other financial instruments, to maximize return.

B. The department manager sets a tone of honesty and integrity in all business dealings and this tone is emulated by department personnel.

C. Many department functions were duplicated or verified by other department employees as part of the department's normal procedures.

D. Audit tests designed to verify compliance with control procedures detected a general failure to follow standard procedures for transaction authorization.

During an audit of an ethics program, which of the following procedures are most appropriate to evaluate the effectiveness of the program?

1.

Testing whether corrective actions taken on involved parties breaching the ethics program are adequate.

2.

Testing whether all employees are mandated through policy to comply with the ethics program.

3.

Testing whether all employees are required to confirm in writing their compliance with the ethics program.

4.

Testing through surveys employee's level of understanding and commitment to the ethics program.

A. 1 and 2 only

B. 1 and 4 only

C. 2 and 3 only

D. 3 and 4 only

Controls are implemented to:

A. Eliminate risk and reduce the potential for loss.

B. Mitigate risk and eliminate the potential for loss.

C. Mitigate risk and reduce the potential for loss.

D. Eliminate risk and eliminate potential for loss.

According to the Standards, which of the following is an attribute when applied to the observations and recommendations contained in the audit report?

A. Client accomplishments.

B. Effect.

C. Supportive information.

D. Scope statements.

During the audit of a large decentralized supply chain function, the chief audit executive (CAE) receives serious allegations of fraud concerning the vice president responsible for this function. The CAE engages a third party to provide forensic audit services and lead the investigation portion of the engagement. As part of this team, which of the following would be an appropriate role for the investigator?

1.

Authenticate the original approval signatures on contracts.

2.

Interview personnel to understand the supply chain processes.

3.

Provide certified copies of relevant original documents for the audit file.

4.

Identify variances in pixels on original electronic documents.

A. 1 and 2 only

B. 1 and 4 only

C. 2 and 3 only

D. 3 and 4 only

While reviewing the draft report of an audit engagement, the chief audit executive (CAE) is not in agreement with management's acceptance of the potential risk exposure resulting from an observed key control weakness. Which of the following actions by the CAE would be appropriate for addressing this concern?

1.

Meet with the auditor-in-charge.

2.

Discuss with senior management.

3.

Monitor the result of the accepted risk.

4.

Report the matter to the board.

A. 1, 2, and 3 only

B. 1, 2, and 4 only

C. 1, 3, and 4 only

D. 2, 3, and 4 only

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

A. Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

B. Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

C. Reassign information systems auditors to assist in implementing management's action plan.

D. Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

Which of the following is not an outcome of control self-assessment?

A. Informal, soft controls are omitted, and greater focus is placed on hard controls.

B. The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

C. Internal auditors become involved in and knowledgeable about the self-assessment process.

D. Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

Which of the following is the primary purpose of financial statement audit engagements?

A. To assess the efficiency and effectiveness of the accounting department.

B. To evaluate organizational and departmental structures, including assessments of process flows related to financial matters.

C. To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.

D. To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.

The final internal audit report should be distributed to which of the following individuals?

A. Audit client management only

B. Executive management only

C. Audit client management, executive management, and others approved by the chief audit executive.

D. Audit client management, executive management, and any those who request a copy.

Which of the following statements is false regarding audit criteria?

A. Audit criteria should be consistent across audit assignments.

B. Audit criteria should represent reasonable standards against which to assess existing conditions.

C. Audit criteria should provide flexibility but allow identification of nonadherence.

D. Audit criteria should equate to good or acceptable management practices.

According to IIA guidance, which of the following is the key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?

A. Review the organizational structure, management roles and responsibilities, and operating procedures.

B. Evaluate management's risk assessment and the internal audit activity's risk assessment.

C. Assess process flow and control documents used to meet regulatory requirements.

D. Review meeting notes from discussions involving management of the area to be reviewed.

The chief audit executive can illustrate the value of the internal audit activity by reporting which of the following to the board?

A. The overall performance resulting from the internal audit balanced scorecard.

B. The number of outstanding and overdue management actions.

C. The experience of the organization's internal auditors.

D. The number of audits in the annual audit plan relative to similar organizations.