Summer Certification Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

Free Practice Questions for the IIA CIA IIA-CIA-Part2 Exam (2026 Updated)

At Marks4sure, we are dedicated to providing IT professionals with the most accurate and reliable preparation materials for the IIA IIA-CIA-Part2 exam. To support your certification journey, we have made a selection of our premium 2026 CIA practice questions and answers available completely free. You can take this practice test as many times as you need. Every question includes a detailed, expertly verified explanation to ensure you fully grasp the core security concepts before test day.

Questions 4

Which of the following is an inherent risk of issuing an opinion on the overall effectiveness of internal control?

Options:

A.

The results of individual engagements do not support a satisfactory opinion on the effectiveness of internal control.

B.

The results of the individual engagements do not support a positive assurance opinion on the effectiveness of internal control

C.

The audit risk and associated legal implications increase

D.

The reliance on other assurance providers increases

Buy Now
Questions 5

As part of the preliminary survey, an internal auditor sent an internal control questionnaire to the accounts payable function Based on the questionnaire responses, the auditor determines that there is no established procedure for adding and approving new vendors. What would the auditor do next?

Options:

A.

Determine that this situation is acceptable and focus on more significant issues

B.

Document the issue m the draft audit report

C.

Document the observation for further follow up when testing the operating effectiveness of controls

D.

Interview the personnel associated with this observation.

Buy Now
Questions 6

According to IIA guidance, which of the following provides additional insight into errors, problems, missed opportunities, or noncompliance to improve the effectiveness and efficiency of an organization ' s control process?

Options:

A.

Reperformance.

B.

Vouching.

C.

Independent confirmation.

D.

Root cause analysis.

Buy Now
Questions 7

According to IIA guidance, which of re following actions should the internal auditor take immediately after having considered fraud scenarios and identified and prioritized fraud risks?

Options:

A.

Determine which controls if any are in place to mitigate the fraud risks

B.

Follow protocol for internal reporting and investigating fraud allegations

C.

Research frauds that nave occurred t\ similar organizations

D.

Incorporate the fraud risk assessment into the engagement plan

Buy Now
Questions 8

An internal auditor wants to determine whether the key risks identified by management in the risk register are reflective of the key risks in the industry. Which of the following techniques would the auditor apply to achieve this goal?

Options:

A.

Perform benchmarking

B.

Perform a trend analysis

C.

Perform a ratio analysis

D.

Perform observation to gather evidence

Buy Now
Questions 9

Which of the following internal control attributes should internal auditors consider testing during a review of the board of directors?

Options:

A.

The presence of an independent critical mass

B.

The established philosophy and operating style of senior management

C.

The articulated internal control objectives of the organization

D.

The organization ' s employee recruiting and retention policies

Buy Now
Questions 10

As part of internal audit ' s assistance with an annual external audit, the internal auditors are required to do a preliminary analytical review of an bank account balances. This involves verifying the current year end balances as web as comparing the current year end balances with previous year end balances to highlight significant changes. Which of the following is the most reliable source for verification of the current year end bank balances?

Options:

A.

Bank confirmations

B.

Internal bonk statements

C.

Bank reconciliations as of the end of the year

D.

Bank account general ledger balancer as of the end of the year

Buy Now
Questions 11

Which of the following situations would justify the removal of a finding from the final audit report?

Options:

A.

Management disagrees with the report findings and conclusions in their responses.

B.

Management has already satisfactorily completed the recommended corrective action.

C.

Management has provided additional information that contradicts the findings.

D.

Management believes that the finding is insignificant and unfairly included in the report.

Buy Now
Questions 12

In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?

Options:

A.

The auditor wants to receive mid-level management insight on how to improve hiring practices.

B.

The auditor wants to obtain information on whether adherence to approval matrices is actually taking place in different maintenance units.

C.

The auditor wants to gain assurance that inventory counts are conducted in accordance with established procedures.

D.

The auditor wants to assess whether different subsidiaries apply centrally established procurement rules in the same manner.

Buy Now
Questions 13

An internal audit function described scenarios of fraud indicators and fraud-related key words. The objective is for this data to serve as an input into algorithms that will forecast potentially fraudulent behavior and prevent the execution of flagged transactions. Which of the following analytic methods is the internal audit function most likely developing?

Options:

A.

Diagnostic analytics

B.

Descriptive analytics

C.

Prescriptive analytics

D.

Predictive analytics

Buy Now
Questions 14

Which of the following is a detective control for managing the risk of fraud?

Options:

A.

Awareness of prior incidents of fraud.

B.

Contractor non-disclosure agreements.

C.

Verification of currency exchange rates.

D.

Receipts for employee expenses.

Buy Now
Questions 15

Which type of engagement would be the most appropriate to assess the maturity and rigor of the organizationwide risk management process of a target entity that

management is considering acquiring?

Options:

A.

A due diligence engagement.

B.

An operational audit engagement.

C.

A feasibility study engagement.

D.

A risk and control self-assessment engagement.

Buy Now
Questions 16

The head of customer service asked the chief audit executive (CAE) whether internal auditors could assist her staff with conducting a risk self-assessment in the customer service department The CAE promised to meet with customer service managers analyze relevant business processes and come up with a proposal Who is most likely to be the final approver of the engagement objectives and scope?

Options:

A.

Senior management of the organization

B.

The chief audit executive

C.

The head of customer service

D.

The board of directors

Buy Now
Questions 17

Which of the following engagement supervision activities should be performed first?

Options:

A.

Ensure that internal audit recommendations are practical, cost-effective, and value-added

B.

Ensure that internal audit conclusions am based on sufficient and reliable evidence

C.

Ensure that risks to the timely completion of the engagement are assessed

D.

Ensure that performance assessments are completed for audit team members

Buy Now
Questions 18

While planning for an accounts payable audit an internal auditor performs an entity level controls analysis. Which of the following statements is true regarding me approach used by the auditor?

Options:

A.

It enables the auditor to identify the inherent risks to the effective operation of accounts payable process controls.

B.

It enables the auditor to understand the framework of the activities and associated accounts payable subprocesses

C.

it enables the auditor to understand the accounts payable process and its flow, including key steps and systems.

D.

It enables the auditor to categorize the population of transactions within the accounts payable process

Buy Now
Questions 19

An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?

Options:

A.

Document the results and report the overall percentage of variances.

B.

Determine the significance of the variances and investigate causes as needed.

C.

Review the results and investigate the cause of all variances.

D.

Report all variances to management and request an action plan to remediate them.

Buy Now
Questions 20

Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?

Options:

A.

Criteria

B.

Condition

C.

Cause

D.

Effect

Buy Now
Questions 21

A chief audit executive (CAE) a developing a work program for an upcoming engagement that will review an organization’s small contracting services. When of the following would the CAT need to consider most when developing the work program?

Options:

A.

The contracting department ' s staffing changes within the last year

B.

The certifications held by the internal auditors assigned to the engagement

C.

The internal audit activity ' s increase n budget and staffing for the year

D.

The organization ' s recent changes to how it processes payments

Buy Now
Questions 22

When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?

Options:

A.

The need and availability of automated support.

B.

The potential impact of key risks.

C.

The expected outcomes and deliverables.

D.

The operational and geographic boundaries.

Buy Now
Questions 23

The internal audit activity plans to assess the effectiveness of management ' s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

Options:

A.

Review corporate policies and board minutes for examples of risk discussions.

B.

Conduct interviews with line and senior management on current practices.

C.

Research and review relevant industry information concerning key risks.

D.

Observe and test control and monitoring procedures and related reporting.

Buy Now
Questions 24

An internal auditor is performing an assessment in a vehicle brake manufacturing company. The auditor learned that the product quality test conditions are aligned with the company’s written test procedures. However, the test conditions are not similar to conditions experienced by vehicles in the real world. Documentation shows that a significant percentage of products fail the quality tests. Products that fail the tests are discarded. Which perspective is appropriate?

Options:

A.

The tests are acceptable since they are good enough to detect quality problems and failure products are not sent to the market.

B.

Despite a significant rejection percentage, the test conditions are not useful because they are not similar to real world conditions. The significance of the finding is reduced because tests are performed in accordance with written procedures.

C.

The quality tests must be run in similar conditions as vehicles experience in the real world. This is a major finding since there is a risk to life considering the type of product being evaluated.

D.

Despite the risk of an accident, the severity of the finding can be reduced because the company discards the failed products. Due to this, the likelihood of occurrence is low.

Buy Now
Questions 25

Which of the following statements accurately describes the Standards requirement for ret internal audit records?

Options:

A.

Retention requirements for internal audit records should be compliant with ones set for external audit records

B.

Retention requirements should take into account the medium in which internal audit records are stored

C.

Retention requirements should be set by the chief audit executive and aligned will the organization s process and procedures

D.

Retention requirements should set a minimum period of the for records storage and the process of archiving documents

Buy Now
Questions 26

The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program ' s activities. What is the appropriate next step?

Options:

A.

Conclude whether the ESG program ' s activities are meeting the established goals

B.

Communicate the results of the assessment to senior management

C.

Develop recommendations based on the results of the assessment

D.

Perform testing on the activities selected based on the assessment

Buy Now
Questions 27

Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?

Options:

A.

Create an assurance map to illustrate each provider ' s level of assurance and planned activities for each area of the organization

B.

LIMIT© ricks inventory to identify the risks and controls in place and the relevant control owners.

C.

Rely on the risk and control and management testing information maintained for compliance with the regulatory framework

D.

Prepare a risk likelihood and impact heal map to prioritize assurance coverage coordination.

Buy Now
Questions 28

Which of the following analytical procedures should an internal auditor use to determine whether monthly expenses for the accounting department are reasonable?

Options:

A.

Review year-over-year trending of total dollars spent in each period.

B.

Review changes to the vendor master file for suspicious activity.

C.

Review the percentage of on-time payments against prior periods.

D.

Review total expenses for accounting against other department expenses in the organization.

Buy Now
Questions 29

An internal auditor believes that the internal audit activity ' s independence is impaired Which of the following actions should the internal auditor take first?

Options:

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager.

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Buy Now
Questions 30

What is the primary purpose of issuing a preliminary communication to management of the area under review?

Options:

A.

To build good relations with management

B.

To help management develop more responsive and timely action plans

C.

To formally report medium- and high-risk observations in writing

D.

To improve the internal audit key performance indicators

Buy Now
Questions 31

A multinational organization has multiple divisions that sell their products internally to other divisions When selling internally, which of the following transfer prices would lead to the best decisions for the organization?

Options:

A.

Full cost

B.

Full cost plus a markup.

C.

Market price of the product.

D.

Variable cost plus a markup.

Buy Now
Questions 32

Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address the risks highlighted by the internal audit. Which of the following is the most appropriate action to address the outstanding audit recommendation?

Options:

A.

The auditor examines the system documentation of the new system to verify that the risk has been addressed in the new system, then reports to senior management the closure of the issue.

B.

The auditor accepts management ' s explanation that the previously identified issue is adequately addressed by the new IT system, as management understands the concern and is most knowledgeable about the new system, and closes the outstanding issue.

C.

The auditor advises management that replacing the IT system does not dismiss the prior obligation to implement the agreed action plan, and escalates the issue to senior management and the board.

D.

The auditor requires management to provide details regarding the process for selecting the new IT system and whether other systems were evaluated, and closure of the issue would depend on the new information provided.

Buy Now
Questions 33

Which type of assurance engagement is conducted to determine whether a process or area is performing as intended, accomplishing its objectives, and doing so in an efficient and economical way?

Options:

A.

Compliance audit.

B.

Operational audit.

C.

Financial audit.

D.

Provider audit.

Buy Now
Questions 34

Which of the following factors would be the most critical in determining which engagements should be included in the annual internal audit plan?

Options:

A.

Whether an audit is explicitly required by the internal audit charter

B.

The extent to which the work to be performed is an assurance or consulting engagement

C.

The organization ' s annual risk management strategy

D.

Risks that are identified by operations staff or senior management

Buy Now
Questions 35

An internal auditor receives a document displaying all the steps of a process and the path taken as transactions flow between each step of the process How is the internal auditor most likely to use This document during the engagement?

Options:

A.

To perform an assessment of the adequacy of process controls.

B.

To perform an assessment of the effectiveness of process controls

C.

To perform a detailed assessment of process risks

D.

To perform an assessment of the sufficiency of residual process risks.

Buy Now
Questions 36

At a construction company, an internal auditor is planning an audit of the company ' s process for designing and building grid connections The process involves customers making payments m three parts

• The first payment of 10% after approval of the customer s application

• The second payment of 70% prior to construction

• The third payment of 20% after construction is complete

Which of the following key controls should the auditor test to ensure that the company is not taking any unwanted credit risks?

Options:

A.

Controls that ensure that grid connection design is finalized before construction is approved to begin

B.

Controls that ensure construction orders are initiated after the second invoice is paid

C.

Controls that ensure all three invoices are calculated correctly according to the total project cost

D.

Controls that ensure that applications are verified for approval prior to initiating design and construction

Buy Now
Questions 37

An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?

Options:

A.

Names and work titles of employees

B.

Description of responsibilities of business units.

C.

Average fuel consumption data of vehicles

D.

Location and route data of vehicles

Buy Now
Questions 38

When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?

1. The competency and qualifications of the audit staff for specific assignments.

2. The effectiveness of IAA staff performance measures.

3. The number of training hours received by staff auditors compared to the budget.

4. The geographical dispersion of audit staff across the organization.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Buy Now
Questions 39

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

Options:

A.

Determine process outputs.

B.

Determine process inputs.

C.

Determine process activities.

D.

Determine process goals.

Buy Now
Questions 40

According to IIA guidance, which of the following statements is true regarding due professional care?

Options:

A.

Internal auditors must exercise due professional care to ensure that all significant risks will be identified.

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist.

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost

Buy Now
Questions 41

An internal auditor is conducting an assurance engagement. One engagement objective is to evaluate the project manager’s effectiveness at controlling project costs. Which of the following audit tests should be included in the engagement program?

Options:

A.

Prepare a bank reconciliation statement for all the bank accounts of the organization

B.

Track a sample of project payments from accounts payable to concluded agreements and authorization rights

C.

Validate the accuracy of assumptions and inputs used for calculations in the project’s feasibility model

D.

Investigate whether the budget of the project was approved timely as required by internal policies

Buy Now
Questions 42

When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports

1.Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.

2.Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management reporting and the negative consequences of intentional misreporting

3.Setting up a hotline for employees to report fraudulent behavior anonymously.

4.Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of. sales.

Options:

A.

1 and 2 only.

B.

2 and 3 only.

C.

2 and 4 only.

D.

3 and 4 only.

Buy Now
Questions 43

During a review of the treasury function an internal auditor identified a risk that all bank accounts may net to include in the daily reconciliation process.

Which of the following responses would be most effective to mitigate this risk?

Options:

A.

The treasury supervisor establishes a threshold for amounts on bank statements to be reconciled against data in the system

B.

The treasury analyst performs a daily reconciliation of al bank statements obtained via email against data in the system

C.

The treasury analyst reviews a daily report automatically generated by the treasury system, which shows bank statements that have not been uploaded into the accounting system.

D.

The treasury supervisor seeks an annual confirmation from the bank regarding the bank statements processed within a year

Buy Now
Questions 44

Which method of examining entity-level controls involves gathering information from work groups that represent different levels in an organization?

Options:

A.

Questionnaires.

B.

Surveys.

C.

Structured interviews

D.

Facilitated team workshops

Buy Now
Questions 45

An internal auditor used a risk and control matrix to prepare a work program for testing a software release. During the engagement planning stage, he tested the design of

the release procedure as a key control and concluded that the control was not designed well. During the performance stage, he tested the operation of this control and

concluded that it was implemented as designed. Which of the following statements is true regarding this scenario?

Options:

A.

The test of the control design should have occurred at the performance stage.

B.

The test of the operating effectiveness of the control was not necessary.

C.

A risk and control matrix is not appropriate for this type of engagement.

D.

The test of the operating effectiveness of the control should have occurred at the planning stage.

Buy Now
Questions 46

Organizations that adopt just-in-time purchasing systems often experience which of the following?

Options:

A.

A slight increase in carrying costs.

B.

A greater need for inspection of goods as the goods arrive

C.

A greater need for linkage with a vendors computerized order entry system.

D.

An Increase in the number of suitable suppliers

Buy Now
Questions 47

Which of the following statements is true regarding internal auditors and other assurance providers?

Options:

A.

Assurance providers who report to management and/or are part of management cannot provide control serf-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit

D.

hours Internal auditors can rely on the work of other assurance providers only rf the other assurance providers report directly to the board

Buy Now
Questions 48

In order to obtain background information on an assigned audit of data center operations an internal auditor administers control questionnaires to select individuals who have primary responsibilities within the process. Which of the following is a drawback of this approach?

Options:

A.

It will be difficult to quantify the information obtained through this approach

B.

This approach does not help the auditor learn about the existence of controls

C.

It takes the auditor a long time to assess the relevant controls using this approach

D.

Information on control functionality is limited

Buy Now
Questions 49

According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?

Options:

A.

The employee’s name listed on organization’s payroll is compared to the personnel records.

B.

Payroll time sheets are reviewed and approved by the timekeeper before processing.

C.

Employee access to the payroll database is deactivated immediately upon termination.

D.

Changes to payroll are validated by the personnel department before being processed.

Buy Now
Questions 50

Which of the following is the primary purpose of implementing a program whereby employees are rotated from other parts of the organization into the internal audit activity?

Options:

A.

It provides the internal audit activity with more resourcing options to meet the audit plan

B.

It offers internal auditors the opportunity to learn more about other work areas.

C.

It gives nonauditors a better understanding of the control environment.

D.

It provides an opportunity for the recruitment of employees as permanent internal auditors

Buy Now
Questions 51

The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable. When should this be communicated to senior management?

Options:

A.

When the CAE reports the audit outcome to senior management.

B.

When the residual risk is identified before the engagement is complete.

C.

Immediately, as residual risk should be communicated as soon as possible

D.

When management of the area under review has resolved and mitigated the residual risk

Buy Now
Questions 52

A chief audit executive ' s report to the board showed a significant trend of recent aud4s going over planned budgeted hours. Which of the following factors could cause this trend?

Options:

A.

Poor engagement supervision

B.

ineffective board reporting

C.

Untimely observation follows up and closure

D.

Limited staff resources

Buy Now
Questions 53

An internal auditor wants to assess the completeness of sales invoices issued by the organization over a period of time Providing that at the necessary data and analytics software is which of the following types of analyse would be appropriate to satisfy the auditor ' s objective?

Options:

A.

Payment terms analysis

B.

Duplicates analysts

C.

Aging analysis

D.

Gap analysis

Buy Now
Questions 54

Which of the following parties is accountable for ensuring adequate support for conclusions and opinions readied by the internal audit activity while relying on external auditors ' work?

Options:

A.

Board of directors

B.

External auditors

C.

Chief audit executive

D.

Senior management

Buy Now
Questions 55

Which of the following is one of the advantages of organizing the risk universe by processes?

Options:

A.

Interfaces between organizational units are captured during audits by processes

B.

Audits by processes are less time-consuming

C.

During audits by processes, managers are more open at interviews

D.

The advantage of audits by processes is true completeness

Buy Now
Questions 56

A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan ' '

Options:

A.

Present the revised audit plan directly to the board for approval.

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO tor approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CEO and present the revised audit plan to the board for approval.

Buy Now
Questions 57

Which of the following statements is true regarding internal controls?

Options:

A.

For assurance engagements internal auditors should plan to assess the effectiveness of all entity-level controls

B.

Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.

C.

During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review to prevent tipping off probable audit lasts

D.

Reviewing process maps and flowcharts is an appropriate method for the internal a auditor to identify all key risks and controls during engagement planning

Buy Now
Questions 58

A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with managements decision, which of the following is the most appropriate next step for the CAE to take?

Options:

A.

The CAE must discuss the matter with senior management

B.

The CAE must discuss the matter with key shareholders.

C.

The CAE must discuss the matter with legal counsel.

D.

The CAE must discuss the matter with the board

Buy Now
Questions 59

The following is a list of major findings in the executive summary report for an audit of the contract management process

- Noncompliance with contract provisions requiring vendors to obtain insurance policies with indemnity value of not less than $1 million

- Compliance with contract obligations and deliverables is not monitored

- No contract agreement with five vendors providing core services

Which of the following is an appropriate conclusion that can be drawn from these findings?

Options:

A.

These are weaknesses resulting from a lack of a documented contracting policy

B.

Substandard service delivery by vendors may not be detected

C.

Management should expedite actions to rectify the observations identified

D.

The internal controls guiding contract management are not operating effectively

Buy Now
Questions 60

The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the Internal auditor was assigned to an assurance engagement?

Options:

A.

The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.

B.

The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.

C.

The assigned internal auditor must not assume management responsibilities while performing the engagement.

D.

The assigned internal auditor must maintain objectivity while performing the engagement

Buy Now
Questions 61

An internal audit activity plans its engagements based on an organization-wide risk assessment. According to IIA guidance, which of the following statements is true regarding the required frequency of the risk assessment?

Options:

A.

The risk assessment must be performed at least quarterly.

B.

The risk assessment must be performed at least annually.

C.

The risk assessment must be performed at least once every five years, in alignment with the internal audit activity ' s quality assurance and improvement program.

D.

There is no specific requirement; a risk assessment should be performed as needed to account for changes in the business environment.

Buy Now
Questions 62

Which of the following statements is true regarding the audit objective for an assurance engagement?

Options:

A.

Operational management must determine the audit objective in cooperation with the internal auditor

B.

The audit objective may be adjusted after the start of an engagement and it does not need to align with the assessed risks

C.

The audit objective must consider the possibility of fraud and noncompliance

D.

The audit objective may or may not consider the possibility of fraud depending on the assessed likelihood and impact

Buy Now
Questions 63

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

Options:

A.

ISO 26000

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework.

Buy Now
Questions 64

An internal auditor e assessing the design of a control and has identified a potential significant weakness. The auditor shared his concern with management however management does not agree that the weakness is significant. What should the internet auditor do next?

Options:

A.

Perform additional audit work to better articulate the risk

B.

Report the finding that management has accepted a level of risk that is unacceptable.

C.

Proceed to testing how effectively the control is opening.

D.

Because the design weakness has been identified no additional audit work is needed

Buy Now
Questions 65

During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?

Options:

A.

The audit supervisor should include the new contracts in the finding for the final audit report.

B.

The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.

C.

The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.

D.

The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.

Buy Now
Questions 66

During engagement planning, which party provides the most accurate and up-to-date description of how organizational processes and key controls operate?

Options:

A.

The management responsible for the activity under review

B.

The individuals who perform the daily tasks and functions of the activity under review

C.

The external auditors since they understand the key controls behind the financial statements

D.

The board of directors since they provide overall oversight for the organization

Buy Now
Questions 67

While conducting an engagement in the procurement department, the internal auditor noticed that the department head’s travel reports showed minor travel expenses, and there were no charges for hotels, meals, or transportation However, the auditor knew that the department head frequently traveled worldwide to meet with suppliers and visit their production sites. Which of the following would be the most appropriate next step for the auditor?

Options:

A.

The auditor should make a note of the issue for follow-up when employee travel expenses are audited.

B.

The auditor should analyze trends and changes among the organization ' s suppliers over the past few years.

C.

The auditor should investigate whether there are any special arrangements regarding senior management travel.

D.

The auditor should analyze the list of destinations the department head visited to estimate typical costs

Buy Now
Questions 68

An engagement supervisor reviewed a staff internal auditor ' s documentation and noted that several edits should be made. The internal audit activity uses an electronic workpaper database and does not maintain paper files for its system of record. A system error prevents the engagement supervisor from adding her electronic signature to any workpaper in the database Given this situation which is the most appropriate response to provide evidence of supervisory review?

Options:

A.

The engagement supervisor should print sign and date each workpaper after the review is complete and scan the document into the database as evidence of review

B.

Because the engagement supervisor called the help desk to correct the IT problem, he should upload the support-request ticket from the help desk to serve as evidence of the review

C.

The engagement supervisor should ask another manager-level internal auditor not associated with the project to sign the workpaper on his behalf

D.

The engagement supervisor should instruct the staff internal auditor to add a note in the workpaper on his behalf indicating that the workpaper was reviewed and feedback was provided

Buy Now
Questions 69

The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?

Options:

A.

Were audit findings relevant and useful to management?

B.

Does the audit report format present issues clearly and concisely?

C.

Does the IAA work with a high degree of professionalism and objectivity?

D.

Were the findings reported in a timely manner?

Buy Now
Questions 70

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization ' s attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

Options:

A.

The corporate risk register.

B.

The strategic plan.

C.

Internal and external audit reports.

D.

The board ' s meeting records.

Buy Now
Questions 71

Which of the following information is most appropriate for the chief audit executive to share when coordinating audit plans with other internal and external assurance providers?

Options:

A.

Objectives scope and timing at a high level to support coordination while adhering to confidentiality requirements

B.

The area and timing of the audit engagement to ensure confidentially and avoid conflict of interest.

C.

All plan information, including risk assessments, planned tests and past results to maximize the opportunity for coordination with internal and external providers.

D.

No information should be shared with internal and external provider as it could introduce bias into the engagement results.

Buy Now
Questions 72

According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization’s network and data ' ?

Options:

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.

Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause

C.

Applying administrative privileges to ensure right-to-access controls are appropriate

D.

Creating a standing cybersecurity committee to identify and manage risks related to data security.

Buy Now
Questions 73

An internal auditor has discovered that duplicate payments were made to one vendor. Management has recouped the duplicate payments as a corrective action. Which of the following describes management’s action in this case?

Options:

A.

A condition-based action plan.

B.

A cause-based action plan.

C.

A root cause-based action plan.

D.

An effect-based action plan.

Buy Now
Questions 74

According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?

Options:

A.

Criteria

B.

Cause

C.

Effect

D.

Condition

Buy Now
Questions 75

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

Options:

A.

A description of their job responsibilities.

B.

A non-disclosure agreement

C.

An annual declaration of commitment to The HAs Code of Ethics.

D.

The internal audit charter

Buy Now
Questions 76

According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?

Options:

A.

The establishment of an audit approach and documentation system

B.

The standardization of workpaper terminology and notations

C.

The ability to reach consistent audit conclusions regardless of who performs the audit

D.

The application of documentation standards m an appropriate and consistent manner

Buy Now
Questions 77

When estimating the impact of an inherent risk, which of the following should internal auditors consider?

Options:

A.

The probability and frequency of occurrence

B.

Financial and nonfinancial factors related to the risk

C.

The number of risks identified on the heat map

D.

The residual risk following implementation of appropriate controls

Buy Now
Questions 78

Which of the following is most likely to be judged as a significant residual risk that would exceed the organization ' s acceptable risk level?

Options:

A.

Any risk involving organizational expansion into a new geographical area with an unstable political environment.

B.

Any risk involving investments into bitcoin and suspicious derivatives

C.

Any risk that can cause material or financial loss

D.

Any risk that could cause injuries or pollute the environment

Buy Now
Questions 79

An internal auditor is analyzing sates records and is concerned whether a transaction is recorded in the coned period. The accounting manager explains that the external auditor approved the records and produces an email from the external audit team leader. How should tie internal auditor respond?

Options:

A.

Ask the external auditor to review the same transaction again as an independent third party

B.

Consult account accounting principles, standards, and relevant guidelines in regard to timing of the entry

C.

Interview the chief financial officer and obtain her opinion on how the transactions should be recorded

D.

Compare the recording of this transaction to now similar ones were executed last year

Buy Now
Questions 80

An electric utility provider measures working time spent on processing grid connection applications, response time for electricity outages, and the call center queuing time. Which of the following criteria would better suit a customer-oriented provider for measurement?

Options:

A.

Past performance

B.

Legal obligations

C.

Board-approved budget

D.

Stakeholder expectations

Buy Now
Questions 81

Which of the following statements is true regarding different competitive strategies?

Options:

A.

An organization that adopts a cost leadership competitive strategy generally maintains standard operating procedures to ensure efficiency.

B.

An organization that adopts a differentiation strategy generally maintains a targeted strategic approach to its operations.

C.

An organization that adopts a focus strategy is known for taking the lead in technological advancement.

D.

An organization that adopts a cost leadership strategy is known for cherishing employees who think creatively and emphasize uniqueness.

Buy Now
Questions 82

During an engagement in one of the subsidiaries of an organization, an internal auditor noted the following in the workpapers:

" As a subsidiary of a multinational organization in this particular country, the entity is required to register annually with the

respective ministry. However, the subsidiary did not submit the required documentation for registration during the prior year. Failure

to comply with internal and external regulations could lead to penalties or fines from the respective authorities. It is recommended

that the management of the subsidiary ensures compliance with the relevant legislation. As a recoverable action, management

should register the subsidiary in the current year as soon as possible. "

What part of this narrative represents a condition of the observation made by auditors in the final report?

Options:

A.

" ... the subsidiary did not submit required documentation for registration in the prior year. "

B.

" ... the entity is required to register annually with the respective ministry. "

C.

" ... failure to comply with internal and external regulations might lead to penalties or fines from the respective authorities. "

D.

" ... management should register the subsidiary in the current year as soon as possible. "

Buy Now
Questions 83

Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address this risks highlighted by the Internal audit Which of the following Is the most appropriate action to address the outstanding audit recommendation?

Options:

A.

The auditor examines the system documentation of the new system to verify that the risk has been addressed in the new system, then reports to senior management the closure of the issue.

B.

The auditor accepts managements explanation that the previously identified issue is adequately addressed by the new IT system, as management understands the concern and is most knowledgeable about the new system, and closes the outstanding issue.

C.

The auditor advises management that replacing the IT system does not dismiss the prior obligation to implement the agreed action plan, and escalates the issue to senior management and the board.

D.

The auditor requires management to provide details regarding the process for selecting the new IT system and whether other systems were evaluated, and closure of the issue would depend on the new information provided.

Buy Now
Questions 84

Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding Which of the following is a reason to use narrative memoranda?

Options:

A.

To create a detailed risk assessment

B.

To identify individuals who perform key roles

C.

To explain a simple process.

D.

To document which outputs support other activities.

Buy Now
Questions 85

According to IIA guidance, which of the following most appropriately justifies the CEO’s decision that the internal audit activity shall be responsible for risk management and Investigation at multinational organization?

Options:

A.

The recommendation of the parent office external auditors.

B.

The provisions of the internal audit charter.

C.

The authority of the CEO.

D.

The level of proficiency of the chief audit executive

Buy Now
Questions 86

Which of the following best describes the four components of a balanced scorecard?

Options:

A.

Customers, innovation, growth, and internal processes.

B.

Business objectives, critical success factors, innovation, and growth.

C.

Customers, support, critical success factors, and learning.

D.

Financial measures, learning and growth, customers, and internal processes.

Buy Now
Questions 87

Which of the following should the chief audit executive do when evaluating the possibility of relying on external auditors ' work?

Options:

A.

Perform comprehensive background checks on all independent auditors on the engagement.

B.

Recalculate all financial calculations to confirm competency.

C.

Examine objectivity and any perceived or actual conflicts of interest.

D.

Review audit tests employed in all previous audits.

Buy Now
Questions 88

The internal audit function is in the fieldwork stage of the annual staff performance appraisal assurance engagement. A new auditor is hired and added to the engagement team. The auditor reviews the engagement work program with another member of the team and suggests improvements to make the fieldwork easier to complete. What action should be taken next?

Options:

A.

Refer the suggested changes to the engagement supervisor for approval.

B.

Note the suggested changes to be included in next year’s engagement program.

C.

Update the engagement work program with the suggested changes.

D.

No action is required as the work program has been approved and is underway.

Buy Now
Questions 89

The chief audit executive (CAE) determined that the internal audit activity lacks the resources needed to complete the internal audit plan Which of the following would be the most appropriate action tor the CAE to take?

Options:

A.

Use guest auditors from within the organization, and leverage their experience by assigning them to lead engagements m areas where they previously worked

B.

Outsource some of the audits to the organization s external auditor who is already familiar with the organization

C.

Invite nonauditors to join the internal audit activity for a two-year rotational position, and assign them to join audit teams that are reviewing areas where they have no previous management responsibility

D.

Recruit recent college graduates and employ them as audit interns with an aim to offer permanent employment

Buy Now
Questions 90

Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?

Options:

A.

Evaluate how the organization manages fraud risk.

B.

Establish procedures for improving risk management processes.

C.

Ensure risk responses are aligned with industry standards

D.

Verify that organizational objectives are aligned with each departments objectives.

Buy Now
Questions 91

Which of the following statements is true regarding the management-by-objectives method?

Options:

A.

Management by objectives is most helpful in organizations that have rapid changes

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

C.

Management by objectives helps organizations to keep employees motivated.

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Buy Now
Questions 92

An internal auditor discovered that a new employee was granted inappropriate access to the payroll system Apparently the IT specialist had made a mistake and granted access to the wrong new employee. Which of the following management actions would be most effective to prevent a similar issue from occurring again?

Options:

A.

Remove the new employee ' s excessive access rights and request that he report any future access error.

B.

Perform a complete review of all users who have access to the payroll system lo determine whether there are additional employees who were granted inappropriate access

C.

Review the system activity log of the employee to determine whether he used the inappropriate access to conduct any unauthorized activities in the payroll system

D.

Provide coaching to the IT specialist and introduce a secondary control to ensure system access is granted in accordance with the approved access request.

Buy Now
Questions 93

An internal auditor wants to examine the intensity of correlation between electricity price and wind speed. Which of the following analytical approaches would be most appropriate for this purpose?

Options:

A.

A Gantt chart

B.

A scatter diagram

C.

A RACI chart

D.

A SIPOC diagram

Buy Now
Questions 94

The internal audit activity has requested that new vendor information be summarized once per week in a single report, and that all invoices each week for these vendors be automatically flagged in the invoice processing system. Which of the following computerized audit techniques is the internal audit activity most likely applying?

Options:

A.

Enabling continuous auditing.

B.

Employing generalized audit software.

C.

Facilitating electronic workpapers.

D.

Using machine learning.

Buy Now
Questions 95

During the planning process for a human resources audit, an internal auditor obtains an organizational chart. The auditor observes a flat organizational structure. Which of the below risks should the auditor consider for this engagement?

Options:

A.

Transactions and decision-making require multiple approvals, resulting in processing delays.

B.

Career and promotion paths are not easily visible and defined.

C.

Communication is likely to be top-down, with little feedback from lower-level employees.

D.

Employees have little autonomy, which may result in employee turnover or low morale.

Buy Now
Questions 96

The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed. How should the internal audit team proceed?

Options:

A.

Communicate immediately to the relevant regulatory agency the information regarding the company ' s control breaches along with details of recommended corrective actions to address the issue.

B.

Complete the branch reviews, ensure that the issue and impact are adequately detailed in the audit report, hold an exit meeting to discuss the issue with branch management, and provide recommendations for corrective actions.

C.

Have a discussion with branch management on the matter and recommend in an interim audit report that management take appropriate corrective action in order to address the current identified issues.

D.

Expand the audit to include the branches that were not previously selected and determine whether there are similar control breaches at those branches prior to compiling a comprehensive audit report and reporting the issue to senior management and the board.

Buy Now
Questions 97

An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

Options:

A.

Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.

B.

Confirm the decision with management and document this decision in the audit file.

C.

Document the issue in the audit file and follow up until the issues are resolved.

D.

Initiate an assurance engagement on the unresolved issues.

Buy Now
Questions 98

An internal auditor is planning to audit the organization ' s payroll function, which was recently outsourced. Which of the following is the most appropriate first step for the auditor?

Options:

A.

Review management ' s organ nationwide risk assessment

B.

Understand the objectives and strategies of the new arrangement

C.

Revise the scope of the audit engagement

D.

Form objectives for the audit engagement

Buy Now
Questions 99

Which of the following constitutes supervisory activity undertaken during the planning phase of an assurance engagement?

Options:

A.

Ensuring the process owner with the engagement objectives

B.

Reviewing engagement draft reports

C.

Ensuring workpapers support audit findings

D.

Approving audit work programs

Buy Now
Questions 100

Management has taken immediate action to address an observation received during an audit of the organization ' s manufacturing process Which of the following is true regarding the validity of the observation closure?

Options:

A.

Valid closure requires evidence that ensures the corrected process will function as expected in the future

B.

Valid closure requires the client lo address not only the condition, but also the cause of the condition

C.

Valid closure of an observation ensures it will be included in the final engagement report

D.

Valid closure requires assurance from management that the original problem will not recur in the future

Buy Now
Questions 101

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

Options:

A.

A monitoring process

B.

A risk assessment process.

C.

A strategic objective-setting process.

D.

An information and communication process

Buy Now
Questions 102

An internal auditor uses a data query tool in the purchasing process to review the vendor master file for authorizations Which of the following describes the control objective likely being tested?

Options:

A.

Effectiveness

B.

Response

C.

Efficiency

D.

Mitigation.

Buy Now
Questions 103

The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review Which of the following would be the most appropriate approach?

Options:

A.

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

B.

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

C.

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures

D.

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

Buy Now
Questions 104

According to IIA guidance, which of the following is least likely to be a key financial control in an organization ' s accounts payable process?

Options:

A.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Buy Now
Questions 105

Which of the following statements regarding the risk management process ' support of the internal audit activity is true?

Options:

A.

The risk management process can provide more extensive internal audit services to the organization if it does not have an internal audit department

B.

The risk management process supports internal audit by evaluating whether critical controls are adequate and effective.

C.

The risk management process can determine whether all significant risks have been identified and are being treated.

D.

The risk management process establishes an organization-specific documented risk management framework.

Buy Now
Questions 106

According to IIA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

Options:

A.

To enable Triple Bottom Line reporting capability.

B.

To facilitate the conduct of risk assessment

C.

To achieve and maintain sustainable development.

D.

To fulfill regulatory and compliance requirements.

Buy Now
Questions 107

Which of the following sampling techniques is typically used when an internal auditor wants to test a large sample for fraud?

Options:

A.

Stratified sampling

B.

Haphazard sampling

C.

Discovery sampling

D.

Probability-proportional-to-size sampling

Buy Now
Questions 108

Which of the following performance measures is considered a lagging indicator to the largest degree?

Options:

A.

Return on investment

B.

Customer retention

C.

Employee satisfaction

D.

Cost of research and development

Buy Now
Questions 109

According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?

Options:

A.

The review should focus on the efficiency of the controls in place to prevent fraud.

B.

The scope of the review does not need to include all operating areas of the organization.

C.

The cost of the control should be compared to the benefit of mitigating the related risk.

D.

The review should assess whether the internal controls can be circumvented.

Buy Now
Questions 110

The audit engagement objective is to identify vendors who might be involved in money laundering processes or tax evasion schemes. How would the internal auditor use data analytics to fulfill this objective?

Options:

A.

Run reports listing all payments made in countries other than vendor locations

B.

Run reports listing all credit limit overrides

C.

Run reports listing all instances of delayed revenue recognition

D.

Run three-way match reports, matching invoices, purchase orders, and receiving reports

Buy Now
Questions 111

During the planning phase of an assurance engagement, an internal auditor seeks to gam an understanding of now when the area under review is accomplishing its objectives When of the

Following information-gathering techniques is the auditor most likely to use?

Options:

A.

A review of the key performance indicators of me area under review.

B.

A walkthrough of the key processes of the area under review.

C.

An interview with the manager regarding the area ' s business plan.

D.

A review of previous audit and follow- up results of the area under review

Buy Now
Questions 112

Which of the following statements about assurance maps is correct?

Options:

A.

An assurance map is used by the chief audit executive to coordinate assurance activities with other internal and external assurance providers

B.

An assurance map is a picture of all assurance engagements performed by the internal audit activity across the organization

C.

An assurance map is used by the engagement supervisor to coordinate the roles of various internal audit team members assigned to assurance engagements

D.

An assurance map lists the procedures and testing activities performed by an internal audit team during an assurance engagement

Buy Now
Questions 113

Which of the following internal audit activities is performed in the design evaluation phase?

Options:

A.

The internal auditor reviews prior audits and workpapers.

B.

The internal auditor identifies the controls over segregation of duties.

C.

The internal auditor checks a process for completeness.

D.

The internal auditor communicates the audit results to management.

Buy Now
Questions 114

A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

Options:

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals.

C.

Suboptimal decision-making.

D.

Duplication of business activities.

Buy Now
Questions 115

A technology organization is developing an artificial intelligence (AI) program for use on its social media platform. The AI program is meant to help content creators with images and posts that will acquire followers more efficiently. The internal audit function is planning an engagement of the AI program development. Which of the following should be considered a significant, immediate, and inherent risk?

Options:

A.

The AI program becomes self-reliant and no longer requires human assistance to perform tasks for the organization.

B.

The AI program advancements allow for it to generate original images for use by content creators and other individuals.

C.

The AI program captures images found online that are created and owned by individuals and other organizations.

D.

The AI program will have to comply with the national regulation expected to come in force in two years ' time.

Buy Now
Questions 116

An internal auditor at an electricity provider analyzes data sets related to customers’ household electricity usage, including payments, consumption, profiles, etc. The objective is to assess the completeness of the invoicing process. Which of the following would be the best approach to fulfill this purpose?

Options:

A.

Conduct a trend analysis of customers ' payment history and flag those with the most inconsistent payments and debts

B.

Conduct a ratio analysis by calculating the relationship between sums paid in local currency and volume of electricity billed in megawatt hours

C.

Conduct an analysis of clients’ electricity consumption patterns within a specified period and identify consumption spikes

D.

Conduct a comparison to identify deviations between electricity amounts billed to customers and information regarding actual consumption

Buy Now
Questions 117

While performing fieldwork for an assurance engagement, a member of the internal audit team identified a key control that was not identified during the planning phase of the engagement Which of the following actions by the internal auditor would be most appropriate?

Options:

A.

Promptly adjust the audit work program to include tests that address the newly identified control and notify the other audit team members of the change

B.

Proceed with the current audit work program because the engagement scope has already been finalized but plan to address the newly identified control as part of the follow up engagement

C.

Adjust the audit work program to account for the new control, but only with approval from the engagement supervisor

D.

Discuss the control with management of the area under review and seek their approval prior to including the control in the current audit engagement

Buy Now
Questions 118

Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate

option for the chief audit executive?

Options:

A.

Appoint an independent fraud investigation specialist to work with the selected internal auditors.

B.

Organize in-house fraud investigation training sessions for selected internal auditors.

C.

Assign an experienced auditor to the engagement for a development opportunity.

D.

Hire a new internal auditor who possesses fraud investigation experience.

Buy Now
Questions 119

According to IIA guidance, which of the following is true regarding audit supervision?

1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.

2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.

3. Supervision should include review of engagement workpapers, with documented evidence of the review.

Options:

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 3 only

D.

1, 2, and 3

Buy Now
Questions 120

An internal auditor wants to determine if employees spend more than their approved daily stipend for meals. Which technique would be most appropriate to identify meal expenses that exceed the approved threshold?

Options:

A.

Using compliance verification data analytics

B.

Using regression analysis

C.

Using software with a gap testing function

D.

Drafting a flowchart of the meal expense reporting process

Buy Now
Questions 121

According to IIA guidance, which of the following is the key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?

Options:

A.

Review the organizational structure, management roles and responsibilities, and operating procedures.

B.

Evaluate management ' s risk assessment and the internal audit activity ' s risk assessment.

C.

Assess process flow and control documents used to meet regulatory requirements.

D.

Review meeting notes from discussions involving management of the area to be reviewed.

Buy Now
Questions 122

Which of the following is the primary purpose of financial statement audit engagements?

Options:

A.

To assess the efficiency and effectiveness of the accounting department.

B.

To evaluate organizational and departmental structures, including assessments of process flows related to financial matters.

C.

To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.

D.

To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.

Buy Now
Questions 123

An internal auditor for a regional bank suspects that the head of commercial lending has been granting loans without the required collateral Which of the following sampling techniques will be most effective for investigating the auditor ' s suspicion?

Options:

A.

Variables sampling

B.

Dollar-unit sampling

C.

Judgmental sampling

D.

Discovery sampling

Buy Now
Questions 124

According to IIA guidance, which of the following is a limitation of a heat map?

Options:

A.

Impact cannot be represented on a heat map unless it is quantified in financial terms

B.

Impact and likelihood at times cannot be differentiated as to which is more important.

C.

A heat map cannot be used unless a risk and control matrix has been developed.

D.

Qualitative factors cannot be incorporated into a heat map

Buy Now
Questions 125

Who is responsible for ensuring internal auditors continuing professional development*

Options:

A.

Individual internal auditors

B.

Chief audit executive.

C.

The board

D.

Engagement supervisors

Buy Now
Questions 126

Which of the following best describes the guideline for preparing audit engagement workpapers?

Options:

A.

Workpapers should be understandable to the auditor in charge and the chief audit executive.

B.

Workpapers should be understandable to the audit client and the board.

C.

Workpapers should be understandable to another internal auditor who was not involved in the engagement.

D.

Workpapers should be understandable to external auditors and regulatory agencies.

Buy Now
Questions 127

A chief audit executive (CAE) reviews the supervision of an internal audit engagement Which of the following would most likely assure the CAE that the engagement had adequate supervision?

Options:

A.

The engagement supervisor has an open door pokey for audit team members to discuss concerns

B.

The supervisor reviews weekly progress reports from the audit team members

C.

The supervisor reviews and initials internal audit workpapers for the engagement

D.

The supervisor meets periodically with management in the reviewed area to get feedback during the engagement.

Buy Now
Questions 128

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a chantable contribution from the organization Which of the following methods would best help meet this objective?

Options:

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee ' s final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities

Buy Now
Questions 129

An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the

bank heading, logo, or address. Which of the following statements is true regarding this situation?

Options:

A.

The evidence may not be reliable.

B.

The evidence is not relevant.

C.

The evidence may not be sufficient.

D.

The information missing is not relevant to the audit.

Buy Now
Questions 130

Which is the most appropriate evaluation criterion regarding the quality of audit engagement workpapers?

Options:

A.

Every workpaper should provide reasonable evidence of work conducted.

B.

Every workpaper should result in appropriately worded audit findings.

C.

Every workpaper should include a conclusion regarding the likelihood of fraud.

D.

Every workpaper should be approved by the engagement client.

Buy Now
Questions 131

Which statement best describes the benefit of using workpapers from recent internal audit engagements of the area under review to plan new engagements?

Options:

A.

Recent workpapers can help during the planning of a new engagement to understand any corrective actions taken by management to address previous engagement observations.

B.

Tests described in recent workpapers can be copied into the new workpapers to save time from reperforming a risk assessment.

C.

Recent workpapers serve as the best source for identification of the risks to be examined in the new engagement.

D.

The new engagement scope can be derived from recent workpapers to ensure the reperformance of engagement procedures.

Buy Now
Questions 132

Which of the following is an advantage of an internal audit activity coordinating with a management-defined risk universe?

Options:

A.

Increased completeness, including risk categories like political, supplier, and social media.

B.

Business managers can identify and assess risks that occur within each category.

C.

The internal audit activity can rely on management ' s risk assessment.

D.

Organizationwide audits are required since risk events within categories occur in many different ways.

Buy Now
Questions 133

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

Options:

A.

Inform senior management that the branch manager deeded to cancel the committed action plan without any previous communication

B.

Discuss the issue with the board which has ultimate responsibility to resolve the risk

C.

Have another discussion with the branch manager attempt to change his view, and encourage him to movement the recommendations

D.

Document the branch manager ' s decision to accept the risk otherwise, no other speak: course of action is required.

Buy Now
Questions 134

What is the primary reason that audit supervision includes approval of the engagement report?

Options:

A.

To ensure the objectives of the area under review are met

B.

To ensure senior management supports the reports conclusions

C.

To ensure report style and grammar are appropriate.

D.

To ensure report findings are substantiated

Buy Now
Questions 135

During a previous audit engagement, an internal auditor recommended that management implement a whistleblowing process. During follow-up, the auditor discovered that the process has been outsourced. Which of the following is the most appropriate response for the internal auditor?

Options:

A.

Insist on establishing an internal whistleblowing process, as originally recommended, because this is a key control.

B.

Review the agreement with the third-party service provider and ensure that appropriate controls are in place.

C.

Raise the issue to a higher level of management, as outsourcing the process was not previously discussed or agreed upon.

D.

Take no action, as management has accepted the risk of moving to a third party for this whistleblowing process.

Buy Now
Questions 136

An organization ' s health-care insurance costs have been rising approximately 10 percent per year for several years Which of the following analytical review procedures would best evaluate the reasonableness of the increase in health-care costs?

Options:

A.

Develop a comparison of the costs incurred with similar costs incurred by other organizations

B.

Obtain the government index of health-care costs for the comparable period of time and compare the rate of increase with that of the cost per employee incurred by the organization.

C.

Obtain a bid from another health-care administrator to provide the same administrative services as the current health-care administrator.

D.

Review all claims and compare with appropriate procedures to ensure that overpayments have not occurred

Buy Now
Questions 137

During an audit, the chief audit executive reviews and approves changes to the audit program. Which of the following describes this activity?

Options:

A.

Engagement reporting

B.

Continuous monitoring

C.

Engagement supervision

D.

Engagement risk assessment

Buy Now
Questions 138

An internal audit intends to create a risk and control matrix to better understand the organization ' s complex manufacturing process. With which of the following approaches would the auditor most likely start?

Options:

A.

Assess management responses to key risk exposures

B.

Analyze the costs and benefits of key controls

C.

Evaluate the design adequacy of known controls

D.

Conduct a walk-through of all related activates

Buy Now
Questions 139

A healthcare organization ' s chief audit executive (CAE) noted that the organization ' s IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization ' s chief information officer (ClO) does not agree with the audit team ' s recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?

Options:

A.

Write a risk acceptance memo for the CIO to sign acknowledging the observation and indicating a willingness to accept the risk.

B.

Provide an example of the attestation form that vendors must use. Then, recommend that the IT team require vendors to submit the attestation form on a regular basis.

C.

Escalate the issue to the audit committee, as the CIO is unwilling to implement the recommended action plan.

D.

Escalate the issue to the CAE to assess whether the ClO ' s reasoning is acceptable.

Buy Now
Questions 140

An internal auditor is conducting an assurance engagement in the procurement area. The auditor follows a checklist of tasks prepared for the engagement. During the process, the auditor notices some deviations from the procurement procedure requirements. However, these deviations are not directly linked to and do not prevent the auditor from completing the checklist tasks. So, the auditor does not investigate these deviations further. Which checklist drawback most likely applies to this situation?

Options:

A.

Over-reliance and a false sense of security

B.

Limited flexibility

C.

Inability to keep the checklist up to date

D.

Standardization and a systematic approach

Buy Now
Questions 141

According to IIA guidance, which of the following is most likely to become part of the engagement work program?

Options:

A.

Information obtained from historic audits and memos.

B.

Risk and control registers or matrices.

C.

Resource deployment plans and sampling methodologies.

D.

Prior findings and management responses.

Buy Now
Questions 142

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

Options:

A.

Residual

B.

Net

C.

inherent.

D.

Accepted.

Buy Now
Questions 143

Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?

1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.

2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.

3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.

4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Buy Now
Questions 144

According to IIA guidance, which of the following is true regarding typical fraud schemes?

1.A diversion occurs when an employee has an undisclosed personal economic interest in a transaction that adversely affects the organization

2.Tax evasion is intentional reporting of false or misleading information on a tax return by an organization to reduce taxes owed.

3.Skimming involves stealing cash or assets from the organization and is normally concealed by adjusting the organization’s records

4Disbursement fraud occurs when a person causes the organization to issue a payment for fictitious goods or services

Options:

A.

1 and 3.

B.

1 and 4

C.

2 and 3.

D.

2 and 4

Buy Now
Questions 145

During which phase of the contracting process are contracts drafted for a proposed business activity’

Options:

A.

Initiation phase.

B.

Bidding phase.

C.

Development phase.

D.

Management phase

Buy Now
Questions 146

Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?

Options:

A.

To gain access to a wider variety of skills, competencies and best practices.

B.

To complement existing expertise with a required skill and competency for a particular audit engagement.

C.

To focus on and strengthen core audit competencies.

D.

To provide the organization with appropriate contingency planning for the internal audit function.

Buy Now
Questions 147

During an entity-level controls assessment, internal auditors deploy an internal control questionnaire to test the controls. Which of the following is a major drawback of this testing method?

Options:

A.

Information obtained by this method can be repudiated.

B.

Information obtained by this method is difficult to quantify.

C.

It is an inefficient method of gathering evidence.

D.

Limited information can be gathered with this method.

Buy Now
Questions 148

Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large organization?

Options:

A.

The internal assessment results should be discussed once every five years

B.

The rating conclusions and the impact from results of the external assessment should be explained

C.

The results of the external assessment should be discussed every seven years.

D.

The qualifications and independence of the internal assessment team should be discussed

Buy Now
Questions 149

Which of the following statements is true regarding engagement planning?

Options:

A.

The scope of the engagement should be planned according to the internal audit activity ' s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational managements view of risk objectives

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence

Buy Now
Questions 150

Which of the following statements best explains why an internal auditor should pay attention to retained earnings of an organization?

Options:

A.

Retained earnings indicate the amount of potential dividends to be paid out to new investors.

B.

Retained earnings represent the amount of excess cash available in the organization.

C.

Retained earnings demonstrate that the organization was able to generate working capital from its own activities.

D.

Retained earnings constitute the main criterion used by ratings agencies to assess an organization.

Buy Now
Questions 151

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

Options:

A.

Increased access to the organization’s employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization ' s key business processes.

D.

Increased access to the organization’s software and proprietary data.

Buy Now
Questions 152

Which of the following is a true statement regarding whistleblowing?

Options:

A.

Whistleblowing is one of several possible ethical structures an organization can undertake to encourage ethical behavior.

B.

Whistleblowing programs help employees deal with ethical questions and instill ethical values into everyday behavior

C.

Whistleblowers are current or former employees who are disgruntled and looking to retaliate.

D.

Whistleblowers should inform the organization about actual criminal circumstances, not assumed allegations.

Buy Now
Questions 153

The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?

Options:

A.

Contract with the software vendor to provide an appropriate resource.

B.

Ask for a knowledgeable resource from the IT department.

C.

Make use of an external service provider.

D.

Request audit resources through the external auditor.

Buy Now
Questions 154

A chief audit executive (CAE) is trying to balance the internal audit activity ' s needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?

Options:

A.

Strategic sourcing

B.

Loan staff arrangement

C.

Flat organizational structure

D.

Hierarchical organizational structure

Buy Now
Questions 155

In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?

Options:

A.

The effectiveness of process-level and transaction-level controls.

B.

Conflicts of interest within the organizational structure of the senior management.

C.

The alignment of management decisions with the level of risk the organization is willing to accept.

D.

The actions of upper management in response to the internal audit acth/lty ' s reporting

Buy Now
Questions 156

In which of the following ways can the internal audit activity new engagement opportunities?

Options:

A.

By defining activities by business processes.

B.

By looking external factors such as product complaints.

C.

By looking at activities by businesses cost centers.

D.

By defining activities by the organization chart.

Buy Now
Questions 157

According to HA guidance on IT, which of the following actions would be performed as part of the " Define IT Universe " stage of the IT audit plan development process?

Options:

A.

Identify significant applications that support the business operations

B.

Assess risk and rank subjects using business risk factors

C.

Identify how the organization structures its business operations

D.

Select audit subjects and bundle into distinct audit engagements

Buy Now
Questions 158

Which of the following statements is false regarding audit criteria?

Options:

A.

Audit criteria should be consistent across audit assignments.

B.

Audit criteria should represent reasonable standards against which to assess existing conditions.

C.

Audit criteria should provide flexibility but allow identification of nonadherence.

D.

Audit criteria should equate to good or acceptable management practices.

Buy Now
Questions 159

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a charitable contribution from the organization. Which of the following methods would best help meet this objective?

Options:

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee ' s final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions.

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities.

Buy Now
Questions 160

During follow-up, the chief audit executive (CAE) is having a discussion with management about the internal audit team ' s recommendations related to a significant issue Management accepted the issue but took no remedial action What is the next step for the CAE?

Options:

A.

The CAE should reassess and validate the risk tolerance policy

B.

The CAE should escalate the issue to senior management .

C.

The CAE should reiterate the internal audit team ' s recommendations to management .

D.

The CAE should grant management more time to implement the recommendation and check the status of the issue during the next scheduled follow-up.

Buy Now
Questions 161

A senior IT auditor is performing an audit of inventory valuation. The auditor misinterprets the sampling results. Which of the following best describes this situation?

Options:

A.

Sampling risk.

B.

Control risk.

C.

Nonsampling risk.

D.

Residual risk.

Buy Now
Questions 162

The objective of an upcoming engagement is to review the wind park projects and assess compliance with established project management principles. Which of the following is most likely to be the aim of the engagement work program?

Options:

A.

Evaluate the application of project management guidance in the development of wind parks.

B.

Identify key risks and mitigation plans pertaining to the management of wind parks.

C.

Assess whether development of wind parks is compliant with relevant legal acts and international best practices.

D.

Review the wind park development strategy and compare its goals with operational targets and metrics.

Buy Now
Questions 163

Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?

Options:

A.

Advance notice may result in management making corrections to reduce the number of potential deficiencies.

B.

Previous management action plans addressing prior internal audit recommendations remain incomplete.

C.

The engagement includes audit assurance procedures such as sensitive or restricted asset verifications.

D.

The audit engagement has already been communicated and approved through the annual audit plan.

Buy Now
Questions 164

An audit observation states the following:

" Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history "

Which of the following components are missing in the observation?

Options:

A.

Cause and effect.

B.

Effect and criteria

C.

Condition and cause

D.

Criteria and condition.

Buy Now
Questions 165

Which of the following statements is true regarding engagement planning?

Options:

A.

The scope of the engagement should be planned according to the internal audit activity’s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational management ' s view of risk objectives.

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence.

Buy Now
Questions 166

During the filework phase of an assurance engagement the internal auditor decides that she wants to adjust the audit work program. Which of the following is the most appropriate next step for the auditor to take9

Options:

A.

Request additional information needed from management of the area under review.

B.

Obtain approval from the engagement supervisor

C.

Obtain the required resources, including IT. to complete the work

D.

Discuss the change in scope with management of the area under review.

Buy Now
Questions 167

Which of the following should be included in a privacy audit engagement?

1. Assess the appropriateness of the information gathered.

2. Review the methods used to collect information.

3. Consider whether the information collected is in compliance with applicable laws.

4. Determine how the information is stored.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Buy Now
Questions 168

An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization ' s board under which of the tollowing circumstances ' ?

1. In the opinion of the CAE the level of residual risk assumed by senior management is too high

2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales

3. The cost of modifying the sales system to include a preventive control is less than S100.000

Options:

A.

1 only

B.

3 only

C.

1 and 3 only

D.

1, 2, and3

Buy Now
Questions 169

According to IIA guidance, which of the following statements about analytical procedures is true?

Options:

A.

Analytical procedures compare information against expectations.

B.

Analytical procedures begin after the engagement’s planning phase.

C.

Analytical procedures provide internal auditors with explainable results.

D.

Analytical procedures are computer-assisted audit techniques.

Buy Now
Questions 170

Which of the following is the most important determinant of the objectives and scope of assurance engagements?

The organizational chart, business objectives, and policies and procedures of the area to be reviewed

Options:

A.

The most recent risk assessment conducted by management of the area to be reviewed.

B.

The requests of operational and senior management throughout the organization.

C.

The preliminary risk assessment performed by internal auditors planning the engagement.

Buy Now
Questions 171

Which of the following statements concerning workpapers is the most accurate?

Options:

A.

The organization and the format of workpapers is the same for all engagements

B.

The extent of what is included in workpapers is a matter of professional judgment

C.

Workpapers should be complete so that every conceivable question that can be raised should be answered

D.

Copies of operational managements records should not be included, but referenced so that they can be located

Buy Now
Questions 172

According to IIA guidance, which of the following describes the primary reason the chief audit executive (CAE) should actively network and build relationships with senior management and the board?

Options:

A.

To fulfill the CAE ' s responsibility to keep the board appropriately informed.

B.

To expand the CAE ' s understanding of management issues.

C.

To help maintain the objectivity of the internal audit activity.

D.

To increase opportunities to demonstrate the internal audit activity performance.

Buy Now
Questions 173

Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?

Options:

A.

There is no risk management and control process and risk management is solely tie responsibility of operational managers

B.

The organisation’s code of conduct is distributed to employees each year however employees are not required to attest that they will operate In compliance with the code.

C.

Reconciliation of planned board meeting agendas to meeting minutes finds that one meeting was canceled, and the agenda topics were covered at the following meeting.

D.

The review of the five-year strategic plan shows that the details of the plan have not been dearly communicated to employees throughout the organization

Buy Now
Questions 174

According to IIA guidance, which of the following statements are true regarding the internal audit plan?

1. The audit plan is based on an assessment of risks to the organization.

2. The audit plan is designed to determine the effectiveness of the organization ' s risk management process.

3. The audit plan is developed by senior management of the organization.

4. The audit plan is aligned with the organization ' s goals.

Options:

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4

D.

1, 3, and 4

Buy Now
Questions 175

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9

Options:

A.

Mitigating risks affecting achievement of organizational objectives.

B.

Enabling opportunities affecting achievement of organizational objectives.

C.

Analyzing and advising regarding costs versus benefits of control activities.

D.

Attesting to fairness of financial statements

Buy Now
Questions 176

An internal auditor is performing a review of an organization ' s vendor for any possible conflicts of interest. Which of the following would provide the greatest assistance to the auditor in meeting this objective?

Options:

A.

Vendor contracts.

B.

Employee master list.

C.

Payment records.

D.

Purchasing policy.

Buy Now
Questions 177

When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?

Options:

A.

The overall adequacy of the internal audit activity ' s resources

B.

The availability of guest auditors for the engagement

C.

The number of internal auditors used for the previous review of the same area.

D.

The available resources with the specific skill set required

Buy Now
Questions 178

A financial services organization ' s CEO requests that the internal audit function carry out fraud scenario testing over the supplier payment process. The engagement supervisor intends to identify these scenarios using a technique that motivates the sharing of ideas. Which of the following provides the internal audit function with this information?

Options:

A.

Fraud risk matrix

B.

Benchmarking

C.

Brainstorming

D.

Walkthroughs

Buy Now
Questions 179

An internal auditor is planning a consuming engagement and the objective is to identify opportunities to improve the efficiency of the organization’s procurement process. The auditor is preparing to conduct a preliminary survey of the area. Which of the following approaches would be most useful to obtain relevant information to support the engagement objective?

Options:

A.

Complete a transaction walkthrough fiat focuses on the design and operation of financial reporting controls

B.

Conduct interviews with senior management to obtain their input and insights regarding operational controls.

C.

Perform a comprehensive review of the organization s existing policies and standard operating procedures.

D.

Review the procurement process map w*h employees who carry out key activities to obtain their input and insights.

Buy Now
Questions 180

Which of the following would be the most effective fraud prevention control?

Options:

A.

Email alert sent to management for checks issued over S100.000.

B.

installation of a video surveillance system in a warehouse prone to inventory loss

C.

New hire training to explain fraud and employee misconduct.

D.

Daily report that Identifies unsuccessful system log-in attempts

Buy Now
Questions 181

A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?

1. Graded positive opinion.

2. Negative assurance opinion.

3. Limited assurance opinion.

4. Third-party opinion.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Buy Now
Questions 182

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

Options:

A.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

B.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

C.

The auditor should get permission to extend the current engagement, and with the process owner ' s approval, perform the improvement task.

D.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Buy Now
Questions 183

A bank uses customer departmentalization to categorize its departments. Which of the following groups best exemplifies this method of categorization?

Options:

A.

Community, institutional, and agricultural banking

B.

Mortgages, credit cards, and savings.

C.

South, southwest and east.

D.

Teller, manager, and IT specialist

Buy Now
Questions 184

The chief audit executive (CAE) for a manufacturing company included in this year s audit plan a review of the company ' s laboratory, using an experienced external service provider. The audit plan was approved by the audit committee without any changes At the time of engaging the external service provider, the CAE also secured the approval from the CEO. Who is responsible for ensuring that the conclusions reached for this exercise are adequately supported7

Options:

A.

Audit committee

B.

CEO

C.

CAE.

D.

External service provider

Buy Now
Questions 185

Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?

Options:

A.

To evaluate controls regarding the computer security of an oil refinery.

B.

To examine the processes involved in exploring, developing, and operating a gold mine.

C.

To assess the likelihood and impact of events associated with operating a finished goods warehouse.

D.

To link a financial institution ' s business objectives to a work unit responsible for the associated risk.

Buy Now
Questions 186

A compliance engagement is underway, and management of the activity under review has asked the internal auditor to provide regular status updates and information regarding preliminary observations before the engagement is complete. Which of the following would be the internal auditor’s most appropriate response?

Options:

A.

The auditor should accommodate the request for information and brief management on significant preliminary observations as they develop.

B.

The auditor should advise management that the requested information cannot be communicated until the engagement is complete and the results undergo a quality check by the engagement supervisor.

C.

The auditor should share the requested information but clearly communicate that it is not appropriate for him to correct any observations based on further information that may be provided by management.

D.

The auditor should partially accommodate the request, explaining that he can provide status updates regarding the engagement procedures and timeline but he is unable to provide information regarding preliminary observations.

Buy Now
Questions 187

Which of the following statements is true regarding internal control questionnaires (ICQs)?

Options:

A.

ICQs are most useful in more organic, decentralized organizations with specialized departmental or regional characteristics.

B.

An ICQ can be used effectively either by sending it in advance for management of the area under review to complete or by testing each procedure and recording the results.

C.

An ICQ is not an efficient tool, as it can only inquire about controls and it does not test them.

D.

ICQs are also known as checklist audits and encourage management of the area under review to answer " no " or " yes " more accurately.

Buy Now
Questions 188

An internal auditor of a construction organization found that completed inspection results, required by the organization ' s policy, were missing from the computer system. Which of the following, if included in the audit report, would demonstrate that the auditor performed a root cause analysis of this observation?

Options:

A.

Some inspection results were missing from the computer system.

B.

The results of lengthy inspections were more likely to be omitted from the computer system.

C.

Flaws in the computer system prevented employees from saving their inspection results.

D.

Employees did not ensure that inspection results were completed in the computer system.

Buy Now
Questions 189

Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?

Ensure encryption keys meet ISO standards.

Determine whether an independent review of the service provider ' s operation has been conducted.

Verify that the service provider’s contracts include necessary clauses.

Verify that only public-switched data networks are used by the service provider.

Options:

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Buy Now
Questions 190

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

Options:

A.

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.

Oversight of the coordination between the internal audit activity and independent outside auditors

C.

The internal audit activity ' s purpose, authority, responsibility, and performance relative to plan.

D.

Management ' s assertions regarding the system of internal controls.

Buy Now
Questions 191

How should an internal auditor approach preparing a detailed risk assessment during engagement planning?

Options:

A.

Complete the risk assessment independently to prevent conflicts of interest with the function being reviewed.

B.

Work with external auditors to ensure that the risk assessment includes items reflected on the independent auditor ' s report.

C.

Work with management of the function being reviewed, as management would be most familiar with the business objectives and related risks.

D.

Consult with the compliance department, which typically has a more comprehensive view of the organization.

Buy Now
Questions 192

What information would be most useful to an internal auditor who is attempting to identify specific processes to include in the scope of an assurance engagement?

Options:

A.

Recent organizationwide recognition awards given to employees within the area.

B.

The timing of the most recent audit of the area.

C.

Management ' s presentation to the board regarding recent area achievements.

D.

Recent area performance indicators against productivity metrics.

Buy Now
Questions 193

An internal auditor is assessing the organization ' s risk management framework. Which of the following formulas should he use to calculate the residual risk?

A) IIA-CIA-Part2 Question 193

B)IIA-CIA-Part2 Question 193

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 194

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Buy Now
Questions 195

What type of audit engagement would be the most appropriate to determine how an organization could be more profitable in the long term?

Options:

A.

Operational audit

B.

Compliance and financial audit

C.

Performance audit

D.

Quality audit

Buy Now
Questions 196

Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?

Options:

A.

Cost-benefit analysis of management not implementing a recommendation to address an observation.

B.

Inquiry of corrective action to be completed within a certain period.

C.

Reporting the status of every observation for every engagement in a detailed manner.

D.

Soliciting management’s feedback after completion of the audit engagement.

Buy Now
Questions 197

The internal audit manager has been delegated the task of preparing the annual internal audit plan for the forthcoming fiscal year All engagements should be appropriately categorized and presented to the chief audit executive for review Which of the following would most likely be classified as a consulting engagement?

Options:

A.

Evaluating procurement department process effectiveness

B.

Helping in the design of the risk management program

C.

Assessing financial reporting control adequacy

D.

Reviewing environmental, social, and governance reporting compliance

Buy Now
Questions 198

During an audit of suspense accounts the internal auditor found that there were no written policies on how suspense accounts should be treated. The auditor also found that suspense account balances were cleared once per week, not daily. Which of the following is the most appropriate first response by the auditor?

Options:

A.

The auditor should conclude that suspense accounts were not being cleared on a timely basis because they should be cleared daily

B.

The auditor should ask management whether any undocumented policies exist and. if so, determine whether they are adequate

C.

The auditor should conclude that the clearing of suspense accounts was timely and appropriate because weekly clearing is sufficient.

D.

The auditor should rely on his professional judgment and experience to develop criteria for evaluating the existing controls over suspense accounts

Buy Now
Questions 199

In which of following scenarios is the internal auditor performing benchmarking?

Options:

A.

The auditor compares information from one period with the same information from the poor period

B.

The auditor compares new information to his general knowledge of the organization

C.

The auditor compares information he collected with simmer information from another source

D.

The auditor compares expected outcomes with actual results

Buy Now
Questions 200

A company makes a product at a cost of $26 per unit, of which $10 is fixed cost. The product is usually sold for $30 per unit; however, the company has been approached by a new customer who would like to purchase 3,500 units for $18 each Further, the company would Incur additional cost to deliver the units to this customer If the company has the excess manufacturing capacity and all other factors are constant, what is the additional cost that the company would Incur in order to make a profit of $1.50 per unit for this order?

Options:

A.

$0.50

B.

$1.50

C.

$2 50

D.

$3.50

Buy Now
Questions 201

The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management ' s corrective actions Doing so would help the CAE assess which of the following?

Options:

A.

Disclosure risk.

B.

Residual risk

C.

Compliance risk

D.

Inherent risk

Buy Now
Questions 202

Which of the following is the most appropriate objective for establishing a professional development plan for the internal audit activity?

Options:

A.

A plan that focuses on furthering the independence of the internal audit activity.

B.

A plan that ensures internal auditors collectively possess expertise in various fields to avoid outsourcing.

C.

A plan based on individual preferences and proposals, which helps internal auditors achieve greater success.

D.

A plan that focuses on filling gaps in the current skills needed to complete audit objectives.

Buy Now
Questions 203

Which of the following engagement techniques would be best to meet the objective of denting a personal conflict -of -interest situation affecting an organization’s procurement function?

Options:

A.

Inquiry

B.

Analytical review

C.

Observation

D.

Inspection of documents

Buy Now
Questions 204

During a consulting engagement an internal auditor wants to determine whether all principal stakeholders are involved in a project. Which tool should the auditor use?

Options:

A.

RACI (responsible, accountable, consult and inform) chart

B.

Flowchart

C.

SWOT{strengths. weaknesses opportunities, and threats) analysis

D.

Workflow analysis

Buy Now
Questions 205

According to IIA guidance which of the following statements is true regarding heat maps?

Options:

A.

A heat map sets likelihood to have higher priority than impact.

B.

A heat map sets impact to have higher priority than likelihood.

C.

A heat map recognizes that the priority of impact and likelihood can vary.

D.

A heat map recognizes impact and likelihood as equally important

Buy Now
Questions 206

An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.

Which of the following techniques will help the audit team achieve this sampling objective?

Options:

A.

Systematic sampling.

B.

Stratified sampling.

C.

Stop-or-go sampling

D.

Discovery sampling.

Buy Now
Questions 207

According to IIA guidance, which of the following would be considered necessary for a one-person audit function?

Options:

A.

A formalized technical audit manual

B.

A written administrative audit manual

C.

A memorandum stating policies and procedures

D.

A comprehensive policy and procedure manual

Buy Now
Questions 208

An internal auditor determined that the organization ' s accounting system was designed to reject duplicate invoices if they were issued with identical invoice numbers. However, if an invoice number was changed by at least one digit, the system would accept the duplicate invoice as new. Which of the following would be the most appropriate criteria to refer to in the audit observation?

Options:

A.

Each invoice for goods or services acquired by the organization must be recorded only once in the accounting system.

B.

The accounting system lacks efficient controls for the identification of duplicate invoices.

C.

Disbursements may be made inappropriately, and liabilities may be overstated.

D.

The accounting system is at the end of its lifetime and is no longer developed by the provider.

Buy Now
Questions 209

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

Options:

A.

Leadership

B.

Documentation.

C.

Analysis.

D.

Reporting

Buy Now
Questions 210

When forming an opinion on the adequacy of management ' s systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?

• During an audit of the hiring process in a law firm, it was discovered that potential employees ' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.

• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.

• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.

• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Buy Now
Questions 211

During the planning stage of an assurance engagement, an internal auditor has been assigned to prepare a risk matrix. Which of the following should the internal auditor consider when attempting to identify process-level risks?

Options:

A.

Possible tests

B.

Possible scenarios

C.

Possible controls

D.

Possible samples

Buy Now
Questions 212

Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization ' s risk management program?

Options:

A.

Identifying and managing risks in line with the entity ' s risk appetite.

B.

Ensuring that a proper and effective risk management process exists.

C.

Attaining an adequate understanding of the entity ' s key mitigation strategies.

D.

Identifying and ensuring that appropriate controls exist to mitigate risks.

Buy Now
Questions 213

Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

Options:

A.

There is a higher reliance on organizational culture

B.

There are clear expectations set for employees.

C.

There are electronic monitoring techniques employed

D.

There is a defined code for employee behavior

Buy Now
Questions 214

Which of the following represents a ratio that measures short-term debt-paying ability?

Options:

A.

Debt-to-equity ratio

B.

Profit margin

C.

Current ratio

D.

Times interest earned

Buy Now
Questions 215

When addressing the excessive overtime being paid lo employees in an organization ' s customer service call center, which of the following would be most relevant for the internal auditor to use?

1 Confirmation.

2. Trend analysis.

3 External benchmarking

4. Internal benchmarking

Options:

A.

1.2 and 3

B.

1.2. and 4.

C.

1.3. and 4.

D.

2. 3. and 4.

Buy Now
Questions 216

During an operational audit of the cash receipts process, internal auditors uncovered many red flags related to possible misappropriation of cash and other cash-flow problems indicative of potential employee fraud. Which of the following statements is true regarding the follow-up investigative audit?

Options:

A.

The audit team that conducted the operational audit must also conduct the investigative audit.

B.

The investigative audit must be conducted by an independent third-party service provider.

C.

To preserve objectivity, auditors who participated on the initial operational audit engagement team must not partake in the investigative audit.

D.

The investigative audit engagement team must include at least one auditor who possesses fraud-related skills and competencies.

Buy Now
Questions 217

Which of the following approaches to understanding business processes is conducted from a broad organizational perspective and has the greatest risk of overlooking processes that are ultimately critical?

Options:

A.

Process narrative.

B.

Process mapping.

C.

Bottom-up.

D.

Top-down.

Buy Now
Questions 218

When is an organic organizational structure likely to be more successful than a mechanistic organizational structure?

Options:

A.

When a manufacturing organization has stable demand for its products.

B.

When an organization is subjected to strong political and social pressures

C.

When a manufacturer has reliable resources and suppliers.

D.

When an organization is infrequently affected by technological advances

Buy Now
Questions 219

Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?

Options:

A.

Comparing the current ratio of the subsidiary with the current ratio of another company for the same period

B.

Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods

C.

Comparing the sales of the subsidiary with the sales of another subsidiary for the last two periods.

D.

Comparing the sales of the subsidiary with the budgeted figures for the last two periods

Buy Now
Questions 220

Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?

Options:

A.

Proposing fine item recommendation lot the annual financial budget of the accounting department

B.

Making recommendations regarding financial approval authority limits for the operations department

C.

Validating whether employees are following established policies and procedures in the procurement department

D.

Generating expense report metrics for employees in the finance department

Buy Now
Questions 221

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management ' s response to audit recommendations?

Options:

A.

Evaluate and verify management ' s response, and determine the need and scope for additional work.

B.

Evaluate and verify management ' s response, and establish timelines for corrective action by management.

C.

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

Buy Now
Questions 222

During the planning phase of an assurance engagement, the internal audit engagement team identifies and evaluates the inherent fraud risks within the procurement function. What should be the engagement team’s next step?

Options:

A.

Identify and map existing controls to their relevant inherent fraud risks

B.

Detect fraudulent activities in the activity under review for the audited period

C.

Select the appetite level for each inherent fraud risk

D.

Evaluate and respond to residual fraud risks that need to be mitigated

Buy Now
Questions 223

An organization ' s healthcare insurance costs have been rising approximately 10 percent per year for several years. Which of the following analytical review procedures would best evaluate the reasonableness of the increase in healthcare costs?

Options:

A.

Develop a comparison of the costs incurred with similar costs incurred by other organizations.

B.

Obtain the government index of healthcare costs for the comparable period of time and compare the rate of increase with that of the cost per employee incurred by the organization.

C.

Obtain a bid from another healthcare administrator to provide the same administrative services as the current healthcare administrator.

D.

Review all claims and compare with appropriate procedures to ensure that overpayments have not occurred.

Buy Now
Questions 224

An internal auditor is assigned to validate calculations on the organization ' s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?

Options:

A.

Generalized audit software.

B.

Utility software

C.

integrated test facilities

D.

Audit expert systems

Buy Now
Exam Code: IIA-CIA-Part2
Exam Name: Internal Audit Engagement
Last Update: Jul 18, 2026
Questions: 747

PDF + Testing Engine

$64.99   $185.69

Testing Engine

$49.99   $142.83

PDF (Q&A)

$54.99   $157.11