IIA-CIA-Part1 Essentials of Internal Auditing Questions and Answers

A plan to study for and obtain a certification in nonprofit management.

A deadline within the individual development plan to meet the overall engagement objectives.

A plan to perform a variety of engagements to develop general skills that could be used to assess environmental, social, and governance initiatives.

A request to attend the organization's committee meeting that is focused on strategic community awareness.

To recognize red flags that indicate fraud.

To recommend controls to prevent fraud.

To apply forensic auditing techniques to detect fraud.

To evaluate the potential for fraud.

Assign the new auditor to assist with conducting the fieldwork. but ensure that her work is reviewed by the CAE.

Assign the new auditor to assist with developing the audit program, but ensure that the audit program is executed by other audit staff.

Ensure that the new auditor's previous manager, and other close former coworkers, are excused during the audit.

Ensure that the new auditor is responsible only for the supervisory review, but not the execution of the audit field work.

Identify relevant fraud risk factors.

Identify potential fraud schemes.

Identify existing controls for preventing and detecting fraud.

Identify red flags by conducting data analysis.

Making sure employees are exempt from participating in control creation

Implementing controls without lengthy explanations of their purpose

Developing general constricting controls rather than detailed ones

Not using controls to achieve goals

This situation does not necessitate any action related to the auditor's objectivity.

The auditor should decline to perform the audit because personal conflicts of interest are likely.

The auditor must disclose to the chief audit executive that this situation may impair her objectivity.

The auditor can provide only consulting services, not assurance.

The internal audit activity of a commercial bank routinely performs branch audits for compliance with regulations.

The internal audit activity participates in a cosourcing arrangement with an IT audit firm to test information systems security.

The internal audit activity facilitates biannual training of the risk management team in risk identification methodologies.

The internal audit activity partners with external auditors annually to complete fieldwork required as a part of the external audit exercise.

The organization s risk appetite mission, and objectives are dearly outlined.

The organization s risk management practices are assessed as mature.

The organization has adopted risk management frameworks and global models.

The organization s significant risks are identified and adequately assessed

Checking the progress of risk treatment plans

Considering the consequence and likelihood of risks

Documenting the risks and their areas of impact

Communicating to management about risks

Appoint the chief audit executive as a member of the board.

Adopt written policies and procedures for the internal audit activity, approved by the board.

Ensure the chief audit executive reports administratively to the audit committee.

Establish the internal audit activity’s position within the organization in an audit charter.

Fewer internal audits

More effective interviews

Automated risk management strategy tools

Reduced assurance costs

Undertaking audit work in an area where internal auditors lack the necessary skills.

Establishing an internal audit activity without documented policies and procedures.

Assigning compliance responsibilities to the chief audit executive.

Concluding that an internal control is effective without first obtaining evidence

Responsible for implementing CSR principles and overseeing of CSR performance.

Responsible for performing periodic internal self-verifications of reported CSR results.

Responsible for performing analysis and comparison of CSR reports and performance.

Responsible for ongoing CSR reporting and accomplishing of performance targets.

Statement of Independence.

Operating Procedures of Internal Auditing.

Definition of Internal Auditing.

Attestation of Quality Assurance.

An internal auditor delays reporting material financial statement audit findings until after his parents sell all of their stock in the company

Following the restructuring of the organization, the internal audit activity now reports functionally to the chief financial officer

A new member of the internal audit activity, who was the accounts payable supervisor for two years, is asked to consult on the implementation of a new accounts payable system

Believing there must be errors in a given balance sheet account the internal auditor decides to expand his testing

The organization has identified all applicable operational and financial risks.

The organization has documented its strategic and business objectives.

The organization has selected risk responses aligned with its risk appetite.

The organization has documented risk information pertinent to its business.

The job responsibilities of the warehouse employee compromise segregation of duties

Spare parts are written off before their actual usage and installation

Warehouse management is conducted on paper and requires further investigation

The inventory counts take place on specific days of the week for no apparent reason

Auditors must have an IT specialty in at least one of their organization's key information technology systems.

Auditors must be proficient in data analysis and computer assisted audit techniques for their organization.

Auditors must understand their organization's integrated test facilities and generalized audit software.

Auditors must understand their organization's IT governance, risk, and control processes.

Soft controls should not be audited due to subjectivity issues.

There are no effective tools to use for audits of soft controls.

Traditional testing is less suitable for soft controls assessment.

Management input is the best source for assessment of soft controls.

Sourcing of third parties does not follow public procurement law.

Violations of service conditions trigger either fines or termination.

Due diligence of third parties is conducted only after contract signing.

The right-to-audit clause is limited by personal data protection regulations.

Formally audit all governance activities.

Provide strategic guidance on the organizational processes to senior management.

Achieve agreement with the board regarding the range of activities, depth of review, and time period to include in the assessment.

Audit against the governance structures and practices widely used in the industry.

Staffing audit engagements with internal auditors who possess professional designations.

Relying on prior audit work to save planning time and costs.

Performing assurance procedures to guarantee all significant risks are identified.

Assessing the cost of assurance in relation to the potential benefits.

The risk and control model should be globally accepted by the profession.

The risk and control model should be strictly adhered to in performing the engagement.

The risk and control model should be tailored to the organization that will be the subject of the engagement.

The risk and control model should be developed individually by the auditor for use on individual audit projects within the planned engagement.

Are the performance targets in your department realistic and attainable?

Do your coworkers have the knowledge, skills, and training needed to perform their job duties?

Does your supervisor comply with laws and regulations affecting the organization?

Do you have sufficient resources, tools, and time to accomplish your work objectives?

Report the impairment to senior management

Discuss the impairment with the audit manager

Ascertain the best approach to disclose the impairment.

Decide on the extent of impact of the impairment

Examining the internal control effectiveness of the marketing department

Assessing the adequacy of the IT system's business process design

Facilitating a self assessment of the organizations business risk and control identification

Reviewing the application controls in the human resources system

Parties are confident of the solution and are ready to defend it.

There is a high level of trust among the parties.

Resolution is time sensitive and a quick decision is necessary.

The issue is more important to one patty than the others.

The auditor misunderstood the audit objectives.

The auditor lacked professional skepticism.

The auditor's fieldwork was not properly supervised.

The auditor lacked an understanding of the organization.

Recommend a control change and obtain management support.

Evaluate the potential Impact on related controls.

Address the risk with senior management and the board.

Develop and communicate the scope and evaluation criteria to be used by management.

The internal audit activity did not complete an external assessment within the last seven years

The internal audit activity performed an engagement with limited scope due to lack of knowledge

The internal audit activity failed to consider risk when conducting a review of a department

An internal auditor was assigned to an engagement m an area where she previously worked more than 10 years ago

The ability to inspire trust

The ability to communicate effectively

The ability to display courage

The ability to understand the needs of stakeholders