IIA-CIA-Part2 Practice of Internal Auditing Questions and Answers

Ensure that internal audit recommendations are practical, cost-effective, and value-added

Ensure that internal audit conclusions am based on sufficient and reliable evidence

Ensure that risks to the timely completion of the engagement are assessed

Ensure that performance assessments are completed for audit team members

A completed engagement workpaper review checklist.

The supervisor's review notes on engagement workpapers.

The email exchanges between the audit team and the supervisor.

A supervisor's approval of resources allocated to the engagement

Assess controls for potential compliance issues that may affect me consolidation

Brief vendors on the potential risks that will occur without continued business

Advise division managers on how to streamline operations for better efficiency

Determine whether the organization’s controls are effective in meeting business objectives

Solicit the services of a specialist information systems auditor

Obtain the most current approved copies of the organization's privacy policy

Consult with legal counsel about new privacy laws to establish appropriate criteria

Consider the detection risk of noncompliance with the laws

Comer of competence

Career model

Rotational model

Cosourcing agreement

Uphold the quality of the internal audit actively

Provide engagement progress updates to management of the area under review

Assure risks and controls are identified and assessed

Ensure timely completion of the engagement

The best source tor detailed process information is senior management

Audit objectives should be general and do not change.

Computer-assisted audit techniques are typically not useful during engagement planning

Internal auditors should prepare a dented audit program for testing controls

Select a sample of invoices for substantive testing

Review the contract for evidence of authorization

Document underlying reasons for noncompliance

Assess the inherent risk of paying duplicate invoices

It will be difficult to quantify the information obtained through this approach

This approach does not help the auditor learn about the existence of controls

It takes the auditor a long time to assess the relevant controls using this approach

Information on control functionality is limited

Information that is factual adequate and convincing

Information that is best attainable through the use of appropriate engagement techniques

Information that supports engagement objectives and recommendations

Information that helps the organization meet its goals

The results of individual engagements do not support a satisfactory opinion on the effectiveness of internal control.

The results of the individual engagements do not support a positive assurance opinion on the effectiveness of internal control

The audit risk and associated legal implications increase

The reliance on other assurance providers increases

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

Reassign information systems auditors to assist in implementing management's action plan.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

To demonstrate good project oversight

To provide timely discussion of results

To demonstrate internal auditor proficiency

To follow up on previously requested information

Switch the existing assurance engagement into a fraud investigation engagement

Extend the audit scope and perform additional testing of controls on other related areas

Review the poor year's transaction volume and amounts paid compared to the poor year's budget

Perform data analytics on the supplier's information, invoiced amounts, and payments performed

Stratifying the customer information

Extracting the customer information

Filtering the customer information

Sorting the customer information

Infrastructure.

Emerging.

Managed.

Initial.

Judgmental sampling

Random sampling

Discovery sampling

Statistical sampling

Criteria

Condition

Cause

Effect

Conduct a joint brainstorming session with management.

Ask the chief audit executive to mediate.

Disclose the client's differing opinion in the final report.

Escalate the issue to senior management for a decision.

Confirmation and financial statement analysis

Reperformance and inspection

Vouching and tracing

Trend analysis and benchmarking

Ratio analysis

Vertical analysis

Benchmarking

Cost-benefit analysis.

Document in the engagement workpapers the rationale for changing the scope.

Confirm that the scope change would align to the organization's objectives and goals

Confirm that the internal audit activity continues to have the necessary knowledge and skills

Seek approval from the chief audit executive for the proposed scope change

To identify the greatest risks organizationwide

To ensure that the engagement work program covers all risk areas

To ensure that risks identified during previous audits of the area have been adequately addressed

To ensure that significant risks are included in the engagement scope

Ratings are only used to assess the condition of an observation made by an internal auditor.

Audit findings may be communicated to management prior to issuance of the final approved audit report.

Communications must be relevant logical, and free from errors before they are disseminated.

The audit report must present the information in the following order (1) audit scope, (2) engagement objectives, and (3) engagement results

Discuss the internal audit risk assessment including applicable risks and objectives with internal audit management

Perform a walk-through of the process under review to determine whether control wore operating, effectively

Identify when controls will be tested and the sampling method to be used based on control risk

Meet with operational management to team about any areas of concern and to agree on the engagement objectives

During the inspection of a wind turbine. an internal auditor notices that some replaced parts took used According to purchase documents, the parts still have a long lifespan.

The auditor believes that the audit client's actions contradict the organization's code of conduct The audit client disagrees and says his actions are for the organization's benefit

An audit team member is allocated to conduct an assurance engagement m the sales unit. However, the same auditor performed an assurance engagement in that area just one year prior

During an inventory count, the auditor ascertained that some goods were missing. The audit client argues that the auditor does not understand how inventory should be counted

The organizational chart, business objectives and policies and procedures of the area to be reviewed.

The most recent risk assessment conducted by management of the area to be reviewed.

The requests of operational and senior management throughout the organization.

The preliminary risk assessment performed by internal auditors planning the engagement

Integrity.

Flexibility.

Initiative.

Curiosity.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

All completed training costs, and the cost of actual production hours completed to date.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

All completed training costs, and 50% of the contracted production costs.

These are weaknesses resulting from a lack of a documented contracting policy

Substandard service delivery by vendors may not be detected

Management should expedite actions to rectify the observations identified

The internal controls guiding contract management are not operating effectively

The level of control is appropriate given the level of risk

The level of control is excessive given the level of risk

The level of control is inadequate given the level of risk

There is not enough of information to determine whether the controls are appropriate or not

Audit criteria should be consistent across audit assignments.

Audit criteria should represent reasonable standards against which to assess existing conditions.

Audit criteria should provide flexibility but allow identification of nonadherence.

Audit criteria should equate to good or acceptable management practices.

Create a tracking system for follow up

Ensure that follow-up activities are performed at least weekly.

Delegate follow-up activities to qualified administrative staff within the business unit

Ensure that follow-up activities are performed by the most senior auditor on staff

Having no active role or involvement in the risk management process.

Auditing the risk management process for reasonableness.

Coordinating and managing the risk management process.

Participating with management in identifying and evaluating risks.

Independently evaluating conflicts of interests.

Assessing contracts for relevant terms and conditions.

Performing statistical analysis for data anomalies.

Preparing evidentiary documentation.

Compare purchase orders generated from test data input into the LAN with purchase orders generated from production data for the most recent period

Develop a report of excess inventory and compare the inventory with current production volume

Compare the pans needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Previous performance of the subsidiary specifically its financial results over the last three years and the outcome of external audit reviews

The results of previous internal audits of the subsidiary the recommendations provided and whether the recommended actions have been implemented

Organizational strategy objectives, risks, control framework and the expectations of stakeholders regarding the audit

The qualifications and competencies of the subsidiary's management team and their understanding of risk and control

Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.

Confirm the decision with management and document this decision in the audit file.

Document the issue in the audit file and follow up until the issues are resolved.

Initiate an assurance engagement on the unresolved issues.

Inform senior management of the appropriate actions they should take to control the risk

Recommend that the internal audit activity provide consulting services to help minimize the risk

Assume the responsibility of resolving the significant risk that will affect the organization

Determine whether senior management accepted risk that may be deemed unacceptable for the organization

A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.

A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.

A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.

A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.

The audit supervisor should include the new contracts in the finding for the final audit report.

The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.

The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.

The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.

Comparing the current ratio of the subsidiary with the current ratio of another company for the same period

Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods

Comparing the sales of the subsidiary with the sales of another subsidiary for the last two periods.

Comparing the sales of the subsidiary with the budgeted figures for the last two periods

Strategic plans reflect the organization's business objectives and overall attitude toward risk.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

Strategic plans are likely to show areas of weak financial controls.

The strategic plan is a relatively stable document on which to base audit planning.

Define the duties and responsibilities needed from management to perform the engagement.

Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of the review.

Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee.

Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.

Enter into long-term gasoline purchase agreements with end customers.

Trade crude oil derivatives at financial markets in order to benefit from price fluctuations

Purchase crude oil-related derivatives such as futures or options

Stock as much raw materials as possible and consider Investing into additional facilities

Compare purchase orders generated from test data input into the LAN with purchase orders generated from production data for the most recent period

Develop a report of excess inventory and compare the inventory with current production volume

Compare the pans needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Defer the engagement until a system of internal control has been established

Change the scheduled engagement from assurance to consulting to help correct the shortcomings

Add a consulting component to the already scheduled assurance engagement

Seek the involvement of the external auditor to assist with improving the internal controls

The CAE must establish a follow-up process tor both assurance and consulting engagements to monitor that management actions have been effectively implemented to address observations

The CAE must communicate the results of assurance and consulting engagements lo whoever can ensure that the results are given due consideration.

The CAE must acknowledge satisfactory performance when communicating the results of assurance and consulting engagements

The CAE may delegate the responsibility for communicating the results of consulting engagements although this responsibility cannot be delegated for assurance engagements

The calculated statistical sample size is 50 however the internal auditor believes errors exist so he decides to increase the sample size to 80

The internal auditor traces serial numbers of computer equipment listed on an invoice to the fixed asset inventory

The internal auditor reviews the accounts payable manager's petty cash fund and vouchers

The internal auditor reviews the related invoice purchase order and receiving report for each sample selection

Determine whether there are any compensating controls in place to reduce the nsk to an acceptable level, and discuss this matter with management of the business area to determine which corrective action is needed

Test the control anyway to determine the likelihood that the control was not performed property, and discuss this matter with management of the business area to determine which corrective action is needed

Conclude that the process control environment is weak, issue a finding on this conclusion and report this finding to management of the business area

Confer with a second internal auditor to determine whether the control failure is legitimate issue a finding on this conclusion and report this finding to management of the business area