IIA-CIA-Part1 Questions and Answers

Appoint the chief audit executive as a member of the board.

Adopt written policies and procedures for the internal audit activity, approved by the board.

Ensure the chief audit executive reports administratively to the audit committee.

Establish the internal audit activity’s position within the organization in an audit charter.

Industry knowledge

Project management

Leadership skills

Risk assessments

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan

Despite significant corporate resources spent on CSR reporting investors generally do not rely on CSR information

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary

Typically operating management does not have a major role to play based on the public nature of reporting

Description of internal audit activity's responsibilities

Definition of internal auditing

Statement of internal audit activity's authonty

Description of internal audit activity's reporting structure

Outsourcing the payroll function

Installing cameras in the mailroom

Exiting a product line

Insuring all fixed assets

The ability to evaluate fraud risk

The ability to detect and investigate fraud

The ability to assess risk management strategies

The ability to create test databases

The CAE seeks senior management approval of the internal audit charter

The CAE obtains senior management's approval to hire staff

The CAE reports significant issues to the organization's CEO

The CAE provides the board with an annual budget for approval

The chief audit executive (CAE) must obtain competent advice and assistance if the internal audit activity lacks the knowledge, skills, or other competencies needed to complete the audit engagement

Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization and should have the expertise of a fraud investigator

Internal auditors need to have basic knowledge of key IT risks and controls and available technology-based audit techniques in order to perform their assigned work

The CAE must refuse a consulting engagement if the internal audit activity lacks the knowledge, skills, or other competencies needed to perform all or part of the engagement

Workshops.

Surveys.

Interviews.

Observation.

Leadership.

Documentation.

Analysis.

Reporting.

Ensure all subsequent audit reports include a disclaimer as to the lack of access to the board,

Focus on operational audit work and disregard lack of direct access to the members of the board.

Initiate changes to the internal audit charter to report to senior management for the time being,

Engage in written communications with the board and present relevant issues in writing

Discussions with the chief audit executive.

A listing of employee profiles and certifications.

Inquiry of external auditors.

Validation by human resources.

Residual.

Net.

Inherent.

Accepted.

Results of internal assessments need to be reported to the board at least once every five years.

The external assessor must present the findings from the external assessment to senior management and the board upon completion.

Deficiencies within the internal audit activity must be reported to the board as soon as they are noted.

Results of ongoing monitoring of the internal audit activity's performance must be reported to senior management and the board at least annually

Report the impairment to senior management

Discuss the impairment with the audit manager

Ascertain the best approach to disclose the impairment.

Decide on the extent of impact of the impairment

Periodic reinforcement of the internal audit activity's code of ethics disclosure practices.

External assessments of the internal audit activity every five years.

Audit committee review of every engagement report at the conclusion of the audit.

Internal audit charter approved by the board.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

The board is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported.

Management is responsible for ensuring that the organization’s CSR principles are communicated, understood, and integrated into decision-making processes.

Generally, CSR activities are limited to the management of the organization; thus, employees do not have a responsibility for ensuring the success of CSR objectives.

The engagement detected irregularities and noncompliance instances.

The engagement supervisor had no significant comments in the supervisory review.

The audit procedures were systematically planned, executed, and documented.

The engagement objectives were designed to assist the engagement client.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity

has addressed all areas of nonconformance and the audit committee has been notified.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.

Indicate that the internal audit activity operates in partial conformance with the Standards t as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.

Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to ail parties who received the original reports.

ISO 26000.

Global Reporting Initiative.

Open Compliance and Ethics Group.

COSO’s enterprise risk management framework

The internal assessment results should be discussed once every five years,

The rating conclusions and the impact from results of the external assessment should be explained,

The results of the external assessment should be discussed every seven years,

The qualifications and independence of the internal assessment team should be discussed

The effectiveness of process-level and transaction-level controls.

Conflicts of interest within the organizational structure of the senior management.

The alignment of management decisions with the level of risk the organization is willing to accept.

The actions of upper management in response to the internal audit activity's reporting

1 and 3.B.

1 and 4.

2 and 3.

2 and 4.

Integrity

Confidentiality

Objectivity

No violation was committed

Entity-level

Activity-level

Transaction-level

Process-level

1 and 2 only

2 and 3 only

2 and 3

1 3 and 4

The internal audit activity conducts a self-assessment that is validated by a qualified and experienced internal auditor and then schedules a qualified, independent external assessor

The board nominates an independent individual from senior management in the organization to conduct an assessment of the internal audit activity

An external auditor conducts an audit of the organization which includes information about the internal audit activity

The chief audit executive schedules a self-assessment and the board approves the results

An internal auditor who previously worked in the payroll department within the last year was intentionally excluded by the chief audit executive from the audit team assigned to a payroll audit

While performing a payroll audit an auditor became skeptical about significant payments made to a manager. The auditor sought to determine whether these payments were reasonable through discussion with a manager in a different department in the organization

The head of the payroll department being audited is a business partner of the engagement supervisor During the audit the engagement supervisor sought to maintain his objectivity by not participating in fieldwork

An auditor assigned to a payroll audit was unable to reperform some complex payroll computations for a small number of employees The sum of these payments was below the materiality thresholds provided so the auditor did not perform further tests

1 and 4 only.

2 and 3 only.

1. 2, and 3 only.

1, 3, and 4 only.

To provide guidance and solicit feedback on managing the internal audit activity as expected by various stakeholders.

To provide an understanding of the Mission of Internal Audit and The IIA's mandatory guidance elements.

To provide an update on the internal audit activity's quality of engagement supervision.

To provide information on existing internal audit planning, changes to the internal audit plan, and the rationale for the changes

Theft of cash after it is recorded in the books

Theft of cash before it is recorded in the books

Theft of assets through fictitious or inflated invoices

Theft of assets through false mileage travel logs and meal charges

External auditors.

Chief risk officer.

Operations management.

Board of directors.

Minor theft of less than $10,000, not involving senior management.

Theft using collusion for more than $10,000. but not involving senior management.

Denial of access to requested employees during an audit.

Discussion of replacement of the chief audit executive.

Determining whether any opportunity exists for senior executives to misappropriate property or funds

Planning and executing fieldwork In a complete and timely manner to identify all significant risks

Verifying whether the board of directors has implemented effective internal controls

Having senior management determine whether the degree of work planned is sufficient to meet engagement objectives

Identifying preventive and detective controls

Gathering information about the organization’s business activities to gain an understanding of fraud risks

Engaging in strategic reasoning to anticipate the fraud scheme

The use of brainstorming, management interviews, analytical procedures and review of prior frauds.

Functional and administrative responsibilities of internal audit activity.

Authority and objectivity of internal audit activity.

Independence and objectivity of internal audit activity.

Assurance and improvement of internal audit activity.

The primary purpose of a consulting engagement is to assess evidence and provide conclusions.

The internal audit activity determines the nature and scope of work for the specific consulting engagement

Internal auditors may provide consulting services relating to operations for which they had previous responsibilities.

It is not appropriate to communicate control issues identified during consulting engagements to the board

Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions.

The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff.

Security cameras that monitor cash handling at the register are not functioning.

The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff

To accurately conduct performance appraisals

To ensure that staff complete required continuing professional education credits annually.

To ensure that the resources needed to complete the audit plan are available.

To satisfy the audit committee requirements.

Internal auditors cannot provide consulting services related to operations for which they had previous responsibilities.

The nature of consulting services to be performed by internal auditors must be defined in the internal audit charter

If internal auditors have potential impairments to objectivity related to the proposed consulting engagement, the engagement must be declined.

If internal auditors lack the knowledge, skills, or other competencies needed to perform the consulting engagement, the engagement can proceed with proper disclosures.

The chief audit executive is responsible for deciding the priority of consulting services in the internal audit plan

The scope of consulting services is determined primarily by the internal auditor with input from management of the area under review

The board defines the internal audit activity’s responsibilities over consulting activities

Adding value to an organization requires the internal audit activity to initiate a consulting engagement

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct

The audit committee has reviewed the annual self-assessment results and approved the use of the clause

The self-assessment results were validated by a qualified external review team three years prior

The internal audit charter, approved by the audit committee requires conformance with the Standards