IIA-CIA-Part1 Questions and Answers

1 and 3 only.

2 and 4 only.

1,2. and 3.

2,3, and 4.

Obtaining assurance on external financial, regulatory, and internal audits.

Complying with laws, regulations, and codes.

Assigning authority and responsibilities organization wide.

Monitoring and measuring performance.

Internal auditors meet with operational management at each phase of the audit process.

Internal auditors adhere to The IIA’s Code of Ethics.

Internal auditors work collaboratively with their engagement team.

Internal auditors complete a program of continuing professional development.

The internal audit activity should not be responsible for developing the organization's risk management framework, even with appropriate safeguards.

The internal audit activity is typically responsible for alerting operational management to emerging risks and changes in regulatory scenarios

The internal audit activity may coach management on risk response scenarios if safeguards have been implemented.

The internal audit activity should avoid giving assurance regarding the accuracy of risk evaluations if safeguards have not been implemented.

Internal auditors may conduct a financial effectiveness engagement in a business unit at any point after being transferred from that area.

Internal auditors may conclude that a business unit's current control environment is adequate and effective if the review of the prior year's workpapers and audit report supports that conclusion.

Internal auditors may conduct an engagement in a business unit at any point after providing a training workshop in that area.

Internal auditors should limit the scope of an engagement if they become aware of a potential impairment of their objectivity in order to reduce the potential impact of the impairment on the engagement results.

Take no action, as there is no impairment to independence.

Remove the new internal auditor from the engagement team.

Discuss the matter with the appropriate personnel to alleviate concerns.

Closely supervise the new auditor and carefully review his work.

To achieve planned profitability for business expansion.

To enhance an organization's confidence in achieving strategy.

To strengthen corporate governance standards.

To eliminate business risks and uncertainties.

This situation does not necessitate any action related to the auditor's objectivity.

The auditor should decline to perform the audit because personal conflicts of interest are likely.

The auditor must disclose to the chief audit executive that this situation may impair her objectivity.

The auditor can provide only consulting services, not assurance.

Undertaking audit work in an area where internal auditors lack the necessary skills.

Establishing an internal audit activity without documented policies and procedures.

Assigning compliance responsibilities to the chief audit executive.

Concluding that an internal control is effective without first obtaining evidence

Recommend parties involved to be sanctioned in accordance with the organization's policy.

Determine whether any additional audit work needs to be performed.

Launch an investigation to obtain details of the fraud and parties involved.

Request that the responsible process owner remediate the issue immediately.

Sourcing of third parties does not follow public procurement law.

Violations of service conditions trigger either fines or termination.

Due diligence of third parties is conducted only after contract signing.

The right-to-audit clause is limited by personal data protection regulations.

The framework should not be developed by the internal audit activity

The framework should apply to individual projects rather than the organization as a whole

The framework should always be tailored to the organization

The framework should require fewer resources to implement

Soft controls should not be audited due to subjectivity issues.

There are no effective tools to use for audits of soft controls.

Traditional testing is less suitable for soft controls assessment.

Management input is the best source for assessment of soft controls.

Examining the internal control effectiveness of the marketing department

Assessing the adequacy of the IT system's business process design

Facilitating a self assessment of the organizations business risk and control identification

Reviewing the application controls in the human resources system

Employees in the data center must always wear identification badges

Operating system updates must be installed within 48 hours.

A two stage authentication process must be used to access customer information

System backup and recovery testing must be done monthly

Assign the engagement to a more senior internal auditor.

Decline the engagement request.

Allow the internal auditors to acquire the needed skills while performing the engagement.

Supervise the assigned internal auditors throughout the engagement.

The responsibility to maintain organizational independence.

The responsibility to perform engagements with due professional care.

The responsibility to communicate corrective action plans to the board.

The responsibility to define the purpose of the internal audit activity.

Increase the sample size to be tested, ensuring a thorough review of the payroll records.

Advise the chief audit executive of the clerk's assertion, despite the lack of supporting evidence.

Ask the clerk to provide a list of any suspicious new employee names on the payroll.

Investigate the matter further to understand precisely how many payroll records were affected.

The profitability impact of its products in developing markets.

The amount of political donations to local government races.

The number of complaints related to traffic from its new factory.

The compensation packages awarded to senior management.

Parties are confident of the solution and are ready to defend it.

There is a high level of trust among the parties.

Resolution is time sensitive and a quick decision is necessary.

The issue is more important to one patty than the others.

Develop preventive and detective controls

Identify potential fraud scenarios

Assess the impact and likelihood of fraud risks

Determine fraud risk responses

Auditors must have an IT specialty in at least one of their organization's key information technology systems.

Auditors must be proficient in data analysis and computer assisted audit techniques for their organization.

Auditors must understand their organization's integrated test facilities and generalized audit software.

Auditors must understand their organization's IT governance, risk, and control processes.

An employee receives a bonus for perfect attendance

During the past 18 months three chief financial officers have left the organization after having been promoted to the position

The organization does not perform any due diligence research on third party service providers

Three competitors are highly profitable but a fourth equal in size is approaching bankruptcy limits

Auditors shall observe the law and make disclosures expected by the law and the profession

Auditors shall disclose all material facts known to them that if not disclosed may distort the reporting of activities under review

Auditors shall engage only in those services for which they have the necessary knowledge skills and experience

Auditors shall be prudent in the use and protection of information acquired in the course of their duties

As internal control is part of risk management, the internal audit role in risk management implies reduced emphasis on internal control.

Internal audit can blur the distinction between the second and the third lines as long as value is added.

Internal audit cannot rely on other assurance providers when opining on the effectiveness of risk management.

Internal audit should be aligned with first- and second-line functions through effective communication, cooperation, and collaboration.

Coaching management in responding to risks.

Implementing risk responses on management's behalf.

Imposing risk management processes.

Setting the risk appetite.

The internal audit activity of a commercial bank routinely performs branch audits for compliance with regulations.

The internal audit activity participates in a cosourcing arrangement with an IT audit firm to test information systems security.

The internal audit activity facilitates biannual training of the risk management team in risk identification methodologies.

The internal audit activity partners with external auditors annually to complete fieldwork required as a part of the external audit exercise.

Stakeholders

The board

The chief executive officer

Internal auditors

Making sure employees are exempt from participating in control creation

Implementing controls without lengthy explanations of their purpose

Developing general constricting controls rather than detailed ones

Not using controls to achieve goals