IIA-CIA-Part2 Questions and Answers

Limited to the effectiveness of internal controls.

Expressed only when consensus with top management has been achieved.

Based on experience and free of all bias.

Based on sufficient factual evidence.

Stockout costs, including lost customers.

Seasonal variations in forecasting inventory demand.

Optimal order sizes determined by an economic order quantity model.

The potential for obsolescence of inventory items.

The department managed long-term investments, including investment in derivatives and other financial instruments, to maximize return.

The department manager sets a tone of honesty and integrity in all business dealings and this tone is emulated by department personnel.

Many department functions were duplicated or verified by other department employees as part of the department's normal procedures.

Audit tests designed to verify compliance with control procedures detected a general failure to follow standard procedures for transaction authorization.

Management’s response to an audit report is generally not a requirement.

Internal controls were found to be properly designed and operating effectively although operations are deemed inefficient.

There was insufficient time to obtain management’s response during the draft reporting process.

An internal audit report contains no observations.

Accept the request as the role of coordinating ERM is a core function of internal audit.

Decline the request as this role compromises the CAE's objectivity.

Accept the request after consulting with the board and adhering to proper safeguards.

Decline the request as internal audit has limited knowledge and experience of risk at the enterprise level to undertake the assignment.

1 only

2 only

3 only

2 and 3 only

Assessment of the IAA conducted independently of client feedback, and the review of individual audits to determine the quality and timeliness of supervision.

Assessment of the IAA conducted independently of client feedback, and identified areas of improvement reviewed at the end of the year.

Compliance with a checklist of required audit procedures, and review of individual audits to determine the quality and timeliness of supervision.

Compliance with a checklist of required audit procedures, and identified areas of improvement reviewed at the end of the year.

As compared to departments A and C, department B has a stronger control system to compensate for the greater complexity of the department's transactions and dollar value of its assets.

The internal audit activity should schedule audits of department B more often than audits of department C because of the relative control strength of department C as compared to department B.

The nature of department A's control structure may be justified by the nature of the department's assets and the complexity of its transactions.

The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.

The complexity of the mainframe data structure and the large volume of data.

The difficulty of establishing access privileges for each subset of the mainframe data.

Inconsistencies in the mainframe data due to lack of integrity constraints on the data files.

Error-prone transmission links for downloading the data from the mainframe data files.

The cost of audit involvement can be minimized.

There are clearly defined points at which to issue audit comments.

Redesign costs can be minimized.

The threat of lack of audit independence can be minimized.

A summary of the significant audit observations and recommendations.

An auditor's evaluation of the effects of the observations and recommendations on the activities reviewed.

A conclusion which must be included in the audit report.

A recommendation for corrective action.

Understand organizational strategy; perform a situational assessment; establish measurement categories; and take actions based upon measurement results.

Categorize performance measures; establish a data collection plan; analyze data; and predict future performance.

Establish a measurement plan; create an organizational strategy linked to those measurements; trend measurement data; and measure data variability.

Perform a situational assessment; generate macro measurements; review measurement data; and change strategy based upon measurement results.

A formal consulting engagement.

An informal consulting engagement.

A performance assurance engagement.

An operational assurance engagement.

Spontaneous agreement.

Consensus building.

Majority voting.

Compromise.

The steps being taken are resolving the condition disclosed by the finding.

Inherent risk has been eliminated as a result of resolution of the condition.

Controls have been implemented to deter or detect a recurrence of the finding.

Benefits have accrued to the entity as a result of resolving the condition.

I and III only

II and IV only

I, II, and III only

I, III, and IV only

Generated and maintained on a separate secure server.

Accessible by administrative users only

Encrypted to ensure that the logs cannot be deleted.

Restored automatically to the Web server from backup files.

Ignore the behavior and continue the workshop.

Allow them to continue briefly and then remind them of the ground rules.

Have the participants modify the ground rules.

Strictly enforce the ground rules.

Examine supporting documentation of subsequent (after-period) cash disbursements and verify period of liability.

Send confirmations, including zero-balance accounts, to vendors with whom the company normally does business.

Select a sample of accounts payable from the accounts payable list and verify the supporting receiving reports, purchase orders, and invoices.

Trace receiving reports issued before the period end to the related vendor invoices and accounts payable list.

The regulatory agency.

Plant management.

A plant health and safety officer.

The risk management function.

Attributes sampling.

Probability-proportional-to-size sampling.

Difference estimation sampling.

Discovery sampling.

Tell the employee a piece of information obtained from a coworker in a previous interview.

Put sensitive questions at the beginning of a questionnaire to ensure that they are answered.

Explain that the auditor's reputation for integrity, which is vital to the auditor's business success, would be seriously damaged if confidentiality were breached.

Point out that management has given the auditor full authority to conduct this interview.

Permit the extent of documentation to vary according to engagement objectives.

Require supervisors to initial and date each workpaper that they review.

Allow access to workpapers by external parties if approved by senior management or the audit committee.

Mandate the workpaper retention period.

Issue an exception report.

Pay the amount billed and adjust the inventory account for the difference.

Return the invoice to the vendor for correction.

Authorize payment of the full invoice, but maintain an open purchase order record for the missing goods.

Develop a cost-per-product analysis for products developed over the past five years.

Develop a report on revenue generated by or cost savings directly attributable to newly developed products.

Compare research as a percentage of revenue between this company and all major competitors in the same industry.

Compare the number of this year's new product developments to the number of new product developments for the past five years.

I and III only

II and IV only

I, II, and IV only

I, II, III, and IV.

Use of audit verification symbols to show that each file was examined.

Removal of the employee names to protect their confidentiality.

Justification for the sample size.

Listing of the actual documents examined for each employee.

An internal auditor, who has recently joined the organization, has accepted an assignment to audit the electronics manufacturing division. The auditor previously served as senior auditor for the external audit of that division and has audited many electronics companies during the past two years.

An internal auditor has accepted an assignment to audit the warehousing function six months from now. The auditor has no expertise in that area but has signed up for courses in warehousing that will be completed before the assignment begins.

An internal auditor has no ambitions for promotion and has not engaged in training or other professional development activities during the last three years. The auditor's performance assessments indicate consistent quality of work.

An internal auditor discovered an internal financial fraud during the year, and the financial statements were adjusted to properly reflect the loss associated with the fraud. The auditor discussed the fraud with the external auditor during the external auditor's review of the working papers detailing the incident.

Prepare a response to the client.

Take mental notes on the speaker's nonverbal communication, as it is more important than what is being said.

Make sure that all details, as well as the main ideas of the client, are remembered.

Integrate the incoming information from the client with information that is already known.

Confirm accounts receivable.

Confirm accounts payable.

Review the endorsements and banks of deposit on customers' canceled checks.

Flowchart and analyze key controls in the cash receipts process.

Contingent facility contract analysis.

System backup analysis.

Vendor supply agreement analysis.

Risk analysis.

Initiate a follow-up audit to ensure that action has really been taken.

Follow-up with management until a written response is obtained.

Escalate the issue to the board and get their position on the issue.

Note in the permanent file that follow-up needs to be performed as part of the next engagement.

Value analysis.

Attribute listing.

Brainstorming.

Component analysis.

V, II, IV, I, III.

IV, II, I, III, V.

I, III, IV, II, V.

III, IV, II, V, I.

An assistant treasurer who refuses to take vacations.

Independent reconciliations of subsidiary to general ledgers that are not always completed on a timely basis.

A condition of excess manufacturing waste material.

A manager who is often over budget at the end of a reporting period.

The number of items selected for testing is inadequate to justify the conclusion.

The shipping department is effective in meeting its responsibilities.

This conclusion would negate any need to perform tests of efficiency.

None of the above.

Verify that regulatory reviews occur with adequate frequency.

Provide follow-up to determine if the regulator's findings are appropriately resolved by management.

Prepare documentation for the regulator.

Document the responses to the regulator's findings.

Identify variances between amounts capitalized each month and the capital budget.

Analyze a sample of capital transactions each quarter to detect instances in which installed material was transferred to inventory.

Review all journal entries that transferred costs from capital to inventory accounts.

Compare inventory receipts with debits to the inventory account and investigate discrepancies.

Determine the effects of a stock-out on the organization's profitability.

Determine whether a clear policy exists for setting inventory limits.

Determine who approved the purchase orders for the spare parts.

Determine whether purchases were properly recorded.

An auditor's determination of the cause of an engagement observation.

An auditor's professional judgment of the situation which was reviewed.

An opinion that must be included in the engagement final communication.

A recommendation for corrective action.

Benchmarking.

Baseline measurements.

Walk-throughs.

Quality circles.

Substantiating audit observations.

Promoting the internal audit activity.

Improving future audit engagements.

Validating process flow.

Statements are supported and can be authenticated.

Recommendations for corrective action are clear.

Processes within the audited area were reviewed.

Sample sizes appear appropriate for any issues found.

Monetary damage to the victim.

The suspect's intent.

Existence of an internal control deficiency.

Evidence of collusion.

Compare the percentage of automobiles receiving discounts this year to that of last year.

Ask managers whether they are aware of the discount criteria and whether they are providing the discount to all qualifying automobiles.

Select a sample of automobiles that are not receiving the discount and determine if they have been properly excluded.

Select a sample of automobiles receiving the discount and determine that the required discount criteria are being met.

Determining if controls are effective.

Preparing the engagement work program.

Identifying the current controls.

Completing a detailed test of controls.

Verify the period of liability of subsequent cash disbursements using related supporting documentation.

Send confirmations, including zero-balance accounts, to vendors with whom the manufacturer normally does business.

Trace receiving reports issued before the period end to the accounts payable list and vendor invoices.

Verify a sample of accounts payable by using related invoices, receiving reports, and purchase orders.

1 and 2 only

1 and 3 only

1, 3, and 4 only

2, 3, and 4 only

Compare the planned outputs with the actual outputs.

Ascertain the costs of materials purchased.

Evaluate the plant's ability to meet production quotas.

Review the levels of scrap and rework.

As soon as possible, no later than two months after the audit

When convenient for both parties

When management has indicated that the issue has been resolved

Before financial year end

Valid closure requires evidence that ensures the corrected process will function as expected in the future

Valid closure requires the client lo address not only the condition, but also the cause of the condition

Valid closure of an observation ensures it will be included in the final engagement report

Valid closure requires assurance from management that the original problem will not recur in the future

Informal, soft controls are omitted, and greater focus is placed on hard controls.

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

Internal auditors become involved in and knowledgeable about the self-assessment process.

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

The internal audit risk assessment and audit plan for the next fiscal year.

The internal audit budget and resource plan for the coming fiscal year.

A request for an increase of the CAE's salary for the next fiscal year.

The evaluation and compensation of the internal audit team.

Conduct a joint brainstorming session with management.

Ask the chief audit executive to mediate.

Disclose the client's differing opinion in the final report.

Escalate the issue to senior management for a decision.

Compare purchase orders generated from test data input into the LAN with purchase orders generated from production data for the most recent period

Develop a report of excess inventory and compare the inventory with current production volume

Compare the pans needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

The need and availability of automated support.

The potential impact of key risks.

The expected outcomes and deliverables.

The operational and geographic boundaries.

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

Reassign information systems auditors to assist in implementing management's action plan.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

The organization and the format of workpapers is the same for all engagements

The extent of what is included in workpapers is a matter of professional judgment

Workpapers should be complete so that every conceivable question that can be raised should be answered

Copies of operational managements records should not be included, but referenced so that they can be located

Cost.

Independence.

Familiarity.

Flexibility.

To gain access to a wider variety of skills, competencies and best practices.

To complement existing expertise with a required skill and competency for a particular audit engagement.

To focus on and strengthen core audit competencies.

To provide the organization with appropriate contingency planning for the internal audit function.

Entity-level controls

Application controls

General controls.

Transaction controls

Assert whether the described and reported control processes and systems exist.

Assess whether senior management adequately supports and promotes the internal control culture described in the report.

Evaluate the completeness of the report and management's responses to identified deficiencies.

Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.

An assurance map is used by the chief audit executive to coordinate assurance activities with other internal and external assurance providers

An assurance map is a picture of all assurance engagements performed by the internal audit activity across the organization

An assurance map is used by the engagement supervisor to coordinate the roles of various internal audit team members assigned to assurance engagements

An assurance map lists the procedures and testing activities performed by an internal audit team during an assurance engagement

Acts that may endanger the health or safety of individuals.

Acts that favor one party to the detriment of another.

Acts that damage or have an adverse effect on the environment.

Acts that conceal inappropriate activities in the organization.

Advance notice may result in management making corrections to reduce the number of potential deficiencies.

Previous management action plans addressing prior internal audit recommendations remain incomplete.

The engagement includes audit assurance procedures such as sensitive or restricted asset verifications.

The audit engagement has already been communicated and approved through the annual audit plan.

Document in the engagement workpapers the rationale for changing the scope.

Confirm that the scope change would align to the organization's objectives and goals

Confirm that the internal audit activity continues to have the necessary knowledge and skills

Seek approval from the chief audit executive for the proposed scope change

The effect on the organization's reputation

Any potential damage to the organization's relationship with customers.

Past fraud allegations and actual occurrences

The potential and realized financial impacts

Purchasing staff.

Purchasing manager.

Director of finance.

Audit committee.

Analyze the provision for sales allowances.

Analyze the percentage of scrap incurred during production.

Research the rationale for customer returns.

Evaluate the volume and characteristics of products rejected during processing.

Due to management changes, the IAA is advised by management that no further work will be done. Further follow-up work is not required as management has accepted the related risk.

A newly appointed auditor immediately proceeds to conduct follow-up testing based on previous work performed for the engagement and then reports the results to the chief audit executive (CAE).

Management has stopped implementing several key recommendations citing a growing disagreement with their effectiveness. The auditor communicates the situation to the CAE who then escalates the matter to senior management.

In situations where the identified risk may have a significant impact to the business and senior management has accepted the risk, it is not necessary for the CAE to inform the board of the decision.

Eliminate risk and reduce the potential for loss.

Mitigate risk and eliminate the potential for loss.

Mitigate risk and reduce the potential for loss.

Eliminate risk and eliminate potential for loss.

Performing a surprise audit.

Maintaining a whistleblower hotline.

Implementing control self-assessment.

Performing background checks on employees.

Take no action, because all the items were within the expiration date requirement, and no corrective action is needed.

Permit production staff the access to files where the certificates of conformity are kept, so they can choose the items with the closest expiration date.

Determine the cost of inventory for the items that have a shelf life and apply a new policy regarding inventory levels to be maintained (i.e., minimums, maximums, reorder points etc.).

Add to the product label a "use by date" line, enter the expiration at the time of receipt, and perform periodic inventory checks.

With management's agreement, amend the scope of the audit to ensure that areas examined do not require specialized knowledge and expertise.

Meet with management to explain that the audit cannot be undertaken and discuss alternative strategies that can be implemented until internal audit can develop its capability in the area.

Accept the request provided management has conducted a thorough risk assessment prior to the engagement to help guide the audit.

Advise management that compliance audits of this type should only be conducted by the corresponding regulatory agency to ensure independence.

1 and 3 only

2 and 3 only

1, 2, and 3 only

2, 3, and 4 only

The CAE action is not acceptable, as a follow-up audit is needed to ensure that action is really taken by management.

The CAE action is not acceptable, as follow-up on the issue is critical until a written response is obtained from management.

The CAE action is acceptable as long as the follow-up is sufficient when weighed against the relative importance of the recommendation.

The CAE action is acceptable as long as the issue has been escalated to the board to get their position on the issue.

1, 2, and 3 only

1, 2, and 4 only

1, 3, and 4 only

2, 3, and 4 only

The CAE's responsibility is not impaired by engaging an external expert.

The external expert could have a prior relationship with the audit client.

The audit report should not disclose the use of contracted services.

The expert should be directed by the objectives and scope of work.

The audit committee should get assurance on the adequacy and effectiveness of the risk management process from the CRO.

The chief audit executive has the mandate to conduct risk assessments and give assurance to the audit committee.

The audit committee, on behalf of the board, has overall responsibility for the risk management process in the organization.

Senior management is accountable to the board for monitoring the system of internal controls.

1 and 4 only

2 and 3 only

1, 3, and 4 only

3 and 4 only

Delphi technique.

Assurance map.

Facilitated workshop.

Analytical reviews.

A personal computer was purchased from a non-approved vendor.

Company policy limits card use to $500 per transaction.

A control to detect split purchases has not been activated in the credit card system.

Sample testing found 10% non-compliance with the organization's business travel policy.

The process should be determined in meetings with the external auditor and senior management to ensure alignment with external reporting.

The CAE should meet with senior management for their input, but finalize the distribution of all reports with the board.

The CAE should independently implement the report distribution, using best judgment to ensure that all relevant stakeholders are informed.

The CAE should request that senior management and the board meet to determine the most appropriate reporting method.

The objectives of the audit should be set.

The organization's management should be informed about the work to be performed.

Attention should be devoted toward the key audit areas.

The timing of the audit should be set.

Ensuring that the internal audit activity meets the external auditor's expectations.

Ensuring that the internal audit activity has an audit charter approved by the board of directors.

Complying with specific standards for the professional practice of internal auditing.

Ensuring the adequacy of the goals, mission and vision of the internal audit activity.