IIA IIA-CIA-Part1 Essentials of Internal Auditing Exam Practice Test

Confidentiality.

Transparency.

Integrity.

Objectivity.

Risks related to employee turnover.

Risks related to data manipulation.

Risks related to employee competency.

Risks related to not achieving sales targets.

The organizational culture rewards critical and objective thinking.

The quality of work performed by the internal audit activity is periodically reviewed,

The organization establishes effective governing body oversight,

Audit assignments are rotated among internal audit staff

Entity-level

Activity-level

Transaction-level

Process-level

Disregard the complaints because the information isn't reliable and isn't sufficient to support engagement conclusions and results.

Consider the significance of the risks related to the complaints and develop appropriate assurance procedures in work programs.

Disregard the complaints because using them would violate the confidentiality principle.

Discuss management's needs and expectations related to including the complaints in the audit scope.

Risk mitigation

Risk avoidance

Risk reduction

Risk transfer

It is best if the mentor is the chief audit executive.

Mentor meeting documentation should be retained in personnel files.

It should target both new hires and highly experienced staff.

Meetings with mentors should be formal and scheduled.

Communicating to internal audit staff instructions for completing engagements within shorter time periods.

Requesting additional funding from the board to train internal audit staff on time and resource management.

Implementing the use of agile auditing during engagements to meet expectations.

Encouraging internal audit staff to participate in workshops to further develop their understanding of the organization's strategies.

An auditor attempts to obtain information needed to complete an assurance engagement but is denied access.

The appointment of the chief audit executive is ratified by the board.

An auditor demonstrates a good understanding of the steps involved in carrying out a consulting engagement.

The internal audit resource plan is only approved by the chief financial officer.

Ask internal auditors to gather all relevant information and evidence.

Identify and interview witnesses first and potential suspects later.

Conduct a fraud risk assessment to identify the most vulnerable areas.

Determine the competencies needed and assess whether team members have a conflict of Interest.

Auditors must have an IT specialty in at least one of their organization's key information technology systems.

Auditors must be proficient in data analysis and computer assisted audit techniques for their organization.

Auditors must understand their organization's integrated test facilities and generalized audit software.

Auditors must understand their organization's IT governance, risk, and control processes.

ISO 26000.

Global Reporting Initiative.

Open Compliance and Ethics Group.

COSO’s enterprise risk management framework

Implement a uniform professional development plan for the internal audit activity.

Create a formal development agreement with each individual staff auditor.

Require each internal auditor to obtain the same professional certifications.

Require training and developmental activities that are sponsored by The HA.

Due professional care

Individual objectivity

Proficiency

Internal assessment

One of the organization's senior internal auditors owns a side business, though to date, no sales have been made to this business.

The annual internal audit plan includes performance audits of main business processes, but reviews of high-risk development projects were not considered.

The internal audit activity committed to carrying out an audit of documentation on investment hedging, and a hedging expert was contracted to assist with the engagement.

A periodic quality self-assessment of the internal audit activity identified a number of improvement areas with regard to key performance indicators.

The chief audit executive (CAE) should report all stages of the OAlP's development and key milestones.

The CAE should report only corrective action plans that meet external assessor or stakeholder requirements.

The CAE should establish the form and content of program communication so that it is in alignment with the internal audit activity charter.

The CAE should disclose program details only after both internal and external assessments have been completed.

Outsource the engagement to an external audit firm that has appropriate skills.

Recruit a lawyer with knowledge of the legislation to the audit team and ask the new auditor to perform the engagement.

Decline to perform the engagement, as the internal audit activity does not have the appropriate skill set.

Carry out the engagement using existing internal audit staff to help them gain the appropriate experience.

Percentage of highly significant risks covered by internal audit plan.

Percentage of previously unknown risks identified per engagement.

Percentage of internal audit staff skilled in alignment with the organization's structure and key risks.

Percentage of observations made in assurance engagements compared to advisory engagements.

Reduction.

Avoidance.

Sharing.

Acceptance.

Report the impairment to senior management

Discuss the impairment with the audit manager

Ascertain the best approach to disclose the impairment.

Decide on the extent of impact of the impairment

General IT control.

Processing control.

Input control

Integrity control

Recommend parties involved to be sanctioned in accordance with the organization's policy.

Determine whether any additional audit work needs to be performed.

Launch an investigation to obtain details of the fraud and parties involved.

Request that the responsible process owner remediate the issue immediately.

Reviewing the number of anonymous hotline allegations against employee complaints.

Surveying employees to determine whether they are aware of the hotline.

Benchmarking the average time to investigate hotline complaints.

Tracking the number of hotline allegations per total number of employees.

Support of good governance and controls.

Enhancement of organizational value.

Protection of tangible and intangible assets.

Provision of professional advisory and assurance services.

Postpone the audit engagement to a later date.

Recruit and hire a full-time staff auditor who is proficient in data backup processes.

Change the plan from an assurance engagement to a consulting engagement.

Provide data backup training to the engagement supervisor.

Maturity model approach

Process element approach

Key principles approach

Key performance indicators approach.

A plan to study for and obtain a certification in nonprofit management.

A deadline within the individual development plan to meet the overall engagement objectives.

A plan to perform a variety of engagements to develop general skills that could be used to assess environmental, social, and governance initiatives.

A request to attend the organization's committee meeting that is focused on strategic community awareness.

Internal auditors have shown they have the freedom to carry out their responsibilities.

Internal auditors have demonstrated the skills needed to carry out the audit engagement.

Internal auditors have strictly followed a formal audit process in conducting their work.

Internal auditors have demonstrated an unbiased mental attitude.

Risk management ensures the ability to eliminate potential hazards to the organization.

Risk management includes consideration of potential opportunities for the organization.

Risk management aids with the establishment of appropriate key performance indicators.

Risk management increases employees' commitment and belief in strategic goals.

Ensuring regular documentation of auditor skills and experience in the workpapers.

Basing performance evaluations heavily on customer satisfaction surveys.

Prohibiting auditors from accepting gifts from audit clients or potential clients.

Ensuring that auditors have a balance of both operational and internal audit responsibilities.

The chief audit executive (CAE) may consider including a disclaimer on independence in audit reports.

The CAE may consider greater involvement of those with suitable knowledge of audit practice.

Conformance with this Standard is not dependent upon the size of the internal audit activity.

Due to the small size of the internal audit activity, having an external assessment once every seven years is acceptable.

The nature of services provided are defined in the internal audit charter.

Internal auditors must maintain objectivity while performing their work.

The objectives and scope of the engagement typically are directed by management.

Internal auditors may assume management responsibilities.

The CAE seeks senior management approval of the internal audit charter

The CAE obtains senior management's approval to hire staff

The CAE reports significant issues to the organization's CEO

The CAE provides the board with an annual budget for approval

The internal audit activity is responsible for the company's risk management function, and its head manager reports to the chief audit executive.

A senior member of the internal audit activity once worked in the corporate finance department.

The organization’s CEO reviews the internal audit activity’s annual budget per the organization’s policies and procedures.

The internal audit activity often uses management's risk profile to build its own risk profile for annual planning.