March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

IIA IIA-CRMA Certification in Risk Management Assurance (CRMA) Exam Exam Practice Test

Demo: 42 questions
Total 283 questions

Certification in Risk Management Assurance (CRMA) Exam Questions and Answers

Question 1

According to IIA guidance, which of the following statements is false regarding continuing professional education for the internal audit activity (IAA)?

Options:

A.

Continuing professional education can be obtained through IAA involvement in research projects.

B.

Employers are responsible for ensuring that the continuing professional education needs of the IAA are met.

C.

Completion of self-study courses fulfills IAA continuing professional education requirements.

D.

Specialized education that meets unique organizational needs cannot qualify as IAA professional development.

Question 2

Which of the following audit procedures would provide the most relevant information to identify discrepancies between budgeted versus actual raw material consumption in a production facility?

Options:

A.

Analytical review.

B.

Inquiry.

C.

Document verification.

D.

Observation.

Question 3

Which of the following is a second line of defense in effective risk management and control?

Options:

A.

Purchasing department.

B.

Compliance department.

C.

Credit department.

D.

Internal audit department.

Question 4

The last quality assessment of the internal audit activity identified three areas for improvement: the achievement of audit engagement objectives, quality of work, and staff development. According to IIA guidance, which of the following should be the chief audit executive's primary focus to achieve these recommended improvements?

Options:

A.

Demonstrated compliance with procedures.

B.

Due professional care.

C.

Engagement supervision.

D.

Employment of tools and techniques.

Question 5

According to IIA guidance, which of the following statements is true?

Options:

A.

Risks in IT processes are best mitigated by individual controls.

B.

The overall focus of the framework is on significant controls in all critical IT applications.

C.

IT risks and related controls are operational and best identified using a bottom-up approach.

D.

Control process risks are found at multiple layers of the IT environment.

Question 6

A chief audit executive (CAE) of an international charity reports functionally to the audit committee of the board of directors and administratively to the charity's chief financial officer (CFO).

Which of the following would impair the internal audit function's independence?

Options:

A.

The CFO determines the scope of internal audit work in the accounting department.

B.

The CFO manages the accounting of the budget for the internal audit function.

C.

The CFO administers the annual evaluation process for the internal auditors.

D.

The CFO provides feedback on the CAE's audit reports.

Question 7

During an engagement, an internal auditor decided to use variance analysis as an auditing techniques. Which of the following steps should the auditor pursue if he discovers unexpected deviations of actual results from budget?

Options:

A.

Report the deviations immediately to the audit committee.

B.

Gather additional information to determine the cause of the deviations.

C.

Conclude that the budget was unreasonably set and accept the deviations.

D.

Perform alternative forms of analytical procedures which provide no deviations.

Question 8

Which of the following is not an appropriate activity for internal auditors to perform?

Options:

A.

Recommend management seek a consulting firm to advise on outsourcing.

B.

Highlight matters that require management's attention.

C.

Implement solutions for specific organizational problems.

D.

Accumulate data, obtain varying views, and report information to senior management.

Question 9

Which of the following activities best reflects the scope and status of the internal audit activity as defined in the internal audit policy statement?

Options:

A.

The internal auditor reviews the physical access to merchandise during an inventory count.

B.

The audit manager conducts an internal quality assessment of the internal audit activity’s adherence to the Standards.

C.

The audit manager refrains from assigning an auditor who was a former payroll clerk to conduct a payroll audit.

D.

The board approves the annual performance evaluation of the chief audit executive.

Question 10

What is the primary purpose of a fishbone diagram?

Options:

A.

To depict the areas of responsibility for departments in an organization.

B.

To plan and control complex projects, such as internal audits.

C.

To represent the frequencies of adverse conditions in a given process.

D.

To identify the possible causes of adverse conditions.

Question 11

Which of the following decisions made during the testing phase of a compliance audit requires the most judgment by an internal auditor?

Options:

A.

Which sampling methodology to select for testing.

B.

Which fields to examine on each invoice.

C.

Whether an individual expenditure is allowable.

D.

What level of noncompliance is acceptable.

Question 12

Which type of objectives can best be described as broad goals that promote the effective and efficient use of resources?

Options:

A.

Strategic objectives.

B.

Operational objectives.

C.

Reporting objectives.

D.

Compliance objectives.

Question 13

Which of the following techniques would best assist an internal auditor in evaluating the efficiency of a wholesale grocery distributor`s process to fill and package orders for shipping?

Options:

A.

A Bedford analysis of orders filled to average delivery times.

B.

Decision trees rating actual performance against requirements.

C.

Queuing theory to assess potential bottlenecks in the process.

D.

A program evaluation and review technique chart.

Question 14

A government agency's policy states that board members' travel and hospitality expenses must be audited annually. Which of following people or groups is most appropriate to perform this audit?

Options:

A.

The government's independent auditor.

B.

The external auditors from an accounting firm.

C.

The internal audit activity.

D.

The agency's chief compliance officer.

Question 15

According to the Standards, for how long should internal auditors who have previously performed or had management responsibility for an operation wait to become involved in future internal audit activity with that same operation?

Options:

A.

Three months.

B.

Six months.

C.

One year.

D.

Two years.

Question 16

Which of the following would be considered a preventive control?

Options:

A.

A library control log.

B.

A review of exception reports.

C.

A password lock on a server.

D.

A software scan of financial records for irregularities.

Question 17

When conducting an interview, an internal auditor is most likely to ask open-ended questions in order to:

Options:

A.

Obtain specific answers and maximize efficiency.

B.

Gather factual data on several different topics.

C.

Determine agreement or disagreement with a stated viewpoint.

D.

Obtain information based on the person's own perspective.

Question 18

While reviewing first quarter sales transactions, an internal auditor discovered that 10 invoices for a new customer had not been posted into the accounts receivable subsidiary ledger. Those 10 invoices were listed in an error report automatically generated by the sales processing system. The system had rejected the invoices because the customer's account number was not found in the customer master file. In this scenario, which of the following controls was lacking?

Options:

A.

Corrective control.

B.

Preventive control.

C.

Detective control.

D.

Directive control.

Question 19

An internal auditor is reviewing employee travel data to identify opportunities to cut costs while ensuring adequate participation at conferences to support the organization's mission. Which of the following pieces of evidence would be sufficient for completing this task?

Options:

A.

A log from the last year that includes dates of travel, conference titles, and conference objectives, all of which correspond with employee names and costs per trip.

B.

A log that includes titles of conferences that all employees were invited to attend in the last year, along with the dates of those conferences and average costs per traveler.

C.

A log of conferences titles, dates of travel for each employee, and a detailed summary of conference objectives and how they relate to the organization's mission needs.

D.

A log of employee travel requests, which include the title of each conference, the conference objectives, anticipated dates of travel, and estimated costs.

Question 20

Which the following activities should be performed by the internal audit activity to facilitate an effective relationship with the audit committee?

1. Periodically report about the accounting standards followed by the organization.

2. Provide assurance to the audit committee that its charter, activities, and processes are appropriate.

3. Ensure that the role and activities of the internal audit activity are clearly understood and responsive to the needs of the audit committee.

4. Maintain open and effective communications with the audit committee.

Options:

A.

1 and 2 only

B.

3 and 4 only

C.

1, 3, and 4 only

D.

2, 3, and 4 only

Question 21

According to IIA guidance, which of the following objectives of an assurance engagement for the organization's risk management process is valid?

Options:

A.

All risks have been identified and mitigated.

B.

Risks have been accurately analyzed and evaluated.

C.

All controls are both adequate and efficient.

D.

The board is appropriately addressing intolerable risks.

Question 22

An internal auditor needs to recommend a policy element to be included in an organization's code of ethics. Which of the following recommendations would be most effective?

Options:

A.

Ethics should vary with local customs in the organization's foreign operations.

B.

Whistleblowing should be discouraged because it can cause distrust among employees.

C.

Ethical behavior should be incorporated into performance evaluations.

D.

Senior management should be granted specific exemptions to the code of ethics.

Question 23

According to IIA guidance, which of the following statements describes one of the similarities between assurance and consulting services?

Options:

A.

When planning assurance and consulting engagements, internal auditors must consider the strategies and objectives of the activity being reviewed.

B.

Internal auditors determine the engagement objectives, scope, and work program for both assurance and consulting services.

C.

Internal auditors must not provide assurance or consulting services for an activity for which they had responsibility within the previous year.

D.

Both assurance and consulting services generally involve the internal auditor, the area under review, senior management, and the board.

Question 24

An internal auditor uses a predefined macro provided in a popular spreadsheet application to verify the present value of the organization's investments. Which of the following is the most appropriate course of action regarding the auditor's use of this functionality?

Options:

A.

The auditor should accept the calculations generated by the function, as any further work or documentation would be inefficient.

B.

The auditor should perform a manual recalculation of several results to validate and document the results.

C.

The auditor should review the programming of the macro before its use to ensure that it is appropriate for the required calculations.

D.

The auditor should tabulate the results in the spreadsheet to ensure the macro has generated the correct results for all calculations.

Question 25

The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement?

Options:

A.

The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.

B.

The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.

C.

The assigned internal auditor must not assume management responsibilities while performing the engagement.

D.

The assigned internal auditor must maintain objectivity while performing the engagement.

Question 26

Which of the following is an example of a directive control?

Options:

A.

Segregation of duties.

B.

Exception reports.

C.

Incentive compensation plans.

D.

Automated reconciliations.

Question 27

An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank's IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?

Options:

A.

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

B.

Not allow the audit manager to hire the contractor, as it would be a conflict of interest.

C.

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

D.

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

Question 28

When developing the organization's first risk universe, which of the following would the chief audit executive be least likely to consider?

Options:

A.

The amount of risk that an organization is willing to seek or accept.

B.

The extent and degree of interdependency for identified key risks.

C.

The boundaries established to manage the amount of risk taken.

D.

The exposure to risks following management's risk responses.

Question 29

If appropriate safeguards exist, which of the following is considered a legitimate internal audit role within risk management at an organization?

Options:

A.

Imposing risk management processes.

B.

Providing consolidated reporting on risks.

C.

Taking accountability for risk management.

D.

Making decisions on risk responses.

Question 30

An internal auditor is performing analytical reviews as part of an audit of a supermarket's merchandising department. Because the economy has declined since midyear, the auditor can expect to encounter which of the following?

Options:

A.

Higher inventory turnover.

B.

Higher operating margin.

C.

Lower obsolete stock disposal.

D.

Lower sales volume.

Question 31

Which of the following activities should the chief audit executive perform to ensure compliance with an organization's code of conduct?

Options:

A.

Act as an adviser to the committee responsible for reviewing violations of the code.

B.

Review and adjudicate all violations of the code of conduct.

C.

Lead the committee responsible for the oversight of the code.

D.

Implement a system of procedures to inform all employees of the code.

Question 32

Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook. Which of the following handbook policies has the greatest risk of compromising audit objectivity?

Options:

A.

Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related.

B.

Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization's operations.

C.

Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board.

D.

Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer.

Question 33

According to IIA guidance, which of the following external groups is most likely to represent a liability risk, based on activities associated with the organization's corporate social responsibility program?

Options:

A.

Consumers.

B.

Activists.

C.

Suppliers.

D.

Investors.

Question 34

Which segregation of duties would best reduce the risk of payroll fraud?

Options:

A.

Human resources personnel add employees, and payroll personnel process hours and enter employee bank account numbers. Paychecks are automatically deposited in the employee's bank account.

B.

Human resources personnel add employees, payroll personnel process hours, and human resources personnel deliver paychecks to employees.

C.

Human resources personnel add employees, review and submit payroll hours to the payroll department for processing, and deliver paychecks to employees.

D.

Human resources personnel add employees and enter employee bank information. Payroll personnel process hours, and paychecks are automatically deposited in the employee's bank account.

Question 35

Which of the following are core responsibilities to be included in the internal audit charter?

1. Review reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.

2. Determine the adequacy and effectiveness of the organization’s systems of internal accounting and operating controls.

3. Participate in the planning and performance of audits of potential acquisitions with the organization's outside accountants and other members of the corporate staff.

4. Report to those members of management who should be informed of results of audit examinations, the audit opinions formed, and the recommendations made.

Options:

A.

1 and 2.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Question 36

Which of the following types of social responsibilities is voluntary and guided purely by the organization's desire to make social contributions?

Options:

A.

The bottom of the pyramid responsibility.

B.

Innovative responsibility.

C.

Ethical responsibility.

D.

Discretionary responsibility.

Question 37

According to IIA guidance, which of the following must the internal auditor consider to meet the requirements for due professional care?

Options:

A.

The training courses necessary to enhance the internal auditor's knowledge, skills, and other competencies.

B.

The appropriateness of assurance procedures necessary to ensure all significant risks will be identified.

C.

The use of innovative technology and data analysis techniques.

D.

The extent of work needed to achieve the engagement’s objectives.

Question 38

In which of the following functions would fraud be most likely to occur?

Options:

A.

Maintaining custody of inventory records.

B.

Collecting payments on accounts.

C.

Approving changes to employee records.

D.

Preparing customer statements.

Question 39

Which of the following would be the most important consideration by the internal audit activity when selecting employees to perform an internal quality assessment?

Options:

A.

Their understanding of auditing standards.

B.

Previous experience working with the internal audit activity.

C.

Their reporting line within the organization.

D.

The nature of their regular duties and responsibilities.

Question 40

An internal audit charter, approved by the board, restricts the internal audit activity to providing assurance only on the reliability of financial information and the effectiveness of internal accounting controls. Which of the following statements is true regarding the extent to which the external auditor may rely on the internal audit activity's work?

Options:

A.

The external auditor may make full use of the work, as the audit charter is very specific as to the work the internal audit activity may undertake.

B.

The external auditor may use the work, as the board has approved the charter, thus taking responsibility for any deficiencies.

C.

The external auditor must disregard the work, as the scope of the charter may introduce bias and result in a lack of due professional care.

D.

The external auditor may use the work with caution, due to the internal audit activity's scope and responsibility restrictions.

Question 41

A chief audit executive (CAE) is selecting an internal audit team to perform an audit engagement that requires a high level of knowledge in the areas of finance, investment portfolio management, and taxation. If neither the CAE nor the existing internal audit staff possess the required knowledge, which of the following actions should the CAE take?

Options:

A.

Postpone the audit until the CAE hires internal audit staff with the required knowledge.

B.

Ask the audit committee to decide the course of action.

C.

Select the most experienced auditors in the department to perform the engagement.

D.

Hire consultants who possess the required knowledge to perform the engagement.

Question 42

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently. Which common characteristics of fraud will the practice and policy most likely reduce?

Options:

A.

Pressure or incentive.

B.

Opportunity.

C.

Rationalization.

D.

Commitment.

Demo: 42 questions
Total 283 questions