Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free IIA IIA-CIA-Part2 Practice Exam with Questions & Answers | Set: 14

Questions 196

Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?

Options:
A.

The person responsible for performing the task

B.

Two or more people that work in the area

C.

The supervisor in charge of the process

D.

The manager that wrote the steps to be followed

IIA IIA-CIA-Part2 Premium Access
Questions 197

According to IIA guidance, which of the following is based on the results of a preliminary assessment of risks relevant to the area under review?

Options:
A.

Audit findings

B.

Audit resources

C.

Audit objectives

D.

Audit plan

Questions 198

Which of the following best describes the internal audit activity ' s responsibility within a risk and control framework?

Options:
A.

The internal audit activity constitutes the first line of defense in effective risk management.

B.

The internal audit activity provides direction regarding internal controls implementation.

C.

The internal audit activity verifies that management has met its responsibility for implementing effective controls.

D.

The internal audit activity implements the internal control framework and advises management regarding best practices

Questions 199

The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?

Options:
A.

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Questions 200

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended. However, during a follow-up engagement, the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

Options:
A.

Inform senior management that the branch manager decided to cancel the committed action plan without any previous communication.

B.

Discuss the issue with the board, which has ultimate responsibility to resolve this risk.

C.

Have another discussion with the branch manager, attempt to change his view, and encourage him to implement the recommendations.

D.

Document the branch manager’s decision to accept the risk; otherwise, no other specific course of action is required.

Questions 201

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management ' s compliance with privacy laws for safeguarding customer information stored on the organization ' s servers. Which course of action is appropriate for this phase of the engagement?

Options:
A.

Solicit the services of a specialist information systems auditor

B.

Obtain the most current approved copies of the organization ' s privacy policy

C.

Consult with legal counsel about new privacy laws to establish appropriate criteria

D.

Consider the detection risk of noncompliance with the laws

Questions 202

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

Options:
A.

Determine process outputs.

B.

Determine process inputs.

C.

Determine process activities.

D.

Determine process goals.

Questions 203

An accounts payable clerk has recently transferred into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible Which of the following is the best action for the new internal auditor to take?

Options:
A.

If it is an assurance engagement, accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

B.

If it is a consulting engagement, decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible.

C.

if it is a consulting engagement, accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

D.

If it is an assurance engagement, accept the assignment because the chief audit executive had knowledge of the internal auditor ' s previous role when this engagement was assigned.

Questions 204

An internal audit intends to create a risk and control matrix to better understand the organization ' s complex manufacturing process. With which of the following approaches would the auditor most likely start?

Options:
A.

Assess management responses to key risk exposures

B.

Analyze the costs and benefits of key controls

C.

Evaluate the design adequacy of known controls

D.

Conduct a walk-through of all related activates

Questions 205

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Options:
A.

Report follow-up activities to senior management.

B.

Implement follow-up procedures to evaluate residual risk.

C.

Determine the costs of implementing the recommendations.

D.

Evaluate the extent of improvements.

Questions 206

An internal auditor is conducting an assurance engagement in the procurement area. The auditor follows a checklist of tasks prepared for the engagement. During the process, the auditor notices some deviations from the procurement procedure requirements. However, these deviations are not directly linked to and do not prevent the auditor from completing the checklist tasks. So, the auditor does not investigate these deviations further. Which checklist drawback most likely applies to this situation?

Options:
A.

Over-reliance and a false sense of security

B.

Limited flexibility

C.

Inability to keep the checklist up to date

D.

Standardization and a systematic approach

Questions 207

Which of the following would be most likely found in an internal audit procedures manual?

Options:
A.

A summary of the strategic plan of the area under review.

B.

Appropriate response options for when findings are disputed by management.

C.

An explanation of the resources needed for each engagement.

D.

The extent of the auditor ' s authority to collect data from management.

Questions 208

Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?

Options:
A.

Cost-benefit analysis of management not implementing a recommendation to address an observation.

B.

Inquiry of corrective action to be completed within a certain period

C.

Reporting the status of every observation for every engagement in a detailed manner.

D.

Soliciting management ' s feedback after completion of the audit engagement.

Questions 209

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

Options:
A.

Senior management is charged with overseeing the establishment risk management and control processes.

B.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.

Operating managers are responsible for assessing risks and controls in their departments.

D.

Internal auditors provide assurance about risk management and control process effectiveness.

Questions 210

Which of the following statements concerning workpapers is the most accurate?

Options:
A.

The organization and the format of workpapers is the same for all engagements

B.

The extent of what is included in workpapers is a matter of professional judgment

C.

Workpapers should be complete so that every conceivable question that can be raised should be answered

D.

Copies of operational managements records should not be included, but referenced so that they can be located