Free IIA IIA-CIA-Part2 Practice Exam with Questions & Answers | Set: 4

According to the IIA guidance, engagement supervisors' review notes are used during the audit process to ensure thoroughness and accuracy. Once these review notes have been addressed, they can be removed from the final documentation. This practice ensures that the final audit report is clear and concise, containing only the necessary documentation to support audit findings and conclusions. The review notes are considered part of the working papers during the review process but do not need to be retained in the final audit documentation once all issues have been resolved.

References:

The Institute of Internal Auditors (IIA) Standard 2330 – Documenting Information: "Internal auditors must document relevant information to support the conclusions and engagement results."

IIA Practice Guide on "Audit Documentation"

Step-by-Step Detailed Explanation:

A. Vendor contracts:While vendor contracts may reveal terms, they do not directly identify potential conflicts of interest.

B. Employee master list:Correct. Comparing the employee master list with vendor information can help identify conflicts of interest, such as vendor ownership or employee relationships.

C. Payment records:Useful for verifying transactions but not for identifying conflicts of interest.

D. Purchasing policy:Provides guidelines but does not assist directly in identifying conflicts.

CIA Exam Syllabus Reference:

Domain II: Risk Management and Control – Identifying and Mitigating Conflicts of Interest.

When developing the work program for an engagement reviewing an organization’s small contracting services, the chief audit executive (CAE) should consider the organization's recent changes to how it processes payments. Changes in payment processing can significantly impact the control environment and may introduce new risks or control gaps. Understanding these changes will help the CAE design appropriate audit procedures to evaluate the effectiveness of the controls over the new processes.

References:

The Institute of Internal Auditors (IIA) Practice Guide: Developing the Internal Audit Strategic Plan

IIA Standard 2200 - Engagement Planning

Step-by-Step Detailed Explanation:

A. Vouching vendor invoices to payments made:This verifies payment accuracy but does not confirm whether purchases were authorized.

B. Sorting invoices by purchase orders and comparing for successive duplicate invoices:This approach focuses on detecting duplicate invoices, not authorization.

C. Comparing a random sample of vendor invoices to purchase orders:Correct. This method directly matches invoices to purchase orders, confirming that purchases were authorized and appropriately documented.

D. Sorting payments by invoice to detect successive duplicate invoices:Similar to option B, this approach focuses on detecting duplicates rather than verifying authorization.

CIA Exam Syllabus Reference:

Domain V: Performing Internal Audit Services – Testing for Authorization and Validity.

If management accepts the issue identified by the internal audit team but takes no remedial action, the next step for the chief audit executive (CAE) is to escalate the issue to senior management. This ensures that senior management is aware of the unresolved significant issue and can take appropriate action to address it. Escalation is a critical step in ensuring that risks are managed effectively and that necessary corrective actions are implemented.

References:

The Institute of Internal Auditors (IIA) Standard 2600

A survey with closed-ended questions can produce quantifiable evidence. Closed-ended questions limit responses to predefined options, making it easier to analyze and quantify the results. This type of survey is effective in gathering specific, comparable data from respondents.

References:

IIA Practice Guide: Survey Methods in Internal Auditing

IIA Standards: 2310 - Identifying Information

The best description of the organization's procedures in this context is that they represent a cause of the organization's accumulation of large travel advances. The lack of a requirement for justification for travel advances greater than a specific amount is a procedural gap that directly contributes to the accumulation of large travel advances. This gap in the procedure is the root cause that leads to the observed condition of large travel advances accumulating without sufficient oversight or justification.References: IIA's International Standards for the Professional Practice of Internal Auditing, Standard 2310 – Identifying Information, and related practice advisories on root cause analysis in audit observations.

According to MA (Management Accounting) guidance and internal auditing standards, when assessing the likelihood of fraud risk, internal auditors should consider historical data and patterns within the organization. Past fraud allegations and actual occurrences provide valuable insights into potential vulnerabilities and areas where controls might have previously failed. This historical perspective helps in evaluating the current fraud risk environment and in identifying areas that require stronger controls or more vigilant monitoring.

References:

IIA Practice Guide: "Assessing the Risk of Fraud"

COSO (Committee of Sponsoring Organizations of the Treadway Commission) Fraud Risk Management Guide

A due diligence engagement is the most appropriate type of engagement for assessing the maturity and rigor of the organization-wide risk management process of a target entity that management is considering acquiring. Due diligence involves a comprehensive appraisal of a business undertaken by a prospective buyer, especially to establish its assets and liabilities and evaluate its commercial potential. It typically includes evaluating financials, operational processes, and risk management frameworks to ensure informed decision-making about the acquisition.References:

The Institute of Internal Auditors (IIA), Practice Guide on Due Diligence

"Mergers and Acquisitions: A Step-by-Step Legal and Practical Guide" by Edwin L. Miller, Jr.

When an internal auditor identifies a potential significant weakness in a control and management does not agree with the assessment, the appropriate next step is to perform additional audit work to better articulate the risk. This means gathering more evidence, conducting further analysis, and providing clearer examples of how the weakness could impact the organization. By doing this, the auditor can better communicate the potential consequences and severity of the risk to management, increasing the likelihood of reaching a mutual understanding and agreement on the necessary actions.

References:

The Institute of Internal Auditors (IIA) Practice Guide: Communicating Risk and Control Information

IIA Standard 2310 - Identifying Information

IIA Standard 2410 - Criteria for Communicating