New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free IIA IIA-CIA-Part2 Practice Exam with Questions & Answers | Set: 6

Questions 51

Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?

Options:
A.

Persuade senior management to take appropriate action.

B.

Cancel issuing the engagement report due to the assumed risks.

C.

Accept senior management’s assumption of the risks.

D.

Discuss the issue with the board for them to take appropriate action.

IIA IIA-CIA-Part2 Premium Access
Questions 52

An internal auditor collected several employee testimonials Which of the following is the best action for the internal auditor to take before drawing a conclusion?

Options:
A.

Ensure the testimonials are well documented

B.

Substantiate the testimonials with physical or documentary evidence

C.

Corroborate testimonials with the results from other soft control techniques

D.

Review the testimonials with the interviewed employees

Questions 53

An internal auditor is planning an engagement at a financial institution. Toe engagement objective is to identify whether loans were granted in accordance with the organization's policies. When of the following approaches would provide the auditor with the best information?

Options:
A.

Randomly select 30 cases of loans and verify whether they were repaid timely and in full

B.

Randomly select 30 cases of loans and validate them against applicable underwriting guidelines

C.

Randomly select 30 employees to complete a survey regarding whether policies and standards are followed

D.

Randomly select several months obtain ageing reports for these months and compare them with the poor year

Questions 54

During a review of data privacy an internal auditor is tasked with testing management's identification and prioritization of critical data collected by the organization. Which of the following steps would accomplish this objective?

Options:
A.

interview management to determine what types of data are collected and maintained

B.

Trace data from storage to the collection sources to determine how critical data is collected and organized

C.

Review a sample of data to determine whether the risk classification is reasonable

D.

Document and test a data inventory and classification program by determining the data classification levels and framework

Questions 55

An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?

Options:
A.

Express an opinion on the participants' inputs and conclusions as the assessment progresses.

B.

Provide appropriate techniques and guidelines on how the exercise should be undertaken.

C.

Evaluate and report on all issues that may be uncovered during the exercise.

D.

Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.

Questions 56

Which of the following conditions are necessary for successful change management?

1. Decisions and necessary actions are taken promptly.

2. The traditions of the organization are respected.

3. Changes result in improvement or reform.

4. Internal and external communications are controlled.

Options:
A.

1 and 2

B.

1 and 3

C.

2 and 3

D.

2 and 4

Questions 57

Which of the following is an appropriate documentation of proper engagement supervision?

Options:
A.

A completed engagement workpaper review checklist.

B.

The supervisor's review notes on engagement workpapers.

C.

The email exchanges between the audit team and the supervisor.

D.

A supervisor's approval of resources allocated to the engagement

Questions 58

Which of the following actions is the most appropriate response for an internal auditor to take when a significant risk is identified during a consulting engagement?

Options:
A.

Report the risk identified from the consulting engagement to senior management.

B.

Do not include the risk in the assessment of risk management processes, as that is management's responsibility.

C.

Do not report the risk, as it is out of scope for the consulting engagement.

D.

Include the risk identified from the consulting engagement in the next annual risk assessment only if it is part of the consulting engagement objectives.

Questions 59

The chief audit executive (CAE) determined that the internal audit activity lacks the resources needed to complete the internal audit plan Which of the following would be the most appropriate action tor the CAE to take?

Options:
A.

Use guest auditors from within the organization, and leverage their experience by assigning them to lead engagements m areas where they previously worked

B.

Outsource some of the audits to the organization s external auditor who is already familiar with the organization

C.

Invite nonauditors to join the internal audit activity for a two-year rotational position, and assign them to join audit teams that are reviewing areas where they have no previous management responsibility

D.

Recruit recent college graduates and employ them as audit interns with an aim to offer permanent employment

Questions 60

Which of the following is true regarding the monitoring of internal audit activities?

Options:
A.

The form and content of monitoring policies could vary by industry

B.

The board of directors is responsible for the establishment of monitoring polities

C.

Both large and small audit departments must have written policies on monitoring.

D.

The chief audit executive must develop all monitoring policies related to the activity