IIA-CIA-Part2 Practice of Internal Auditing Questions and Answers

Stratified sampling

Haphazard sampling

Discovery sampling

Probability-proportional-to-size sampling

Meet with the chief operating officer 10 obtain Information about the MR department

Review the previous internal audit report and locus on key audit observations and action plans

Review the organization's risk strategy and risk appetite framework

Discuss the department's present strategies ‘and objectives with the head of the HR department

Discuss the internal audit risk assessment including applicable risks and objectives with internal audit management

Perform a walk-through of the process under review to determine whether control wore operating, effectively

Identify when controls will be tested and the sampling method to be used based on control risk

Meet with operational management to team about any areas of concern and to agree on the engagement objectives

Assess management responses to key risk exposures

Analyze the costs and benefits of key controls

Evaluate the design adequacy of known controls

Conduct a walk-through of all related activates

Assert whether the described and reported control processes and systems exist.

Assess whether senior management adequately supports and promotes the internal control culture described in the report.

Evaluate the completeness of the report and management's responses to identified deficiencies.

Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.

By defining activities by business processes.

By looking external factors such as product complaints.

By looking at activities by businesses cost centers.

By defining activities by the organization chart.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Integrity.

Flexibility.

Initiative.

Curiosity.

Inventory comprised of the same items stored in different warehouses

Batches of materials that must be confirmed as meeting quality standards

Revenue that is earned by an organization through cash receipts or as receivable.

Tax reports submitted to meet the requirements of the local taxation authority

It provides the internal audit activity with more resourcing options to meet the audit plan

It offers internal auditors the opportunity to learn more about other work areas.

It gives nonauditors a better understanding of the control environment.

It provides an opportunity for the recruitment of employees as permanent internal auditors

The form and content of monitoring policies could vary by industry

The board of directors is responsible for the establishment of monitoring polities

Both large and small audit departments must have written policies on monitoring.

The chief audit executive must develop all monitoring policies related to the activity

The engagement supervisor must notify the chief audit executive (CAE) that the deficiencies have not been rectified

The engagement supervisor should rely on professional judgment as to whether the CAE should be informed, or the management action plan should be adjusted

The engagement supervisor should rely on his negotiation skills and issue an ultimatum to management to remedy the control deficiencies

Ensure that these deficiencies are captured in the documentation as high-priority areas to be reviewed during the next audit.

The contracting department's staffing changes within the last year

The certifications held by the internal auditors assigned to the engagement

The internal audit activity's increase n budget and staffing for the year

The organization's recent changes to how it processes payments

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

Compare card transaction types against procurement card policy guidelines.

Develop the scope and objectives of the engagement

Determine how many cardholders exceeded their daily limit.

Meet with the procurement card program administrator

Randomly select 30 cases of loans and verify whether they were repaid timely and in full

Randomly select 30 cases of loans and validate them against applicable underwriting guidelines

Randomly select 30 employees to complete a survey regarding whether policies and standards are followed

Randomly select several months obtain ageing reports for these months and compare them with the poor year

The engagement team should include internal auditors who have expertise in investigating vendor fraud

The engagement team should be composed of certified accountants who are proficient In financial statement analysis and local accounting principles

To preserve independence and objectivity, an auditor who worked for the vendor two years prior may not participate on the engagement team

The engagement team may include an auditor who lacks knowledge of the industry in which the vendor operates

During the inspection of a wind turbine. an internal auditor notices that some replaced parts took used According to purchase documents, the parts still have a long lifespan.

The auditor believes that the audit client's actions contradict the organization's code of conduct The audit client disagrees and says his actions are for the organization's benefit

An audit team member is allocated to conduct an assurance engagement m the sales unit. However, the same auditor performed an assurance engagement in that area just one year prior

During an inventory count, the auditor ascertained that some goods were missing. The audit client argues that the auditor does not understand how inventory should be counted

Communicate the workpaper review results to management of fie area under review to validate the final report

Update the final report in the file with any necessary corrections based on the workpaper review.

Discuss the workpaper review results with the staff auditor where appropriate as a leaning opportunity

Add the manager's review notes to the final documentation following the review

ignore the responsibility of addressing the residual risk

Assume the responsibility of addressing the residual risk

Ensure senior management acknowledges residual risk

Communicate with the board the issue of residual risk

1 and 2

2 and 4

1, 2, and 3

2, 3, and 4

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

The exit conference provides only anticipated results for inclusion in the final audit communication.

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

A criterion of the organization's accumulation of large travel advances

A condition of the organization's accumulation of large travel advances

A consequence of the organization's accumulation of large travel advances

A cause of the organization's accumulation of large travel advances

An expert or decision support system

Generalized audit software

A system utility program

An integrated test facility

The CAE can release prior internal audit reports with the approval of the board and senior management.

The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

The CAE can release prior information provided it is as originally published and distributed within the organization.

Conduct a joint brainstorming session with management.

Ask the chief audit executive to mediate.

Disclose the client's differing opinion in the final report.

Escalate the issue to senior management for a decision.

1 and 3

1 and 4

2 and 3

2 and 4

The frequency of executing the internal audit engagements

The frequency of changes in the organization environment

The expectations set by the board and senior management

The expectations set by operating management and senior management

Reviewing quality department survey results, which show 96% of employees believe all defective products are removed prior To shipping.

Physically inspecting a sample of completed processing cycles for detective products prior to shipment.

Observing employees while they raped products for defects

Reviewing a quality report provided by management mat snows 13 products were identified and removed during me most recent processing cycle

Assurance providers who report to management and/or are part of management cannot provide control serf-assessments services

Internal auditors should always reperform and validate audit work completed by external assurance providers

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit

hours Internal auditors can rely on the work of other assurance providers only rf the other assurance providers report directly to the board

Option A

Option B

Option C

Option D

The level of control is appropriate given the level of risk

The level of control is excessive given the level of risk

The level of control is inadequate given the level of risk

There is not enough of information to determine whether the controls are appropriate or not

Facilitate a control assessment to ensure all application risks were appropriately identified

Advise the project team on how to develop effective controls

Direct the project team to implement the appropriate controls within the software application

Provide assurance that the design of the controls will mitigate the identified application risks

Reliable information is factual adequate, and convincing so that a prudent informed person would reach the same conclusions as the internal auditor

Reliable information is the best attainable information through the use of appropriate engagement techniques

Reliable information supports engagement observations and recommendations and is consistent with the objectives for the engagement

Reliable information helps the organization and the internal audit activity meet its goals

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

Contact the audit committee chair to discuss the finding

Obtain verbal assurance from management that the inappropriate access will be removed

Issue an interim audit report so that management can implement action plans

Ask the auditor to create a ticket with the IT help desk requesting to revoke the inappropriate access

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

Compare employee addresses to vendor addresses to identify potential employee fraud.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

It minimizes the amount of time spent and cost incurred to gather the necessary information.

Responses can be confidential, thus encouraging participants to be candid expressing their concerns.

Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.

Workshop participants have an opportunity to learn while contributing ideas toward the objectives.

Refuse to accept the consulting engagement because it would be a violation of independence.

Collaborate with the external auditor to ensure the most efficient use of resources.

Accept the engagement but hire an external training specialist to provide the necessary expertise.

Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.

Inform senior management of the appropriate actions they should take to control the risk

Recommend that the internal audit activity provide consulting services to help minimize the risk

Assume the responsibility of resolving the significant risk that will affect the organization

Determine whether senior management accepted risk that may be deemed unacceptable for the organization

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

1 and 3 only

2 and 4 only

1, 3, and 4 only

1, 2, 3, and 4

To ensure that the engagement is completed on time and within budget

To ensure that all work performed meets acceptable quality standards

To ensure that management has provided suitable responses to all observations

To ensure that management is satisfied with the progress of the engagement

CSA allows management to have input into the audit plan.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

CSA can improve the control environment.

CSA increases control consciousness.

Effectiveness

Response

Efficiency

Mitigation.

Review the organizational structure, management roles and responsibilities and operating procedures

Evaluate management's risk assessment and the internal audit activity's risk assessment

Assess process How and control documents used to meet regulatory requirements

Review meeting notes from discussions involving management of the area to be reviewed.

Coach management in responding to risks.

Develop risk management strategies for board approval.

Facilitate identification and evaluation of risks.

Evaluate risk management processes.

Previous performance of the subsidiary specifically its financial results over the last three years and the outcome of external audit reviews

The results of previous internal audits of the subsidiary the recommendations provided and whether the recommended actions have been implemented

Organizational strategy objectives, risks, control framework and the expectations of stakeholders regarding the audit

The qualifications and competencies of the subsidiary's management team and their understanding of risk and control

Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.

Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.

Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.

Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Senior management of the organization

The chief audit executive

The head of customer service

The board of directors

Stop-or-go sampling

Probability to proportional size sampling

Classical variable sampling

Discovery sampling