IIA-CIA-Part1 Essentials of Internal Auditing Question and Answers

Recommend parties involved to be sanctioned in accordance with the organization's policy.

Determine whether any additional audit work needs to be performed.

Launch an investigation to obtain details of the fraud and parties involved.

Request that the responsible process owner remediate the issue immediately.

Internal auditors evaluate past achievements to understand whether controls are operating effectively, and external auditors focus on the accuracy of financial reporting.

Internal auditors provide assurance about the sufficiency of controls to manage risks. Including risks of failure to achieve future goals, and external auditors evaluate the accuracy and understandability of financial reporting.

internal auditors are always employed by the organization, rather than outsourced, and external auditors are never employed by the organization but contracted independently.

Internal auditors are most directly concerned with the detection of fraud, while external auditors are most directly concerned with the prevention of fraud.

Take an accommodating approach and change the overall rating of the audit report.

Take a compromising approach by modifying the tone of the report, while maintaining the critical findings.

Take an assertive approach and be persistent in attempting to convince the director.

Take an assisting approach and offer to assist with the implementation of action plans.

Risk mitigation

Risk avoidance

Risk reduction

Risk transfer

The CAE seeks senior management approval of the internal audit charter

The CAE obtains senior management's approval to hire staff

The CAE reports significant issues to the organization's CEO

The CAE provides the board with an annual budget for approval

A plan to study for and obtain a certification in nonprofit management.

A deadline within the individual development plan to meet the overall engagement objectives.

A plan to perform a variety of engagements to develop general skills that could be used to assess environmental, social, and governance initiatives.

A request to attend the organization's committee meeting that is focused on strategic community awareness.

1 and 3 only.

2 and 4 only.

1,2. and 3.

2,3, and 4.

Corrective control

Process-level control

Compensating control

Preventive control

Speak to the payroll manager so he may investigate the auditor's observations.

Continue to investigate the payments to confirm the accuracy of the observations, and determine whether further fraudulent payments have been made.

Stop the audit and report the findings to senior management immediately.

Escalate the concern to the engagement supervisor.

A quality assessment review.

An internal audit client survey.

A control self-assessment.

A peer review of the internal audit activity.

Separate the duties of processing and authorizing refunds on merchandise

Post signs in the register area prompting customers to ask for and examine their sales receipts

Periodically count the cash in the register and compare it to the expected amount

Use cash registers with internal tapes that are tamper proof and that require a manager to process voids or refunds

Segregate duties between code development and migrating changes into production.

Conduct fraud training for the IT team responsible for the ERP system.

Penalize the developer who committed the fraud by terminating employment.

Restrict developers' access to the ERP system's test environment.

Undertaking audit work in an area where internal auditors lack the necessary skills.

Establishing an internal audit activity without documented policies and procedures.

Assigning compliance responsibilities to the chief audit executive.

Concluding that an internal control is effective without first obtaining evidence

Verifying whether claims have been properly authorized for payment

Verifying whether claims are properly supported by invoices or other documents.

Confirming that all claims are within the limits of the organization's travel policy.

Reconciling claims against business the requests that were approved by supervisors

Statistical sampling techniques should always be used to pull unbiased sampling for testing.

Fieldwork completed by internal auditors should be appropriately reviewed.

Internal auditors should avoid using the lunch room simultaneously with audit clients.

During the audit review period, there should be no nonaudit dialogues with the audit client.

Number of mitigating controls.

Effectiveness of the control environment

Use of computer-assisted auditing techniques.

IT security controls

Coordinate and facilitate risk workshops for management to attend.

Establish the degree of risk appetite for management to accept.

Set risk indicators and mitigation plans for management to implement

Determine the number of significant risks for management to report to the board.

The organizational culture rewards critical and objective thinking.

The quality of work performed by the internal audit activity is periodically reviewed,

The organization establishes effective governing body oversight,

Audit assignments are rotated among internal audit staff

The chief audit executive (CAE) may consider including a disclaimer on independence in audit reports.

The CAE may consider greater involvement of those with suitable knowledge of audit practice.

Conformance with this Standard is not dependent upon the size of the internal audit activity.

Due to the small size of the internal audit activity, having an external assessment once every seven years is acceptable.

Ensuring regular documentation of auditor skills and experience in the workpapers.

Basing performance evaluations heavily on customer satisfaction surveys.

Prohibiting auditors from accepting gifts from audit clients or potential clients.

Ensuring that auditors have a balance of both operational and internal audit responsibilities.

Identify relevant fraud risk factors.

Identify potential fraud schemes.

Identify existing controls for preventing and detecting fraud.

Identify red flags by conducting data analysis.

Risk reduction.

Risk transfer.

Risk acceptance.

Risk avoidance.

Internal assessments must be reported to the board at least every five years

If supported by assessment results, reporting provides assurance that internal auditors demonstrate conformance with the Code of Ethics

Following the reporting the board must give the internal audit activity five years to correct any deviations

A report, including the results of both internal and external assessments must be provided to the board annually

An organizational locus on improving the overall environment, even it is to the detriment of the local community.

A philosophy driven by employees that flows up to senior management and the board of directors.

An overall commitment of the organization to improve the quality of life for not only the employees but the community at large.

A policy of ensuring that the organization is socially responsible, even if it leads to unprofitability due to increased costs.

The OAIP should be conducted at least once every three years, and must be performed by an external assessor.

The OAIP should be conducted on an ongoing basis, and can be completed as a self-assessment,

he QAIP should include both internal assessments performed by staff and external assessments performed by independent, objective individuals

The OAIP should be performed with scoping limitations established by the board.

A requirement that internal auditors undergo objectivity training periodically

Periodic communications reminding internal auditors of Standards requirements

A review of the final audit report by the audit committee

Ongoing monitoring and periodic internal quality assessments

Objectivity.

Confidentiality.

Competency.

Due professional care.

Auditors perform assurance services without regard to cost

Auditors perform assurance services effectively to identify all risks

Auditors perform assurance services needed to achieve the engagement's objectives

Auditors perform assurance services to guarantee all significant risks will be addressed

Quality committee.

Audit committee.

Risk committee.

Governance committee.

The engagement client should be able to determine the scope to be applied to the engagement

The internal auditor should establish a scope that does not impair her objectivity

Any attempts by the engagement client to limit the scope should be considered a scope limitation

The scope should include reviewing the effectiveness of the internal control environment

The decision to involve auditors in the IPO was made by former audit committee members; therefore, the CAE is not responsible and can proceed with the new assignment.

The CAE should reject the assignment, as such engagements are beyond the scope of auditors who are usually not familiar with root cause analysis methodology.

The engagement should be undertaken by audit assistants and other junior staff members who were not involved in the IPO process.

The CAE should disclose objectivity limitations to the audit committee and suggest alternatives, such as outsourcing the engagement.