IIA-CIA-Part1 Exam - Certified Internal Auditor - Part 1, The Internal Audit Activitys Role in Governance, Risk, and Control

NEW QUESTION 1
According to COSO, which of the following is not considered one of the components of an organization's internal environment?

• A. Authority and responsibility to resolve issues.
• B. Framework to plan, execute and monitor activities.
• C. Integrated responses to multiple risks.
• D. Knowledge and skills needed to perform activities.

Answer: C

NEW QUESTION 2
Which of the following best ensures the independence of the internal audit activity?
* 1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis.
* 2. The audit committee reviews the performance of the chief audit executive (CAE) periodically.
* 3. The internal audit charter requires the CAE to report functionally to the audit committee.

• A. 3 only
• B. 1 and 2 only
• C. 2 and 3 only
• D. 1, 2, and 3

Answer: C

NEW QUESTION 3
While performing an accounts payable engagement, a senior auditor wants to conduct several tests of controls for travel expenses. Which of the following actions are most appropriate for the senior auditor to undertake?
* 1. Ensure all tests use a random sampling technique.
* 2. Consider a judgmental approach for the sample size.
* 3. Assess testing errors through root cause analysis.
* 4. Ensure that the entire data set is tested.

• A. 1 and 2.
• B. 1 and 3.
• C. 2 and 3.
• D. 2 and 4.

Answer: C

NEW QUESTION 4
Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?

• A. If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.
• B. Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is
• C. required to conduct privacy assessments.
• D. The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.
• E. The internal audit activity should have appropriate knowledge and competence to conduct an asses.......framework.

Answer: D

NEW QUESTION 5
According to IIA guidance, which of the following best describes internal auditors' responsibility regarding fraud?

• A. Internal auditors should take a leading role in investigating all fraud-related cases.
• B. Internal auditors must have sufficient knowledge to evaluate the risk of fraud.
• C. Internal auditors should report all fraud cases to law enforcement agents, in accordance with the Code of Ethics.
• D. Internal auditors are responsible for ensuring that fraud does not occur.

Answer: B

NEW QUESTION 6
Which of the following is an example of collusion?

• A. An employee includes a faked receipt in his expense claim, and the claim is signed by the employee's manager.
• B. A vendor inflates the price of an item and remits a portion of the excess to the purchasing manager.
• C. A vendor sends a duplicate invoice with a new invoice number, and the accounts payable system fails to detect the duplication.
• D. An employee works with the IT manager to develop a program for identifying duplicate invoice payments.

Answer: B

NEW QUESTION 7
According to IIA guidance, when preparing the charter for the internal audit activity, the chief audit executive (CAE), board, and senior management should agree on which of the following?
* 1. The standards to be used by the internal audit activity.
* 2. The internal audit activity's code of ethics.
* 3. The CAE's reporting line.
* 4. The internal audit activity's responsibilities.

• A. 4 only.
• B. 1 and 2 only.
• C. 3 and 4.
• D. 1,2, and 3.

Answer: C

NEW QUESTION 8
A chief audit executive (CAE) is selecting an internal audit team to perform an audit engagement that requires a high level of knowledge in the areas of finance, investment portfolio management, and taxation. If neither the CAE nor the existing internal audit staff possess the required knowledge, which of the following actions should the CAE take?

• A. Postpone the audit until the CAE hires internal audit staff with the required knowledge.
• B. Ask the audit committee to decide the course of action.
• C. Select the most experienced auditors in the department to perform the engagement.
• D. Hire consultants who possess the required knowledge to perform the engagement.

Answer: D

NEW QUESTION 9
Faced with a complex, highly technical construction audit engagement, the chief audit executive (CAE) considered complementing the current internal audit resources by engaging the services of a civil engineer.
Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?
* 1. Professional certification, license, or other recognition of the engineer's competence in the relevant discipline.
* 2. Experience of the engineer in the type of work being considered.
* 3. Compensation or other incentives that the engineer may receive.
* 4. The extent of other ongoing services that the engineer may be performing for the organization.

• A. 1 and 4 only
• B. 2 and 3 only
• C. 3 and 4 only
• D. 1, 2, and 4 only

Answer: D

NEW QUESTION 10
An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. Which of the following statements about a common risk language is true?

• A. Management will be able to reduce inherent risk because they will have a better understanding of risk.
• B. Internal auditors will be able to reduce their sample sizes because controls will be more consistent.
• C. Stakeholders will have more assurance that the risks are assessed consistently.
• D. Decision makers will understand that the likelihood of missing or ineffective controls will be reduced.

Answer: C

NEW QUESTION 11
Which segregation of duties would best reduce the risk of payroll fraud?

• A. Human resources personnel add employees, and payroll personnel process hours and enter employee bank account number
• B. Paychecks are automatically deposited in the employee's bank account.
• C. Human resources personnel add employees, payroll personnel process hours, and human resources personnel deliver paychecks to employees.
• D. Human resources personnel add employees, review and submit payroll hours to the payroll department for processing, and deliver paychecks to employees.
• E. Human resources personnel add employees and enter employee bank informatio
• F. Payroll personnel process hours, and paychecks are automatically deposited in the employee's bank account.

Answer: A

NEW QUESTION 12
An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank's IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?

• A. Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.
• B. Not allow the audit manager to hire the contractor, as it would be a conflict of interest.
• C. Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.
• D. Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

Answer: A

NEW QUESTION 13
Non-statistical sampling does not require which of the following?

• A. The sample to be representative of the population.
• B. The sample to be selected haphazardly.
• C. A smaller sample size than if selected using statistical sampling.
• D. Projecting the results to the population.

Answer: C

NEW QUESTION 14
An internal auditor is performing analytical reviews as part of an audit of a supermarket's merchandising department. Because the economy has declined since midyear, the auditor can expect to encounter which of the following?

• A. Higher inventory turnover.
• B. Higher operating margin.
• C. Lower obsolete stock disposal.
• D. Lower sales volume.

Answer: D

NEW QUESTION 15
Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance?
* 1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
* 2. The internal audit activity must assess whether the IT governance of the organization supports the organization's strategies and objectives.
* 3. The internal audit activity may assess whether the IT governance of the organization supports the organization's strategies and objectives.
* 4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's strategies and objectives.

• A. 1 only.
• B. 4 only.
• C. 2 and 4.
• D. 3 and 4.

Answer: A

NEW QUESTION 16
According to IIA guidance, which of the following is an area in which the internal auditor should be proficient?

• A. Management principles.
• B. Computerized information systems.
• C. Internal audit standards, procedures, and techniques.
• D. Fundamentals of accounting, economics, and finance.

Answer: C

NEW QUESTION 17
Which of the following best describes the misdirection of payments on accounts receivable to an employee's bank account?

• A. Fraud open on the books.
• B. Fraud hidden on the books.
• C. Fraud off the books.
• D. Fraud on the balance sheet.

Answer: C

NEW QUESTION 18
A government agency maintains a system of internal control, according to the COSO model, and has made a change to its employee performance reviews and rewards program. This change relates to which of the following components of COSO's internal control framework?

• A. Control environment.
• B. Control activities.
• C. Information and communication.
• D. Monitoring activities.

Answer: A

NEW QUESTION 19
......