• support@dumpspool.com
SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$35.00 Free Updates Upto 90 Days

  • IIA-CIA-Part2 Dumps PDF
  • 360 Questions
  • Updated On April 22, 2024

PDF + Test Engine

$60.00 Free Updates Upto 90 Days

  • IIA-CIA-Part2 Question Answers
  • 360 Questions
  • Updated On April 22, 2024

Test Engine

$50.00 Free Updates Upto 90 Days

  • IIA-CIA-Part2 Practice Questions
  • 360 Questions
  • Updated On April 22, 2024
Check Our Free IIA IIA-CIA-Part2 Online Test Engine Demo.

How to pass IIA IIA-CIA-Part2 exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest IIA IIA-CIA-Part2 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know IIA IIA-CIA-Part2 Dumps are Worth it?

Did we mention our latest IIA-CIA-Part2 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just IIA Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our Practice of Internal Auditing Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Practice of Internal Auditing Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get IIA-CIA-Part2 Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the IIA-CIA-Part2 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

IIA IIA-CIA-Part2 Sample Question Answers

Question # 1

A manufacturing organization is considering a merger with a similar firm, and requests that the chief audit executive (CAE) perform a due diligence audit. During the preliminary survey, the CAE notes that inventory management is a high risk area. In consultation with the external auditors and legal advisors, the CAE learns that they share those concerns. Which of the following is the CAE's best course of action?

A. Perform an independent audit of the merging firm's inventory management practices to verify the concerns and to provide relevant and reliable results to management for their consideration and action. 
B. Advise management that internal audit, external audit, and legal advisors all have concerns about inventory management and, given the high materiality of inventory, management should not proceed with the merger. 
C. Coordinate a review of inventory management with external auditors and legal advisors and ensure each group focuses on their area of expertise to ascertain the extent of the problems, if any

Question # 2

According to the Standards, which of the following should be the basis for scheduling follow-up of engagement recommendations?

A. The follow-up manual procedures.  
B. The internal audit charter.  
C. The agreement made between internal auditors and management.  
D. The risks and exposures involved.  

Question # 3

According to the Standards, which of the following control strategies would be the most effective in helping to prevent fraud?

A. Have employees annually sign a code of conduct requiring that they report any known violations. 
B. Implement a whistleblower hotline where individuals can make anonymous phone calls to report fraudulent activities
C. Provide periodic fraud awareness training to employees and test their understanding of the training through online surveys. 
D. Conduct routine employee surveys to solicit their knowledge of fraud and unethical behavior within the organization. 

Question # 4

Which of the following would not include recommendations for process improvements? 

A. Due diligence engagement.  
B. Forensic investigation.  
C. Internal audit engagement.
D. Consulting engagement.  

Question # 5

Which of the following events would most likely cause the chief audit executive to considerchanging the current year's audit plan?The government announced that new regulatory requirements will be introduced in thecoming years which may significantly impact the organization's primary product.A major competitor unexpectedly introduced a new model at a lower price point to competewith the organization's market leading product.The organization announced a new joint venture with a long time corporate partner tointroduce a new product with development costs and sales beginning next fiscal year.An equal joint venture partner filed a lawsuit against the organization and requested thatthe court issue an immediate suspension of future product shipments.

A. 1 and 2 only  
B. 1 and 3 only  
C. 2 and 4 only  
D. 3 and 4 only  

Question # 6

An internal auditor was assigned to conduct an inventory control and stock room area engagement. During the audit, the auditor observed that there were some items that have a shelf life expiration date requirement based on a certificate of conformance received with the product. The certificates of conformance are kept on file in the inventory area office and the expiration date is verified at the time the item is taken from stock. The auditor reviewed the items in the stock room and also on the production floor for the expiration dates to see if there was any expired product. All items with a shelf life requirement were found to be within the expiration date requirement. Which of the following recommendations would be appropriate? 

A. Take no action, because all the items were within the expiration date requirement, and no corrective action is needed
B. Permit production staff the access to files where the certificates of conformity are kept, so they can choose the items with the closest expiration date. 
C. Determine the cost of inventory for the items that have a shelf life and apply a new policy regarding inventory levels to be maintained (i.e., minimums, maximums, reorder points etc.).
D. Add to the product label a "use by date" line, enter the expiration at the time of receipt, and perform periodic inventory checks.

Question # 7

According to IIA guidance, which of the following are potential benefits of using an assurance map?

A. Indication of any gaps in assurance coverage, and improved relevance of assurance recommendations.
B. Identification of duplicate or overlapping assurance activities, and improved relevance of assurance recommendations. 
C. Indication of gaps in assurance coverage, and enhanced effectiveness of assurance providers. 
D. Enhanced effectiveness of assurance providers, and improved relevance of assurance recommendations.

Question # 8

The chief audit executive (CAE) is adding a new audit position to the team. According to the International Professional Practices Framework, which of the following candidates would the CAE be least likely to accept for the position?

A. The candidate is applying for an IT audit position, while originally coming from an IT background, but has only experiences of financial and compliance audits in the previous position. 
B. The candidate is knowledgeable about potential indicators of fraud including typical risks, but has only participated as a staff auditor in one investigative fraud audit. 
C. The candidate meets the minimum educational requirements established by the chief audit executive, but has less formal education than any of the other candidates being considered.
D. The candidate provides examples of previous reports demonstrating excellent writing skills, but lacks ability to clearly communicate ideas and conclusions in a meeting.

Question # 9

If the chief audit executive believes that senior management has accepted a level of residual risk that is unacceptable to the organization, they should:

A. Accept the decision of senior management as they are ultimately responsible for risk management. 
B. Report the concern directly to the board.  
C. Discuss the concern with management and if not resolved, escalate it to the board.  
D. Disclose the issue in the audit report when auditing the area where the risk was identified. 

Question # 10

An internal auditor for a large telecommunications organization identified potential risk factors related to a planned billing system conversion. Which of the following risk factors would present the least potential exposure to the organization?

A. Critical customer support functions are not available for a short period.  
B. Invoice generation disruptions due to required maintenance.  
C. Inaccurate billing of telephone calls due to database error.  
D. End user criticism and lack of support for the new system.  

Question # 11

Which of the following topics must the internal audit staff discuss with management duringthe exit conference?1. Issues identified during the audit.2. Evaluation criteria used to select controls for testing.3. Staff who were interviewed during the audit.4. The reporting process for the draft and final report.

A. 1 and 3 only  
B. 1 and 4 only  
C. 2 and 3 only  
D. 2 and 4 only  

Question # 12

An organization does not have a formal risk management function. According to theStandards, which of the following are conditions where the internal audit activity (IAA) mayprovide risk management consulting?1. There is a clear strategy and timeline to migrate risk management responsibility back tomanagement.2. The IAA has the final approval on any risk management decisions.3. The IAA does not give objective assurance on any part of the risk managementframework for which it is responsible.4. The nature of services provided to the organization is documented in the internal auditcharter.

A. 1, 2, and 3 only  
B. 1, 2, and 4 only  
C. 1, 3, and 4 only  
D. 2, 3, and 4 only  

Question # 13

When establishing the internal audit activity's annual plan, which of the following would be the best source of potential audit engagement topics?

A. The organization's budget.  
B. Operations involving cash transactions.  
C. Recent changes in management objectives.  
D. Risk factors utilized in the organization's risk models.  

Question # 14

Due to the expanded role of internal audit in the organization, the chief audit executive (CAE) of a construction company decides to employ the services of an outsourced audit service provider to augment the internal audit staff. What does the CAE need to consider in determining whether the outsourced audit service provider possesses the necessary knowledge, skills and other competencies to perform an audit engagement? 

A. Specific matters expected to be covered in the engagement communications.  
B. The financial interest that the external service provider may have in the organization.
C. The extent of other ongoing services the external service provider may be performing for the organization.  
D. The reputation of the external service provider.  

Question # 15

During the audit of a large decentralized supply chain function, the chief audit executive(CAE) receives serious allegations of fraud concerning the vice president responsible forthis function. The CAE engages a third party to provide forensic audit services and lead theinvestigation portion of the engagement. As part of this team, which of the following wouldbe an appropriate role for the investigator?1. Authenticate the original approval signatures on contracts.2. Interview personnel to understand the supply chain processes.3. Provide certified copies of relevant original documents for the audit file.4. Identify variances in pixels on original electronic documents.

A. 1 and 2 only  
B. 1 and 4 only  
C. 2 and 3 only  
D. 3 and 4 only  

Question # 16

When approving the final engagement report, which of the following is most critical? 

A. Opinions are adequately supported.  
B. Conclusions are reached for all objectives.  
C. Report is distributed to appropriate parties.  
D. Report is clear and concise.  

Question # 17

An organization has acquired a new line of business. None of the organization's internal auditors have the required expertise to perform an internal audit of the new business line; therefore, the chief audit executive (CAE) has contracted the services of an external audit firm to perform the engagement. The CAE has assigned a member of the internal audit team to assist the external team with the engagement. According to the Standards, which of the following statements is true regarding supervision of the engagement?

A. The CAE may rely upon the external firm's auditor in charge to supervise the engagement. 
B. The external firm's auditor in charge must defer to the judgment of the CAE for any disputes.
C. The CAE is not responsible for the quality of an audit performed by an external firm.  
D. The CAE should not assign an inexperienced staff member to assist with the engagement. 

Question # 18

Which of the following is correct with respect to roles within an enterprise-wide riskmanagement process?1. The board provides oversight to the risk management process.2. Executive management owns the risk management framework.3. Senior management is assigned ownership of risks.4. Internal audit modifies the risk assessment determined by management.

A. 1 and 2 only  
B. 3 and 4 only  
C. 1, 2, and 3 only  
D. 1, 2, 3, and 4  

Question # 19

Which of the following is a preventive control for fraud?

A. Determining if the number of manually prepared disbursement checks is high.  
B. Reconciling the purchase orders with the requisitions.  
C. Verifying that new vendors appear on the vendor pre-approved list.  
D. Conducting an inventory count of the warehouse.  

Question # 20

Which two of the following considerations must an internal auditor take into account whileplanning an audit of an accounting system/application that has been in use for the last fiveyears?• The level and manner of linkages between the business' mission, objectives, andstructure and the accounting system/application.• Presence or absence of computerized and manual controls that address risks.• Identification of risks at the application level, e.g. availability and security of the system.• Testing of the system/application for bugs and errors. 

A. 1 and 3 only  
B. 2 and 3 only  
C. 2 and 4 only  
D. 3 and 4 only  

Question # 21

An organization has an opening for an entry-level internal audit position. When interviewing for the position, which of the following is the least important skill for an entry-level internal auditor?

A. Conflict resolution skills.  
B. Communication skills.  
C. Time management skills.  
D. Interpersonal skills.  

Question # 22

Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailed audit work begins?

A. The objectives of the audit should be set.  
B. The organization's management should be informed about the work to be performed.  
C. Attention should be devoted toward the key audit areas.  
D. The timing of the audit should be set.  

Question # 23

Which of the following documents should the chief audit executive review and approve?1. Workpaper retention policy.2. Audit committee meeting minutes.3. Internal audit handbook.4. Quarterly financial statements

A. 1 and 2 only  
B. 1 and 3 only  
C. 2 and 4 only  
D. 1, 3, and 4 only  

Question # 24

While reviewing the draft report of an audit engagement, the chief audit executive (CAE) isnot in agreement with management's acceptance of the potential risk exposure resultingfrom an observed key control weakness. Which of the following actions by the CAE wouldbe appropriate for addressing this concern?• Meet with the auditor-in-charge.• Discuss with senior management.• Monitor the result of the accepted risk.• Report the matter to the board. 

A. 1, 2, and 3 only  
B. 1, 2, and 4 only  
C. 1, 3, and 4 only  
D. 2, 3, and 4 only  

Question # 25

Which of the following is the least relevant when preparing the internal audit activity's annual engagement plan?

A. Senior management's requests for internal audit engagements.  
B. A rotation of internal audit engagements selected on a time basis.
C. The organization's current risk priority and exposure.  
D. Coordination with the audit plans of the external auditor.  

Question # 26

Controls are implemented to: 

A. Eliminate risk and reduce the potential for loss.  
B. Mitigate risk and eliminate the potential for loss.  
C. Mitigate risk and reduce the potential for loss.  
D. Eliminate risk and eliminate potential for loss.  

Question # 27

Which of the following is not true regarding the management of internal audit resources? 

A. A minimum level of information technology knowledge is necessary.  
B. The adequacy of internal audit resources is ultimately a board responsibility.  
C. Resources include external service providers and computer-assisted audit techniques.  
D. Skills availability must be aligned with financial constraints.  

Question # 28

Which of the following is an advantage to using the questionnaire approach when conducting risk and control self assessments?

A. Responses can easily be quantified and analyzed.  
B. Follow-up for clarification is efficient.  
C. It is educational for participants.  
D. It allows for in-depth probing of issues.  

Question # 29

During the planning phase of an audit of the treasury function, an internal auditor conducted a risk assessment of the function in order to: 

A. Report any high-risk exposures of the treasury function to management and the board.  
B. Determine whether appropriate resources are present to carry out the treasury function.  
C. Comply with the internal audit charter and applicable regulatory requirements.  
D. Identify areas of the treasury function that should be considered for potential engagement objectives. 

Question # 30

According to the International Professional Practices Framework, which of the following should be excluded from a final communication for a performance audit engagement?

A. Recommendations and conclusions.  
B. The internal auditor's unbiased opinion.  
C. Timely and relevant information.  
D. Legal opinions related to illegal acts.  

Question # 31

According to the Standards, which of the following best describes the responsibility of thechief audit executive (CAE) for approving the final engagement report?• The CAE is responsible for obtaining management approval before issuing the finalreport.• The CAE has overall responsibility for the report but can delegate the review andapproval of the report.• The CAE is responsible for obtaining senior management's approval before releasing thefinal report.• The CAE is responsible for approving to whom and how the final report will bedisseminated. 

A. 1 and 3 only  
B. 1 and 4 only  
C. 2 and 3 only  
D. 2 and 4 only  

Question # 32

The chief executive officer has requested that the chief audit executive (CAE) coordinate the establishment of an enterprise risk management (ERM) program for the organization. Which of the following would be the most appropriate action for the CAE?

A. Accept the request as the role of coordinating ERM is a core function of internal audit.
B. Decline the request as this role compromises the CAE's objectivity.
C. Accept the request after consulting with the board and adhering to proper safeguards.
D. Decline the request as internal audit has limited knowledge and experience of risk at the enterprise level to undertake the assignment.

Question # 33

The chief audit executive (CAE) of a large retail operation believes that senior managementhas accepted a level of risk that exceeds the organization's current risk tolerance withrespect to a major expansion. The CAE plans to meet with senior management to discussthese concerns. According to IIA guidance, which of the following would be an appropriatecourse of action in preparation for this meeting?• Understand management's basis for the decision.• Advise the board of the concern and upcoming meeting.• Ascertain which members of management have accepted the risk.• Determine if management has the authority to accept the risk.

A. 1 and 2 only  
A. 1 and 2 only  
C. 2 and 3 only  
D. 3 and 4 only  

Question # 34

Why should internal auditors develop a strong relationship with the external auditors?

A. External auditors offer an additional layer of approval to internal auditors' reports.
B. External auditors can help improve the effectiveness of internal control sampling techniques.
C. External auditors can offer an independent and knowledgeable viewpoint.
D. External auditors can share information gained from work with similar clients.

Question # 35

During an engagement the internal auditors reported that the organization was paying suppliers without receiving the merchandise. Management responded that it would immediately establish the use of receiving reports. As part of the follow-up activity, which of the following procedures would be the most appropriate in determining that management action was implemented?

A. Ask management if the new policy related to the receiving reports is in place.  
B. Select a sample of receiving reports and determine if payments were made.  
C. Interview warehouse employees to ascertain adherence to new policy.  
D. Select a sample of payments and determine if a receiving report exists.  

Question # 36

An internal auditor has just undertaken an organization-wide risk assessment. In identifying potential audit engagements the internal auditor should consider least:

A. Focusing on the high risk areas as sources of potential engagements.
B. Focusing in areas not audited last year.
C. Factoring in management requests.
D. Focusing on those risks highlighted by the external auditor.

Question # 37

Which of the following statements is true? 

A. Consulting engagements provide the internal audit activity with flexibility to add value and do not need to be included in the long-range audit plan. 
B. The internal audit activity's plan of engagments must be based on a formal quantitative risk assessment.
C. The chief audit executive should consider changes to the long-range audit plan based on the requests of business unit managers. 
D. A risk assessment on which to base the internal audit activity's long-range plan must be undertaken at least once every three years. 

Question # 38

According to the International Professional Practices Framework, which of the following statements is true regarding the use of the statement, "Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing," when communicating results of a seven-year-old internal audit activity?

A. The statement may be used only when conducting international engagements.
B. The statement may be used only if the results of the quality assurance and improvement program support the statement.
C. The statement may be used whether or not the internal audit department has an external quality assessment review or an independent validation of a self assessment.
D. The statement should not be used for a consulting engagement.

Question # 39

Which of the following statements is true regarding the communication of audit engagement observations?

A. Criteria, condition, cause, and effect must be communicated for material observations only 
B. Criteria, condition, cause, and effect must be communicated for material observations and significant deficiencies only 
C. Criteria, condition, cause, and effect must be communicated for all engagement observations. 
D. Criteria, condition, cause, and effect do not need to be communicated for insignificant observations with adquate compensating key controls

Question # 40

Which of the following statements is correct regarding the use of a program evaluation andreview technique (PERT) model?• It makes use of a probability model to arrive at a realistic estimate of time necessary forcompletion of the audit engagement.• It requires that activities are performed in sequence such that each task is completedbefore the commencement of the next activity.• It remains fixed once completed to act as a baseline for measuring the performance of theaudit staff following completion of the engagement.• It begins with the auditor-in-charge identifying the overall scope and then breaking downthe audit engagement into identifiable activity units. 

A. 1 and 3 only  
B. 1 and 4 only  
C. 2 and 3 only  
D. 2 and 4 only  

Question # 41

To furnish useful and timely information and promote improvements in operations, internal auditors should provide:

A. Senior management with reports that emphasize the operational details of defective conditions.
B. Operating management with reports that emphasize general concerns and risks.
C. Information in written form before it is discussed with the engagement client.
D. Reports that meet the expectations of both operational and senior management.

Question # 42

Which of the following are key characteristics of enterprise risk management?1. It considers risk in the formulation of strategy.2. It applies risk management in some units of an entity.3. It takes a portfolio view of risks throughout the enterprise.4. It restricts the organization's ability to seize opportunities inherent in future events.

A. 2 and 3 only  
B. 1 and 3 only  
C. 2 and 4 only  
D. 1 and 4 only  

Question # 43

An internal auditor has completed an audit of an organization's activities and is ready to issue a report. However, the client disagrees with the internal auditor's conclusions. The auditor should:

A. Withhold the issuance of the audit report until agreement on the issues is obtained.
B. Issue the audit report and state both the auditor and client positions and the reasons for the disagreement.
C. Issue the audit report and omit the client's conclusion as it is not the opinion of the internal auditor.
D. Perform additional work, with the client's concurrence, to resolve the areas of disagreement and delay the issuance of the report until an agreement is reached.

Question # 44

According to IIA guidance, which of the following strategies would be the least effective in helping a chief audit executive build a stronger relationship with the board?

A. Consider formality and tone of communications to ensure they are appropriate.  
B. Minimize instances of ad hoc communications with board members.  
C. Consider the possible repercussions created by commentary on deficiencies.  
D. Avoid making presumptuous comments without sufficient facts.  

Question # 45

As part of a preliminary survey of the purchasing function, an internal auditor reads the department's policies and procedures manual and concludes that the manual describes the processing steps clearly and contains an appropriate internal control design. The next engagement objective is to evaluate the operating effectiveness of internal controls. Which procedure would fulfill this objective most effectively?

A. Perform a design test.
B. Perform a compliance test.
C. Perform a systems test.
D. Perform an efficiency test.

Question # 46

According to the Standards, which of the following describes the condition attribute when applied to the observations and recommendations contained in the audit report?

A. The standards, measures, or expectations used in making an evaluation or verification.
B. The reason for the difference between the expected state and the actual state.
C. The factual evidence that the internal auditor found in the course of the examination.
D. The risk or exposure the organization encounters because the actual state is not consistent with the criteria.

Question # 47

Management has asked the internal audit activity to perform an operational audit of a division that recently reported an increase in expenditures in addition to a decrease in profits. However, existing internal audit resources are currently engaged in a legal compliance audit. Which factor would be considered least important in deciding whether resources should be removed from the legal compliance audit to the operational audit?

A. The increase in expenditures at the division over the past year. 
B. The probability that the legal compliance audit will detect fraud. 
C. The results of the external auditor's most recent financial audit. 
D. The potential for regulatory fines associated with the legal compliance audit. 

Question # 48

Inadequate risk assessment would have the strongest negative impact in which of the following phases of an audit engagement?

A. Determining the scope.
B. Reviewing internal controls.
C. Testing.
D. Evaluating findings.

Question # 49

Which of the following examples of audit evidence is the most persuasive?

A. Real estate deeds, which were properly recorded with a government agency. 
B. Canceled checks written by the treasurer and returned from a bank. 
C. Time cards for employees, which are stored by a manager. 
D. Vendor invoices filed by the accounting department. 

Question # 50

An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels. A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of $1 million. The chief audit executive (CAE) would be justified in reporting this situation to the organization's board iF.I. In the opinion of the CAE, the level of residual risk assumed by senior management is too high.II. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales.III. The cost of modifying the sales system to include a preventive control is less than $100,000.

A. I only
B. III only
C. I and III only
D. I, II, and III

Question # 51

A code of business conduct provides: 

A. A fraud avoidance plan that does not explicitly describe punishments for violations. 
B. A passive method of fraud deterrence. 
C. A program to anonymously report irregularities to authorities. 
D. An alternative to "tone at the top" programs. 

Question # 52

In a payroll audit, a staff auditor suspects that signatures on some of the documents being sampled for examination are not authentic. What action should the auditor take before proceeding with the examination?

A. Suggest to the payroll manager that the suspicious documents should be sent to the organization's security department for forensic review. 
B. Keep the suspicious documents in the workpaper file until the end of the engagement, and then discuss the suspicions with the payroll manager. 
C. Discuss the suspicious documents with payroll staff to seek their views on the authenticity of the signatures. 
D. Review the suspicious documents with the chief audit executive and seek advice concerning further examination. 

Question # 53

According to the International Professional Practices Framework, which of the following would not be considered when performing an initial risk assessment in engagement planning? 

A. The reliability of management’s assessment of risk.  
B. Management’s process for monitoring, reporting, and resolving risk issues.  
C. Management's methodology for defining risk criteria.  
D. Risks in related activities relevant to the activity under review.  

Question # 54

Which of the following is an advantage of an interim report?I.An interim report provides timely feedback to the audit engagement client.II.An interim report provides a mechanism for communicating information on red flags promptly while they are being investigated.III.An interim report provides an opportunity for auditor follow-up of findings before the engagement is completed.IV.An interim report increases the probability that corrective action will be initiated more quickly.

A. I and IV only
B. II and III o
C. I, III, and IV only 
D. I, II, III, and IV. 

Question # 55

Which role is not considered a change agent when an organization wants to implement structural changes?

A. Senior management.
B. Line management.
C. Independent consultant.
D. Shareholder.

Question # 56

According to the International Professional Practices Framework, which of the following is not an objective of the exit conference?

A. Receive client feedback and clarification.  
B. Review audit recommendations.  
C. Plan future engagements.  
D. Resolve disagreements.  

Question # 57

Information gathered in a forensic investigation of business fraud is usually gathered with which of the following standards in mind? 

A. Generally Accepted Auditing Standards. 
B. Generally Accepted Accounting Principles. 
C. The International Professional Practices Framework. 
D. Legal evidence. 

Question # 58

During a payroll audit of a large organization, an internal auditor noted that the assistant personnel director is responsible for many aspects of the computerized payroll system, including adding new employees in the system; entering direct-deposit information for employees; approving and entering all payroll changes; and providing training for system users. After discussions with the director of personnel, the auditor concluded that the director was not comfortable dealing with information technology issues and felt obliged to support all actions taken by the assistant director. The auditor should:

A. Continue to follow the engagement program because the engagement scope and objectives have already been discussed with management.
B. Review the engagement program to ensure testing of direct deposits to employee bank accounts is adequately covered.
C. Recommend to the chief audit executive that a fraud investigation be started.
D. Test a sample of payroll changes to ensure that they were approved by the assistant director before being processed.

Question # 59

Management requested the chief audit executive (CAE) to include an audit of the organization's health and safety program in next year's annual audit plan. However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?

A. With management's agreement, amend the scope of the audit to ensure that areas examined do not require specialized knowledge and expertise
B. Meet with management to explain that the audit cannot be undertaken and discuss alternative strategies that can be implemented until internal audit can develop its capability in the area
C. Accept the request provided management has conducted a thorough risk assessment prior to the engagement to help guide the audit. 
D. Advise management that compliance audits of this type should only be conducted by the corresponding regulatory agency to ensure independence. 

Question # 60

Which of the following is the correct ratio to use in calculating the dollar value of the population if the auditor is using ratio estimationNumber of ItemsAudited ValueCarrying AmountSample300$500,000$480,000Population3,000$5,000,000

A. 0.10 
B. 0.96 
C. 1.04 
D. 10.00  

Question # 61

Which of the following situations justifies the release of an interim report to managementand the board?• The internal auditor is convinced that the audit observations require immediate attention.• The internal auditor would like to communicate a change in engagement scope for theactivity under review.• The internal auditor notes that the engagement may extend over a longer time period.• The audit supervisor believes that issuing interim reports eases supervisory review andcontrols over working papers.

A. 1 and 3 only  
B. 2 and 3 only  
C. 1, 2, and 3 only  
D. 2, 3, and 4 only  

Question # 62

An organization's policies allow buyers to authorize expenditures up to $50,000 without any other approval. Which of the following audit procedures would be most effective in determining if fraud in the form of payments to fictitious companies has occurred?

A. Use generalized audit software to list all purchases over $50,000 to determine whether they were properly approved.
B. Develop a snapshot technique to trace all transactions by suspected buyers.
C. Use generalized audit software to take a random sample of all expenditures under $50,000 to determine whether they were properly approved.
D. Use generalized audit software to select a sample of paid invoices to new vendors and examine evidence that shows that services or goods were received.

Question # 63

Confirmation would be most effective in addressing the existence assertion for:

A. The addition of a milling machine to a machine shop.
B. Sales of merchandise during the regular course of business.
C. Inventory held on consignment.
D. The granting of a patent for a special process developed by the organization.

Question # 64

The internal auditor's opinion in terms of due professional care should be: 

A. Limited to the effectiveness of internal controls. 
B. Expressed only when consensus with top management has been achieved. 
C. Based on experience and free of all bias. 
D. Based on sufficient factual evidence. 

Question # 65

In response to an audit finding, senior management informed the auditor that the issue would be investigated and resolved when time permitted. According to the International Professional Practices Framework, this action was not acceptable because:  

A. The appropriate level of management was not involved in the review and resolution of the issue
B. Responses should include sufficient information to evaluate the adequacy and timeliness of corrective action. 
C. The board had not reviewed management's responses to the engagement observations and recommendations. 
D. Other departments should have been contacted to determine if they shared responsibility for corrective action. 

Question # 66

The best method for assessing the relative importance of risk factors is to: 

A. Change the rating of the factors from a 1-3 scale to a 1-5 scale. 
B. Assign weights to the factors based on the comparative impact. 
C. List the risk factors in a priority order. D. Use data from an independent source. 

Question # 67

According to IIA guidance, which of the following are acceptable strategies for an internal audit activity (IAA) to establish or build relationships?

A. Assist executives with their administrative and governance responsibilities, and encourage all IAA members to develop relationships with the organization's executives.
B. Assist executives with their administrative and governance responsibilities, and ensure that all communications with the board are formal audit reports or preset agendas.
C. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and encourage all IAA members to develop relationships with the organization's executives.
D. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and ensure that all communications with the board are formal audit reports or preset agendas.

Question # 68

When interviewing an individual in relation to a fraud investigation, which course of action should the internal auditor follow? 

A. Assure the individual that the results of the interview will remain confidential. 
B. Establish a rapport with the subject to encourage openness. 
C. Discontinue questioning once the individual has confessed to the fraud. 
D. Refrain from deviating from the list of questions prepared before the interview.

Question # 69

With which of the following would the internal audit activity discuss findings, conclusions and recommendations prior to issuance of internal audit report?1. Business unit management. 2. Chief audit executive. 3. Audit committee. 4. Chief executive officer.  

A. 1 and 2 only 
B. 1 and 3 only 
C. 2 and 3 only 
D. 1, 2, 3, and 4 

Question # 70

Which of the following is an effective way for an internal auditor to improve communications with the client during a contentious audit? 

A. Encourage the client to participate as a partner in the decision-making process to determine the changes that need to be made. 
B. Clearly explain to the client the role of the internal audit activity in the change process. 
C. Obtain the support of the board of directors for proposed changes before discussing the changes with operating management. 
D. Speak privately with key client personnel immediately after proposed changes are announced to address their concerns. 

Question # 71

Which of the following audit planning activities adds the least value in understanding the current risk exposures facing the corporation? 

A. Review of organizational strategic plans and operational plans. 
B. Consultation with senior management and the audit committee. 
C. Review of the external auditor's risk assessment. 
D. Review of corporate performance reporting and benchmarking. 

Question # 72

The internal audit activity performs the following sequence of risk management activities: identification, analysis, and evaluation. According to IIA guidance, which of the following assurance approaches does this describe?

A. Process elements approach.
B. Enterprise-wide risk management approach.
C. Key principles approach.
D. Maturity model approach.