IIA-CIA-Part1 Essentials of Internal Auditing Questions and Answers

Knowledge’s kills gap

Monitoring gap

Accountability/reward failure

Communication failure

Staffing audit engagements with internal auditors who possess professional designations.

Relying on prior audit work to save planning time and costs.

Performing assurance procedures to guarantee all significant risks are identified.

Assessing the cost of assurance in relation to the potential benefits.

Testing an entire population, even when a sample would suffice

Using technology and data analysis techniques for efficiency

Enhancing knowledge, skills, and other competencies through professional development

Establishing audit objectives, performing audit tests, and implementing missing controls

An auditor attempts to obtain information needed to complete an assurance engagement but is denied access.

The appointment of the chief audit executive is ratified by the board.

An auditor demonstrates a good understanding of the steps involved in carrying out a consulting engagement.

The internal audit resource plan is only approved by the chief financial officer.

Stakeholders

The board

The chief executive officer

Internal auditors

Coordinate control activities.

Provide direction.

Design key controls.

Deliver assurance.

An independent third party has assessed the organization's system of internal controls to be adequate and effective.

The chief audit executive reports both functionally and administratively to the CEO.

The internal audit charter is drafted properly and approved by the appropriate parties.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

The OAIP should be conducted at least once every three years, and must be performed by an external assessor.

The OAIP should be conducted on an ongoing basis, and can be completed as a self-assessment,

he QAIP should include both internal assessments performed by staff and external assessments performed by independent, objective individuals

The OAIP should be performed with scoping limitations established by the board.

Integrity

Proficiency

Due Professional Care

Competency

To achieve planned profitability for business expansion.

To enhance an organization's confidence in achieving strategy.

To strengthen corporate governance standards.

To eliminate business risks and uncertainties.

Assign the new auditor to assist with conducting the fieldwork. but ensure that her work is reviewed by the CAE.

Assign the new auditor to assist with developing the audit program, but ensure that the audit program is executed by other audit staff.

Ensure that the new auditor's previous manager, and other close former coworkers, are excused during the audit.

Ensure that the new auditor is responsible only for the supervisory review, but not the execution of the audit field work.

Ongoing monitoring results

Periodic management assessment results

Annual risk assessment results

Internal auditors' training evaluation results

Accountability risk.

Communication risk.

Knowledge risk.

Cultural risk.

Disregard the complaints because the information isn't reliable and isn't sufficient to support engagement conclusions and results.

Consider the significance of the risks related to the complaints and develop appropriate assurance procedures in work programs.

Disregard the complaints because using them would violate the confidentiality principle.

Discuss management's needs and expectations related to including the complaints in the audit scope.

Description of internal audit activity's responsibilities

Definition of internal auditing

Statement of internal audit activity's authority

Description of internal audit activity's reporting structure

The CAE's actions are likely to impair the Independence of the internal audit activity.

The CAE acted appropriately, and the independence of the internal audit activity was not impaired.

The CAE should have developed the audit plan without outside influence to maintain objectivity.

The CAE acted appropriately, as he has authority to determine who reviews and approves the audit plan.

Consulting engagements typically involve four or five parties: the internal audit activity, engagement client, senior management, board, and sometimes the external auditor.

The scope of a consulting engagement is determined by either the engagement supervisor or chief audit executive, and it is finalized prior to beginning fieldwork.

According to the Standards, internal auditors are permitted to carry out certain management functions during a consulting engagement.

A preliminary risk assessment may not be needed for consulting engagements, because the expectations and objectives of the engagement are determined by the engagement client.

Risk avoidance

Risk reduction

Risk acceptance

Risk sharing

Supervisors are likely to reduce their level of supervision and increase span of control.

Employees are likely to be supervised closely and given little freedom.

Peer employees are likely to trust one another, but distrust management.

Employees are likely to join forces to accomplish their duties as teams.

The initial review of workpapers should be conducted after the final engagement report is issued.

Independent internal assessments of the internal audit activity should be performed by entry-level staff as part of on-the-job training.

Internal audit staff should be informed regularly of changes to policies and procedures.

Training documents should be destroyed at the end of the year to create space for the next year's training documents.

Internal audit authority.

Internal audit reporting structure.

Internal audit independence and objectivity.

Internal audit interaction with the board

An employee receives a bonus for perfect attendance

During the past 18 months three chief financial officers have left the organization after having been promoted to the position

The organization does not perform any due diligence research on third party service providers

Three competitors are highly profitable but a fourth equal in size is approaching bankruptcy limits

The auditor should consider local cultures and customs in various regions when assessing control effectiveness.

Regardless of their location, employees at all levels share responsibility for designing effective controls to mitigate risks.

To achieve an effective internal control environment, the organization's risk management plan must be documented and communicated to all levels throughout each region.

Setting clear objectives is a precondition to effectively identifying, assessing, and responding to the organization's risks.

Support of good governance and controls.

Enhancement of organizational value.

Protection of tangible and intangible assets.

Provision of professional advisory and assurance services.

Determining whether management measures and monitors the costs and benefits of controls.

Providing training on controls and ongoing self-monitoring processes.

Developing flowcharts to obtain information about control design adequacy.

Identifying objectives and the risks involved in achieving them.

Auditors shall observe the law and make disclosures expected by the law and the profession

Auditors shall disclose all material facts known to them that if not disclosed may distort the reporting of activities under review

Auditors shall engage only in those services for which they have the necessary knowledge skills and experience

Auditors shall be prudent in the use and protection of information acquired in the course of their duties

Communicating to internal audit staff instructions for completing engagements within shorter time periods.

Requesting additional funding from the board to train internal audit staff on time and resource management.

Implementing the use of agile auditing during engagements to meet expectations.

Encouraging internal audit staff to participate in workshops to further develop their understanding of the organization's strategies.

Inherent risk.

Residual risk.

Impact risk.

Detection risk.

A request to develop workshops on corporate governance for management.

A request to act as liaison with external auditors.

A request to determine appropriate risk management responses for management.

A request to provide counseling services on ethical matters.

Compare vendor addresses to employee addresses.

Match cancelled checks to invoices.

Search for duplicate payment amounts.

Check employee bank records against invoice amounts.

Proceed with addressing the error and report any corrections to the engagement supervisor during the scheduled exit meeting

Issue the audit report to senior management on schedule but include a disclaimer about the error

Proceed with the scheduled closing of the engagement without consideration of the identified error

Inform the engagement supervisor of the error and allow the supervisor to determine the appropriate action to take