IIA-CIA-Part2 Practice of Internal Auditing Questions and Answers

Controls that ensure that grid connection design is finalized before construction is approved to begin

Controls that ensure construction orders are initiated after the second invoice is paid

Controls that ensure all three invoices are calculated correctly according to the total project cost

Controls that ensure that applications are verified for approval prior to initiating design and construction

The financial interest the service provider may have in the organization.

The relationship the service provider may have had with the organization or the activities being reviewed.

Compensation or other incentives that may be applicable to the service provider.

The service provider's experience in the type of work being considered.

There is no risk management and control process and risk management is solely tie responsibility of operational managers

The organisation’s code of conduct is distributed to employees each year however employees are not required to attest that they will operate In compliance with the code.

Reconciliation of planned board meeting agendas to meeting minutes finds that one meeting was canceled, and the agenda topics were covered at the following meeting.

The review of the five-year strategic plan shows that the details of the plan have not been dearly communicated to employees throughout the organization

Retention requirements for internal audit records should be compliant with ones set for external audit records

Retention requirements should take into account the medium in which internal audit records are stored

Retention requirements should be set by the chief audit executive and aligned will the organization s process and procedures

Retention requirements should set a minimum period of the for records storage and the process of archiving documents

Assert whether the described and reported control processes and systems exist.

Assess whether senior management adequately supports and promotes the internal control culture described in the report.

Evaluate the completeness of the report and management's responses to identified deficiencies.

Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.

Ratio analysis

Trend analysis

Vertical analysis

Benchmarking analysis

1 only

3 only

1 and 3 only

1, 2, and3

Create a tracking system for follow up

Ensure that follow-up activities are performed at least weekly.

Delegate follow-up activities to qualified administrative staff within the business unit

Ensure that follow-up activities are performed by the most senior auditor on staff

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Percentage of recommendations implemented by corrective action date

Staff experience

Percentage of planned audits completed

Conformance with the International Professional Practices Framework

1 and 2

1 and 4

2 and 3

3 and 4

Integrity.

Flexibility.

Initiative.

Curiosity.

1 and 3 only

2 and 4 only

1, 3, and 4 only

1, 2, 3, and 4

The CAE would automatically sand a copy of the report to the service provider as many of the findings relate to Via area managed by the service provider

The CAE may distribute the report to tie service provider at no cost, after consulting with legal counsel and tie chief compliance officer

The CAE may provide a copy of the audit report to the service provider If an agreement & signed and the service provider agrees to reimburse the cost of the audit

D, The CAE should benchmark with other organization in the industry by consorting with colleagues and distribute the report only I it is an acceptable practice m the industry

Sampling risk.

Audit risk.

Residual risk.

Inherent risk

Scheme.

Opportunity.

Rationalization.

Pressure.

The work program provides more detailed support for the audit report

The work program helps determined the required amount of audit resources

The work program helps ensure tie achievement of the engagement objectives

The work program assists the auditor n developing and managing audit tests

To save time during final report writing

To meet the Standards requirement for developing a draft report prior to issuing a final report

To use as a tool for communicating with management of the area under review.

To require that management implements solutions to issues identified during the engagement

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

The engagement team should include internal auditors who have expertise in investigating vendor fraud

The engagement team should be composed of certified accountants who are proficient In financial statement analysis and local accounting principles

To preserve independence and objectivity, an auditor who worked for the vendor two years prior may not participate on the engagement team

The engagement team may include an auditor who lacks knowledge of the industry in which the vendor operates

Internal control questionnaires are useful m evaluating the effectiveness of standard operating procedures

internal control questionnaires provide reliable documents allowing internal auditors to cover many control procedures in little time

Internal control questionnaires can be used by internal auditors as an interview guide

Internal control questionnaires provide direct audit evidence which may need corroboration

Express an opinion on the participants' inputs and conclusions as the assessment progresses.

Provide appropriate techniques and guidelines on how the exercise should be undertaken.

Evaluate and report on all issues that may be uncovered during the exercise.

Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.

Limited resources should be employed since the actual engagement is already completed and the onus of corrective actions rests with management

No resources should be exclusively deployed for that at all rather it should be planned as part of future engagements in the same area

Resources should only be provided towards this if doing so does not result in depletion of resources for new engagements planned in the current period

Resources should be allocated to this without conditions as long as doing so meets the expectations of management and the judgment of the chief audit executive.

Process objectives

Process risks

Process controls

Process scope

Defer the engagement until a system of internal control has been established

Change the scheduled engagement from assurance to consulting to help correct the shortcomings

Add a consulting component to the already scheduled assurance engagement

Seek the involvement of the external auditor to assist with improving the internal controls

Reliable information is factual adequate, and convincing so that a prudent informed person would reach the same conclusions as the internal auditor

Reliable information is the best attainable information through the use of appropriate engagement techniques

Reliable information supports engagement observations and recommendations and is consistent with the objectives for the engagement

Reliable information helps the organization and the internal audit activity meet its goals

Informal, soft controls are omitted, and greater focus is placed on hard controls.

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

Internal auditors become involved in and knowledgeable about the self-assessment process.

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

A completed engagement workpaper review checklist.

The supervisor's review notes on engagement workpapers.

The email exchanges between the audit team and the supervisor.

A supervisor's approval of resources allocated to the engagement

1 and 2

1 and 3 only

2 and 4

1, 3, and 4

Improper segregation of duties.

Incentives and bonus programs.

An employee's reported concerns.

Lack of an ethics policy.

Inform the audit supervisor.

Investigate the potential conflict of interest.

Inform the external auditors of the potential conflict of interest.

Disregard the potential conflict, because it is outside the scope of the audit assignment.

Stop-or-go sampling

Probability to proportional size sampling

Classical variable sampling

Discovery sampling

Previous performance of the subsidiary specifically its financial results over the last three years and the outcome of external audit reviews

The results of previous internal audits of the subsidiary the recommendations provided and whether the recommended actions have been implemented

Organizational strategy objectives, risks, control framework and the expectations of stakeholders regarding the audit

The qualifications and competencies of the subsidiary's management team and their understanding of risk and control

Criteria.

Effect

Condition

Cause

The organization's audit universe is extensive and diverse.

There has been an increase in unanticipated requests for advisory work.

Previous work provided by the external service provider has been of great quality and value.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

The CAE can release prior internal audit reports with the approval of the board and senior management.

The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

The CAE can release prior information provided it is as originally published and distributed within the organization.

Board of directors

External auditors

Chief audit executive

Senior management

Audit criteria should be consistent across audit assignments.

Audit criteria should represent reasonable standards against which to assess existing conditions.

Audit criteria should provide flexibility but allow identification of nonadherence.

Audit criteria should equate to good or acceptable management practices.

The employee’s name listed on organization’s payroll is compared to the personnel records.

Payroll time sheets are reviewed and approved by the timekeeper before processing.

Employee access to the payroll database is deactivated immediately upon termination.

Changes to payroll are validated by the personnel department before being processed.

The criteria used to make the evaluation

The methodology used to analyze data

The proposed follow-up engagement work to be performed

The scope of work performed during the engagement

The CAE should accept the engagement and ensure that an explanation of the expertise limitations is included in the final audit report.

The CAE should ask management to hire an external expert who is familiar with the industry to perform an independent audit for management

The CAE should accept the engagement and hire an external expert to assist the audit team with the audit of the subsidiary

The CAE should recommend postponing the engagement until the internal audit team is able to develop sufficient knowledge of the new industry

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

To build good relations with management

To help management develop more responsive and timely action plans

To formally report medium- and high-risk observations in writing

To improve the internal audit key performance indicators

It enables the auditor to identify the inherent risks to the effective operation of accounts payable process controls.

It enables the auditor to understand the framework of the activities and associated accounts payable subprocesses

it enables the auditor to understand the accounts payable process and its flow, including key steps and systems.

It enables the auditor to categorize the population of transactions within the accounts payable process

Operational audit

Compliance and financial audit

Performance audit

Quality audit

The CAE should send the final report to operational and senior management and the audit committee.

The CAE should send the final report to operational management only, as there is no need to communicate this information to higher levels.

The CAE should notify operational and senior management that the audit engagement was completed with no significant findings to report.

The CAE should send the final report to operational management and notify senior management and the audit committee that no significant findings were identified.

Determine which controls if any are in place to mitigate the fraud risks

Follow protocol for internal reporting and investigating fraud allegations

Research frauds that nave occurred t\ similar organizations

Incorporate the fraud risk assessment into the engagement plan

Opportunity.

Rationalization.

Pressure.

Incentives.

Cause and effect.

Effect and criteria

Condition and cause

Criteria and condition.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

All completed training costs, and the cost of actual production hours completed to date.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

All completed training costs, and 50% of the contracted production costs.

The observation was made during the same audit, and the action plan has a common owner.

The observation relates to the same control activity within a common process.

The observation has a common control, and it was noted in a prior audit.

The observation has a common process, and the action plan for the observation has a common owner.