An internal auditor is testing, on a sample basis, whether invoices paid between January 1 and December 31 are supported by appropriately approved purchase orders. Over 25, 000 invoices were paid during the fiscal year, which runs from the first of April to the end of March. The auditor sets the acceptable risk of assessing control risk too low at 5% and the tolerable deviation rate at 5%. The internal auditor consults the previous audit and sets the expected population deviation rate at 1%. Sample size (77) is selected from a table and rounded up to 80. No sample deviations were found. The upper deviation limit was 3.7%.
Which of the following statements represents a valid conclusion regarding this information?
A. I am 95% confident that the true, but unknown, population deviation rate is less than or equal to 3.7%. Results indicated that the sample size was too small, as no sample deviations were found.
B. I am 95% confident that the actual population deviation rate is 3.7%. Since this is less than the tolerable deviation rate, quantitative attribute testing results indicate that the control is effective.
C. I am 95% confident that the true, but unknown, population deviation rate is less than or equal to 3.7%. The quantitative attribute testing results indicate that the control is effective.
D. I am 95% confident that the true, but unknown, population deviation rate is less than or equal to 3.7%. The quantitative attribute testing results indicate that the control is not effective.
Which of the following is not part of the five-attribute approach to developing documentation for an audit observation?
A. Condition.
B. Effect.
C. Management response.
D. Recommendation.
Which of the following types of information would an internal auditor expect to find in the supporting documentation for a high-level accounts payable process flowchart?
A. A copy of the new customer request form.
B. An overview of the steps for validating invoices.
C. The number of payments paid before the due date of the invoice.
D. The payment terms and credit limit of the vendor to be paid.
During the planning phase of an audit, an internal auditor preliminarily concluded that the controls for a process were adequately designed to manage the associated risk. Under what conditions might this preliminary assessment subsequently prove to be unreliable?
A. Compensating controls from other processes were not present.
B. Redundant controls are not in place to enhance well designed controls.
C. Entity level controls are informal and not consistently enforced.
D. Process controls were not developed from an existing key control checklist.
An internal auditor obtains spreadsheets created by the finance department of an organization. The internal auditor contacts a third party about the source data that was utilized to create the spreadsheets before going on to perform a ratio analysis and a comparison of budget versus actual data. What is the most likely reason that the internal auditor involved a third party before performing further analysis?
A. To determine if a later re-performance for testing mechanical accuracy would be possible.
B. To confirm that the spreadsheets could be used as a source of analytic data.
C. To determine what future usage limitations the spreadsheets might have.
D. To obtain a reliable verification about the accuracy of the source data.
An internal auditor is preparing a draft observation based on her assessment of an accounts payable process. Which of the following is a process recommendation?
A. Authorization policy for accounts payable was not followed for payments above $10, 000.
B. Authorization policy requires two levels of approval for all payments above $10, 000.
C. Because of non-compliance with authorization policy, inappropriate payments may be made for payments above $10, 000.
D. The accounts payable authorization actions for all payments should be automated.
A senior manager asks the chief audit executive (CAE) to explain why statistical sampling is the best method to use in conducting an internal audit. Which advantages should the CAE point to in order to justify the internal audit activity's (IAA) use of statistical sampling?
A. Statistical sampling sets limits on resources used for the IAA, allows for a subjective interpretation of the IAA's sampling results, and supports The Institute of Internal Auditors' requirements for using questionnaires as a sampling tool.
B. Statistical sampling allows for evaluation of all organizational data at once, increases the likelihood that risks are immediately identified, and does not require a level of tolerable misstatement or margin of error.
C. Statistical sampling allows for the selection of a minimum sample size, provides a quantitative expression of the IAA's sampling results, and supports extrapolation.
D. Statistical sampling itself identifies root causes of issues, utilizes a qualitative method for analyzing results, and supports engagement objectives through the use of external benchmarking.
An employee is more likely to commit fraud if which of the following red flags are present?
1.
The employee believes that he is being underpaid and deserves a higher salary.
2.
The employee is close to retirement and has expressed a desire to take an expensive trip around the world.
3.
The employee has personal financial problems and seems very unhappy.
4.
The employee is spending much more time at the office than usual and has been asking about opportunities for professional advancement.
A. 1 and 2 only
B. 1 and 3 only
C. 3 and 4 only
D. 2 and 4 only
Which domain of the COBIT framework addresses the maintenance and change management of existing systems to ensure alignment with business needs and objectives?
A. Plan and organize.
B. Deliver and support.
C. Monitor and evaluate.
D. Acquire and implement.
According to IIA guidance, which of the following risk management process evaluation findings would the internal audit activity consider most effective?
A. Relevant risk information is captured and communicated in a periodic manner to management.
B. Risk management processes are monitored through an annual assessment.
C. Risk responses align with the organization's risk appetite.
D. Strategic risks with low residual values are continuously monitored.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IIA-CIA-PART1 exam preparations and IIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.