Which of the following is the most important limitation on the effectiveness of audit committees?
A. Audit committees may be composed of independent directors; however, those directors may have close personal and professional friendships with management.
B. Audit committee members are compensated by the organization and thus favor a stockholder view.
C. Audit committees devote most of their efforts to external audit concerns and do not pay much attention to internal auditing and the overall control environment.
D. Audit committee members do not normally have degrees in the accounting or auditing fields.
The primary role of the internal audit activity in regard to an organization's ethical climate is to:
A. Participate as chief ethics officer.
B. Periodically assess the ethical climate.
C. Utilize surveys to evaluate employee ethics.
D. Demonstrate ethical behavior.
A chief audit executive (CAE) is obtaining information required by a regulatory oversight body and discovers a situation that requires management to take immediate corrective action. What is the best course of action for the CAE to take?
A. Wait until all of the information has been gathered and reported to the oversight body before reporting the situation to management.
B. Check with legal counsel to determine whether the situation can be reported to management before all information has been submitted to the oversight body.
C. Report the situation to management immediately.
D. Schedule an engagement to explore the situation in depth, before reporting to either management or the oversight body.
Which of the following statements, if true, could justify an auditor's decision not to report governance-related control deficiencies to the audit committee?
A. Management plans to initiate corrective action.
B. The board of directors has a separate corporate governance committee.
C. The amounts and the potential risks associated with the deficiencies are not material to the overall organization.
D. Governance issues are complex and the auditor should rely on management's analysis of the extent of the problem.
According to the International Professional Practices Framework, a primary purpose of evaluating the adequacy of an organization's risk management, control, and governance processes is to determine if it:
A. Was designed to ensure compliance with policies, plans, procedures, laws, and regulations.
B. Provides reasonable assurance that the organization's objectives will be met.
C. Mitigates inherent risk.
D. Assures the reliability and integrity of information used by management.
In addition to data protection, which of the following is a control that is typically used by companies to safeguard the privacy rights of their customers?
I. End-user computing.
II. Encryption of data.
III. Spyware.
IV.
Intrusion detection.
A.
II only
B.
I and III only
C.
II and IV only
D.
I, II, and IV only
A company has established its environmental audit activity as part of its legal department rather than part of its internal audit activity, which reports to the audit committee. The board has requested that the chief audit executive (CAE) provide an annual opinion on whether environmental risks are being properly addressed. In these circumstances, the CAE should recommend to the audit committee that the internal audit activity:
A. Review the recommendations in all environmental audit reports.
B. Discuss with the environmental auditors the results of their reviews.
C. Periodically carry out a quality assessment of the environmental audit activity.
D. Include a review of environmental issues in some internal audit engagements.
Which statement most accurately describes how criteria are established for use by internal auditors in determining whether goals and objectives have been accomplished?
A. Management is responsible for establishing the criteria.
B. Internal auditors should use professional standards or government regulations to establish the criteria.
C. The industry in which a company operates establishes criteria for each member company through benchmarks and best practices for that industry.
D. Appropriate accounting or auditing standards, including international standards, should be used as the criteria.
An internal audit activity encounters a scope limitation from senior management that will affect its ability to meet its goals and objectives for a potential engagement client. The nature of the scope limitation should be.
A. Noted in the audit workpapers, but the engagement should be carried out as scheduled, with any necessary adjustments made based on the scope limitation.
B. Communicated to the external auditors so that they can investigate the area in more detail.
C. Communicated, preferably in writing, to the board.
D. Communicated to management, stating that the limitation will not be accepted because it would impair the audit activity's independence.
A major difference between enterprise risk management and traditional risk management lies in the narrow focus of traditional risk management on:
I. Property and liability risks.
II. Risks with insurance solutions.
III.
Risks impacting organizational objectives.
A.
I and II only
B.
I and III only
C.
II and III only
D.
I, II, and III.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IIA-CIA-PART1 exam preparations and IIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.