The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?
A. It minimizes the amount of time spent and cost incurred to gather the necessary information.
B. Responses can be confidential, thus encouraging participants to be candid expressing their concerns.
C. Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.
D. Workshop participants have an opportunity to learn while contributing ideas toward the objectives.
Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?
1.
Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.
2.
Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.
3.
Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.
4.
Communicate to senior management a summary report on the status and adequacy of audit resources.
A. 1 and 3 only
B. 2 and 4 only
C. 1, 2, and 4
D. 2, 3, and 4
A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?
A. Operational management, because they are responsible for the day-to-day management of the operational risks.
B. The CRO, because he is responsible for coordinating and project managing risk activities based on his specialized skills and knowledge.
C. The chief audit executive, although he is not accountable for risk management in the organization.
D. The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed tolerance limits set by the board.
The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1.
Use an external service provider.
2.
Conduct a self-assessment with independent validation.
3.
Arrange for a review by qualified employees outside of the IAA.
4.
Arrange for reciprocal peer review with another CAE.
A. 1 and 2
B. 2 and 4
C. 1, 2, and 3
D. 2, 3, and 4
According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?
A. The organization's audit universe is extensive and diverse.
B. There has been an increase in unanticipated requests for advisory work.
C. Previous work provided by the external service provider has been of great quality and value.
D. A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.
According to IIA guidance, which of the following strategies would add the least value to the achievement of the internal audit activity's (IAA's) objectives?
A. Align organizational activities to internal audit activities and measure according to the approved IAA performance measures.
B. Establish a periodic review of monitoring and reporting processes to help ensure relevant IAA reporting.
C. Use the results of IAA engagement and advisory reporting to guide current and future internal audit activities.
D. Establish a format and frequency for IAA reporting that is appropriate and aligns with the organization's governance structure.
During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?
A. The auditor must not perform the training, because any task to improve the business process could impact audit independence.
B. The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.
C. The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.
D. The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.
A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1.
Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2.
Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3.
Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet
based sales process and key controls.
4.
Include the incident in the next quarterly report to the audit committee.
A. 1 and 2
B. 1 and 3
C. 2 and 4
D. 3 and 4
An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?
A. Inform the audit supervisor.
B. Investigate the potential conflict of interest.
C. Inform the external auditors of the potential conflict of interest.
D. Disregard the potential conflict, because it is outside the scope of the audit assignment.
While conducting an audit of a third party's Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?
1.
Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
2.
Evaluate the adequacy and effectiveness of the corrective action proposed by management.
3.
Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
4.
Submit management's plan of action to the external auditors for additional review.
A. 1 and 2
B. 1 and 4
C. 2 and 3
D. 3 and 4
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IIA-CIA-PART2 exam preparations and IIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.