IIA IIA Certifications IIA-CIA-PART2 Questions & Answers

• Question 171:

  Which of the following should be included in a privacy audit engagement?

  1.

  Assess the appropriateness of the information gathered.

  2.

  Review the methods used to collect information.

  3.

  Consider whether the information collected is in compliance with applicable laws.

  4.

  Determine how the information is stored.

  A. 1 and 3 only

  B. 2 and 4 only

  C. 1, 3, and 4 only

  D. 1, 2, 3, and 4

  Correct Answer: D

• Question 172:

  According to IIA guidance, which of the following statements are true regarding the internal audit plan?

  1.

  The audit plan is based on an assessment of risks to the organization.

  2.

  The audit plan is designed to determine the effectiveness of the organization's risk management process.

  3.

  The audit plan is developed by senior management of the organization.

  4.

  The audit plan is aligned with the organization's goals.

  A. 1 and 2 only

  B. 3 and 4 only

  C. 1, 2, and 4

  D. 1, 3, and 4

  Correct Answer: C

• Question 173:

  An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: B

• Question 174:

  The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?

  A. Coach management in responding to risks.

  B. Develop risk management strategies for board approval.

  C. Facilitate identification and evaluation of risks.

  D. Evaluate risk management processes.

  Correct Answer: D

• Question 175:

  New environmental regulations require the board to certify that the organization's reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization's compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?

  A. The audit committee of the board.

  B. The environmental, health, and safety manager.

  C. The organization's external environmental lawyers.

  D. The organization's insurance department.

  Correct Answer: B

• Question 176:

  A code of business conduct should include which of the following to increase its deterrent effect?

  1.

  Appropriate descriptions of penalties for misconduct.

  2.

  A notification that code of conduct violations may lead to criminal prosecution.

  3.

  A description of violations that injure the interests of the employer.

  4.

  A list of employees covered by the code of conduct.

  A. 1 and 2

  B. 1 and 3

  C. 2 and 4

  D. 3 and 4

  Correct Answer: A

• Question 177:

  Which of the following is not an outcome of control self-assessment?

  A. Informal, soft controls are omitted, and greater focus is placed on hard controls.

  B. The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

  C. Internal auditors become involved in and knowledgeable about the self-assessment process.

  D. Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

  Correct Answer: A

• Question 178:

  An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

  A. Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

  B. Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

  C. Reassign information systems auditors to assist in implementing management's action plan.

  D. Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

  Correct Answer: D

• Question 179:

  An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?

  A. Express an opinion on the participants' inputs and conclusions as the assessment progresses.

  B. Provide appropriate techniques and guidelines on how the exercise should be undertaken.

  C. Evaluate and report on all issues that may be uncovered during the exercise.

  D. Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.

  Correct Answer: B

• Question 180:

  According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?

  A. The CAE can release prior internal audit reports with the approval of the board and senior management.

  B. The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

  C. The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

  D. The CAE can release prior information provided it is as originally published and distributed within the organization.

  Correct Answer: B