According to the Standards, which of the following is applicable to the internal audit activity's quality assurance and improvement program?
A. Periodic monitoring of the internal audit activity should be done.
B. All aspects of the internal audit activity should be evaluated.
C. An external assessment should be obtained every three years.
D. The review of assurance services should be the primary focus.
Which of the following is correct with respect to roles within an enterprise-wide risk management process?
1.
The board provides oversight to the risk management process.
2.
Executive management owns the risk management framework.
3.
Senior management is assigned ownership of risks.
4.
Internal audit modifies the risk assessment determined by management.
A. 1 and 2 only
B. 3 and 4 only
C. 1, 2, and 3 only
D. 1, 2, 3, and 4
An organization has a large number of vendors supplying goods to its various branches across the region. The code of conduct statements signed by the employees specify that the employees or their families will not sell goods to the organization. However, during the internal audit of a branch, the internal auditor suspected that some of the employees may be supplying goods to the organization contrary to the code of conduct. The chief audit executive has requested that a thorough review be completed to identify the potential employee vendors. Of the following tests, it would be least useful to compare [List A] with [List B].
[List A] [List B]
A. Vendor bank account numbers Employee bank account numbers
B. Dates of payments to vendors Dates of salary payments to employees
C. Addresses of vendors from the vendor database Addresses of employees from the employee database
D. Vendor names Employee names
While developing a risk based audit plan, which of the following sources of information would provide the least value to the chief audit executive?
A. Results from the organization's business process management program.
B. User acceptance testing of the organization's enterprise resource planning application.
C. Risk assessments conducted by the board.
D. Key business strategies adopted by the organization in the strategic plan.
Management requested the chief audit executive (CAE) to include an audit of the organization's health and safety program in next year's annual audit plan. However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?
A. With management's agreement, amend the scope of the audit to ensure that areas examined do not require specialized knowledge and expertise.
B. Meet with management to explain that the audit cannot be undertaken and discuss alternative strategies that can be implemented until internal audit can develop its capability in the area.
C. Accept the request provided management has conducted a thorough risk assessment prior to the engagement to help guide the audit.
D. Advise management that compliance audits of this type should only be conducted by the corresponding regulatory agency to ensure independence.
Which of the following would be the most important reason for the chief audit executive (CAE) to use inputs from management strategy to update the audit universe?
A. The audit charter requires the CAE to update the audit universe before embarking on the selection of potential audit engagements.
B. The CAE wants to consider the organization's strategic plan including attitude toward risk and the degree of difficulty to achieving planned objectives.
C. The CAE wants to cover management planned activities for the upcoming year in the audit plan.
D. The CAE wants to determine internal audit resourcing requirements to cover the organization's major processes and activities over time.
Which of the following is true regarding roles and responsibilities in risk management processes?
A. Setting strategic direction resides with senior management.
B. Ownership of risks resides with the board.
C. Acceptance of residual risk resides with executive management level.
D. Identifying, assessing, mitigating and monitoring activities on a continuous basis rests with the internal audit activity.
While preparing the annual audit plan, the newly assigned chief audit executive (CAE) learns that the organization has not yet implemented a risk framework. Which of the following would be the most appropriate action for the CAE to take regarding potential engagements?
A. Prioritize the engagements that were not done in previous years and schedule them for the upcoming year.
B. Consult with senior management and the board and make adjustments regarding risk.
C. Review all outstanding recommendations from prior audit engagements and focus on them in the upcoming year.
D. Use the previous three-year audit plan to extrapolate potential engagements for the upcoming year's schedule of engagement.
When determining if appropriate resources exist to achieve engagement objectives, which of the following factors should a chief audit executive consider?
1.
Nature and complexity of the audit engagement.
2.
Time constraints.
3.
Effectiveness of the audit committee.
4.
Availability of resources for the engagement.
A. 1 and 2 only
B. 1, 2, and 3 only
C. 1, 2, and 4 only
D. 1, 3, and 4 only
Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailed audit work begins?
A. The objectives of the audit should be set.
B. The organization's management should be informed about the work to be performed.
C. Attention should be devoted toward the key audit areas.
D. The timing of the audit should be set.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IIA-CIA-PART2 exam preparations and IIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.