During a review of performance measures in an organization's purchasing function, the preliminary survey indicates that most of the measures have been in use for some time. The internal auditor should:
A. Review the data that was used to develop the measures.
B. Perform benchmarking in order to verify that the measures being used are meaningful.
C. Establish the history of the measures and reasons for use.
D. Report that the measures being used are out-of-date and should be improved.
An internal auditor is conducting tests to determine if an organization is in compliance with its payment approval policies. After reviewing a sample of vouchers selected, the internal auditor concluded that there were indicators of fraud. Which of the following would be the most appropriate method to expand the audit test to achieve the audit objective?
I. Validate the completeness of the accounts payable files.
II. Examine the sample of vouchers in greater detail.
III. Increase the number of vouchers in the sample.
IV.
Broaden the scope of the examination to include credits received by accounts payable.
A.
I and II only
B.
II and III only
C.
I, II, and IV only
D.
I, III, and IV only
Which of the following items should be addressed in an organization's privacy statement?
I. Intended use of collected information.
II. Data storage and security.
III. Network/infrastructure authentication controls.
IV.
Data retention policy of the organization. Parties authorized to access information.
A.
I and II only
B.
I and IV only
C.
I, II, and V only
D.
II, III, IV, and V only
The most effective method of reporting engagement results to management and stimulating action is to:
A. Deliver a lecture on the engagement results.
B. Limit verbal commentary and present a series of slides that graphically depict the engagement results.
C. Use slides to support a discussion of major points.
D. Distribute copies of the report, ask the participants to read the report, and ask for questions.
During an information security audit, an auditor discovers that the current disaster recovery plan was developed three years ago but never tested. There have been significant changes to information systems since the plan was developed. The auditor should:
A. Ask management to test the recovery plan immediately.
B. Recommend that management and users update and test the recovery plan.
C. Update the recovery plan for management as part of the review.
D. Review the recovery plan and report weaknesses to management.
A chief audit executive agrees to conduct an engagement that will focus on customers' perceptions of the quality of the organization's products and services. Which of the following issues should be addressed first?
A. Cost-effectiveness.
B. Quality control.
C. Customer complaints.
D. Supplier deliveries.
Which of the following is the first step in the process where auditors and clients work together to evaluate the clients' system of internal control?
A. Assess risks.
B. Develop questionnaires.
C. Identify and assess controls.
D. Identify objectives.
An internal auditor has a recommendation to change operations which could potentially increase profits by $50,000. The best way to sell this recommendation to management is to:
A. Carefully work out the details of implementation before presenting it to department management.
B. Discuss it with operating supervisors who are directly affected by the change, and then with department management.
C. Bring it to the audit manager, who should bring it immediately to senior management's attention.
D. Wait until the exit conference to discuss it in order to ensure all affected parties are present.
Once an audit report is drafted, the auditor's supervisor should review it primarily to ensure that all:
A. Statements are supported and can be authenticated.
B. Recommendations for corrective action are clear.
C. Processes within the audited area were reviewed.
D. Sample sizes appear appropriate for any issues found.
In preparing to facilitate a control self-assessment session, an auditor would be least likely to ensure that:
A. Key stakeholders are represented in the group.
B. An independent content expert is available to help settle disagreements.
C. Background research is completed to familiarize the auditor with relevant issues.
D. Management is consulted on the issues and priorities.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IIA-CIA-PART2 exam preparations and IIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.