Question 1

According to IIA guidance, which of the following strategies would add the least value to the achievement of the internal audit activity's (IAA's) objectives?

Options :

A : Align organizational activities to internal audit activities and measure according to the approved IAA performance measures.

B : Establish a periodic review of monitoring and reporting processes to help ensure relevant IAA reporting.

C : Use the results of IAA engagement and advisory reporting to guide current and future internal audit activities.

D : Establish a format and frequency for IAA reporting that is appropriate and aligns with the organization's governance structure.

Answer: A

Question 2

An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization's health and safety program?

Options :

A : The CAE has no role to play, because the chief health and safety officer reports to a senior executive.

B : The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.

C : The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.

D : The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.

Answer: B

Question 3

Which of the following is a disadvantage of using flowcharts during a risk assessment?

Options :

A : People cannot quickly understand the processes via flowcharts

B : Flowcharts are not applicable for evaluating the design of controls

C : Some serious risks that are not part of the linear process can be missed

D : Flowcharts do not enable auditors to identify missing controls

Answer: C

Question 4

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management's compliance with privacy laws for safeguarding customer information stored on the organization's servers. Which course of action is appropriate for this phase of the engagement?

Options :

A : Solicit the services of a specialist information systems auditor

B : Obtain the most current approved copies of the organization-s privacy policy

C : Consult with legal counsel about new privacy laws to establish appropriate criteria

D : Consider the detection risk of noncompliance with the laws

Answer: B

Question 5

Which of the following would be most likely found in an internal audit procedures manual?

Options :

A : A summary of the strategic plan of the area under review.

B : Appropriate response options for when findings are disputed by management.

C : An explanation of the resources needed for each engagement.

D : The extent of the auditor-s authority to collect data from management.

Answer: D

Free IIA-CIA-Part2-3P Mock Exam – Practice Online Confidently

Buying Options: