Which of the following components influences the risk consciousness of an organization's people and is the basis for all other components of enterprise risk management?
A. Objective setting.
B. Information and Communication.
C. Risk Assessment.
D. Internal Environment.
A manufacturing firm uses hazardous materials in the production of its products. An audit of the firm's processes related to hazardous materials should include.
I. Recommending an environmental management system as part of policies and procedures.
II. Verifying the existence of tracking records for these materials from creation to destruction.
III. Using consultants to avoid self-incrimination of the firm in the event illegalities were detected in an environmental audit.
IV.
Evaluating the cost provided for in an environmental liability accrual account.
A.
II only
B.
III and IV only
C.
I, II, and IV only
D.
I, III, and IV only
When internal auditors perform consulting services that add value and improve an organization's operations, these services:
A. Impair the internal auditors' objectivity with respect to an assurance service involving the same engagement client.
B. Would preclude the achievement of assurance from the consulting engagement.
C. Should be consistent with the internal audit activity's empowerment reflected in the charter.
D. Impose no responsibility to communicate information other than to the engagement client.
An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?
A. Investigation of the physical security over access to the components of the LAN.
B. The ability of the LAN application to identify data items at the field or record level and implement user access security at that level.
C. Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise.
D. The level of security of other LANs in the company which also utilize sensitive data.
An organization that outsources much of its internal audit work to an external service provider is planning for an external quality assessment. Which of the following options would accomplish this task and be in conformance with the Standards?
A. External industry associate that performed a similar review for a supplier of the organization.
B. A team from an independent entity that previously employed the chief audit executive of the organization.
C. A team under the direction of the organization's chief audit executive with validation by a former manager of the internal audit activity.
D. The same external service provider because of its competency and experience with the organization.
Which of the following would not be a factor for senior management to consider when determining the internal audit activity's role in an organization's risk management process?
A. The extent to which the internal audit activity is outsourced.
B. The maturity level of risk management practices in the organization.
C. The competency of the internal auditors in risk management.
D. The nature of the business and the environment in which the organization operates.
Which of the following best describes the underlying premise of the COSO enterprise risk management framework?
A. Management should set objectives before assessing risk.
B. Every entity exists to provide value for its stakeholders.
C. Policies are established to ensure that risk responses are performed effectively.
D. Enterprise risk management can minimize the impact and likelihood of unanticipated events.
Which of the following activities most significantly increases the risk that a bank will make poor-quality loans to its customers?
A. Borrowers may not sign all required mortgage loan documentation.
B. Fees paid by the borrower at the time of the loan may not be deposited in a timely manner.
C. The bank's loan documentation may not meet the government's disclosure requirements.
D. Loan officers may override the lending criteria established by senior management.
Which of the following is not an appropriate type of coordination between the internal audit activity and regulatory auditors?
A. Regulatory auditors share their perspective on risk management, control, and governance with the internal auditors.
B. Internal auditors perform fieldwork at the direction of the regulatory auditors.
C. Internal auditors review copies of regulatory reports in planning related internal engagements.
D. Regulatory and internal auditors exchange information about planned activities.
Which of the following statements regarding segregation of duties is true?
A. When evaluating an organization's policy on segregation of duties, employee competence does not need to be considered.
B. An organizational chart provides an accurate definition of segregation of duties.
C. A restrictive segregation-of-duties policy can help improve an organization's communication.
D. Policies on segregation of duties in information systems must recognize the difference between logical and physical access to assets.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IIA-CIA-PART1 exam preparations and IIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.