IIA IIA-CIA-PART1 Online Practice Questions and Exam Preparation

IIA IIA-CIA-PART1 Online Questions & Answers

• Question 161:

  Which of the following audit findings would have the least impact (either positive or negative) on a department's control environment?

  A. The department makes long-term investment risk decisions to maximize return on investment.
  B. The department manager sets and demonstrates a tone of honesty and integrity in all business dealings.
  C. Many department functions are duplicated or verified by other department employees.
  D. Defficiencies were found in the appropriate authorization of transactions.
  A. The department makes long-term investment risk decisions to maximize return on investment.

• Question 162:

  Which of the following factors related to an organization's performance management system would not contribute to the organization's success?

  A. Performance management is linked to competence and knowledge management.
  B. Subordinates and superiors have shared responsibility for the performance management process.
  C. Staff members own the performance management process, thereby ensuring implementation and accountability.
  D. Performance management is integrated into other organizational processes and human resource processes.
  C. Staff members own the performance management process, thereby ensuring implementation and accountability.

• Question 163:

  Which of the following actions, if carried out by the chief audit executive (CAE), could lead to a violation of the principle of confidentiality?

  A. The CAE discloses partial assurance engagement information to regulatory authorities as ordered by a court.
  B. The CAE releases fraud incident details to a professional organization and informs legal counsel afterward.
  C. The CAE requires internal audit staff to destroy all information acquired from the area under review upon engagement completion.
  D. The CAE specifies policies and procedures regarding the distribution of engagement reports.
  B. The CAE releases fraud incident details to a professional organization and informs legal counsel afterward.

• Question 164:

  Which of the following would be considered an indicator that an organization's ethics program is not yet well developed?

  A. Disciplinary actions for ethics compliance violations are reviewed by the internal audit activity for consistency.
  B. Communication of ethics compliance expectations is the responsibility of employees' direct managers.
  C. The organization's code of ethics and related compliance policy are reviewed annually for potential updates.
  D. The board of directors reviews ethics oversight metrics for violations and compliance.
  B. Communication of ethics compliance expectations is the responsibility of employees' direct managers.

• Question 165:

  During the planning phase of an audit, an internal auditor preliminarily concluded that the controls for a process were adequately designed to manage the associated risk. Under what conditions might this preliminary assessment subsequently prove to be unreliable?

  A. Compensating controls from other processes were not present.
  B. Redundant controls are not in place to enhance well designed controls.
  C. Entity level controls are informal and not consistently enforced.
  D. Process controls were not developed from an existing key control checklist.
  C. Entity level controls are informal and not consistently enforced.

• Question 166:

  An internal auditor in a small broadcasting organization was assigned to review the revenue collection process. The auditor discovered that some checks from three customers were never recorded in the organization's financial records. Which of the following documents would be the least useful for the auditor to verify the finding?

  A. Bank statements.
  B. Customer confirmation letters.
  C. Copies of sales invoices.
  D. Copies of deposit slips.
  D. Copies of deposit slips.

• Question 167:

  Which should the internal auditor first consider when assessing fraud risks during an engagement?

  A. Compare the organization's fraud strategies with the industry's strategies.
  B. Review any related prior fraud investigations.
  C. Investigate any related fraud allegations.
  D. Communicate any suspicious fraud activities to management.
  B. Review any related prior fraud investigations.

• Question 168:

  The best reason for separating the cash-receiving function from the related record-keeping function is to:

  A. Segregate cash payments from cash receipts.
  B. Provide accountability for cash received.
  C. Minimize misappropriations in cash receipts.
  D. Improve physical security over the cash-receiving function.
  C. Minimize misappropriations in cash receipts.

• Question 169:

  A multinational organization has asked the internal audit activity to assist in setting up the organization's risk management system. The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

  A. Coordinate and facilitate risk workshops for management to attend.
  B. Establish the degree of risk appetite for management to accept.
  C. Set risk indicators and mitigation plans for management to implement.
  D. Determine the number of significant risks for management to report to the board.
  A. Coordinate and facilitate risk workshops for management to attend.

• Question 170:

  Applying ISO 31000, which of the following is part of the external context for risk management?

  A. Risk treatment method based on risk evaluation.
  B. Organizational culture, objectives, and processes.
  C. The regulatory and competitive environment.
  D. The method of determining the risk level.
  C. The regulatory and competitive environment.