IIA IIA-CIA-PART2 Online Practice Questions and Exam Preparation

IIA IIA-CIA-PART2 Online Questions & Answers

• Question 361:

  An internal auditor noted that access to internal databases and information systems was not changed for employees who had either moved to other business units or whose job duties had changed significantly. Which of the following would most likely be an appropriate root-cause recommendation?

  A. Compile and implement an access review policy and regulate the notification procedure.
  B. Check access rights of all employees who have moved within the organization during the past year.
  C. Restrict access to IT systems and databases for all employees identified in the audit engagement.
  D. Analyze access logs to those IT systems to identify unauthorized actions by employees.
  A. Compile and implement an access review policy and regulate the notification procedure.

• Question 362:

  Which of the following tasks would be considered unusual for planning a control self-assessment workshop?

  A. Conducting interviews to identify relevant issues for the discussion.
  B. Identifying key stakeholders and ensuring they are represented in the group.
  C. Securing an external subject matter expert to arbitrate disputes.
  D. Ensuring that managers are willing to accept constructive criticism.
  C. Securing an external subject matter expert to arbitrate disputes.

• Question 363:

  According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?

  A. The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.
  B. The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.
  C. The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.
  D. The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.
  D. The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

• Question 364:

  Which of the following is the advantage of using internal control questionnaires (ICQs) as part of a preliminary survey for an engagement?

  A. ICQs provide testimonial evidence.
  B. ICQs are efficient.
  C. ICQs provide tangible evidence to be quantified.
  D. ICQs put observations into perspective.
  B. ICQs are efficient.

• Question 365:

  Which of the following is a preventive control strategy against fraud?

  A. Performing a surprise audit.
  B. Maintaining a whistleblower hotline.
  C. Implementing control self-assessment.
  D. Performing background checks on employees.
  D. Performing background checks on employees.

• Question 366:

  An internal auditor is using the discovery sampling technique. She has not completed the analysis, but she already discovered that at least one item failed to comply with the required standard. Which of the following is the most appropriate response?

  A. The auditor must test the remaining items to ensure due professional care.
  B. The noncompliant item is an indicator that the auditor should select a different sampling methodology.
  C. The noncompliant item is an indicator that the auditor should increase the sample size.
  D. The auditor may draw a conclusion based on the singular noncompliant item.
  A. The auditor must test the remaining items to ensure due professional care.

• Question 367:

  An internal auditor noted that the organization's production facility experienced a machinery outage, because routine machinery maintenance was not performed timely. Senior management asked the auditor why the maintenance was delayed, and the auditor did not have an answer. Which of the following tools or approaches should the auditor have used to help him better understand the circumstances?

  A. A risk and control matrix
  B. A root cause analysis
  C. A spaghetti diagram
  D. A process map
  A. A risk and control matrix

• Question 368:

  Risk assessments can vary in format, but generally include:

  1.A description of identified risks.

  2.Tests of audit controls.

  3.A system of rating risks.

  4.Sample size identification.

  A. 1 and 2 only
  B. 1 and 3 only
  C. 1, 3, and 4 only
  D. 2, 3, and 4 only
  B. 1 and 3 only

• Question 369:

  The engagement supervisor would like to change the audit program's scope prior to beginning eldwork. According to IIA guidance, before any change is implemented, what is the most important action that should be undertaken?

  A. Document in the engagement workpapers the rationale for changing the scope.
  B. Confirm that the scope change would align to the organization's objectives and goals.
  C. Confirm that the internal audit activity continues to have the necessary knowledge and skills.
  D. Seek approval from the chief audit executive for the proposed scope change.
  B. Confirm that the scope change would align to the organization's objectives and goals.

• Question 370:

  Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?

  A. Comparing the current ratio of the subsidiary with the current ratio of another company for the same period
  B. Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods
  C. Comparing the sales of the subsidiary with the sales of another subsidiary for the last two periods.
  D. Comparing the sales of the subsidiary with the budgeted figures for the last two periods
  B. Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods