IIA IIA-CIA-PART2 Online Practice Questions and Exam Preparation

IIA IIA-CIA-PART2 Online Questions & Answers

• Question 641:

  According to the International Professional Practices Framework, which of the following situations is an indicator of a healthy relationship between the audit committee and the internal audit function?

  A. The chief audit executive (CAE) has direct access to the audit committee and the board but typically does not interact directly with them unless a material weakness in the control environment is identified.
  B. The CAE sends the audit committee all communications between the internal audit department and the audit client in order to keep the audit committee up to date on the engagement.
  C. The CAE does not distribute audit reports to the audit committee. However, the audit committee is made aware of the scope and findings of audits performed.
  D. Whenever a potential audit finding or testing exception is first identified, the audit committee is immediately notified, as well as for any subsequent changes in the status or resolution of the issue.
  C. The CAE does not distribute audit reports to the audit committee. However, the audit committee is made aware of the scope and findings of audits performed.

• Question 642:

  Which of the following data sources would provide the least valid data for an audit of a retail store's customer service?

  A. A graph that compares staffing levels for selected times with store traffic (number of customers) over the same time period.
  B. A random survey of customer satisfaction given to customers as they leave the store.
  C. Interviews of randomly selected service personnel regarding the quality of service that they provide.
  D. A graph of customer service training across stores, comparing training with overall levels of service satisfaction.
  C. Interviews of randomly selected service personnel regarding the quality of service that they provide.

• Question 643:

  While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the

  information systems have undergone extensive changes.

  Which of the following actions is most appropriate for the auditor to take?

  A. Inform management and request that the plan be tested immediately.
  B. Update the recovery plan for management, as part of the review.
  C. Evaluate the recovery plan and report weaknesses to management.
  D. Recommend that management and users update and test the recovery plan.
  D. Recommend that management and users update and test the recovery plan.

• Question 644:

  An auditor prepared a workpaper that consisted of a list of employee names and identification numbers as well as the following statement:

  "A statistical sample of 40 employee personnel files was selected to verify that they contain all documents required by company policy 501 (copy attached). No exceptions were noted." The auditor did not place any audit Verification symbols

  on this workpaper.

  Which of the following changes would most improve the auditor's workpaper?

  A. Use of audit Verification symbols to show that each file was examined.
  B. Removal of the employee names to protect their confidentiality.
  C. Justification for the sample size.
  D. Listing of the actual documents examined for each employee.
  C. Justification for the sample size.

• Question 645:

  Which of the following factors should be considered when determining the staff requirements for an audit engagement?

  1.The internal audit activity's time constraints.

  2.The nature and complexity of the area to be audited.

  3.The period of time since the area was last audited.

  4.The auditors' preference to audit the area.

  5.The results of a preliminary risk assessment of the activity under review.

  A. 1 and 4 only.
  B. 1, 2, and 5 only.
  C. 2, 3, and 5 only.
  D. 1, 2, 3, 4, and 5.
  B. 1, 2, and 5 only.

• Question 646:

  An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

  A. The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.
  B. The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.
  C. The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.
  D. The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.
  D. The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

• Question 647:

  Which of the following statements is true regarding the audit objective for an assurance engagement?

  A. Operational management must determine the audit objective in cooperation with the internal auditor
  B. The audit objective may be adjusted after the start of an engagement and it does not need to align with the assessed risks
  C. The audit objective must consider the possibility of fraud and noncompliance
  D. The audit objective may or may not consider the possibility of fraud depending on the assessed likelihood and impact
  C. The audit objective must consider the possibility of fraud and noncompliance

• Question 648:

  An organization has a large number of vendors supplying goods to its various branches across the region. The code of conduct statements signed by the employees specify that the employees or their families will not sell goods to the organization. However, during the internal audit of a branch, the internal auditor suspected that some of the employees may be supplying goods to the organization contrary to the code of conduct. The chief audit executive has requested that a thorough review be completed to identify the potential employee vendors. Of the following tests, it would be least useful to compare [List A] with [List B].

  

  A. Vendor bank account numbers Employee bank account numbers
  B. Dates of payments to vendors Dates of salary payments to employees
  C. Addresses of vendors from the vendor database Addresses of employees from the employee database
  D. Vendor names
  B. Dates of payments to vendors Dates of salary payments to employees

• Question 649:

  An internal auditor accessed accounts payable records and extracted data related to fuel purchased for the organization's vehicles. As a first step, she sorted the data by vehicle and used spreadsheet functions to identify all instances of refueling on the same or sequential dates. She then performed other tests. Based on the auditor's actions, which of the following is most likely the objective of this engagement?

  A. To identify whether fuel was purchased for work-related purposes.
  B. To estimate future fuel costs for the organization's fleet of vehicles.
  C. To determine trends in average fuel consumption by vehicle.
  D. To determine whether the organization is paying more than the industry average for fuel.
  A. To identify whether fuel was purchased for work-related purposes.

• Question 650:

  Which of the following procedures would provide the most reliable evidence for an internal auditor testing whether defective products are effectively being identified and removed during processing before shipping to customers?

  A. Reviewing quality department survey results, which show 96% of employees believe all defective products are removed prior to shipping.
  B. Physically inspecting a sample of completed processing cycles for defective products prior to shipment.
  C. Observing employees while they inspect products for defects.
  D. Reviewing a quality report provided by management that shows 13 products were identified and removed during the most recent processing cycle.
  B. Physically inspecting a sample of completed processing cycles for defective products prior to shipment.