Free IIA-CIA-Part2 Sample Questions — Certified Internal Auditor - Part 2 Conducting the Internal Audit Engagement

Which of the following would best contribute to the success of a guest auditor program that allows people from other areas of the organization to serve as subject matter experts?

• A. Selecting guest auditors whose work has recently been audited by the internal audit activity
• B. Recommending the guest auditor to design the internal audit program and perform testing procedures
• C. Soliciting feedback from the guest auditor once the engagement is complete
• D. Enabling the guest auditor to interact with internal audit staff to identify mutually beneficial opportunities

An internal auditor wanted to determine whether the organization's 200 employees are charging their work hours accurately to the correct project The internal auditor selected a sample of 30 employee time reports for testing. Based on the testing, the internal auditor determined the following: - 5 time reports were incorrect. - 21 time reports were correct. - 4 time reports were not supported. Which of the following conclusions is appropriate?

• A. The organization has significant flaws in its reporting of employee time, which could lead to the overstatement of project labor costs. The organization's failure to report accurate and complete employee time could lead to potential fraud and abuse
• B. The organization needs to ensure that all reporting of employee time is accurate and complete for each of its projects. By doing so, the organization can minimize potential issues related to overstating employee times and labor project costs
• C. The organization overstated project costs due to inaccurate and incomplete reporting of employee time charged to the affected accounts. As a result, the organization cannot ensure all projects costs are accurately reported to stakeholders
• D. The organization generally ensured that employee hours charged to each project were accurate and complete. However, there were instances of employee time reports that were incorrect or not supported to justify the multiple project labor costs

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management's compliance with privacy laws for safeguarding customer information stored on the organization's servers. Which course of action is appropriate for this phase of the engagement?

• A. Solicit the services of a specialist information systems auditor
• B. Obtain the most current approved copies of the organization's privacy policy
• C. Consult with legal counsel about new privacy laws to establish appropriate criteria
• D. Consider the detection risk of noncompliance with the laws

Which of the following would be most likely found in an internal audit procedures manual?

• A. summary of the strategic plan of the area under review
• B. Appropriate response options for when findings are disputed by management
• C. An explanation of the resources needed for each engagement
• D. The extent of the auditor's authority to collect data from management

What is the purpose of an internal control questionnaire?

• A. To gather information from a sample of people who are geographically dispersed
• B. To assess risks that could prevent an audited area from achieving its objectives
• C. To evaluate the level of compliance of remote offices with centrally designed procedures
• D. To perform testing of controls more frequently

According to IIA guidance, which of the following would be considered necessary for a one-person audit function?

• A. formalized technical audit manual
• B. written administrative audit manual
• C. memorandum stating policies and procedures
• D. comprehensive policy and procedure manual

According to IIA guidance, which of the following must be included in the communication when the internal audit activity issues an overall opinion?

• A. Consideration of reliance on other assurance providers and relevant management responses to audit findings
• B. The framework or criteria on which the opinion is based and the workpapers from control testing
• C. summary of the information that supports the opinion and scope limitations
• D. Relevant management responses to audit findings and scope limitations

An internal auditor compared the number of human resources professionals per employee with industry standards. This comparison would assist the auditor in evaluating which of the following areas?

• A. Sufficiency of controls over payroll rate increases
• B. Current level of performance of the human resources department
• C. Adequacy of controls over hiring new employees
• D. Degree of compliance with human resources policies

The internal audit manager has been delegated the task of preparing the annual internal audit plan for the forthcoming fiscal year. All engagements should be appropriately categorized and presented to the chief audit executive for review. Which of the following would most likely be classified as a consulting engagement?

• A. Evaluating procurement department process effectiveness
• B. Helping in the design of the risk management program
• C. Assessing financial reporting control adequacy
• D. Reviewing environmental, social, and governance reporting compliance

During an engagement, the chief audit executive (CAE) is notified that the residual risk in several key areas currently exceeds the organization's risk appetite. Upon contacting management, the CAE is advised that no action will be taken, as the existing appetite is unrealistic for current market conditions. According to IIA guidance, which of the following actions would be the most appropriate for the CAE to take?

• A. Arrange a meeting with senior management to explain and resolve this issue
• B. Highlight this issue in the interim audit report and request operational management's response
• C. Escalate this issue to the board and recommend a more realistic risk appetite
• D. Hold a meeting with the CEO to obtain further guidance on how to proceed

An internal auditor is conducting a walk-through of the accounts payable process. The auditor wants to assess the extent of the completeness of debts to suppliers as recorded in the ledger. Which of the following techniques would be most appropriate?

• A. Tracing randomly selected vendor invoices to the record in the general ledger
• B. Confirming with the main customers that the amount owed matches the ledger’s recorded amounts
• C. Vouching a statistical sample of vendor invoices recorded in the general ledger
• D. Using analytical techniques to establish expectations of what should be recorded for vendors

Which of the following situations is most critical for the chief audit executive to report to the board?

• A. The chief audit executive disagreed with the business unit manager's initial decision to accept a particular risk. Management ultimately agreed to address the risk only after discussing the issue with senior management
• B. staff internal auditor had difficulties completing a portion of the audit because management of the area under review was unwilling to cooperate and provide information timely
• C. The internal audit activity was restructured, which resulted in a significant change in responsibilities among audit managers and supervisors for some audits
• D. The resignation of an internal audit manager during the year caused the chief audit executive to defer a number of audit engagements to the following year

According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

• A. The organization's audit universe is extensive and diverse
• B. There has been an increase in unanticipated requests for advisory work
• C. Previous work provided by the external service provider has been of great quality and value
• D. recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations

An organization has acquired a new line of business. None of the organization's internal auditors have the required expertise to perform an internal audit of the new business line; therefore, the chief audit executive (CAE) has contracted the services of an external audit firm to perform the engagement. The CAE has assigned a member of the internal audit team to assist the external team with the engagement. According to the Standards, which of the following statements is true regarding supervision of the engagement?

• A. The CAE may rely upon the external firm's auditor in charge to supervise the engagement
• B. The external firm's auditor in charge must defer to the judgment of the CAE for any disputes
• C. The CAE is not responsible for the quality of an audit performed by an external firm
• D. The CAE should not assign an inexperienced staff member to assist with the engagement

Which of the following activities is an internal auditor most likely to perform when establishing the objectives of an assurance engagement?

• A. Discuss the internal audit risk assessment, including applicable risks and objectives, with internal audit management
• B. Perform a walk-through of the process under review to determine whether controls were operating effectively
• C. Identify which controls will be tested and the sampling method to be used based on control risk
• D. Meet with operational management to learn about any areas of concern and to agree on the engagement objectives

An internal auditor completed a review of expenses related to the launch of a new project. The auditor sampled 45 transactions approved by a senior project manager and identified 30 with questionable vendor documentation. Which of the following is the most appropriate conclusion for the auditor to include in the audit report?

• A. The organization incurred excessive cost overruns that resulted in significant financial and legal risk to the project
• B. The organization experienced a potential conflict of interest
• C. The organization had weaknesses in its review process, which allowed questionable transactions with some vendors
• D. The organization allowed the project to launch without assurance that all transactions were regularly approved

In an organization with a large internal audit activity that has several audit teams performing engagements simultaneously, which of the following tasks is an engagement supervisor most likely to perform during the planning phase of a new engagement?

• A. Establish a means for resolving any professional judgment differences over ethical issues that may arise during the engagement
• B. Approve the engagement work program to ensure the program is designed to achieve the engagement objectives
• C. Evaluate whether the testing and results support the engagement results and conclusion
• D. Review the sample testing results for exceptions

Which of the following computerized audit tools or techniques should be used if the internal auditor wants to extract specific files and records in the database?

• A. An expert or decision support system
• B. Generalized audit software
• C. system utility program
• D. An integrated test facility

An internal auditor was assigned to assess the risks related to the oil dispatch process. The auditor visited the oil dispatch facilities, met the manager responsible for oil sales, saw oil being loaded onto railway carriers, and talked to employees involved in the process. Which of the following best describes these audit testing methods?

• A. Obtaining documentary evidence and performing questioning
• B. Conducting interviews and performing analytical procedures
• C. Performing onsite inspection and obtaining physical evidence
• D. Conducting physical observation and obtaining testimonial evidence

According to IIA guidance, which of the following are acceptable strategies for an internal audit activity (IAA) to establish or build relationships?

• A. Assist executives with their administrative and governance responsibilities, and encourage all IAA members to develop relationships with the organization's executives
• B. Assist executives with their administrative and governance responsibilities, and ensure that all communications with the board are formal audit reports or preset agendas
• C. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and encourage all IAA members to develop relationships with the organization's executives
• D. During an engagement, restrict communications with affected executives to matters pertaining to the engagement; and ensure that all communications with the