Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

IIA IIA-ACCA - ACCA CIA Challenge Exam

IIA IIA-ACCA Premium Access     Download Demo    
Page: 4 / 13
Total 604 questions

When creating the internal audit plan, the chief audit executive should prioritize engagements based primarily on which of the following?

A.

The last available risk assessment.

B.

Requests from senior management and the board.

C.

The longest interval since the last examination of each audit universe item.

D.

The auditable areas required by regulatory agencies.

The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?

A.

Coach management in responding to risks.

B.

Develop risk management strategies for board approval.

C.

Facilitate identification and evaluation of risks.

D.

Evaluate risk management processes.

According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

A.

The organization's audit universe is extensive and diverse.

B.

There has been an increase in unanticipated requests for advisory work.

C.

Previous work provided by the external service provider has been of great quality and value.

D.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

A.

Senior management is charged with overseeing the establishment risk management and control processes.

B.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.

Operating managers are responsible for assessing risks and controls in their departments.

D.

Internal auditors provide assurance about risk management and control process effectiveness.

An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

A.

Manage and coordinate risk management processes.

B.

Audit risk management processes.

C.

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.

Accept management's responsibility for risk management without board approval.

Which of the following is least likely to help ensure that risk is considered in a work program?

A.

Risks are discussed with audit client.

B.

All available information from the risk-based plan is used.

C.

Client efforts to affect risk management are considered.

D.

Prior risk assessments are considered.

The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?

A.

Were audit findings relevant and useful to management?

B.

Does the audit report format present issues clearly and concisely?

C.

Does the IAA work with a high degree of professionalism and objectivity?

D.

Were the findings reported in a timely manner?

According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?

1. Coordinate post-engagement conferences to discuss the final audit report with management.

2. Include management's responses in the final audit report.

3. Review and approve the final audit report.

4. Determine who will receive the final audit report.

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Which of the following statements is false regarding audit criteria?

A.

Audit criteria should be consistent across audit assignments.

B.

Audit criteria should represent reasonable standards against which to assess existing conditions.

C.

Audit criteria should provide flexibility but allow identification of nonadherence.

D.

Audit criteria should equate to good or acceptable management practices.

Which of the following is not a direct benefit of control self-assessment (CSA)?

A.

CSA allows management to have input into the audit plan.

B.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

C.

CSA can improve the control environment.

D.

CSA increases control consciousness.

A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?

1. Graded positive opinion.

2. Negative assurance opinion.

3. Limited assurance opinion.

4. Third-party opinion.

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

An internal control questionnaire would be most appropriate in which of the following situations?

A.

Testing controls where operating procedures vary.

B.

Testing controls in decentralized offices.

C.

Testing controls in high risk areas.

D.

Testing controls in areas with high control failure rates.

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

A.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

B.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

C.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

D.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

A.

The corporate risk register.

B.

The strategic plan.

C.

Internal and external audit reports.

D.

The board's meeting records.

The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?

1. Use an external service provider.

2. Conduct a self-assessment with independent validation.

3. Arrange for a review by qualified employees outside of the IAA.

4. Arrange for reciprocal peer review with another CAE.

A.

1 and 2

B.

2 and 4

C.

1, 2, and 3

D.

2, 3, and 4