The engagement supervisor would like lo change the audit program's scope poor to beginning fieldwork According to IIA guidance before any change is implemented what is the most important action that should be undertaken?
Answer : D
According to IIA guidance, before implementing any changes to the audit program's scope prior to beginning fieldwork, the most important action is to seek approval from the chief audit executive (CAE) for the proposed scope change. This ensures that any significant modifications are reviewed and authorized at the appropriate level, maintaining the integrity and alignment of the audit activity with the organization's audit plan and objectives.
IIA Standards: 2240 - Engagement Work Program
IIA Standards: 2020 - Communication and Approval
An audit observation states the following:
"Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history"
Which of the following components are missing in the observation?
Answer : B
The observation in question includes the condition ('no approved credit risk management policy' and '17 out of 50 contacts showed clients with a poor credit history') and the cause (the subsidiary concluding contacts with high-risk clients). However, it lacks the effect, which should explain the potential or actual impact of this deficiency on the organization (e.g., financial losses, increased credit risk). Additionally, it is missing the criteria, which should reference the specific rules or policies that are not being followed (e.g., the organization's credit risk management policy requirements). Including these components would provide a complete and actionable observation. Reference:
The Institute of Internal Auditors (IIA) - Practice Guide: Audit Reports and Working Papers
Which of the following statements accurately describes the Standards requirement for ret internal audit records?
Answer : C
According to IIA guidance, the chief audit executive (CAE) is responsible for establishing policies and procedures for the internal audit activity, including the retention of audit records. These requirements should be aligned with the organization's overall processes and procedures to ensure consistency and compliance with legal and regulatory requirements. This approach ensures that the retention policy is tailored to the specific needs and context of the organization, while also maintaining alignment with broader organizational policies. Reference:
The Institute of Internal Auditors (IIA) - Standards for the Professional Practice of Internal Auditing, Standard 2330 - Documenting Information
The Institute of Internal Auditors (IIA) - Practice Advisory 2330-1: Document Retention
According to HA guidance, the chief audit executive is directly responsible for which of the following?
Answer : D
According to IIA guidance, the chief audit executive (CAE) is directly responsible for establishing the objectives, scope, and plan for each engagement. This responsibility ensures that each audit is properly focused and aligned with the overall goals and risk areas of the organization. While maintaining a quality assurance program and providing professional development opportunities are important, they are not solely the CAE's responsibility without management support. Periodic review and approval of the internal audit charter is typically a joint responsibility with senior management and the board. Reference:
The IIA's International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2010 - Planning.
The IIA's Practice Guide on Developing the Internal Audit Plan.
Which of the following factors should be considered when determining the staff requirements for an audit engagement?
The internal audit activity's time constraints.
The nature and complexity of the area to be audited.
The period of time since the area was last audited.
The auditors' preference to audit the area.
The results of a preliminary risk assessment of the activity under review.
Answer : B
Step-by-Step Detailed Explanation:
1. The internal audit activity's time constraints:
Time constraints are important when allocating resources for efficiency.
2. The nature and complexity of the area to be audited:
This directly affects the level of expertise and resources required.
3. The period of time since the area was last audited:
While relevant, this is not critical for determining staff requirements.
4. The auditors' preference to audit the area:
Preferences should not determine staffing; decisions should be based on the organization's needs.
5. The results of a preliminary risk assessment of the activity under review:
High-risk areas may require more experienced auditors or additional staff.
CIA Exam Syllabus Reference:
Domain IV: Managing the Internal Audit Function -- Staffing and Resource Allocation.
Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.
Answer : D
A privacy audit engagement should comprehensively cover all aspects related to the collection, storage, and compliance of personal information. This includes assessing the appropriateness of the information gathered (1), reviewing the methods used to collect the information (2), ensuring the information collected complies with applicable laws (3), and determining how the information is stored (4). This comprehensive approach ensures that the organization adheres to privacy standards and regulations effectively. Reference: = IIA's Practice Guide: ''Privacy Impact Assessment'' and IIA Standard 2110.A2 -
After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?
Answer : C
According to IIA guidance, a draft work program prepared by the engagement supervisor after concluding a preliminary assessment would test the process controls. The work program outlines the specific procedures and steps the internal audit team will take to evaluate the effectiveness of the controls in place to mitigate identified risks.
IIA Standards: 2240 - Engagement Work Program
IIA Practice Guide: Engagement Planning