IIA-CIA-Part2 Exam Practice Test Instant Access

Question 1

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

AThe auditor must not perform the training, because any task to improve the business process could impact audit independence.

BThe auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

CThe auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

DThe auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Answer : C

Question 2

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

AThe matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

BThe deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

CThe incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

DThe incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Answer : D

Question 3

An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for

testing. Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?

AReview logs of the vehicles assigned to employees for the delivery of goods during the engagement period.

BVisit the home address of the specific employee to see the selected vehicle.

CCompare the registered details of the vehicle in the fixed asset register to a date-stamped photograph of the vehicle.

DSeek independent confirmation of the vehicle's details from one of the delivery employees.

Answer : C

Question 4

Acceding to MA guidance, when of the Mowing strategies would like provide the most assurance to the chief audit executive (CAE) that the internal audit activity's recommendations are being acted upon?

AThe CAF obtains a formal response from senior management regarding the corrective actions they plan to take w address the recommendations.

BThe CAE develops a tracking system to monitor the stains of engagement recommendations reported to management for action

CThe CAE communicates with impacted department managers to determine whether corrective actions have addressed engagement recommendations

DThe CAE works with the engagement supervisor to monitor the recommendations issued to management for corrective action

Answer : B

Question 5

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

AReport follow-up activities to senior management.

BImplement follow-up procedures to evaluate residual risk.

CDetermine the costs of implementing the recommendations.

DEvaluate the extent of improvements.

Answer : C

Question 6

Which of the following actions is the most appropriate response for an internal auditor to take when a significant risk is identified during a consulting engagement?

AReport the risk identified from the consulting engagement to senior management.

BDo not include the risk in the assessment of risk management processes, as that is management's responsibility.

CDo not report the risk, as it is out of scope for the consulting engagement.

DInclude the risk identified from the consulting engagement in the next annual risk assessment only if it is part of the consulting engagement objectives.

Answer : A

Question 7

Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?

ATo evaluate controls regarding the computer security of an oil refinery.

BTo examine the processes involved in exploring, developing, and operating a gold mine.

CTo assess the likelihood and impact of events associated with operating a finished goods warehouse.

DTo link a financial institution's business objectives to a work unit responsible for the associated risk.

Answer : D

IIA Practice of Internal Auditing IIA-CIA-Part2 Exam Practice Test