IIA IIA-CIA-Part2 Dumps

A risk assessment

An operational audit

A third-party audit

A fraud investigation

The CAE should accept the engagement and ensure that an explanation of the expertise limitations is included in the final audit report.

The CAE should ask management to hire an external expert who is familiar with the industry to perform an independent audit for management

The CAE should accept the engagement and hire an external expert to assist the audit team with the audit of the subsidiary

The CAE should recommend postponing the engagement until the internal audit team is able to develop sufficient knowledge of the new industry

Verify that amounts are correct.

Verify that payments are on time.

Verify that recipients are valid employees.

Verify that benefits deductions are accurate.

Assess management responses to key risk exposures

Analyze the costs and benefits of key controls

Evaluate the design adequacy of known controls

Conduct a walk-through of all related activates

Examining the entire population

Asking management about the malpractice

Testing a sample of random transactions.

Using data analytics

Verifying the existence of inventory items in each warehouse

Assigning the tolerable deviation rate to determine the sample size

Valuating the obsolete Inventory from all the warehouse locations

Confirming that the purchased items are recorded In the correct period

The review should focus on the efficiency of the controls in place to prevent fraud.

The scope of the review does not need to include all operating areas of the organization.

The cost of the control should be compared to the benefit of mitigating the related risk.

The review should assess whether the internal controls can be circumvented.

Tracing

Reperformance

Vouching

Walkthrough

The accounts payable supervisor, accounts payable manager, and controller.

The accounts payable manager, purchasing manager, and receiving manager.

The accounts payable supervisor, controller, and treasurer.

The accounts payable manager, chief financial officer, and audit committee.

The financial interest the service provider may have in the organization.

The relationship the service provider may have had with the organization or the activities being reviewed.

Compensation or other incentives that may be applicable to the service provider.

The service provider's experience in the type of work being considered.

Reliable information is factual adequate, and convincing so that a prudent informed person would reach the same conclusions as the internal auditor

Reliable information is the best attainable information through the use of appropriate engagement techniques

Reliable information supports engagement observations and recommendations and is consistent with the objectives for the engagement

Reliable information helps the organization and the internal audit activity meet its goals

Names and work titles of employees

Description of responsibilities of business units.

Average fuel consumption data of vehicles

Location and route data of vehicles

Ratings are only used to assess the condition of an observation made by an internal auditor.

Audit findings may be communicated to management prior to issuance of the final approved audit report.

Communications must be relevant logical, and free from errors before they are disseminated.

The audit report must present the information in the following order (1) audit scope, (2) engagement objectives, and (3) engagement results

Condition-based recommendations

Cause-based recommendations

Effect-based recommendations

Root cause-based recommendations

Percentage of recommendations implemented by corrective action date

Staff experience

Percentage of planned audits completed

Conformance with the International Professional Practices Framework

Inquiry

Analytical review

Observation

Inspection of documents

RACI (responsible, accountable, consult and inform) chart

Flowchart

SWOT{strengths. weaknesses opportunities, and threats) analysis

Workflow analysis

1 and 2

1 and 4

2 and 3

3 and 4

Stratified sampling

Attribute sampling

Discovery sampling

Haphazard sampling

To ascertain the operating effectiveness of a procedure

To verify the accuracy of Information in a report

To assess the controls mitigating major risks

To determine whether specified contra procedures are in place

To build good relations with management

To help management develop more responsive and timely action plans

To formally report medium- and high-risk observations in writing

To improve the internal audit key performance indicators

Facilitate a control assessment to ensure all application risks were appropriately identified

Advise the project team on how to develop effective controls

Direct the project team to implement the appropriate controls within the software application

Provide assurance that the design of the controls will mitigate the identified application risks

Improper segregation of duties.

Incentives and bonus programs.

An employee's reported concerns.

Lack of an ethics policy.

Scheme.

Opportunity.

Rationalization.

Pressure.

Board of directors

External auditors

Chief audit executive

Senior management

Senior management is charged with overseeing the establishment risk management and control processes.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

Operating managers are responsible for assessing risks and controls in their departments.

Internal auditors provide assurance about risk management and control process effectiveness.

Ask the CEO to determine the scope and objectives of the engagement

Request that the board disclose its concerns over governance for inclusion in the engagement

Discuss the concerns with the finance manager and work together to agree on the engagement objectives

Review previous audit reports from the area and develop engagement objectives to address the area's key risks and controls

Switch the existing assurance engagement into a fraud investigation engagement

Extend the audit scope and perform additional testing of controls on other related areas

Review the poor year's transaction volume and amounts paid compared to the poor year's budget

Perform data analytics on the supplier's information, invoiced amounts, and payments performed

To gather information from a sample of people who are geographically dispersed

To assess risks that could prevent an audited area from achieving its objectives.

To evaluate tie level of compliance of remote offices with centrally designed procedures

To perform testing of controls more frequently

The auditor should have ensured the preservation of audit evidence by taking screenshots or extracting tender documents

The auditor should have extracted a list of logs and identified any actions that were executed in the database during the audit

The auditor should have instructed procurement workers that changes to the database during the course of the audit were strictly forbidden

The internal auditor should have created a more thorough work program, which would address audit criteria and potential causes in more detail

Verify that approvals of purchasing documents comply with the authority matrix.

Observe whether the purchase orders are sequentially numbered.

Examine whether the sales department supervisor approves invoices for payment.

Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

Outsource the investigation to independent professional consultants

Select certain internal auditors and remove them from their current assignments so that they can begin a forensic investigation course

Recruit additional internal auditors possessing relevant qualification and experience

Decline the engagement at this time

Opportunity.

Rationalization.

Pressure.

Incentives.

It will be difficult to quantify the information obtained through this approach

This approach does not help the auditor learn about the existence of controls

It takes the auditor a long time to assess the relevant controls using this approach

Information on control functionality is limited

Limited resources should be employed since the actual engagement is already completed and the onus of corrective actions rests with management

No resources should be exclusively deployed for that at all rather it should be planned as part of future engagements in the same area

Resources should only be provided towards this if doing so does not result in depletion of resources for new engagements planned in the current period

Resources should be allocated to this without conditions as long as doing so meets the expectations of management and the judgment of the chief audit executive.

1 and 2 only

1 and 3 only

2 and 3 only

1, 2, and 3

Operational management, because they are responsible for the day-to-day management of the operational risks.

The CRO, because he is responsible for coordinating and project managing risk activities based on his specialized skills and knowledge.

The chief audit executive, although he is not accountable for risk management in the organization.

The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed tolerance limits set by the board.

Ask the external auditor to review the same transaction again as an independent third party

Consult account accounting principles, standards, and relevant guidelines in regard to timing of the entry

Interview the chief financial officer and obtain her opinion on how the transactions should be recorded

Compare the recording of this transaction to now similar ones were executed last year

Interviews

Observations

Reperformance

Internal control questionnaires

Degree of effort and cost needed to correct the reported condition.

Complexity of the corrective action.

Impact that may result should the corrective action fail.

Amount of resources required to conduct the follow-up activities.

The CAE must discuss the matter with senior management

The CAE must discuss the matter with key shareholders

The CAE must discuss the matter with legal counsel

The CAE must discuss the matter with the board

Stop-or-go sampling

Probability to proportional size sampling

Classical variable sampling

Discovery sampling

Criteria

Condition

Cause

Effect

Comparing the current ratio of the subsidiary with the current ratio of another company for the same period

Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods

Comparing the sales of the subsidiary with the sales of another subsidiary for the last two periods.

Comparing the sales of the subsidiary with the budgeted figures for the last two periods

1 and 3 only

2 and 4 only.

1.2. and 3 only

2. 3 and 4 only

Previous performance of the subsidiary specifically its financial results over the last three years and the outcome of external audit reviews

The results of previous internal audits of the subsidiary the recommendations provided and whether the recommended actions have been implemented

Organizational strategy objectives, risks, control framework and the expectations of stakeholders regarding the audit

The qualifications and competencies of the subsidiary's management team and their understanding of risk and control

Information that is factual adequate and convincing

Information that is best attainable through the use of appropriate engagement techniques

Information that supports engagement objectives and recommendations

Information that helps the organization meet its goals

Valid closure requires evidence that ensures the corrected process will function as expected in the future

Valid closure requires the client lo address not only the condition, but also the cause of the condition

Valid closure of an observation ensures it will be included in the final engagement report

Valid closure requires assurance from management that the original problem will not recur in the future

Inform senior management that the branch manager deeded to cancel the committed action plan without any previous communication

Discuss the issue with the board which has ultimate responsibility to resolve the risk

Have another discussion with the branch manager attempt to change his view, and encourage him to movement the recommendations

Document the branch manager's decision to accept the risk otherwise, no other speak: course of action is required.

Promptly adjust the audit work program to include tests that address the newly identified control and notify the other audit team members of the change

Proceed with the current audit work program because the engagement scope has already been finalized but plan to address the newly identified control as part of the follow up engagement

Adjust the audit work program to account for the new control, but only with approval from the engagement supervisor

Discuss the control with management of the area under review and seek their approval prior to including the control in the current audit engagement

1 and 3 only

2 and 4 only

1, 3, and 4 only

1, 2, 3, and 4

People cannot quickly understand the processes via flowcharts

Flowcharts are not applicable for evaluating the design of controls

Some serious risks that are not part of the linear process can be missed

Flowcharts do not enable auditors to identify missing controls

Variables sampling

Dollar-unit sampling

Judgmental sampling

Discovery sampling

Communicate the workpaper review results to management of fie area under review to validate the final report

Update the final report in the file with any necessary corrections based on the workpaper review.

Discuss the workpaper review results with the staff auditor where appropriate as a leaning opportunity

Add the manager's review notes to the final documentation following the review