This page was exported from Exams Labs Braindumps [ http://blog.examslabs.com ] Export date:Wed Dec 4 19:15:39 2024 / +0000 GMT ___________________________________________________ Title: IIA-CIA-Part2 PDF Dumps Real 2024 Recently Updated Questions [Q84-Q107] --------------------------------------------------- IIA-CIA-Part2 PDF Dumps Real 2024 Recently Updated Questions Released IIA IIA-CIA-Part2 Updated Questions PDF IIA-CIA-Part2 (Practice of Internal Auditing) Exam is a certification offered by the Institute of Internal Auditors (IIA) for professionals seeking to validate their skills and knowledge in the practice of internal auditing. IIA-CIA-Part2 exam is one of three parts required to obtain the Certified Internal Auditor (CIA) designation, which is globally recognized as the hallmark of excellence in the internal auditing profession.   QUESTION 84At the conclusion of an audit of an organization’s treasury department, a report was issued to the treasurer, chief financial officer, president, and board. Because of the sensitivity of some findings, a follow-up review was performed. The auditor should provide the report of follow-up findings to the.I. Treasurer.II. Chief financial officer.III. President.IV.Board.  I and II only  III and IV only  I, II, and III only  I, II, III, and IV. QUESTION 85Internal control questionnaires are used to achieve which of the following objectives?  To ascertain the operating effectiveness of a procedure  To verify the accuracy of Information in a report  To assess the controls mitigating major risks  To determine whether specified contra procedures are in place QUESTION 86An internal auditor is reviewing purchases made through the organization’s corporate credit card program.Which of the following statements best describes a root cause of a deficiency?  A personal computer was purchased from a non-approved vendor.  Company policy limits card use to $500 per transaction.  A control to detect split purchases has not been activated in the credit card system.  Sample testing found 10% non-compliance with the organization’s business travel policy. QUESTION 87An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person Which of the following risks most appropriately describes this situation?  Nonsampling risk  Sampling risk  Inherent risk  Due diligence risk Nonsampling risk is the risk that the auditor may reach incorrect conclusions for reasons not related to the sampling process, such as failure to recognize exceptions or misinterpretation of audit results. In this case, the internal auditor did not notice that some purchase requisitions were approved by unauthorized persons, which is an oversight unrelated to the sample size or selection process. This is distinct from sampling risk, which is the risk that the sample selected does not represent the population. References:* The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2320 – Analysis and Evaluation.* The IIA’s Practice Guide on Audit Sampling.QUESTION 88A chief audit executive (CAE) determined that management chose to accept a high-level risk that may be unacceptable lo the organization. Which is the best course of action for the CAE to Follow?  Include using in a subsequent audit to determine if the risks are still present  Discuss the matter with senior management and it not reserved with the board  Require that management implement controls to mitigate lie risks  Report the risks to the process owners so that they can modify their process If the chief audit executive (CAE) determines that management has chosen to accept a high-level risk that may be unacceptable to the organization, the CAE should first discuss the matter with senior management. If senior management does not address the concern, the CAE should escalate the issue to the board. This escalation process ensures that the highest levels of governance are aware of significant risks and can take appropriate action if necessary. It also aligns with the CAE’s responsibility to ensure that risks are properly managed within the organization.References:* The Institute of Internal Auditors (IIA) – Standards for the Professional Practice of Internal Auditing, Standard 2600 – Communicating the Acceptance of RisksQUESTION 89An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?  Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.  Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.  Reassign information systems auditors to assist in implementing management’s action plan.  Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables. QUESTION 90Which of the following should be included in a privacy audit engagement?1. Assess the appropriateness of the information gathered.2. Review the methods used to collect information.3. Consider whether the information collected is in compliance with applicable laws.4. Determine how the information is stored.  1 and 3 only  2 and 4 only  1, 3, and 4 only  1, 2, 3, and 4 A privacy audit engagement should comprehensively cover all aspects related to the collection, storage, and compliance of personal information. This includes assessing the appropriateness of the information gathered (1), reviewing the methods used to collect the information (2), ensuring the information collected complies with applicable laws (3), and determining how the information is stored (4). This comprehensive approach ensures that the organization adheres to privacy standards and regulations effectively. Reference: = IIA’s Practice Guide: “Privacy Impact Assessment” and IIA Standard 2110.A2 –QUESTION 91When establishing the internal audit activity’s annual plan, which of the following would be the best source of potential audit engagement topics?  The organization’s budget.  Operations involving cash transactions.  Recent changes in management objectives.  Risk factors utilized in the organization’s risk models. QUESTION 92If the chief audit executive believes that senior management has accepted a level of residual risk that is unacceptable to the organization, they should:  Accept the decision of senior management as they are ultimately responsible for risk management.  Report the concern directly to the board.  Discuss the concern with management and if not resolved, escalate it to the board.  Disclose the issue in the audit report when auditing the area where the risk was identified. QUESTION 93What is the most important risk in determining the validity of construction delay claims?  Contractor claims may be submitted prior to completion of the work.  Contractor claims may include costs considered in the fixed-price portion of the work.  Contractor claims may include subcontractor estimates of balances due to the subcontractor.  Contractor claims may be understated. QUESTION 94A payroll clerk enters payroll transactions into the general ledger. The staff accountant reconciles the payroll ledgers. The payroll manager issues the manual payroll checks. The checks are maintained in a locked cabinet. The chief financial officer secures the keys to the cabinet. The payroll clerk distributes the manual checks.The payroll manager reconciles the bank statements monthly. Which of the following audit steps best addresses the risk of fraud in the payroll process?  Examine whether the payroll manager approves the reconciliations of ledgers.  Determine whether an approved list of voided checks exists.  Determine whether the cabinet keys are secured properly.  Vouch a sample of items on bank reconciliations to supporting documentation. Section: Volume DQUESTION 95When approving the final engagement report, which of the following is most critical?  Opinions are adequately supported.  Conclusions are reached for all objectives.  Report is distributed to appropriate parties.  Report is clear and concise. Section: Volume DQUESTION 96Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?1.Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.2.Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.3.Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.4.Communicate to senior management a summary report on the status and adequacy of audit resources.  1 and 3 only  2 and 4 only  1, 2, and 4  2, 3, and 4 QUESTION 97An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?  Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.  Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.  Reassign information systems auditors to assist in implementing management’s action plan.  Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables. The most appropriate course of action for the CAE is to evaluate the robustness and feasibility of the management’s action plan to address the identified weaknesses. The CAE should monitor the implementation progress, key dates, and deliverables to ensure that corrective actions are on track and will effectively mitigate the risks within the stipulated timeline. Reference: = IIA Standard 2500 – Monitoring Progress.QUESTION 98Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?  The person responsible for performing the task  Two or more people that work in the area  The supervisor in charge of the process  The manager that wrote the steps to be followed The most reliable source of testimonial evidence regarding whether a process is effectively performed according to its design would be the supervisor in charge of the process. This is because supervisors are typically responsible for overseeing the day-to-day operations and ensuring that processes are followed correctly. They have a comprehensive understanding of the process and can provide valuable insights into its effectiveness and adherence to design. The reliability of evidence increases with the proximity of the individual to the process in question and their role in ensuring compliance and performance.References: IIA’s Global Technology Audit Guide (GTAG) – Testimonial Evidence.QUESTION 99Direct staff as a percentage of total staff is an example of which of the following types of efficiency measures?  Productivity ratio.  Productivity index.  Operating ratio.  Resource utilization rate. QUESTION 100Which of the following statements is true regarding engagement planning?  The engagement objectives are the boundaries for the engagement, which outline what will be included in the review  The risk-based objectives of the engagement can be determined once the scope of the engagement has been formed  For a consulting engagement, planning typically occurs after the engagement objectives and scope have already been determined  For an assurance engagement, once the scope is established and testing has begun, the scope cannot be modified. For a consulting engagement, planning typically occurs after the engagement objectives and scope have already been determined. In consulting engagements, the objectives and scope are usually agreed upon with the client at the outset, and planning activities then focus on how to achieve these objectives within the defined scope.References:* IIA Standards: 2010 – Planning* IIA Practice Guide: Consulting ServicesQUESTION 101Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?1.Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.2.Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.3.Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.4.Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.  1 and 2 only  1 and 4 only  2 and 3 only  3 and 4 only QUESTION 102Which of the following manual audit approaches describes testing the validity of a document by following it backward to a previously prepared record?  Tracing  Reperformance  Vouching  Walkthrough Vouching is the manual audit approach that involves testing the validity of a document by following it backward to a previously prepared record. This method helps auditors verify the authenticity and accuracy of transactions by tracing them back to their source documents, such as invoices, receipts, or purchase orders.Vouching is commonly used to detect errors or fraud.References:* The Institute of Internal Auditors (IIA) Standards* Auditing Techniques and ProceduresQUESTION 103Which of the following statements is true pertaining to interviewing a fraud suspect?1. Information gathered can be subjective as well as objective to be useful.2. The primary objective is to obtain a voluntary written confession.3. The interviewer is likely to begin the interview with open-ended questions.4. Video recordings always should be used to provide the highest quality evidence.  1 only  4 only  1 and 3  2 and 4 When interviewing a fraud suspect, it is important to gather both subjective and objective information (Option1). Subjective information can include opinions or perspectives, which may provide insights into motivations or behaviors, while objective information consists of factual data. The interviewer typically begins with open-ended questions (Option 3) to allow the suspect to provide information freely and without leading them to specific answers. The primary objective is to gather information rather than to obtain a written confession (Option 2), and video recordings, while beneficial in certain cases, are not always used and thus not a standard requirement (Option 4). References:* The IIA’s Practice Guide on Conducting Internal Audits in Conformance with the International Standards for the Professional Practice of Internal Auditing (Standards).* The IIA’s Practice Guide on Fraud Auditing and Investigation.QUESTION 104Which of the following best describes how an internal auditor would use a flowchart during engagement planning?  To prepare for testing the effectiveness of controls  To plan for evaluating potential losses  To prepare a sampling plan for the engagement  To evaluate the design of controls During engagement planning, an internal auditor uses a flowchart to evaluate the design of controls. A flowchart visually represents the processes and controls within the organization, helping the auditor identify control points, weaknesses, and potential risks. This understanding is critical for planning the audit, as it allows the auditor to design tests that effectively assess whether the controls are properly designed and implemented to mitigate risks.Reference:Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2210 – Engagement Objectives.QUESTION 105An internal auditor for a financial institution has just completed an audit of loan processing. Of the 81 loans approved by the loan committee, the auditor found seven loans which exceeded the approved amount. Which of the following actions would be inappropriate on the part of the auditor?  Examine the seven loans to determine if there is a pattern. Summarize amounts and include in the engagement final communication.  Report the amounts to the loan committee and leave it up to them to correct. Take no further follow-up action at this time and do not include the items in the engagement final communication.  Follow up with the appropriate vice president and include the vice president’s acknowledgment of the situation in the engagement final communication.  Determine the amount of the differences and make an assessment as to whether the dollar differences are material. If the amounts are not material, not in violation of government regulations, and can be rationally explained, omit the observation from the engagement final communication. QUESTION 106What would be used to determine the collectability of accounts receivable balances?  The file of related shipping documents.  Negative accounts receivable confirmations.  Positive accounts receivable confirmations.  An aged accounts receivable listing. QUESTION 107What is the primary purpose of creating a preliminary draft audit report?  To save time during final report writing  To meet the Standards requirement for developing a draft report prior to issuing a final report  To use as a tool for communicating with management of the area under review.  To require that management implements solutions to issues identified during the engagement The primary purpose of creating a preliminary draft audit report is to facilitate communication with management of the area under review. This draft allows for discussion and feedback on the findings, recommendations, and any potential misunderstandings or disagreements before the final report is issued. It helps ensure that the final report is accurate, fair, and reflects the input of both the auditors and management.References:* The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), specifically Standard 2410 – Criteria for Communicating.* The IIA’s Practice Guide on Communicating Results. Loading … IIA-CIA-Part2 Dumps and Practice Test (465 Exam Questions): https://www.examslabs.com/IIA/Certified-Internal/best-IIA-CIA-Part2-exam-dumps.html --------------------------------------------------- Images: https://blog.examslabs.com/wp-content/plugins/watu/loading.gif https://blog.examslabs.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-11-30 10:39:34 Post date GMT: 2024-11-30 10:39:34 Post modified date: 2024-11-30 10:39:34 Post modified date GMT: 2024-11-30 10:39:34