IIA IIA-CIA-Part2 Dumps

Gap analysis

Staff preferences

Maturity analysis

Extent of external audit coverage

Top-down approach

Process-Metrix approach

Risk-factor approach

Bottom up approach

Remove the new employee's excessive access rights and request that he report any future access error.

Perform a complete review of all users who have access to the payroll system lo determine whether there are additional employees who were granted inappropriate access

Review the system activity log of the employee to determine whether he used the inappropriate access to conduct any unauthorized activities in the payroll system

Provide coaching to the IT specialist and introduce a secondary control to ensure system access is granted in accordance with the approved access request.

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

Disclose the information in a separate report.

Distribute the information in a confidential report to the board only

Distribute the reports through the use of blind copies.

Exclude the results from the report and verbally report the conditions to senior management and the board.

When internal auditors need to cover many control procedures using ICQs is generally less efficient than conducting observations and inspections

It is generally difficult for internal auditors lo compile appropriate ICQs for business activities that are governed by standardized operating procedures

ICQs are inadequate to provide effective assurance on how organizational processes are executed in practice.

It is generally difficult for internal auditors to process completed questionnaires, because ICQs frequently elicit detailed comments and long answers from management

The treasury supervisor establishes a threshold for amounts on bank statements to be reconciled against data in the system

The treasury analyst performs a daily reconciliation of al bank statements obtained via email against data in the system

The treasury analyst reviews a daily report automatically generated by the treasury system, which shows bank statements that have not been uploaded into the accounting system.

The treasury supervisor seeks an annual confirmation from the bank regarding the bank statements processed within a year

Assess controls for potential compliance issues that may affect me consolidation

Brief vendors on the potential risks that will occur without continued business

Advise division managers on how to streamline operations for better efficiency

Determine whether the organization’s controls are effective in meeting business objectives

The form and content of monitoring policies could vary by industry

The board of directors is responsible for the establishment of monitoring polities

Both large and small audit departments must have written policies on monitoring.

The chief audit executive must develop all monitoring policies related to the activity

Ensuring the process owner with the engagement objectives

Reviewing engagement draft reports

Ensuring workpapers support audit findings

Approving audit work programs

All assurance engagement observations should be communicated to the audit committee.

All assurance engagement observations should be included in the main section of the engagement communication.

During the "communicate" phase of an assurance engagement, it is best to define the methods and timing of engagement communications.

A detailed escalation process should be developed during the planning stage of an assurance engagement.

1 and 2 only

2 and 4 only

1, 2, and 4

2, 3, and 4

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

Reassign information systems auditors to assist in implementing management's action plan.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

1.2 and 3

1.2. and 4.

1.3. and 4.

2. 3. and 4.

A risk assessment

An operational audit

A third-party audit

A fraud investigation

The engagement team should include internal auditors who have expertise in investigating vendor fraud

The engagement team should be composed of certified accountants who are proficient In financial statement analysis and local accounting principles

To preserve independence and objectivity, an auditor who worked for the vendor two years prior may not participate on the engagement team

The engagement team may include an auditor who lacks knowledge of the industry in which the vendor operates

Documentary evidence

Testimonial evidence

Analytical evidence

Physical evidence

PPS sampling s used to reach conclusions regarding monetary amounts, attribute sampling is not.

PPS sampling is used to roach conclusions regarding rates of occurrence, attribute sampling is not.

PPS sampling a applied within the context of testing controls attribute sampling s not.

Attribute sampling is affected by the monetary book value of the population PPS sampling is not

1 and 2

1 and 4

2 and 3

3 and 4

Use guest auditors from within the organization, and leverage their experience by assigning them to lead engagements m areas where they previously worked

Outsource some of the audits to the organization s external auditor who is already familiar with the organization

Invite nonauditors to join the internal audit activity for a two-year rotational position, and assign them to join audit teams that are reviewing areas where they have no previous management responsibility

Recruit recent college graduates and employ them as audit interns with an aim to offer permanent employment

The internal audit team and audit client have a serious dispute over the scope and objective of the engagement

The internal audit team expects management to address certain issues immediately due to their severe impact

The internal audit team anticipates that the formal final audit report would be undesirable for management due to the significance of outlined risks

The internal audit team would like to issue a clean final audit report without any material observations or risks

Proposing fine item recommendation lot the annual financial budget of the accounting department

Making recommendations regarding financial approval authority limits for the operations department

Validating whether employees are following established policies and procedures in the procurement department

Generating expense report metrics for employees in the finance department

An interview with the employee who performed the work

An analysis of purchasing and receiving documentation

Existence of a signed completion document accepting the work

A physical inspection of the retail outlet.

The accounts payable supervisor, accounts payable manager, and controller.

The accounts payable manager, purchasing manager, and receiving manager.

The accounts payable supervisor, controller, and treasurer.

The accounts payable manager, chief financial officer, and audit committee.

The risk management process can provide more extensive internal audit services to the organization if it does not have an internal audit department

The risk management process supports internal audit by evaluating whether critical controls are adequate and effective.

The risk management process can determine whether all significant risks have been identified and are being treated.

The risk management process establishes an organization-specific documented risk management framework.

An internal auditor made purchases from several of the organization's retail outlets to evaluate customer service

An internal auditor interviewed various employees regarding health and safety issues and recorded their answers

An internal auditor obtained the current quarterly financial report and computed changes in deb-to-equity ratio

An internal auditor received a signed confirmation regarding the terms of a transaction from an independent attorney

Document in the engagement workpapers the rationale for changing the scope.

Confirm that the scope change would align to the organization's objectives and goals

Confirm that the internal audit activity continues to have the necessary knowledge and skills

Seek approval from the chief audit executive for the proposed scope change

The CAE should accept the engagement and ensure that an explanation of the expertise limitations is included in the final audit report.

The CAE should ask management to hire an external expert who is familiar with the industry to perform an independent audit for management

The CAE should accept the engagement and hire an external expert to assist the audit team with the audit of the subsidiary

The CAE should recommend postponing the engagement until the internal audit team is able to develop sufficient knowledge of the new industry

Process objectives.

Process risks

Process controls.

Process scope

Senior management of the organization

The chief audit executive

The head of customer service

The board of directors

Continue the engagement with the available staff, providing more hands-on supervision than usual

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Identify significant applications that support the business operations

Assess risk and rank subjects using business risk factors

Identify how the organization structures its business operations

Select audit subjects and bundle into distinct audit engagements

Meet with the chief operating officer 10 obtain Information about the MR department

Review the previous internal audit report and locus on key audit observations and action plans

Review the organization's risk strategy and risk appetite framework

Discuss the department's present strategies ‘and objectives with the head of the HR department

Independently evaluating conflicts of interests.

Assessing contracts for relevant terms and conditions.

Performing statistical analysis for data anomalies.

Preparing evidentiary documentation.

Ask the external auditor to review the same transaction again as an independent third party

Consult account accounting principles, standards, and relevant guidelines in regard to timing of the entry

Interview the chief financial officer and obtain her opinion on how the transactions should be recorded

Compare the recording of this transaction to now similar ones were executed last year

The review should focus on the efficiency of the controls in place to prevent fraud.

The scope of the review does not need to include all operating areas of the organization.

The cost of the control should be compared to the benefit of mitigating the related risk.

The review should assess whether the internal controls can be circumvented.

Establish a means for resolving any professional judgment differences over ethical issues that may arise during the engagement.

Approve the engagement work program to ensure the program is designed to achieve the engagement objectives

Evaluate whether the testing and results support the engagement results and conclusion

Review the sample testing results for exceptions.

Conduct a joint brainstorming session with management.

Ask the chief audit executive to mediate.

Disclose the client's differing opinion in the final report.

Escalate the issue to senior management for a decision.

1 and 2

1 and 3

2 and 4

3 and 4

The CAE should continue to meet with management to obtain their agreement for corrective action

The CAE should note in the final report that management has decided to accept the risk.

The CAE should ask that additional testing be undertaken to strengthen his case as to the need for corrective action.

The CAE should advise senior management of his intention to escalate the matter to the board.

Customers, innovation, growth, and internal processes.

Business objectives, critical success factors, innovation, and growth.

Customers, support, critical success factors, and learning.

Financial measures, learning and growth, customers, and internal processes.

interview IT management in both regions

Inspect regional user software training records

Interview propel management and the vendor responsible for implementation

Distribute surveys to software users in both regions

Randomly select 30 cases of loans and verify whether they were repaid timely and in full

Randomly select 30 cases of loans and validate them against applicable underwriting guidelines

Randomly select 30 employees to complete a survey regarding whether policies and standards are followed

Randomly select several months obtain ageing reports for these months and compare them with the poor year

The assessment of high-level risks is typically a linear process.

Management should create the preliminary risk matrix

The analysis should begin with ne identification of objectives

Likelihood should receive greater consideration than impact

The CAF obtains a formal response from senior management regarding the corrective actions they plan to take w address the recommendations.

The CAE develops a tracking system to monitor the stains of engagement recommendations reported to management for action

The CAE communicates with impacted department managers to determine whether corrective actions have addressed engagement recommendations

The CAE works with the engagement supervisor to monitor the recommendations issued to management for corrective action

1 only

1 and 2 only

1, 2, and 3

1, 2, and 4

Switch the existing assurance engagement into a fraud investigation engagement

Extend the audit scope and perform additional testing of controls on other related areas

Review the poor year's transaction volume and amounts paid compared to the poor year's budget

Perform data analytics on the supplier's information, invoiced amounts, and payments performed

Residual risk

Inherent risk

Compensating controls

Control activities

The document management policy requires business client data to be stored in a specific management database

Sales contracts were stored improperly because the office manager was not trained to use the electronic database and prefers to avoid it

if the organization becomes subject to litigation the agreed pricing terms and conditions of the contracts may be difficult to prove

All staff should be appropriately trained and required to follow the organization's established policies and procedures pertaining to document management

Were audit findings relevant and useful to management?

Does the audit report format present issues clearly and concisely?

Does the IAA work with a high degree of professionalism and objectivity?

Were the findings reported in a timely manner?

A formalized technical audit manual

A written administrative audit manual

A memorandum stating policies and procedures

A comprehensive policy and procedure manual

Audit criteria should be consistent across audit assignments.

Audit criteria should represent reasonable standards against which to assess existing conditions.

Audit criteria should provide flexibility but allow identification of nonadherence.

Audit criteria should equate to good or acceptable management practices.

A condition

An audit objectives

An audit scope

An observation rating