Free Practice Questions for IIA IIA-CIA-Part2 Exam

External benchmarking using trend analysis involves comparing a company's performance metrics with industry standards or averages over a certain period to identify trends and areas for improvement. Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods allows for a normalized comparison by expressing financial statement items as a percentage of a common base figure (e.g., total assets or sales). This method highlights the subsidiary's financial structure and performance trends in relation to industry norms, facilitating a comprehensive analysis. References:

"Internal Auditing: Assurance & Advisory Services" (The Institute of Internal Auditors)

"Benchmarking: An Essential Tool for Assessment, Improvement, and Market Leadership" (Michael J. Spendolini)

If the chief audit executive (CAE) determines that management has chosen to accept a high-level risk that may be unacceptable to the organization, the CAE should first discuss the matter with senior management. If senior management does not address the concern, the CAE should escalate the issue to the board. This escalation process ensures that the highest levels of governance are aware of significant risks and can take appropriate action if necessary. It also aligns with the CAE's responsibility to ensure that risks are properly managed within the organization.

The Institute of Internal Auditors (IIA) - Standards for the Professional Practice of Internal Auditing, Standard 2600 - Communicating the Acceptance of Risks

A heat map is a visual tool used to present risk severity by plotting likelihood versus impact. It helps communicate which risks are most significant. A risk register (D) lists risks but does not visually present severity. Control self-assessment (B) is a participatory tool to evaluate controls, while Kanban boards (A) are project management tools. The best choice for assessing and presenting severity is a heat map.

According to IIA guidance on due professional care, internal auditors should perform thorough and adequate steps to verify the accuracy and legitimacy of transactions. When reviewing cash disbursements, it is essential to check the three-way match among the invoice, purchase order, and receiving report. This ensures that the payment is valid, authorized, and that the goods or services were actually received as ordered. This step is crucial in preventing and detecting errors and fraud, thereby ensuring that the audit findings are reliable and accurate.

IIA Standard 1220: Due Professional Care

IIA Practice Guide: Auditing Accounts Payable and Disbursements

The most important determinant of the objectives and scope of assurance engagements is the preliminary risk assessment performed by internal auditors. This assessment identifies the key risks that the engagement should address and ensures that the audit is focused on areas of highest risk and significance to the organization. While organizational charts, business objectives, and management requests are important inputs, the internal auditors' preliminary risk assessment ensures that the audit addresses the most critical areas. References:

The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), specifically Standard 2210 - Engagement Objectives.

The IIA’s Practice Guide on Engagement Planning.

Comprehensive and Detailed Explanation:

Per Standard 1210 – Proficiency, internal auditors must possess the necessary knowledge, skills, and competencies to perform engagements. If expertise is lacking internally, the CAE can obtain it through training, consulting, or external resources. In this case, the best solution is to engage another trained employee from within the organization (C) who has the required technical expertise in quality control equipment.

Canceling or postponing the audit (A) undermines risk-based planning.

Removing testing (B) weakens assurance and fails to meet objectives.

Outsourcing to external auditors (D) may be possible but is less efficient than leveraging internal expertise already available.

Thus, Option C aligns best with IIA standards, ensuring proper expertise while maintaining the audit’s integrity.

To manage the risk associated with volatile crude oil prices, purchasing crude oil-related derivatives such as futures or options is an appropriate risk management technique. These financial instruments allow the organization to hedge against price fluctuations by locking in prices or securing the right to purchase at a specific price, thereby providing financial stability and predictability. Option A is not directly related to hedging crude oil price risks. Option B involves speculative trading, which can be risky. Option D may not be feasible or cost-effective compared to using derivatives.

COSO's Enterprise Risk Management – Integrating with Strategy and Performance.

Top of Form

The focus of the effect section of the preliminary observations document should be on residual risk. Residual risk is the remaining risk after management has taken action to mitigate the inherent risk with controls and other risk responses. Documenting the effect in terms of residual risk helps in understanding the potential impact of the observed issues on the organization if not addressed.

IIA Standards: 2310 - Identifying Information

IIA Practice Guide: Communicating the Results of an Audit

According to ISO 31000, the risk management framework is scalable and applicable to organizations of all sizes, including small entities. The framework's principles are designed to be flexible and adaptable, ensuring they can be effectively implemented regardless of the organization's size.

Scalability: The principles and guidelines of ISO 31000 can be tailored to fit the specific context, resources, and complexity of any organization, making it a universal standard.

Flexibility: The framework supports organizations in integrating risk management practices into their operations at a level that suits their size and complexity.

Effectiveness: Regardless of the organization's size, the framework aims to enhance risk management practices and support better decision-making.

During the planning stage of an assurance engagement, internal auditors should focus their attention on identifying and assessing inherent risks. Inherent risk is the risk of a material misstatement or noncompliance due to error or fraud that could occur before any controls are applied. Understanding inherent risk is crucial as it helps auditors identify areas that may need more extensive testing and ensures that audit resources are appropriately allocated to the highest risk areas.

The Institute of Internal Auditors (IIA) Practice Guide: Assessing the Adequacy of Risk Management Using ISO 31000

IIA Standard 2010 - Planning

Identify the Conflict of Interest: The internal auditor learns about a large loan made to another auditor's relative, which represents a conflict of interest.

Refer to Professional Standards: According to the Institute of Internal Auditors' (IIA) standards, an internal auditor must maintain objectivity and avoid conflicts of interest (IIA Standard 1100 – Independence and Objectivity).

Escalate the Issue: The appropriate course of action is to escalate this matter to the chief audit executive (CAE) and management, as they are responsible for determining the impact of the conflict and the appropriate response.

Decision Making: The CAE and management will assess whether the conflict of interest could impair the auditor's objectivity and decide whether the auditor should be removed from the engagement or if additional oversight is needed.

Documentation: It is important to document the conflict and the decision-making process in the audit documentation for transparency and accountability.

When a significant finding is noted early during a review of the accounts payable function, the best course of action for communicating the issue is to inform internal accounting management via an interim memorandum update. This allows for timely communication and potential early remediation actions, ensuring that management is aware of the issue and can address it promptly before the final audit report is issued.

A properly supervised engagement ensures that the audit is conducted effectively, efficiently, and in accordance with IIA standards. The auditor in charge has the responsibility to oversee the audit process and ensure that the engagement objectives are achieved.

IIA Standard 2340 – Engagement Supervision:

This standard requires that engagements be supervised to ensure that objectives are achieved, work is performed according to appropriate standards, and the results are supported by sufficient, relevant, and reliable evidence.

Reasonable Assurance:

The auditor in charge must provide reasonable assurance that the audit engagement's objectives were met. This involves reviewing work performed, ensuring compliance with audit standards, and verifying that conclusions are supported by adequate evidence.

IIA Practice Advisory 2340-1:

The advisory emphasizes the role of the auditor in charge in providing oversight throughout the audit engagement. This includes ensuring that auditors follow procedures, apply professional judgment, and that all significant findings are appropriately addressed.

Option A (Daily record review): While keeping a record is good practice, it does not constitute comprehensive supervision.

Option B (Review by peers): Peer review is useful but does not replace the overarching responsibility of the auditor in charge.

Option C (Accompanying new auditors): This is part of training and guidance but does not alone ensure that engagement objectives are met.

Detailed Explanation:Why Not Other Options?

When significant control issues are identified during a consulting engagement, it is the responsibility of the chief audit executive to ensure that these issues are communicated to senior management and the board. This ensures that the organization is aware of the risks and can take corrective action. Consulting engagements should not overshadow the priority of addressing critical control issues that may affect the organization's risk profile. References:

"International Standards for the Professional Practice of Internal Auditing" (IIA Standards)

"Internal Auditing: Assurance & Advisory Services" (The Institute of Internal Auditors)

When determining the level of staff and resources for an assurance engagement, the most relevant factor for the chief audit executive (CAE) is the availability of resources with the specific skill set required for that particular engagement. This is because assurance engagements often involve complex and specialized areas that necessitate specific expertise to effectively evaluate controls, risks, and processes.

IIA References:

IIA Standard 2230: Engagement Resource Allocation states that internal auditors must determine appropriate and sufficient resources to achieve engagement objectives based on an evaluation of the nature and complexity of each engagement, time constraints, and available resources. The emphasis is on ensuring that the team assigned to the engagement possesses the necessary skills and knowledge.

The Practice Advisory 2230-1 further suggests that the CAE should consider the complexity and risks associated with the engagement and ensure that the assigned team has the appropriate experience and technical skills.