Free Practice Questions for IIA IIA-CIA-Part2 Exam

In internal auditing, the reliability of evidence is critical. According to IIA standards, evidence that is obtained directly from an external source, such as a customer, is generally considered more reliable, especially when it is timely.

IIA Standard 2310 – Identifying Information:

This standard requires that internal auditors obtain sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives. Evidence obtained directly from external sources is often deemed more reliable because it is less likely to be biased or manipulated.

Direct Evidence:

Evidence obtained directly from a customer is considered highly reliable because it comes from an independent and external party. It is less likely to be influenced by internal pressures or conflicts of interest.

Timeliness:

The timeliness of evidence also affects its reliability. Recent and relevant information is more likely to accurately reflect the current state of affairs, making it more reliable for decision-making.

Option A (Untested third party): Although external, the reliability of evidence from an untested third party is uncertain until their credibility is established.

Option B (Uncorroborated evidence from an employee): This is less reliable as it may be subject to bias or self-interest.

Option C (Undocumented evidence from a manager): Undocumented evidence is generally less reliable as it lacks supporting documentation that can be verified.

Detailed Explanation:Why Not Other Options?

The rotational model of internal audit staffing involves bringing in staff from other parts of the organization for a temporary period before they return to their original roles. While this model has several advantages, such as bringing diverse perspectives and business knowledge, it also has the disadvantage that auditors are often new to the internal audit function and are continuously in training.

Rotational Model:

In this model, employees from various departments are rotated into the internal audit activity for a specific period. They gain audit experience before rotating back to their original or other roles within the organization.

Disadvantages:

Since these individuals are not career auditors, they may lack the deep audit expertise of career auditors, and a significant amount of time is often spent on training. This constant influx of new, inexperienced staff can lead to a scenario where the team is always in training mode, potentially impacting audit efficiency and effectiveness.

IIA Practice Advisory 1210-1:

The advisory notes that while the rotational model can enhance business understanding within the audit team, it requires careful management to ensure that audit quality is not compromised due to the continuous learning curve of rotating staff.

Option A (Career model): This involves auditors who remain in the internal audit function throughout their careers, leading to a highly skilled and experienced team.

Option B (Center of competence model): This model focuses on a centralized group of audit experts, ensuring specialized skills and consistency.

Option D (Hybrid model): This combines elements of the rotational and career models, aiming to balance expertise with fresh perspectives.

Detailed Explanation:Why Not Other Options?

When a client decides not to implement recommended process improvements from a consulting engagement, the internal audit activity should confirm the decision with management and document it in the audit file. This approach ensures that the audit trail is complete and that there is a record of management’s acceptance of the associated risks. Escalating the issue to the board (Option A) or initiating an assurance engagement (Option D) might be necessary if the risks are significant, but these actions are not the immediate next steps. Continuous follow-up (Option C) is more relevant to assurance engagements rather than consulting engagements.

IIA Standard 2500: Monitoring Progress.

IIA Practice Guide on Consulting Engagements.

Narrative memoranda are used in internal auditing to describe processes in a clear and detailed manner, especially when the process is simple. This method is effective for documenting straightforward processes where a flowchart or other visual representation might be unnecessary or overly complex.

IIA Standard 2330 – Documenting Information:

This standard requires that internal auditors document relevant information to support engagement conclusions and recommendations. Narrative memoranda are one way to document processes, particularly when the process is simple and can be easily described in text.

Use of Narrative Memoranda:

Narrative memoranda provide a written account of a process, outlining each step in a sequential manner. This method is particularly useful for simple processes where the key points can be easily captured in a narrative form, without the need for complex diagrams.

Efficiency in Documentation:

For simple processes, a narrative memorandum is more efficient than a detailed flowchart. It allows the auditor to explain the process clearly and concisely, ensuring that all necessary information is captured without unnecessary detail.

Option A (Detailed risk assessment): A narrative memorandum is not typically used for risk assessments, which require more detailed analysis and often visual aids.

Option B (Identify key roles): While a narrative can mention roles, this is not its primary purpose.

Option D (Document outputs): Documenting outputs that support other activities typically requires more detailed mapping, such as flowcharts or tables.

Detailed Explanation:Why Not Other Options?Conclusion: Option C is correct because narrative memoranda are best suited for explaining simple processes in a clear and concise manner, in line with IIA documentation standards.

Effective risk management and internal control processes are best exemplified by having relevant risk indicators and mitigation plans in place. This demonstrates that the organization not only identifies and assesses risks but also actively monitors and manages these risks through appropriate mitigation strategies. The presence of risk indicators and mitigation plans indicates a proactive approach to risk management, ensuring that potential issues are addressed before they can impact the organization significantly.

The Institute of Internal Auditors (IIA) Standard 2100 – Nature of Work: "The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach."

COSO Enterprise Risk Management Framework

To identify a personal conflict-of-interest situation affecting an organization’s procurement function, inspecting documents is the most effective engagement technique. This involves reviewing relevant documentation such as procurement records, conflict of interest disclosures, vendor contracts, and employee relationships with vendors. This technique provides concrete evidence and can reveal discrepancies or relationships that suggest a conflict of interest, offering a clear and objective basis for any findings.

The Institute of Internal Auditors (IIA) - Standards for the Professional Practice of Internal Auditing, Standard 2310 - Identifying Information

When an internal auditor is unable to find supporting documentation for selected accounts during a test, the appropriate next step is to contact management to determine if the documentation is stored elsewhere. This ensures that all potential sources of evidence are explored before drawing any conclusions.

IIA Standard 2310 – Identifying Information:

This standard requires auditors to obtain sufficient, reliable, relevant, and useful information to support their findings. If documentation is missing, the auditor must investigate further to determine if the evidence exists in another location or form.

Contacting Management:

Before concluding that the test failed or expanding the sample, the auditor should first check with management to see if the documentation might be stored in an alternative location. This step ensures that the audit results are based on a thorough and complete examination of available evidence.

IIA Practice Advisory 2330.A1-1:

The advisory suggests that auditors should consider all sources of evidence and confirm with management if there are any alternative ways to obtain the necessary information.

Option A (Conclude that the test failed): This conclusion would be premature without first attempting to locate the missing documentation.

Option B (Select new accounts): This could lead to the same issue if the documentation is not missing but simply stored elsewhere.

Option C (Expand the sample size): Expanding the sample is unnecessary if the issue is simply that the documentation is stored in a different place.

Detailed Explanation:Why Not Other Options?Conclusion: Option D is correct because it involves taking the logical next step of contacting management to locate the missing documentation, ensuring that the audit is thorough and the conclusions drawn are based on all available evidence, in line with IIA standards.

A material impact on the accuracy of the prior year's financial statements due to the inaccurate operation of controls is a significant issue that would likely prompt special notification from the chief audit executive (CAE) to senior management. This is because such an issue can have substantial implications for the organization's financial reporting, stakeholder trust, and compliance with regulatory requirements. Immediate notification ensures that senior management can take timely corrective action to address and remediate the issue.

A consulting engagement involves providing advice and recommendations to improve processes, controls, and efficiency.

Option A: Reviewing journal entries for accuracy and completeness.

This task is typically performed during assurance engagements, not consulting engagements, where the focus is on evaluating and verifying records.

Option B: Comparing the policies and procedures to regulatory collections guidance.

This is more aligned with compliance auditing or assurance engagements, ensuring that practices align with regulatory requirements.

Option C: Advising management on streamlining the recording of accounts receivable.

This action is typical of a consulting engagement, where the auditor provides advice and recommendations to improve business processes and efficiency.

Option D: Performing a walk-through of the debt collections process to determine whether proper segregation of duties exists.

This is an activity more typical of an assurance engagement, where the auditor evaluates the effectiveness of controls.

When selecting an external service provider, the CAE must ensure that the provider possesses the necessary knowledge, skills, and competencies relevant to the specific type of work being reviewed. This is best demonstrated by the provider's experience in the relevant field (Option D). The other options, such as financial interest (Option A), prior relationships (Option B), and compensation (Option C), are considerations for assessing potential conflicts of interest or independence but are not primary criteria for evaluating technical competency.

IIA Standard 1210: Proficiency.

IIA Practice Guide on External Service Provider Arrangements.

According to IIA guidance, risk assessment is a critical step that precedes the development of audit engagement objectives. The risk assessment process helps internal auditors identify the key areas of risk within the organization, which then informs the setting of appropriate objectives for the audit engagement.

IIA Standard 2201 – Planning Considerations:

This standard requires internal auditors to consider risk when planning an engagement. The risk assessment process identifies the areas of highest risk, which allows the auditor to focus on the most critical issues during the engagement.

Role of Risk Assessment:

By assessing risks, the auditor can determine which processes or controls are most likely to affect the achievement of the organization’s objectives. This understanding is essential for setting the audit engagement’s objectives, ensuring that they are aligned with the areas of greatest concern.

IIA Practice Advisory 2210.A1-1:

The advisory suggests that auditors should use the results of the risk assessment to establish the scope, objectives, and priorities of the engagement. Without this risk assessment, the audit objectives may not fully address the most significant risks.

Option A (Identification of controls): This typically occurs after the objectives are set, as controls are evaluated based on the identified risks.

Option B (Scope establishment): The scope is determined after the objectives are set, which are based on the risk assessment.

Option D (Review of resources): This step is related to the allocation of resources after the objectives and scope are defined.

Detailed Explanation:Why Not Other Options?

The primary purpose of implementing a program whereby employees are rotated from other parts of the organization into the internal audit activity is to provide an opportunity for the recruitment of employees as permanent internal auditors. This rotation program helps in identifying talented individuals who might have the aptitude and interest in internal auditing. It serves as a recruitment strategy by exposing employees from other departments to the internal audit function, potentially increasing the pool of candidates for permanent internal auditor positions. This approach also benefits the internal audit activity by bringing in fresh perspectives and diverse experiences from different areas of the organization.

IIA's Practice Guide on Human Resources Management, specifically regarding staffing and career development within internal audit functions.

The primary purpose of creating a preliminary draft audit report is to facilitate communication with management of the area under review. This draft allows for discussion and feedback on the findings, recommendations, and any potential misunderstandings or disagreements before the final report is issued. It helps ensure that the final report is accurate, fair, and reflects the input of both the auditors and management. References:

The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), specifically Standard 2410 - Criteria for Communicating.

The IIA’s Practice Guide on Communicating Results.

According to IIA guidance, the primary purpose of the exit conference is to ensure timely communication of observations and findings, especially those that require immediate management action. This meeting allows auditors to discuss their findings with management, address any disagreements, and clarify the facts before the final report is issued. It does not require the attendance of both the chief audit executive and the chief executive over the activity (B), nor is it solely for reviewing anticipated results (C) or the performance of the internal auditors (D). References: IIA Standard 2440 – Disseminating Results, IIA Practice Advisory 2440-1