IIA-CIA-PART1 Online Practice Questions and Answers

An auditor is using audit software to check inventory accuracy. Which of the following would be an indicator of poor input edit controls?

A. Negative quantities on hand.

B. Total dollar values of zero for some parts.

C. Alpha characters in the field for order lead time.

D. Reorder levels set too high.

Using the internal audit department to coordinate regulatory examiners' efforts is beneficial to the organization because internal auditors can:

A. Influence regulatory interpretation of law to better match corporate practice.

B. Recommend changes to the scope of the regulatory examiners' review.

C. Perform fieldwork for the regulatory examiners and thus shorten the regulatory examiners' review.

D. Supply evidence of adequate compliance testing through internal audit workpapers and reports.

An internal quality assessment of the internal audit activity should provide the chief audit executive with.

A. Recommendations for improvement.

B. Objectives for internal audit engagements.

C. Confirmation of action on past audit recommendations.

D. Appraisals of internal audit staff performance.

Which of the following are acceptable resources for a chief audit executive to use when developing a staffing plan?

1.

Co-sourcing arrangements.

2.

Employees from other areas of the organization.

3.

The organization's external auditors.

4.

The organization's audit committee members.

A. 1 only

B. 1 and 2 only

C. 2 and 3 only

D. 1, 2, and 4 only

The work papers for an audit of hazardous-materials handling and disposal at an engineering research facility provide evidence that the following procedures were performed.

Drums of hazardous waste not yet shipped off-site were inventoried. The physical count agreed with

the company's inventory records.

A sample of hazardous-waste shipments received at the disposal site was compared to bills of lading and company records. No errors were detected.

The audit staff observed engineering personnel during the handling of hazardous materials. No

company policy violations were noted.

The reconciliation of waste drums to the inventory records provides evidence that:

A. Hazardous-waste materials were being disposed of as prescribed by company policy.

B. The amount of hazardous materials being used was accurately recorded.

C. Records of drums shipped to the waste disposal site were being maintained.

D. All hazardous-waste drums in inventory were accounted for.

According to IIA guidance, which of the following risk management process evaluation findings would the internal audit activity consider most effective?

A. Relevant risk information is captured and communicated in a periodic manner to management.

B. Risk management processes are monitored through an annual assessment.

C. Risk responses align with the organization's risk appetite.

D. Strategic risks with low residual values are continuously monitored.

A chief audit executive (CAE) of an international charity reports functionally to the audit committee of the board of directors and administratively to the charity's chief financial officer (CFO).

Which of the following would impair the internal audit function's independence?

A. The CFO determines the scope of internal audit work in the accounting department.

B. The CFO manages the accounting of the budget for the internal audit function.

C. The CFO administers the annual evaluation process for the internal auditors.

D. The CFO provides feedback on the CAE's audit reports.

An internal auditor finds during an engagement that payment for the organization's general insurance policy is two months overdue. The issue is informally mentioned to the finance department which immediately submits the invoice for payment. The auditor decides to exclude this finding from the final audit report as the oversight was immediately corrected and there were no consequences because of this late payment.

Which of the following rules of conduct as described in the IIA Code of Ethics, did the auditor fail to uphold?

A. Confidentiality.

B. Objectivity.

C. Integrity.

D. Competency.

What type of risk management strategy is being employed when an organization installs two firewalls to provide protection from unauthorized access to the network?

A. Diversifying the risk that network access will not be available to legitimate, authorized users.

B. Accepting the risk that there may be attempts at unauthorized access to the network.

C. Avoiding the risk of having a direct network connection to un-trusted networks.

D. Sharing the risk that either firewall could be compromised by hackers.

According to IIA guidance, which of the following must internal auditors consider to conform with the requirements for due professional care during a consulting engagement?

1.

The cost of the engagement, as it pertains to audit time and expenses in relation to the potential benefits.

2.

The needs and expectation of clients, including the nature, timing, and communication of engagement results.

3.

The application of technology-based audit and other data analysis techniques, where appropriate.

4.

The relative complexity and extent of work needed to achieve the engagement's objectives.

A. 1, 2, and 3

B. 1, 2, and 4

C. 1, 3, and 4

D. 2, 3, and 4