Get 100% Passing Success With True IIA-CIA-Part2 Exam! [Sep-2021]
IIA IIA-CIA-Part2 PDF Questions - Exceptional Practice To Practice of Internal Auditing
NEW QUESTION 62
The chief executive officer has requested that the chief audit executive (CAE) coordinate the establishment of an enterprise risk management (ERM) program for the organization. Which of the following would be the most appropriate action for the CAE?
- A. Accept the request after consulting with the board and adhering to proper safeguards.
- B. Accept the request as the role of coordinating ERM is a core function of internal audit.
- C. Decline the request as this role compromises the CAE's objectivity.
- D. Decline the request as internal audit has limited knowledge and experience of risk at the enterprise level to undertake the assignment.
Answer: A
NEW QUESTION 63
Which of the following would not be an appropriate step for an internal auditor to perform during an assessment of compliance with an organization's privacy policy?
- A. Evaluate the government's security measures related to confidential information received from the organization.
- B. Analyze access to permanent files and reports containing confidential information.
- C. Determine who can access databases containing confidential information.
- D. Evaluate the organization's privacy policy to determine if appropriate information is covered.
Answer: A
Explanation:
Section: Volume B
NEW QUESTION 64
Insurance companies often receive electronic hospitalization claims directly from hospitals. Which of the following control procedures would be most effective in detecting fraud in such an environment?
- A. Use integrated test facilities to test the accuracy of processing in a manner that is transparent to data processing.
- B. Develop batch controls over all items received from a particular hospital and process those claims in batches.
- C. Use generalized audit software to match the claimant identification number with a master list of valid policyholders.
- D. Develop monitoring programs to identify unusual types of claims or an unusual number of claims by demographic class for investigation by the claims department.
Answer: D
NEW QUESTION 65
Which of the following items should be addressed in an organization's privacy statement?
I. Intended use of collected information.
II. Data storage and security.
III. Network/infrastructure authentication controls.
IV. Data retention policy of the organization.
Parties authorized to access information.
- A. I and II only
- B. I, II, and V only
- C. II, III, IV, and V only
- D. I and IV only
Answer: B
Explanation:
Section: Volume B
NEW QUESTION 66
During an audit of a major contract, an auditor finds that actual hours and dollars billed are consistently at or near budgeted amounts. This condition is a red flag for which of the following procurement fraud schemes?
- A. Cost mischarging.
- B. Bid rotation.
- C. Defective pricing.
- D. Fictitious vendor.
Answer: A
NEW QUESTION 67
An internal audit manager is supervising an engagement. A senior auditor deviates from the approved engagement plan but meets all deadlines in the approved time schedule. Which activity is not required for the audit manager to provide proper engagement supervision?
- A. Actively participate in audit procedures.
- B. Ensure compliance with the time schedule.
- C. Ensure that all engagement objectives are met.
- D. Approve the deviation from the engagement plan.
Answer: A
Explanation:
Section: Volume C
NEW QUESTION 68
The most effective procedure to verify compliance with a requirement that materials be purchased from the lowest-priced source is to compare:
- A. Prices paid for selected materials with prices listed on related purchase orders.
- B. Vendors' current prices with prices listed on related purchase orders.
- C. Approved vendor lists with bids obtained for selected purchases.
- D. Bids obtained for selected purchases with related purchase orders.
Answer: D
NEW QUESTION 69
Which of the following is an advantage to using the questionnaire approach when conducting risk and control self assessments?
- A. It allows for in-depth probing of issues.
- B. Responses can easily be quantified and analyzed.
- C. Follow-up for clarification is efficient.
- D. It is educational for participants.
Answer: B
NEW QUESTION 70
In response to an audit finding, senior management informed the auditor that the issue would be investigated and resolved when time permitted. According to the International Professional Practices Framework, this action was not acceptable because:
- A. The board had not reviewed management's responses to the engagement observations and recommendations.
- B. The appropriate level of management was not involved in the review and resolution of the issue.
- C. Responses should include sufficient information to evaluate the adequacy and timeliness of corrective action.
- D. Other departments should have been contacted to determine if they shared responsibility for corrective action.
Answer: C
NEW QUESTION 71
According to the International Professional Practices Framework, the responsibility for establishing and maintaining a system to monitor the disposition of results communicated to management falls upon:
- A. Compliance officer.
- B. Chief audit executive.
- C. Risk manager.
- D. Senior management.
Answer: B
NEW QUESTION 72
Risk assessments can vary in format, but generally include:
1.A description of identified risks.
2.Tests of audit controls.
3.A system of rating risks.
4.Sample size identification.
- A. 1, 3, and 4 only
- B. 2, 3, and 4 only
- C. 1 and 2 only
- D. 1 and 3 only
Answer: D
NEW QUESTION 73
According to the International Professional Practices Framework, which of the following statements is true regarding the use of the statement, "Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing," when communicating results of a seven-year-old internal audit activity?
- A. The statement may be used only if the results of the quality assurance and improvement program support the statement.
- B. The statement may be used only when conducting international engagements.
- C. The statement may be used whether or not the internal audit department has an external quality assessment review or an independent validation of a self-assessment.
- D. The statement should not be used for a consulting engagement.
Answer: A
NEW QUESTION 74
During an interview with a manager in a company's claims department, an auditor noted that the manager became nervous and changed the subject whenever the auditor raised questions about certain types of claims. The manager's answers were consistent with company policies and procedures. When documenting the interview, the auditor should:
- A. Disregard the interview entirely because the verbal and nonverbal communications were contradictory.
- B. Conclude that the nonverbal communication is persuasive and that sufficient evidence exists to begin a fraud investigation.
- C. Document the manager's answers, noting the nature of the nonverbal communication.
- D. Document the manager's answers but not the nonverbal communication because it is subjective and is not corroborated.
Answer: C
NEW QUESTION 75
Which of the following are typical steps in the design of an organization's performance measurement system?
- A. Categorize performance measures; establish a data collection plan; analyze data; and predict future performance.
- B. Perform a situational assessment; generate macro measurements; review measurement data; and change strategy based upon measurement results.
- C. Establish a measurement plan; create an organizational strategy linked to those measurements; trend measurement data; and measure data variability.
- D. Understand organizational strategy; perform a situational assessment; establish measurement categories; and take actions based upon measurement results.
Answer: D
Explanation:
Section: Volume B
NEW QUESTION 76
A bank is developing an integrated customer information system. The type of audit involvement that would most likely help avoid implementation of a system that does not cover all types of accounts would be:
- A. An application control review.
- B. An access control review.
- C. A source code review.
- D. A design review.
Answer: D
Explanation:
Section: Volume B
NEW QUESTION 77
A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:
Which of the following statements regarding risk in the department is true?
- A. The nature of department A's control structure may be justified by the nature of the department's assets and the complexity of its transactions.
- B. The internal audit activity should schedule audits of department B more often than audits of department C because of the relative control strength of department C as compared to department B.
- C. As compared to departments A and C, department B has a stronger control system to compensate for the greater complexity of the department's transactions and dollar value of its assets.
- D. The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.
Answer: A
NEW QUESTION 78
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?
- A. Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.
- B. Confirm the decision with management and document this decision in the audit file.
- C. Initiate an assurance engagement on the unresolved issues.
- D. Document the issue in the audit file and follow up until the issues are resolved.
Answer: B
NEW QUESTION 79
In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should:
- A. Explain that the auditor's reputation for integrity, which is vital to the auditor's business success, would be seriously damaged if confidentiality were breached.
- B. Put sensitive questions at the beginning of a questionnaire to ensure that they are answered.
- C. Tell the employee a piece of information obtained from a coworker in a previous interview.
- D. Point out that management has given the auditor full authority to conduct this interview.
Answer: A
NEW QUESTION 80
Many questionnaires are made up of a series of different questions that use the same response categories (for example: strongly agree, agree, neither, disagree, strongly disagree). Some designs will have different groups of respondents answer alternate versions of the questionnaire that present the questions in different orders and reverse the orientation of the endpoints of the scale (for example: agree on the right and disagree on the left).
The purpose of such questionnaire variations is to:
- A. Reduce the effects of pattern response tendencies.
- B. Test whether respondents are reading the questionnaire.
- C. Eliminate intentional misrepresentations.
- D. Make it possible to get information about more than one population parameter using the same questions.
Answer: A
NEW QUESTION 81
......
IIA-CIA-Part2 dumps - VCETorrent - 100% Passing Guarantee: https://www.vcetorrent.com/IIA-CIA-Part2-valid-vce-torrent.html
Fast, Hands-On IIA-CIA-Part2 exam: https://drive.google.com/open?id=12khhDPcb5saMS7-ems9bs3Qw6shvL-02