Question No. 1

An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

AOption A

BOption B

COption C

DOption D

Show Answer

Correct Answer: C

The appropriate formula to calculate residual risk is (Probability of events) (Impacts). Residual risk is the risk that remains after controls are implemented to mitigate the inherent risk. It reflects the remaining exposure after considering the effectiveness of existing controls. This formula takes into account the likelihood of an event occurring and the potential impact if it does occur. Reference: IIA Practice Guide -- Assessing the Adequacy of Risk Management Processes, COSO Framework

Question No. 2

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

AA complete, accurate, and comprehensive account of engagement observations and recommendations.

BOversight of the coordination between the internal audit activity and independent outside auditors.

CThe internal audit activity's purpose, authority, responsibility, and performance relative to plan.

DManagement's assertions regarding the system of internal controls.
A periodic report from the chief audit executive (CAE) to the board typically includes information about the internal audit activity's purpose, authority, responsibility, and performance relative to the audit plan. This report ensures that the board is kept informed about the internal audit activity's alignment with organizational goals, its independence, and any significant issues or deviations from the plan.
IIA Reference:
IIA Standard 2060: Reporting to Senior Management and the Board requires the CAE to report periodically to the board on the internal audit activity's purpose, authority, responsibility, and performance relative to its plan. This standard ensures that the board has a clear understanding of how the internal audit activity is fulfilling its role.
The Practice Guide on Effective Communication with the Board recommends that the CAE provide regular updates on the internal audit activity's progress against its plan and any significant issues that require the board's attention.

Show Answer

Correct Answer: C

Question No. 3

A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan''

APresent the revised audit plan directly to the board for approval.

BCommunicate with the chief financial officer and present the revised audit plan to the CEO tor approval

CPresent the revised audit plan directly to the CEO for approval

DCommunicate with the CEO and present the revised audit plan to the board for approval.

Show Answer

Correct Answer: D

When proposing interim changes to the annual audit plan due to emerging risks, the most appropriate action for the CAE is to communicate with the CEO and present the revised audit plan to the board for approval. This ensures that senior management is informed and supportive of the changes, and that the board, which holds the ultimate oversight responsibility, formally approves the revised plan. Reference:

The IIA's International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2020 - Communication and Approval.

The IIA's Practice Guide on Engagement Planning.

Question No. 4

A senior IT auditor is performing an audit of inventory valuation. The auditor misinterprets the sampling results. Which of the following best describes this situation?

ASampling risk.

BControl risk.

CNonsampling risk.

DResidual risk.
Nonsampling risk refers to the risk that the auditor reaches an incorrect conclusion due to errors not related to the sample itself but to other factors such as misinterpretation of data, incorrect application of procedures, or human error.
Detailed Explanation:
IIA Practice Advisory 2320-3:
This advisory explains that nonsampling risk occurs when an auditor misinterprets results or applies the wrong audit procedure. It differs from sampling risk, which is the risk that a sample is not representative of the population.
Misinterpretation of Sampling Results:
In this case, the senior IT auditor misinterprets the sampling results during the audit of inventory valuation. This is a classic example of nonsampling risk, where the error is due to the auditor's misunderstanding or misapplication of the data, rather than an issue with the sampling process itself.
IIA Standard 2320 -- Analysis and Evaluation:
This standard requires that auditors apply sufficient care and skill in analyzing and interpreting audit evidence. Nonsampling risk can occur if this standard is not met, resulting in incorrect conclusions.
Why Not Other Options?
Option A (Sampling risk): This refers to the risk that the sample does not accurately represent the population, which is not the issue here.
Option B (Control risk): This refers to the risk that a control will fail to prevent or detect errors or fraud, unrelated to this situation.
Option D (Residual risk): This refers to the risk that remains after controls are implemented, also unrelated to this scenario.
Conclusion: Option C is correct as it accurately describes the situation where the auditor misinterprets the sampling results, which is a form of nonsampling risk, according to IIA guidance.

Show Answer

Correct Answer: C

Question No. 5

The audit committee has asked the chief audit executive (CAE) to conduct an ad hoc forensic investigation of the purchasing department within a month due to the significance and urgency of a recently discovered risk The internal audit activity currently has no available staff with relevant experience or qualifications Which of the following is the CAE's best option for fulfilling the internal audit activity's responsibilities in this case?

AOutsource the investigation to independent professional consultants

BSelect certain internal auditors and remove them from their current assignments so that they can begin a forensic investigation course

CRecruit additional internal auditors possessing relevant qualification and experience

DDecline the engagement at this time

Show Answer

Correct Answer: A

Given the urgency and the lack of internal expertise in forensic investigation, the most effective and immediate solution is to outsource the investigation to independent professional consultants. This approach ensures that the investigation is conducted by individuals with the necessary skills and experience, thereby maintaining the integrity and quality of the investigation. Training internal staff or recruiting new auditors would take time and may not address the immediate need, while declining the engagement would not fulfill the audit committee's request. Reference:

'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)

'Forensic Accounting and Fraud Investigation for Non-Experts' (Howard Silverstone and Michael Sheetz)

Free IIA IIA-CIA-Part2 Exam Actual Questions

The questions for IIA-CIA-Part2 were last updated On Nov 20, 2024