Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIA Challenge Exam (CPA) > Essentials: Proficiency > Flashcards

Essentials: Proficiency Flashcards

1
Q

An entry-level internal auditor just started working in a large internal audit department. What would be the best next step to acclimate to the profession?

  1. Participate in research projects.
  2. Obtain a mentor.
  3. Network with other internal auditors at a more-senior level.
  4. Get occupational assignments.
A

2- Obtain a mentor.

Rationale
Any topics that enhance an auditor’s proficiency contribute to employee development. This may include specialized training in business processes, audit techniques, interpersonal skills, communication skills, and related topics. Having a mentor would be the best way listed to acclimate to the profession to obtain guidance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The most important reason for the chief audit executive to ensure that the internal audit department has adequate and sufficient resources is to

  1. establish credibility with the audit committee and management.
  2. fulfill the need for effective succession planning.
  3. demonstrate sufficient capability to meet the audit plan requirements.
  4. ensure that the function is adequately protected from outsourcing.
A

3- demonstrate sufficient capability to meet the audit plan requirements.

Rationale
Standard 2030 requires that internal audit resources be appropriate, sufficient, and effectively deployed to achieve the approved plan. As noted in interpretation of the standard, “Appropriate refers to the mix of knowledge, skills, and other competencies needed to perform the plan. Sufficient refers to the quantity of resources needed to accomplish the plan. Resources are effectively deployed when they are used in a way that optimizes the achievement of the approved plan.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A chief audit executive (CAE) for a department of 10 internal auditors establishes a training plan for each auditor. Every quarter the CAE meets with each auditor to discuss the plan and make appropriate adjustments. The CAE is demonstrating his commitment to

  1. continuing professional development.
  2. the quality of the audit plan.
  3. staff morale.
  4. the organization’s vision.
A

1- continuing professional development.

Rationale
Any topics that develop or enhance an auditor’s proficiency contribute to continuing education. This may include specialized training in business processes, audit techniques, interpersonal skills, communication skills, and related topics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the best definition of business acumen as it pertains to internal auditors?

  1. Understanding the client organization, its culture, the way it works, the sector it operates in, and the local and global factors that act upon it
  2. Personal skills, including effective communication, rational or emotional persuasion, a collaborative mindset, and critical thinking skills
  3. Assessing the quality of risk management processes and systems and internal control and corporate governance processes
  4. Finding ways to be more forward-looking by embracing change and driving improvement and innovation
A

1- Understanding the client organization, its culture, the way it works, the sector it operates in, and the local and global factors that act upon it

Rationale
Business acumen is an essential prerequisite that enables internal auditors to provide effective assurance and advisory services and add value to the organization. Personal skills are also important, but business acumen is part of the technical expertise skill set.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A government auditor is assigned to determine why the students in one region score significantly higher on education evaluation tests than the students in another region. Research shows a direct correlation between public financial support and student results. Assuming that all of the following are true, which is the most likely explanation for the difference in regional results?

  1. The more successful region spends more money per student on education than the other region.
  2. The more successful region spends 30% more money on education than the other region.
  3. The more successful region has increased educational spending by an average of 10% each year for the last three years, whereas the other region’s increase has averaged only 3%.
  4. A higher percentage of the general tax funds is spent on education in the more successful region than in the other region.
A

1- The more successful region spends more money per student on education than the other region.

Rationale
The key to the correct answer is “more money per student.” Discussing total amounts of money spent can be deceptive. One region may be much larger than another, and not all of the money was necessarily spent on students. One of the key competencies expected of an internal auditor is an appreciation of subjects related to his or her field—politics, economics, and so forth. In this scenario, one would expect a government auditor to be familiar with government statistics and policies related to education performance and funding. Having familiarity with or access to this information, the auditor will be able to make judgments and draw conclusions such as how the level of education funding impacts student performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The environmental health and safety (EH&S) office requests a consulting audit to determine how successful it has been in accomplishing its technical objectives for the organization. If the internal audit function has some internal auditors who have experience in corporate social responsibility (CSR) but none who have EH&S expertise, the chief audit executive (CAE) should

  1. defer the engagement and tell the audit committee that it will take several months to train internal audit staff for such an engagement.
  2. obtain appropriate support from an external EH&S professional with internal auditing experience.
  3. begin the engagement with the auditors with experience in CSR and incorporate EH&S training into next year’s planning to prepare for a follow-up engagement.
  4. suggest to the audit committee that the factory’s own EH&S staff conduct the engagement.
A

2- obtain appropriate support from an external EH&S professional with internal auditing experience.

Rationale
The CAE must obtain competent advice and assistance if the internal auditors lack the knowledge, skills, or other competencies needed to perform all or part of the engagement. The internal audit activity may use external service providers or internal resources that are qualified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The IIA Global Internal Audit Competency Framework defines the competencies needed to meet the requirements of the International Professional Practices Framework. Which is the competency that requires an internal auditor to demonstrate problem solving, creativity, rationalization, and a refusal to accept things at face value?

  1. Critical thinking
  2. Improvement and innovation
  3. Business acumen
  4. Persuasion and collaboration
A

1- Critical thinking

Rationale
In order to create value for the organization, internal auditors must apply a critical thinking approach to internal audit—a level beyond basic operational audits. This involves analyzing a situation or task for the development of supportable conclusions—applying process analysis and business intelligence and problem-solving techniques—and conveying the assessed results in a logical manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The chief audit executive (CAE) determines that specialized skills and expertise are needed to assess the organization’s susceptibility to fraudulent financial reporting. Which is a potential advantage of co-sourcing related internal audit activities?

  1. Simplified privacy and confidentiality issues and considerations
  2. Greater process control
  3. Improved timeliness of the internal audit activity
  4. Improved potential for high staff morale
A

3- Improved timeliness of the internal audit activity

Rationale
It is incumbent upon the CAE to obtain assistance from experts outside the internal audit activity to support or complement areas where the activity is not fully proficient. Co-sourcing and out-sourcing are viable options when the internal audit function cannot efficiently and effectively fulfill an internal audit activity. However, they typically result in a loss of process control can entail additional privacy and confidentiality issues and considerations. Co-sourcing in particular has potential to undermine staff morale.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which is one way that internal auditors must exercise due professional care during a consulting engagement?

  1. Consider the use of technology-based audit tools and other data analysis techniques.
  2. Consider how to use the consulting engagement to reduce the number of assurance engagements during the period.
  3. Consider the amount of time the consulting engagement will take.
  4. Consider the cost of the consulting engagement in relation to potential benefits.
A

4- Consider the cost of the consulting engagement in relation to potential benefits.

Rationale
One way to demonstrate due professional care on consulting engagements is to consider the cost of the consulting engagement in relation to the potential benefits, according to Implementation Standard 1220.C1. The amount of time the consulting engagement will take is an objective of audit management. Considering the use of technology-based audit tools and other data analysis techniques applies to assurance engagements, per Implementation Standard 1220.A2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An auditor is performing a paycheck distribution at a company location that is a three-hour drive from the office. The audit test is being performed to verify that employees listed on the payroll exist. It has started to snow outside, and the auditor has validated 99 of the 100 employees listed. The remaining employee works on the night shift. The location manager is concerned about the auditor driving in the snow and offers to validate the employee’s existence over the phone and to have the employee sign the auditor’s workpaper to attest to his existence. The auditor agrees to this. Did the auditor make the right decision?

  1. Yes, the manager is a trusted and well-respected employee, and the auditor’s decision was reasonable and prudent given the circumstances.
  2. No, the auditor should have returned on another day or waited for the employee to report to work.
  3. No, the auditor should have requested some additional evidence, such as taking a picture of the employee and emailing that.
  4. Yes, 99 of 100 employees were verified, which meets the materiality threshold.
A

2- No, the auditor should have returned on another day or waited for the employee to report to work.

Rationale
Attribute Standard 1220, “Due Professional Care,” states: “Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility.” The auditor should have returned on another day or waited for the employee to report to work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A large manufacturing company with declining profits has placed a spending freeze on all external training. The audit department has 12 auditors at various levels of proficiency. What would be the best next step the chief audit executive (CAE) should take to provide staff training?

  1. Have the auditors look for free training on the Internet, and allow them to take the training on company time.
  2. Take no action, since the resources are not available.
  3. Discuss the matter with human resources, executive management, and/or the audit committee to identify possible alternatives.
  4. Mandate that the individual auditors train each other in their off hours.
A

3- Discuss the matter with human resources, executive management, and/or the audit committee to identify possible alternatives.

Rationale
Implementation Guide 1230, “Continuing Professional Development,” states, “The individual internal auditor is responsible for conforming to Standard 1230. This includes continuing their education to enhance and maintain their proficiency. Internal auditors need to stay informed about improvements and current developments in internal audit standards, procedures, and techniques, including The IIA’s International Professional Practices Framework (IPPF) guidance.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Exercising due professional care during a consulting engagement requires that

  1. internal auditors be more closely linked with the activities they are reviewing in comparison to the independence required in an assurance review.
  2. the consulting engagement be performed by those persons who collectively possess the necessary knowledge, skills, and disciplines to conduct the audit properly and objectively.
  3. internal auditors follow up on reported audit findings to ascertain that appropriate action was taken.
  4. internal auditors identify additional risk areas to add to the scope.
A

2- the consulting engagement be performed by those persons who collectively possess the necessary knowledge, skills, and disciplines to conduct the audit properly and objectively.

Rationale
As in an assurance review, the consulting engagement must be performed by those persons who collectively possess the necessary knowledge, skills, and disciplines to conduct the audit properly and objectively. Internal auditors are not required to follow up on reported audit findings to ascertain that appropriate action was taken, and additional risk areas identified are not to be added to the scope unless requested by management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which is a way that continuing professional development may be accomplished?

  1. By performing a job function without any accountability
  2. By having several jobs over a short period of time
  3. By performing the same work process over an extended period of time
  4. By gaining collective wisdom from analyzing or synthesizing information
A

4- By gaining collective wisdom from analyzing or synthesizing information

Rationale
Any topics that develop or enhance an auditor’s proficiency contribute to continuing education. This may include specialized training in business processes, audit techniques, interpersonal skills, communication skills, and related topics. Collective wisdom derived from analyzing or synthesizing information is one way to participate in continuing professional development.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which is an example of an internal auditor living up to the principles described in Implementation Guide 1220, “Due Professional Care”?

  1. The auditor checks for material irregularities or noncompliance if the probability of these issues is high.
    1. The auditor considers the possibility of material irregularities or noncompliance on any internal audit assignment.
  3. The auditor gives absolute assurance that noncompliance or irregularities do not exist.
  4. The auditor conducts examinations and verifications to the fullest extent possible.
A

2- The auditor considers the possibility of material irregularities or noncompliance on any internal audit assignment.

Rationale
Implementation Guide 1220 tells us that due professional care implies reasonable care and competence, not infallibility or extraordinary performance. Due professional care requires the internal auditor to conduct examinations and verifications to a reasonable extent. Internal auditors cannot give absolute assurance that noncompliance or irregularities do not exist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A chief audit executive (CAE) for a small internal audit department receives a request from management to perform an audit of an extremely complex area in which the CAE and the department have no expertise. The nature of the audit engagement is within the scope of internal audit activities. Management has expressed a desire to have the engagement conducted in the very near future because of the high level of risk involved. Which of the following responses by the CAE would be in violation of the Standards?

  1. Discussing the time line of the audit engagement with management to determine if sufficient time exists in which to develop appropriate expertise
  2. Discussing with management the possibility of outsourcing the audit of this complex area
  3. Adding an outside consultant to the audit staff to assist in the performance of the audit engagement
  4. Accepting the audit engagement and beginning it immediately since it is for a high-risk area
A

4- Accepting the audit engagement and beginning it immediately since it is for a high-risk area

Rationale
Planning and executing the audit engagement without the appropriate background and skills would be in violation of Attribute Standard 1210. The auditors do not have the necessary expertise. Implementation Standard 1210.A1 states that the CAE must obtain competent advice and assistance if the internal auditors lack the knowledge, skills, or other competencies needed to perform all or part of the engagement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An internal auditor notices some suspicious activity by a process owner in a functional area that is not contained in the annual audit plan. If the internal audit activity is already behind schedule, which would best demonstrate due professional care?

  1. Do nothing at this time, since internal auditors are not expected to be infallible.
  2. Make a note to promote this functional area for consideration in next year’s annual audit plan.
  3. Investigate this suspicious activity even if it takes the auditor further behind schedule.
  4. Communicate the possibility to external assurance service providers who are on schedule.
A

3- Investigate this suspicious activity even if it takes the auditor further behind schedule.

Rationale
Implementation Standard 1220.A1 states in part that “Internal auditors must exercise due professional care by considering the … probability of significant errors, fraud, or noncompliance.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Communication skills are important to internal auditors. According to the Standards, the auditor should be able to effectively convey what to the auditee?

  1. Evaluations that are constructive in that they omit information that would lead to unwise conclusions regarding needed controls
  2. Risk assessment used in selecting the area for audit investigation
  3. Audit objectives designed for a specific auditable entity
  4. Recommendations that are generated by managers of other auditable entities
A

3- Audit objectives designed for a specific auditable entity

Rationale
Performance Standard 2410, “Criteria for Communicating,” states, “Communications must include the engagement’s objectives, scope, and results.” Auditors should be proficient in communicating audit objectives, evaluations, and their own recommendations. Evaluations should be complete and should not omit information contrary to the point the auditor would like to make. The risk assessment process is not normally communicated to the auditee.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following exemplifies a key performance indicator (KPI) that targets performance necessary to meet audit activity objectives?

  1. External auditor’s opinion regarding the quality of internal controls over financial reporting
  2. Extent of coordination of work with a compliance function or the enterprise risk management activity
  3. Measured timeliness of clients’ responses to internal control questionnaires (ICQs)
  4. Monitoring, measuring, and reporting internal audits completed compared to the approved risk-based audit plan
A

4- Monitoring, measuring, and reporting internal audits completed compared to the approved risk-based audit plan

Rationale
A primary operational objective for an internal audit activity is to accomplish its audit plan; a KPI that targets performance necessary to meet this objective would be to compare audits completed to the approved work plan. The external auditor’s opinion regarding the quality of internal controls over financial reporting is related to the financial reporting activity, not the internal audit activity. Timeliness of client responses to ICQs would not be an effective measure of internal audit performance in meeting audit activity objectives. The extent of coordination of work with other internal assurance providers would not be a KPI that targets performance necessary to meet audit activity objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The Standards require an auditor to have the knowledge, skills, and disciplines essential to perform an internal audit. Which correctly describes the level of knowledge or skill required by the Standards?

  1. Auditors must have proficiency in applying knowledge of auditing standards and procedures to specific situations without extensive recourse to technical research and assistance.
  2. Auditors must have proficiency in applying knowledge of accounting and computerized information systems to specific or potential problems.
  3. Auditors must have a broad appreciation for accounting principles and techniques when auditing the financial records and reports of the organization.
  4. Auditors must have an understanding of broad techniques used in supporting and developing audit findings and the ability to research the proper audit procedures to be used in any audit situation.
A

1- Auditors must have proficiency in applying knowledge of auditing standards and procedures to specific situations without extensive recourse to technical research and assistance.

Rationale
Proficiency in the application of the Standards is required. (See Implementation Guide 1210.) Appreciation of, not proficiency in, accounting and computerized information systems is required. Proficiency in, not an understanding of, audit techniques is required. Proficiency in, not a broad understanding of, accounting principles is required when auditing financial records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What major skill would be most beneficial to an internal auditor in learning to be an exceptional communicator?

  1. Becoming likeable in the organization to increase the ability to obtain information
  2. Keeping the audit client informed with email and texts
  3. Giving the client the facts and letting them reach their own conclusion
  4. Creating compelling conversations to influence others to act
A

4- Creating compelling conversations to influence others to act

Rationale
Per interpretation of Performance Standard 2420, “Quality of Communications,” clear communications are easily understood and logical, avoiding unnecessary technical language and providing all significant and relevant information. Concise communications are to the point and avoid unnecessary elaboration, superfluous detail, redundancy, and wordiness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A chief audit executive (CAE) for a manufacturing company with 21 international facilities has developed a rotational audit plan to conduct seven assurance audits per year over a three-year cycle to provide adequate audit coverage for these facilities. Do the CAE’s actions demonstrate appropriate due professional care?

  1. No, performing rotational audits without regard to the risks or importance of the department is not in line with due professional care.
  2. No, the CAE must obtain approval from the audit committee for the rotational audit plan.
  3. Yes, the CAE has the appropriate audit resources to provide such coverage.
  4. Yes, the CAE has a solid rationale for selecting the timing of the audits.
A

1- No, performing rotational audits without regard to the risks or importance of the department is not in line with due professional care.

Rationale
An example of not exercising appropriate due professional care is performing rotational internal audits of each department in an organization without regard to the risks or importance of the department.

22
Q

Several internal audit customers have indicated that audit reports are not impactful by the time they receive them. The chief audit executive (CAE) has identified the root cause of the issue as the reporting process, which requires several levels of review, resulting in numerous edits and delays in audit report release. The CAE should

  1. be the only internal audit leader who reviews audit reports.
  2. establish a performance metric measuring the number of days between fieldwork completion and report issuance.
  3. consider report-writing training designed to improve the written communication skills of the auditor-in-charge.
  4. limit reviewer report edits to a maximum number per reviewer.
A

2- establish a performance metric measuring the number of days between fieldwork completion and report issuance.

Rationale
According to The IIA’s implementation guidance for Standard 1311, “Internal Assessments,” the internal audit activity may perform steps to support periodic self-assessment, such as analyzing key performance indicators (KPIs) related to the efficiency of standard internal audit practices (e.g., number of days between fieldwork completion and report issuance). While the other three answer choices may help to accelerate the delivery of audit reports, establishing a process to measure, monitor, and report on the timeliness of audit report delivery will drive improvement.

23
Q

Which is a required type of knowledge, skill, and other competency for an internal auditor?

  1. Proficiency in subjects such as accounting, economics, commercial law, quantitative methods, and IT
  2. An understanding of management principles and good business practices so deviations can be recognized and evaluated
  3. Basic comprehension of internal audit standards, procedures, and techniques required in performing engagements
  4. Proficiency in accounting principles and techniques for all auditors
A

2- An understanding of management principles and good business practices so deviations can be recognized and evaluated

Rationale
Requisite knowledge, skills, and other competencies for an internal auditor include:
* Proficiency in internal audit standards, procedures, and techniques required in performing engagements.
* Proficiency in accounting principles and techniques (for those auditors working extensively with financial records and reports).
* An understanding of management principles and good business practices so deviations can be recognized and evaluated.
* An appreciation of subjects such as accounting, economics, commercial law, taxation, finance, quantitative methods, and information technology, depending on the nature of the organization.

24
Q

One of the most important staffing responsibilities a chief audit executive (CAE) may handle alone or share with human resources is the development of retention strategies. Which would be the most appropriate and effective retention strategy among those listed?

  1. Provide internal auditors with bonuses based upon cost savings they achieve for the organization through their audit recommendations.
  2. Develop, with each internal auditor, a schedule of training opportunities based upon the goals of the auditor and the objectives of the internal audit activity.
  3. Develop a single career path for all internal auditors, with the same deadlines for reaching each stage, from new auditor to staff auditor to auditor-in-charge and audit manager.
  4. Ensure that each annual and post-audit review for auditors is predominantly positive.
A

2- Develop, with each internal auditor, a schedule of training opportunities based upon the goals of the auditor and the objectives of the internal audit activity.

Rationale
Training should generally challenge an auditor to acquire new competencies that fit with his or her goals and the objectives of the audit activity. This is implied in Implementation Guide 1230, which gives suggested activities to enjoin the CAE to attend to the professional development needs of the staff, including achievement of appropriate certifications. One-size-fits-all approaches to retention are likely to be inappropriate for some talented individuals, and not all internal auditors will have the same desire to advance through all career path stages. Compensation based upon cost savings rather than more-inclusive measures of performance may tempt internal auditors to adopt too narrow a focus in their audit practice. The CAE should include any relevant positive evaluations in a review, but not all reviews can appropriately be predominantly positive.

25
Q

The chief audit executive (CAE) of a large pharmaceutical company is scheduling the execution of audits in each quarter of the year so that internal audit staff can be aware of their availability requirements, thus assisting in the completion of the internal audit plan. Which competency is the CAE demonstrating?

  1. Communication
  2. Internal audit delivery
  3. Internal audit management
  4. International Professional Practices Framework
A

3- Internal audit management

Rationale
The audit competency of internal audit management involves internal auditors developing and managing all aspects of the internal audit function, coordinating all engagement activities to achieve the defined objectives.

26
Q

Attendance at conferences, membership and participation in professional societies, certification, and recertification are most likely to serve which function?

  1. Recognizing employees
  2. Retaining employees
  3. Rewarding employees
  4. Developing employees
A

4- Developing employees

Rationale
Attendance at conferences, membership and participation in professional societies, certification, and recertification are all examples of continuing professional development. The other answer choices may be side benefits.

27
Q

The chief audit executive is considering hiring a consultant with no internal audit experience and a strong environmental law background. Which guideline applies to this decision?

  1. It would be appropriate if the consultant will be coaching internal auditors on the evaluation of environmental data that may be used as evidence in court.
  2. It would be appropriate if the internal audit activity is reviewing the environmental impact of plant emissions on air quality.
  3. It would not be appropriate under any circumstances because of the consultant’s lack of background in auditing.
  4. It would be appropriate if the consultant will receive both on-the-job training in internal auditing and coaching once on staff.
A

1- It would be appropriate if the consultant will be coaching internal auditors on the evaluation of environmental data that may be used as evidence in court.

Rationale
A consultant need not have a background in auditing but must have demonstrated expertise in the area of the audit. An environmental lawyer is an appropriate consultant for coaching audit staff in the preparation of evidence for the courtroom but not for scientific matters such as the impact of emissions on air quality.

28
Q

Which of the following would an internal auditor need to know first to be in line with due professional care principles for consulting engagements?

  1. The IIA’s Standards
  2. The organizational objectives for the consulting engagement
  3. How to provide objective comments about the proposed process or activity
  4. When to perform an engagement without supervision
A

1- The IIA’s Standards

Rationale
A working knowledge of The IIA’s Standards is needed before any consulting or assurance activity should be started.

29
Q

During an audit engagement, an internal auditor misses a significant risk to the process under audit and thus does not fully assess the process. How could he have reduced the fault assigned to him?

  1. He could have met with the entire audit team to identify all the risks and controls in place for the process.
  2. He could have acted as any reasonably prudent and competent internal auditor would when faced with these circumstances.
  3. He could have identified and tested all the controls in place for the process and assessed their design and operation.
  4. He could have met with senior management to identify all the risks and controls in place for the process.
A

2- He could have acted as any reasonably prudent and competent internal auditor would when faced with these circumstances.

Rationale
As noted in Standard 1220, “Due Professional Care,” internal auditors “must apply the care and skill expected of a reasonably prudent and competent internal auditor.”

30
Q

A chief audit executive (CAE) receives a call from an audit client complaining that the audit team is deviating from the audit announcement letter by going into areas that are not within the scope of the audit. What is the best way for the CAE to resolve this issue if she believes the internal audit team was doing the right thing?

  1. Send a copy of the internal audit charter to the audit client, highlighting that internal audit has “access to any and all areas.”
  2. Explain to the audit client how the area being reviewed relates to the original audit described in the announcement letter.
  3. Schedule a meeting with the audit client and the CEO to collaborate on how to address the audit need while staying within the announcement letter scope.
  4. Persuade the audit client to allow the review of the additional area.
A

2- Explain to the audit client how the area being reviewed relates to the original audit described in the announcement letter.

Rationale
Internal auditors need to be competent in communication in order to deliver internal audit engagements. While it is true that internal audit has access to any and all areas, explaining why the team chose to review the additional areas is a better example of good communication, which is in line with Performance Standard 2420, “Quality of Communications,” in that communications must be constructive. The more forceful explanation can be reserved for times when access has been improperly denied.

31
Q

Regarding due professional care in consulting engagements, which of the following would the internal auditor need to understand the earliest?

  1. Effect on the scope of the audit plan as previously approved by the audit committee
  2. Needs of management officials, including the nature, timing, and communication of engagement results
  3. Possible motivations and reasons of those requesting the service
  4. Background or nature of the area requested to be reviewed
A

3- Possible motivations and reasons of those requesting the service

Rationale
The background or nature of the area requested to be reviewed will be obtained during the planning phase of the consulting engagement. Possible motivations and reasons of those requesting the service would have to be understood at the onset of agreeing to perform the review.

32
Q

To ensure that due professional care has been taken at all times during an engagement, the internal auditor must always

  1. promptly communicate to the audit committee any noncompliance or irregularity discovered during an engagement.
  2. consider the possibility of nonconformance or irregularities to a reasonable extent during the engagement.
  3. ensure that all financial information related to the audit is included in the audit plan and examined for nonconformance or irregularities.
  4. ensure that all audit tests are fully documented.
A

2- consider the possibility of nonconformance or irregularities to a reasonable extent during the engagement.

Rationale
Due professional care requires the internal auditor to conduct examinations and verifications to a reasonable extent. Internal auditors cannot give absolute assurance that noncompliance or irregularities do not exist. Nevertheless, the possibility of material irregularities or noncompliance needs to be considered.

33
Q

Who is responsible for ensuring that a member of the internal audit department conforms with Standard 1230, “Continuing Professional Development”?

  1. The individual internal auditor
  2. The audit committee
  3. The chief audit executive
  4. Human resources
A

1- The individual internal auditor

Rationale
Implementation Guide 1230 states, “The individual internal auditor is responsible for conforming with Standard 1230. This includes continuing their education to enhance and maintain their proficiency.”

34
Q

The one constant regarding learning in internal auditing is that

  1. training is required except when the company lacks adequate resources.
  2. employees are always responsible for investing in themselves and obtaining the required training without reimbursement.
  3. the need for learning is ongoing.
  4. training on any topic would fulfill the training requirement.
A

3- the need for learning is ongoing.

Rationale
The one constant is the need for ongoing learning in internal auditing. Chief audit executives and internal auditors need to find innovative ways to meet the training requirement.

35
Q

The relationship between the core competencies of critical thinking and internal audit delivery in the IIA Global Internal Audit Competency Framework is best illustrated by which of the following?

  1. Relating the audit objective to the company’s strategy
  2. Networking with industry-specific internal auditors
  3. Using audit software to select the proper sample
  4. Obtaining industry best-practices documentation
A

4- Obtaining industry best-practices documentation

Rationale
Internal audit delivery requires the use of strategies, tactics, and tools throughout the process. Critical thinking requires going a level beyond basic operational audits, such as analyzing a situation or task for the development of supportable conclusions. Industry best-practices documentation can generate supportable conclusions for strategies, tactics, and tools.

36
Q

Which of the following statements provides the best example of proficiency as defined in The IIA’s International Professional Practices Framework?

  1. An internal auditor uses knowledge of management principles to identify a weakness in the organization’s reporting structure and follows up with a recommendation after spending significant time doing further research.
  2. Based upon a review of the organization’s objectives and a general knowledge of contracts, an internal auditor is able to recommend further study of the methods used to evaluate work agreements between the company and its outside consultants.
  3. Based upon prior experience and training, an internal auditor for a utility evaluates the emissions controls at a coal-fired plant and provides sufficient documentation that the plant is in full compliance with governmental mandates.
  4. Based upon a workshop focused on a specific area of taxation relevant to the organization, an internal auditor is able to assess the organization’s use of available research credits and suggest a more profitable approach.
A

3- Based upon prior experience and training, an internal auditor for a utility evaluates the emissions controls at a coal-fired plant and provides sufficient documentation that the plant is in full compliance with governmental mandates.

Rationale
Proficiency exists when internal auditors possess the knowledge, skills, and other competencies needed to perform their individual responsibilities. This is illustrated by the internal auditor’s definitive assessment of the power plant’s compliance with regulations based on evaluation of emissions controls. The other answer choices refer to the less advanced levels of knowledge, skills, and other competencies.

37
Q

Which activity supports due professional care in assurance engagements?

  1. Preferring manual audit tools over the use of computer-assisted tools and other data analysis techniques
  2. Considering the needs and expectations of clients, including the nature, timing, and communication of assurance engagement results
  3. Forgoing engagements due to a lack of specialized knowledge
  4. Being alert to specific activities in which irregularities are most likely to occur
A

4- Being alert to specific activities in which irregularities are most likely to occur

Rationale
Implementation Guide 1220, “Due Professional Care,” tells us that due professional care implies reasonable care and competence, not infallibility or extraordinary performance. Internal auditors cannot give absolute assurance that noncompliance or irregularities do not exist. Nevertheless, the possibility of material irregularities or noncompliance needs to be considered whenever an internal auditor undertakes an internal audit assignment. Forgoing an engagement due to a lack of specialized knowledge might be acceptable in consulting engagements but does not uphold due professional care in assurance engagements. Considering the needs and expectations of clients is appropriate to consulting engagements but not assurance engagements. In exercising due professional care, internal auditors must consider the use of technology-based audit tools and other data analysis techniques.

38
Q

Internal auditors must be alert to the significant risks that might affect objectives, operations, or resources. What is the best first step an auditor would take to achieve this?

  1. Perform necessary interviews with operating management to gain an understanding of the operations.
  2. Perform the necessary research on the nature of the operations to gain an understanding of the risks.
  3. Read prior internal and external audit reports in order to gain an understanding of the risks associated with the operation.
  4. Review the organization’s policies and procedures on the audit.
A

2- Perform the necessary research on the nature of the operations to gain an understanding of the risks.

Rationale
Performing the necessary research on the nature of the operations to gain an understanding of the significant risks that might affect objectives, operations, or resources would enable the internal auditor to put the other choices into context prior to doing them, which is consistent with Performance Standard 2200, “Engagement Planning,” and the “Engagement Planning: Establishing Objectives and Scope” Practice Guide.

39
Q

Internal auditor proficiency in IT that supports business processes is best exemplified by

  1. collaborating with IT auditors in integrated audits by pulling results together at the report phase.
  2. ensuring that appropriate manual and automated controls are identified, documented, evaluated, and tested.
  3. ensuring that appropriate technical policies and procedures are developed and communicated to IT staff.
  4. assisting IT auditors with the testing of manual and automated controls.
A

2- ensuring that appropriate manual and automated controls are identified, documented, evaluated, and tested.

Rationale
According to interpretation of Standard 1210, “Proficiency is a collective term that refers to the knowledge, skills, and other competencies required of internal auditors to effectively carry out their professional responsibilities.” It encompasses consideration of current activities, trends, and emerging issues, to enable relevant advice and recommendations. In today’s environment of sophisticated systems, business risks include all risks in a process, whether technological or manual. Internal auditors should understand how processes are automated and generally how applications facilitate the movement of information. Insufficient understanding of the transaction flow between systems can lead internal auditors to miss key automated controls during their reviews.

40
Q

Which is a primary benefit that internal auditors should consider in pursuing the Certified Internal Auditor (CIA) certification?

  1. Demonstrating mastery of professional practice standards
  2. Proving professional credibility
  3. Fulfilling all requirements for continuing professional development
  4. Increasing promotional opportunities and earning capacity
A

1- Demonstrating mastery of professional practice standards

Rationale
The primary benefit of obtaining a certification is demonstrating mastery of a defined body of knowledge. Obtaining professional certification does provide continuing professional development, but internal auditors need to continue learning even after earning the CIA. Credibility is built over time from many actions and choices, not just one, but earning a certification can help.

41
Q

How should the IIA Global Internal Audit Competency Framework be used if it is to form a foundation that is equally useful to practitioners, line managers, HR professionals, trainers, and others?

  1. Considered as a guide
  2. Treated in policy as a mandatory requirement
  3. Referred to properly as the ISO certification standard that it is
  4. Considered as an industry-specific best practice
A

1- Considered as a guide

Rationale
Given the diversity of professional practice globally, there are practical difficulties in devising a framework that can be regarded as both fully comprehensive and universally applicable. As such, this framework should be used as a guide.

42
Q

A chief audit executive would most likely co-source a specialist with business process expertise for an engagement in which area?

  1. Enterprise risk management.
  2. Governance, ethics, and compliance.
  3. System development risk.
  4. Supply chain.
A

4- Supply chain.

Rationale
Chief audit executives commonly co-source with outside specialists to obtain skills in information technology; business process; and governance, risk, and control. A specialist with expertise in business process would be most suitable for a supply chain engagement. A specialist with expertise in information technology would be most suitable for an engagement related to system development risk. A specialist with expertise in governance, risk, and control needs would be most suitable for an engagement related to governance, ethics, and compliance.

43
Q

Under the International Professional Practices Framework (IPPF), who is required to obtain at least 40 hours annually of continuing professional education (CPE) to maintain certification?

  1. Only staff members who are Certified Internal Auditors (CIAs)
  2. All members of the internal audit department, regardless of whether they have the CIA designation
  3. All employees with any certification
  4. Reasonable training is mandated, not 40 hours.
A

1- Only staff members who are Certified Internal Auditors (CIAs)

Rationale
CIAs are required to obtain at least 40 hours annually of CPE to meet the requirements for maintaining certification. All internal auditors are required by the IPPF to obtain CPE; however, there are no specific requirements.

44
Q

In performing an audit, auditors who want to be perceived as credible should try to make sure that their verbal and nonverbal messages

  1. reinforce each other.
  2. occur in clusters.
  3. contain a lot of variety.
  4. are ambiguous.
A

1- reinforce each other.

Rationale
Experts say that between 70% and 90% of a sender’s meaning is transmitted nonverbally. If the sender says one thing while nonverbally conveying something else, the listeners are most likely to believe the nonverbal message.

45
Q

A mentor for an internal auditor who wants to learn about the profession should be

  1. a friend and confidante.
  2. someone from senior management.
  3. the auditor’s supervisor.
  4. an experienced internal auditor or chief audit executive (CAE).
A

4- an experienced internal auditor or chief audit executive (CAE).

Rationale
An experienced internal auditor or the CAE would be the ideal mentor, as the internal auditor wants to gain knowledge about the internal audit profession.

46
Q

An internal auditor for a bank is assigned to perform financial audits. She typically performs the audits working out of the audit department, obtains downloaded records electronically, communicates with the client mostly through email, and uses audit software. Is the internal auditor demonstrating the required knowledge, skills, and competencies for an internal auditor?

  1. Yes, the auditor is working very efficiently by taking advantage of technology.
  2. No, financial audits require working more closely with top finance executives due to the need to provide assurance on internal controls over financial reporting (ICFR) for this type of audit client.
  3. No, by limiting contact with the client, oral communications skills are not being used to clearly and effectively convey items such as engagement objectives, evaluations, conclusions, and recommendations.
  4. Yes, the auditor is avoiding taking up too much of the audit client’s time, which is value-added, and is demonstrating professional skepticism by focusing primarily on financial documentary evidence.
A

3- No, by limiting contact with the client, oral communications skills are not being used to clearly and effectively convey items such as engagement objectives, evaluations, conclusions, and recommendations.

Rationale
Performance Standard 2420, “Quality of Communications,” states, “Communications must be accurate, objective, clear, concise, constructive, complete, and timely.” While financial audits do require providing assurance regarding ICFR in many cases, the auditor would need to be communicating in person with finance staff and not just with executives.

47
Q

Your boss and coworkers often state something like, “There’s just no communication around here!” What is most likely the reason why people utter this complaint so frequently?

  1. People have a natural tendency to complain.
  2. People feel too busy to make things easier by communicating.
  3. Social media has reduced the ability to communicate.
  4. Auditors are typically introverted individuals, and this reduces the ability to communicate.
A

2- People feel too busy to make things easier by communicating.

Rationale
Per interpretation of Performance Standard 2420, “Quality of Communications,” timely communications are opportune and expedient, depending on the significance of the issue, allowing management to take appropriate corrective action. People feeling too busy is the best answer because it relates to a systemic problem at the organization related to work schedules and basic human nature in such situations. If this is the root cause, it can be explored and changes can be recommended to improve the situation. The other answer choices all imply in one way or another that there is nothing that can be done, which is less constructive.

48
Q

An internal auditor understands the client organization, its culture, its business sector, and local and global factors that affect it. The internal auditor also has technical expertise in governance, risk management, and control. What else does this auditor need to have expertise in?

  1. Forensic auditing
  2. International Professional Practices Framework (IPPF)
  3. Compliance
  4. Business acumen
A

2- International Professional Practices Framework (IPPF)

Rationale
The principal points of focus of an internal auditor’s expertise are the IPPF; governance, risk, and control; and business acumen. The first sentence describes business acumen, so this internal auditor already has that expertise. Compliance and forensic auditing are specialized areas of expertise rather than principal requirements for the profession of internal auditing.

49
Q

What constitutes due professional care in assurance engagements?

  1. Performing a risk assessment that identifies the particular assurance audit
  2. Establishing an internal audit charter that is approved by the audit committee
  3. Adhering to the International Professional Practices Framework
  4. Accomplishing the extent of work needed to achieve the engagement objectives
A

4- Accomplishing the extent of work needed to achieve the engagement objectives

Rationale
One principal factor for due professional care in assurance engagements is the extent of work needed to achieve the engagement objectives. (Engagement objectives are “broad statements developed by internal auditors that define intended engagement accomplishments.”)

50
Q

In selecting an instructional strategy for developing internal audit staff, a chief audit executive should begin by reviewing

  1. budget constraints.
  2. learners’ readiness.
  3. organizational objectives.
  4. learning content.
A

3- organizational objectives.

Rationale
Interpretation of Performance Standard 2000, “Managing the Internal Audit Activity,” indicates that the internal audit activity adds value to the organization and its stakeholders when it considers strategies, objectives, and risks. Without objectives, there is no direction to set the training strategy nor can content be outlined. Learners’ readiness should be considered after determining objectives, and budget constraints should be considered later in the process.

CIA Challenge Exam (CPA) (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions