Free IIA IIA-CIA-Part2 Study Guides Exam Questions & Answer [Q75-Q96]

Share

Free IIA IIA-CIA-Part2 Study Guides Exam Questions and Answer

IIA-CIA-Part2 Exam Dumps, IIA-CIA-Part2 Practice Test Questions

NEW QUESTION # 75
An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?

  • A. As soon as possible, no later than two months after the audit
  • B. When management has indicated that the issue has been resolved
  • C. Before financial year end
  • D. When convenient for both parties

Answer: A

Explanation:
Strategic sourcing would best assist the CAE in balancing the internal audit activity's needs for technical audit skills, budget efficiency, and staff development opportunities. Strategic sourcing involves using a mix of internal resources, co-sourcing, and outsourcing to optimize the audit function. This approach allows the CAE to leverage external expertise for specialized skills, manage costs effectively, and provide growth opportunities for internal staff.
IIA Standards: 2030 - Resource Management
IIA Practice Guide: Developing the Internal Audit Strategic Plan


NEW QUESTION # 76
The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?

  • A. Collaborate with the external auditor to ensure the most efficient use of resources.
  • B. Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.
  • C. Accept the engagement but hire an external training specialist to provide the necessary expertise.
  • D. Refuse to accept the consulting engagement because it would be a violation of independence.

Answer: C

Explanation:
According to the IIA's guidance, internal audit can accept consulting engagements, including providing training, as long as it does not impair their independence and objectivity. In this scenario, the most appropriate action for the chief audit executive (CAE) is to accept the engagement and hire an external specialist to deliver the training. This ensures that the internal audit activity does not compromise its independence by training on areas where they might later need to provide objective assurance. By using an external expert, the CAE ensures the training is conducted by someone with the requisite expertise and without any conflict of interest.
Reference:
The Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 1130: Impairment to Independence or Objectivity.
IIA Practice Guide, "Independence and Objectivity."


NEW QUESTION # 77
Which of the following is not true regarding the management of internal audit resources?

  • A. The adequacy of internal audit resources is ultimately a board responsibility.
  • B. A minimum level of information technology knowledge is necessary.
  • C. Skills availability must be aligned with financial constraints.
  • D. Resources include external service providers and computer-assisted audit techniques.

Answer: C


NEW QUESTION # 78
While reviewing the draft report of an audit engagement, the chief audit executive (CAE) is not in agreement with management's acceptance of the potential risk exposure resulting from an observed key control weakness. Which of the following actions by the CAE would be appropriate for addressing this concern?
Meet with the auditor-in-charge.
Discuss with senior management.
Monitor the result of the accepted risk.
Report the matter to the board.

  • A. 1, 2, and 3 only
  • B. 1, 2, and 4 only
  • C. 2, 3, and 4 only
  • D. 1, 3, and 4 only

Answer: B


NEW QUESTION # 79
An internal audit team leader is having difficulties completing the planning phase of an assurance engagement because the business unit lacks a system of internal controls. Which of the following is the most appropriate course of action for the internal audit team leader?

  • A. Defer the engagement until a system of internal control has been established
  • B. Change the scheduled engagement from assurance to consulting to help correct the shortcomings
  • C. Seek the involvement of the external auditor to assist with improving the internal controls
  • D. Add a consulting component to the already scheduled assurance engagement

Answer: D

Explanation:
When an internal audit team leader encounters difficulties due to the lack of a system of internal controls, the most appropriate course of action is to add a consulting component to the scheduled assurance engagement.
This approach allows the internal audit team to provide advice and recommendations on establishing internal controls while still fulfilling their assurance responsibilities. By integrating consulting activities, the auditors can help the business unit improve its control environment, which can then be assessed in the assurance engagement.
The Institute of Internal Auditors (IIA) Practice Guide: Consulting Engagements IIA Standard 1130 - Impairment to Independence or Objectivity


NEW QUESTION # 80
During an audit of a contract for computer security, a governmental auditor finds that a contractor has developed a system that could be the most advanced in the industry. If it seems that the contractor is charging the government for developmental cost of a system that might be sold to other organizations, what is the auditor's best course of action?

  • A. Compare the cost of the security program with previous costs incurred by governmental operations and inform the contractor that the difference will be a disallowed cost.
  • B. Estimate the cost to develop the advanced security system and inform the contractor that it will be a disallowed cost.
  • C. Estimate the added cost, report it to management, and suggest that management meet with its lawyers and the contractor to resolve differences.
  • D. Exclude the observation from the engagement final communication because the contract was vague and the level of security is clearly acceptable.

Answer: C


NEW QUESTION # 81
Which of the following should management action plans include at a minimum?

  • A. Detailed procedures for the action plan
  • B. An owner of the action plan
  • C. An implementer for the action plan
  • D. The internal auditor's next review date of the action plan

Answer: B

Explanation:
Management action plans should include, at a minimum, an owner of the action plan. The owner is responsible for ensuring that the action plan is implemented and for overseeing the corrective measures. This accountability is crucial for effective follow-up and resolution of audit findings.
IIA Standards: 2500 - Monitoring Progress
IIA Practice Guide: Follow-up Process in the Internal Audit Activity


NEW QUESTION # 82
Which of the following activities Is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

  • A. Completing a process review to improve controls to prevent fraud.
  • B. Interrogating a suspected fraudster.
  • C. Employing audit tests to detect fraud
  • D. Planning an engagement of the area in which fraud is suspected.

Answer: B

Explanation:
Specialized Knowledge: Interrogating a suspected fraudster requires specialized knowledge and skills that go beyond the typical expertise of internal auditors. This includes understanding interrogation techniques, legal implications, and psychological aspects.
Fraud Specialist: A fraud specialist is trained in conducting investigations, including interrogations, and can provide valuable insights and evidence in cases of suspected fraud.
IIA Standards: According to Standard 1210.A2, internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.
Collaborative Approach:
* Fraud Investigations: Engaging a fraud specialist ensures that the investigation is conducted thoroughly and professionally, adhering to legal and ethical standards.
* Support to Internal Audit: The fraud specialist can provide support and guidance to the internal audit activity, enhancing the overall effectiveness of the fraud investigation.
References:
* Employing a fraud specialist to interrogate a suspected fraudster ensures that the investigation is handled with the necessary expertise and legal compliance, thereby increasing the chances of uncovering the truth and taking appropriate actions.


NEW QUESTION # 83
Which of the following is most appropriate when conducting an interview during the course of a fraud investigation?

  • A. Schedule the interview well in advance.
  • B. Explain the detailed purpose to the interviewee.
  • C. Assume that the interviewee is guilty.
  • D. Have a witness present during the interview.

Answer: D

Explanation:
Section: Volume C
Explanation


NEW QUESTION # 84
According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization's cash disbursements process?

  • A. The accounts payable manager, chief financial officer, and audit committee.
  • B. The accounts payable supervisor, accounts payable manager, and controller.
  • C. The accounts payable manager, purchasing manager, and receiving manager.
  • D. The accounts payable supervisor, controller, and treasurer.

Answer: B

Explanation:
Section: Volume E


NEW QUESTION # 85
An electric utility provider measures working time spent on processing grid connection applications, response time for electricity outages, and the call center queuing time. Which of the following criteria would better suit a customer-oriented provider for measurement?

  • A. Past performance
  • B. Stakeholder expectations
  • C. Legal obligations
  • D. Board-approved budget

Answer: B

Explanation:
The CIA exam emphasizes the importance of aligning performance measures with stakeholder expectations.
A customer-oriented provider should focus not just on internal metrics (time, cost, budget) but on what customers and stakeholders expect in terms of service levels, reliability, and responsiveness. Option D reflects the best criterion for a customer-driven organization.


NEW QUESTION # 86
Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement.
Which of the following is the most appropriate action for the CAE to take?

  • A. Decline the audit engagement, because the Standards prohibit internal auditors from performing engagements where they lack the necessary competencies.
  • B. Temporarily hire an experienced and knowledgeable IT analyst from the organization's IT department to lead the audit.
  • C. Outsource the audit engagement to a reputable IT audit consulting firm.
  • D. Accept the audit engagement and use the engagement as an opportunity to develop the audit team's IT expertise while performing the audit work.

Answer: C

Explanation:
* A. Decline the audit engagement, because the Standards prohibit internal auditors from performing engagements where they lack the necessary competencies:The Standards allow for outsourcing or co-sourcing to meet competency gaps. Declining outright is not necessary.
* B. Accept the audit engagement and use the engagement as an opportunity to develop the audit team's IT expertise while performing the audit work:This approach risks compromising audit quality as the team lacks expertise.
* C. Temporarily hire an experienced and knowledgeable IT analyst from the organization's IT department to lead the audit:This could create independence issues, as the IT analyst is part of the auditee's function.
* D. Outsource the audit engagement to a reputable IT audit consulting firm:Correct. Outsourcing ensures that the engagement is performed by qualified professionals, maintaining quality and adherence to the Standards.
CIA Exam Syllabus Reference:
Domain IV: Managing the Internal Audit Function - Resourcing and Competency Management.


NEW QUESTION # 87
Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?

  • A. A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.
  • B. A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.
  • C. A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.
  • D. A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.

Answer: D

Explanation:
Strengthening password policies and ensuring unique passwords are used within a specified period are key measures in preventing unauthorized access and reducing the risk of fraud. Password management is a critical aspect of IT security and can significantly mitigate the risk of cyber fraud. The other recommendations (Options B, C, and D) address operational issues but do not directly impact fraud prevention as effectively as enhancing password security does.
IIA Standard 2110: Governance.
IIA Practice Guide on IT Controls and Cybersecurity.


NEW QUESTION # 88
An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity (IAA) may provide risk management consulting?
1. There is a clear strategy and timeline to migrate risk management responsibility back to management.
2. The IAA has the final approval on any risk management decisions.
3. The IAA does not give objective assurance on any part of the risk management framework for which it is responsible.
4. The nature of services provided to the organization is documented in the internal audit charter.

  • A. 1, 2, and 3 only
  • B. 1, 2, and 4 only
  • C. 1, 3, and 4 only
  • D. 2, 3, and 4 only

Answer: C

Explanation:
Section: Volume D


NEW QUESTION # 89
An internal auditor observes a double payment transaction on a supplier invoice during an accounts payable engagement. Which of the following steps would be the most effective in helping the auditor determine whether fraud exists?

  • A. Extend the audit scope and perform additional testing of controls on other related areas
  • B. Switch the existing assurance engagement into a fraud investigation engagement
  • C. Review the poor year's transaction volume and amounts paid compared to the poor year's budget
  • D. Perform data analytics on the supplier's information, invoiced amounts, and payments performed

Answer: D

Explanation:
The most effective step in helping the auditor determine whether fraud exists after observing a double payment transaction on a supplier invoice is to perform data analytics on the supplier's information, invoiced amounts, and payments performed. Data analytics allows the auditor to systematically analyze large volumes of transactions to identify patterns, anomalies, and potential fraudulent activities. This approach is more comprehensive and effective in uncovering fraud than simply extending the audit scope or switching to a fraud investigation engagement without a thorough initial analysis.
:
IIA Standards: 1220.A1 - Due Professional Care
IIA Practice Guide: Auditing for Fraud


NEW QUESTION # 90
An employee in the sales department completes a purchase requisition and forwards it to the purchaser.
The purchaser places competitive bids and orders the requested items using approved purchase orders.
When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?

  • A. Observe whether the purchase orders are sequentially numbered.
  • B. Verify that approvals of purchasing documents comply with the authority matrix.
  • C. Examine whether the sales department supervisor approves invoices for payment.
  • D. Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

Answer: C


NEW QUESTION # 91
An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?

  • A. Sales contracts were stored improperly because the office manager was not trained to use the electronic database and prefers to avoid it
  • B. if the organization becomes subject to litigation the agreed pricing terms and conditions of the contracts may be difficult to prove
  • C. The document management policy requires business client data to be stored in a specific management database
  • D. All staff should be appropriately trained and required to follow the organization's established policies and procedures pertaining to document management

Answer: B

Explanation:
The key issue here is the risk associated with non-compliance to document management policies, particularly in terms of legal exposure. If sales contracts are not stored systematically in the electronic document management database, it can lead to difficulties in retrieving these documents, especially in the case of litigation. This can pose significant legal risks because the organization might struggle to prove the agreed pricing terms and conditions, which could potentially result in financial losses or legal penalties. The consequence highlighted in option C directly addresses this critical risk. References:
* "Internal Auditing: Assurance & Advisory Services" (The Institute of Internal Auditors)
* "Document Management in Internal Auditing: Best Practices" (The Institute of Internal Auditors)


NEW QUESTION # 92
Which of the following is least likely to vary when conducting audit engagements in different regions of an international organization?

  • A. Availability of technology and technical support.
  • B. Work schedules and holidays of the individual regions.
  • C. Level of workpaper documentation needed to support audit observations.
  • D. Application of governmental regulations to business activities.

Answer: C

Explanation:
Section: Volume C
Explanation/Reference:


NEW QUESTION # 93
An engagement supervisor reviewed a staff internal auditor's documentation and noted that several edits should be made. The internal audit activity uses an electronic workpaper database and does not maintain paper files for its system of record. A system error prevents the engagement supervisor from adding her electronic signature to any workpaper in the database Given this situation which is the most appropriate response to provide evidence of supervisory review?

  • A. The engagement supervisor should ask another manager-level internal auditor not associated with the project to sign the workpaper on his behalf
  • B. Because the engagement supervisor called the help desk to correct the IT problem, he should upload the support-request ticket from the help desk to serve as evidence of the review
  • C. The engagement supervisor should print sign and date each workpaper after the review is complete and scan the document into the database as evidence of review
  • D. The engagement supervisor should instruct the staff internal auditor to add a note in the workpaper on his behalf indicating that the workpaper was reviewed and feedback was provided

Answer: C

Explanation:
Given the situation where a system error prevents the engagement supervisor from adding her electronic signature to the workpapers, the most appropriate response to provide evidence of supervisory review is to print, sign, and date each workpaper after the review is complete, and then scan the document into the database as evidence of review. This ensures that there is a clear and traceable record of the supervisory review process, which is crucial for maintaining the integrity and reliability of the audit documentation.
Printed Documentation: Printing the workpapers provides a physical copy that can be signed and dated, serving as a tangible record of the review.
Signature and Date: The supervisor's signature and date indicate the completion of the review process and provide accountability.
Scanning into Database: Scanning the signed documents back into the electronic workpaper database ensures that the evidence of review is stored in the system of record, maintaining consistency and accessibility.
This method upholds the standards of documentation and supervisory review, ensuring compliance with internal audit policies and procedures.
Reference:
The Institute of Internal Auditors (IIA) Standards
IIA Practice Advisory: Documenting Information


NEW QUESTION # 94
During an audit of suspense accounts the internal auditor found that there were no written policies on how suspense accounts should be treated. The auditor also found that suspense account balances were cleared once per week, not daily. Which of the following is the most appropriate first response by the auditor?

  • A. The auditor should conclude that the clearing of suspense accounts was timely and appropriate because weekly clearing is sufficient.
  • B. The auditor should conclude that suspense accounts were not being cleared on a timely basis because they should be cleared daily
  • C. The auditor should ask management whether any undocumented policies exist and. if so, determine whether they are adequate
  • D. The auditor should rely on his professional judgment and experience to develop criteria for evaluating the existing controls over suspense accounts

Answer: C

Explanation:
When an internal auditor finds that there are no written policies regarding the treatment of suspense accounts, the most appropriate first response is to inquire with management about any undocumented policies or procedures that may be in place. This approach helps the auditor understand the existing practices and assess their adequacy. Jumping to conclusions without this understanding could lead to inaccurate audit findings. Ensuring that the auditor comprehensively understands all relevant practices is crucial before evaluating their effectiveness or making recommendations.
Reference:
IIA Standard 2210: Engagement Objectives
IIA Practice Guide: Auditing the Management of Internal Controls


NEW QUESTION # 95
Which of the following is used to identify and prioritize critical business applications to determine those that must be restored and the order of restoration in the event that a disaster impairs information systems processing?

  • A. Contingent facility contract analysis.
  • B. Vendor supply agreement analysis.
  • C. System backup analysis.
  • D. Risk analysis.

Answer: D

Explanation:
Section: Volume A


NEW QUESTION # 96
......


In order to prepare for the IIA-CIA-Part2 exam, candidates should review the exam content outline provided by the IIA and study relevant materials, such as the IIA's Practice Advisory series and other industry publications. Additionally, candidates may consider attending training courses or workshops offered by the IIA or other professional organizations.

 

Latest IIA-CIA-Part2 Actual Free Exam Questions Updated 712 Questions: https://www.passcollection.com/IIA-CIA-Part2_real-exams.html

Attested IIA-CIA-Part2 Dumps PDF Resource [2026]: https://drive.google.com/open?id=1z-30_r-TGpKZk7MmMAHesgrPpl4PhbMQ