Exam Code : CIA-I
Exam Name : Certified Internal Auditor (CIA)
Vendor Name :
"Financial"
CIA-I Dumps
CIA-I Braindumps CIA-I Real Questions CIA-I Practice Test
CIA-I Actual Questions
killexams.com
Certified Internal Auditor (CIA)
https://killexams.com/pass4sure/exam-detail/CIA-I
To identify those components of a telecommunications system that present the greatest
risk, an internal auditor should first
Review the open systems interconnect network model.
Identify the network operating costs.
Determine the business purpose of the network.
Map the network software and hardware products into their respective layers.
An auditor plans to analyze customer satisfaction, including (1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct?
Although useful, such an analysis does not address any risk factors.
The survey would not consider customers who did not make purchases in the last
three months.
Steps 1 and 2 of the analysis are not necessary or cost-effective if the customer
survey is comprehensive.
Analysis of three months' activity would not evaluate customer satisfaction.
When internal auditors provide consulting services, the scope of the engagement is
primarily determined by
Internal auditing standards.
The audit engagement team.
The engagement client.
The internal audit activity's charter.
An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including
the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?
Investigation of the physical security over access to the components of the LAN.
The ability of the LAN application to identify data items at the field or record level
and implement user access security at that level.
Interviews with users to determine their assessment of the level of security in the
system and the vulnerability of the system to compromise.
The level of security of other LANs in the company which also utilize sensitive data.
At the beginning of fieldwork in an audit of investments, an internal auditor noted that
the interest rate had declined significantly since the engagement work program was created. The auditor should
Proceed with the existing program since this was the original scope of work that was approved.
Modify the audit program and proceed with the engagement.
Consult with management to verify the interest rate change and proceed with the engagement.
Determine the effect of the interest rate change and whether the program should be modified.
Which of the following measurements could an auditor use in an audit of the efficiency of a motor vehicle inspection facility?
The total number of cars approved.
The ratio of cars rejected to total cars inspected.
The number of cars inspected per inspection agent.
The average amount of fees collected per cashier.
A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an
inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?
On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.
On a sunny day, total sales are less than expected when compared to the cost of ingredients used.
Both total sales and cost of ingredients used are greater than expected.
Both total sales and cost of ingredients used are less than expected.
Which of the following procedures would provide the best evidence of the effectiveness
of a credit-granting function?
Observe the process.
Review the trend in receivables write-offs.
Ask the credit manager about the effectiveness of the function.
Check for evidence of credit approval on a sample of customer orders.
An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information. In order to test whether data currently within the automated system are correct, an auditor should
Use test data and determine whether all the data entered are captured correctly in the updated database.
Select a sample of data to be entered for a few days and trace the data to the updated database to determine the correctness of the updates.
Use generalized audit software to provide a printout of all employees with invalid job descriptions. Investigate the causes of the problems.
Use generalized audit software to select a sample of employees from the database.
Verify the data fields.
Senior management at a financial institution has received allegations of fraud at its derivatives trading desk and has asked the internal audit activity to investigate and issue a report concerning the allegations. The internal audit activity has not yet developed sufficient proficiency regarding derivatives trading to conduct a thorough fraud investigation in this area. Which of the following courses of action should the chief audit executive (CAE) take to comply with the Standards?
Engage the former head of the institution's derivatives trading desk to perform the investigation and submit a report with supporting documentation to the CAE.
Request that senior management allow a delay of the fraud investigation until the internal audit activity's on-staff certified fraud examiner is able to obtain the appropriate training regarding the analysis of derivatives trading.
Request that senior management exclude the internal audit activity from the investigation completely and instead contract with an external certified fraud examiner
with derivatives experience to perform all aspects of the investigation and subsequent reporting.
Contract with an external certified fraud examiner with derivatives experience to perform the investigation and subsequent reporting, with the chief audit executive
approving the scope of the investigation and evaluating the adequacy of the work performed.
According to the International Professional Practices Framework, internal auditors
should possess which of the following competencies?
Proficiency in applying internal auditing standards, procedures, and techniques.
Proficiency in accounting principles and techniques.
An understanding of management principles.
An understanding of the fundamentals of economics, commercial law, taxation,
finance, and quantitative methods.
I only.
II only.
I and III only.
I, III, and IV only.
Which of the following are acceptable resources for a chief audit executive to use when developing a staffing plan?
Co-sourcing arrangements.
Employees from other areas of the organization.
The organization's external auditors.
The organization's audit committee members.
I only.
I and II only.
II and IV only.
I, II, and IV only.
Which of the following would be a violation of the IIA Code of Ethics?
Reporting information that could be damaging to the organization, at the request of a court of law.
Including an issue in the final audit report after management has resolved the issue.
Participating in an audit engagement for which the auditor does not have the necessary experience or training.
Accepting a gift that is a commercial advertisement available to the public.
Which of the following is not an appropriate objective for a quality assurance and improvement program?
Continually monitor the internal audit activity's effectiveness.
Assure conformance with the Standards and Code of Ethics.
Perform an internal assessment at least once every five years.
Communicate the results of quality assessments to the board.
According to the International Professional Practices Framework, which of the following is true with respect to the different roles in the risk management process?
Boards have an oversight role.
Acceptance of residual risks can reside with the chief audit executive.
The board can delegate the operation of the risk management framework to the management team.
The internal audit activity's role can range from having no responsibilities to managing and coordinating the process.
I only.
II and IV only.
I, III, and IV only.
I, II, III, and IV.
Which of the following types of risk factors are used within risk models to establish the priority of internal audit engagements?
Management competence.
Quality of internal controls.
Audit staff experience.
Regulatory requirements.
II only.
I, II, and III only.
I, II, and IV only.
I, III, and IV only.
Which of the following is not an appropriate type of coordination between the internal
audit activity and regulatory auditors?
Regulatory auditors share their perspective on risk management, control, and governance with the internal auditors.
Internal auditors perform fieldwork at the direction of the regulatory auditors.
Internal auditors review copies of regulatory reports in planning related internal
engagements.
Regulatory and internal auditors exchange information about planned activities.
An organization's accounts payable function improved its internal controls significantly after it received an unsatisfactory audit report. When planning a follow-up audit of the function, what level of detection risk should be expected if the audit and sampling procedures used are unchanged from the prior audit?
Detection risk is lower because control risk is lower.
Detection risk is lower because control risk is higher.
Detection risk is higher because control risk is lower.
Which of the following is an appropriate role for the board in governance?
Preparing written organizational policies that relate to compliance with laws, regulations, ethics, and conflicts of interest.
Ensuring that financial statements are understandable, transparent, and reliable.
Assisting the internal audit activity in performing annual reviews of governance.
Working with the organization's attorneys to develop a strategy regarding current
litigation, pending litigation, or regulatory proceedings governance.
According to the International Professional Practices Framework, which of the
following are allowable activities for an internal auditor?
Advocating the establishment of a risk management function.
Identifying and evaluating significant risk exposures during audit engagements.
Developing a risk response for the organization if there is no chief risk officer.
Benchmarking risk management activities with other organizations.
Documenting risk mitigation strategies and techniques.
IV and V only.
I, II, and III only.
I, II, IV, and V only.
II, III, IV, and V only.
| ||
According to the International Professional Practices Framework, following should be stated in the internal audit charter? I. Authorization for access to records. | which of | the |
| ||
IV. The scope of internal audit activities. | ||
I and IV only.
II and III only.
I, II, and IV only.
Which of the following is not an appropriate role for internal auditors after a disaster
occurs?
Monitor the effectiveness of the recovery and control of operations.
Correct deficiencies of the entity's business continuity plan.
Recommend future improvements to the entity's business continuity plan.
Assist in the identification of lessons learned from the disaster and the recovery
operations.
Which component is the foundation of the COSO internal control framework?
Risk assessment.
Control environment.
Control activities.
Monitoring.
Which of the following best describes the underlying premise of the COSO enterprise risk management framework?
Management should set objectives before assessing risk.
Every entity exists to provide value for its stakeholders.
Policies are established to ensure that risk responses are performed effectively.
Enterprise risk management can minimize the impact and likelihood of unanticipated events.
Which of the following is an example of sharing risk?
An organization redesigned a business process to change the risk pattern.
An organization outsourced a portion of its services to a third-party service provider.
An organization sold an unprofitable business unit to its competitor.
In order to spread total risk, an organization used multiple vendors for critical materials.
A records management system is an example of what type of control?
Preventive.
Detective.
Corrective.
Directive.
Which of the following procedures is not a step that an auditor would perform when
planning an audit of an organization?
Obtaining detailed knowledge about the organization.
Obtaining a management representation letter.
Assessing the audit risk of the organization.
Having discussions with the organization's management team.
Which of the following risk assessment tools would best facilitate the matching of controls to risks?
Control matrix.
Internal control questionnaire.
Control flowchart.
Program evaluation and review technique (PERT) analysis.
Which of the following factors should be considered when determining the staff
requirements for an audit engagement?
The internal audit activity's time constraints.
The nature and complexity of the area to be audited.
The period of time since the area was last audited.
The auditors' preference to audit the area.
The results of a preliminary risk assessment of the activity under review.
I and IV only.
I, II, and V only.
II, III, and V only.
I, II, III, IV, and V.