CIA-I Dumps

CIA-I Braindumps CIA-I Real Questions CIA-I Practice Test

CIA-I Actual Questions


killexams.com


Financial


CIA-I


Certified Internal Auditor (CIA)


https://killexams.com/pass4sure/exam-detail/CIA-I

QUESTION: 225

To identify those components of a telecommunications system that present the greatest

risk, an internal auditor should first


  1. Review the open systems interconnect network model.

  2. Identify the network operating costs.

  3. Determine the business purpose of the network.

  4. Map the network software and hardware products into their respective layers.


Answer: C


QUESTION: 226

An auditor plans to analyze customer satisfaction, including (1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct?


  1. Although useful, such an analysis does not address any risk factors.

  2. The survey would not consider customers who did not make purchases in the last

    three months.

  3. Steps 1 and 2 of the analysis are not necessary or cost-effective if the customer

    survey is comprehensive.

  4. Analysis of three months' activity would not evaluate customer satisfaction.


Answer: B


QUESTION: 227

When internal auditors provide consulting services, the scope of the engagement is

primarily determined by


  1. Internal auditing standards.

  2. The audit engagement team.

  3. The engagement client.

  4. The internal audit activity's charter.


Answer: C


QUESTION: 228

An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including

the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?


  1. Investigation of the physical security over access to the components of the LAN.

  2. The ability of the LAN application to identify data items at the field or record level

    and implement user access security at that level.

  3. Interviews with users to determine their assessment of the level of security in the

    system and the vulnerability of the system to compromise.

  4. The level of security of other LANs in the company which also utilize sensitive data.


Answer: D


QUESTION: 229

At the beginning of fieldwork in an audit of investments, an internal auditor noted that

the interest rate had declined significantly since the engagement work program was created. The auditor should


  1. Proceed with the existing program since this was the original scope of work that was approved.

  2. Modify the audit program and proceed with the engagement.

  3. Consult with management to verify the interest rate change and proceed with the engagement.

  4. Determine the effect of the interest rate change and whether the program should be modified.


Answer: D


QUESTION: 230

Which of the following measurements could an auditor use in an audit of the efficiency of a motor vehicle inspection facility?


  1. The total number of cars approved.

  2. The ratio of cars rejected to total cars inspected.

  3. The number of cars inspected per inspection agent.

  4. The average amount of fees collected per cashier.


Answer: C


QUESTION: 231

A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an

inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?


  1. On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.

  2. On a sunny day, total sales are less than expected when compared to the cost of ingredients used.

  3. Both total sales and cost of ingredients used are greater than expected.

  4. Both total sales and cost of ingredients used are less than expected.


Answer: B


QUESTION: 232

Which of the following procedures would provide the best evidence of the effectiveness

of a credit-granting function?


  1. Observe the process.

  2. Review the trend in receivables write-offs.

  3. Ask the credit manager about the effectiveness of the function.

  4. Check for evidence of credit approval on a sample of customer orders.


Answer: B


QUESTION: 233

An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information. In order to test whether data currently within the automated system are correct, an auditor should


  1. Use test data and determine whether all the data entered are captured correctly in the updated database.

  2. Select a sample of data to be entered for a few days and trace the data to the updated database to determine the correctness of the updates.

  3. Use generalized audit software to provide a printout of all employees with invalid job descriptions. Investigate the causes of the problems.

  4. Use generalized audit software to select a sample of employees from the database.

Verify the data fields.


Answer: D


QUESTION: 234

Senior management at a financial institution has received allegations of fraud at its derivatives trading desk and has asked the internal audit activity to investigate and issue a report concerning the allegations. The internal audit activity has not yet developed sufficient proficiency regarding derivatives trading to conduct a thorough fraud investigation in this area. Which of the following courses of action should the chief audit executive (CAE) take to comply with the Standards?


  1. Engage the former head of the institution's derivatives trading desk to perform the investigation and submit a report with supporting documentation to the CAE.

  2. Request that senior management allow a delay of the fraud investigation until the internal audit activity's on-staff certified fraud examiner is able to obtain the appropriate training regarding the analysis of derivatives trading.

  3. Request that senior management exclude the internal audit activity from the investigation completely and instead contract with an external certified fraud examiner

    with derivatives experience to perform all aspects of the investigation and subsequent reporting.

  4. Contract with an external certified fraud examiner with derivatives experience to perform the investigation and subsequent reporting, with the chief audit executive

approving the scope of the investigation and evaluating the adequacy of the work performed.


Answer: D


QUESTION: 235

According to the International Professional Practices Framework, internal auditors

should possess which of the following competencies?

  1. Proficiency in applying internal auditing standards, procedures, and techniques.

  2. Proficiency in accounting principles and techniques.

  3. An understanding of management principles.

  4. An understanding of the fundamentals of economics, commercial law, taxation,

finance, and quantitative methods.


  1. I only.

  2. II only.

  3. I and III only.

  4. I, III, and IV only.


Answer: D


QUESTION: 236

Which of the following are acceptable resources for a chief audit executive to use when developing a staffing plan?

  1. Co-sourcing arrangements.

  2. Employees from other areas of the organization.

  3. The organization's external auditors.

  4. The organization's audit committee members.


  1. I only.

  2. I and II only.

  3. II and IV only.

  4. I, II, and IV only.


Answer: B


QUESTION: 237

Which of the following would be a violation of the IIA Code of Ethics?


  1. Reporting information that could be damaging to the organization, at the request of a court of law.

  2. Including an issue in the final audit report after management has resolved the issue.

  3. Participating in an audit engagement for which the auditor does not have the necessary experience or training.

  4. Accepting a gift that is a commercial advertisement available to the public.


Answer: C


QUESTION: 238

Which of the following is not an appropriate objective for a quality assurance and improvement program?


  1. Continually monitor the internal audit activity's effectiveness.

  2. Assure conformance with the Standards and Code of Ethics.

  3. Perform an internal assessment at least once every five years.

  4. Communicate the results of quality assessments to the board.


Answer: C


QUESTION: 239

According to the International Professional Practices Framework, which of the following is true with respect to the different roles in the risk management process?

  1. Boards have an oversight role.

  2. Acceptance of residual risks can reside with the chief audit executive.

  3. The board can delegate the operation of the risk management framework to the management team.

  4. The internal audit activity's role can range from having no responsibilities to managing and coordinating the process.

  1. I only.

  2. II and IV only.

  3. I, III, and IV only.

  4. I, II, III, and IV.


Answer: C


QUESTION: 240

Which of the following types of risk factors are used within risk models to establish the priority of internal audit engagements?

  1. Management competence.

  2. Quality of internal controls.

  3. Audit staff experience.

  4. Regulatory requirements.


  1. II only.

  2. I, II, and III only.

  3. I, II, and IV only.

  4. I, III, and IV only.


Answer: C


QUESTION: 241

Which of the following is not an appropriate type of coordination between the internal

audit activity and regulatory auditors?


  1. Regulatory auditors share their perspective on risk management, control, and governance with the internal auditors.

  2. Internal auditors perform fieldwork at the direction of the regulatory auditors.

  3. Internal auditors review copies of regulatory reports in planning related internal

    engagements.

  4. Regulatory and internal auditors exchange information about planned activities.


Answer: B


QUESTION: 242

An organization's accounts payable function improved its internal controls significantly after it received an unsatisfactory audit report. When planning a follow-up audit of the function, what level of detection risk should be expected if the audit and sampling procedures used are unchanged from the prior audit?


  1. Detection risk is lower because control risk is lower.

  2. Detection risk is lower because control risk is higher.

  3. Detection risk is higher because control risk is lower.


Answer: D


QUESTION: 243

Which of the following is an appropriate role for the board in governance?


  1. Preparing written organizational policies that relate to compliance with laws, regulations, ethics, and conflicts of interest.

  2. Ensuring that financial statements are understandable, transparent, and reliable.

  3. Assisting the internal audit activity in performing annual reviews of governance.

  4. Working with the organization's attorneys to develop a strategy regarding current

litigation, pending litigation, or regulatory proceedings governance.


Answer: B


QUESTION: 244

According to the International Professional Practices Framework, which of the

following are allowable activities for an internal auditor?

  1. Advocating the establishment of a risk management function.

  2. Identifying and evaluating significant risk exposures during audit engagements.

  3. Developing a risk response for the organization if there is no chief risk officer.

  4. Benchmarking risk management activities with other organizations.

  5. Documenting risk mitigation strategies and techniques.


  1. IV and V only.

  2. I, II, and III only.

  3. I, II, IV, and V only.

  4. II, III, IV, and V only.


Answer: C


QUESTION: 245

According to the International Professional Practices Framework,

following should be stated in the internal audit charter?

I. Authorization for access to records.

which of

the

  1. The internal audit activity's position within the organization.

  2. The relationship between the internal audit activity and the board.

IV. The scope of internal audit activities.


  1. I and IV only.

  2. II and III only.

  3. I, II, and IV only.


Answer: C


QUESTION: 246

Which of the following is not an appropriate role for internal auditors after a disaster

occurs?


  1. Monitor the effectiveness of the recovery and control of operations.

  2. Correct deficiencies of the entity's business continuity plan.

  3. Recommend future improvements to the entity's business continuity plan.

  4. Assist in the identification of lessons learned from the disaster and the recovery

operations.


Answer: B


QUESTION: 247

Which component is the foundation of the COSO internal control framework?


  1. Risk assessment.

  2. Control environment.

  3. Control activities.

  4. Monitoring.


Answer: B


QUESTION: 248

Which of the following best describes the underlying premise of the COSO enterprise risk management framework?


  1. Management should set objectives before assessing risk.

  2. Every entity exists to provide value for its stakeholders.

  3. Policies are established to ensure that risk responses are performed effectively.

  4. Enterprise risk management can minimize the impact and likelihood of unanticipated events.


Answer: B


QUESTION: 249

Which of the following is an example of sharing risk?


  1. An organization redesigned a business process to change the risk pattern.

  2. An organization outsourced a portion of its services to a third-party service provider.

  3. An organization sold an unprofitable business unit to its competitor.

  4. In order to spread total risk, an organization used multiple vendors for critical materials.


Answer: B


QUESTION: 250

A records management system is an example of what type of control?


  1. Preventive.

  2. Detective.

  3. Corrective.

  4. Directive.


Answer: A


QUESTION: 251

Which of the following procedures is not a step that an auditor would perform when

planning an audit of an organization?


  1. Obtaining detailed knowledge about the organization.

  2. Obtaining a management representation letter.

  3. Assessing the audit risk of the organization.

  4. Having discussions with the organization's management team.


Answer: B


QUESTION: 252

Which of the following risk assessment tools would best facilitate the matching of controls to risks?


  1. Control matrix.

  2. Internal control questionnaire.

  3. Control flowchart.

  4. Program evaluation and review technique (PERT) analysis.


Answer: A


QUESTION: 253

Which of the following factors should be considered when determining the staff

requirements for an audit engagement?

  1. The internal audit activity's time constraints.

  2. The nature and complexity of the area to be audited.

  3. The period of time since the area was last audited.

  4. The auditors' preference to audit the area.

  5. The results of a preliminary risk assessment of the activity under review.


  1. I and IV only.

  2. I, II, and V only.

  3. II, III, and V only.

  4. I, II, III, IV, and V.


Answer: B