CIA-I Dumps CIA-I Braindumps CIA-I Real Questions CIA-I Practice Test CIA-I Actual Questions Financial CIA-I Certified Internal Auditor (CIA) https://killexams.com/pass4sure/exam-detail/CIA-I QUESTION: 225 To identify those components of a telecommunications system that present the greatest risk, an internal auditor should first A. Review the open systems interconnect network model. B. Identify the network operating costs. C. Determine the business purpose of the network. D. Map the network software and hardware products into their respective layers. Answer: C QUESTION: 226 An auditor plans to analyze customer satisfaction, including (1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct? A. Although useful, such an analysis does not address any risk factors. B. The survey would not consider customers who did not make purchases in the last three months. C. Steps 1 and 2 of the analysis are not necessary or cost-effective if the customer survey is comprehensive. D. Analysis of three months' activity would not evaluate customer satisfaction. Answer: B QUESTION: 227 When internal auditors provide consulting services, the scope of the engagement is primarily determined by A. Internal auditing standards. B. The audit engagement team. C. The engagement client. D. The internal audit activity's charter. Answer: C QUESTION: 228 An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement? A. Investigation of the physical security over access to the components of the LAN. B. The ability of the LAN application to identify data items at the field or record level and implement user access security at that level. C. Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise. D. The level of security of other LANs in the company which also utilize sensitive data. Answer: D QUESTION: 229 At the beginning of fieldwork in an audit of investments, an internal auditor noted that the interest rate had declined significantly since the engagement work program was created. The auditor should A. Proceed with the existing program since this was the original scope of work that was approved. B. Modify the audit program and proceed with the engagement. C. Consult with management to verify the interest rate change and proceed with the engagement. D. Determine the effect of the interest rate change and whether the program should be modified. Answer: D QUESTION: 230 Which of the following measurements could an auditor use in an audit of the efficiency of a motor vehicle inspection facility? A. The total number of cars approved. B. The ratio of cars rejected to total cars inspected. C. The number of cars inspected per inspection agent. D. The average amount of fees collected per cashier. Answer: C QUESTION: 231 A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store? A. On a rainy day, total sales are greater than expected when compared to the cost of ingredients used. B. On a sunny day, total sales are less than expected when compared to the cost of ingredients used. C. Both total sales and cost of ingredients used are greater than expected. D. Both total sales and cost of ingredients used are less than expected. Answer: B QUESTION: 232 Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function? A. Observe the process. B. Review the trend in receivables write-offs. C. Ask the credit manager about the effectiveness of the function. D. Check for evidence of credit approval on a sample of customer orders. Answer: B QUESTION: 233 An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information. In order to test whether data currently within the automated system are correct, an auditor should A. Use test data and determine whether all the data entered are captured correctly in the updated database. B. Select a sample of data to be entered for a few days and trace the data to the updated database to determine the correctness of the updates. C. Use generalized audit software to provide a printout of all employees with invalid job descriptions. Investigate the causes of the problems. D. Use generalized audit software to select a sample of employees from the database. Verify the data fields. Answer: D QUESTION: 234 Senior management at a financial institution has received allegations of fraud at its derivatives trading desk and has asked the internal audit activity to investigate and issue a report concerning the allegations. The internal audit activity has not yet developed sufficient proficiency regarding derivatives trading to conduct a thorough fraud investigation in this area. Which of the following courses of action should the chief audit executive (CAE) take to comply with the Standards? A. Engage the former head of the institution's derivatives trading desk to perform the investigation and submit a report with supporting documentation to the CAE. B. Request that senior management allow a delay of the fraud investigation until the internal audit activity's on-staff certified fraud examiner is able to obtain the appropriate training regarding the analysis of derivatives trading. C. Request that senior management exclude the internal audit activity from the investigation completely and instead contract with an external certified fraud examiner with derivatives experience to perform all aspects of the investigation and subsequent reporting. D. Contract with an external certified fraud examiner with derivatives experience to perform the investigation and subsequent reporting, with the chief audit executive approving the scope of the investigation and evaluating the adequacy of the work performed. Answer: D QUESTION: 235 According to the International Professional Practices Framework, internal auditors should possess which of the following competencies? I. Proficiency in applying internal auditing standards, procedures, and techniques. II. Proficiency in accounting principles and techniques. III. An understanding of management principles. IV. An understanding of the fundamentals of economics, commercial law, taxation, finance, and quantitative methods. A. I only. B. II only. C. I and III only. D. I, III, and IV only. Answer: D QUESTION: 236 Which of the following are acceptable resources for a chief audit executive to use when developing a staffing plan? I. Co-sourcing arrangements. II. Employees from other areas of the organization. III. The organization's external auditors. IV. The organization's audit committee members. A. I only. B. I and II only. C. II and IV only. D. I, II, and IV only. Answer: B QUESTION: 237 Which of the following would be a violation of the IIA Code of Ethics? A. Reporting information that could be damaging to the organization, at the request of a court of law. B. Including an issue in the final audit report after management has resolved the issue. C. Participating in an audit engagement for which the auditor does not have the necessary experience or training. D. Accepting a gift that is a commercial advertisement available to the public. Answer: C QUESTION: 238 Which of the following is not an appropriate objective for a quality assurance and improvement program? A. Continually monitor the internal audit activity's effectiveness. B. Assure conformance with the Standards and Code of Ethics. C. Perform an internal assessment at least once every five years. D. Communicate the results of quality assessments to the board. Answer: C QUESTION: 239 According to the International Professional Practices Framework, which of the following is true with respect to the different roles in the risk management process? I. Boards have an oversight role. II. Acceptance of residual risks can reside with the chief audit executive. III. The board can delegate the operation of the risk management framework to the management team. IV. The internal audit activity's role can range from having no responsibilities to managing and coordinating the process. A. I only. B. II and IV only. C. I, III, and IV only. D. I, II, III, and IV. Answer: C QUESTION: 240 Which of the following types of risk factors are used within risk models to establish the priority of internal audit engagements? I. Management competence. II. Quality of internal controls. III. Audit staff experience. IV. Regulatory requirements. A. II only. B. I, II, and III only. C. I, II, and IV only. D. I, III, and IV only. Answer: C QUESTION: 241 Which of the following is not an appropriate type of coordination between the internal audit activity and regulatory auditors? A. Regulatory auditors share their perspective on risk management, control, and governance with the internal auditors. B. Internal auditors perform fieldwork at the direction of the regulatory auditors. C. Internal auditors review copies of regulatory reports in planning related internal engagements. D. Regulatory and internal auditors exchange information about planned activities. Answer: B QUESTION: 242 An organization's accounts payable function improved its internal controls significantly after it received an unsatisfactory audit report. When planning a follow-up audit of the function, what level of detection risk should be expected if the audit and sampling procedures used are unchanged from the prior audit? A. Detection risk is lower because control risk is lower. B. Detection risk is lower because control risk is higher. C. Detection risk is higher because control risk is lower. D. Detection risk is unchanged although control risk is lower. Answer: D QUESTION: 243 Which of the following is an appropriate role for the board in governance? A. Preparing written organizational policies that relate to compliance with laws, regulations, ethics, and conflicts of interest. B. Ensuring that financial statements are understandable, transparent, and reliable. C. Assisting the internal audit activity in performing annual reviews of governance. D. Working with the organization's attorneys to develop a strategy regarding current litigation, pending litigation, or regulatory proceedings governance. Answer: B QUESTION: 244 According to the International Professional Practices Framework, which of the following are allowable activities for an internal auditor? I. Advocating the establishment of a risk management function. II. Identifying and evaluating significant risk exposures during audit engagements. III. Developing a risk response for the organization if there is no chief risk officer. IV. Benchmarking risk management activities with other organizations. V. Documenting risk mitigation strategies and techniques. A. IV and V only. B. I, II, and III only. C. I, II, IV, and V only. D. II, III, IV, and V only. Answer: C QUESTION: 245 According to the International Professional Practices Framework, which of the following should be stated in the internal audit charter? I. Authorization for access to records. II. The internal audit activity's position within the organization. III. The relationship between the internal audit activity and the board. IV. The scope of internal audit activities. A. I and IV only. B. II and III only. C. I, II, and IV only. D. I, II, III, and IV. Answer: C QUESTION: 246 Which of the following is not an appropriate role for internal auditors after a disaster occurs? A. Monitor the effectiveness of the recovery and control of operations. B. Correct deficiencies of the entity's business continuity plan. C. Recommend future improvements to the entity's business continuity plan. D. Assist in the identification of lessons learned from the disaster and the recovery operations. Answer: B QUESTION: 247 Which component is the foundation of the COSO internal control framework? A. Risk assessment. B. Control environment. C. Control activities. D. Monitoring. Answer: B QUESTION: 248 Which of the following best describes the underlying premise of the COSO enterprise risk management framework? A. Management should set objectives before assessing risk. B. Every entity exists to provide value for its stakeholders. C. Policies are established to ensure that risk responses are performed effectively. D. Enterprise risk management can minimize the impact and likelihood of unanticipated events. Answer: B QUESTION: 249 Which of the following is an example of sharing risk? A. An organization redesigned a business process to change the risk pattern. B. An organization outsourced a portion of its services to a third-party service provider. C. An organization sold an unprofitable business unit to its competitor. D. In order to spread total risk, an organization used multiple vendors for critical materials. Answer: B QUESTION: 250 A records management system is an example of what type of control? A. Preventive. B. Detective. C. Corrective. D. Directive. Answer: A QUESTION: 251 Which of the following procedures is not a step that an auditor would perform when planning an audit of an organization? A. Obtaining detailed knowledge about the organization. B. Obtaining a management representation letter. C. Assessing the audit risk of the organization. D. Having discussions with the organization's management team. Answer: B QUESTION: 252 Which of the following risk assessment tools would best facilitate the matching of controls to risks? A. Control matrix. B. Internal control questionnaire. C. Control flowchart. D. Program evaluation and review technique (PERT) analysis. Answer: A QUESTION: 253 Which of the following factors should be considered when determining the staff requirements for an audit engagement? I. The internal audit activity's time constraints. II. The nature and complexity of the area to be audited. III. The period of time since the area was last audited. IV. The auditors' preference to audit the area. V. The results of a preliminary risk assessment of the activity under review. A. I and IV only. B. I, II, and V only. C. II, III, and V only. D. I, II, III, IV, and V. Answer: B 6$03/( 48(67,216 7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV .LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP $FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP ([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP 3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV *XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV 8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV 7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\ 'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU .LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG