IIA-CIA-Part1 exam

An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment. According to the Standards, which of the following would the auditor include in the risk register?A . Management’s acceptance of inadequate controls for cybersecurity risk.B . Discussions with senior management relating to a...

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy. Which of the following is the most appropriate idea to include?A . Management has overall responsibility for the effectiveness of governance, risk management, and...

Which of the following must be in existence as a precondition to developing an effective system of internal controls?A . A monitoring process,B . A risk assessment process.C . A strategic objective-setting process.D . An information and communication process.View AnswerAnswer: B Explanation: A risk assessment process is a crucial precondition...

According to NA guidance, which of the following provides the best evidence of conformance with the Standards with respect to the proficiency required of the internal audit activity?A . Discussions with the chief audit executive.B . A listing of employee profiles and certifications.C . Inquiry of external auditors.D . Validation...

Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?A . Appoint the chief audit executive as a member of the board.B . Adopt written policies and procedures for the internal audit activity, approved by...

Which of the following needs to be established prior to undertaking an assessment of the quality assurance and improvement program?A . Department performance standards.B . Remediation timeframes.C . Nonconformance disclosures.D . External assessment resourcesView AnswerAnswer: D Explanation: Before undertaking an assessment of the quality assurance and improvement program, it is...

A newly appointed chief audit executive (CAE) started analyzing the organization's policies in an attempt to customize them to address internal audit specifics. Which of the following organizationwide practices is most likely to be acceptable to the CAE?A . Internal auditors1performance evaluation is primarily based on both client satisfaction surveys...

Which of the following statements is true regarding electronic funds transfer (EFT)?A . EFT is a popular mechanism for improving efficiency, but results in less internal control.B . EFT significantly reduces the risk of fraud by eliminating the need for authorizations.C . EFT eliminates payment delays due mostly to the...

Which of the following would be considered a monitoring activity in organization wide risk management?A . Validate the results of management's self-assessment.B . Perform reviews of personnel.C . Maintain rigorous and comprehensive documentation.D . Obtain authorizations and signatures.View AnswerAnswer: A Explanation: A monitoring activity in organization-wide risk management would include...

Which of the following is the most effective way for internal auditors to determine whether ethical values are followed throughout the organization?A . Review the organization's ethical value structure and reporting procedures.B . Review what the organization considers to be ethical behavior, such as the employee code of conduct.C ....