Jul-2022 Free IIA-CIA-Part2 Test Questions Real Practice Test Questions [Q302-Q323]

Rate this post

Jul-2022 Free IIA-CIA-Part2 Test Questions Real Practice Test Questions

IIA-CIA-Part2 Dumps Updated Jul 06, 2022 WIith 600 Questions

NO.302 Which of the following is a red flag associated with improper asset valuation?

Unusual increase in gross margin.

Unusual decrease in the number of days’ purchases in inventory.

Recurring positive cash flows from operations.

Allowance for bad debts that is increasing in percentage terms.

NO.303 An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization’s health and safety program?

The CAE has no role to play, because the chief health and safety officer reports to a senior executive.

The CAE should coordinate with, and review the work of, the chief health and safety officer to gain an understanding of whether risks related to health and safety are managed properly.

The CAE should give periodic reports directly to the regulator regarding health and safety issues, as it is the appropriate regulatory oversight body.

The CAE should hire an independent external specialist to conduct an annual assessment and provide assurance over the effectiveness of the health and safety program and the reliability of its reports.

NO.304 In performance auditing, which of the following must first be determined by the internal auditor?

Which key performance indicators are in use.

Management’s objectives for the process.

Whether management controls are appropriate.

Determination that appropriate benchmarks are in place.

NO.305 Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization’s risk management program?

Identifying and managing risks in line with the entity’s risk appetite.

Ensuring that a proper and effective risk management process exists.

Attaining an adequate understanding of the entity’s key mitigation strategies.

Identifying and ensuring that appropriate controls exist to mitigate risks.

NO.306 —
Which of the following would be included in an internal audit department’s quality assurance and improvement program?
Ongoing internal assessments of the performance of the internal audit department.
Periodic internal reviews through self-assessments.
Assessments conducted by a qualified external reviewer at least once every five
years.

1 only.

1 and 2 only.

2 and 3 only.

1, 2, and 3.

NO.307 If an auditor expects to find numerous discrepancies between recorded values and audited values of sample selections, which sampling technique would be most appropriate?

Attributes sampling.

Probability-proportional-to-size sampling.

Difference estimation sampling.

Discovery sampling.

NO.308 Persuasive evidence indicates that a member of senior management has been involved in insider trading that would be considered fraudulent. However, the evidence was encountered during an operational audit and is not considered relevant to the audit. Which of the following is the most appropriate action for the chief audit executive to take?

Report the evidence to external legal counsel for investigation. Report the legal counsel findings to management.

Report the evidence to the chairperson of the audit committee and recommend an investigation.

Conduct sufficient audit work to conclude whether fraudulent activity has taken place, then report the findings to the chairperson of the audit committee and to government officials if appropriate action is not taken.

Discontinue audit work associated with the insider trading since it is not relevant to the existing audit.

NO.309 According to IIA guidance,when performing a compliance audit of data security standards for a large e-commerce retailer, which of the following would represent the least likely area of risk exposure?

Operational risks.

Change or configuration risks.

Access risks.

Physical security risks.

NO.310 An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?

Investigation of the physical security over access to the components of the LAN.

The ability of the LAN application to identify data items at the field or record level and implement user access security at that level.

Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise.

The level of security of other LANs in the company which also utilize sensitive data.

NO.311 Which of the following topics must the internal audit staff discuss with management during the exit conference?
1. Issues identified during the audit.
2. Evaluation criteria used to select controls for testing.
3. Staff who were interviewed during the audit.
4. The reporting process for the draft and final report.

1 and 3 only

1 and 4 only

2 and 3 only

2 and 4 only

NO.312 Which of the following would not be characteristic of control self-assessment implemented by an audit department?

An auditor usually facilitates the discussion during the workshop phase while another records comments for subsequent use.

Auditors and business-unit employees work as a team.

Auditors perform traditional audit tests to identify control weaknesses.

Participants discuss the control weaknesses that hinder the achievement of objectives.

NO.313 Which of the following is used to identify and prioritize critical business applications to determine those that must be restored and the order of restoration in the event that a disaster impairs information systems processing?

Contingent facility contract analysis.

System backup analysis.

Vendor supply agreement analysis.

Risk analysis.

NO.314 Which of the following statements is true pertaining to interviewing a fraud suspect?
1. Information gathered can be subjective as well as objective to be useful.
2. The primary objective is to obtain a voluntary written confession.
3. The interviewer is likely to begin the interview with open-ended questions.
4. Video recordings always should be used to provide the highest quality evidence.

1 only

4 only

1 and 3

2 and 4

NO.315 Cross-referencing individual payroll time cards to personnel department records and reports would allow an internal auditor to determine whether:

Individuals are bona fide employees.

Personnel department records agree with payroll accounting records.

Individuals were paid at the proper rates.

Individuals were paid only for time worked.

NO.316 An internal auditor has been assigned to perform a quality audit on a manufacturing plant. Which course of action should the auditor perform first?

Compare the planned outputs with the actual outputs.

Ascertain the costs of materials purchased.

Evaluate the plant’s ability to meet production quotas.

Review the levels of scrap and rework.

NO.317 An auditor analyzed a payroll system’s data files for unusual activity, such as excessive overtime hours, unusual fluctuations in pay rates, and excessive vacation time. The application controls being verified by this analysis are:

Edit and validation controls.

Rejected and suspense item controls.

Controls over update access to the database.

Programmed balancing controls.

NO.318 Checklists used to assess audit risk have been criticized for all of the following reasons except:

Providing a false sense of security that all relevant factors are addressed.

Inappropriately implying equal weight to each item on the checklist.

Decreasing the uniformity of data acquisition.

Being incapable of translating the experience or sound reasoning intended to be captured by each item on the checklist.

NO.319 An auditor prepared a workpaper that consisted of a list of employee names and identification numbers as well as the following statement:
“A statistical sample of 40 employee personnel files was selected to verify that they contain all documents required by company policy 501 (copy attached). No exceptions were noted.” The auditor did not place any audit verification symbols on this workpaper. Which of the following changes would most improve the auditor’s workpaper?

Use of audit verification symbols to show that each file was examined.

Removal of the employee names to protect their confidentiality.

Justification for the sample size.

Listing of the actual documents examined for each employee.

NO.320 Which of the following actions is related to the preliminary survey process?

Determining if controls are effective.

Preparing the engagement work program.

Identifying the current controls.

Completing a detailed test of controls.

NO.321 If participants in a control self-assessment workshop begin breaking their agreed-upon ground rules, the facilitator should:

Ignore the behavior and continue the workshop.

Allow them to continue briefly and then remind them of the ground rules.

Have the participants modify the ground rules.

Strictly enforce the ground rules.

NO.322 The chief audit executive (CAE) is adding a new audit position to the team. According to the International Professional Practices Framework, which of the following candidates would the CAE be least likely to accept for the position?

The candidate is applying for an IT audit position, while originally coming from an IT background, but has only experiences of financial and compliance audits in the previous position.

The candidate is knowledgeable about potential indicators of fraud including typical risks, but has only participated as a staff auditor in one investigative fraud audit.

The candidate meets the minimum educational requirements established by the chief audit executive, but has less formal education than any of the other candidates being considered.

The candidate provides examples of previous reports demonstrating excellent writing skills, but lacks ability to clearly communicate ideas and conclusions in a meeting.

NO.323 A recent survey indicated that residents of a small town take the train to a nearby city eight times per month, on average. The same survey showed that the number of train trips that a resident takes per month (y) is determined by the number of days per month that the resident works in the nearby city (x), according to the equation: y = 2 + 2x. A person who never works in the nearby city is expected to take the train:

Zero times per month.

Two times per month.

Four times per month.

Eight times per month.