VCEPrep IIA-CIA-Part2 Dumps Real Exam Questions Test Engine Dumps Training [Q114-Q133] : Latest Exam Prep : http://certify.vceprep.com

NO.114 Which of the following is the most common method management can use to manage risk within its risk appetite?

Implementation of controls.

Use of risk registers and dashboard.

Frequent communication of risk appetite for operating personnel.

Continuous evaluations and audits.

NO.115 If management expects 100 percent compliance with a procedure, which of the following sampling approaches would be most appropriate?

Attributes sampling.

Discovery sampling.

Targeted sampling.

Variables sampling.

NO.116 What type of analysis is performed when an auditor tests for unusual variations in information by comparing the number of employees working at a factory site with the direct cost of production each month over a period of one year?

Trend analysis.

Ratio analysis.

Regression analysis.

Horizontal analysis.

NO.117 Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?

Verify that amounts are correct.

Verify that payments are on time.

Verify that recipients are valid employees.

Verify that benefits deductions are accurate.

NO.118 Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?

To help develop process maps.

To determine segregation of duties.

To identify residual risks.

To test the adequacy of controls.

NO.119 Which of the following would be a red flag that indicates the possibility of inventory fraud?
I. The controller has assumed responsibility for approving all payments to certain vendors.
II. The controller has continuously delayed installation of a new accounts payable system, despite a corporate directive to implement it.
III. Sales commissions are not consistent with the organization’s increased levels of sales.
IV. Payments to certain vendors are supported by copies of receiving memos, rather than originals.

I and II only

II and III only

I, II, and IV only

I, III, and IV only

NO.120 Information gathered in a forensic investigation of business fraud is usually gathered with which of the following standards in mind?

Generally Accepted Auditing Standards.

Generally Accepted Accounting Principles.

The International Professional Practices Framework.

Legal evidence.

NO.121 As part of an operational audit, an auditor compared records of current inventory with usage during the prior two-year period and determined that the spare parts inventory was excessive. What step should the auditor perform first?

Determine the effects of a stock-out on the organization’s profitability.

Determine whether a clear policy exists for setting inventory limits.

Determine who approved the purchase orders for the spare parts.

Determine whether purchases were properly recorded.

NO.122 During an operational audit of a chain of pizza delivery stores, an auditor determined that cold pizzas were causing customer dissatisfaction. A review of oven calibration records for the last six months revealed that adjustments were made on over 40 percent of the ovens. Based on this, the auditor:

Has enough evidence to conclude that improperly functioning ovens are the cause.

Needs to conduct further inquiries and reviews to determine the impact of the oven variations on the pizza temperature.

Has enough evidence to recommend the replacement of some of the ovens.

Must search for another cause since approximately 60 percent of the ovens did not require adjustment.

NO.123 Which of the following best illustrates the primary focus of a risk-based approach to control self-assessment?

To evaluate controls regarding the computer security of an oil refinery.

To examine the processes involved in exploring, developing, and operating a gold mine.

To assess the likelihood and impact of events associated with operating a finished goods warehouse.

To link a financial institution’s business objectives to a work unit responsible for the associated risk.

NO.124 During an audit of a branch bank, an internal auditor learned that a series of system failures had resulted in a four-day delay in processing customers’ scheduled payroll direct deposits. The first failure was that of a disk drive, followed by software and other minor failures. Which of the following controls should the auditor recommend to avoid similar delays in processing?

Contingency planning.

Redundancy checks.

Process monitoring.

Preventive maintenance.

NO.125 The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?
* The annual audit plan should include audits that are consistent with the skills of the IAA.
* Audits of high-risk areas of the organization should be conducted by internal audit staff.
* External resources may be hired to provide subject-matter expertise but should be supervised.
* Auditors should develop their skills by being assigned to complex audits for learning opportunities.

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

NO.126 The final internal audit report should be distributed to which of the following individuals?

Audit client management only

Executive management only

Audit client management, executive management, and others approved by the chief audit executive.

Audit client management, executive management, and any those who request a copy.

NO.127 A large investment organization hired a chief risk officer (CRO) to be responsible for the organization’s risk management processes. Which of the following people should prioritize risks to be used for the audit plan?

Operational management, because they are responsible for the day-to-day management of the operational risks.

The CRO, because he is responsible for coordinating and project managing risk activities based on his specialized skills and knowledge.

The chief audit executive, although he is not accountable for risk management in the organization.

The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed tolerance limits set by the board.

NO.128 An internal auditor and engagement client are deadlocked over the auditor’s differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?

Conduct a joint brainstorming session with management.

Ask the chief audit executive to mediate.

Disclose the client’s differing opinion in the final report.

Escalate the issue to senior management for a decision.

NO.129 According to IIA guidance, which of the following are benefits to the internal audit activity when conducting an assurance mapping exercise?

Identification of gaps in risk coverage, and minimization of duplicate assurance efforts.

Identification of gaps in risk coverage, and consolidation of risk reporting efforts.

Resolution of identified testing errors, and miminization of duplicate assurance efforts.

Resolution of identified testing errors, and consolidation of risk reporting efforts.

NO.130 Which of the following best defines an engagement conclusion?

An auditor’s determination of the cause of an engagement observation.

An auditor’s professional judgment of the situation which was reviewed.

An opinion that must be included in the engagement final communication.

A recommendation for corrective action.

NO.131 A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive but performs no further follow-up. The auditor’s actions would:
I. Be in violation of the IIA Code of Ethics for withholding meaningful information.
II. Be in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud.
III. Not be in violation of either the IIA Code of Ethics or Standards.

I only

II only

III only

I and II only

NO.132 Which of the following is a responsibility of the internal auditor once a fraud investigation has been concluded?

Ascertain the extent to which fraud has been perpetrated.

Notify the appropriate regulatory authorities regarding the outcome of the investigation.

Determine if controls need to be implemented or strengthened to reduce future vulnerability.

Implement controls to prevent future occurrences.

NO.133 Which of the following statements is correct regarding the assessment of risk in the annual audit planning process?
1.Activities requested by management should be considered higher risk than those requested by the audit committee.
2.Activities with lower budgets can be as high risk as those with higher budgets.
3.The potential financial or adverse exposure should always be considered in the assessment of risk.

1 only

2 only

3 only

2 and 3 only

VCEPrep IIA-CIA-Part2 Dumps Real Exam Questions Test Engine Dumps Training [Q114-Q133]

IIA IIA-CIA-Part2 Exam Syllabus Topics: