[Free] Download New Updated (October 2016) IIA IIA-CIA-Part2 Real Exam 321-330

Ensurepass

QUESTION 321

Which of the following is not true regarding the management of internal audit resources?

 

A.

A minimum level of information technology knowledge is necessary.

B.

The adequacy of internal audit resources is ultimately a board responsibility.

C.

Resources include external service providers and computer-assisted audit techniques.

D.

Skills availability must be aligned with financial constraints.

 

Correct Answer: D

 

 

QUESTION 322

Which of the following statements regarding the use of external contracted services by the chief audit executive (CAE) is false?

 

A.

The CAE’s responsibility is not impaired by engaging an external expert.

B.

The external expert could have a prior relationship with the audit client.

C.

The audit report should not disclose the use of contracted services.

D.

The expert should be directed by the objectives and scope of work.

 

Correct Answer: C

 

 

QUESTION 323

An internal auditor is conducting an assessment of the organization’s fraud controls. Which of the following would not be considered a preventive control?

 

1. Daily report that identifies unsuccessful system log-in attempts.

 

2. Weekly management communication with tips on identifying possible fraud.

 

3. E-mail alert sent to management for checks issued over $100,000.00.

 

4. New hire training to explain fraud and employee misconduct.

 

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 4 only

D.

3 and 4 only

 

Correct Answer: B

 

 

QUESTION 324

Management requested the chief audit executive (CAE) to include an audit of the organization’s health and safety program in next year’s annual audit plan. However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?

 

A.

With management’s agreement, amend the scope of the audit to ensure that areas examined do not require specialized knowledge and expertise.

B.

Meet with management to explain that the audit cannot be undertaken and discuss alternative strategies that can be implemented until internal audit can develop its capability in the area.

C.

Accept the request provided management has conducted a thorough risk assessment prior to the engagement to help guide the audit.

D.

Advise management that compliance audits of this type should only be conducted by the corresponding regulatory agency to ensure independence.

 

Correct Answer: B

 

 

 

QUESTION 325

During the audit of a large decentralized supply chain function, the chief audit executive (CAE) receives serious allegations of fraud concerning the vice president responsible for this function. The CAE engages a third party to provide forensic audit services and lead the investigation portion of the engagement. As part of this team, which of the following would be an appropriate role for the investigator?

 

1. Authenticate the original approval signatures on contracts.

 

2. Interview personnel to understand the supply chain processes.

 

3. Provide certified copies of relevant original documents for the audit file.

 

4. Identify variances in pixels on original electronic documents.

 

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

 

Correct Answer: B

 

 

QUESTION 326

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity (IAA) may provide risk management consulting?

 

1. There is a clear strategy and timeline to migrate risk management responsibility back to management.

 

2. The IAA has the final approval on any risk management decisions.

 

3. The IAA does not give objective assurance on any part of the risk management framework for which it is responsible.

 

4. The nature of services provided to the organization is documented in the internal audit charter.

 

A.

1, 2, and 3 only

B.

1, 2, and 4 only

C.

1, 3, and 4 only

D.

2, 3, and 4 only

 

Correct Answer: C

 

 

QUESTION 327

While preparing the annual audit plan, the newly assigned chief audit executive (CAE) learns that the organization has not yet implemented a risk framework. Which of the following would be the most appropriate action for the CAE to take regarding potential engagements?

 

A.

Prioritize the engagements that were not done in previous years and schedule them for the upcoming year.

B.

Consult with senior management and the board and make adjustments regarding risk.

C.

Review all outstanding recommendations from prior audit engagements and focus on them in the upcoming year.

D.

Use the previous three-year audit plan to extrapolate potential engagements for the upcoming year’s schedule of engagement.

 

Correct Answer: B

 

 

QUESTION 328

During an engagement the internal auditors reported that the organization was paying suppliers without receiving the merchandise. Management responded that it would immediately establish the use of receiving reports. As part of the follow-up activity, which of the following procedures would be the most appropriate in determining that management action was implemented?

 

A.

Ask management if the new policy related to the receiving reports is in place.

B.

Select a sample of receiving reports and determine if payments were made.

C.

Interview warehouse employees to ascertain adherence to new policy.

D.

Select a sample of payments and determine if a receiving report exists.

 

Correct Answer: D

 

 

QUESTION 329

Which of the following should be included in the scope of an audit of a third-party contractor?

 

1. Budgets and financial forecasts for the project.

 

2. Contractor’s information and control systems.

 

3. Contractor’s financial position.

 

4. Progress of the project and costs incurred.

 

A.

1 and 4 only

B.

1, 2, and 3 only

C.

2, 3, and 4 only

D.

1, 2, 3, and 4

 

Correct Answer: D

 

 

QUESTION 330

An organization has adopted an enterprise-wide risk management process and has appointed a chief risk office
r (CRO) to manage the process. The board has requested that the audit committee have oversight over the risk management function. Which of the following statements is not true regarding this situation?

 

A.

The audit committee should get assurance on the adequacy and effectiveness of the risk management process from the CRO.

B.

The chief audit executive has the mandate to conduct risk assessments and give assurance to the audit committee.

C.

The audit committee, on behalf of the board, has overall responsibility for the risk management process in the organization.

D.

Senior management is accountable to the board for monitoring the system of internal controls.

Correct Answer: A

 

Free VCE & PDF File for IIA IIA-CIA-Part2 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in IIA-CIA-Part2 Actual Test (October 2016) and tagged , , , , , , , . Bookmark the permalink.