IIA-CIA-Part2 IIA Practice of Internal Auditing Free Practice Exam Questions (2025 Updated)

Skill Gap Identification: Internal auditors lack the necessary expertise in chemical waste disposal.

Consulting Experts: Engaging an external nonaudit expert ensures that the internal audit team receives the necessary technical knowledge to conduct an effective review.

Team Assembly: By assembling a team of internal auditors and consulting an external expert, the organization leverages both internal audit capabilities and external technical expertise.

Ensuring Competence: This approach ensures that the internal audit activity complies with the IIA Standards, specifically Standard 1210 – Proficiency, which requires internal auditors to possess the knowledge, skills, and other competencies needed to perform their responsibilities.

Understanding the GRI: The Global Reporting Initiative (GRI) provides a comprehensive framework for reporting on sustainability performance, including social responsibility aspects.

Framework and Standards: GRI standards are widely used and recognized globally, which helps organizations benchmark their performance against other entities using the same framework.

Stakeholder Communication: The GRI framework emphasizes transparency and accountability in reporting, making it an effective tool for informing stakeholders about an organization's social responsibility performance.

Comprehensive Coverage: GRI covers various aspects of social responsibility, including economic, environmental, and social impacts, providing a holistic view of an organization's performance.

Detective controls are designed to identify and detect errors or fraud after they have occurred. Receipts for employee expenses serve as a detective control by providing evidence of transactions, enabling verification and review of expenses to identify any fraudulent or unauthorized activities. Awareness of prior incidents of fraud (Option A) is more of a preventive control, contractor non-disclosure agreements (Option B) are preventive controls to mitigate risks of information leakage, and verification of currency exchange rates (Option C) is more of a transaction control. References: IIA Glossary – Detective Controls, COSO Framework

The chief audit executive (CAE) is responsible for the approval of the engagement objectives and scope. While the head of customer service and other stakeholders may provide input, it is ultimately the CAE's responsibility to ensure that the engagement aligns with the internal audit plan and meets the organization's overall objectives. The CAE's approval ensures the independence and objectivity of the internal audit function.

The Institute of Internal Auditors (IIA) Standard 2010 - Planning

IIA Standard 2200 - Engagement Planning

A periodic report from the chief audit executive (CAE) to the board typically includes information about the internal audit activity's purpose, authority, responsibility, and performance relative to the audit plan. This report ensures that the board is kept informed about the internal audit activity’s alignment with organizational goals, its independence, and any significant issues or deviations from the plan.

IIA References:

IIA Standard 2060: Reporting to Senior Management and the Board requires the CAE to report periodically to the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan. This standard ensures that the board has a clear understanding of how the internal audit activity is fulfilling its role.

The Practice Guide on Effective Communication with the Board recommends that the CAE provide regular updates on the internal audit activity’s progress against its plan and any significant issues that require the board’s attention.

The flowchart indicates that different individuals are responsible for various stages of the bank reconciliation process. The Treasury Accountant posts payments and performs reconciliations, while the Senior Treasury Accountant obtains and uploads bank statements, and the Treasury Supervisor approves/reviews the reconciliations. This segregation of duties ensures that no single individual has control over all aspects of the financial transaction process, which helps in preventing errors and fraud.

The Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards)

"Auditing and Assurance Services" by Alvin A. Arens, Randal J. Elder, and Mark S. Beasley

According to IIA guidance, elements of evaluation reflect a valid principle for the internal audit activity to rely on the work of internal or external assurance providers. This principle involves assessing the competence, objectivity, and performance of the assurance providers to ensure their work can be relied upon. Proper evaluation helps internal auditors determine the extent to which they can use the work of others in forming their conclusions.

IIA Standards: 2050 - Coordination and Reliance

IIA Practice Guide: Reliance by Internal Audit on Other Assurance Providers

Identifying the Anomaly: The internal auditor has identified a discrepancy in the travel expenses of the department head, who frequently travels yet reports minimal expenses. This raises a red flag that needs further investigation.

Understanding the Context: It is important to determine if there are legitimate reasons for the discrepancy, such as special arrangements made for senior management travel, which could explain the absence of typical travel expenses like hotels, meals, and transportation.

Appropriate Next Step: Investigating whether there are any special arrangements for senior management travel (Option C) is the most logical next step. This helps in understanding the context and validating whether the discrepancy is justified or indicative of potential issues such as fraud or misreporting.

According to IIA guidance, a draft work program prepared by the engagement supervisor after concluding a preliminary assessment would test the process controls. The work program outlines the specific procedures and steps the internal audit team will take to evaluate the effectiveness of the controls in place to mitigate identified risks.

IIA Standards: 2240 - Engagement Work Program

IIA Practice Guide: Engagement Planning

Discovery sampling is typically used when testing for fraud, especially when the expected deviation rate is very low. This method is designed to detect at least one occurrence of a specific characteristic (such as fraud) within a given sample size, making it effective for identifying rare but critical issues. It is particularly useful when the auditor suspects that fraud may exist but expects it to be infrequent.

Institute of Internal Auditors (IIA), Practice Guide – Auditing for Fraud.

The guidelines for preparing audit engagement workpapers emphasize clarity, completeness, and accuracy to ensure that they can be easily understood and used by others within the auditing function.

Option A: Workpapers should be understandable to the auditor in charge and the chief audit executive.

While workpapers must indeed be clear to the auditor in charge and the chief audit executive, this guideline does not fully capture the broader requirement for understandability to other auditors.

Option B: Workpapers should be understandable to the audit client and the board.

Although transparency with the audit client and the board is important, workpapers are primarily internal documents used to support the audit process and conclusions.

Option C: Workpapers should be understandable to another internal auditor who was not involved in the engagement.

This is the most comprehensive requirement, ensuring that any internal auditor, even if not originally involved, can review the workpapers, understand the procedures performed, and the conclusions reached. This is crucial for maintaining continuity, quality control, and facilitating reviews or future audits.

Option D: Workpapers should be understandable to external auditors and regulatory agencies.

While external auditors and regulatory agencies may review workpapers, the primary audience is internal auditors, who need to ensure the workpapers are detailed and clear enough for effective internal use and review.

Phishing exploits human weaknesses by tricking users into revealing sensitive information. While technical defenses (IDS, firewalls, hardening) help, the most effective prevention is regular security awareness training that educates employees on recognizing and avoiding phishing attempts. Therefore, the best preventive measure is Option C.

To ensure that the company is not taking any unwanted credit risks, the internal auditor should test controls that ensure construction orders are initiated only after the second invoice, which represents 70% of the payment, is paid. This control is critical because it minimizes the financial risk to the company by ensuring that a significant portion of the payment is received before the majority of the work is undertaken. This practice helps protect the company from potential non-payment issues and reduces the financial exposure associated with the project.

COSO Framework

The Institute of Internal Auditors (IIA) Standard 2130: Control