New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

IIA IIA-CHAL-QISA Qualified Info Systems Auditor CIA Challenge Exam Exam Practice Test

Qualified Info Systems Auditor CIA Challenge Exam Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the Internal auditor wasassigned to an assurance engagement?

Options:

A.

The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.

B.

The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.

C.

The assigned internal auditor must not assume management responsibilities while performing the engagement.

D.

The assigned internal auditor must maintain objectivity while performing the engagement

Question 2

Which of the following statements is true regarding the management-by-objectives method?

Options:

A.

Management by objectives is most helpful in organizations that have rapid changes

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

C.

Management by objectives helps organizations to keep employees motivated.

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Question 3

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

Options:

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with the internal policy.

Question 4

Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?

1.Ensure encryption keys meet ISO standards.

2.Determine whether an independent review of the service provider's operation has been conducted.

3.Verify that the service provider's contracts include necessary clauses.

4.Verify that only public-switched data networks are used by the service provider

Options:

A.

1 and 3.

B.

1 and 4

C.

2 and 3.

D.

2 and 4.

Question 5

Which of the following activities would an internal auditor perform as a consulting engagement for an organization?

Options:

A.

Advising new internal auditors working for the organization on how to develop strategies on planning audits for the upcoming fiscal year

B.

Assessing whether the organization's corporate social responsibility program is meeting its yearly goals to reduce carbon emissions.

C.

Briefing the organization's department managers on how to implement risk management processes into their daily operations.

D.

Communicating with senior management to better understand how new purchasing controls will minimize payment processing time

Question 6

According to IIA guidance, which of the following statements regarding the internal audit charter is true?

Options:

A.

The nature of consulting services typically is not included in the charter.

B.

The chief audit executive must formally review the charter at least once a year

C.

The nature of assurances provided to parties outside of the organization typically is not included in the charter.

D.

The charter typically defines the internal audit activity’s position within the organization.

Question 7

Which of the following best demonstrates internal auditors performing their work with proficiency?

Options:

A.

internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA's Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Question 8

Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?

Options:

A.

Appoint the chief audit executive as a member of the board.

B.

Adopt written policies and procedures for the internal audit activity, approved by the board.

C.

Ensure the chief audit executive reports administratively to the audit committee.

D.

Establish the internal audit activity's position within the organization in an audit charter

Question 9

Which of the following is applicable to both a job order cost system and a process cost system'?

Options:

A.

Total manufacturing costs are determined at the end of each period.

B.

Costs are summarized in a production cost report for each department

C.

Three manufacturing cost elements are tracked: direct materials, direct labor, and manufacturing overhead.

D.

The unit cost can be calculated by dividing the total manufacturing costs for the period by the units produced during the period.

Question 10

Which of the following statements best describes the difference between risk appetite and risk tolerance?

Options:

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization's general attitude toward risk.

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management

C.

Risk appetite refers to an organization’s general level of acceptance, while risk tolerance is amore specific and subordinate concept

D.

There is no significant difference between the two terms

Question 11

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1.Consult on CSR program design and implementation

2.Serve as an advisor on CSR governance and risk management.

3.Review third parties for contractual compliance with CSR terms

4Identify and mitigate risks to help meet the CSR program objectives

Options:

A.

1,2, and 3.

B.

1.2. and 4.

C.

1, 3, and 4.

D.

2. 3. and 4.

Question 12

A company makes a product at a cost of $26 per unit, of which $10 is fixed cost. The product is usually sold for $30 per unit; however, the company has been approached by a new customer who would like to purchase 3,500 units for $18 each Further, the company would Incur additional cost to deliver the units to this customer If the company has the excess manufacturing capacity and all other factors are constant, what is the additional cost that the company would Incur in order to makea profit of $1.50 per unit for this order?

Options:

A.

$0.50

B.

$1.50

C.

$2 50

D.

$3.50

Question 13

Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?

Options:

A.

Reviewing journal entries for accuracy and completeness.

B.

Comparing the policies and procedures to regulatory collections guidance.

C.

Advising management on streamlining the recording of accounts receivable.

D.

Performing a walk-through of the debt collections process to determine whether proper segregation of duties exists

Question 14

Which of the following statements is true regarding an organization’s inventory valuation?

Options:

A.

The valuation will be incorrect if the inventory includes goods in transit shipped free on board (FOB) destination to another organization.

B.

The valuation will be correct if the inventory includes goods received on consignment from another organization.

C.

The valuation will be incorrect if the inventory includes goods in transit shipped FOB shipping point from another organization.

D.

The valuation will be correct if the inventory includes goods sent on consignment to another organization

Question 15

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

Options:

A.

An independent third party has assessed the organization's system of internal controls to be adequate and effective.

B.

The chief audit executive reports both functionally and administratively to the CEO

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives

Question 16

An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income Which of the following terms would the investor most likely label this investment in her portfolio?

Options:

A.

A star.

B.

A cash cow.

C.

A question mark.

D.

A dog

Question 17

The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?

Options:

A.

The scope of the engagement, the estimated time frame, and the names of the auditors.

B.

The estimated time frame, the names of the auditors, and the resources and travel budget

C.

The names of the auditors, the resources and travel budget, and the scope of the engagement.

D.

The resources and travel budget, the scope of the engagement, and the estimated time frame.

Question 18

Which of the following best describes the internal audit activity's responsibility within a risk and control framework?

Options:

A.

The internal audit activity constitutes the first line of defense in effective risk management.

B.

The internal audit activity provides direction regarding internal controls implementation.

C.

The internal audit activity verifies that management has met its responsibility for implementing effective controls.

D.

The internal audit activity implements the internal control framework and advises management regarding best practices

Question 19

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy Which of the following is the most appropriate idea to include?

Options:

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board Is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported

C.

Management is responsible for ensuring that the organization's CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization, thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Question 20

According to IIA guidance, which of the following most appropriately justifies the CEO’s decision that the internal audit activity shall be responsible for risk management and Investigation at multinational organization?

Options:

A.

The recommendation of the parent office external auditors.

B.

The provisions of the internal audit charter.

C.

The authority of the CEO.

D.

The level of proficiency of the chief audit executive

Question 21

According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization’s network and data'?

Options:

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.

Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause

C.

Applying administrative privileges to ensure right-to-access controls are appropriate

D.

Creating a standing cybersecurity committee to identify and manage risks related to data security.

Question 22

Which of the following offers the best explanation of why the auditor in charge would assign a junior auditor to complete a complex part of the audit engagement?

Options:

A.

The senior auditors are unavailable, as they are currently working on other portions of the engagement

B.

The auditor in charge believes that the junior auditor should obtain a specific type of experience.

C.

The audit engagement has a tight deadline and the work must be completed timely.

D.

The auditor in charge is unable to identify audit staff with all of the required skills needed to complete the engagement

Question 23

Which of the following best describes the risk contained in an initial public offering for a new stock?

Options:

A.

Residual risk.

B.

Net risk.

C.

Inherent risk.

D.

Underlying risk

Question 24

Which of the following is most likely to impair the organizational independence of the internal audit activity?

Options:

A.

The chief audit executive (CAE) reports administratively to the chief financial officer

B.

The CAE oversees the effectiveness of the organization’s risk management function.

C.

The CAE reports functionally to the CEO.

D.

The CAE managed the finance department for the past five years.

Question 25

A bank uses customer departmentalization to categorize its departments. Which of the following groups best exemplifies this method of categorization?

Options:

A.

Community, institutional, and agricultural banking

B.

Mortgages, credit cards, and savings.

C.

South, southwest and east.

D.

Teller, manager, and IT specialist

Question 26

An internal auditor has discovered that duplicate payments were made to one vendor Management has recouped the duplicate payments as a corrective action Which of the following describes managements action in this case?

Options:

A.

A condition-based action plan

B.

A cause-based action plan.

C.

A root cause-based action plan.

D.

An effect-based action plan.

Question 27

When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?

Options:

A.

The overall adequacy of the internal audit activity's resources

B.

The availability of guest auditors for the engagement

C.

The number of internal auditors used for the previous review of the same area.

D.

The available resources with the specific skill set required

Question 28

The internal audit activity is currently working on several engagements, including a consulting engagement on the management process in the human resources department. Which of the following actions should the chief audit executive take to most efficiently and effectively ensure the quality of the engagement?

Options:

A.

Assign an experienced manager to monitor the whole engagement process.

B.

Employ fieldwork peer review to enhance the work quality.

C.

Require internal auditors to follow a standardized work program.

D.

Personally supervise the engagement

Question 29

An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?

Options:

A.

It is particularly helpful to management when the organization is facing rapid change.

B.

It is a more successful approach when adopted by mechanistic organizations.

C.

it is more successful when goal-setting Is performed not only by management, but by all team members, including lower-level staff

D.

it is particularly successful in environments that are prone to having poor employer-employee relations

Question 30

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

Options:

A.

Report the monitoring status to senior management when requested.

B.

Assist management with implementing corrective actions.

C.

Determine the frequency and approach to monitoring

D.

Include all types of observations in the monitoring process

Question 31

A multinational organization has asked the internal audit activity to assist in setting up the organization's risk management system The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

Options:

A.

Coordinate and facilitate risk workshops for management to attend

B.

Establish the degree of risk appetite for management to accept.

C.

Set risk Indicators and mitigation plans for management to Implement.

D.

Determine the number of significant risks for management to report to the board

Question 32

A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

Options:

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals.

C.

Suboptimal decision-making.

D.

Duplication of business activities.

Question 33

The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?

Options:

A.

Request the internal audit activity to perform an ethics-related assurance engagement.

B.

Offer in-house ethics-related training seminars for employees to attend

C.

Reaffirm the importance of the organization's code of ethics to all employees

D.

Conduct an organization wide employee survey on ethical practices.

Question 34

Which of the following best demonstrates that the internal audit activity is using due professional care?

Options:

A.

The internal audit activity reports directly to the board on the engagements it performs.

B.

Internal auditors undertake the necessary training to complete their audit work.

C.

The completion of engagements is based on the assumption that fraudulent activities may exist.

D.

Internal auditors consider the use of technology-based audit and other data analysis techniques

Question 35

Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?

Options:

A.

A clothing company designs, makes, and sells a new item.

B.

A commercial construction company is hired to build a warehouse.

C.

A city department sets up a new firefighter training program.

D.

A manufacturing organization acquires component parts from a contracted vendor

Question 36

Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

Options:

A.

There is a higher reliance on organizational culture

B.

There are clear expectations set for employees.

C.

There are electronic monitoring techniques employed

D.

There is a defined code for employee behavior

Question 37

The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review Which of the following would be the most appropriate approach?

Options:

A.

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

B.

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

C.

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures

D.

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

Question 38

While conducting an engagement in the procurement department, the internal auditor noticed that the department head’s travel reports showed minor travel expenses, and there were no charges for hotels, meals, or transportation However, the auditor knew that the department head frequently traveled worldwide to meet with suppliers and visit their production sites. Which of the following would be the most appropriate next step for the auditor?

Options:

A.

The auditor should make a note of the issue for follow-up when employee travel expenses are audited.

B.

The auditor should analyze trends and changes among the organization's suppliers over the past few years.

C.

The auditor should investigate whether there are any special arrangements regarding senior management travel.

D.

The auditor should analyze the list of destinations the department head visited to estimate typical costs

Question 39

When is an organic organizational structure likely to be more successful than a mechanistic organizational structure?

Options:

A.

When a manufacturing organization has stable demand for its products.

B.

When an organization is subjected to strong political and social pressures

C.

When a manufacturer has reliable resources and suppliers.

D.

When an organization is infrequently affected by technological advances

Question 40

At a conference an internal auditor presented a new computer-assisted audit technique developed by his organization The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers and the trip was approved by the chief audit executive (CAE). However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

Options:

A.

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards

D.

The auditor breached the conflict of interest standard by accepting payment for travel costs

Question 41

Which of the following should be included in a company's year-end inventory valuation?

Options:

A.

Company goods that were sold during the year, free on board shipping point, that have been shipped but not yet received by the customer

B.

Goods purchased by the company, free on board destination, that have not yet been received.

C.

Goods on consignment, which the company is trying to sell for its customers.

D.

Company goods for sale on consignment at a consignment shop

Question 42

Who is responsible for ensuring internal auditors continuing professional development*

Options:

A.

Individual internal auditors

B.

Chief audit executive.

C.

The board

D.

Engagement supervisors

Question 43

Which of the following is true of matrix organizations?

Options:

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various functions.

C.

Authority, responsibility, and accountability of the units involved may vary based on the projects life, or the organization's culture.

D.

it is best suited for firms with scattered locations or for multi-line, large-scale firms.

Question 44

According to IIA guidance, which of the following is a limitation of a heat map?

Options:

A.

Impact cannot be represented on a heat map unless it is quantified in financial terms

B.

Impact and likelihood at times cannot be differentiated as to which is more important.

C.

A heat map cannot be used unless a risk and control matrix has been developed.

D.

Qualitative factors cannot be incorporated into a heat map

Question 45

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

Options:

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.

The self-assessment results were validated by a qualified external review team three years prior.

D.

The internal audit charter, approved by the audit committee, requires conformance with the Standards