IIA IIA-CIA-Part1 Übungsprüfungen
Zuletzt aktualisiert am 25.04.2025- Prüfungscode: IIA-CIA-Part1
- Prüfungsname: CIA Exam Part One: Essentials of Internal Auditing
- Zertifizierungsanbieter: IIA
- Zuletzt aktualisiert am: 25.04.2025
Which of the following is the best example of an ongoing independent monitoring activity?
- A . Management quality assurance activities
- B . Internal audit fraud prevention and detection activities
- C . Management and supervisory activities
- D . External audit quality assurance activities
If an internal auditor suspects fraud during an engagement which of the following is expected of the auditor?
- A . Evaluate the suspected activities to determine whether a forma! investigation is warranted,
- B . Immediately inform senior management and the board of the suspected fraud.
- C . Ascertain the level of resources needed to formally investigate the fraud, and proceed with the investigation if resources permit,
- D . Include in the engagement documentation all possible effects and the potential impact of the fraud to the organization
Which of the following techniques should an internal auditor use in order to conduct an effective interview?
- A . Use technical language to establish credibility with the employee being interviewed
- B . Avoid straightforward questions to make the person being interviewed think before answering
- C . Prepare the next question while the interviewee is responding to demonstrate preparedness
- D . Appear confident but not arrogant during the interview to show professionalism
Which of the following accurately describes the concept of inherent risk?
- A . Risk factors that exist when controls are in place and operating effectively
- B . Internal risk factors assuming no controls are in place
- C . Risk factors that cannot be mitigated because they are innate to a process
- D . Combination of internal and external risk factors in their pure state assuming no controls are in place
Which of the following would be considered a primary control to reduce the risk associated with setting up duplicate vendors?
- A . Receipt of a signed and approved vendor setup form.
- B . Segregation of duties between setting up vendors and making vendor payments.
- C . System validation and edit checks on vendor identification number
- D . A vendor setup policy and procedure.
Which of the following statements is true regarding risk management frameworks?
- A . The organization should ensure that it uses a universally-accepted risk management framework.
- B . The organization should ensure that its risk management framework is designed specifically to meet the needs of its operations.
- C . The organization should ensure that the board is responsible for implementing the risk management framework.
- D . The organization should ensure that the risk management framework has been validated by the internal audit activity for implementation.
At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).
However, neither management nor the CAE was aware that the internal auditor would be making a
presentation based on work completed for the organization.
According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?
- A . The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.
- B . The auditor violated the principle of confidentiality by disclosing information about the organization without approval.
- C . The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards,
- D . The auditor breached the conflict of interest standard by accepting payment for travel costs
What would be the proper sequence of steps for an internal auditor to take in order to draw a conclusion on internal control effectiveness and adequacy after ascertaining the key controls?
- A . Evaluate the adequacy of the controls and then test the controls for effectiveness.
- B . Test the controls for effectiveness and then evaluate the adequacy of the controls.
- C . Identify risks and then evaluate the controls for effectiveness.
- D . Evaluate the controls for effectiveness and then assess the risks in the area.
Which of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?
- A . The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system.
- B . The volume of nonroutine journal entries has steadily increased over time.
- C . The database of approved suppliers has not been reviewed in the last year.
- D . The recent employee survey indicates that some employees remain unaware of the organization’s whistleblower hotline.
According to IIA guidance, a new internal auditor is expected to possess which of the following competencies?
- A . Technical industry-specific expertise.
- B . Expertise in cybersecurity, an area of increasing risk.
- C . Knowledge of IT risks and controls.
- D . Knowledge of forensic accounting.