IIA IIA-CIA-Part1 Übungsprüfungen
Zuletzt aktualisiert am 26.04.2025- Prüfungscode: IIA-CIA-Part1
- Prüfungsname: CIA Exam Part One: Essentials of Internal Auditing
- Zertifizierungsanbieter: IIA
- Zuletzt aktualisiert am: 26.04.2025
Which of the following is the best way for an internal auditor to demonstrate due professional care?
- A . Conduct an audit to the same extent that another prudent auditor would under similar circumstances
- B . Seek feedback from the engagement supervisor during the engagement
- C . Execute internal audit work in such a manner as to provide absolute assurance of compliance
- D . Request and receive client feedback surveys during the engagement
A chief audit executive (CAE) was asked by senior management to establish and manage a risk management function. A new chief risk officer was hired a year later to assume these responsibilities. As this function was included in the current annual audit plan, the CAE engaged an external resource for a risk management engagement.
Which of the following potential threats to objectivity was the CAE likely addressing?
- A . Self-review threat.
- B . Advocacy threat.
- C . Familiarity threat.
- D . Personal relationship threat.
During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company’s expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value.
Given this situation, which skills or competencies should this internal auditor seek to improve?
- A . Skills in evaluating the risk of fraud.
- B . Knowledge of key IT risks and controls
- C . Soft skills such as communication and negotiation.
- D . Knowledge and understanding of the company’s expenses policy
Which of the following best demonstrates that an internal auditor is applying due professional care when planning an assurance engagement?
- A . Assessing the risk of noncompliance with laws and regulations
- B . Following the policies as prescribed by the internal audit manual.
- C . Advising management of the area under review on how to mitigate internal control risks.
- D . Conducting the engagement on the presupposition that fraud exists.
An organization has limited resources to spend on corporate social responsibility initiatives.
Which is the most suitable approach to determine how these resources should be used?
- A . Support a mix of environmental economic and social initiatives to ensure a balanced approach is taken
- B . Survey employees and external stakeholders to see which causes are best suited to the organization.
- C . Select corporate social responsibility initiatives that support the overall strategic goals of the organization
- D . Conduct a financial analysis to determine where the most impact can be made with the budget available
According to MA guidance, which of the following gives the internal audit activity the authority to request supporting documentation for the invoices of a third-party service provider?
- A . The internal audit policy manual.
- B . The internal audit charter.
- C . The board of directors.
- D . The quality assurance and improvement program.
An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment.
According to the Standards, which of the following would the auditor include in the risk register?
- A . Management’s acceptance of inadequate controls for cybersecurity risk.
- B . Discussions with senior management relating to a new revenue stream.
- C . Mitigating controls implemented by the engagement supervisor
- D . Project manager planned hours versus time spent for all prior year projects
An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment.
According to the Standards, which of the following would the auditor include in the risk register?
- A . Management’s acceptance of inadequate controls for cybersecurity risk.
- B . Discussions with senior management relating to a new revenue stream.
- C . Mitigating controls implemented by the engagement supervisor
- D . Project manager planned hours versus time spent for all prior year projects
Which of the following best illustrates the application of due professional care during an audit of the procurement department?
- A . The internal auditor began checking purchase requisitions for proper authorizations. He stopped when he discovered an instance of noncompliance. and he concluded the controls were ineffective.
- B . The internal auditor discovered an instance where management did not follow the standard bidding processes. The auditor assessed the validity of management’s
reasons for deviating from standard practice and the supporting documentation, and determined that the deviation was acceptable. - C . The internal auditor selected a sample of purchase orders with amounts greater than S5.000, the threshold at which the organization requires a bidding process. The auditor obtained documentation of the bidding process for each purchase order in the sample.
- D . The internal auditor analyzed bidding documents provided by management. Management indicated that the documents were purchase orders issued to a sole-source vendor Based on the analysis and management’s declaration, the internal auditor determined that the procurement process was effective.
Due to unfavorable economic conditions management decided to postpone new investments for the next year.
Which of the following best describes the risk management strategy used to address this situation?
- A . Risk mitigation
- B . Risk avoidance
- C . Risk reduction
- D . Risk transfer