IIA IIA-CIA-Part1 Free Practice Questions

NEW QUESTION 1
A medical insurance provider uses an electronic claims-submission process and suspects that a number of physicians have submitted claims for treatments that were not performed. Which of the following control procedures would be most effective to detect this type of fraud?

• A. Require the physician to submit a signed statement attesting that the treatments had been performed.
• B. Send confirmations to the physicians, requesting them to verify the exact nature of the claims submitted to the insurance provider.
• C. Develop an integrated test facility and submit false claims to verify that the system is detecting such claims on a consistent basis.
• D. Use computer software to identify abnormal claims based on the insured's age and medical history.

Answer: D

NEW QUESTION 2
Which of the following is an example of a detective control?

• A. Automatic shut-off valve.
• B. Auto-correct software functionality.
• C. Confirmation with suppliers and vendors.
• D. Safety instructions.

Answer: C

NEW QUESTION 3
An internal auditor is performing analytical reviews as part of an audit of a supermarket's merchandising department. Because the economy has declined since midyear, the auditor can expect to encounter which of the following?

• A. Higher inventory turnover.
• B. Higher operating margin.
• C. Lower obsolete stock disposal.
• D. Lower sales volume.

Answer: D

NEW QUESTION 4
Which of the following is an example of a risk management avoidance response?

• A. Exiting a marketplace.
• B. Recalling a product.
• C. Obtaining product insurance.
• D. Outsourcing production.

Answer: A

NEW QUESTION 5
A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annua snowfall for the coming winter. Which of the following best describes this type of risk?

• A. Residual.
• B. Net.
• C. Inherent.
• D. Accepted.

Answer: C

NEW QUESTION 6
Reviewing prior audit reports and supporting workpapers before an engagement starts enables an internal auditor to do which of the following?
* 1. To understand better the activity and processes that will be audited.
* 2. To identify the audit procedures that will be used during the engagement.
* 3. To ensure that matters of greatest vulnerability will be addressed.
* 4. To use the information obtained as evidence in the current engagement.

• A. 4 only
• B. 1 and 3 only
• C. 1 and 4 only
• D. 2, 3, and 4 only

Answer: B

NEW QUESTION 7
A government agency maintains a system of internal control, according to the COSO model, and has made a change to its employee performance reviews and rewards program. This change relates to which of the following components of COSO's internal control framework?

• A. Control environment.
• B. Control activities.
• C. Information and communication.
• D. Monitoring activities.

Answer: A

NEW QUESTION 8
A large sales organization maintains a system of internal control according to the COSO model and has updated its code of conduct. This change relates to which component of the COSO framework?

• A. Control activities.
• B. Information and communication.
• C. Commitment.
• D. Control environment.

Answer: D

NEW QUESTION 9
Which of the following is the primary engagement responsibility of an entry-level internal auditor?

• A. Leadership.
• B. Documentation.
• C. Analysis.
• D. Reporting.

Answer: C

NEW QUESTION 10
According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?

• A. Assessing the risk factors.
• B. Aligning risk appetite and strategy.
• C. Enhancing risk response decisions.
• D. Reducing operational surprises and losses.

Answer: A

NEW QUESTION 11
Internal auditors must exercise due professional care by considering which of the following?
* 1. Cost of assurance in relation to potential benefits.
* 2. Adequacy and effectiveness of governance, risk management, and control processes.
* 3. Management's competency level in the area being evaluated.
* 4. Probability of significant errors, fraud, or noncompliance.

• A. 1 and 2 only
• B. 1, 2, and 3 only
• C. 1, 2, and 4 only
• D. 2, 3, and 4 only

Answer: C

NEW QUESTION 12
Which of the following factors have the greatest influence on the independence of the internal audit activity?

• A. Quality assessments and cultural biases of the internal audit activity.
• B. Rotational assignments and familiarity of the internal audit activity.
• C. Employee incentives and self review of the internal audit activity.
• D. Organizational positioning and scope control of the internal audit activity.

Answer: D

NEW QUESTION 13
Management is developing and implementing a risk and control framework for use throughout the organization. Which of the following elements should be included in the organization's control framework?
* 1. Appropriate levels of authority and responsibility.
* 2. Supervision of staff and appropriate review of work.
* 3. The seniority of management in the organization.
* 4. The ability to trace each transaction to an accountable and responsible individual.

• A. 1,2, and 3.
• B. 1.2, and 4.
• C. 1.3, and 4.
• D. 2, 3, and 4.

Answer: D

NEW QUESTION 14
Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance?
* 1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
* 2. The internal audit activity must assess whether the IT governance of the organization supports the organization's strategies and objectives.
* 3. The internal audit activity may assess whether the IT governance of the organization supports the organization's strategies and objectives.
* 4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's strategies and objectives.

• A. 1 only.
• B. 4 only.
• C. 2 and 4.
• D. 3 and 4.

Answer: A

NEW QUESTION 15
Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?

• A. If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.
• B. Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is
• C. required to conduct privacy assessments.
• D. The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.
• E. The internal audit activity should have appropriate knowledge and competence to conduct an asses.......framework.

Answer: D

NEW QUESTION 16
In the area of business acumen, which of the following competencies would be the sole responsibility of an internal audit staff member?

• A. Maintaining industry-specific knowledge appropriate to the organization.
• B. Assessing how IT contributes to organization objectives, risks, and relevance to audit.
• C. Maintaining technical aspects of accounting standards and reporting processes.
• D. Understanding regulatory and legal framework and assessing its relevance.

Answer: D

NEW QUESTION 17
......