NotJustExam Interactive Question Bank | [IIA] CIA - Certified Internal Auditor (Part 2)

Question 1

Which of the following would be a red flag that indicates the possibility of inventory fraud?
I. The controller has assumed responsibility for approving all payments to certain vendors.
II. The controller has continuously delayed installation of a new accounts payable system, despite a corporate directive to implement it.
III. Sales commissions are not consistent with the organization's increased levels of sales.
IV. Payments to certain vendors are supported by copies of receiving memos, rather than originals.

A. I and II only
B. II and III only
C. I, II, and IV only
D. I, III, and IV only

Correct Answer: C

Explanation:

The suggested answer is C.
The AI agrees with the suggested answer (C).
The reason for choosing C is that it includes indicators directly related to potential inventory fraud, focusing on control weaknesses and documentation irregularities associated with vendor payments and receiving processes. The question specifically asks about inventory fraud, making options related to vendor payments and receiving documentation more relevant.
Here's a breakdown of why each Roman numeral is or isn't a red flag for inventory fraud:

I. The controller has assumed responsibility for approving all payments to certain vendors. - This is a red flag because it concentrates too much power in one individual, bypassing segregation of duties. The controller could potentially approve fraudulent invoices for inventory and manipulate the payments.
II. The controller has continuously delayed installation of a new accounts payable system, despite a corporate directive to implement it. - This is a red flag. A new system might implement better controls, and delaying it could be a deliberate attempt to avoid detection of existing fraud.
III. Sales commissions are not consistent with the organization's increased levels of sales. - While inconsistent sales commissions could indicate issues with sales practices or revenue recognition, they aren't directly related to inventory fraud. It could be a red flag for other types of fraud, but not necessarily inventory fraud.
IV. Payments to certain vendors are supported by copies of receiving memos, rather than originals. - This is a red flag. Copies are easier to alter than originals, and the absence of original receiving memos suggests that inventory may not have actually been received, or that the receiving documentation is being manipulated to cover up discrepancies.

The reason for excluding option III is that, while it could indicate some form of financial irregularity, it doesn't directly point to inventory fraud, which is the focus of the question. Therefore, options A, B, and D are incorrect because they either omit a critical indicator (I, II, or IV) or include an irrelevant one (III).

Citations:

Internal Auditing: Assurance & Advisory Services, 4th Edition (The IIA, 2017)
COSO Framework 2013 https://www.coso.org/

Question 2

During an operational audit of a chain of pizza delivery stores, an auditor determined that cold pizzas were causing customer dissatisfaction. A review of oven calibration records for the last six months revealed that adjustments were made on over 40 percent of the ovens. Based on this, the auditor:

A. Has enough evidence to conclude that improperly functioning ovens are the cause.
B. Needs to conduct further inquiries and reviews to determine the impact of the oven variations on the pizza temperature.
C. Has enough evidence to recommend the replacement of some of the ovens.
D. Must search for another cause since approximately 60 percent of the ovens did not require adjustment.

Correct Answer: B

Explanation:

The AI agrees with the suggested answer B.
Reasoning: The auditor has identified a potential issue (oven calibration) that *may* be related to the problem (cold pizzas). However, the evidence isn't conclusive. Further investigation is needed to determine if the oven calibration issues are directly causing the cold pizzas. The auditor needs to conduct further inquiries and reviews to determine the actual impact of the oven variations on the pizza temperature. This would involve gathering more data to establish a link between the oven calibration adjustments and the temperature of the pizzas being delivered. For example, the auditor could compare the temperature of pizzas cooked in ovens that have been recently calibrated to those cooked in ovens that have not, or review customer complaints to see if there is a correlation between oven calibration and complaints about cold pizzas.
Reasons for not choosing other options:

A: The auditor doesn't have enough evidence to *conclude* that improperly functioning ovens are the *cause*. A correlation has been identified, but causation hasn't been established.
C: Recommending the replacement of ovens is premature at this stage. Further investigation is needed to determine if the ovens are indeed faulty and if replacing them would solve the problem.
D: Dismissing the oven calibration issue simply because 60% of ovens didn't require adjustment is incorrect. Even if a portion of the ovens are functioning correctly, the 40% that required adjustment could still be contributing to the problem. The auditor should investigate whether the adjustments made were effective and whether the adjusted ovens are now functioning within acceptable parameters.

Question 3

When assessing the risk associated with an activity, an internal auditor should:

A. Determine how the risk should best be managed.
B. Provide assurance on the management of the risk.
C. Modify the risk management process based on risk exposures.
D. Design controls to mitigate the identified risks.

Correct Answer: B

Explanation:

The AI assistant agrees with the suggested answer B.
Reasoning: The primary role of an internal auditor when assessing risk is to provide assurance on the management of that risk. This involves evaluating the effectiveness of the risk management processes in place. The IIA standards emphasize the assurance and advisory roles of internal audit, maintaining independence from management's responsibilities.
Reasons for not choosing other options:

A: Determine how the risk should best be managed. This is a management responsibility, not the role of the internal auditor. The internal auditor assesses the effectiveness of management's risk management strategies.
C: Modify the risk management process based on risk exposures. Modifying the risk management process is also a management responsibility. The internal auditor can make recommendations for improvement, but the actual modification is done by management.
D: Design controls to mitigate the identified risks. Designing controls is a management function. The internal auditor evaluates the design and effectiveness of existing controls.

The internal auditor's role is to provide independent and objective assurance and advice, not to take on management's responsibilities.

Question 4

Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function?

A. Observe the process.
B. Review the trend in receivables write-offs.
C. Ask the credit manager about the effectiveness of the function.
D. Check for evidence of credit approval on a sample of customer orders.

Correct Answer: B

Explanation:

The AI agrees with the suggested answer (B).
The best evidence of the effectiveness of a credit-granting function is the trend in receivables write-offs. A low or decreasing trend in write-offs suggests that the credit-granting function is effectively assessing credit risk and minimizing losses. This is a direct, measurable indicator of the function's performance.
Reasoning:

Option A (Observe the process): While observation can provide insights into the credit-granting process, it doesn't directly measure its effectiveness. The process might look good but still result in high write-offs.
Option B (Review the trend in receivables write-offs): This provides a direct, quantitative measure of the effectiveness of the credit-granting function. A lower write-off trend indicates better credit risk assessment and management.
Option C (Ask the credit manager about the effectiveness of the function): This is subjective and relies on the credit manager's perception, which may be biased. It doesn't provide objective evidence.
Option D (Check for evidence of credit approval on a sample of customer orders): This only verifies that the credit approval process is being followed, but it doesn't guarantee that the approvals are effective in preventing write-offs. A well-documented but flawed approval process could still lead to high write-offs.

Reasons for not choosing the other answers:

Options A, C, and D are either subjective, process-oriented rather than outcome-oriented, or don't directly measure the effectiveness of the credit-granting function in minimizing losses.

Supporting Evidence and Citations:

Receivables Write-offs Analysis, https://corporatefinanceinstitute.com/resources/knowledge/accounting/write-off/
Assessing Credit Risk, https://www.investopedia.com/terms/c/creditrisk.asp

Question 5

The most effective way for internal auditors to enhance the reliability of computerized financial and operating information is by:

A. Determining if controls over record keeping and reporting are adequate and effective.
B. Reviewing data provided by information systems to test compliance with external requirements.
C. Determining if information systems provide management with timely information.
D. Determining if information systems provide complete information.

Correct Answer: A

Explanation:

The AI agrees with the suggested answer A. The most effective way for internal auditors to enhance the reliability of computerized financial and operating information is by determining if controls over record keeping and reporting are adequate and effective.

Reasoning:
Option A directly addresses the core of reliability by ensuring that the controls governing record-keeping and reporting are both adequate and effective. This encompasses the entire process from data input to report generation, ensuring that the information is accurate and trustworthy. Effective controls minimize errors and prevent manipulation, thereby enhancing reliability. As mentioned in the discussion summary, if controls are adequate and effective, the output is more likely to be free from bias.
Reasons for not choosing other options:

B) Reviewing data to test compliance with external requirements: While compliance is important, it doesn't directly address the reliability of the underlying data. Data can be compliant but still contain errors or be manipulated. Compliance is a subset of a reliable system, not the entire focus.
C) Determining if information systems provide management with timely information: Timeliness is a desirable attribute of information, but it does not guarantee reliability. Information can be timely but inaccurate or incomplete.
D) Determining if information systems provide complete information: Completeness is important, but it does not ensure reliability. Complete information can still be inaccurate or biased.

Therefore, option A is the most comprehensive and effective approach to enhance the reliability of computerized information.

Question 6

An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?

A. Investigation of the physical security over access to the components of the LAN.
B. The ability of the LAN application to identify data items at the field or record level and implement user access security at that level.
C. Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise.
D. The level of security of other LANs in the company which also utilize sensitive data.

Correct Answer: D

Explanation:

The AI agrees with the suggested answer, which is D. The level of security of other LANs in the company which also utilize sensitive data should be considered outside the scope of this security audit engagement.

Reasoning: The question specifically focuses on a security audit of a local area network (LAN) within the finance department. The scope of this audit should primarily address risks and controls related to that specific LAN. Assessing the security of *other* LANs, even if they also handle sensitive data, is a separate audit engagement and falls outside the defined scope. Addressing the security of other LANs would broaden the audit considerably and would not be directly relevant to the stated objective of assessing the finance department's LAN security.

Reasons for not choosing other options:

A: Investigation of the physical security over access to the components of the LAN is within the scope because physical access controls are a critical component of LAN security.
B: The ability of the LAN application to identify data items at the field or record level and implement user access security at that level is within the scope because access controls are a primary security concern.
C: Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise is within the scope because user feedback is a valuable source of information for identifying security weaknesses.

In summary, option D is the most appropriate answer because it expands the audit scope beyond the specified LAN within the finance department.

Question 7

An audit of management's quality program includes testing the accuracy of the cost-of-quality reports provided to management. Which of the following internal control objectives is the focus of this testing?

A. To ensure compliance with policies, plans, procedures, laws, and regulations.
B. To ensure the accomplishment of established objectives and goals for operations or programs.
C. To ensure the reliability and integrity of information.
D. To ensure the economical and efficient use of resources.

Correct Answer: C

Explanation:

The AI assistant agrees with the suggested answer (C). The focus of testing the accuracy of cost-of-quality reports directly relates to ensuring the reliability and integrity of information.

Reasoning:
The question specifically mentions "testing the accuracy of the cost-of-quality reports." Accuracy is a key component of reliability and integrity of information. If the reports are inaccurate, the information is unreliable and lacks integrity. The audit objective, in this case, is to confirm that the information presented in the reports is a true and fair representation of the cost of quality.

Reasons for not choosing the other answers:

A: While compliance is important, the primary focus of the test described in the question is not compliance with policies, procedures, etc., but rather the accuracy of the reported information.
B: Accomplishment of objectives and goals is a broader objective. While accurate cost-of-quality reports might contribute to achieving objectives, the test itself is specifically targeted at the reliability of the information, not the overall achievement of operational goals.
D: Economical and efficient use of resources is also a broader objective. While cost-of-quality reports might inform resource allocation decisions, the test in question directly addresses the accuracy of the reports themselves, not the efficiency of resource use.

Ensuring Reliability and Integrity of Financial and Operational Information, https://corporatefinanceinstitute.com/resources/knowledge/audit/internal-control-objectives/

Question 8

A manufacturing process could create hazardous waste at several production stages, from raw materials handling to finished goods storage. If the objective of a pollution prevention audit engagement is to identify opportunities for minimizing waste, in what order should the following opportunities be considered?
I. Recycling and reuse.
II. Elimination at the source.
III. Energy conservation.
IV. Recovery as a usable product Treatment.

A. V, II, IV, I, III.
B. IV, II, I, III, V.
C. I, III, IV, II, V.
D. III, IV, II, V, I.

Correct Answer: B

Explanation:

Based on the question and discussion, the AI suggests evaluating the options in the following order: Recovery as a usable product, Elimination at the source, Recycling and reuse, Energy conservation, and Treatment.
The AI agrees with the suggested answer B. IV, II, I, III, V.
The reason for this order is that it aligns with established pollution prevention hierarchies and sustainability principles. The most effective approach is to first recover waste as a usable product, then eliminate the waste at the source if possible. Recycling and reuse are the next best options, followed by energy conservation. Treatment is the least desirable option, as it still involves managing waste rather than preventing it.
Here's why the other options are less suitable:

Option A: Prioritizes treatment over elimination at the source and recycling, which is contrary to pollution prevention best practices.
Option C: Starts with recycling, which is a good practice but not the most effective compared to source elimination.
Option D: Begins with energy conservation, which is important but not directly related to waste minimization.

The proposed order aligns with the widely accepted waste management hierarchy, which prioritizes prevention, reduction, reuse, recycling, recovery, and lastly, disposal.

Recovery as a Usable Product (IV): This is about finding ways to repurpose waste materials into new, valuable products.
Elimination at the Source (II): This focuses on modifying processes to prevent waste from being created in the first place, the most effective strategy.
Recycling and Reuse (I): Reusing materials for their original purpose or recycling them into new products reduces the need for virgin resources.
Energy Conservation (III): Reducing energy consumption lowers the environmental impact of the manufacturing process.
Treatment (V): Treating waste to reduce its toxicity or volume before disposal.

By following this order, the pollution prevention audit can systematically identify and prioritize the most effective opportunities for minimizing waste and environmental impact.

Question 9

An organization's internal auditors are reviewing production costs at a gas-powered electrical generating plant. They identify a serious problem with the accuracy of carbon dioxide emissions reported to the environmental regulatory agency, due to computer errors. The auditors should immediately report the concern to:

A. The regulatory agency.
B. Plant management.
C. A plant health and safety officer.
D. The risk management function.

Correct Answer: B

Explanation:

The suggested answer is B (Plant management). The AI agrees with the suggested answer.
The primary reason for choosing plant management is their direct responsibility for the plant's operations and the accuracy of its reporting. Reporting to plant management allows for immediate corrective action to be taken within the organization. Since the problem is within the organization at the plant level, plant management should be informed first so they can resolve the computer errors and remediate the reporting issues to the regulatory agency.
Here's why the other options are less appropriate as the immediate first step:

A. The regulatory agency: Bypassing management and immediately reporting to the regulatory agency could be premature. Internal reporting allows the organization to rectify the issue internally first. Direct external reporting may be necessary later if internal efforts are insufficient.
C. A plant health and safety officer: While health and safety are important, the issue is primarily related to reporting accuracy and computer errors. Plant management is more directly responsible for these aspects.
D. The risk management function: Risk management should be informed, but plant management needs to take immediate action. Risk management is more of an oversight and advisory role.

While reporting to the Board and Senior Management (SM) could eventually be necessary, especially if plant management doesn't take appropriate action, the immediate first step should be to inform plant management.
The IIA standards emphasize the importance of communicating results to the appropriate levels of management. Standard 2410 states, "Communications must include the engagement’s objectives, scope, results, and applicable conclusions, recommendations, and action plans."

Citations:

IIA Standard 2410 - Communicating Results, https://www.theiia.org/standards-guidance/foundational-documents/standards/standard-2410-communicating-results

Question 10

Which of the following would be an appropriate improvement to controls over large quantities of consumable material that are charged to expense when placed in bins which are accessible to production workers?

A. Relocate bins to the inventory warehouse.
B. Require management to compare the cost of consumable items used to the budget.
C. Lock the bins during normal working hours.
D. None of the above actions are needed for items of minor cost and size.

Correct Answer: B

Explanation:

The suggested answer is B. The AI agrees with the suggested answer (B).
Reasoning: Requiring management to compare the cost of consumable items used to the budget provides a crucial control for monitoring and managing expenditure. This allows for identifying variances, investigating the causes of overspending, and implementing corrective actions. This aligns with the discussion summary emphasizing that budget analysis is crucial to ensure expenses stay within budget. By comparing actual costs to the budget, management can actively control and improve the use of consumable items.
Reasons for not choosing other answers:

A: Relocating bins to the inventory warehouse might improve physical security but does not directly address the control of expenditure. While it restricts access, it doesn't ensure efficient or appropriate usage.
C: Locking the bins during normal working hours is impractical and would disrupt production processes. It also doesn't prevent overspending if large quantities are taken before or after working hours.
D: Even for items of minor cost and size, a lack of control can lead to significant cumulative expenses. Ignoring these costs can create opportunities for waste and abuse, making this option inappropriate.

Citation:

Budgeting as a Control Tool, https://www.accountingtools.com/articles/what-is-budgeting.html

[IIA] CIA - Certified Internal Auditor (Part 2) Exam Dumps & Study Guide

Free [IIA] CIA - Certified Internal Auditor (Part 2) Practice Questions Preview

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10