IIA-CIA-Part2 Exam Dumps - Practice of Internal Auditing

A. ICQs are most useful in more organic, decentralized organizations with specialized departmental or regional characteristics:ICQs are standard tools and can be used in a variety of organizational structures, not just decentralized ones.

B. An ICQ can be used effectively either by sending it in advance for management of the area under review to complete or by testing each procedure and recording the results:Correct. ICQs are versatile tools that can be used for both self-assessment by management and as part of a detailed audit procedure.

C. An ICQ is not an efficient tool, as it can only inquire about controls and it does not test them:ICQs can test controls indirectly by revealing whether they are documented and applied properly.

D. ICQs are also known as checklist audits and encourage management of the area under review to answer "no" or "yes" more accurately:ICQs are not limited to a checklist format and their value goes beyond simple yes/no answers.

CIA Exam Syllabus Reference:

Domain V: Performing Internal Audit Services – Tools for Assessing Internal Controls.

When an internal auditor discovers an issue such as a programming error allowing multiple accounts for a single address, the auditor should ensure that the corrective actions are both adequate and effective. This includes scheduling a follow-up review (1) to verify that the program has been corrected and that the accounts have been consolidated. Additionally, evaluating the adequacy and effectiveness of the corrective action proposed by management (2) is essential to ensure the issue has been resolved properly. References: = IIA Standard 2500 - Monitoring Progress and IIA Standard 2320 - Analysis and Evaluation.

A consulting engagement involves providing advice and recommendations to improve processes, controls, and efficiency.

Option A: Reviewing journal entries for accuracy and completeness.

This task is typically performed during assurance engagements, not consulting engagements, where the focus is on evaluating and verifying records.

Option B: Comparing the policies and procedures to regulatory collections guidance.

This is more aligned with compliance auditing or assurance engagements, ensuring that practices align with regulatory requirements.

Option C: Advising management on streamlining the recording of accounts receivable.

This action is typical of a consulting engagement, where the auditor provides advice and recommendations to improve business processes and efficiency.

Option D: Performing a walk-through of the debt collections process to determine whether proper segregation of duties exists.

This is an activity more typical of an assurance engagement, where the auditor evaluates the effectiveness of controls.

A risk that is deemed "unacceptable" to the organization is one where the residual risk (the remaining risk after controls are applied) exceeds the organization's risk tolerance level. This means that despite controls in place, the level of risk remains higher than what the organization is willing to accept. Identifying such risks is critical for ensuring appropriate management action to mitigate them further. References:

The IIA’s Practice Guide on Risk Management.

COSO’s Enterprise Risk Management – Integrating with Strategy and Performance.

If operational management has not implemented effective actions to address a significant control breach, the most appropriate next step for the chief audit executive is to discuss the matter with senior management. This step involves escalating the issue to a higher level of authority to ensure that the risks associated with the control breach are properly understood and addressed. If senior management fails to take appropriate action, the CAE may then escalate the issue to the board.

IIA Standard 2500: Monitoring Progress

IIA Practice Guide: Auditing Organizational Governance

Flat structures reduce hierarchical layers, increasing spans of control. With fewer supervisors overseeing more employees, the time and ability for supervision becomes limited, which is a control weakness.

Option A refers to innovation, not control implications.

Options C and D describe hierarchical or vertical structures, not flat ones.

Thus, the control implication of a flat structure is limited supervision availability (Option B).

Interim communications are used when urgent issues require immediate attention by management before the final audit report is issued (Standard 2440 – Disseminating Results).

Option A involves follow-up but does not require an interim report.

Option C is a whistleblower concern that would be investigated confidentially, not reported as an interim memo.

Option D reflects incomplete fieldwork, not a reporting need.

Option B, a material variance in inventory, represents a significant and immediate issue that requires prompt communication to management before the audit concludes.

Thus, the most appropriate situation for issuing an interim report is Option B.