IIA-CIA-Part2 Exam Dumps - Internal Audit Engagement

The efficiency of an audit is greatly influenced by the adequacy of preliminary survey information. Thorough preliminary surveys help auditors understand the audit scope, identify potential issues early, and plan their work efficiently, thereby increasing overall audit efficiency. References: = IIA Practice Guide: “Engagement Planning: Establishing Objectives and Scope” and IIA Standard 2201 - Planning Considerations.

To determine if loans were granted in accordance with the organization's policies, the most effective approach is to validate a sample of loans against the applicable underwriting guidelines. This method allows the auditor to directly assess compliance with the specific criteria set out in the organization's loan granting policies, providing clear evidence on whether the loans meet the required standards.

The Institute of Internal Auditors (IIA) Practice Guide: Auditing Credit Risk Management

IIA Standard 2210 - Engagement Objectives

The primary reasons for outsourcing internal audit activities typically include accessing a wider range of skills and competencies, complementing existing expertise for specific engagements, and strengthening core audit functions. Contingency planning, while beneficial, is not a primary reason for outsourcing internal audit activities as it pertains more to risk management strategies rather than the core objectives of outsourcing. References: = IIA’s Practice Advisory 1210.A1-1: Obtaining External Service Providers to Support or Complement the Internal Audit Activity.

Comprehensive and Detailed Explanation:

The scope of an engagement defines the boundaries of the audit — what areas, functions, activities, or processes will be reviewed. In this case, the engagement’s purpose is to test adherence to the procurement policy, so the sub-processes (D) within procurement (e.g., vendor selection, purchase approvals, invoice processing) should be clearly defined in scope.

Sample size (A) and procedures (C) are part of the audit work program, not scope.

Inherent risks (B) are identified during planning but do not define scope boundaries.

Therefore, Option D is correct: defining sub-processes ensures that the audit scope is comprehensive and appropriately focused on procurement policy adherence.

The chief audit executive (CAE) is responsible for the approval of the engagement objectives and scope in internal auditing. While senior management, the head of customer service, and the board of directors may provide input and have interests in the audit engagement, it is ultimately the CAE who has the final authority to approve the objectives and scope. This ensures that the internal audit activity remains independent and that the engagement aligns with the overall audit plan and organizational priorities.

The Institute of Internal Auditors (IIA) Standard 2010 - Planning

IIA Standard 2200 - Engagement Planning

According to IIA guidance, the internal audit activity (IAA) can evaluate risk management processes without the need for safeguards. This activity aligns with the internal auditors' role in providing assurance on the effectiveness of the risk management process. Coaching management (Option A) and developing risk management strategies (Option B) involve direct participation in management functions, which could impair objectivity and require safeguards. Facilitating the identification and evaluation of risks (Option C) might also involve a degree of management participation that could compromise independence without proper safeguards. References: IIA Standard 2120 – Risk Management, IIA Practice Guide – Assessing the Adequacy of Risk Management Processes

The chief audit executive (CAE) typically performs several activities following an audit engagement, including reporting follow-up activities to senior management, implementing follow-up procedures to evaluate residual risk, and evaluating the extent of improvements. These activities are crucial to ensure that audit recommendations are properly addressed and that any residual risks are managed effectively. However, determining the costs of implementing the recommendations is not typically a responsibility of the CAE. This task is usually handled by the management of the area being audited, as they have the detailed operational knowledge necessary to accurately estimate these costs. References:

The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), specifically Standard 2500 - Monitoring Progress.

The IIA’s Practice Guide on Follow-up Processes.

Introduction:

Assurance engagements require internal auditors to maintain objectivity and avoid conflicts of interest.

Role of Internal Auditors in Assurance Engagements:

They must remain independent and not take on roles that could compromise their impartiality.

Options Analysis:

Option A: Determining the objectives, scope, and techniques can be part of their role but does not define an assurance engagement specifically.

Option B: The CAE obtaining skills or competencies personally is not a standard requirement for assurance engagements.

Option C: Not assuming management responsibilities is crucial to maintain independence and objectivity during assurance engagements.

Option D: While maintaining objectivity is important, it is not the distinguishing feature of being assigned to an assurance engagement.

Conclusion:

The key requirement indicating an internal auditor was assigned to an assurance engagement is that they must not assume management responsibilities during the engagement.

Internal Audit Standards and Practice Guides