IIA-CIA-Part2 Exam Dumps - Practice of Internal Auditing

According to the CIA Exam syllabus, internal auditors must design and perform procedures that provide sufficient, reliable, relevant, and useful information (Standard 2310). Simply visually confirming equipment on-site does not confirm ownership; it only establishes physical existence. Ownership requires review of purchase invoices, titles, or registration documents.

The other procedures listed (vouching checks, reconciling invoices with shipping documents, and recalculating allowances) are appropriate and provide reliable audit evidence. Option A would therefore be questioned, as it does not sufficiently address the stated audit objective of ownership verification.

Given the urgency and the lack of internal expertise in forensic investigation, the most effective and immediate solution is to outsource the investigation to independent professional consultants. This approach ensures that the investigation is conducted by individuals with the necessary skills and experience, thereby maintaining the integrity and quality of the investigation. Training internal staff or recruiting new auditors would take time and may not address the immediate need, while declining the engagement would not fulfill the audit committee's request. References:

"Internal Auditing: Assurance & Advisory Services" (The Institute of Internal Auditors)

"Forensic Accounting and Fraud Investigation for Non-Experts" (Howard Silverstone and Michael Sheetz)

According to Implementation Guidance on Independence and Objectivity (Standard 1110), internal auditors may serve in advisory roles as long as they avoid assuming management responsibility. If the CAE assigns a representative to a sensitive steering committee, the choice should be based on relevant expertise and experience to add value without compromising independence. Option D is correct: selecting an auditor with prior experience in mergers or due diligence ensures competence while maintaining objectivity.

Options A and B confuse the role of the auditor with gathering intelligence or strategy promotion. Option C is incorrect, as participation does not require only the CAE.

The chief audit executive (CAE) should meet with the chief IT officer to discuss the incident, the investigation, and any control improvements that will be implemented (1). Additionally, developing an appropriate audit program with the IT auditor to review the organization’s Internet-based sales process and key controls (3) is a proactive approach to ensure future incidents are prevented and to enhance the organization's security posture. References: = IIA Standard 2120 - Risk Management and IIA Standard 2201 - Planning Considerations.

The primary reason the CAE should actively network and build relationships with senior management and the board is to fulfill their responsibility to keep the board appropriately informed. This is crucial for ensuring that the board has a clear understanding of the risks, control issues, and internal audit findings that may impact the organization.

IIA References:

IIA Standard 2060: Reporting to Senior Management and the Board requires the CAE to report periodically to senior management and the board on the internal audit activity's purpose, authority, responsibility, and performance relative to its plan. The CAE must also communicate significant risk exposures and control issues.

The IIA Practice Guide on Effective Communication with Stakeholders highlights the importance of regular and effective communication between the CAE, senior management, and the board to ensure transparency and alignment on key issues.