IIA-CHAL-QISA IIA Exam Questions and Free Practice Test

Question 7

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

A. A monitoring process

B. A risk assessment process.

C. A strategic objective-setting process.

D. An information and communication process

Correct Answer:B
✑ Risk Assessment Process: A risk assessment process is essential for identifying, analyzing, and managing risks that could prevent the achievement of objectives. It is a critical component in developing an effective system of internal controls.
✑ COSO Framework: The Committee of Sponsoring Organizations (COSO) Internal Control Framework outlines risk assessment as a fundamental part of internal control systems.
✑ Other Preconditions:
:
COSO Internal Control Framework.

Question 8

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

A. The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment

B. The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C. The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms

D. The internal audit activity will ensure equipment downtime risks have been managed in accordance with the internal policy.

Correct Answer:B
Non-Assurance Engagements: Non-assurance engagements focus on advisory and consulting services rather than providing an independent assessment. These engagements aim to add value by offering insights and recommendations to management. Objective Characteristics:
✑ Informing Management: Providing information on potential risks and advising on
risk management strategies is typical for non-assurance engagements. This helps management make informed decisions and manage risks effectively.
✑ Assessment and Compliance: Options A, C, and D are more aligned with
assurance engagements, where the internal audit activity provides an independent assessment or ensures compliance with policies and procedures.
IIA Guidance:
✑ Standard 2120 – Risk Management: Internal auditors must evaluate and contribute to the improvement of risk management processes, often through advisory services in non-assurance roles.
References:
✑ Non-assurance engagements focus on informing and advising management about risks, improvements, and strategic decisions, as exemplified by informing management about risks related to moving the data warehouse to a third-party cloud server.

Question 9

Which of the following best demonstrates that the internal audit activity is using due professional care?

A. The internal audit activity reports directly to the board on the engagements it performs.

B. Internal auditors undertake the necessary training to complete their audit work.

C. The completion of engagements is based on the assumption that fraudulent activities may exist.

D. Internal auditors consider the use of technology-based audit and other data analysis techniques

Correct Answer:D
Demonstrating due professional care involves using appropriate technology and data analysis techniques to enhance the audit's effectiveness and efficiency. These tools help auditors identify anomalies, trends, and potential areas of risk more accurately and timely, reflecting a higher standard of care in their audit activities.
References:
✑ "Auditing Standards and Guidelines," which emphasize the importance of using advanced techniques in audit processes.

Question 10

The internal audit activity plans to assess the effectiveness of management??s self- assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

A. Review corporate policies and board minutes for examples of risk discussions.

B. Conduct interviews with line and senior management on current practices.

C. Research and review relevant industry information concerning key risks.

D. Observe and test control and monitoring procedures and related reporting.

Correct Answer:D
To assess the effectiveness of management??s self-assessment activities regarding the risk management process, internal auditors should directly observe and test the control and monitoring procedures.
This hands-on approach allows auditors to verify the implementation and functionality of risk management controls and the accuracy of related reporting.
Direct observation and testing provide the most reliable evidence of the effectiveness of these procedures

Question 11

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

A. Determine process outputs

B. Determine process inputs.

C. Determine process activities.

D. Determine process goals

Correct Answer:C
Once an internal auditor has identified a business process, the next step is to understand the specific activities involved in that process. This includes mapping out each step or
action taken within the process to gain a detailed understanding of how it operates. Identifying process activities helps in evaluating the efficiency, effectiveness, and potential risks associated with the process

Question 12

According to IIA guidance, which of the following statements is true regarding audit workpapers?

A. Review notes on audit workpapers must be retained to provide a record of questions raised by the reviewer.

B. Audit workpaper documentation policies are reviewed and approved by the audit committee.

C. Management of the department being audited should review the prepared workpapers for accuracy.

D. Audit workpaper preparation contributes to the professional development of the internal audit staff.

Correct Answer:D
Audit workpapers are essential documents that provide evidence of the audit work performed and the conclusions reached.
✑ Option A: While review notes can be useful, they do not need to be retained if they
do not add value to the audit evidence.
✑ Option B: Audit workpaper documentation policies are typically established by the internal audit department, not reviewed or approved by the audit committee.
✑ Option C: Management should not review the workpapers for accuracy as this could compromise the independence of the audit.
✑ Option D: Preparing workpapers helps auditors document their work thoroughly, facilitating learning and professional development.

START IIA-CHAL-QISA EXAM