IIA-CHAL-QISA IIA Exam Questions and Free Practice Test

Question 19

Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?
* 1. Ensure encryption keys meet ISO standards.
* 2. Determine whether an independent review of the service provider's operation has been conducted.
* 3. Verify that the service provider's contracts include necessary clauses.
* 4. Verify that only public-switched data networks are used by the service provider

A. 1 and 3.

B. 1 and 4

C. 2 and 3.

D. 2 and 4.

Correct Answer:C
When conducting a review of an electronic data interchange (EDI) application provided by a third-party service, the internal auditor should ensure several key aspects to maintain security and compliance:
✑ Independent Review of Service Provider: Determine whether an independent
review of the service provider's operations has been conducted. This review helps ensure that the service provider meets necessary standards and maintains adequate controls.
✑ Contractual Clauses: Verify that the service provider's contracts include necessary
clauses. These clauses should cover aspects like data security, confidentiality, compliance with standards, and performance metrics.
Ensuring encryption keys meet ISO standards and verifying the use of public-switched data networks are important but are more specific technical controls that might be part of broader reviews. The focus here should be on independent verification and robust contractual agreements

Question 20

An internal auditor discovered fraud while performing an audit of an organization's procurement process. Which of the following describes the greatest benefit of using forensic auditing techniques in this scenario?

A. Enhanced capability to prevent frauds from occurring.

B. Greater assurance that procurement frauds will be detected in a timely manner

C. Improved capability of evaluating fraud risks within the organization.

D. Greater understanding of fraud through better evidence collection

Correct Answer:D
Forensic auditing techniques provide a systematic approach to collecting and analyzing evidence related to fraud. The primary benefit of these techniques is the enhanced ability to gather comprehensive and detailed evidence, which leads to a greater understanding of how the fraud occurred and who was involved. This detailed evidence collection supports legal proceedings and helps in identifying control weaknesses that need to be addressed to prevent future frauds.
References:
✑ "Forensic Auditing: Principles and Practices," which outlines the importance of evidence collection in understanding and combating fraud.

Question 21

Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor's most appropriate next step?

A. Immediately notify management of the area under review and the other internal auditors involved in the engagement

B. Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C. Fully document in the workpapers the evidence that has been discovered and recommendappropriate controls to address the fraud

D. Provide the evidence that was discovered to local lav/ enforcement for possible prosecution of the suspected fraud

Correct Answer:B
IIA Standards on Fraud:
✑ Standard 2120 – Risk Management: Internal auditors must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.
✑ Immediate Response: When evidence of fraud is discovered, the internal auditor must ensure that appropriate actions are taken promptly.
Next Steps for Internal Auditor:
✑ Consult with Supervisor: The internal auditor should discuss the findings with the engagement supervisor. This ensures that the situation is assessed by a more experienced individual who can determine the next steps, including the need for specialized fraud investigation resources.
✑ Specialized Expertise: Determining whether fraud investigation experts are needed is crucial for handling the matter appropriately, as they possess the necessary skills to investigate complex fraud cases.
Documenting Evidence:
✑ While documenting the evidence and recommending controls is important (Option C), the immediate step should involve consultation with the supervisor to decide on the investigation approach.
✑ Notifying management directly (Option A) or law enforcement (Option D) should follow internal protocols and often occur after consultation with the supervisor and possibly higher-level approvals.
References:
✑ Engaging the engagement supervisor ensures that the appropriate steps are taken to investigate the fraud properly, aligning with professional standards and ensuring a thorough investigation.

Question 22

According to IIA guidance, which of the following statements is true regarding due professional care?

A. Internal auditors must exercise due professional care to ensure that all significant risks will be identified.

B. Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.

C. Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist.

D. Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost

Correct Answer:B
Due professional care is a critical concept in internal auditing, ensuring that auditors conduct their work with the necessary diligence and competence.
✑ Definition and Standards:According to the IIA??s International Standards for the
Professional Practice of Internal Auditing (Standards), specifically Standard 1220 – Due Professional Care, internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.
Reference:Standard 1220 emphasizes that internal auditors must consider the extent of work needed to achieve the engagement's objectives and the cost of assurance in relation to potential benefits.
Expectation of Competence:The standard requires auditors to use their professional judgment and to exercise the level of skill and care that a reasonably prudent internal auditor would use in similar circumstances.
Practical Example:This includes evaluating the nature and complexity of the engagement, the adequacy and effectiveness of risk management, and control processes relevant to the engagement.
Comprehensive, Not Excessive:While due professional care involves being thorough, it does not mandate exhaustive procedures such as those implied in options A and C.
Clarification:Option A overstates the requirement by implying that all significant risks must be identified, which is not always feasible.
Clarification:Option C misinterprets due professional care by suggesting that extensive examinations and verifications to ensure fraud does not exist are always necessary, which is beyond the typical scope of many audits.
Cost vs. Benefit in Consulting:Option D refers to consulting engagements and the consideration of benefits over cost, which is a part of due professional care but does not capture the comprehensive expectation of care and skill.
Clarification:Due professional care in consulting engagements is about balancing benefits and costs but also involves ensuring quality and thoroughness appropriate to the engagement's objectives.
Conclusion:The correct answer is B, as it accurately reflects the IIA??s guidance that internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.

Question 23

A multinational organization has multiple divisions that sell their products internally to other divisions When selling internally, which of the following transfer prices would lead to the best decisions for the organization?

A. Full cost

B. Full cost plus a markup.

C. Market price of the product.

D. Variable cost plus a markup.

Correct Answer:C
Using the market price of the product for internal transfer pricing leads to the best decisions for the organization because it reflects the true economic value of the goods or services being transferred. This method promotes efficiency and fairness within the divisions.
✑ Economic Value: Market price reflects the true economic value, ensuring that the internal transactions are conducted at fair and competitive prices.
✑ Performance Measurement: It provides a consistent basis for evaluating the
performance of different divisions, as they are measured against external market conditions.
✑ Resource Allocation: Helps in optimal allocation of resources by ensuring that
internal transactions are economically justified and comparable to external transactions.
References:
✑ "Management Accounting: Principles and Practices," which discusses the advantages of using market-based transfer pricing .

Question 24

Which of the following is most likely to be considered a control weakness?

A. Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B. Purchase orders are typed by the purchasing department using prenumbered forms

C. Buyers promptly update the official vendor listing as new supplier sources become known.

D. Department managers initiate purchase requests that must be approved by the plant superintendent

Correct Answer:C
A control weakness occurs when there is a deficiency in internal controls that could allow errors or fraud to occur. While the act of buyers promptly updating the vendor listing might seem efficient, it could bypass necessary oversight and approval processes. This could lead to unauthorized or inappropriate vendors being added, increasing the risk of fraud or favoritism. Effective internal control requires that such updates be reviewed and approved by an independent party to ensure accuracy and appropriateness.
: Best practices in internal control recommend segregation of duties and independent
review processes to prevent unauthorized changes and ensure control integrity.

START IIA-CHAL-QISA EXAM