IIA-CHAL-QISA IIA Exam Questions and Free Practice Test

Question 31

Which of the following best describes the internal audit activity's responsibility within a risk and control framework?

A. The internal audit activity constitutes the first line of defense in effective risk management.

B. The internal audit activity provides direction regarding internal controls implementation.

C. The internal audit activity verifies that management has met its responsibility for implementing effective controls.

D. The internal audit activity implements the internal control framework and advises management regarding best practices

Correct Answer:C
✑ Introduction:
✑ Responsibilities of Internal Audit:
✑ Options Analysis:
✑ Conclusion:
:
Internal Audit Standards and Practice Guides .

Question 32

Which of the following internal audit activities is performed in the design evaluation phase?

A. The internal auditor reviews prior audits and workpapers

B. The internal auditor identifies the controls over segregation of duties.

C. The internal auditor checks a process for completeness.

D. The internal auditor communicates the audit results to management

Correct Answer:B
To determine which internal audit activity is performed in the design evaluation phase, it's essential to understand what each phase in the audit process entails. The design evaluation phase involves assessing whether the design of controls is adequate to mitigate risks to acceptable levels.
✑ Option A: The internal auditor reviews prior audits and workpapers.
✑ Option B: The internal auditor identifies the controls over segregation of duties.
✑ Option C: The internal auditor checks a process for completeness.
✑ Option D: The internal auditor communicates the audit results to management.
Reference:
According to the Institute of Internal Auditors (IIA) Standards and the guidelines in the IPPF (International Professional Practices Framework), during the design evaluation phase, internal auditors assess the adequacy of control designs. This includes evaluating whether controls like segregation of duties are properly designed to mitigate identified risks. Identifying controls over segregation of duties is a fundamental aspect of assessing the adequacy of the control environment and its design to ensure it can effectively prevent and detect errors and fraud.

Question 33

A multinational organization has asked the internal audit activity to assist in setting up the organization's risk management system The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

A. Coordinate and facilitate risk workshops for management to attend

B. Establish the degree of risk appetite for management to accept.

C. Set risk Indicators and mitigation plans for management to Implement.

D. Determine the number of significant risks for management to report to the board

Correct Answer:A
Role of CAE as Consultant: The chief audit executive (CAE) can act as a consultant to help management establish a risk management system. Their role should be facilitative rather than directive, ensuring that management owns the risk management process. Appropriate Tasks:
✑ Risk Workshops: Coordinating and facilitating risk workshops (option A) helps
management identify and assess risks, allowing them to develop appropriate responses. This is a suitable task for the CAE.
✑ Risk Appetite and Indicators: Establishing risk appetite (option B) and setting risk
indicators and mitigation plans (option C) are management's responsibilities.
✑ Reporting Risks: Determining the number of significant risks to report (option D) should also be a management function.

Question 34

A bicycle manufacturer incurs a combination of fixed and variable costs with the production of each bicycle. Which of the following statements is true regarding these costs?

A. if the number of bicycles produced is increased by 15 percent, the variable cost per unit will increase proportionally

B. The fixed cost per unit will vary directly based on the number of bicycles produced during the production cycle.

C. The total variable cost will vary proportionally and inversely with the number of bicycles produced during a production run.

D. if the number of bicycles produced is increased by 30 percent, the fixed cost per unit will decline.

Correct Answer:D
✑ Introduction:
✑ Cost Characteristics:
✑ Options Analysis:
✑ Conclusion:
:
Cost Accounting Standards and Practices .

Question 35

Applying ISO 31000; which of the following is part of the external context for risk management?

A. Risk treatment method based on risk evaluation.

B. Organizational culture, objectives, and processes.

C. The regulatory and competitive environment.

D. The method of determining the risk level

Correct Answer:C
✑ ISO 31000 Context:ISO 31000 provides guidelines on risk management, emphasizing the importance of understanding the external context.
✑ External Context:This includes external factors such as regulatory and competitive environments that can impact the organization??s risk profile.
✑ Regulatory Environment:Understanding regulations helps the organization ensure compliance and avoid legal risks.
✑ Competitive Environment:Analyzing the competitive environment allows the organization to anticipate market changes and manage competitive risks.
References:
✑ ISO 31000 Risk Management Guidelines.

Question 36

Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?

A. Cost-benefit analysis of management not implementing a recommendation to address an observation.

B. Inquiry of corrective action to be completed within a certain period

C. Reporting the status of every observation for every engagement in a detailed manner.

D. Soliciting management's feedback after completion of the audit engagement.

Correct Answer:A
Performing a cost-benefit analysis when management decides not to implement a recommendation is a prime example of residual risk assessment. This involves evaluating the potential impacts and remaining risks associated with the decision, thereby determining the residual risk that the organization will continue to face.
✑ Cost-Benefit Analysis: This helps in understanding the financial implications and
benefits that would have been realized had the recommendation been implemented versus the risks of not implementing it.
✑ Risk Assessment: By assessing the residual risk, the CAE can provide a clearer
picture of the ongoing risks that the organization needs to manage.
✑ Management Decision Impact: This analysis assists in making informed decisions and understanding the trade-offs involved in addressing audit observations.
References:
✑ "Audit and Assurance Services: An Integrated Approach," which explains residual risk assessment and the importance of cost-benefit analysis in audit recommendations .

START IIA-CHAL-QISA EXAM