IIA Updated IIA-CIA-Part2 Exam Questions and Answers by ziggy

When internal controls are weak, it is important for the auditor to rely less on the internal controls and instead perform more substantive testing. Detail testing involves examining a larger number of individual transactions or balances to gather sufficient evidence about the accuracy and completeness of financial records. This method is appropriate because it does not rely on the effectiveness of internal controls, which are known to be weak in this scenario. References:

The IIA’s Standards and Practice Advisories, specifically focusing on audit procedures and responses to weak internal controls.

According to IIA guidance, the chief audit executive (CAE) is directly responsible for establishing the objectives, scope, and plan for each engagement. This responsibility ensures that each audit is properly focused and aligned with the overall goals and risk areas of the organization. While maintaining a quality assurance program and providing professional development opportunities are important, they are not solely the CAE's responsibility without management support. Periodic review and approval of the internal audit charter is typically a joint responsibility with senior management and the board. References:

The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2010 - Planning.

The IIA’s Practice Guide on Developing the Internal Audit Plan.

An internal control questionnaire (ICQ) is a commonly used tool in the assessment of entity-level controls. It is a structured set of questions that auditors use to gather information about the controls in place within an organization. However, while this method can be efficient for gathering broad-based information, it has certain limitations, one of the most significant being that the information obtained can be repudiated.

Repudiation refers to the possibility that the information provided by respondents can be denied or questioned later. This is a key drawback because the responses in an ICQ are typically self-reported and may not be fully accurate or reliable. Respondents may either misunderstand the questions or provide answers that are overly optimistic, biased, or not fully truthful. This can compromise the reliability of the evidence gathered through this method.

IIA References:

According to IIA's International Professional Practices Framework (IPPF), particularly in the Implementation Guides that accompany the Standards, internal auditors are encouraged to use various techniques for gathering evidence to ensure the completeness, accuracy, and reliability of the information. The guide cautions that self-reported data, such as that obtained through questionnaires, should be corroborated with additional evidence.

IIA Standard 2310: Identifying Information states that internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives. The limitations of the ICQ, particularly the risk of repudiation, directly relate to the reliability of the information obtained.

Additionally, the IIA’s Practice Guide on Evaluating Internal Controls suggests that while ICQs are useful in gaining an initial understanding of control environments, they should not be relied upon as the sole source of evidence. This emphasizes the need for corroborative evidence to address the risk of repudiation.

Given these considerations, the correct answer is A. Information obtained by this method can be repudiated because the self-reported nature of ICQs inherently carries the risk of repudiation, thus questioning the reliability of the control assessment finding

To obtain a general understanding of the natural gas market, the market share the organization wants to win, and the competitive advantage the organization may have, the best source of information is to interview responsible managers and read strategic documents. Managers involved in the new line of business will have insights into the market dynamics, strategic goals, and competitive positioning. Strategic documents will provide detailed plans and objectives, giving a comprehensive understanding of the organization's approach and expectations.

References:

The Institute of Internal Auditors (IIA) Practice Guide: Business Acumen for Internal Auditors

IIA Standard 2120 - Risk Management