IIA Updated IIA-CIA-Part2 Exam Questions and Answers by zidan

According to IIA guidance, the internal audit activity (IAA) can evaluate risk management processes without the need for safeguards. This activity aligns with the internal auditors' role in providing assurance on the effectiveness of the risk management process. Coaching management (Option A) and developing risk management strategies (Option B) involve direct participation in management functions, which could impair objectivity and require safeguards. Facilitating the identification and evaluation of risks (Option C) might also involve a degree of management participation that could compromise independence without proper safeguards. References: IIA Standard 2120 – Risk Management, IIA Practice Guide – Assessing the Adequacy of Risk Management Processes

Detective controls are designed to identify and detect errors or fraud after they have occurred. Receipts for employee expenses serve as a detective control by providing evidence of transactions, enabling verification and review of expenses to identify any fraudulent or unauthorized activities. Awareness of prior incidents of fraud (Option A) is more of a preventive control, contractor non-disclosure agreements (Option B) are preventive controls to mitigate risks of information leakage, and verification of currency exchange rates (Option C) is more of a transaction control. References: IIA Glossary – Detective Controls, COSO Framework

According to the IIA Standards, particularly Standard 2500 - Monitoring Progress, internal auditors are responsible for monitoring the disposition of results communicated to management. They need to assess whether management has taken appropriate action to address audit findings or has consciously accepted the risk of not taking action. The follow-up process is crucial to ensure that identified risks are managed effectively. References: = IIA’s Standard 2500 - Monitoring Progress and Practice Guide on Follow-up Processes.

For a consulting engagement, planning typically occurs after the engagement objectives and scope have already been determined. In consulting engagements, the objectives and scope are usually agreed upon with the client at the outset, and planning activities then focus on how to achieve these objectives within the defined scope.

IIA Standards: 2010 - Planning

IIA Practice Guide: Consulting Services