IIA Updated IIA-CIA-Part2 Exam Questions and Answers by rocky

According to IIA Standards, acceptable practices for testing conformance through a quality assurance review include conducting a self-assessment with independent validation (2) and arranging for reciprocal peer review with another CAE (4). These methods provide a cost-effective and practical approach to ensuring compliance with professional standards, especially for small internal audit activities. Using an external service provider (1) and arranging for a review by qualified employees outside of the IAA (3) are also valid, but self-assessment with independent validation and peer review are specifically highlighted for smaller IAAs. References: IIA Standard 1312 – External Assessments, IIA Practice Guide – Quality Assurance and Improvement Program

When proposing interim changes to the annual audit plan due to emerging risks, the most appropriate action for the CAE is to communicate with the CEO and present the revised audit plan to the board for approval. This ensures that senior management is informed and supportive of the changes, and that the board, which holds the ultimate oversight responsibility, formally approves the revised plan. References:

The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2020 - Communication and Approval.

The IIA’s Practice Guide on Engagement Planning.

An internal auditor's primary role is to evaluate and improve the effectiveness of risk management, control, and governance processes. To test the reliability of a customer database, the auditor would focus on identifying potential issues that could affect the accuracy and completeness of the data. This involves reviewing records, reports, and conducting data analysis to identify anomalies, inconsistencies, or patterns that suggest problems with the data. This step directly assesses the reliability of the database, which is crucial for ensuring that the information is accurate and reliable.

References:

Institute of Internal Auditors (IIA) Standards: Performance Standards 2320: Analysis and Evaluation

Internal Audit Manual: Data Integrity and Database Auditing Techniques

When a key control is identified during fieldwork that was not recognized during the planning phase, it is critical to update the audit work program to include tests for this newly identified control. However, this adjustment should be made with the approval of the engagement supervisor. This ensures that the changes are properly documented and that the scope and objectives of the engagement remain aligned with the overall audit plan. Additionally, obtaining approval from the engagement supervisor maintains the integrity and oversight of the audit process.

References:

The Institute of Internal Auditors (IIA) Standard 2240 – Engagement Work Program: "Internal auditors must develop and document work programs that achieve the engagement objectives."

IIA Practice Guide on "Engagement Planning"