IIA Updated IIA-CIA-Part2 Exam Questions and Answers by warren

Stratified sampling is a technique that involves dividing a population into subgroups (strata) that share similar characteristics and then taking a sample from each subgroup. In the context of testing purchase transactions by different procurement officers, the transactions can be stratified based on the officers, ensuring that the audit team selects a sample that represents each officer's transactions. This method helps in achieving a more accurate and reliable assessment of the procurement process across all officers.References:

The Institute of Internal Auditors (IIA), Practice Guide on Sampling

"Auditing and Assurance Services: An Integrated Approach" by Alvin A. Arens, Randal J. Elder, Mark S. Beasley

Discovery sampling is typically used when an internal auditor wants to test a large sample for fraud. This technique is particularly effective for identifying instances of fraud or other irregularities in a population. Discovery sampling is designed to detect at least one occurrence of an attribute, such as fraud, within the sampled population if it exists. It is particularly useful when the occurrence rate of the fraud is expected to be low.

References:

IIA Practice Guide: Sampling in Internal Auditing

IIA Standards: 2320 - Analysis and Evaluation

If a control is found to be poorly designed during the planning stage, testing its operating effectiveness becomes redundant because even a well-implemented but poorly designed control will not achieve its intended objectives. The primary focus should be on redesigning the control to ensure it is effective in mitigating risks. Therefore, the auditor should not have proceeded to test the operational effectiveness of a control that was already deemed poorly designed.References:

The Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards)

"Auditing: A Risk-Based Approach to Conducting a Quality Audit" by Karla M. Johnstone et al.

When the rate of deviations discovered in the sample equals the tolerable deviation rate, it means that the control is functioning at the level deemed acceptable by the auditor's predefined criteria. This does not necessarily imply that the control is flawless, but rather that its effectiveness meets the minimum standards set by the audit plan. Therefore, the internal auditor can conclude that the control is acceptably effective, but should also note the potential need for improvement.References:

The Institute of Internal Auditors (IIA) - Standards for the Professional Practice of Internal Auditing, Standard 2320 - Analysis and Evaluation

COSO Framework - Control Activities