IIA Updated IIA-CIA-Part2 Exam Questions and Answers by kaiden

The most important determinant of the objectives and scope of assurance engagements is the preliminary risk assessment performed by internal auditors. This assessment identifies the key risks that the engagement should address and ensures that the audit is focused on areas of highest risk and significance to the organization. While organizational charts, business objectives, and management requests are important inputs, the internal auditors' preliminary risk assessment ensures that the audit addresses the most critical areas. References:

The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), specifically Standard 2210 - Engagement Objectives.

The IIA’s Practice Guide on Engagement Planning.

The most appropriate approach for internal audit activity to follow up on management action plans is to create a tracking system. This ensures that follow-up activities are systematically monitored and documented. Such a system can track the status of action plans, provide reminders for due dates, and record progress updates, thus ensuring that management's corrective actions are implemented and effective. Regular monitoring and tracking are essential to verify that issues identified in audits are addressed in a timely manner.

References:

Institute of Internal Auditors (IIA) Standards: Implementation Standards 2500 – Monitoring Progress

COSO Framework: Monitoring Activities Component

When documenting findings from a nonstatistical sample, internal auditors should record the factual observations and quantify the results where possible. In this case, the auditor should document that 17% of the sampled accounts receivable balances exceeded the approved unsecured credit limit. This provides a clear, quantifiable basis for the finding, which is critical for accurate reporting and for management to understand the scope of the issue. Documenting this percentage also supports the auditor's conclusions and recommendations for corrective actions.

References:

The Institute of Internal Auditors (IIA) Practice Guide: Audit Sampling.

IIA Standard 2310 - Identifying Information

The most appropriate course of action for the CAE is to evaluate the robustness and feasibility of the management's action plan to address the identified weaknesses. The CAE should monitor the implementation progress, key dates, and deliverables to ensure that corrective actions are on track and will effectively mitigate the risks within the stipulated timeline. References: = IIA Standard 2500 - Monitoring Progress.