IIA-CIA-Part1 Free Practice Test

An internal auditor is conducting an assessment of the organization's fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?
* 1. The organization uses an automated authority approval matrix to control payments.
* 2. The organization has a whistleblower hotline that is available to employees.
* 3. Annually, every manager completes a comprehensive fraud assessment of his or her department.
* 4. Annually, the organization reviews and communicates the code of expected behavior.

1. A. 1 and 2.
2. B. 1 and 3.
3. C. 2 and 3.
4. D. 2 and 4.

Correct Answer: D

A large sales organization maintains a system of internal control according to the COSO model and has updated its code of conduct. This change relates to which component of the COSO framework?

1. A. Control activities.
2. B. Information and communication.
3. C. Commitment.
4. D. Control environment.

Correct Answer: D

An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. Which of the following statements about a common risk language is true?

1. A. Management will be able to reduce inherent risk because they will have a better understanding of risk.
2. B. Internal auditors will be able to reduce their sample sizes because controls will be more consistent.
3. C. Stakeholders will have more assurance that the risks are assessed consistently.
4. D. Decision makers will understand that the likelihood of missing or ineffective controls will be reduced.

Correct Answer: C

An internal audit team is performing an audit of workplace accident claims.
Which of the following actions by the audit team best demonstrates due professional care?

1. A. Having an occupational health officer on the engagement team.
2. B. Determining that the claims have been classified properly.
3. C. Placing reliance on medical reports from the injured worker's doctor.
4. D. Reviewing claims to ensure all accidents actually occurred in the workplace.

Correct Answer: A

Which of the following documents is most appropriate in promoting the objectivity of the internal audit
activity?

1. A. Usage of IT system policy.
2. B. Risk management framework.
3. C. Acceptance of gifts policy.
4. D. Personal responsibility policy.

Correct Answer: C