IIA-CIA-Part1 Practice Test

Risk assessments are valuable to the internal audit activity's planning process because they assist in:

A.

Eliminating all areas with low risk from the audit plan.

B.

Educating management on the importance of keeping the internal audit activity informed
of organizational changes.

C.

Identifying the audit universe or auditable activities that need to be reviewed.

D.

Identifying risks that management and the internal auditors have overlooked.

The chief commodity trader for a large energy company learns from a friend that a
competitor will likely fail its upcoming regulatory audit and will be forced to temporarily
decrease production. If the information is true,the trader has short-term opportunities to
make trades that will financially benefit the trader's company and will lead to a substantial
increase in the trader's performance bonus. However,if the information is not true,making
the trades will significantly increase the company's risk of being caught in a long position.
From an ethical perspective,which of the following would be the most appropriate course of
action for the trader to take?

A.

Make the trade because the company and the trader will both benefit.

B.

Have another trader on staff make the trade in order to avoid a conflict of interest.

C.

Disclose the information to the risk oversight committee but proceed with the trade to capitalize on the opportunity.

D.

Defer the decision to management and risk the loss of the trading opportunity.

All of the following would normally be involved in preparing for and carrying out the internal
audit activity's annual plan except:

A.

Establishing policies and procedures for workpapers and referencing.

B.

Providing periodic activity reports to the audit committee on audit engagements in progress.

C.

Assessing the amount of risk in major departments.

D.

Training audit staff on appropriate audit methodologies for addressing any newly identified risks.

Noncompliance with which of the following would cause a control deficiency related to
privacy protection practices?
I.An organization's internal privacy policies.
II.Financial accounting standards.
III.Privacy laws and regulations.
IV.The Standards.

A.

I and IIIonly

B.

II and IVonly

C.

II,III,and IVonly

D.

I,II,III,and IV.

A chief audit executive would most likely use risk assessment for audit planning because it provides:

A.

A systematic process for assessing and integrating professional judgment about
probable adverse conditions.

B.

A listing of potentially adverse effects on the organization.

C.

A list of auditable activities in the organization.

D.

The probability that an event or action may adversely affect the organization.