← Back to exam page

IIA-CIA-Part1 Certified Internal Auditor - Part 1, The Internal Audit Activity's Role in Governance, Risk, and Control

Loading demo links...

Showing 13–15 of 20 questions

Question 13 (Volume D)

A member of the IT department transfers to the internal audit department. A few months after transferring, the new auditor volunteers to assist in an assurance engagement for the IT department. According to the Standards, how should the chief audit executive respond?

Select an option, then click Submit answer.

  • Decline the offer because the internal auditor subordinated professional judgment, and objectivity is therefore impaired.

  • Decline the offer because the internal auditor recently transferred from the IT department.

  • Accept the offer because the internal auditor maintains an independent mental attitude and is therefore objective.

  • Accept the offer because the internal audit charter grants the internal auditor authority to maintain objectivity.
Question 14 (Volume C)

Which of the following statements best describes the competency requirement for an auditor regarding fraud risks encountered in an engagement execution?

Select an option, then click Submit answer.

  • The auditor should be able to have comparable competencies of a person whose primary responsibility is detecting and investigating fraud.

  • The auditor must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization.

  • The auditor is not expected to have any competency requirement regarding fraud since the role of investigating and detecting fraud belongs to other functions in the organization.

  • The auditor must be able to have an appreciation of the fundamentals of fraud detection and investigation techniques.

Question 15 (Volume E)

What type of risk management strategy is being employed when an organization installs two firewalls to provide protection from unauthorized access to the network?

Select an option, then click Submit answer.

  • Diversifying the risk that network access will not be available to legitimate, authorized users.

  • Accepting the risk that there may be attempts at unauthorized access to the network.

  • Avoiding the risk of having a direct network connection to un-trusted networks.

  • Sharing the risk that either firewall could be compromised by hackers.