Which of the following engagement supervision activities should be performed first?
Correct Answer: C
Ensuring that risks to the timely completion of the engagement are assessed should be performed first during engagement supervision activities. This initial step is crucial as it sets the foundation for the entire audit process. By identifying and assessing risks early, the audit supervisor can develop appropriate plans and strategies to mitigate these risks, ensuring that the engagement stays on track and is completed within the allocated time frame. Addressing this aspect first helps in prioritizing tasks, allocating resources effectively, and managing any potential obstacles that might delay the audit process. References: * The Institute of Internal Auditors (IIA) Standards * Internal Audit Engagement Planning and Risk Assessment Procedures
IIA-CIA-Part2 Exam Question 47
Which of the following is required to classify, label, organize, and search big data stored and used in an organization?
Correct Answer: A
Comprehensive and Detailed Explanation From Exact Extract: Metadata is data about data - it describes the content, context, and structure of information. In big data environments, metadata allows organizations to classify, label, organize, and make large datasets searchable. Data security (B) protects information, a business application (C) uses data, and a data owner (D) assigns accountability. Only metadata enables the required classification and search functionality.
IIA-CIA-Part2 Exam Question 48
During the planning stage of an assurance engagement, an internal auditor has been assigned to prepare a risk matrix. Which of the following should the internal auditor consider when attempting to identify process-level risks?
Correct Answer: B
Comprehensive and Detailed Explanation: A risk matrix maps risks based on likelihood and impact. To identify risks at the process level, the auditor should consider possible scenarios (B) that may threaten the achievement of objectives. Examples include fraud scenarios, compliance failures, or operational breakdowns. Possible controls (C) are identified after risks, as mitigations. Possible tests (A) and samples (D) relate to audit procedures, not risk identification. According to Standard 2210.A1, objectives of an engagement must consider risks, and this starts with scenario analysis. Thus, the correct choice is Option B.
IIA-CIA-Part2 Exam Question 49
Which of the following attribute sampling methods would be most appropriate to use to measure the total misstatement posted to an accounts payable ledger?
Correct Answer: B
Probability-proportional-to-size (PPS) sampling, also known as monetary unit sampling, is most appropriate for measuring the total misstatement in an accounts payable ledger. This method is used to determine the likelihood of individual items being selected based on their size, with larger items having a higher probability of being selected. This is particularly useful in identifying overstatements and misstatements in financial records, such as accounts payable, where the monetary value of transactions is a critical factor. : Institute of Internal Auditors (IIA), Practice Guide - Auditing Sampling.
IIA-CIA-Part2 Exam Question 50
During a review of the organization's waste management processes, the internal auditor discovered that wastewater is being disposed of inappropriately. The auditor's recommendations, suggested to mitigate the risk of regulatory sanctions and reputational damages, were accepted and timelines for implementation were agreed. However, during the internal audit activity's periodic follow-up exercise, management indicated that the recommendation was too expensive to implement and the current disposal method has been cost-effective. What should the chief audit executive do in this case?
Correct Answer: C
When management decides not to implement a critical recommendation, especially one related to regulatory compliance and potential reputational risk, it is essential for the chief audit executive (CAE) to escalate the issue to senior management. This step ensures that management fully understands the risks involved and can make an informed decision. * IIA Standard 2600 - Communicating the Acceptance of Risks: * This standard requires the CAE to communicate to senior management and the board when management has accepted a level of risk that the CAE believes is unacceptable. The CAE must ensure that the decision-makers are aware of the potential consequences. * Importance of Escalation: * By convening a meeting with senior management, the CAE can discuss the risks of non- compliance, including potential regulatory sanctions and reputational damage. This discussion provides an opportunity for senior management to reassess the decision in light of these risks. * IIA Practice Advisory 2600-1: * The advisory suggests that when significant risks are not being addressed by management, the CAE should communicate these concerns to higher levels of the organization. This ensures that the risks are not ignored and that appropriate action can be taken. * Option A (Do nothing): This is not appropriate, as the CAE has a responsibility to escalate significant risks. * Option B (Contact regulatory agency): This is an extreme step and should not be the first course of action. The issue should be discussed internally before involving external regulators. * Option D (Highlight to external auditors): While external auditors might need to be informed, the issue should first be addressed within the organization. Detailed Explanation:Why Not Other Options?
