CertsTopics Logo

Easter Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium IIA IIA-CRMA Dumps Questions Answers

Page: 1 / 11
Total 283 questions
Get IIA-CRMA Full Access Download IIA-CRMA PDF

Certification in Risk Management Assurance (CRMA) Exam Questions and Answers

Question 1

Management of a publicly-held organization requires the internal audit activity to be involved with quarterly financial statements, which are made public and used internally. Which of the following explanations of management's decision is least plausible?

Options:

A.

Management may be concerned about its reputation in the financial markets.

B.

Management is following best-practice protocol, as stipulated by the Standards, which states that internal auditors must review quarterly financial statements.

C.

Management may be concerned about potential penalties that could occur if quarterly financial statements are misstated.

D.

Management may perceive that having quarterly financial information examined by the internal auditors enhances the information's value to internal decision making.

Buy Now
Question 2

A computer system automatically locks a user's account after three unsuccessful attempts to log on.

Which type of control does this scenario represent?

Options:

A.

Corrective control.

B.

Preventive control.

C.

Detective control.

D.

Compensating control.

Question 3

According to the Standards, which of the following best describes why initial audit test results should be reported to the auditor-in-charge prior to advising management?

Options:

A.

It increases the likelihood of obtaining the audit client's agreement with the results.

B.

It ensures that an appropriate chain of evidence is maintained through the workpapers.

C.

It helps ensure that appropriate professional judgments and conclusions are made.

D.

It is required to demonstrate that effective engagement supervision has occurred.

Question 4

An accounts receivable clerk receives cash payments, posts the payments to customer accounts, and prepares the daily cash deposit.

The clerk has been stealing some cash and manipulating the customer payments to hide the theft.

This fraud could be detected with which of the following controls?

Options:

A.

Monthly bank reconciliations are performed by the clerk on a timely basis.

B.

Total cash deposits for the month are reconciled to the cash receipts journal.

C.

Names, amounts, and dates on remittance advices are reconciled with the names, amounts, and dates recorded in the cash receipts journal.

D.

Total cash deposits are compared with the bank reconciliation.

Question 5

Which of the following risk management activities is most appropriate for an internal auditor to undertake?

Options:

A.

Impose risk management processes.

B.

Coordinate risk management activities.

C.

Implement risk responses on management's behalf.

D.

Review the management of key risks.

Question 6

According to the IIA guidance, who is responsible for periodically assessing the internal audit activity?

Options:

A.

The board.

B.

The chief audit executive.

C.

Senior management.

D.

The external auditors.

Question 7

During an engagement, an internal auditor decided to use variance analysis as an auditing techniques. Which of the following steps should the auditor pursue if he discovers unexpected deviations of actual results from budget?

Options:

A.

Report the deviations immediately to the audit committee.

B.

Gather additional information to determine the cause of the deviations.

C.

Conclude that the budget was unreasonably set and accept the deviations.

D.

Perform alternative forms of analytical procedures which provide no deviations.

Question 8

Which type of objectives can best be described as broad goals that promote the effective and efficient use of resources?

Options:

A.

Strategic objectives.

B.

Operational objectives.

C.

Reporting objectives.

D.

Compliance objectives.

Question 9

When conducting an interview, an internal auditor is most likely to ask open-ended questions in order to:

Options:

A.

Obtain specific answers and maximize efficiency.

B.

Gather factual data on several different topics.

C.

Determine agreement or disagreement with a stated viewpoint.

D.

Obtain information based on the person's own perspective.

Question 10

While attending a conference, an internal auditor won an all-expense paid trip sponsored by a vendor of the internal auditor's organization.

Which of the following actions are most appropriate for the auditor to take?

Options:

A.

Consult with an immediate supervisor and notify the organization's audit committee.

B.

Consult with an immediate supervisor and review the organization's ethics policy.

C.

Give the prize to a friend or family member and notitfy the organization's audit committee.

D.

Give the prize to a friend or family member and review the organization's ethics policy.

Question 11

Which of the following is a valid statement about the use of visual observations during an audit engagement?

1. Visual observations can be used to detect ineffective controls, idle resources, and safety hazards.

2. Visual observations can be used during both preliminary survey and fieldwork stages of the audit engagement.

3. Visual observations can provide unsubstantiated facts to management if the internal auditor believes the information is useful.

4. Visual observations can assist an auditor in determining if a material observation should be communicated through informal means to the organization’s senior management.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 12

According to the Standards, which of the following is not a consideration when exercising due professional care for an assurance engagement?

Options:

A.

The relative complexity, materiality, or significance of matters to which assurance procedures are applied.

B.

The extent of assurance services necessary to ensure that all risks are identified.

C.

The cost of providing the assurance services in relation to potential benefits.

D.

The probability of significant errors, irregularities or instances of noncompliance.

Question 13

Which of the following statements describes a control failure that is not directly attributable to a customer billing application?

1. End users have raised a number of concerns regarding data integrity.

2. An untested program change is transferred from the test environment to production.

3. Purchase history does not reconcile with accounts receivable for some customers.

4. End user security is inadvertently granted to an unauthorized individual by management.

Options:

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Question 14

A government agency's policy states that board members' travel and hospitality expenses must be audited annually. Which of following people or groups is most appropriate to perform this audit?

Options:

A.

The government's independent auditor.

B.

The external auditors from an accounting firm.

C.

The internal audit activity.

D.

The agency's chief compliance officer.

Question 15

If an engagement client disputes that a specific action or process is within the scope of the internal audit activity, what would be the most appropriate way for the internal audit activity (IAA) to respond?

Options:

A.

Terminate the audit engagement in full because an operational audit will not be productive without the client's cooperation.

B.

Terminate only the specific action or process with which the client disagrees and work to determine a substitute function that will not impede further IAA or the client-audit relationship.

C.

Refer the client to the IAA's charter and the approved yearly audit plan, which includes the areas designated for audit in the current time period.

D.

Seek the approval of senior management or the board in mediation, allowing an overseer to clarify the scope of the audit engagement for the client.

Question 16

The audit committee is concerned that the small size of the internal audit activity (IAA) makes it impractical to achieve full conformance with the Standards. To address this concern, which of the following actions is most appropriate for the CAE to take?

Options:

A.

The CAE should agree with the audit committee and implement only those standards appropriate to the size of the IAA.

B.

The CAE should request the audit committee to review the Standards to identify specifically which are creating the greatest concern.

C.

The CAE should seek sufficient funding to increase audit resources to meet the minimum requirements of the Standards.

D.

The CAE should explain that conformance with the Standards is essential and not dependent upon the size of the IAA.

Question 17

An internal auditor finds during an engagement that payment for the organization's general insurance policy is two months overdue. The issue is informally mentioned to the finance department which immediately submits the invoice for payment. The auditor decides to exclude this finding from the final audit report as the oversight was immediately corrected and there were no consequences because of this late payment.

Which of the following rules of conduct as described in the IIA Code of Ethics, did the auditor fail to uphold?

Options:

A.

Confidentiality.

B.

Objectivity.

C.

Integrity.

D.

Competency.

Question 18

According to IIA guidance, which of the following objectives of an assurance engagement for the organization's risk management process is valid?

Options:

A.

All risks have been identified and mitigated.

B.

Risks have been accurately analyzed and evaluated.

C.

All controls are both adequate and efficient.

D.

The board is appropriately addressing intolerable risks.

Question 19

During an internal audit, an organization's processing department is found to have incidences of both duplicate invoices and notices from customers that purchased goods were not received. The department under review insists that some of these reports are false and that others were isolated oversights due to understaffing.

Which of the following tests would best help the internal auditor detect fraudulent activity?

Options:

A.

Check inventory levels.

B.

Search for gaps in check numbers.

C.

Compare vendor summaries.

D.

Review raw material purchase quantities.

Question 20

Which of the following scenarios would represent the greatest threat to the authority of the internal audit activity (IAA)?

Options:

A.

A change was implemented requiring the IAA to report administratively to the organization's chief legal counsel rather than the board.

B.

Responsibility for risk management processes were removed from the IAA and placed under a newly created chief risk officer.

C.

The IAA was denied access to expenditure and budget requirement reports because the reports were considered to be financial administrative matters.

D.

An internal auditor was informed by the chief financial officer that client survey results would be unfavorable unless the auditor changed a finding in the report.

Question 21

Allegations have been made that an organization's share price has been manipulated.

Which of the following would provide an internal auditor with the most objective evidence in this case?

Options:

A.

Major shareholders of the organization.

B.

Large customers of the organization.

C.

Former members of management.

D.

Former financial consultants.

Question 22

The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?

Options:

A.

The CAE's work may be reviewed by any other experienced staff member within the IAA.

B.

The CAE's work should be reviewed by an individual with the appropriate background and knowledge.

C.

The CAE may self-review his work, provided he discloses this practice in the final report.

D.

The CAE should avoid performing engagements to ensure he is able to review all audit work objectively.

Question 23

Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit?

1. Acceptance of CAATs findings by entity management.

2. Computer knowledge and expertise of the auditor.

3. Time constraints.

4. Level of audit risk.

Options:

A.

1 and 4

B.

2 and 3 only

C.

1, 2, and 3

D.

2, 3, and 4

Question 24

Which two of the following are preventive controls in a check disbursement process?

1. Daily reconciliation of the bank account used for check disbursements and prompt follow-up of un-reconciled items.

2. Segregation of the following duties: establishing new vendors, approving checks, and reconciling the bank account.

3. An activity report detailing who accesses the check disbursement system and the nature of any action taken in the system.

4. Evidence of strong access controls ensuring that authorized individuals have access only to the functions related to their responsibilities.

Options:

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Question 25

Which of the following is an example of a management control technique?

Options:

A.

A budget.

B.

A risk assessment.

C.

The board of directors.

D.

The control environment.

Question 26

A multinational organization has asked the internal audit activity to assist in setting up the organization's risk management system. The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

Options:

A.

Coordinate and facilitate risk workshops for management to attend.

B.

Establish the degree of risk appetite for management to accept.

C.

Set risk indicators and mitigation plans for management to implement.

D.

Determine the number of significant risks for management to report to the board.

Question 27

Which of the following techniques would provide the most compelling evidence that a safety hazard exists within a manufacturing facility?

Options:

A.

Observation of the facility during operations.

B.

Questioning of facility management, including the facility safety officer.

C.

Analysis of facility operating reports, focusing on instances when breakdowns occurred.

D.

Review of records involving safety violations, filed by facility production employees.

Question 28

A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to MA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

Options:

A.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees.

B.

Review the investigation and implement any improvements to the process.

C.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

D.

Determine why The fraud was not detected earlier and design controls to strengthen early detection.

Question 29

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Options:

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Question 30

Which of the following best describes the details that must be included in the quality assurance and improvement program (QAIP) report to senior management and the board?

Options:

A.

The scope and frequency of internal and external assessments as well as the qualifications and independence of the assessor.

B.

The scope and cost of the QAIP. frequency of internal and external assessments, and conclusions of the assessor.

C.

The scope, findings, risks, recommendations, and agreed-upon improvement actions.

D.

The number and types of people involved in the assessment, costs, and duration of the QAIP

Question 31

According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?

Options:

A.

Assessing the risk factors.

B.

Aligning risk appetite and strategy.

C.

Enhancing risk response decisions.

D.

Reducing operational surprises and losses.

Question 32

According to IIA guidance, which of the following roles would be appropriate for an internal auditor regarding fraud risk?

1. Identification.

2. Mitigation.

3. Remediation.

4. Reduction.

Options:

A.

1 only. |

B.

1 and 4 only.

C.

1, 3, and 4 only.

D.

1,2, 3, and 4.

Question 33

According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?

Options:

A.

CAE reviews and approves the annual audit plan.

B.

CAE meets privately with The CEO at least annually.

C.

CAE meets privately with The board at least annually.

D.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Question 34

An internal auditor is conducting an assessment of the organization's fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?

1. The organization uses an automated authority approval matrix to control payments.

2. The organization has a whistleblower hotline that is available to employees.

3. Annually, every manager completes a comprehensive fraud assessment of his or her department.

4. Annually, the organization reviews and communicates the code of expected behavior.

Options:

A.

1 and 2.

B.

1 and 3.

C.

2 and 3.

D.

2 and 4.

Question 35

According to IIA guidance, the results of a formal quality assessment should be reported to which of the following groups?

Options:

A.

The audit committee and senior management.

B.

The audit committee and the external auditors.

C.

Senior management and management of the audited area.

D.

Senior management and the external auditors.

Question 36

An internal audit activity is using the auditing-by-element approach to audit the organization's controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?

Options:

A.

Working conditions.

B.

Employees' families.

C.

Marketplace competition.

D.

Shareholders and investors.

Question 37

Which of the following factors have the greatest influence on the independence of the internal audit activity?

Options:

A.

Quality assessments and cultural biases of the internal audit activity.

B.

Rotational assignments and familiarity of the internal audit activity.

C.

Employee incentives and self review of the internal audit activity.

D.

Organizational positioning and scope control of the internal audit activity.

Question 38

An auditor in charge was reviewing the workpapers submitted by a newly hired internal auditor. She noted that the new auditor's analytical work did not include any rating or quantification of the risk assessment results, and she returned the workpapers for correction. Which section of the workpapers will the new auditor need to modify?

Options:

A.

Condition section.

B.

Criteria section.

C.

Effect section.

D.

Cause section.

Question 39

Which of the following enhances the independence of the internal audit activity?

Options:

A.

The chief audit executive (CAE) approves the annual internal audit plan.

B.

The CAE administratively reports to the board.

C.

The audit committee approves the CAE's annual salary increase.

D.

The chief executive officer approves the internal audit charter.

Question 40

A medical insurance provider uses an electronic claims-submission process and suspects that a number of physicians have submitted claims for treatments that were not performed. Which of the following control procedures would be most effective to detect this type of fraud?

Options:

A.

Require the physician to submit a signed statement attesting that the treatments had been performed.

B.

Send confirmations to the physicians, requesting them to verify the exact nature of the claims submitted to the insurance provider.

C.

Develop an integrated test facility and submit false claims to verify that the system is detecting such claims on a consistent basis.

D.

Use computer software to identify abnormal claims based on the insured's age and medical history.

Question 41

Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

Options:

A.

Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).

B.

Approve the annual budget and resource plan for the internal audit activity.

C.

Assist the CAE with hiring objective and competent internal audit staff.

D.

Encourage the CAE to communicate and coordinate with the external auditor.

Question 42

Which of the following is most likely to be considered a control weakness?

Options:

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms.

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent.

Exam Detail
Vendor: IIA
Certification: IIA Other Certification
Exam Code: IIA-CRMA
Exam Name: Certification in Risk Management Assurance (CRMA) Exam
Last Update: Apr 19, 2025
IIA-CRMA Question Answers
Page: 1 / 11
Total 283 questions
Get IIA-CRMA Full Access Download IIA-CRMA PDF