CIA Changed IIA-CIA-Part2 Questions

According to IIA guidance, the chief audit executive (CAE) is directly responsible for establishing the objectives, scope, and plan for each engagement. This responsibility ensures that each audit is properly focused and aligned with the overall goals and risk areas of the organization. While maintaining a quality assurance program and providing professional development opportunities are important, they are not solely the CAE's responsibility without management support. Periodic review and approval of the internal audit charter is typically a joint responsibility with senior management and the board. References:

The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2010 - Planning.

The IIA’s Practice Guide on Developing the Internal Audit Plan.

An audit finding should include the standard(s) used by the auditor to make the evaluation (2) and the factual evidence found during the examination (4). These components provide the basis for the auditor's conclusions and ensure that the findings are well-supported and objective. The scope of the audit (1) and the engagement's objectives (3) are typically included in the overall audit report but are not components of individual audit findings.

While aligning organizational activities to internal audit activities and measuring according to approved IAA performance measures is important, it adds the least direct value to achieving the IAA's objectives compared to the other strategies. Establishing periodic reviews, using engagement results to guide future activities, and ensuring the format and frequency of IAA reporting align with the organization's governance structure are all more directly impactful strategies. References: = IIA Standard 1300 - Quality Assurance and Improvement Program and IIA Standard 1320 - Reporting on the Quality Assurance and Improvement Program.

According to IIA guidance, a newly promoted chief audit executive (CAE) should prioritize the review of audit reports based on the significance of the findings indicated by the opinion statements. A graded positive opinion (1) suggests that the audit found strong controls with no significant issues, while a third-party opinion (4) typically involves external assessments that may not require immediate internal action. Therefore, these opinions would receive the lowest review priority. In contrast, negative assurance opinions (2) and limited assurance opinions (3) indicate potential issues or limitations in the effectiveness of controls, necessitating higher priority review to address any significant concerns promptly. References: IIA Standard 2410 – Criteria for Communicating, IIA Practice Advisory 2410-1