IIA-CIA-Part2 Exam Questions Tutorials

While discussing risks with the audit client can provide useful insights, it is the least structured method compared to using all available information from the risk-based plan, considering client efforts to manage risk, and reviewing prior risk assessments. These latter methods are more systematic and ensure that the audit work program is comprehensive and focused on relevant risks. References: = IIA Standard 2200 - Engagement Planning, IIA Practice Guide: “Developing the Audit Plan”.

The most appropriate conclusion for the auditor to include in the audit report is that the organization had weaknesses in its review process which allowed questionable transactions with some vendors. This conclusion directly addresses the identified issue of questionable vendor documentation and implies that there are control deficiencies in the review process that need to be addressed to prevent such occurrences in the future.

References:

IIA Standards: 2410 - Criteria for Communicating

IIA Practice Guide: Reporting and Monitoring

When preparing a detailed risk assessment during engagement planning, the internal auditor should collaborate with the management of the function being reviewed. Management has the most in-depth knowledge of their business objectives, processes, and the associated risks. This cooperation ensures that the risk assessment is comprehensive, accurate, and relevant to the specific context of the function under review. It also helps in identifying any potential areas of concern that might not be evident to external parties.

References:

IIA Standard 2201: "Planning Considerations"

IIA Practice Guide: "Assessing the Adequacy of Risk Management Processes"

The primary advantage of using internal control questionnaires (ICQs) as part of a preliminary survey for an engagement is their efficiency. ICQs allow auditors to quickly gather a large amount of information about the control environment by asking structured questions that cover key areas of interest. This helps in identifying areas that require further investigation or where controls may need improvement.

IIA References:

The IIA’s Practice Guide on Evaluating Internal Controls mentions that ICQs are useful for obtaining an initial understanding of controls and are particularly efficient when time or resources are limited. They allow auditors to systematically cover a wide range of control-related topics in a relatively short period.