Free IIA IIA-CIA-Part2 Exam Dumps Questions & Answers

A large retail organization, which sells most of its products online, experiences a computer hacking incident.
The chief IT officer immediately investigates the incident and concludes that the attempt was not successful.
The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet- based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.

• A.  2 and 4
• B.  1 and 3
• C.  1 and 2
• D.  3 and 4

Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?

• A.  Reporting the status of every observation for every engagement in a detailed manner.
• B.  Inquiry of corrective action to be completed within a certain period.
• C.  Cost-benefit analysis of management not implementing a recommendation to address an observation.
• D.  Soliciting management's feedback after completion of the audit engagement.

An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?

• A.  Document the results and report the overall percentage of variances.
• B.  Determine the significance of the variances and investigate causes as needed.
• C.  Report all variances to management and request an action plan to remediate them.
• D.  Review the results and investigate the cause of all variances.

During an audit of suspense accounts the internal auditor found that there were no written policies on how suspense accounts should be treated. The auditor also found that suspense account balances were cleared once per week, not daily. Which of the following is the most appropriate first response by the auditor?

• A.  The auditor should conclude that suspense accounts were not being cleared on a timely basis because they should be cleared daily
• B.  The auditor should conclude that the clearing of suspense accounts was timely and appropriate because weekly clearing is sufficient.
• C.  The auditor should rely on his professional judgment and experience to develop criteria for evaluating the existing controls over suspense accounts
• D.  The auditor should ask management whether any undocumented policies exist and. if so, determine whether they are adequate

A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan''

• A.  Communicate with the chief financial officer and present the revised audit plan to the CEO tor approval
• B.  Present the revised audit plan directly to the board for approval.
• C.  Present the revised audit plan directly to the CEO for approval
• D.  Communicate with the CEO and present the revised audit plan to the board for approval.