CIA Exam Part 1 - Practice Exam Questions and Answers
The CAE is considering different methods of providing training in personal communication skills
for the entire internal audit staff. Which of the following methodologies would be the most
effective means of delivering such training?
A) Computer-based training in human relations skills
B) Individual coaching by a professional communications specialist
C) Self-study booklets explaining communication theory
D) Lecture course on communications delivered by a motivational speaker - B) Individual
coaching by a professional communications specialist
Which is an acceptable role for the internal audit activity in the risk management process?
A) No role
B) Managing specific risks if defined in the internal audit plan
C) Active, continuous support in the process such as leadership of oversight committees
D) Managing and coordinating the risk management process - A) No role
Which is a required type of knowledge, skill, and other competency for an internal auditor?
A) Basic comprehension of internal audit standards, procedures, and techniques required in
performing engagements
B) An understanding of management principles and good business practices so deviations can
be recognized and evaluated
C) Proficiency in accounting principles and techniques for all auditors
D) Proficiency in subjects such as accounting, economics, commercial law, quantitative
methods, and IT - B) An understanding of management principles and good business practices
so deviations can be recognized and evaluated
,The bank's internal audit charter neither authorizes nor forbids the internal audit activity to
perform assurances for outside parties. Which of the following conditions apply to providing the
requested service?
A) The vice president of finance may authorize the chief audit executive to schedule the
engagement without amending the charter.
B) Providing assurances to outside parties is a violation of the Standards.
C) The vice president of finance needs approval of the chief financial officer or the audit
committee before authorizing the chief audit executive to schedule the engagement without
amending the charter.
D) The charter should be amended to allow the internal audit activity to provide assurance
services to outside parties. - D) The charter should be amended to allow the internal audit
activity to provide assurance services to outside parties.
How should the process be handled when considering risk response (or risk treatment) when
the organization uses an ERM environment?
A) As an iterative process that looks at the big picture but also departments and functions
B) As a waterfall process that considers the risks at a holistic level
C) As a process that sets the risk tolerance at the enterprise level and ensures that all
departments adhere to it
D) As a method for setting control activities that ensures that collective risk limits are not
exceeded in any individual instances - A) As an iterative process that looks at the big picture but
also departments and functions
An internal auditor is assigned financial audits. She performs the audits out of the audit
department, downloads records electronically, communicates with the client through email, and
uses audit software. Is the internal auditor demonstrating the required knowledge, skills, and
competencies for an IA?
A) Yes, the auditor is working very efficiently by taking advantage of technology
B) No, financial audits require working more closely with top finance executives due to the need
to provide assurance on ICFR for this type of audit client
,C) No, by limiting contact with the client, oral communications skills are not being used to
clearly and effectively convey items such as engagement objectives, evaluations, conclusions,
and recommendations.
D) Yes, the auditor is avoiding taking up too much of the audit client's time, which is value-
added, and is demonstrating professional skepticism by focusing primarily on financial - C) No,
by limiting contact with the client, oral communications skills are not being used to clearly and
effectively convey items such as engagement objectives, evaluations, conclusions, and
recommendations.
Goods received from a certain supplier occasionally arrive without a proper bill of lading. In
these situation, the receiving clerk is directed to telephone the supplier and request a bill of
lading by fax so that he or she can compare what was actually received to the bill and research
any discrepancies. Which of the following is this type of control?
A) application control
B) preventative control
C) governance control
D) detective control - D) detective control
An adequate system of internal controls is most likely to detect an irregularity perpetrated by a
A) single manager
B) single employee
C) group of managers in collusion
D) group of employees in collusion - B) single employee
Which activity should be treated as a clear impairment of an internal auditor's independence
and objectivity?
, A) Overseeing installation of new IT equipment to ensure compliance with the Orgs objectives
B) Participating in a team that assesses IT acquisition possibilities
C) Reviewing competitive bids for development of new sales-tracking software before a
purchase decision is made
D) Applying for a position in a different organization's IT department while participating in a
consulting engagement with the current organization's IT department - A) Overseeing
installation of new IT equipment to ensure compliance with the Orgs objectives
An organization has projected the direct and indirect costs of relocating some of its operations
offshore. Based on analysis results, the organization decides to move forward with offshoring.
Which of the following statements best describes this outcome?
A) The major risk events associated with success are high in impact and high in likelihood
B) the analysis determined that pervasive risk is minimal
C) the decision falls within the organization's risk appetite
D) Inherent risk is lower than residual risk - C) the decision falls within the organization's risk
appetite
In the final report for an internal audit, the internal auditor states that security controls are at
the same level of effectiveness as in the previous audit. There is no mention that control
activities in the previous audit were found to be unsatisfactory. According to the Code of Ethics,
this communication is...
A) specific but not ethical
B) prudent and competent
C) balanced and objective
D) potentially biased - D) potentially biased
The CAE is considering different methods of providing training in personal communication skills
for the entire internal audit staff. Which of the following methodologies would be the most
effective means of delivering such training?
A) Computer-based training in human relations skills
B) Individual coaching by a professional communications specialist
C) Self-study booklets explaining communication theory
D) Lecture course on communications delivered by a motivational speaker - B) Individual
coaching by a professional communications specialist
Which is an acceptable role for the internal audit activity in the risk management process?
A) No role
B) Managing specific risks if defined in the internal audit plan
C) Active, continuous support in the process such as leadership of oversight committees
D) Managing and coordinating the risk management process - A) No role
Which is a required type of knowledge, skill, and other competency for an internal auditor?
A) Basic comprehension of internal audit standards, procedures, and techniques required in
performing engagements
B) An understanding of management principles and good business practices so deviations can
be recognized and evaluated
C) Proficiency in accounting principles and techniques for all auditors
D) Proficiency in subjects such as accounting, economics, commercial law, quantitative
methods, and IT - B) An understanding of management principles and good business practices
so deviations can be recognized and evaluated
,The bank's internal audit charter neither authorizes nor forbids the internal audit activity to
perform assurances for outside parties. Which of the following conditions apply to providing the
requested service?
A) The vice president of finance may authorize the chief audit executive to schedule the
engagement without amending the charter.
B) Providing assurances to outside parties is a violation of the Standards.
C) The vice president of finance needs approval of the chief financial officer or the audit
committee before authorizing the chief audit executive to schedule the engagement without
amending the charter.
D) The charter should be amended to allow the internal audit activity to provide assurance
services to outside parties. - D) The charter should be amended to allow the internal audit
activity to provide assurance services to outside parties.
How should the process be handled when considering risk response (or risk treatment) when
the organization uses an ERM environment?
A) As an iterative process that looks at the big picture but also departments and functions
B) As a waterfall process that considers the risks at a holistic level
C) As a process that sets the risk tolerance at the enterprise level and ensures that all
departments adhere to it
D) As a method for setting control activities that ensures that collective risk limits are not
exceeded in any individual instances - A) As an iterative process that looks at the big picture but
also departments and functions
An internal auditor is assigned financial audits. She performs the audits out of the audit
department, downloads records electronically, communicates with the client through email, and
uses audit software. Is the internal auditor demonstrating the required knowledge, skills, and
competencies for an IA?
A) Yes, the auditor is working very efficiently by taking advantage of technology
B) No, financial audits require working more closely with top finance executives due to the need
to provide assurance on ICFR for this type of audit client
,C) No, by limiting contact with the client, oral communications skills are not being used to
clearly and effectively convey items such as engagement objectives, evaluations, conclusions,
and recommendations.
D) Yes, the auditor is avoiding taking up too much of the audit client's time, which is value-
added, and is demonstrating professional skepticism by focusing primarily on financial - C) No,
by limiting contact with the client, oral communications skills are not being used to clearly and
effectively convey items such as engagement objectives, evaluations, conclusions, and
recommendations.
Goods received from a certain supplier occasionally arrive without a proper bill of lading. In
these situation, the receiving clerk is directed to telephone the supplier and request a bill of
lading by fax so that he or she can compare what was actually received to the bill and research
any discrepancies. Which of the following is this type of control?
A) application control
B) preventative control
C) governance control
D) detective control - D) detective control
An adequate system of internal controls is most likely to detect an irregularity perpetrated by a
A) single manager
B) single employee
C) group of managers in collusion
D) group of employees in collusion - B) single employee
Which activity should be treated as a clear impairment of an internal auditor's independence
and objectivity?
, A) Overseeing installation of new IT equipment to ensure compliance with the Orgs objectives
B) Participating in a team that assesses IT acquisition possibilities
C) Reviewing competitive bids for development of new sales-tracking software before a
purchase decision is made
D) Applying for a position in a different organization's IT department while participating in a
consulting engagement with the current organization's IT department - A) Overseeing
installation of new IT equipment to ensure compliance with the Orgs objectives
An organization has projected the direct and indirect costs of relocating some of its operations
offshore. Based on analysis results, the organization decides to move forward with offshoring.
Which of the following statements best describes this outcome?
A) The major risk events associated with success are high in impact and high in likelihood
B) the analysis determined that pervasive risk is minimal
C) the decision falls within the organization's risk appetite
D) Inherent risk is lower than residual risk - C) the decision falls within the organization's risk
appetite
In the final report for an internal audit, the internal auditor states that security controls are at
the same level of effectiveness as in the previous audit. There is no mention that control
activities in the previous audit were found to be unsatisfactory. According to the Code of Ethics,
this communication is...
A) specific but not ethical
B) prudent and competent
C) balanced and objective
D) potentially biased - D) potentially biased
