CIA Exam Part 1 - Practice Exam Questions
and Answers Graded A+
Which activity should be treated as a clear impairment of an internal auditor's independence and
objectivity?
A) Overseeing installation of new IT equipment to ensure compliance with the Orgs objectives
B) Participating in a team that assesses IT acquisition possibilities
C) Reviewing competitive bids for development of new sales-tracking software before a
purchase decision is made
D) Applying for a position in a different organization's IT department while participating in a
consulting engagement with the current organization's IT department A) Overseeing
installation of new IT equipment to ensure compliance with the Orgs objectives
An organization has projected the direct and indirect costs of relocating some of its operations
offshore. Based on analysis results, the organization decides to move forward with offshoring.
Which of the following statements best describes this outcome?
A) The major risk events associated with success are high in impact and high in likelihood
B) the analysis determined that pervasive risk is minimal
,C) the decision falls within the organization's risk appetite
D) Inherent risk is lower than residual risk C) the decision falls within the organization's
risk appetite
In the final report for an internal audit, the internal auditor states that security controls are at the
same level of effectiveness as in the previous audit. There is no mention that control activities in
the previous audit were found to be unsatisfactory. According to the Code of Ethics, this
communication is...
A) specific but not ethical
B) prudent and competent
C) balanced and objective
D) potentially biased D) potentially biased
Internal auditing is unique in that its scope often encompasses all areas of an organization. It is
not possible for each internal auditor to possess detailed competence in all areas that might be
audited. However, which of the following competencies is required by the Standards for every
internal auditor?
A) proficiency in management principles
,B) taxation and law as it applies to the operation of the organization
C) sufficient knowledge of key information technology risks and controls
D) proficiency in accounting principles C) sufficient knowledge of key information
technology risks and controls
Who should be the direct recipient of reports that show the results of periodic reviews for
internal assessment of the internal audit function?
A) Senior Management
B) process owners
C) board of dire
D) CAE D) CAE
Which of the following is the appropriate way to respond to an ethics violation that involves
workplace theft in the U.S.?
A) report the issue directly to legal authorities
B) Terminate the employee, but press charges only if the employee fails to return all of the funds.
C) Start a progressive disciplinary process with counseling or probation as the first step
, D) Terminate the employee, but do not press charges to keep the matter from becoming public.
A) report the issue directly to legal authorities
Which is a prerequisite in order for the people, processes, and technologies that are put in place
to mitigate ethics and compliance risks to be effective?
A) A well-funded organizational compliance function that serves as the first line of defense
B) An organizational code of conduct that is written in the hearts of the organization's people
rather than on paper
C) As much emphasis on the means to the end as the end results themselves
D) Values that emphasize aggressive risk taking so long as it is directed toward achieving
strategic objectives C) As much emphasis on the means to the end as the end results
themselves
During an external quality assessment, the outside review team determines that internal auditors
were unable to comply with a particular standard during a specific audit. The internal auditors
noted the noncompliance issue in their final engagement communications but still claimed that
their work was conducted in accordance with the Standards. How does this situation impact the
internal audit activity's use of the statement "Conforms with the International Standards for the
Professional Practice of Internal Auditing"?
and Answers Graded A+
Which activity should be treated as a clear impairment of an internal auditor's independence and
objectivity?
A) Overseeing installation of new IT equipment to ensure compliance with the Orgs objectives
B) Participating in a team that assesses IT acquisition possibilities
C) Reviewing competitive bids for development of new sales-tracking software before a
purchase decision is made
D) Applying for a position in a different organization's IT department while participating in a
consulting engagement with the current organization's IT department A) Overseeing
installation of new IT equipment to ensure compliance with the Orgs objectives
An organization has projected the direct and indirect costs of relocating some of its operations
offshore. Based on analysis results, the organization decides to move forward with offshoring.
Which of the following statements best describes this outcome?
A) The major risk events associated with success are high in impact and high in likelihood
B) the analysis determined that pervasive risk is minimal
,C) the decision falls within the organization's risk appetite
D) Inherent risk is lower than residual risk C) the decision falls within the organization's
risk appetite
In the final report for an internal audit, the internal auditor states that security controls are at the
same level of effectiveness as in the previous audit. There is no mention that control activities in
the previous audit were found to be unsatisfactory. According to the Code of Ethics, this
communication is...
A) specific but not ethical
B) prudent and competent
C) balanced and objective
D) potentially biased D) potentially biased
Internal auditing is unique in that its scope often encompasses all areas of an organization. It is
not possible for each internal auditor to possess detailed competence in all areas that might be
audited. However, which of the following competencies is required by the Standards for every
internal auditor?
A) proficiency in management principles
,B) taxation and law as it applies to the operation of the organization
C) sufficient knowledge of key information technology risks and controls
D) proficiency in accounting principles C) sufficient knowledge of key information
technology risks and controls
Who should be the direct recipient of reports that show the results of periodic reviews for
internal assessment of the internal audit function?
A) Senior Management
B) process owners
C) board of dire
D) CAE D) CAE
Which of the following is the appropriate way to respond to an ethics violation that involves
workplace theft in the U.S.?
A) report the issue directly to legal authorities
B) Terminate the employee, but press charges only if the employee fails to return all of the funds.
C) Start a progressive disciplinary process with counseling or probation as the first step
, D) Terminate the employee, but do not press charges to keep the matter from becoming public.
A) report the issue directly to legal authorities
Which is a prerequisite in order for the people, processes, and technologies that are put in place
to mitigate ethics and compliance risks to be effective?
A) A well-funded organizational compliance function that serves as the first line of defense
B) An organizational code of conduct that is written in the hearts of the organization's people
rather than on paper
C) As much emphasis on the means to the end as the end results themselves
D) Values that emphasize aggressive risk taking so long as it is directed toward achieving
strategic objectives C) As much emphasis on the means to the end as the end results
themselves
During an external quality assessment, the outside review team determines that internal auditors
were unable to comply with a particular standard during a specific audit. The internal auditors
noted the noncompliance issue in their final engagement communications but still claimed that
their work was conducted in accordance with the Standards. How does this situation impact the
internal audit activity's use of the statement "Conforms with the International Standards for the
Professional Practice of Internal Auditing"?
