IIA-CRMA Online Practice Questions and Answers

According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?

A. A former employee knowledgeable of the IAA who resigned three years earlier from the organization.

B. A competent employee of an independent external organization that provides co-sourcing services to the IAA.

C. An employee in an affiliated organization who has never worked directly with the IAA.

D. An employee in the parent organization who has not had any previous contact with the IAA.

Suspecting fraud, the chief financial officer (CFO) asked the internal audit activity to investigate a significant increase in travel related expenditures. Work was performed by a qualified internal auditor. Following the completion of the engagement, the chief audit executive (CAE) reported to the CFO that no violations were found and no fraud had occurred.

According to the Standards, which of the following principles did the CAE violate?

A. Due professional care.

B. Individual objectivity.

C. Proficiency.

D. Organizational independence.

An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use?

A. Statistical sampling only

B. Nonstatistical sampling only

C. A combination of both statistical and nonstatistical sampling.

D. Neither approach to testing the audit theory would be cost effective.

With regard To IT governance, which of the following is the most effective and appropriate role for the internal audit activity?

A. Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization's risk appetite.

B. Evaluate the organization's governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization's risk appetite.

C. Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.

D. Assess whether governance activities are aligned with the organization's risk appetite and take into consideration emerging risks.

Sometimes, internal audit staff may partner with operating managers to rank risks. Which of the following outcomes may be the most beneficial aspects of this strategy?

1.

Reappraising risks levels.

2.

Providing accurate information to management.

3.

Marketing the internal audit activity.

4.

Planning safeguards for assets in high-risk areas.

A. 1 and 2.

B. 1 and 3.

C. 2 and 3.

D. 3 and 4.

In which of the following functions would fraud be most likely to occur?

A. Maintaining custody of inventory records.

B. Collecting payments on accounts.

C. Approving changes to employee records.

D. Preparing customer statements.

According to IIA guidance, which of the following must the internal auditor consider to meet the requirements for due professional care?

A. The training courses necessary to enhance the internal auditor's knowledge, skills, and other competencies.

B. The appropriateness of assurance procedures necessary to ensure all significant risks will be identified.

C. The use of innovative technology and data analysis techniques.

D. The extent of work needed to achieve the engagement's objectives.

A chief audit executive (CAE) reports functionally to the CEO and administratively to the chief financial officer, both of whom serve on the company's board of directors. According to IIA guidance, which of the following would offer the greatest protection for the independence of the internal audit activity?

A. Appoint the CAE as a member of the board.

B. Move the CAE's functional reporting to an executive who is not on the board.

C. Obtain full board approval of the internal audit activity's annual audit plan.

D. Move the CAE's functional reporting to the audit committee.

Management is developing and implementing a risk and control framework for use throughout the organization. Which of the following elements should be included in the organization's control framework?

1.

Appropriate levels of authority and responsibility.

2.

Supervision of staff and appropriate review of work.

3.

The seniority of management in the organization.

4.

The ability to trace each transaction to an accountable and responsible individual.

A. 1,2, and 3.

B. 1.2, and 4.

C. 1.3, and 4.

D. 2, 3, and 4.

An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

A. Preventive controls.

B. Detective controls.

C. Soft controls.

D. Directive controls.