IIA Certification in Risk Management Assurance (CRMA) Certification: What is the difference between the IIA-CRMA & IIA-CRMA-ADV?

1. A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive, but performs no further follow-up.

Which of the following statements is true about the auditor's actions?

2. Which of the following is a preventive control?

3. A candidate has applied for an entry level internal audit position. The candidate holds a CISA (Certified Information Systems Auditor) designation, and has six months of audit experience, but limited knowledge of accounting principles and techniques. According to the IIA guidance, which of the following is the most relevant reason for the chief audit

executive to consider this candidate?

4. The results of an internal audit activity's (IAA) quality assurance and improvement program are favorable and an external assessment was completed within the last five years.

Which of the following statements may the IAA use to describe its work?

5. An organization has implemented a new automated payroll system that contains a table of pay rates that are matched to employee job classifications.

Which control should an internal auditor suggest in order to ensure that the table is updated correctly, and is used only for valid pay changes?

6. According to IIA guidance, which of the following statements regarding the internal audit charter is true?

7. A chief audit executive (CAE) learns that the brother-in-law of a senior auditor who audits the procurement process was hired as the head of the procurement department six months prior.

Which of the following is the most appropriate action for the CAE to take?

8. According to IIA guidance, which of the following objectives of an assurance engagement for the organization's risk management process is valid?

9. During an internal audit, an organization's processing department is found to have incidences of both duplicate invoices and notices from customers that purchased goods were not received. The department under review insists that some of these reports are false and that others were isolated oversights due to understaffing.

Which of the following tests would best help the internal auditor detect fraudulent activity?

10. An internal auditor for a large retail chain suspects that a store manager has been stealing money from cash sales by listing the sales as accounts receivable and then writing off the accounts as bad debts.

Which of the following irregularities is the most likely cause of the auditor's suspicion?

11. An internal auditor makes a series of observations when performing an analytical review of division operations. The auditor notes the following things: the current ratio is increasing and the quick ratio is decreasing, sales and current liabilities have remained constant, and the number of day sales in inventory is increasing.

Which conclusion should the auditor draw from this data?

12. An internal auditor would like to identify the involvement of various organizational units in handling employee travel reimbursement claims.

Which of the following methods would be most effective and efficient in completing this task?

13. Allegations have been made that an organization's share price has been manipulated.

Which of the following would provide an internal auditor with the most objective evidence in this case?

14. Which of the following best describes the assessment of risks?

15. Which of the following is not a standard technique that the chief audit executive (CAE) would use to provide evidence of supervisory review of working papers?

16. Why are preventative controls generally preferred to detective controls?

17. Which of the following best ensures an internal audit activity has the ability to render impartial and unbiased assessments?

18. Which of the following actions indicates a lack of due professional care by an internal auditor performing an audit of a store's cash function?

19. While attending a conference, an internal auditor won an all-expense paid trip sponsored by a vendor of the internal auditor's organization.

Which of the following actions are most appropriate for the auditor to take?

20. Cost of the engagement versus the potential benefits.

21. Which of the following is the most significant disadvantage of using checklists to evaluate internal controls?

22. An internal auditor notes that employees are able to download files from the internet. According to IIA guidance, which of the following strategies would best protect the organization from the risk of copyright infringement and licensing violations resulting from this practice?

23. Justified and necessary, according to the IIA Code of Ethics and Standards.

24. End user security is inadvertently granted to an unauthorized individual by management.

25. Which of the following would not be a red flag for fraud?

26. Which of the following is the most effective strategy to manage the risk of foreign exchange losses due to sales to foreign customers?

27. When conducting an interview, an internal auditor is most likely to ask open-ended questions in order to:

28. Which of the following scenarios would represent the greatest threat to the authority of the internal audit activity (IAA)?

29. According to IIA guidance, which of the following best describes processes and tools typically used in ongoing internal assessments?

30. What type of risk management strategy is being employed when an organization installs two firewalls to provide protection from unauthorized access to the network?

31. According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?

32. Which of the following is an example of a transaction-level control?

33. Which of the following would provide the best guidance to a chief audit executive who is setting internal audit staff requirements?

34. What is the primary purpose of a fishbone diagram?

35. During an internal audit, the internal auditor compares the employee turnover rate in the area being audited with the employee turnover rate in the organization as a whole.

This is an example of which of the following analytical auditing procedures?

36. Which of the following is not one of the 10 core competencies identified in the IIA Competency Framework?

37. A manufacturing organization discovers that the waste water released has failed to meet permitted limits.

Which control function will be least effective in correcting the issue?

38. If an engagement client disputes that a specific action or process is within the scope of the internal audit activity, what would be the most appropriate way for the internal audit activity (IAA) to respond?

39. In which of the following scenarios would a customer service hotline receive a high volume of complaints regarding payments not being applied to customers’ accounts?

40. After being terminated due to downsizing, an internal auditor finds a different job with an organization in the same industry.

Which of the following actions would violate the IIA Code of Ethics?

41. The director of purchasing, a certified internal auditor (CIA), signs a contract to procure a large order from a supplier whose products provide the best price, quality, and performance. A few days after signing the contract, the supplier presents the CIA with $1, 000 as a gift.

Which statement regarding acceptance of the money is correct?

42. Which of the following statements is true regarding the use of non-statistical sampling in auditing control tests?

43. According to IIA guidance, which of the following statements is false regarding continuing professional education for the internal audit activity (IAA)?

44. The last quality assessment of the internal audit activity identified three areas for improvement: the achievement of audit engagement objectives, quality of work, and staff development.

According to IIA guidance, which of the following should be the chief audit executive's primary focus to achieve these recommended improvements?

45. The chief audit executive (CAE) has been asked to manage the regulatory compliance function for the organization's retail store operations. Store operations are included in the annual audit plan.

Which of the following strategies best fulfills the requirements of the Standards regarding these audits?

46. Which of the following conditions is the most likely indicator of fraud?

47. Control activities.

48. A new chief audit executive (CAE) of a large internal audit activity (IAA) is dissatisfied with the current amount and quality of training being provided to the staff and wishes to implement improvements.

According to IIA guidance, which of the following actions would best help the CAE reach this objective?

49. During an account receivables audit, an internal auditor found a significant number of input errors resulting in a $500, 000 balance understatement.

Which of the following is the most important question the internal auditor should ask to develop an appropriate recommendation for this finding?

50. An internal audit manager of a furniture manufacturing organization is planning an audit of the procurement process for kiln-dried wood. The procurement department maintains six procurement officers to manage 24 different suppliers used by the organization.

Which of the following controls would best mitigate the risk of employees receiving kickbacks from suppliers?

51. They can rely on evidence taken from the work of other assurance activities across the organization.

52. An organization's chief audit executive (CAE) determines that the internal audit staff does not have the requisite skills to conduct an audit of the financial derivatives area.

Which of the following would be the best course of action for the CAE to follow?

53. This chief audit executive (CAE) engaged an internal auditor to consult on an organization's complex information technology system. Shortly after beginning the engagement, the auditor unexpectedly resigned. Unfortunately, this auditor was the only available auditor with the necessary expertise. The CAE will not be able to hire someone with similar expertise in time to meet a regulatory deadline.

Which of the following would be the best course of action for the CAE to take?

54. While reviewing the workpapers of a new auditor, the auditor in charge discovered that additional audit procedures might be necessary.

According to IIA guidance, which of the following would be most relevant for the auditor in charge to consider when making this decision?

55. Which of the following would provide the best evidence of errors in the quantities of items received from suppliers?

56. The internal audit supervisor is reviewing the workpapers prepared by the staff.

According to the Standards, which of the following statements regarding workpaper supervision is not true?

57. According to the Standards, which of the following best describes why initial audit test results should be reported to the auditor-in-charge prior to advising management?

58. A government agency's policy states that board members' travel and hospitality expenses must be audited annually.

Which of following people or groups is most appropriate to perform this audit?

59. Management of a publicly-held organization requires the internal audit activity to be involved with quarterly financial statements, which are made public and used internally.

Which of the following explanations of management's decision is least plausible?

60. The audit committee is concerned that the small size of the internal audit activity (IAA) makes it impractical to achieve full conformance with the Standards.

To address this concern, which of the following actions is most appropriate for the CAE to take?

61. Which of the following does not need to be defined in the internal audit charter?

62. Which of the following is not a role of the internal audit activity in facilitating risk identification and evaluation?

63. Which of the following audit procedures would provide the most relevant information to identify discrepancies between budgeted versus actual raw material consumption in a production facility?

64. To identify potential efficiency improvements.

65. While reviewing first quarter sales transactions, an internal auditor discovered that 10 invoices for a new customer had not been posted into the accounts receivable subsidiary ledger. Those 10 invoices were listed in an error report automatically generated by the sales processing system. The system had rejected the invoices because the customer's account number was not found in the customer master file.

In this scenario, which of the following controls was lacking?

66. Which of the following would most likely be considered a red flag for fraud?

67. Which of the following actions does not violate the IIA Code of Ethics or Standards?

68. Which of the following risk management activities is most appropriate for an internal auditor to undertake?

69. An internal auditor finds during an engagement that payment for the organization's general insurance policy is two months overdue. The issue is informally mentioned tothe finance department which immediately submits the invoice for payment. The auditor decides to exclude this finding from the final audit report as the oversight was immediately corrected and there were no consequences because of this late payment.

Which of the following rules of conduct as described in the IIA Code of Ethics, did the auditor fail to uphold?

70. Which of the following would be considered a preventive control?

71. Leave blank space for cross-references to be completed during the post-audit process.

72. Which type of objectives can best be described as broad goals that promote the effective and efficient use of resources?

73. According to the Standards, for how long should internal auditors who have previously performed or had management responsibility for an operation wait to become involved in future internal audit activity with that same operation?