IIA IIA-IAP 시험

Question No : 1

Which of the following is an example of a detective control?

• A.Segregation of duties.
• B.Reconciliations.
• C.Required authorizations.

답을 확인하기

정답:
Explanation:
Definition of Detective Controls:
Detective controls are designed to identify errors, irregularities, or fraudulent activities after they occur, enabling corrective action.
Reasoning:
Option B is correct because reconciliations compare records (e.g., bank statements against ledgers) to detect discrepancies.
Option A (segregation of duties) and Option C (required authorizations) are preventive controls designed to stop errors or fraud before they occur.
Role of Detective Controls:
Detective controls play a critical role in monitoring and identifying issues, supporting the overall control environment.

Question No : 2

To be organizationally independent, the chief audit executive should administratively report to which of the following?

• A.The audit committee.
• B.The board of directors.
• C.The chief executive officer.

답을 확인하기

정답:
Explanation:
Reference to IIA Standards:
Standard 1110 - Organizational Independence: Organizational independence is achieved when the CAE reports functionally to the board or audit committee and administratively to the CEO or equivalent.
Reasoning:
Option C is correct because administrative reporting to the CEO ensures the CAE has access to resources, support, and operations without impairing functional independence.
Option A and Option B describe functional reporting lines (e.g., approval of the audit charter and plans), which are distinct from administrative reporting.
Significance of Reporting Structure:
Administrative reporting ensures the day-to-day management of the internal audit function, while
functional reporting maintains independence and alignment with governance.

Question No : 3

According to The IIA's Code of Ethics, which of the following best illustrates the principle of confidentiality?

• A.The auditor refused to use information learned during an audit to diversify his financial portfolio.
• B.The auditor declined to delegate critical audit lead responsibilities to a new auditor.
• C.The auditor declined to lead an audit of a department in which his nephew is the manager.

답을 확인하기

정답:
Explanation:
Reference to the IIA Code of Ethics - Confidentiality:
The principle of confidentiality requires internal auditors to respect and protect the value of information obtained during the course of their work and to avoid using it for personal gain.
Reasoning:
Option A is correct because refusing to use audit information for personal financial gain directly aligns with the principle of confidentiality.
Option B relates to competency and professional judgment, not confidentiality.
Option C pertains to avoiding conflicts of interest, which is an example of the principle of objectivity.
Application of Confidentiality:
Internal auditors must safeguard sensitive information and use it solely for legitimate audit purposes.

Question No : 4

Which of the following statements is appropriate to include in a high-quality internal audit engagement communication?

• A.The internal audit team conducted a review of the financial reporting process prior to year-end. The overall findings have been provided for management’s consideration prior to the completion of the organization’s annual external financial audit.
• B.The internal audit team noted numerous weaknesses in the organization’s internal controls over financial reporting. The team recommends that management determine the root cause of the weaknesses.
• C.The internal audit team conducted an engagement under the assumption that significant control weaknesses were likely. The purpose of the review was to uncover those weaknesses.

답을 확인하기

정답:
Explanation:
Reference to IIA Standards:
Standard 2420 - Quality of Communications: Reports should be accurate, objective, clear, concise, constructive, and complete.
Findings must be presented factually and free from assumptions or bias.
Reasoning:
Option A is correct because it presents the purpose, timing, and findings in a clear and professional manner, allowing management to take informed action.
Option B lacks balance and shifts responsibility for identifying root causes to management without actionable recommendations.
Option C includes a biased assumption, undermining the report’s objectivity and professionalism.
Impact of Quality Communication:
High-quality communications support decision-making by presenting findings and recommendations constructively.

Question No : 5

Which of the following conditions would threaten an internal auditor's objectivity?

• A.Providing assurance services over the activity where the internal auditor was employed 10 months prior.
• B.Using knowledge that the internal auditor gained in his previous position to update systems and controls descriptions.
• C.Providing consulting services over the activity where the internal auditor was employed two years prior.

답을 확인하기

정답:
Explanation:
Reference to IIA Standards:
Standard 1120 - Individual Objectivity: Internal auditors should avoid situations that impair their ability to provide unbiased assurance.
Practice Advisory 1130.A1-1: Objectivity is impaired if auditors audit activities they previously managed within the last 12 months.
Reasoning:
Option A is correct because the auditor’s recent role in the audited area creates a conflict of interest and threatens objectivity.
Option B does not impair objectivity; leveraging prior knowledge is permissible if applied objectively.
Option C (consulting services two years prior) does not impair objectivity due to the elapsed time.
Mitigating Actions:
Auditors with recent involvement in an audited area should disclose the conflict and be reassigned to preserve objectivity.

Question No : 6

Which of the following best explains why internal auditors should identify risk scenarios during a risk assessment of the area being audited?

• A.To determine what would prevent the achievement of objectives in the area being audited.
• B.To determine whether established controls are operating effectively to mitigate critical risks.
• C.To evaluate the adequacy of management's risk management process in the area being audited.

답을 확인하기

정답:
Explanation:
Reference to IIA Standards:
Standard 2120 - Risk Management: Internal audit must assess and evaluate the risk management processes of the organization.
Identifying risk scenarios supports engagement objectives by determining vulnerabilities and threats to process objectives.
Reasoning:
Option A is correct because risk scenarios provide insights into potential events or conditions that could hinder achieving objectives. This allows auditors to assess risk exposure and evaluate controls effectively.
Option B (control effectiveness) is a subsequent step in the audit process but does not explain the need for identifying risk scenarios.
Option C focuses on evaluating management’s process, which is broader than identifying specific risks for the engagement.
Practical Application:
Risk scenarios guide auditors in tailoring their approach to address areas of greatest vulnerability.

Question No : 7

Which of the following best describes the difference between inherent risk and residual risk?

• A.Inherent risk is the level of risk before the risk assessment process, residual risk is the level of risk remaining after completing the risk assessment process.
• B.Inherent risk is the level of risk the organization is willing to accept, residual risk is the level of risk deemed unacceptable by the organization.
• C.Inherent risk is the level of risk in the absence of any targeted actions or controls to alter its severity, residual risk is the risk remaining after implementing corrective actions.

답을 확인하기

정답:
Explanation:
Definitions from Risk Management Frameworks (e.g., COSO ERM):
Inherent Risk: The raw or natural level of risk before any controls or mitigating actions are applied. Residual Risk: The remaining level of risk after implementing controls or risk responses. Reasoning:
Option C is correct because it captures the essence of inherent risk as the baseline risk level and residual risk as the mitigated level after control actions.
Option A inaccurately states that residual risk is tied to the completion of a risk assessment process instead of mitigation actions.
Option B confuses inherent risk with risk appetite, which reflects the organization’s tolerance for risk.
Significance of Differentiation:
Understanding both risk levels helps prioritize resources for managing critical risks and improving controls.

Question No : 8

A member of the internal audit team worked eight months ago in an area of the organization that she is now being tasked with auditing.
Which of the following would most likely be impacted by her participation in the audit?

• A.Integrity
• B.Objectivity
• C.Competency

답을 확인하기

정답:
Explanation:
Reference to IIA Standards:
Standard 1120 - Individual Objectivity: Internal auditors must perform engagements with honesty and without any bias.
Serving in an operational or management role in the area being audited within the past year can impair objectivity, as the auditor may unconsciously favor or critique processes they were involved in developing or managing.
Reasoning:
Option B is correct because recent involvement in the audited area could compromise objectivity, leading to potential conflicts of interest or biased assessments.
Option A (integrity) is less likely impacted, as integrity relates to adherence to ethical principles and honesty.
Option C (competency) is not affected, as the individual’s skills and knowledge remain intact regardless of the recency of their involvement.
Mitigating Actions:
The chief audit executive (CAE) should evaluate and address potential impairments to objectivity, possibly assigning the auditor to a different engagement.

Question No : 9

During an assurance engagement of an organization's procurement process, an internal auditor obtained the policy that specified the authorized dollar limits for invoices. This document would best support which of the following attributes of an audit report?

• A.Effect
• B.Condition
• C.Criteria

답을 확인하기

정답:
Explanation:
Reference to Audit Report Elements:
Criteria: The benchmark or standard used for comparison during the audit (e.g., policies, regulations, contracts).
Condition: The factual observation or evidence identified during the audit. Effect: The impact or consequence of the condition on the organization. Reasoning:
Option C is correct because the procurement policy specifies authorized limits, serving as the standard (criteria) against which compliance is assessed.
Option B (condition) refers to the actual state of observed controls, processes, or compliance, not the benchmark.
Option A (effect) describes the potential or realized impact of non-compliance but not the standard itself.
Importance of Criteria:
Criteria provide a clear benchmark, ensuring that findings are communicated with context and
actionable insights.

Question No : 10

Operational management has asked the internal auditor for recommendations regarding an ineffective process. According to IIA guidance, which of the following would be the auditor's most appropriate response?

• A.Refrain from providing recommendations to preserve audit independence.
• B.Agree to offer recommendations based on observations and conclusions.
• C.Explain that only management should recommend and implement the corrective action.

답을 확인하기

정답:
Explanation:
Reference to IIA Standards:
Standard 2410 - Criteria for Communicating: Recommendations should be provided where appropriate to address identified issues and improve processes.
Standard 1100 - Independence and Objectivity: Providing recommendations does not impair independence as long as the auditor does not implement them.
Reasoning:
Option B is correct because providing recommendations based on objective observations is part of an internal auditor's role in adding value and improving operations.
Option A unnecessarily avoids recommendations, misinterpreting independence requirements.
Option C incorrectly suggests that the auditor cannot provide input; while management owns the implementation, the auditor’s recommendations can guide effective solutions.
Adding Value Through Recommendations:
Recommendations are a critical output of the audit process, guiding management to address inefficiencies and improve operations.

Question No : 11

Which of the following best demonstrates that appropriate and sufficient resources were allocated to an audit engagement to achieve its objectives?

• A.Staff skills audit.
• B.Approved engagement work program.
• C.Post-engagement survey of management of the audited area.

답을 확인하기

정답:
Explanation:
Reference to IIA Standards:
Standard 2200 - Engagement Planning: The engagement work program outlines the resources, timelines, and procedures necessary to achieve the engagement’s objectives.
The work program must be approved to ensure alignment with objectives and resource requirements.
Reasoning:
Option B is correct because an approved engagement work program confirms that the scope, procedures, and resources were planned and allocated effectively.
Option A (staff skills audit) evaluates team competencies but does not confirm specific resource allocation for an engagement.
Option C (post-engagement survey) evaluates the outcome of the audit but does not provide evidence of initial resource planning.
Significance of the Work Program:
The work program ensures that the engagement is structured to meet objectives efficiently, with adequate and relevant resources.

Question No : 12

Which of the following is an example of criteria in an engagement communication?

• A.Annual business conduct training was not performed over the past two years due to inadequate operating budgets.
• B.The audit test was designed to evaluate compliance with the organization's policies and procedures related to business conduct and ethics.
• C.As a result of inadequate business conduct training, 16% of the executive team was unaware of their obligation to report potential conflicts of interest.

답을 확인하기

정답:
Explanation:
Reference to Criteria:
Definition: Criteria are the standards, policies, or benchmarks used to evaluate the subject matter during an audit.
IIA Standard 2410 - Criteria for Communicating: Audit reports should clearly state criteria to ensure findings are relevant and actionable.
Reasoning:
Option B is correct because it references the organization’s policies and procedures, which serve as the criteria for evaluating compliance.
Option A describes the condition (what was observed), not the criteria. Option C describes the effect (the impact of the observed condition). Importance of Criteria in Audit Reporting:
Including criteria provides a basis for comparison, helping stakeholders understand why a finding is significant and how it deviates from expectations.

Question No : 13

An internal auditor is performing an internal control assessment at a manufacturing company. The auditor observed that the accounts payable clerks have the ability to create new vendors without management's review and approval.
How should the auditor document this observation?

• A.The observation doesn't affect the adequacy of the internal controls because the existing process controls ensure that invoices are promptly and accurately paid.
• B.The observation is an internal control weakness; therefore, additional testing should be performed to determine whether secondary mitigating controls exist or whether the control should be redesigned.
• C.The observation is a sign of adequate internal controls; however, effectiveness testing should be performed to ensure that the controls are operating as designed and intended.

답을 확인하기

정답:
Explanation:
Reference to Internal Control Assessment:
Standard 2130 - Control: Internal auditors must evaluate the adequacy and effectiveness of controls in mitigating risks.
COSO Framework: Proper segregation of duties is essential for preventing unauthorized transactions and fraud.
Reasoning:
Option B is correct because the lack of management review and approval for creating vendors indicates a control weakness, as it creates opportunities for unauthorized vendors or fraud. The auditor should investigate whether mitigating controls exist (e.g., periodic review of vendor lists) or recommend redesigning the process to include managerial oversight.
Option A dismisses the observation without considering its impact on control adequacy. Prompt payment alone does not address risks related to unauthorized vendors.
Option C incorrectly assumes the observation reflects adequate controls, which is not the case given the lack of management approval.
Actionable Next Steps:
Document the observation as a control deficiency.
Perform additional testing to identify whether compensating controls mitigate the risk or recommend enhancements to strengthen controls.

Question No : 14

Which of the following is an important consideration when providing quality audit communications?

• A.Include as much detail as possible.
• B.Provide a fair and balanced assessment.
• C.Demonstrate knowledge by using technical language.

답을 확인하기

정답:
Explanation:
Reference to IIA Standards:
Standard 2420 - Quality of Communications: Audit communications must be accurate, objective, clear, concise, constructive, complete, and timely.
A fair and balanced assessment ensures objectivity and builds credibility.
Reasoning:
Option B is correct because fair and balanced reporting reflects both positive and negative findings, maintaining the credibility and usefulness of the audit report.
Option A (including as much detail as possible) risks overwhelming the audience and detracting from key messages.
Option C (using technical language) can reduce clarity and accessibility for non-technical stakeholders.
Importance of Balanced Reporting:
Objective and balanced communications ensure that the audit report is actionable and supports informed decision-making by management and the board.

Question No : 15

During engagement planning, which of the following would provide an internal auditor with a sufficient understanding of the process being audited?

• A.The mission, vision, and strategic objectives of the organization.
• B.Management's opinion on the thoroughness of a previous internal audit of the same process.
• C.The objectives and risk management of the process.

답을 확인하기

정답:
Explanation:
Reference to IIA Standards:
Standard 2200 - Engagement Planning: Internal auditors must develop a plan that considers the objectives, risks, and controls of the area being audited.
Standard 2210 - Engagement Objectives: The objectives of the engagement must be aligned with the organization's processes and risk management practices.
Reasoning:
Option C is correct because understanding the process's objectives and associated risks allows the auditor to design procedures to assess how well risks are managed and objectives are achieved.
Option A (mission, vision, and strategic objectives) provides organizational context but does not give detailed insights into the specific process.
Option B (management's opinion) is subjective and insufficient for developing a comprehensive understanding of the process.
Effective Engagement Planning:
Focus on process-specific objectives, risks, and controls ensures a targeted and effective audit, contributing to meaningful outcomes.