CIA IIA-CIA-Part2 Reddit Questions

An audit finding should include the standard(s) used by the auditor to make the evaluation (2) and the factual evidence found during the examination (4). These components provide the basis for the auditor's conclusions and ensure that the findings are well-supported and objective. The scope of the audit (1) and the engagement's objectives (3) are typically included in the overall audit report but are not components of individual audit findings.

When an internal auditor finds that there are no written policies regarding the treatment of suspense accounts, the most appropriate first response is to inquire with management about any undocumented policies or procedures that may be in place. This approach helps the auditor understand the existing practices and assess their adequacy. Jumping to conclusions without this understanding could lead to inaccurate audit findings. Ensuring that the auditor comprehensively understands all relevant practices is crucial before evaluating their effectiveness or making recommendations.References:

IIA Standard 2210: Engagement Objectives

IIA Practice Guide: Auditing the Management of Internal Controls

Establishing credibility, trust, and rapport is critical to the success of an effective interview. When interviewees trust the auditor and feel comfortable, they are more likely to provide honest and useful information. Building rapport also helps in reducing resistance and ensuring a smooth flow of communication during the interview.

IIA References:

IIA Standard 2420: Quality of Communications emphasizes the importance of clear, accurate, and constructive communication. Establishing trust and rapport during interviews contributes to the quality of information gathered, which in turn enhances the overall quality of audit communications.

The Practice Guide on Effective Interviewing Techniques discusses the importance of building rapport and trust to encourage openness and candidness from interviewees.

The data extracted by the internal auditor includes human resources data with employment conditions, payroll data, and entrance logs. With this information, the auditor can identify employees who are getting paid even though their employment has expired. By comparing the employment conditions and expiration dates in the HR data with the payroll data, the auditor can detect discrepancies where individuals continue to receive payments beyond their employment period. Entrance logs can help corroborate these findings by showing the lack of physical presence of these employees, further supporting the identification of ghost employees who no longer work for the organization but still appear on the payroll.

References:

IIA Practice Guide: "Auditing Employee Benefits"

COSO Internal Control – Integrated Framework