Free IIA-ACCA IIA Updates

Page: 4 / 22

Question 16

Faced with a complex, highly technical construction audit engagement, the chief audit executive (CAE) considered complementing the current internal audit resources by engaging the services of a civil engineer.

Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?

1. Professional certification, license, or other recognition of the engineer's competence in the relevant discipline.

2. Experience of the engineer in the type of work being considered.

3. Compensation or other incentives that the engineer may receive.

4. The extent of other ongoing services that the engineer may be performing for the organization.

Options:

1 and 4 only

2 and 3 only

3 and 4 only

1, 2, and 4 only

Question 17

Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?

Options:

If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.

Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is C. required to conduct privacy assessments.

The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.

The internal audit activity should have appropriate knowledge and competence to conduct an asses .......framework.

Question 18

According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?

Options:

Assessing the risk factors.

Aligning risk appetite and strategy.

Enhancing risk response decisions.

Reducing operational surprises and losses.

Question 19

According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor's need for objectivity?

Options:

An internal auditor assessed the effectiveness of controls over payroll software, which he had helped implement with a previous employer.

An internal auditor participated in an audit of controls around absenteeism, despite providing some consultation on controls in this area earlier in the year.

An internal auditor performed an assurance engagement for the effectiveness of accounts payable access controls, one of which he previously helped to design.

An internal auditor, previously employed in the quality assurance operations area, performed a consulting engagement for the operations manager.

Page: 4 / 22