IIA Updated IIA-CIA-Part2 Exam Questions and Answers by ziggy

 Conducting a documented skills assessment helps in identifying the existing competencies and any gaps within the internal audit team.

 Post-audit surveys can provide feedback on the performance and areas for improvement, which can be used to further refine the skills and competencies of the audit staff (Ref: [16†source])

Comprehensive and Detailed Explanation:

The most significant concern is the replacement of auditor judgment with AI outputs (C). Per the Global Internal Audit Standards, auditors must exercise professional judgment in planning, evaluating evidence, and forming conclusions. While AI can enhance efficiency and flag anomalies, final risk assessments must remain the responsibility of auditors. Option A (variations in answers) and Option D (acceptance issues) are secondary operational risks. Option B is incorrect — generative AI can interpret free-text responses, though with limitations. The core issue is ensuring that AI supports, but does not replace, human professional judgment. Therefore, the correct answer is Option C.

 Authority Source: The internal audit charter is a formal document that defines the internal audit activity's purpose, authority, and responsibility. It grants internal auditors the right to access all records, personnel, and physical properties relevant to the performance of engagements.

 Facilities Maintenance Reports: When an engagement supervisor contacts a third-party contractor for maintenance reports, the authority is derived from the internal audit charter, which ensures auditors have the necessary access to perform their duties.

 Importance of the Charter: This ensures the independence and objectivity of the internal audit activity, providing a clear mandate for auditors to obtain information from external parties as needed.

According to IIA guidance, internal auditors are typically required to conduct a preliminary risk assessment when planning an assurance engagement to identify key areas of focus. However, for consulting engagements, the need for a preliminary risk assessment is not as stringent, as these engagements are often more flexible and driven by the specific needs of the client. Consulting engagements may not follow the same structured approach as assurance engagements, and the scope may evolve based on the client's requirements.

IIA References:

IIA Standard 2201: Planning Considerations requires internal auditors to consider significant risks when planning engagements. However, this standard is more rigidly applied to assurance engagements.

The Practice Advisory 2201-2: Consulting Engagements notes that consulting engagements might not require the same level of preliminary risk assessment, depending on the nature of the engagement and the needs of the client.