IIA Updated IIA-CIA-Part2 Exam Questions and Answers by dilan

The IIA's International Standards for the Professional Practice of Internal Auditing (Standards) provide guidance on the reporting requirements of the quality assurance and improvement program. According to Standard 1320, "The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board." This communication must include the results of both internal and external assessments and ongoing monitoring. Specifically, the results of ongoing monitoring of the internal audit activity’s performance should be reported to senior management and the board at least annually. This ensures that the internal audit activity maintains its proficiency, enhances its effectiveness, and complies with the Standards.

When the internal audit activity lacks the necessary IT expertise to review the information security function, the chief audit executive (CAE) should contract an external service provider with the required experience. This ensures that the audit is conducted effectively and in accordance with the Standards, which require internal auditors to have or acquire the necessary skills to perform their work.

IIA References:

IIA Standard 1210: Proficiency requires internal auditors to possess the knowledge, skills, and other competencies needed to perform their responsibilities. When the necessary expertise is not available within the internal audit activity, the CAE must obtain competent advice and assistance by either contracting external experts or outsourcing the audit.

The Practice Guide on Engaging External Service Providers suggests that when specialized skills are required, engaging an external service provider is a practical solution to ensure the audit's quality and effectiveness.

Introduction:

The chief audit executive (CAE) has a crucial role in reporting to the board on various aspects of the internal audit activity (IAA).

Importance of Reporting:

Periodic reports from the CAE to the board are essential for ensuring transparency and providing oversight on the IAA's performance and alignment with organizational objectives.

Options Analysis:

Option A: A complete, accurate, and comprehensive account of engagement observations and recommendations is generally part of the audit reports but not typically the subject of periodic reports from the CAE to the board.

Option B: Oversight of the coordination between the internal audit activity and independent outside auditors is important but does not comprehensively cover the CAE's reporting responsibilities.

Option C: The internal audit activity's purpose, authority, responsibility, and performance relative to plan encompass the core aspects of the IAA’s alignment with organizational goals, effectiveness, and efficiency, making it the most comprehensive subject of periodic reports.

Option D: Management's assertions regarding the system of internal controls are often part of audit findings but not the primary subject of CAE reports to the board.

Conclusion:

The CAE’s periodic reports to the board should cover the IAA’s purpose, authority, responsibility, and performance relative to the plan, ensuring that the board is well-informed about the internal audit's alignment with the organization’s objectives and its overall performance.

Institute of Internal Auditors (IIA) Standard 2060: Reporting to Senior Management and the Board.

If an organization pays one of its liabilities twice, its assets (cash) would be reduced more than necessary. This results in an understatement of net income and owners’ equity because the additional payment is an expense that should not have been recorded. Liabilities would be overstated because the duplicate payment does not reduce the liability correctly.