IIA Updated IIA-CIA-Part3 Exam Questions and Answers by zuzanna

The CAE’s role is to provide assurance that risks are identified and managed appropriately. When residual risk appears to exceed the organization’s tolerance, the CAE should first communicate the matter with senior management to discuss the issue and understand management’s acceptance of risk. Only if the risk remains unresolved should it be escalated to the board.

Option A is management’s responsibility, not internal audit’s. Option B is incomplete as evidence alone does not fulfill the communication requirement. Option C is premature because immediate escalation to the board skips management dialogue.

According to IIA Standards, engagement communications must be complete, objective, and balanced. When disagreements arise, the auditor should present both the audit team’s findings and management’s perspective so senior management and the board can make informed decisions.

Option A is excessive; raw correspondence is not necessary. Option C omits management’s opinion, reducing objectivity. Option D limits reporting to agreed items only, which would conceal significant unresolved issues.

When internal audit identifies a serious issue, the CAE must first discuss the matter with management to confirm facts and obtain explanations. If the issue remains unresolved or poses unacceptable risk, it is then escalated to senior management, the board, and regulators as required. Direct reporting to regulators (Option C) or the audit committee (Option D) without first engaging management bypasses proper escalation. Option A (ongoing monitoring) delays action on a compliance breach.

Understanding Management by Objectives (MBO):

MBO is a performance management approach where employees and managers set specific, measurable goals together.

The main purpose of MBO is to align individual objectives with organizational goals, enhancing motivation and engagement.

Why Option C (Helps Keep Employees Motivated) Is Correct?

Employee motivation improves when individuals understand how their efforts contribute to the organization’s success.

Setting clear objectives and allowing employees to participate in goal-setting increases job satisfaction and engagement.

IIA Standard 2120 – Risk Management supports frameworks like MBO that contribute to organizational performance and employee effectiveness.

Why Other Options Are Incorrect?

Option A (Most helpful in organizations with rapid changes):

MBO is less effective in rapidly changing environments because it relies on long-term goal setting.

Option B (Best in mechanistic organizations with rigid tasks):

MBO works better in adaptive, flexible organizations, not those with rigid structures.

Option D (Distinguishes strategic from operational goals):

MBO focuses on individual and team goals, not distinguishing strategic vs. operational goals.

MBO enhances employee motivation by involving them in goal-setting and performance tracking.

IIA Standard 2120 supports employee engagement strategies for better performance management.

Final Justification:IIA References:

IPPF Standard 2120 – Risk Management (Employee Engagement & Performance Management)

COSO ERM – Performance Measurement & Goal Alignment