IIA IIA-CRMA Certification in Risk Management Assurance (CRMA) Exam Exam Practice Test

Continuing professional education can be obtained through IAA involvement in research projects.

Employers are responsible for ensuring that the continuing professional education needs of the IAA are met.

Completion of self-study courses fulfills IAA continuing professional education requirements.

Specialized education that meets unique organizational needs cannot qualify as IAA professional development.

Analytical review.

Inquiry.

Document verification.

Observation.

Purchasing department.

Compliance department.

Credit department.

Internal audit department.

Demonstrated compliance with procedures.

Due professional care.

Engagement supervision.

Employment of tools and techniques.

Risks in IT processes are best mitigated by individual controls.

The overall focus of the framework is on significant controls in all critical IT applications.

IT risks and related controls are operational and best identified using a bottom-up approach.

Control process risks are found at multiple layers of the IT environment.

The CFO determines the scope of internal audit work in the accounting department.

The CFO manages the accounting of the budget for the internal audit function.

The CFO administers the annual evaluation process for the internal auditors.

The CFO provides feedback on the CAE's audit reports.

Report the deviations immediately to the audit committee.

Gather additional information to determine the cause of the deviations.

Conclude that the budget was unreasonably set and accept the deviations.

Perform alternative forms of analytical procedures which provide no deviations.

Recommend management seek a consulting firm to advise on outsourcing.

Highlight matters that require management's attention.

Implement solutions for specific organizational problems.

Accumulate data, obtain varying views, and report information to senior management.

The internal auditor reviews the physical access to merchandise during an inventory count.

The audit manager conducts an internal quality assessment of the internal audit activity’s adherence to the Standards.

The audit manager refrains from assigning an auditor who was a former payroll clerk to conduct a payroll audit.

The board approves the annual performance evaluation of the chief audit executive.

To depict the areas of responsibility for departments in an organization.

To plan and control complex projects, such as internal audits.

To represent the frequencies of adverse conditions in a given process.

To identify the possible causes of adverse conditions.

Which sampling methodology to select for testing.

Which fields to examine on each invoice.

Whether an individual expenditure is allowable.

What level of noncompliance is acceptable.

Strategic objectives.

Operational objectives.

Reporting objectives.

Compliance objectives.

A Bedford analysis of orders filled to average delivery times.

Decision trees rating actual performance against requirements.

Queuing theory to assess potential bottlenecks in the process.

A program evaluation and review technique chart.

The government's independent auditor.

The external auditors from an accounting firm.

The internal audit activity.

The agency's chief compliance officer.

Three months.

Six months.

One year.

Two years.

A library control log.

A review of exception reports.

A password lock on a server.

A software scan of financial records for irregularities.

Obtain specific answers and maximize efficiency.

Gather factual data on several different topics.

Determine agreement or disagreement with a stated viewpoint.

Obtain information based on the person's own perspective.

Corrective control.

Preventive control.

Detective control.

Directive control.

A log from the last year that includes dates of travel, conference titles, and conference objectives, all of which correspond with employee names and costs per trip.

A log that includes titles of conferences that all employees were invited to attend in the last year, along with the dates of those conferences and average costs per traveler.

A log of conferences titles, dates of travel for each employee, and a detailed summary of conference objectives and how they relate to the organization's mission needs.

A log of employee travel requests, which include the title of each conference, the conference objectives, anticipated dates of travel, and estimated costs.

1 and 2 only

3 and 4 only

1, 3, and 4 only

2, 3, and 4 only

All risks have been identified and mitigated.

Risks have been accurately analyzed and evaluated.

All controls are both adequate and efficient.

The board is appropriately addressing intolerable risks.

Ethics should vary with local customs in the organization's foreign operations.

Whistleblowing should be discouraged because it can cause distrust among employees.

Ethical behavior should be incorporated into performance evaluations.

Senior management should be granted specific exemptions to the code of ethics.

When planning assurance and consulting engagements, internal auditors must consider the strategies and objectives of the activity being reviewed.

Internal auditors determine the engagement objectives, scope, and work program for both assurance and consulting services.

Internal auditors must not provide assurance or consulting services for an activity for which they had responsibility within the previous year.

Both assurance and consulting services generally involve the internal auditor, the area under review, senior management, and the board.

The auditor should accept the calculations generated by the function, as any further work or documentation would be inefficient.

The auditor should perform a manual recalculation of several results to validate and document the results.

The auditor should review the programming of the macro before its use to ensure that it is appropriate for the required calculations.

The auditor should tabulate the results in the spreadsheet to ensure the macro has generated the correct results for all calculations.

The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.

The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.

The assigned internal auditor must not assume management responsibilities while performing the engagement.

The assigned internal auditor must maintain objectivity while performing the engagement.

Segregation of duties.

Exception reports.

Incentive compensation plans.

Automated reconciliations.

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

Not allow the audit manager to hire the contractor, as it would be a conflict of interest.

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

The amount of risk that an organization is willing to seek or accept.

The extent and degree of interdependency for identified key risks.

The boundaries established to manage the amount of risk taken.

The exposure to risks following management's risk responses.

Imposing risk management processes.

Providing consolidated reporting on risks.

Taking accountability for risk management.

Making decisions on risk responses.

Higher inventory turnover.

Higher operating margin.

Lower obsolete stock disposal.

Lower sales volume.

Act as an adviser to the committee responsible for reviewing violations of the code.

Review and adjudicate all violations of the code of conduct.

Lead the committee responsible for the oversight of the code.

Implement a system of procedures to inform all employees of the code.

Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related.

Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization's operations.

Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board.

Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer.

Consumers.

Activists.

Suppliers.

Investors.

Human resources personnel add employees, and payroll personnel process hours and enter employee bank account numbers. Paychecks are automatically deposited in the employee's bank account.

Human resources personnel add employees, payroll personnel process hours, and human resources personnel deliver paychecks to employees.

Human resources personnel add employees, review and submit payroll hours to the payroll department for processing, and deliver paychecks to employees.

Human resources personnel add employees and enter employee bank information. Payroll personnel process hours, and paychecks are automatically deposited in the employee's bank account.

1 and 2.

1 and 4.

2 and 3.

2 and 4.

The bottom of the pyramid responsibility.

Innovative responsibility.

Ethical responsibility.

Discretionary responsibility.

The training courses necessary to enhance the internal auditor's knowledge, skills, and other competencies.

The appropriateness of assurance procedures necessary to ensure all significant risks will be identified.

The use of innovative technology and data analysis techniques.

The extent of work needed to achieve the engagement’s objectives.

Maintaining custody of inventory records.

Collecting payments on accounts.

Approving changes to employee records.

Preparing customer statements.

Their understanding of auditing standards.

Previous experience working with the internal audit activity.

Their reporting line within the organization.

The nature of their regular duties and responsibilities.

The external auditor may make full use of the work, as the audit charter is very specific as to the work the internal audit activity may undertake.

The external auditor may use the work, as the board has approved the charter, thus taking responsibility for any deficiencies.

The external auditor must disregard the work, as the scope of the charter may introduce bias and result in a lack of due professional care.

The external auditor may use the work with caution, due to the internal audit activity's scope and responsibility restrictions.

Postpone the audit until the CAE hires internal audit staff with the required knowledge.

Ask the audit committee to decide the course of action.

Select the most experienced auditors in the department to perform the engagement.

Hire consultants who possess the required knowledge to perform the engagement.

Pressure or incentive.

Opportunity.

Rationalization.

Commitment.