Integration + Objectivity for Internal Auditors
CIA Part 1 – 2025 New Syllabus: Domain I – Foundations of Internal Auditing
Topic: Integration + Objectivity for Internal Auditors
*Standard Ref*: IIA Global Internal Audit Standards 2024 – Principle 2: Integrity, Objectivity, and Due Professional Care; Standard 2.1 Integrity, 2.2 Objectivity; Domain III Standard 9.1 Understanding Governance, Risk, Control
*CASE-BASED MCQ:
*Case:*
You are an internal auditor at TechNova Inc. You previously worked in the Accounts Payable department for 3 years and transferred to Internal Audit 6 months ago.
The Chief Audit Executive assigns you to lead an assurance engagement of the “Procure-to-Pay” process, which includes AP controls you helped design and implement 1 year ago.
During planning, management asks you to also “co-source” with the AP team to redesign a new vendor onboarding workflow because of your prior expertise. The new workflow will go live next quarter and will be part of your audit scope.
*Q1. What is the MOST appropriate action to maintain objectivity under the 2025 Global Internal Audit Standards?*
A. Accept both roles because your AP expertise will increase audit quality and integration.
B. Accept the audit assignment but disclose prior involvement and decline the redesign role to avoid impairment.
C. Decline the audit assignment due to impairment, but you may perform the redesign since it’s consulting.
D. Accept both roles if CAE approves and you document safeguards in workpapers.
Answer:
*CASE 2:
*Case:*
Internal Audit is asked to join the “Digital Transformation Steering Committee” as a voting member. The committee makes decisions on system selection and project funding. The CAE believes this will help integrate audit with strategy and provide real-time risk input.
*Q2. Under CIA Part 1 2025 syllabus, what should the CAE do to maintain objectivity while achieving integration?*
A. Accept voting membership because audit must be integrated with strategy.
B. Decline all participation to preserve independence.
C. Accept as non-voting advisor/observer to provide risk insight without decision-making authority.
D. Accept voting if audit discloses it in the audit report.
Answer:
*KEY CIA PART 1 2025 CONCEPTS TESTED*
**Concept** **Rule – New Standards** **Impairment Trigger**
**Objectivity** Std 2.2: Must be impartial, unbiased Auditing own work within 1 year
**Integration** Audit understands business, provides insight Assuming mgmt decision-making
**Safeguards** Disclosure, reassignment, supervision Cannot cure auditing own work <1yr
**Consulting vs Assurance** Can consult if no mgmt responsibility Performing design + later audit = impairment
**Cooling-off Period** 1 year for prior operational roles Less than 1 year = must decline/assign other
*EXAM TIP: “Integration vs Independence” Questions*
CIA Part 1 2025 loves this distinction:
1. *Integration = Good*: Know the business, advise, be proactive.
2. *Independence/Objectivity = Required*: Don’t decide, don’t implement, don’t audit own work.
3. *Red flag words*: “voting member”, “design”, “implement”, “approve”, “auditing own area <1 year” = impairment.
4. *Correct answer*: Usually “advise/observer” or “disclose + reassign”.
www.gmsisuccess.in
*CIA Part 1 – 2025 New Syllabus*
*Domain I: Foundations of Internal Auditing*
*Topic*: Ethics & Professionalism – IIA Global Internal Audit Standards 2024
*Key Standards*: Principle 2 – Integrity, Objectivity, Due Professional Care; Std 1.2 Code of Ethics; Std 2.1 Integrity; Std 2.2 Objectivity; Std 2.3 Due Professional Care
---
*CASE-BASED MCQ 1:
*Case:*
Internal Auditor Maya is assigned to audit the Travel & Entertainment expenses of the Marketing Department. During planning, she discovers that her brother-in-law is the Marketing Director who approves all T&E claims. Maya and her brother-in-law are very close and meet socially every weekend.
Maya did not disclose this relationship to the CAE because she believes she can remain unbiased. During fieldwork, she finds several T&E claims lacking receipts, but all are approved by her brother-in-law. She decides to exclude those items from her sample “to avoid awkwardness.”
*Q1. Which principle of the IIA Code of Ethics has Maya MOST clearly violated?*
A. Competency – because she lacks T&E audit skills
B. Confidentiality – because she discussed with brother-in-law
C. Integrity – because she failed to disclose conflict and altered work
D. Objectivity – because she excluded findings due to personal relationship
*Answer
Q2
*Case:*
Carlos, a CIA, is asked to lead an audit of the company’s new AI-driven credit scoring model. Carlos has 10 years of operational audit experience but has never audited AI/algorithms and has no training in data science.
The CAE says, “You’re smart, just read a few articles and do your best.” Carlos accepts, performs limited testing by checking 5 loans manually, and concludes “controls are adequate” without understanding the model logic.
Six months later, regulators fine the company because the AI model had discriminatory bias that Carlos did not identify.
*Q2. Which aspect of Due Professional Care did Carlos fail to exercise?*
A. He failed to maintain confidentiality of AI model
B. He failed to obtain necessary competencies before accepting the engagement
C. He failed to report to the board
D. He failed to use technology in the audit
*Answer:
*CASE-BASED MCQ 3:
*Case:*
During an audit of Vendor Management, the procurement team invites Internal Auditor Priya to their annual vendor conference at a 5-star resort. The vendor pays for Priya’s hotel, meals, and golf. The CAE policy allows gifts <$100, but this package is worth $1,200.
Priya attends because “it’s a good networking opportunity to understand vendor risks.” She does not disclose to CAE. In her audit report, she rates Vendor Management as “Effective” despite finding weak vendor due diligence.
*Q3. Which ethical principles has Priya violated?*
A. Objectivity only
B. Integrity and Objectivity
C. Confidentiality and Competency
D. No violation if policy allows networking
*Answer:
*KEY ETHICS CONCEPTS – CIA 2025 SYLLABUS*
**Principle** **2025 Standard** **Red Flags in Cases** **Required Action**
**Integrity** 2.1 – Honest, diligent, responsible Hide facts, alter scope, false report Disclose all material facts; report truthfully
**Objectivity** 2.2 – Impartial, no conflict Family/financial/personal interest, gifts Disclose conflict; CAE reassign if impaired
**Confidentiality** 1.2 – No unauthorized disclosure Share audit info externally Get approval; use info only for work
**Competency** 2.3 – Due Prof Care: possess skills Accept engagement without expertise Decline or obtain expert/co-source
**Professionalism** Domain I – Acts creditable to profession Gifts, inappropriate behavior Follow policy; avoid disrepute
---
*CIA EXAM TRAP – 2025*
New syllabus tests “integration of ethics with action”. Watch for:
1. *“Did not disclose”* = Integrity violation, even if no bias proven.
2. *“Accept work without skills”* = Due Professional Care failure.
3. *“Gifts/networking”* = Test if > nominal value or policy.
4. *Best answer* usually = “Disclose to CAE
*CIA Part 1 – 2025 New Syllabus*
*Domain I: Foundations of Internal Auditing + Domain III: Governance, Risk & Control*
*Integrated Topic*: Ethics & Professionalism + Corporate Governance + Fraud Risk
*Standards Ref*: IIA Global Standards 2024 – Principle 1 Ethics, Principle 2 Integrity/Objectivity, Std 9.1 Governance, Std 9.2 Risk Management, Std 9.3 Fraud
---
*CASE-BASED MCQ: ETHICS + GOVERNANCE + FRAUD RISK*
*Case:*
You are a Senior Internal Auditor at Apex Manufacturing. During the annual audit plan presentation to the Audit Committee, the CEO privately asks you to “go easy” on the upcoming audit of Executive Compensation because “the board is sensitive about this right now and we need to maintain investor confidence.”
The CEO also mentions that the CAE’s bonus is tied to “positive assurance reports with no major findings.” You learn that last year, the CAE removed a significant finding about excessive CEO perquisites after CEO pressure, and the final report to the Audit Committee showed “Satisfactory” rating.
Current facts:
1. *Governance Issue*: Audit Committee meets only twice per year and relies entirely on CAE summaries; they do not receive raw audit reports.
2. *Fraud Risk Indicator*: Executive expense reimbursements have no independent review; CEO self-approves.
3. *Ethics Issue*: CAE has not disclosed the bonus structure to Audit Committee.
*Q1. What is the MOST significant violation of corporate governance under the IIA Standards?*
A. CEO speaking directly to internal auditor
B. Audit Committee meeting only twice per year
C. Lack of direct reporting/access of CAE to Audit Committee and impaired independence
D. Internal audit not auditing fraud risk
*Answer:
*Q2. Which ethical principle has the CAE MOST directly violated by removing the finding after CEO pressure?*
A. Competency
B. Confidentiality
C. Integrity
D. Due Professional Care
*Answer:
*Q3. Which fraud risk factor from the “Fraud Triangle” is MOST evident in the Executive Compensation process?*
A. Pressure – CAE bonus tied to clean reports
B. Opportunity – CEO self-approves expenses with no independent review
C. Rationalization – CEO says “maintain investor confidence”
D. All three are present
*Answer:
*Q4. As the Senior Internal Auditor, what is your MOST appropriate immediate action under the Code of Ethics?*
A. Follow CEO instruction to maintain good relationship with management
B. Document the CEO request and discuss with CAE only
C. Escalate to Audit Committee Chair due to independence impairment and potential fraud risk
D. Refuse the Executive Compensation audit and request reassignment
*Answer:
*KEY INTEGRATED CONCEPTS – CIA PART 1 2025*
**Area** **IIA Standard 2024** **What CIA Tests** **Red Flag**
**Governance** 9.1 – Board/AC oversees IA CAE reports functionally to AC, AC approves charter/budget Mgmt sets CAE comp, filters reports
**Ethics – Integrity** 2.1 – Honest, disclose facts Changing reports due to pressure “Go easy”, “remove finding”
**Ethics – Objectivity** 2.2 – Impartial, disclose conflicts Bonus tied to results, family ties Performance pay linked to audit rating
**Fraud Risk** 9.3 – IA assesses fraud risk Fraud Triangle in process design Self-approval, no segregation, override
**Professionalism** Domain I – Uphold profession Escalate impairments, protect AC Staying silent to protect job
---
*EXAM STRATEGY FOR INTEGRATED Qs*
1. *Look for “CAE comp/independence”* = Governance + Ethics breach.
2. *“CEO/CFO pressure to change report”* = Integrity violation, not just objectivity.
3. *“Self-approval/no review”* = Opportunity in Fraud Triangle.
4. *Best answer* = Escalate to Audit Committee/Board. Never just “discuss with management” when mgmt is the issue.
*CIA Part 1 – 2025 New Syllabus: 20 MCQs*
*Domains*: I. Foundations, II. Ethics & Professionalism, III. Governance, Risk, Control
---
*I. FOUNDATIONS OF INTERNAL AUDITING – 5 Qs*
*Q1. Assertion (A): Internal audit must be independent of management.*
*Reason (R): Independence is achieved when CAE reports administratively to CEO.*
A. Both A and R true, R correct explanation
B. Both true, R not correct explanation
C. A true, R false
D. A false, R true
*Q2. All of the following are mandatory elements of the IPPF 2024 EXCEPT:*
A. Global Internal Audit Standards
B. Topical Requirements
C. Implementation Guides
D. Code of Ethics now embedded in Principle 1
*Q3. Odd Man Out – Internal Audit Services:*
A. Assurance engagement on cybersecurity controls
B. Consulting engagement to design new AP workflow
C. Investigation of suspected fraud
D. Approving vendor payments
*Q4. Which is NEITHER a purpose of the Internal Audit Charter per Std 6.1?*
A. Define IA authority
B. Establish IA position in org
C. Specify IA’s annual bonus metrics
D. Define scope of IA services
*Q5. Logical Reasoning: If all assurance services provide independent assessment, and some consulting services improve operations, then:*
A. All consulting services provide independent assessment
B. Some services that improve operations are assurance services
C. No assurance service improves operations
D. Some services providing independent assessment improve operations
---
*II. ETHICS & PROFESSIONALISM – 5 Qs*
*Q6. Assertion (A): Auditors must disclose all material facts known to them.*
*Reason (R): Non-disclosure violates Integrity per Std 2.1.*
A. Both A and R true, R correct explanation
B. Both true, R not correct explanation
C. A true, R false
D. A false, R true
*Q7. All of the following impair objectivity EXCEPT:*
A. Auditing an area where auditor worked 6 months ago
B. CAE’s bonus tied to reducing external audit fees
C. Accepting gift of $25 promotional pen from auditee
D. Spouse is CFO of auditee department
*Q8. Odd Man Out – Principles in 2024 Global Standards:*
A. Integrity
B. Objectivity
C. Independence
D. Due Professional Care
*Q9. An auditor lacks IT skills but accepts an ERP audit. This violates:*
A. Confidentiality
B. Competency under Due Professional Care Std 2.3
C. Integrity
D. Neither, if CAE approves
*Q10. Which statement is NEITHER required by the Code of Ethics?*
A. Avoid conflicts of interest
B. Not knowingly be party to illegal acts
C. Guarantee all errors will be detected
D. Continually improve proficiency
---
*III. GOVERNANCE, RISK & CONTROL – 10 Qs*
*Q11. Assertion (A): The board is ultimately responsible for governance.*
*Reason (R): Internal audit provides assurance on governance per Std 9.1.*
A. Both A and R true, R correct explanation
B. Both true, R not correct explanation
C. A true, R false
D. A false, R true
*Q12. All of the following are components of COSO ERM 2017 EXCEPT:*
A. Governance & Culture
B. Strategy & Objective-Setting
C. Control Activities
D. Information & Communication
*Q13. Odd Man Out – Three Lines Model Roles:*
A. Management – 1st line: owns risks
B. Risk & Compliance – 2nd line: monitors
C. Internal Audit – 3rd line: independent assurance
D. External Audit – 3rd line: statutory audit
*Q14. Fraud Triangle: Opportunity is MOST reduced by:*
A. Code of Conduct training
B. Segregation of duties
C. Whistleblower hotline
D. Employee background checks
*Q15. Which is NEITHER a responsibility of Internal Audit regarding fraud per Std 9.3?*
A. Evaluate fraud risk management
B. Investigate all frauds detected
C. Assess fraud controls
D. Have sufficient knowledge of fraud
*Q16. Assertion (A): Risk appetite is set by management.*
*Reason (R): Board oversees risk appetite but does not set it.*
A. Both A and R true, R correct explanation
B. Both true, R not correct explanation
C. A true, R false
D. A false, R true
*Q17. All of the following are IT general controls EXCEPT:*
A. Program change management
B. Access security
C. Automated 3-way match in AP
D. Backup & recovery
*Q18. Odd Man Out – Control Types:*
A. Preventive: Access controls
B. Detective: Bank reconciliation
C. Corrective: Insurance policy
D. Directive: Policies & procedures
*Q19. Logical Reasoning: If strong entity-level controls exist, then process-level controls:*
A. Are not needed
B. May be reduced but not eliminated
C. Must be increased
D. Are always automated
*Q20. Which is NEITHER an example of “Tone at the Top” in governance?*
A. CEO signs Code of Ethics annually
B. Audit Committee meets quarterly with CAE private session
C. Management overrides controls for “efficiency”
D. Board approves risk appetite statement
*Scoring*: 16+ = CIA Ready, 12-15 = Review Standards, <12 = Reread Domain I & III.
*2025 Syllabus Weight*: Domain I 35%, Domain II 15%, Domain III 50% = This set matches.
