Section A….
📘 CIA Part 1 (2025) – 50 MCQs
SECTION A: Foundations of Internal Auditing (Q1–Q18)
Q1. The primary purpose of the internal audit charter is to:
A. Describe audit techniques
B. Define authority, responsibility, and scope
C. List audit staff qualifications
D. Establish external auditor responsibilities
Answer:
Q2. According to the IIA, internal auditing is best described as:
A. A compliance-focused inspection activity
B. A management control function
C. An independent, objective assurance and advisory activity
D. A financial reporting review function
Answer:
Q3. Which of the following must approve the internal audit charter?
A. Chief Audit Executive (CAE)
B. External auditor
C. Senior management
D. Board or audit committee
Answer:
Q4. Which activity most threatens internal audit independence?
A. Reporting functionally to the audit committee
B. Providing advisory services
C. Designing internal controls
D. Using risk-based audit planning
Answer:
Q5. Assurance services primarily involve:
A. Improving operations
B. Consulting management
C. Objective assessment of evidence
D. Facilitating workshops
Answer:
Q6. Advisory services differ from assurance services because they:
A. Require audit committee approval
B. Involve subjective judgment only
C. Do not include management responsibility
D. Are performed at management’s request
Answer:
Q7. Agile auditing emphasizes:
A. Annual audit plans
B. Compliance checklists
C. Flexibility and continuous risk assessment
D. Detailed documentation before testing
Answer:
Q8. Which tool is MOST consistent with agile auditing?
A. Fixed audit universe
B. Waterfall audit approach
C. Sprint-based audits
D. Year-end audits only
Answer:
Q9. Performance auditing focuses primarily on:
A. Financial accuracy
B. Efficiency and effectiveness
C. Regulatory compliance
D. Fraud detection
Answer:
Q10. Which responsibility belongs to the CAE?
A. Managing business risks
B. Approving internal controls
C. Communicating risk exposures to the board
D. Implementing corrective actions
Answer:
Q11. Internal audit’s role in risk management is to:
A. Own and manage risks
B. Set risk appetite
C. Provide assurance on risk processes
D. Eliminate business risks
Answer:
Q12. Which factor MOST enhances internal audit objectivity?
A. Operational responsibilities
B. Incentive-based compensation
C. Functional reporting to the board
D. Advisory engagements
Answer:
Q13. Risk-based audit planning primarily considers:
A. Management preferences
B. Audit cycle history
C. Inherent and residual risks
D. Budget availability
Answer:
Q14. Which engagement provides the HIGHEST level of assurance?
A. Consulting engagement
B. Advisory engagement
C. Assurance engagement
D. Facilitation engagement
Answer:
Q15. Which activity BEST demonstrates value addition by internal audit?
A. Identifying policy violations
B. Reporting control weaknesses
C. Recommending process improvements
D. Verifying transactions
Answer:
Q16. Internal auditors should avoid assuming management responsibility because it:
A. Reduces audit coverage
B. Impairs independence
C. Increases audit cost
D. Delays reporting
Answer:
Q17. Which reporting line BEST supports independence?
A. Administrative to CFO
B. Functional to audit committee
C. Operational to CEO
D. Dual reporting to management
Answer:
Q18. The internal audit activity must be positioned to:
A. Support management decisions
B. Achieve organizational objectives
C. Enforce policies
D. Detect all fraud
Answer:
SECTION B: Ethics & Professionalism (Q19–Q28)
Q19. The IIA Code of Ethics applies to:
A. Only certified auditors
B. Only CAEs
C. All internal auditors
D. External consultants
Answer:
Q20. Which is NOT a principle of the IIA Code of Ethics?
A. Integrity
B. Objectivity
C. Confidentiality
D. Accountability
Answer:
Q21. Accepting gifts from an auditee MOST threatens:
A. Integrity
B. Objectivity
C. Confidentiality
D. Competency
Answer:
Q22. An auditor discloses confidential data without authorization. This violates:
A. Integrity
B. Objectivity
C. Confidentiality
D. Due care
Answer:
Q23. Professional skepticism requires auditors to:
A. Trust management representations
B. Assume fraud exists
C. Question evidence critically
D. Avoid judgment
Answer:
Q24. If an ethical conflict arises, the auditor should FIRST:
A. Inform regulators
B. Discuss with management
C. Follow IIA decision-making framework
D. Resign immediately
Answer:
Q25. Objectivity is BEST preserved by:
A. Rotating audit assignments
B. Avoiding all advisory services
C. Reporting findings informally
D. Accepting management explanations
Answer:
Q26. Due professional care means auditors should:
A. Guarantee accuracy
B. Exercise reasonable judgment
C. Eliminate all risks
D. Detect every fraud
Answer:
Q27. Which situation MOST threatens integrity?
A. Time pressure
B. Conflict of interest
C. Limited resources
D. Sampling risk
Answer:
Q28. Professional competency requires auditors to:
A. Rely on experience only
B. Perform services beyond skills
C. Maintain knowledge and skills
D. Follow management directions
Answer:
SECTION C: Governance, Risk Management & Control (Q29–Q43)
Q29. COSO ERM 2017 focuses primarily on:
A. Internal controls only
B. Strategy and performance
C. Financial reporting
D. Compliance testing
Answer:
Q30. Which is a COSO ERM component?
A. Monitoring activities
B. Risk response
C. Control activities
D. Strategy and objective-setting
Answer:
Q31. Corporate governance primarily ensures:
A. Profit maximization
B. Ethical leadership and accountability
C. Operational efficiency
D. Regulatory compliance
Answer:
Q32. The board’s role in risk management is to:
A. Identify risks
B. Own risks
C. Oversee risk management
D. Mitigate risks directly
Answer:
Q33. Which is an example of a preventive control?
A. Reconciliation
B. Exception report
C. Authorization approval
D. Audit trail
Answer:
Q34. Detective controls are designed to:
A. Prevent errors
B. Identify errors after occurrence
C. Correct errors
D. Eliminate risk
Answer:
Q35. Control effectiveness depends MOST on:
A. Design and operation
B. Cost of controls
C. Documentation
D. Management preference
Answer:
Q36. Risk appetite is BEST defined as:
A. Total risk exposure
B. Risk tolerance limit
C. Amount of risk organization is willing to accept
D. Risk mitigation strategy
Answer:
Q37. Internal audit evaluates governance by reviewing:
A. Profitability
B. Board oversight and ethics
C. Market share
D. Budget variances
Answer:
Q38. Which control weakness indicates a poor control environment?
A. Lack of reconciliations
B. Management override of controls
C. Missing audit trail
D. IT access issues
Answer:
Q39. Residual risk is:
A. Risk before controls
B. Risk after controls
C. Unidentified risk
D. Insignificant risk
Answer:
Q40. Which is an alternative ERM framework?
A. COBIT
B. ISO 31000
C. ITIL
D. PMBOK
Answer:
Q41. A strong governance structure improves:
A. Risk elimination
C. Decision-making and accountability
D. Audit efficiency only
Answer:
Q42. Testing controls primarily assesses:
A. Risk appetite
B. Control design and operation
C. Strategy formulation
D. Board effectiveness
Answer:
Q43. Internal auditors add value in ERM by:
A. Managing risks
B. Setting risk tolerance
C. Providing assurance on ERM effectiveness
D. Approving risk responses
Answer:
SECTION D: Fraud Risks (Q44–Q50)
Q44. Fraud risk assessment should be:
A. One-time activity
B. Periodic and dynamic
C. Management-only responsibility
D. External auditor’s role
Answer:
Q45. Cyber fraud primarily involves:
A. Manual theft
B. System manipulation
C. Financial statement fraud
D. Bribery
Answer:
Q46. AI-based fraud MOST commonly exploits:
A. Human error
B. Weak governance
C. Automated decision systems
D. Physical assets
Answer:
Q47. Data tampering affects data:
A. Availability
B. Confidentiality
C. Integrity
D. Authenticity
Answer:
Q48. Internal auditors detecting potential fraud should FIRST:
A. Report to media
B. Confront suspect
C. Follow established reporting protocols
D. Investigate independently
Answer:
Q49. The primary role of internal audit in fraud is to:
A. Detect all fraud
B. Investigate fraud
C. Evaluate fraud risk management
D. Prosecute offenders
Answer:
Q50. Professional fraud investigation requires:
A. Intuition
B. Assumptions
C. Evidence and due care
D. Management approval
Answer:
www.gmsisuccess.in
Section B….
Essay based questions 1…
Each case integrates ethics, governance, risk management, agile auditing, and fraud risks.
📘 CIA PART 1 (2025) – CASE-BASED QUESTIONS WITH ANSWERS
CASE 1: Independence & Objectivity
The Chief Audit Executive (CAE) of XYZ Ltd. reports administratively to the CFO and functionally to the audit committee. Due to resource constraints, the CFO asks internal audit to design and implement new inventory controls before auditing them.
Q1. What is the MOST significant concern for the internal audit activity?
A. Reduced audit efficiency
B. Increased audit cost
C. Impairment of independence and objectivity
D. Lack of management support
Answer:
CASE 2: Advisory vs Assurance Services
Internal audit is requested to facilitate a risk workshop to identify emerging risks related to AI-based decision systems. Management wants recommendations but will retain decision-making authority.
Q2. This engagement is BEST classified as:
A. Assurance engagement
B. Compliance audit
C. Advisory (consulting) engagement
D. Investigative engagement
Answer:
CASE 3: Ethics & Confidentiality
An internal auditor shares sensitive payroll data with a colleague who is not assigned to the engagement, “for learning purposes.”
Q3. Which principle of the IIA Code of Ethics is MOST violated?
A. Integrity
B. Objectivity
C. Confidentiality
D. Competency
Answer:
CASE 4: Professional Skepticism
During an audit, management provides explanations for unusual revenue trends but no supporting documentation. The auditor accepts the explanation due to time pressure.
Q4. The auditor failed to apply:
A. Due professional care
B. Independence
C. Objectivity
D. Professional skepticism
Answer:
CASE 5: COSO ERM 2017 – Strategy Alignment
The board approved a new aggressive growth strategy without reassessing risk appetite. Internal audit notes increasing risk exposure.
Q5. Which COSO ERM 2017 component is MOST affected?
A. Risk response
B. Review and revision
C. Strategy and objective-setting
D. Information, communication & reporting
Answer:
CASE 6: Governance Oversight
The audit committee rarely meets and does not review internal audit reports in detail.
Q6. This indicates a weakness in:
A. Risk identification
B. Control activities
C. Corporate governance
D. Fraud prevention
Answer:
CASE 7: Control Environment
Management frequently overrides established approval limits to “speed up operations.”
Q7. This MOST negatively impacts which COSO component?
A. Control activities
B. Risk assessment
C. Control environment
D. Monitoring
Answer:
CASE 8: Agile Auditing
Internal audit switches from annual audit plans to short, iterative audits focused on rapidly changing cyber risks.
Q8. This approach BEST reflects:
A. Traditional auditing
B. Compliance auditing
C. Agile auditing
D. Continuous monitoring
Answer:
CASE 9: Fraud Risk Assessment
A company experienced multiple phishing attacks. Internal audit recommends employee awareness training and access controls.
Q9. Internal audit is primarily addressing:
A. Fraud investigation
B. Fraud risk assessment and prevention
C. Fraud prosecution
D. Financial reporting fraud
Answer:
CASE 10: Cyber & AI Fraud
An AI system automatically approves loans. Hackers manipulate input data, resulting in unauthorized approvals.
Q10. This fraud MOST directly affects data:
A. Availability
B. Confidentiality
C. Integrity
D. Retention
Answer:
Explanation:
🎯 Exam Tip (CIA Part 1 – 2025):
In case-based questions, first identify the role of internal audit (assurance, advisory, governance oversight) and then apply IIA Standards, Code of Ethics, and COSO ERM logic
Essay based questions..2
All cases integrate internal audit fundamentals, ethics, COSO ERM 2017, governance, agile auditing, and fraud risks, exactly as tested in the CIA exam.
📘 CIA PART 1 – CASE-BASED QUESTIONS (WITH ANSWERS)
Case 1: Internal Audit Independence
XYZ Ltd.’s internal audit department reports administratively and functionally to the CFO. The CFO frequently modifies audit reports before they are issued to the audit committee.
Q1. What is the MOST significant issue in this scenario?
A. Lack of audit resources
B. Impaired independence and objectivity
C. Ineffective audit planning
D. Weak control environment
✅ Answer:
Case 2: Advisory Services & Objectivity
Internal audit helped design a new procurement system last year. This year, the same auditors are assigned to audit procurement controls.
Q2. What is the BEST action for the CAE?
A. Proceed with audit as planned
B. Cancel the audit
C. Assign different auditors or use external support
D. Issue a disclaimer
✅ Answer:
Case 3: Agile Auditing
Due to frequent regulatory changes, management requests quicker audit feedback rather than waiting for annual audits.
Q3. Which audit approach BEST meets this need?
A. Traditional audit cycle
B. Compliance-based auditing
C. Agile auditing with sprints
D. Post-implementation review
✅ Answer:
Case 4: Ethical Dilemma
An internal auditor discovers a minor control violation involving a senior manager. The manager requests the issue not be reported, calling it “immaterial.”
Q4. What should the auditor do FIRST?
A. Ignore the issue
B. Report directly to regulators
C. Follow the IIA ethical decision-making framework
D. Resign from engagement
✅ Answer:
Case 5: Confidentiality Breach
An auditor discusses sensitive audit findings with a friend outside the organization.
Q5. Which ethical principle is violated?
A. Integrity
B. Objectivity
C. Confidentiality
D. Competency
✅ Answer:
Case 6: Governance Oversight
The board approves strategy but rarely reviews risk reports or control weaknesses.
Q6. This situation indicates a weakness in:
A. Risk identification
B. Control activities
C. Corporate governance
D. Compliance management
✅ Answer:
Case 7: COSO ERM 2017
Management aligns business objectives with risk appetite and monitors performance indicators linked to strategy.
Q7. Which COSO ERM 2017 focus area is demonstrated?
A. Review and revision
B. Information & communication
C. Strategy and objective-setting
D. Control activities
✅ Answer:
Case 8: Risk Appetite
A company accepts higher cybersecurity risk to launch digital products faster than competitors.
Q8. This decision BEST reflects:
A. Risk tolerance
B. Residual risk
C. Risk appetite
D. Inherent risk
✅ Answer:
Case 9: Control Environment
Management frequently overrides established approval controls to meet targets.
Q9. What is the MOST serious implication?
A. Increased audit cost
B. Weak control environment
C. Inefficient processes
D. Poor documentation
✅ Answer:
Case 10: Preventive vs Detective Controls
A system blocks unauthorized access, while logs are reviewed weekly.
Q10. Blocking access is a:
A. Detective control
B. Corrective control
C. Preventive control
D. Compensating control
✅ Answer:
Case 11: Fraud Risk Assessment
Internal audit conducts fraud risk assessment only during investigations.
Q11. What is the BEST recommendation?
A. Continue current practice
B. Perform fraud risk assessment periodically
C. Leave fraud to external auditors
D. Eliminate fraud assessments
✅ Answer:
Case 12: Cyber Fraud
Hackers alter transaction data without changing system availability.
Q12. Which data attribute is MOST affected?
A. Availability
B. Confidentiality
C. Integrity
D. Authenticity
✅ Answer:
Case 13: AI Fraud
An AI-based loan system approves fraudulent loans due to biased training data.
Q13. The primary risk arises from:
A. Manual override
B. Poor governance over AI models
C. Weak physical controls
D. Human error
✅ Answer:
Case 14: Fraud Detection
An auditor suspects fraud but lacks concrete evidence.
Q14. What should the auditor do NEXT?
A. Accuse the employee
B. Ignore the suspicion
C. Follow established investigation and reporting protocols
D. Inform law enforcement
✅ Answer:
Case 15: Internal Audit Role in Fraud
Management expects internal audit to guarantee zero fraud.
Q15. What is the MOST appropriate response?
A. Accept responsibility
B. Reject involvement in fraud
C. Clarify that IA provides assurance on fraud risk management, not guarantees
D. Transfer responsibility to external auditors
✅ Answer:
🎯 EXAM TIP (CIA PART 1 – 2025)
Independence, objectivity, governance oversight, COSO ERM language, and ethical judgment are heavily tested.
Case questions often ask “BEST” or “MOST appropriate”, not absolute answers.
Solve all questions ‼️ submit your answers for evaluation.
www.gmsisuccess.in
No comments:
Post a Comment