Here are *20 Case-Based MCQs with Answers – CIA Part 1 Domain I: Foundations of Internal Auditing*
*Coverage*: Integrity, Objectivity, Independence, Proficiency, Due Professional Care, QAIP, Audit Charter, Audit Mandate
*Based on*: IIA Code of Ethics + Attribute Standards 1000-1322 + Implementation Guides
*Code of Ethics: Integrity, Objectivity*
*Case 1*:
Internal auditor Priya found that her cousin owns 40% of a vendor being audited. She did not disclose this to the CAE and completed the audit. The vendor later got the contract renewed.
*Q*: Which principle/rule did Priya violate?
A. Integrity – Rule 1.1 Diligence
B. *Objectivity – Rule 2.1 Shall not participate if conflict*
C. Confidentiality – Rule 3.1
D. Competency – Rule 4.1
*Answer: B*
*Why*: Rule 2.1: Objectivity – Must not participate when personal/family interest exists. Also violates Standard 1120.
*Case 2*:
CAE was pressured by CEO to delete a finding on inventory fraud because “IPO is next month”. CAE agreed to keep it in workpapers but remove from final report.
*Q*: Violation of:
A. Standard 1130 Impairment
B. *Rule 2.3 Objectivity – Shall not subordinate judgment*
C. Standard 2400 Communicating Results
D. Standard 2060 Reporting to Board
*Answer: B*
*Why*: Rule 2.3: Objectivity – Subordination of judgment to others. Also breaches Integrity Rule 1.1 and 2440.
*Case 3*:
Auditor Raj accepted IPL tickets worth ₹15,000 from auditee after issuing “Satisfactory” rating. Company policy allows gifts <₹1,000.
*Q*: Which Code principle is breached?
A. Confidentiality
B. *Integrity*
C. Competency
D. Objectivity
*Answer: B*
*Why*: *Integrity Rule 1.2*: Shall not accept anything that may impair professional judgment. Also impairs objectivity.
---
*Independence & Objectivity: Standards 1100-1130*
*Case 4*:
New CAE reports functionally to CFO and administratively to CEO. CFO approves CAE’s salary, bonus, and can terminate CAE. Audit Committee only gets final reports.
*Q*: Which Standard is violated?
A. 1111 Direct Interaction
B. *1110 Organizational Independence*
C. 1130 Impairment
D. 1000 Charter
*Answer: B*
*Why*: *1110*: CAE must report functionally to Board/Audit Committee. Functional = approves charter, risk assessment, budget, compensation, removal. CFO control = impairment.
*Case 5*:
Staff auditor was Accounts Payable Manager until 8 months ago. CAE assigns her to audit AP cycle to meet deadline.
*Q*: Status per Standard 1130.A1?
A. Allowed if disclosed in report
B. Allowed after 6 months cooling off
C. *Objectivity presumed impaired – must disclose or reassign*
D. No impairment if she didn’t approve vendors
*Answer: C*
*Why*: *1130.A1*: Objectivity presumed impaired if auditor audits activity where they had responsibility within previous year. Must apply safeguards.
*Case 6*:
CAE provides consulting on control design for new ERP. Later, CAE assigns different audit team to audit ERP controls.
*Q*: Is independence impaired per 1130.C1?
A. Yes, always impaired for 12 months
B. Yes, CAE cannot consult + audit same area
C. *No, if safeguards applied – different staff, mgmt accepts risk*
D. No, consulting never impairs independence
*Answer: C*
*Why*: *1130.C1*: Prior consulting doesn’t impair objectivity if safeguards: separate team, mgmt owns controls, disclosure.
---
*Proficiency & Due Professional Care: 1200*
*Case 7*:
CAE assigned cybersecurity audit to auditor with no IT training because “he’s smart and will learn”. Auditor missed key firewall gaps.
*Q*: Standard violated?
A. 1130 Impairment
B. *1210 Proficiency*
C. 1220 Due Professional Care
D. 1230 CPE
*Answer: B*
*Why*: *1210*: Auditors must possess knowledge, skills, competencies needed. CAE responsible per 1210.A1. Due care 1220 also failed, but root cause = proficiency.
*Case 8*:
To meet Board deadline, audit team skipped testing of 60% of key controls and relied on prior year workpapers without updating for new risks.
*Q*: Primary violation?
A. 1210 Proficiency
B. *1220 Due Professional Care*
C. 2310 Identifying Information
D. 2340 Engagement Supervision
*Answer: B*
*Why*: *1220.A1*: Due care = consider adequacy of audit procedures, probability of fraud. *1220.A2*: Alert to significant risks. Skipping = lack of care.
*Case 9*:
CAE has 15 auditors. None completed 40 CPE hours last year due to budget cuts.
*Q*: Violation?
A. 1210 Proficiency
B. 1220 Due Professional Care
C. *1230 Continuing Professional Development*
D. 1311 Internal Assessments
*Answer: C*
*Why*: *1230*: Internal auditors must enhance knowledge/skills through 40 hrs CPE annually. CAE must ensure.
---
*QAIP: Standards 1300-1322*
*Case 10*:
Internal audit dept has no documented quality program. CAE says “we do good work, no need for formal QAIP”.
*Q*: Standard violated?
A. 1310 Requirements
B. *1300 Quality Assurance and Improvement Program*
C. 1320 Reporting
D. 1312 External Assessment
*Answer: B*
*Why*: *1300*: CAE _must_ develop/maintain QAIP covering all aspects of IA activity. Not optional.
*Case 11*:
Last external quality assessment was 6 years ago. CAE still reports “Generally Conforms” to Board.
*Q*: Violation?
A. 1311 Internal Assessments
B. *1312 External Assessments + 1321 Use of Conforms*
C. 1300 QAIP
D. 2430 Disclosure of Nonconformance
*Answer: B*
*Why*: *1312*: External assessment at least 5 years. *1321*: May only use “conforms” if supported by QAIP incl EQA within 5 years.
*Case 12*:
External QA done by senior manager from another division of same company, independent of IA.
*Q*: Valid per 1312?
A. Yes, if AC approves
B. Yes, if not reporting to CAE
C. *No, must be independent team from _outside_ organization*
D. No, must be IIA only
*Answer: C*
*Why*: *1312*: External assessments by qualified, _independent_ reviewer/team from _outside the organization_. IG 1312.
*Case 13*:
Internal assessment found nonconformance with Standard 1220. CAE reports “Generally Conforms” anyway to avoid budget cut.
*Q*: Violation?
A. 1311 Internal Assessments
B. 1320 Reporting on QAIP
C. *1321 Use of “Conforms” + Integrity*
D. 2060 Reporting to Board
*Answer: C*
*Why*: *1321*: Must disclose nonconformance and impact. Integrity Rule 1.1: Honesty also breached.
---
*Audit Charter & Audit Mandate: 1000-1010*
*Case 14*:
Audit charter was approved by CFO only. It defines purpose/authority but Board never saw it.
*Q*: Standard violated?
A. 1010 Recognizing Mandatory Guidance
B. 1100 Independence
C. *1000 Purpose, Authority, and Responsibility*
D. 1110 Organizational Independence
*Answer: C*
*Why*: *1000*: Charter must be approved by senior mgmt _and_ Board. Defines mandate, authority, scope.
*Case 15*:
Charter is silent on internal audit’s right to access all records. CFO now denies access to HR payroll citing “privacy”.
*Q*: Issue?
A. No issue, HR data is private
B. *Charter must define unrestricted access per 1000.A1*
C. 1130 Impairment
D. 1210 Proficiency
*Answer: B*
*Why*: *1000.A1*: Charter must establish unrestricted access to records, personnel, property. This is the “audit mandate”.
*Case 16*:
Board asks IA to only do SOX testing. CAE agrees and removes risk-based audits from plan. Charter allows full scope.
*Q*: What should CAE do per Standards?
A. Comply, Board sets scope
B. *Discuss with Board per 2010: risk-based plan required*
C. Refuse and resign
D. Do SOX but report impairment
*Answer: B*
*Why*: *2010*: CAE must establish risk-based plan. *1000*: Charter gives mandate for full scope. CAE must communicate impact of scope limitation per 2060.
*Case 17*:
CAE wants to add cybersecurity consulting. Current charter only covers assurance.
*Q*: Required action?
A. Start consulting, update charter later
B. Get CFO approval only
C. *Update charter to define consulting per 1000.C1, get Board approval*
D. Cannot do consulting
*Answer: C*
*Why*: *1000.C1*: Nature of consulting services must be defined in charter approved by Board.
---
*Mixed Application*
*Case 18*:
Auditor posts on LinkedIn: “Auditing XYZ Corp – their controls are a joke” before report issued.
*Q*: Violations?
A. Objectivity Rule 2.1
B. *Confidentiality Rule 3.1 + 2440 Disseminating Results*
C. Integrity Rule 1.2
D. Competency Rule 4.1
*Answer: B*
*Why*: *Rule 3.1 Confidentiality*: Shall not disclose info without authority. *2440*: Communicate only after final report.
*Case 19*:
CAE does not inform Board that 40% budget cut will prevent completion of annual plan.
*Q*: Standard violated?
A. 2020 Communication of Plan
B. 2030 Resource Management
C. *2060 Reporting to Senior Management and Board*
D. 1110 Independence
*Answer: C*
*Why*: *2060*: CAE must report impact of resource limitations to Board. Relates to mandate to fulfill charter.
*Case 20*:
Internal audit reports to CEO administratively and meets Audit Committee quarterly. Charter approved by Board. CAE sets own budget.
*Q*: Does this meet 1110?
A. *Yes, meets 1110 if Board approves budget, charter, removal*
B. No, must report functionally to CEO
C. No, admin must be to Board
D. Yes, but only if AC meets monthly
*Answer: A*
*Why*: *1110*: Functional reporting to Board = Board approves charter, risk plan, budget, CAE compensation/removal. Admin to CEO is allowed. Quarterly AC meets 1111.
---
*Exam Tips for CIA Part 1*:
1. *Independence = 1110*: Functional to Board, not CFO.
2. *1130*: 1-year cooling off. Consulting ok with safeguards.
3. *1220*: Due care = alert to fraud, cost vs benefit.
4. *1312*: External QA = 5 years, outside org.
5. *1000*: Charter = mandate. Must have Board approval + unrestricted access
No comments:
Post a Comment