Our only savior is our will power. Will is the switch that controls everything in this universe. If you don't exercise your will power, you will be a weakling, easily influenced by your environment. Development of the will is the secret of magnetism. Men of success are men of great will power. When you develop will, no matter how you are pounded down by life, you rise again and say, "I am successful. I can win." Regards from Prof Mahaley Head Gmsisuccess Your Career Mentor Gmsisuccess...

Showing posts with label Certified Internal Auditor CIA Part 1 Revised syllabus 2025. Show all posts

Saturday, December 20, 2025

CIA part 1 mocktest answers

Below are challenging, examinable, essay-based MCQ questions with on Objectivity, Integrity, Independence, Proficiency, Confidentiality, and Due Professional Care, strictly aligned with the CIA Part 1 (Foundations of Internal Auditing) – 2025 syllabus.

CIA PART 1 – ETHICS & ATTRIBUTE STANDARDS

(Objectivity • Integrity • Independence • Proficiency • Confidentiality)

Section A…. 15MCQ Essay based…

Q1. (Integrity vs Objectivity – Subtle Threat)

An internal auditor discovers minor but recurring policy violations by a department head who is also a close mentor and instrumental in the auditor’s career growth. The violations are unlikely to be material individually but indicate a pattern of non-compliance. The auditor considers excluding these findings to avoid damaging the relationship.

Which principle of the IIA Code of Ethics is most directly compromised if the auditor omits the findings?

A. Independence

B. Confidentiality

C. Integrity

D. Proficiency

Correct Answer: C. Integrity

Explanation:

Integrity requires honesty and courage to report facts truthfully, regardless of personal consequences. The issue is not bias in judgment (objectivity) but deliberate suppression of known facts, which violates integrity.

Q2. (Objectivity vs Independence – Exam Favorite Trap)

An internal auditor is assigned to audit the procurement function. Two years ago, the auditor worked in the same function but had no involvement in current procurement decisions. Management insists that independence is impaired.

What is the best CIA-compliant conclusion?

A. Independence is impaired because of prior employment

B. Objectivity is impaired but independence is not

C. Neither independence nor objectivity is impaired

D. Independence is not impaired, but objectivity should be assessed and safeguards applied

Correct Answer: D

Explanation:

Independence relates to the organizational reporting line, not personal history. Prior involvement creates a potential objectivity threat, requiring disclosure and safeguards—not automatic disqualification.

Q3. (Confidentiality – Legal vs Ethical Conflict)

During an engagement, an internal auditor uncovers evidence of illegal data manipulation. Senior management instructs the auditor not to disclose the information externally to avoid reputational damage. No law explicitly requires reporting.

What is the auditor’s most appropriate action?

A. Maintain confidentiality and follow management’s instruction

B. Report the issue only if required by law

C. Escalate internally according to governance protocols

D. Immediately disclose the issue to regulators

Correct Answer: C

Explanation:

Confidentiality does not override governance responsibilities. The auditor must escalate internally (e.g., audit committee). External disclosure occurs only when legally mandated.

Q4. (Proficiency vs Due Professional Care)

An internal auditor accepts an IT audit engagement despite limited technical knowledge, believing general audit skills are sufficient. The auditor does not consult specialists and fails to identify critical system vulnerabilities.

Which standard is primarily violated?

A. Objectivity

B. Proficiency

C. Independence

D. Confidentiality

Correct Answer: B

Explanation:

Proficiency requires possessing or obtaining necessary knowledge. Due professional care relates to diligence, but the root failure is lack of competence.

Q5. (Independence – Organizational Reporting Line)

The Chief Audit Executive (CAE) reports administratively and functionally to the CFO. The CFO frequently modifies audit scopes and delays issuing reports.

Which CIA principle is most seriously threatened?

A. Objectivity

B. Integrity

C. Independence

D. Proficiency

Correct Answer: C

Explanation:

Functional reporting to management compromises organizational independence. The CAE should report functionally to the board or audit committee.

Q6. (Objectivity – Gifts & Familiarity Threat)

An internal auditor accepts a high-value gift from an auditee after completing an engagement. The audit report was already issued and unbiased.

What is the best CIA-based assessment?

A. Acceptable because the audit is complete

B. Acceptable if disclosed to management

C. Unacceptable as it impairs objectivity in appearance

D. Acceptable if local company policy allows it

Correct Answer: C

Explanation:

Objectivity includes appearance of bias, not just actual bias. High-value gifts create familiarity and self-interest threats.

Q7. (Integrity – Selective Reporting)

An auditor reports control weaknesses accurately but deliberately delays issuing the report to align with management’s preferred timing for public disclosures.

Which ethical principle is violated?

A. Objectivity

B. Integrity

C. Confidentiality

D. Proficiency

Correct Answer: B

Explanation:

Integrity requires timely and honest communication. Deliberate delay for strategic advantage undermines ethical conduct.

Q8. (Confidentiality – Personal Benefit)

An internal auditor uses non-public audit information to advise a friend to avoid investing in the organization.

Which action best describes this situation?

A. Acceptable personal judgment

B. Breach of confidentiality

C. Lack of objectivity only

D. Violation only if financial gain occurs

Correct Answer: B

Explanation:

Using confidential information for any personal advantage, direct or indirect, violates confidentiality—financial gain is not required.

Q9. (Proficiency – Continuous Improvement)

Which situation best demonstrates non-compliance with proficiency standards?

A. Auditor relies on past experience instead of updated standards

B. Auditor seeks expert help for complex valuation

C. Auditor attends regular professional training

D. Auditor uses automated audit tools

Correct Answer: A

Explanation:

Proficiency requires continuous development. Outdated knowledge is a direct violation.

Q10. (Objectivity vs Advocacy – Very Tricky)

An internal auditor recommends a specific vendor solution during consulting work and later audits the implementation of that solution.

What is the most appropriate CIA position?

A. No issue since consulting was allowed

B. Objectivity is impaired and safeguards are required

C. Independence is automatically impaired

D. Confidentiality is violated

Correct Answer: B

Explanation:

Advocacy creates self-review threat. Objectivity—not independence—is affected. Disclosure and safeguards are mandatory.

Q11. (Integrity – Pressure from Senior Management)

Management pressures an internal auditor to soften language in an audit report to “maintain harmony,” though findings remain factually correct.

What should the auditor do?

A. Modify wording to maintain relationships

B. Refuse and escalate to governance

C. Accept changes if conclusions remain same

D. Delay report issuance

Correct Answer: B

Explanation:

Integrity requires resisting undue influence and escalating ethical pressure to appropriate governance bodies.

Q12. (Confidentiality – Accidental Disclosure)

An auditor accidentally shares sensitive audit findings with an unauthorized employee.

Which principle is breached?

A. Integrity

B. Objectivity

C. Confidentiality

D. Proficiency

Correct Answer: C

Explanation:

Intent is irrelevant. Confidentiality applies to careless or accidental disclosure as well.

Q13. (Due Professional Care vs Proficiency – Examiner Trap)

An experienced auditor fails to expand testing despite red flags due to time constraints.

Which standard is primarily violated?

A. Proficiency

B. Integrity

C. Due Professional Care

D. Independence

Correct Answer: C

Explanation:

The auditor has knowledge but fails to apply reasonable diligence and judgment, violating due professional care.

Q14. (Independence – Consulting Engagements)

Which consulting activity is most likely to impair independence?

A. Advising on risk assessment methodology

B. Facilitating control self-assessment workshops

C. Designing controls and later auditing them

D. Training staff on internal controls

Correct Answer: C

Explanation:

Designing controls creates a self-review threat, impairing independence unless strictly managed.

Q15. (Integrated Ethics Question – High Difficulty)

An internal auditor with strong technical skills intentionally withholds unfavorable findings, accepts gifts, and uses insider information socially.

Which statement best summarizes the situation?

A. Only confidentiality is violated

B. Only objectivity is impaired

C. Multiple ethical principles are violated

D. Only independence is compromised

Correct Answer: C

Explanation:

The scenario violates integrity (withholding facts), objectivity (gifts), and confidentiality (insider information) simultaneously—common CIA exam integration.

🔑 CIA EXAM TIP

• Integrity = honesty & courage

• Objectivity = unbiased mindset + appearance

• Independence = organizational freedom

• Proficiency = knowledge + skills

• Confidentiality = protect & not misuse info

www.gmsisuccess.in

Section B…. 50MCQ…

CIA PART 1 – MCQs (50 Questions)

Topics Covered:

Integrity • Objectivity • Independence • Proficiency • Confidentiality • Due Professional Care • Code of Ethics

An internal auditor knowingly omits an immaterial error because management assures it will be corrected later.

The primary ethical violation is of:

A. Objectivity

B. Independence

C. Integrity

D. Proficiency

Answer: C

Reason: Deliberate omission = lack of honesty, regardless of materiality.

An auditor audits a process they designed three years ago but fully discloses this to the CAE.

Which statement is MOST accurate?

A. Independence is impaired

B. Objectivity threat exists and safeguards are required

C. No ethical issue exists

D. Confidentiality is violated

Answer: B

An auditor accepts a low-value promotional item during an audit.

Which factor MOST determines ethical acceptability?

A. Value of the item

B. Local law

C. Appearance of impaired objectivity

D. Timing of acceptance

Answer: C

An internal auditor reports functionally to the audit committee but administratively to the CFO.

Which principle is BEST preserved?

A. Objectivity

B. Integrity

C. Independence

D. Confidentiality

Answer: C

An auditor delays issuing a report to allow management time to “prepare explanations.”

This MOST directly violates:

A. Confidentiality

B. Integrity

C. Objectivity

D. Proficiency

Answer: B

An internal auditor uses professional skepticism but lacks technical knowledge in cybersecurity.

Which standard is MOST compromised?

A. Due Professional Care

B. Proficiency

C. Objectivity

D. Independence

Answer: B

An auditor refuses an engagement due to family relationships with the auditee.

This action BEST supports:

A. Integrity

B. Independence

C. Objectivity

D. Confidentiality

Answer: C

An auditor shares audit results internally with unauthorized staff to “raise awareness.”

Which principle is violated?

A. Integrity

B. Objectivity

C. Confidentiality

D. Independence

Answer: C

Which situation creates a self-review threat?

A. Rotating audit assignments

B. Auditing previously designed controls

C. Reporting to senior management

D. Using audit software

Answer: B

Q10

An auditor knowingly uses outdated audit standards.

This violates:

A. Proficiency

B. Integrity

C. Objectivity

D. Confidentiality

Answer: A

Q11

Management pressures an auditor to remove “harsh wording” but not findings.

The BEST response is to:

A. Agree for diplomacy

B. Escalate to governance

C. Delay the report

D. Accept wording change

Answer: B

Q12

An auditor discloses fraud only to management despite board-level reporting requirements.

Which principle is MOST affected?

A. Objectivity

B. Independence

C. Integrity

D. Confidentiality

Answer: C

Q13

An internal auditor accepts consulting work designing risk controls.

What must be done later?

A. Audit immediately

B. Avoid auditing the area

C. Apply safeguards if auditing

D. Ignore consulting role

Answer: C

Q14

Which scenario BEST demonstrates impaired independence?

A. Prior employment in auditee

B. CAE reporting to CFO functionally

C. Familiarity with auditee staff

D. Consulting engagement

Answer: B

Q15

An auditor fails to expand testing despite red flags due to time pressure.

This violates:

A. Proficiency

B. Due Professional Care

C. Objectivity

D. Integrity

Answer: B

Q16

Using confidential audit data to advise a friend informally violates:

A. Independence

B. Integrity

C. Confidentiality

D. Objectivity

Answer: C

Q17

Which action MOST preserves objectivity?

A. Declining gifts

B. Rotating audit staff

C. Reporting to audit committee

D. Maintaining competence

Answer: B

Q18

An auditor accepts management’s assurance without evidence.

Which standard is breached?

A. Objectivity

B. Proficiency

C. Due Professional Care

D. Confidentiality

Answer: C

Q19

Which is NOT part of integrity?

A. Honesty

B. Courage

C. Impartiality

D. Timeliness

Answer: C

(Impartiality relates to objectivity)

Q20

An auditor modifies conclusions to protect organizational reputation.

This violates:

A. Integrity

B. Confidentiality

C. Independence

D. Proficiency

Answer: A

Q21

Accepting gifts AFTER audit completion is:

A. Always acceptable

B. Acceptable if disclosed

C. Acceptable if immaterial

D. Unacceptable due to appearance

Answer: D

Q22

Which BEST defines independence?

A. Mental attitude

B. Technical skill

C. Organizational freedom

D. Professional judgment

Answer: C

Q23

An auditor lacks knowledge but consults a specialist.

Which principle is upheld?

A. Integrity

B. Proficiency

C. Objectivity

D. Confidentiality

Answer: B

Q24

Which creates an advocacy threat?

A. Training staff

B. Recommending vendors

C. Auditing transactions

D. Risk assessment

Answer: B

Q25

Failing to report immaterial fraud violates:

A. Proficiency

B. Integrity

C. Objectivity

D. Independence

Answer: B

Q26

An auditor leaks audit findings unintentionally.

Which principle applies?

A. Intent matters

B. Confidentiality applies regardless

C. Objectivity only

D. Integrity only

Answer: B

Q27

Professional skepticism MOST supports:

A. Integrity

B. Objectivity

C. Due Professional Care

D. Confidentiality

Answer: C

Q28

An auditor designs KPIs for management and later audits them.

This creates:

A. Familiarity threat

B. Self-interest threat

C. Self-review threat

D. Advocacy threat

Answer: C

Q29

Which is the BEST safeguard for objectivity?

A. Disclosure

B. Rotation

C. Supervision

D. All of the above

Answer: D

Q30

An auditor refuses to change findings despite CEO pressure.

This BEST demonstrates:

A. Objectivity

B. Integrity

C. Proficiency

D. Confidentiality

Answer: B

Q31

Which situation MOST threatens confidentiality?

A. Internal escalation

B. Audit committee reporting

C. Social discussion

D. Legal disclosure

Answer: C

Q32

An auditor relies on management representations alone.

This violates:

A. Integrity

B. Due Professional Care

C. Independence

D. Confidentiality

Answer: B

Q33

Independence is primarily a function of:

A. Behavior

B. Ethics

C. Reporting structure

D. Competence

Answer: C

Q34

Which activity is LEAST likely to impair objectivity?

A. Consulting

B. Prior employment

C. Staff rotation

D. Close relationships

Answer: C

Q35

Using audit results to negotiate salary violates:

A. Confidentiality

B. Integrity

C. Objectivity

D. All of the above

Answer: D

Q36

An auditor knowingly issues a misleading report.

This violates:

A. Objectivity only

B. Integrity only

C. Confidentiality only

D. Multiple principles

Answer: D

Q37

Proficiency requires:

A. Initial qualification only

B. Continuous development

C. Management approval

D. Audit experience only

Answer: B

Q38

Which threat arises from personal relationships?

A. Self-review

B. Familiarity

C. Advocacy

D. Intimidation

Answer: B

Q39

Which is a core duty of confidentiality?

A. Sharing lessons learned

B. Preventing misuse of info

C. Full transparency

D. Public disclosure

Answer: B

Q40

Time pressure NEVER justifies violating:

A. Integrity

B. Proficiency

C. Objectivity

D. Confidentiality

Answer: A

Q41

An auditor audits an area under performance incentives.

Which threat arises?

A. Advocacy

B. Self-interest

C. Familiarity

D. Intimidation

Answer: B

Q42

Which is MOST aligned with due professional care?

A. Speed

B. Compliance

C. Reasonable assurance

D. Absolute assurance

Answer: C

Q43

Ethical behavior is BEST described as:

A. Rule-based

B. Situation-based

C. Principle-based

D. Outcome-based

Answer: C

Q44

An auditor ignores minor policy breaches.

This MOST violates:

A. Proficiency

B. Confidentiality

C. Integrity

D. Objectivity

Answer: C

Q45

Which safeguard addresses independence threats?

A. Peer review

B. Training

C. Reporting to board

D. Documentation

Answer: C

Q46

Which BEST defines objectivity?

A. Neutral reporting

B. Unbiased mental attitude

C. Organizational freedom

D. Technical expertise

Answer: B

Q47

An auditor uses audit info for personal gain.

Which principles are violated?

A. Confidentiality only

B. Integrity only

C. Objectivity only

D. Multiple principles

Answer: D

Q48

Which is NOT a confidentiality exception?

A. Legal obligation

B. Professional duty

C. Personal judgment

D. Regulatory requirement

Answer: C

Q49

Which MOST threatens integrity?

A. Bias

B. Dishonesty

C. Incompetence

D. Familiarity

Answer: B

Q50

An auditor faces ethical conflict. FIRST step?

A. Resign

B. Ignore

C. Escalate through governance

D. External disclosure

Answer: C

🔥 CIA EXAM STRATEGY

• Integrity = honesty even when inconvenient

• Objectivity = mindset + appearance

• Independence = reporting line

• Proficiency ≠ due care (knowledge vs application)

www.gmsisuccess.in

Saturday, December 6, 2025

DOMAIN 1 – FOUNDATIONS OF INTERNAL AUDITING (35%) 50 Scenario-Based, Tricky & Exam-Style MCQs

✅ DOMAIN 1 – FOUNDATIONS OF INTERNAL AUDITING (35%)

50 Scenario-Based, Tricky & Exam-Style MCQs

1. Independence

1. The CAE reports administratively to the COO and functionally to the audit committee. During an audit of operations, the COO pressures the CAE to delay issuing the final report. What is MOST appropriate?
A. Delay the report because operational matters fall under the COO.
B. Inform the audit committee about the pressure.
C. Remove the COO’s comments and issue the report immediately.
D. Escalate to external auditors.
Answer:

2. Objectivity

2. An internal auditor previously worked in the procurement department two years ago. He is assigned to audit procurement this year. What should he do?
A. Proceed normally.
B. Refuse the assignment due to impairment.
C. Disclose the prior role and accept if CAE approves.
D. Perform only consulting services.
Answer:

3. Mandatory Guidance

3. Which element of the IPPF is mandatory?
A. Practice Guides
B. Code of Ethics
C. Supplemental Guidance
D. Position Papers
Answer:

4. Mission of Internal Audit

4. An audit team only reports control weaknesses but does not evaluate organizational value creation. What IPPF element is violated?
A. Core Principles
B. Mission of Internal Audit
C. Implementation Guidance
D. Performance Standards
Answer:

5. Core Principles

5. An audit report is technically accurate but delivered 4 months late, reducing management acceptance. Which Core Principle is violated?
A. Objectivity
B. Standards
C. Timeliness & Quality
D. Adds value & improves operations
Answer:

6. Governance

6. Who is primarily responsible for establishing governance processes?
A. Internal audit
B. CAE
C. Senior management
D. Board
Answer:

7. Governance Failures

7. During an audit, the internal auditor notices that whistleblowing cases are not reviewed for months. What should IA do first?
A. Report immediately to regulators.
B. Discuss with management responsible for governance.
C. Inform the board directly.
D. Investigate the cases themselves.
Answer:

8. Three Lines Model

8. Who owns controls in the Three Lines Model?
A. Internal Audit (Third Line)
B. External Audit
C. Management (First Line)
D. Audit Committee
Answer:

9. Board Responsibilities

9. The board requests internal audit to approve risk appetite. Is this appropriate?
A. Yes – IA has risk expertise.
B. No – setting risk appetite is management’s role.
C. Yes, if CAE signs only after consulting management.
D. Allowed only if noted in audit charter.
Answer:

10. Charter Requirements

10. Who must approve the internal audit charter?
A. CAE only
B. CEO and CFO
C. Board
D. External auditors
Answer:

11. Organizational Independence

11. The CAE’s performance appraisal is conducted solely by the CFO. What risk arises?
A. Fraud
B. Independence impairment
C. Inefficient audit planning
D. Conflict with HR
Answer:

12. Internal Audit Plan

12. The CAE prepares the annual audit plan but excludes new IT systems because management says they are not risky. What should CAE do?
A. Accept management’s decision
B. Include IT risks based on IA’s own assessment
C. Ask external audit
D. Perform only consulting activities
Answer:

13. Assurance vs Consulting

13. A department asks internal audit to design controls for a new system. What is allowed?
A. IA can design controls fully.
B. IA cannot give any advice.
C. IA can advise but cannot make decisions.
D. IA must decline completely.
Answer:

14. Resource Management

14. CAE identifies lack of cybersecurity expertise in the team. What is the BEST action?
A. Cancel cybersecurity audits.
B. Outsource or co-source.
C. Rotate staff internally.
D. Report to HR only.
Answer:

15. Proficiency

15. An auditor is assigned to audit a financial derivative valuation model but lacks expertise. The auditor should:
A. Learn quickly and continue.
B. Perform the audit anyway.
C. Decline or request expert support.
D. Skip testing complex areas.
Answer:

16. Due Professional Care

16. During fieldwork, an auditor identifies a red flag of fraud but lacks evidence. What should they do?
A. Report fraud immediately
B. Ignore because evidence is limited
C. Extend testing based on risk
D. Transfer case to HR
Answer:

17. Fraud Responsibility

17. Internal audit is reviewing an inventory theft case. Who is responsible for detecting fraud?
A. Internal audit
B. Every employee / management
C. External audit
D. Legal department
Answer:

18. Engagement Objectives

18. Engagement objectives must align MOST with:
A. Audit budget
B. Management preferences
C. Risk assessment
D. Auditor experience
Answer:

19. Planning

19. An auditor reviews prior audit reports before planning a new audit. Which standard is applied?
A. 1210
B. 2120
C. 2200
D. 2410
Answer:

20. Risk Management Evaluation

20. IA notes that management identifies risks but does not document mitigation measures. IA should:
A. Document risk appetite
B. Provide assurance on risk processes
C. Create mitigation plans
D. Report only to CEO
Answer:

21. Internal Control

21. IA observes that management performs controls inconsistently. Which COSO component is weak?
A. Monitoring
B. Control Environment
C. Control Activities
D. Information & Communication
Answer:

22. Control Environment Weakness

22. Employees fear retaliation for reporting issues. Which is affected?
A. Control activities
B. Governance
C. Ethical culture
D. Risk tolerance
Answer:

23. CAE Communication

23. The CEO wants to remove a finding from the draft report. CAE should:
A. Remove it
B. Inform audit committee
C. Delay reporting
D. Reduce severity
Answer:

24. Quality Assurance (QAIP)

24. External quality assessment must be performed:
A. Annually
B. Every 5 years
C. Every 3 years
D. Optional
Answer:

25. Non-conformance

25. If IA does not fully comply with Standards, what must occur?
A. Stop audits
B. Disclose non-conformance
C. Hire more auditors
D. Reset charter
Answer:

26. Reporting Results

26. Who approves the final audit report?
A. CAE
B. Board
C. Process owner
D. Audit team
Answer:

27. Engagement Supervision

27. Supervision ensures:
A. Recommendations are mandatory
B. Work meets objectives
C. Management cannot challenge findings
D. Auditors work independently
Answer:

28. Document Retention

28. Working papers should support:
A. Auditor opinions
B. CAE job evaluation
C. External audit reliance
D. Risk register
Answer:

29. Communication Quality

29. An audit report is technically correct but unclear. It violates:
A. Accuracy
B. Objectivity
C. Clarity
D. Finality
Answer:

30. Follow-Up

30. Follow-up is required for:
A. All findings
B. Only high-risk findings
C. Only management requests
D. Only consulting results
Answer:

31. Ethical Dilemma

31. An auditor is offered a gift during fieldwork. Best action?
A. Accept if below monetary threshold
B. Decline and disclose
C. Accept and inform CAE
D. Accept privately
Answer:

32. Disclosing Impairment

32. Auditor’s spouse works in the audited department. What should auditor do first?
A. Decline assignment
B. Continue normally
C. Disclose to CAE
D. Investigate spouse’s work
Answer:

33. Confidentiality

33. A former employee asks about findings in the audit report. Auditor must:
A. Provide summary
B. Provide report if they were responsible
C. Decline
D. Provide report after approval from management
Answer:

34. Engagement Scope

34. Scope changes during audit due to new risk. Auditor should:
A. Ignore changes
B. Modify engagement objectives
C. Stop audit
D. Continue with old plan
Answer:

35. Consulting Engagement

35. IA is asked to facilitate a risk workshop. This is:
A. Prohibited
B. Assurance service
C. Consulting service
D. Governance action
Answer:

36. Assessing Culture

36. IA notices employees bypass controls due to pressure for deadlines. This indicates:
A. Fraud
B. Poor control environment
C. Good efficiency
D. Appropriate risk appetite
Answer:

37. Governance Oversight

37. Audit committee asks IA to evaluate board performance. IA should:
A. Decline
B. Outsource
C. Perform assessment carefully
D. Only review documentation
Answer:

38. Rotation

38. To maintain objectivity, auditor rotation is recommended when:
A. Auditor likes the process
B. Auditor has audited same area for years
C. Budget cuts occur
D. Findings are repetitive
Answer:

39. Red Flags

39. During AP audit, an auditor finds multiple vendor accounts with similar bank details. Auditor should:
A. Report fraud immediately
B. Gather more evidence
C. Ignore
D. Delete vendors
Answer:

40. Root Cause Analysis

40. Repeated control failures mostly relate to:
A. Symptoms
B. Root causes
C. Audit report format
D. Ethical standards
Answer:

41. Workpaper Review

41. Manager reviewing workpapers must check:
A. Grammar
B. Evidence supports conclusions
C. Auditor handwriting
D. Location of files
Answer:

42. Assurance Engagement

42. Who determines the level of assurance?
A. Auditor
B. CAE
C. Management
D. Audit committee
Answer:

43. Conflict of Interest

43. An auditor owns shares in a company that is a major supplier. What is required?
A. Sell shares
B. Transfer auditor
C. Disclose & avoid the engagement
D. Ignore because minor issue
Answer:

44. Continuous Auditing

44. Continuous monitoring is responsibility of:
A. IA
B. Management
C. Board
D. External auditors
Answer:

45. Continuous Assurance

45. Continuous auditing focuses on:
A. Real-time monitoring
B. Financial statements
C. HR activities only
D. Bypassing controls
Answer:

46. Consulting Independence

46. After providing consulting, IA must ensure:
A. They do not audit that area
B. They audit after 3 months
C. Consulting does not impair future assurance
D. No recommendations are given
Answer:

47. Escalation

47. Serious risk not addressed by management must be reported to:
A. CFO
B. Audit committee
C. Process owners
D. HR
Answer:

48. Fraud Investigation

48. IA is asked to perform fraud investigation. IA should:
A. Decline always
B. Perform investigation if competent
C. Transfer to external audit
D. Outsource completely
Answer:

49. IT Controls

49. IA finds privileged access granted without approval. This is weakness in:
A. Change management
B. Logical access controls
C. Governance
D. Physical security
Answer:

50. Alignment with Strategy

50. IA should evaluate whether governance:
A. Focuses on short-term profits
B. Aligns objectives, values, and performance
C. Avoids risks completely
D. Delegates all responsibility to auditors
Answer:

www.gmsisuccess.in

ANSWERS....

50 Challenging & Scenario-Based MCQs on Domain 1 – Foundations of Internal Auditing (35%), fully aligned with the 2025 Revised CIA Part 1 syllabus.

Each question includes A–D options and correct answers with explanations.

✅ DOMAIN 1 – FOUNDATIONS OF INTERNAL AUDITING (35%)

50 Scenario-Based, Tricky & Exam-Style MCQs

1. Independence

2. Objectivity

3. Mandatory Guidance

3. Which element of the IPPF is mandatory?
A. Practice Guides
B. Code of Ethics
C. Supplemental Guidance
D. Position Papers
Answer: B

4. Mission of Internal Audit

5. Core Principles

6. Governance

6. Who is primarily responsible for establishing governance processes?
A. Internal audit
B. CAE
C. Senior management
D. Board
Answer: C

7. Governance Failures

8. Three Lines Model

8. Who owns controls in the Three Lines Model?
A. Internal Audit (Third Line)
B. External Audit
C. Management (First Line)
D. Audit Committee
Answer: C

9. Board Responsibilities

10. Charter Requirements

10. Who must approve the internal audit charter?
A. CAE only
B. CEO and CFO
C. Board
D. External auditors
Answer: C

11. Organizational Independence

11. The CAE’s performance appraisal is conducted solely by the CFO. What risk arises?
A. Fraud
B. Independence impairment
C. Inefficient audit planning
D. Conflict with HR
Answer: B

12. Internal Audit Plan

13. Assurance vs Consulting

14. Resource Management

15. Proficiency

16. Due Professional Care

17. Fraud Responsibility

17. Internal audit is reviewing an inventory theft case. Who is responsible for detecting fraud?
A. Internal audit
B. Every employee / management
C. External audit
D. Legal department
Answer: B

18. Engagement Objectives

18. Engagement objectives must align MOST with:
A. Audit budget
B. Management preferences
C. Risk assessment
D. Auditor experience
Answer: C

19. Planning

19. An auditor reviews prior audit reports before planning a new audit. Which standard is applied?
A. 1210
B. 2120
C. 2200
D. 2410
Answer: C – Engagement Planning

20. Risk Management Evaluation

21. Internal Control

22. Control Environment Weakness

22. Employees fear retaliation for reporting issues. Which is affected?
A. Control activities
B. Governance
C. Ethical culture
D. Risk tolerance
Answer: C

23. CAE Communication

23. The CEO wants to remove a finding from the draft report. CAE should:
A. Remove it
B. Inform audit committee
C. Delay reporting
D. Reduce severity
Answer: B

24. Quality Assurance (QAIP)

24. External quality assessment must be performed:
A. Annually
B. Every 5 years
C. Every 3 years
D. Optional
Answer: B

25. Non-conformance

25. If IA does not fully comply with Standards, what must occur?
A. Stop audits
B. Disclose non-conformance
C. Hire more auditors
D. Reset charter
Answer: B

26. Reporting Results

26. Who approves the final audit report?
A. CAE
B. Board
C. Process owner
D. Audit team
Answer: A

27. Engagement Supervision

27. Supervision ensures:
A. Recommendations are mandatory
B. Work meets objectives
C. Management cannot challenge findings
D. Auditors work independently
Answer: B

28. Document Retention

28. Working papers should support:
A. Auditor opinions
B. CAE job evaluation
C. External audit reliance
D. Risk register
Answer: A

29. Communication Quality

29. An audit report is technically correct but unclear. It violates:
A. Accuracy
B. Objectivity
C. Clarity
D. Finality
Answer: C

30. Follow-Up

30. Follow-up is required for:
A. All findings
B. Only high-risk findings
C. Only management requests
D. Only consulting results
Answer: A

31. Ethical Dilemma

31. An auditor is offered a gift during fieldwork. Best action?
A. Accept if below monetary threshold
B. Decline and disclose
C. Accept and inform CAE
D. Accept privately
Answer: B

32. Disclosing Impairment

32. Auditor’s spouse works in the audited department. What should auditor do first?
A. Decline assignment
B. Continue normally
C. Disclose to CAE
D. Investigate spouse’s work
Answer: C

33. Confidentiality

34. Engagement Scope

34. Scope changes during audit due to new risk. Auditor should:
A. Ignore changes
B. Modify engagement objectives
C. Stop audit
D. Continue with old plan
Answer: B

35. Consulting Engagement

35. IA is asked to facilitate a risk workshop. This is:
A. Prohibited
B. Assurance service
C. Consulting service
D. Governance action
Answer: C

36. Assessing Culture

36. IA notices employees bypass controls due to pressure for deadlines. This indicates:
A. Fraud
B. Poor control environment
C. Good efficiency
D. Appropriate risk appetite
Answer: B

37. Governance Oversight

37. Audit committee asks IA to evaluate board performance. IA should:
A. Decline
B. Outsource
C. Perform assessment carefully
D. Only review documentation
Answer: C

38. Rotation

39. Red Flags

40. Root Cause Analysis

40. Repeated control failures mostly relate to:
A. Symptoms
B. Root causes
C. Audit report format
D. Ethical standards
Answer: B

41. Workpaper Review

41. Manager reviewing workpapers must check:
A. Grammar
B. Evidence supports conclusions
C. Auditor handwriting
D. Location of files
Answer: B

42. Assurance Engagement

42. Who determines the level of assurance?
A. Auditor
B. CAE
C. Management
D. Audit committee
Answer: A

43. Conflict of Interest

43. An auditor owns shares in a company that is a major supplier. What is required?
A. Sell shares
B. Transfer auditor
C. Disclose & avoid the engagement
D. Ignore because minor issue
Answer: C

44. Continuous Auditing

44. Continuous monitoring is responsibility of:
A. IA
B. Management
C. Board
D. External auditors
Answer: B

45. Continuous Assurance

45. Continuous auditing focuses on:
A. Real-time monitoring
B. Financial statements
C. HR activities only
D. Bypassing controls
Answer: A

46. Consulting Independence

47. Escalation

47. Serious risk not addressed by management must be reported to:
A. CFO
B. Audit committee
C. Process owners
D. HR
Answer: B

48. Fraud Investigation

48. IA is asked to perform fraud investigation. IA should:
A. Decline always
B. Perform investigation if competent
C. Transfer to external audit
D. Outsource completely
Answer: B

49. IT Controls

49. IA finds privileged access granted without approval. This is weakness in:
A. Change management
B. Logical access controls
C. Governance
D. Physical security
Answer: B

50. Alignment with Strategy

www.gmsisuccess.in

Thursday, August 28, 2025

2025 CIA Part 1 syllabus reflects the following topic deletions or reductions in weight compared to the 2019 syllabus

The 2025 CIA Part 1 syllabus reflects the following topic deletions or reductions in weight compared to the 2019 syllabus:

- The 2019 syllabus had six domains, while the 2025 syllabus was consolidated into four.

- The 2019 topics "Independence and Objectivity," "Proficiency and Due Professional Care," and "Quality Assurance and Improvement Program," which collectively accounted for 40% of the exam, were removed as separate standalone sections in Part 1 of the 2025 syllabus.

- These topics have been integrated or shifted to other parts of the CIA exam structure, such as Part 3.

- The 2019 "Governance, Risk Management, and Control" domain's weight was slightly decreased from 35% to 30%.

- The new 2025 syllabus added a new domain titled "Ethics and Professionalism" with 20% weight, which was not a separate domain in 2019 but rather embedded in other sections.

- The "Foundations of Internal Auditing" domain increased significantly in weight from 15% to 35%.

- The "Fraud Risks" domain increased slightly from 10% to 15%.

In summary, the 2025 syllabus removed some specific professional practice topics from Part 1, decreased governance's weight slightly, introduced a distinct ethics domain, and increased emphasis on foundational audit knowledge and fraud. This reorganized syllabus better reflects practical and ethical demands on internal auditors today while redistributing some older content to other exam parts [1][2][3].

Based on previous information on the CIA Part 1 2025 syllabus updates compared to 2019, the topics removed or merged in 2025 are:

Topics such as "Independence and Objectivity," "Proficiency and Due Professional Care," and "Quality Assurance and Improvement Program," which were stand-alone in 2019, have been merged or removed from Part 1 of the CIA syllabus. These areas have been shifted to other parts of the CIA exam.
The old detailed focus on IT, financial statements, and some business knowledge topics has been merged into broader domains such as "Foundations of Internal Auditing" and "Governance, Risk Management, and Control."
Ethics and professionalism, previously embedded in various parts, is now a dedicated domain.
Fraud risks, while a smaller and somewhat new dedicated domain, now incorporate some topics that were previously scattered.

This restructuring aims to simplify the syllabus, reduce content overlap, and focus on practical auditing skills, ethics, governance, risk management, and fraud prevention within the auditing profession.

No specific official details were found on exact named topics deleted or merged, but the above outlines the main structural changes in the 2025 CIA syllabus from earlier versions

As per the Institute of Internal Auditors (IIA) 2025 syllabus, the "Ethics and Professionalism" domain in the CIA Part 1 covers the following:

Ethical behavior and professional conduct essential for internal auditors.
Emphasis on upholding integrity, objectivity, confidentiality, and due professional care.
Understanding the IIA's Code of Ethics and adherence to its principles.
Promoting a professional mindset that supports ethical decision-making and accountability.
Reinforcing the importance of ethical culture within organizations, including how auditors influence and uphold this culture.
Maintaining independence and avoiding conflicts of interest.
Responsibilities related to reporting unethical behavior or violations.
Professional competence through continuous development and application of skills aligned with professional standards.

This domain carries 20% weight in the syllabus, reflecting its critical importance in preparing auditors to meet ethical challenges and maintain professionalism in their work. It consolidates and expands ethical topics to better align with modern internal audit responsibilities according to IIA’s updated framework for 2025

Citations:

[1] CIA Exam Changes https://www.gleim.com/cia-review/cia-exam-changes/

[2] CIA Part 1 Syllabus 2025 Update – Internal Audit Fundamentals https://aia.in.net/cia-part1-syllabus-2025-update-internal-audit-fundamentals

[3] Changes to the Certified Internal Auditor syllabus https://charterediia.org/content-hub/blogs/changes-to-the-certified-internal-auditor-syllabus/

[4] CIA 2025 https://www.theiia.org/en/certifications/cia/cia-2025/

[5] Certified Internal Auditor (CIA) exam syllabus https://www.theiia.org/en/certifications/cia/exam-prep-resources/exam-syllabus/

[6] CIA 2019 vs CIA 2025 Syllabus Comparison | Key Changes https://www.kappedge.com/cia-exam-2025-syllabus/cia-2019-vs-cia2025/

www.gmsisuccess.in

Feel free 🆓 to discuss with me if you have any questions ‼️ Call or text on 9773464206