Section ,A….. Difficult level...Simple
5 0 MCQ on CIA Part 1: Foundations of Internal Auditing (35%), focused on IPPF, governance, CAE responsibilities, QAIP, risk-based audit planning, agile auditing, assurance vs consulting, and reporting.
CIA Part 1 – Foundations of Internal Auditing
1.
The internal audit activity reports functionally to the board to: A. Manage day-to-day administrative responsibilities
B. Support internal auditors’ continuing education programs
C. Ensure independence in determining audit scope
D. Approve staff performance evaluations
Answer:
2.
Which role is most appropriate for the internal audit activity regarding the organization’s risk management process? A. Assume responsibility for managing key risks
B. Provide assurance on the effectiveness of risk management
C. Approve risk appetite
D. Develop risk response strategies
Answer:
3.
The CAE is asked to justify resources and budget requirements for the upcoming year. Which standard applies? A. 2040
B. 2030
C. 2000
D. 1320
Answer:
4.
A key difference between assurance and consulting engagements is: A. Assurance services require more documentation
B. Consulting engagements improve organizational operations and require client involvement
C. Assurance services must comply with the Code of Ethics, consulting does not
D. Consulting always reduces internal audit responsibility
Answer:
5.
To maintain independence, significant impairments must be reported to: A. Senior management only
B. Board only
C. Both senior management and the board
D. Audit clients
Answer:
6.
The internal audit charter should be reviewed: A. Every five years
B. Annually or when significant changes occur
C. Whenever external auditors request it
D. Only during a QAIP review
Answer:
7.
Which of the following represents a governance responsibility? A. Designing internal controls
B. Evaluating risks during strategy development
C. Monitoring strategic direction and accountability
D. Developing policies and procedures
Answer:
8.
A weakness identified during an engagement that may lead to material risk exposure should be communicated: A. Immediately to management
B. At the end of the engagement
C. Only in the final report
D. To external auditors first
Answer:
9.
The CAE must ensure internal audit follows the Standards. This is primarily achieved through: A. Engagement supervision
B. Quality Assurance and Improvement Program
C. HR performance process
D. Monthly staff meetings
Answer:
10.
An internal audit engagement is delayed due to insufficient IT skills among the audit team. What should the CAE do? A. Ignore the problem
B. Outsource or co-source expertise
C. Cancel the engagement
D. Reduce scope to fit available skills
Answer:
11.
Which principle ensures internal auditors perform work without influence from others? A. Integrity
B. Objectivity
C. Confidentiality
D. Accountability
Answer:
12.
An agile audit framework emphasizes: A. Closed communication
B. Detailed documentation throughout
C. Early and continuous stakeholder collaboration
D. One final report at the end only
Answer:
13.
The CAE wants to provide assurance relating to governance processes. Which standard requires this? A. 2000
B. 2100
C. 2120
D. 2130
Answer:
14.
Which is part of Mandatory Guidance but not Recommended Guidance under the IPPF? A. Practice Advisories
B. Practice Guides
C. Implementation Guidance
D. Code of Ethics
Answer:
15.
Conflict of interest most directly threatens: A. Confidentiality
B. Integrity and Objectivity
C. Competency
D. Professional skepticism
Answer:
16.
The frequency of reporting to the board by the CAE should be: A. Monthly
B. As needed
C. At least annually
D. Only after QAIP assessments
Answer:
17.
Which professional requirement supports continuous improvement? A. Mandatory peer review
B. External assessment at least once every five years
C. Mandatory rotation of CAE
D. Annual workpaper review by the external auditor
Answer:
18.
The audit plan should be based on which principle? A. Cost of engagement hours
B. Risk-based approach
C. Availability of auditors
D. Historical audit schedules
Answer:
19.
When an auditor participates in system design to offer process insights, independence is impaired if they: A. Provide recommendations
B. Approve final design decisions
C. Perform post-go-live review
D. Attend meetings
Answer:
20.
Internal audit’s responsibility regarding fraud includes: A. Investigating every suspected fraud
B. Preventing employee fraud
C. Evaluating adequacy of controls to manage fraud risk
D. Acting as the fraud reporting hotline
Answer:
21.
Which best describes continuous auditing? A. Run annually as part of QAIP
B. Performs automated tests to identify exceptions in real-time
C. Replaces assurance engagements
D. Eliminates need for auditors
Answer:
22.
A well-designed audit observation must include: A. Cause, effect, and corrective action dates
B. Criteria, cause, effect, and recommendation
C. Scope, sample size, and timeline
D. Management responsibility only
Answer:
23.
Responsibility for selecting external QAIP assessors belongs to: A. CAE
B. Internal audit staff
C. Board
D. External auditors
Answer:
24.
Internal audit communicates an unacceptable risk to management but management refuses action. What must the CAE do next? A. Close issue as management accepted risk
B. Report to the board
C. Revise rating to moderate
D. Remove it from reporting
Answer:
25.
Which standard requires documenting work to support conclusions? A. 2010
B. 2330
C. 2400
D. 2600
Answer:
26.
The CAE wants to rely on work performed by external auditors. Which requirement must be evaluated? A. External auditors’ education, experience, independence, and approach
B. Audit software used
C. Number of external staff assigned
D. Fees paid
Answer:
27.
Which threat arises if an auditor audits an area where they previously worked? A. Advocacy threat
B. Self-review threat
C. Familiarity threat
D. Intimidation threat
Answer:
28.
The primary responsibility for communicating audit results to the board belongs to: A. Senior management
B. CAE
C. Lead auditor
D. Audit committee secretary
Answer:
29.
An agile audit sprint cycle concludes. What is the expected outcome? A. Detailed final report only
B. Immediate release of findings and next sprint decisions
C. Pause until year-end report
D. No stakeholder communication
Answer:
30.
To add value, internal audit should: A. Identify opportunities to improve governance, controls, and risk management
B. Focus only on compliance
C. Prioritize low-risk audits
D. Never provide recommendations
Answer:
31.
Independence is most compromised when: A. Internal auditor reports functionally to the board
B. Internal auditor reports administratively to the CFO
C. CAE reports hiring decisions to the HR
D. Audit budget must be approved by the board
Answer:
32.
Standard 2210 requires audit objectives to: A. Establish criteria to measure performance
B. Align with established risk priorities
C. Meet management expectations only
D. Avoid delays or budget overruns
Answer:
33.
Primary goal of conformance standards in the IPPF is to: A. Offer tools to external auditors
B. Describe behavior expected of internal auditors
C. Provide requirements and criteria for audit performance
D. Provide checklists
Answer:
34.
When providing consulting services, internal auditors must: A. Provide recommendations only
B. Avoid impairing independence for future assurance work
C. Focus on budget cost savings
D. Prevent changes in risk exposure
Answer:
35.
The responsibility for controlling day-to-day operations of the organization lies with: A. Board
B. CAE
C. Management
D. External auditors
Answer:
36.
The board’s primary role in internal audit involves: A. Oversight and accountability
B. Operating controls
C. Designing policies
D. Performing assurance engagements
Answer:
37.
Attribute Standard 2020 requires the CAE to: A. Obtain approval for engagement scope
B. Communicate audit plan and resource requirements to senior management and the board
C. Report audit results annually
D. Maintain audit procedures manual
Answer:
38.
Which is NOT a core principle of internal auditing? A. Demonstrates integrity
B. Aligns with organization’s strategy
C. Is collaborative and influential
D. Manages operational decisions
Answer:
39.
The CAE must report results of the QAIP to: A. Internal audit staff only
B. Senior management and the board
C. External quality assessment team
D. Finance committee
Answer:
40.
In agile auditing, documentation: A. Is eliminated
B. Is minimized but remains sufficient to support results
C. Must be more detailed than traditional audits
D. Is only required at the beginning
Answer:
41.
The CAE should remove an auditor from an engagement if: A. They disagree with audit findings
B. They have a conflict of interest
C. They are new to the team
D. They missed training
Answer:
42.
When auditors identify opportunities to improve controls, the correct approach is: A. Avoid recommendations to maintain independence
B. Provide recommendations but avoid implementation responsibility
C. Implement improvements directly
D. Report suggestions to external auditor
Answer:
43.
Governance, Risk, and Control responsibilities are mandatory under: A. Standard 2000
B. Standard 2100
C. Standard 2200
D. Standard 2300
Answer:
44.
The key purpose of internal audit reporting is to: A. Support documentation compliance
B. Communicate results and enable positive change
C. Validate process owners’ opinion
D. Reduce legal exposure
Answer:
45.
Which of the following best reflects the role of internal audit to support ethics within an organization? A. Create ethics policies
B. Provide assurance on ethics-related controls
C. Handle disciplinary action
D. Review employee recruitment
Answer:
46.
Who is responsible for establishing the organization’s risk appetite? A. CAE
B. Board
C. Management
D. Internal audit team
Answer:
47.
Implementation guidance under the IPPF is used to: A. Provide mandatory rules
B. Explain how to apply the standards
C. Replace practice advisories
D. Dictate audit scope
Answer:
48.
Internal audit engagement work programs must: A. Be developed by management
B. Document required audit procedures to achieve objectives
C. Be optional for experienced auditors
D. Be used only for consulting
Answer:
49.
Which is a performance standard? A. 1210
B. 1320
C. 2400
D. 1100
Answer:
50.
External assessments for QAIP must be conducted by: A. Internal audit staff
B. A qualified, independent assessor or assessment team
C. External auditor from financial statement audit
D. Audit committee chairperson
Answer:
www.gmsisuccsss.in
Section B….. Difficult level: moderately Difficult
10 challenging, logic-based MCQs on “Foundations of Internal Auditing” (CIA Part 1 Domain 1)
Note: Questions are original and based on the current CIA Part 1 syllabus and IIA resources, not copied from any source.
1) The board is concerned that internal audit’s work focuses heavily on low-risk compliance issues selected by the CFO. The CAE wants to realign with the Mission of Internal Audit and the Global Internal Audit Standards. Which action best demonstrates this alignment?
A. Ask the CFO to provide a list of required compliance audits for the next year.
B. Develop a risk-based audit plan and obtain approval from the board or audit committee.
C. Increase the number of surprise audits in high-fraud areas.
D. Request approval from senior management for each engagement’s scope and timing.
Answer:
2) An internal auditor discovers that a close family member has just been hired as a senior manager in an area scheduled for review next month. The auditor has no direct dealings with this relative at work. Which is the most appropriate response under the Code of Ethics and Standards?
A. Proceed with the engagement but disclose the relationship in the final report.
B. Request reassignment from the engagement due to an impairment to objectivity.
C. Perform only preliminary work and let another auditor complete testing.
D. Continue the engagement because there is no financial interest involved.
Answer:
3) The internal audit charter states that the CAE reports administratively to the CFO and functionally to the audit committee. Which situation would most seriously threaten organizational independence?
A. The CFO reviews the CAE’s performance evaluation.
B. The audit committee approves the internal audit budget.
C. The CFO revises the audit plan to remove a review of treasury operations.
D. The CAE meets privately with the audit committee twice a year.
Answer:
4) Management requests that internal audit design and implement new internal controls over a critical procurement process. The CAE wants to maintain conformance with the Global Internal Audit Standards regarding assurance versus consulting services. Which approach is most appropriate?
A. Decline all involvement because designing controls always impairs independence.
B. Design and implement the controls, then perform the assurance engagement.
C. Provide advisory input on control options while management makes final design and implementation decisions.
D. Take full ownership of control design but outsource implementation to an external consultant.
Answer:
5) During a board strategy session, the CAE is asked to “own the enterprise risk management (ERM) process” because internal audit has the strongest risk expertise. Which response best aligns with internal audit’s mandate and the Three Lines Model?
A. Accept ownership of ERM and report any risk issues directly to regulators.
B. Accept responsibility for coordinating risk registers but not for risk ownership.
C. Decline and explain that internal audit’s role is to provide independent assurance on ERM, not manage it.
D. Accept ownership of ERM only if the board approves changes to the audit charter.
Answer:
6) The CAE wants to demonstrate conformance with the core principles for the professional practice of internal auditing. Which of the following actions best evidences the principle of “Insightful, proactive, and future-focused”?
A. Issuing reports strictly limited to control deficiencies noted during fieldwork.
B. Recommending actions that address only historical noncompliance.
C. Identifying emerging risks and advising the board on how they could impact strategic objectives.
D. Limiting recommendations to low-cost, quick-win process improvements.
Answer:
7) An internal auditor is assigned to review cybersecurity. The auditor has strong general IT knowledge but limited experience in cybersecurity frameworks. To conform with proficiency and due professional care requirements, which action is most appropriate?
A. Perform the engagement as planned, relying only on existing knowledge.
B. Decline the assignment because internal audit must not review technical areas.
C. Seek targeted training and, if needed, use qualified experts while maintaining overall responsibility for the engagement.
D. Ask management to prepare a self-assessment and accept it without further work.
Answer:
8) The audit committee wants assurance that the internal audit activity itself complies with the Global Internal Audit Standards. Which approach best meets the requirement for quality assurance and improvement?
A. The CAE prepares an annual self-assessment, with no external review.
B. The internal audit activity commissions an external quality assessment at least once every five years, supported by ongoing internal assessments.
C. The external financial statement auditor evaluates internal audit quality each year.
D. Management reviews internal audit performance during the annual budgeting process.
Answer:
9) Internal audit has unrestricted access to records and personnel, yet management frequently delays responses and argues that certain operational reports are “not necessary” for audit work. Which action best uses internal audit’s authority under the charter?
A. Accept management’s position to preserve relationships.
B. Conduct the engagement using only the information that management voluntarily provides.
C. Escalate the issue to the audit committee, explaining how restricted access affects internal audit’s ability to fulfill its responsibilities.
D. Cancel the engagement and reallocate resources to other audits.
Answer:
10) A newly appointed CAE is redesigning the internal audit charter. To align with the Global Internal Audit Standards, which element is most critical to include?
A. A detailed list of all audits internal audit will perform each year.
B. A description of internal audit’s purpose, authority, and responsibility, including reporting lines to the board.
C. A requirement that internal audit report only to senior management.
D. A statement that internal audit is responsible for detecting all fraud.
Answer:
www.gmsisuccess.in
Section C……Difficult level: Challenging & tricky
Here MCQs for CIA Part 1 – Foundations of Internal Auditing, with suggested time per question. Each should be answered in about 1–1.5 minutes, in line with the exam’s overall timing of 125 questions in 150 minutes.
1) Time: 1.2 minutes
The CAE wants to revise the audit charter to align with the Global Internal Audit Standards. Which content is MOST critical to include?
A. A schedule of all engagements to be performed during the year
B. A statement that internal audit will support management in achieving profit targets
C. A description of internal audit’s purpose, authority, and responsibilities, including its reporting lines
D. A list of all laws and regulations to be tested for compliance
Answer:
2) Time: 1.2 minutes
Internal audit is requested to “own” the organization’s risk register and decide which risks each manager is responsible for. Which is the BEST response consistent with the Three Lines Model?
A. Accept the role and report any major changes directly to regulators
B. Decline to own the risk register but agree to review and provide assurance over risk management
C. Accept full ownership of the risk register as long as the board approves the charter
D. Accept the role temporarily and then outsource all assurance work
Answer:
3) Time: 1.2 minutes
Which scenario represents an impairment to organizational independence of the internal audit activity?
A. The CAE reports functionally to the audit committee and administratively to the CFO
B. Senior management reduces the approved audit budget without informing the board
C. The CAE attends executive committee meetings as a non-voting member
D. Internal audit uses guest auditors from operations for specialized reviews
Answer:
4) Time: 1.5 minutes
An auditor is assigned to review a complex new derivatives product. The auditor understands internal controls but has limited knowledge of derivatives. To conform with proficiency and due professional care, what should the auditor do FIRST?
A. Decline the assignment entirely because of lack of expertise
B. Perform the engagement using existing knowledge and learn during fieldwork
C. Discuss the skills gap with the CAE and arrange for training or expert assistance
D. Ask management to self-assess controls and rely on their evaluation
Answer:
5) Time: 1.2 minutes
Which activity MOST clearly aligns with the Mission of Internal Auditing and the core principles?
A. Performing only compliance audits requested by regulators
B. Providing insight on emerging risks that may affect achievement of strategic objectives
C. Limiting reports to listing control deficiencies without recommendations
D. Focusing solely on confirming adherence to policies and procedures
Answer:
6) Time: 1.3 minutes
During an engagement, an auditor discovers a control weakness that is unlikely to affect current objectives but could become significant if the entity expands into a new market next year. What is the MOST appropriate action?
A. Ignore it because it does not affect current objectives
B. Report it as an observation with an emphasis on potential future impact
C. Escalate it as a major finding requiring immediate remediation
D. Discuss it informally with staff only, without documentation
Answer:
7) Time: 1.3 minutes
Which situation MOST clearly impairs an individual internal auditor’s objectivity?
A. The auditor previously worked in the audited department three years ago
B. The auditor helped design key controls in the process being audited six months ago
C. The auditor receives training from the process owner before the engagement
D. The auditor has social interactions with staff in the area being audited
Answer:
8) Time: 1.5 minutes
A CAE wants to demonstrate that the internal audit activity conforms with the Global Internal Audit Standards. Which of the following approaches BEST satisfies the quality assurance and improvement program requirement?
A. An internal review of working papers every five years
B. Ongoing supervision plus periodic internal assessments and an external assessment at least once every five years
C. Reliance on the external financial auditor’s annual review of internal audit work
D. Annual satisfaction surveys of auditees only
Answer:
9) Time: 1.2 minutes
The Code of Ethics requires internal auditors to exercise due professional care. Which behavior BEST demonstrates this principle during an engagement?
A. Testing fewer items than planned to finish before the deadline
B. Adjusting the nature and extent of work based on risk and materiality
C. Relying entirely on management’s explanations when controls appear weak
D. Using only inquiry as a procedure when evidence is easily available
Answer:
10) Time: 1.5 minutes
Management asks internal audit to design and implement a new segregation-of-duties matrix and then perform an assurance review on it. What is the MOST appropriate response?
A. Accept both design and assurance roles because this improves control quality
B. Decline all involvement in segregation of duties to avoid any impairment
C. Agree to provide consulting input on the matrix design while ensuring management retains ownership, and decline providing assurance on this specific design work later
D. Outsource the engagement to external auditors and rely on their report
Answer:
www.gmsisuccess.in
Section D…. Difficult level: Moderately Difficult
Here are 40 original, exam-style CIA Part 1 MCQs focused on independence, objectivity, integrity, audit charter/mandate, internal audit mission, and efficiency, aligned with the 2025 syllabus and new Global Internal Audit Standards timing (Part 1: 125 Qs / 150 minutes ≈ 1.2 minutes per question).
Use about 1–1.5 minutes per question.
***
## A. Integrity (6 questions)
1) Time: 1.2 minutes
An internal auditor discovers that a popular manager has bypassed a key control to meet a tight deadline, with no apparent loss. Senior management pressures the auditor to omit this from the report to “avoid demoralizing a strong performer.” Which action best demonstrates integrity?
A. Remove the issue from the report but keep personal notes
B. Describe the issue factually in the report and stand by the professional judgment
C. Mention the issue only verbally to the CAE and not document it
D. Downgrade the issue to an informal comment in a private email
Answer:
2) Time: 1.2 minutes
Which situation is the clearest violation of integrity?
A. An auditor politely questioning management assumptions
B. An auditor signing off on workpapers known to be incomplete to meet a deadline
C. An auditor escalating concerns about interference to the CAE
D. An auditor asking a colleague for help on a complex issue
Answer:
3) Time: 1.2 minutes
An auditor uncovers a minor illegal act that management has already stopped and remediated. No law requires disclosure to authorities, but concealing it in the report could mislead the board. What is the most appropriate action, consistent with integrity?
A. Omit it entirely because it is already corrected
B. Report it to law enforcement without informing anyone internally
C. Include it in the report with context on remediation and residual risk
D. Tell the board informally but keep it out of official documentation
Answer:
4) Time: 1.0 minute
Integrity in the new standards is BEST described as:
A. Performing work quickly and at the lowest cost
B. Demonstrating honesty, courage, and legal/professional behavior
C. Ensuring that no audit report ever contains negative findings
D. Doing only what management explicitly requests
Answer:
5) Time: 1.2 minutes
Which action best illustrates “courage” as part of integrity?
A. Avoiding conflicts with management by softening report language
B. Agreeing to delay issuing a report indefinitely
C. Challenging a powerful executive’s misleading statement in front of the audit committee
D. Delegating all difficult conversations to junior staff
Answer:
6) Time: 1.0 minute
An internal auditor realizes after issuing a report that a key piece of evidence was misinterpreted, leading to an overstated finding. What is the MOST appropriate action consistent with integrity?
A. Ignore it because the report is already issued
B. Quietly adjust workpapers without informing anyone
C. Promptly inform the CAE and, if needed, issue a corrected communication
D. Wait until the next audit cycle to correct it
Answer:
***
## B. Independence & Objectivity (14 questions)
7) Time: 1.3 minutes
The CAE reports functionally to the audit committee and administratively to the CFO. Which scenario most seriously threatens organizational independence?
A. The CFO reviews the CAE’s expense reports
B. The CFO decides to cancel all audits of the treasury function
C. The audit committee approves the annual audit plan
D. The CAE attends executive committee meetings as an observer
Answer:
8) Time: 1.3 minutes
An auditor previously designed key controls in a process six months ago and is now assigned to audit that same process. What is the best course of action?
A. Proceed with the engagement but disclose involvement in the final report
B. Decline the engagement due to self-review threat to objectivity
C. Only review controls that were not personally designed
D. Proceed and rely on peer review to mitigate any issues
Answer:
9) Time: 1.2 minutes
Which is the BEST example of a familiarity threat to objectivity?
A. The auditor lacks technical knowledge of IT controls
B. The auditor is a close friend of the process owner being audited
C. The auditor previously worked in another department
D. The auditor is not certified but has many years of experience
Answer:
10) Time: 1.3 minutes
The CEO requests that the CAE “tone down” criticism in a draft report before it goes to the audit committee. What should the CAE do to preserve independence and objectivity?
A. Accept all changes to preserve relationships
B. Reject all changes and send the original draft without comment
C. Consider valid factual clarifications but escalate undue pressure to the audit committee if needed
D. Allow the CEO to write the executive summary while internal audit handles details
Answer:
11) Time: 1.1 minutes
Which statement best distinguishes independence from objectivity?
A. Independence is personal; objectivity is organizational
B. Independence is structural positioning; objectivity is individual mindset
C. Independence is optional; objectivity is mandatory
D. Independence and objectivity are identical concepts
Answer:
12) Time: 1.2 minutes
Which action best preserves organizational independence in line with the new standards?
A. Having the CAE functionally report to the board/audit committee
B. Having internal audit report solely to the CFO
C. Requiring management approval for every engagement’s scope
D. Allowing management to decide which findings are reported
Answer:
13) Time: 1.1 minutes
Which is the clearest example of a conflict of interest?
A. An auditor owns shares in a major supplier whose contracts are under review
B. An auditor has a professional certification from the IIA
C. An auditor previously worked in another company in the same industry
D. An auditor attends training paid by the employer
Answer:
14) Time: 1.3 minutes
Management insists internal audit use only interviews, not documents, when auditing a controversial project. How should the CAE respond?
A. Accept management’s request to avoid tension
B. Cancel the engagement due to lack of cooperation
C. Explain that limiting procedures may impair the reliability of conclusions and, if unresolved, escalate to the audit committee
D. Continue as requested and note the limitation only in workpapers
Answer:
15) Time: 1.2 minutes
An auditor is offered tickets to a major sporting event by a manager whose area is currently under review. The face value is modest, and the manager insists it is “a token of appreciation.” What is the MOST appropriate response?
A. Accept because it is modest and has no conditions
B. Accept but disclose in the report
C. Politely decline because it may be perceived as impairing objectivity
D. Accept and share with the audit team
Answer:
16) Time: 1.2 minutes
Which policy would BEST support maintaining individual objectivity for auditors rotating through operational roles?
A. Prohibiting any staff rotations between audit and operations
B. Allowing auditors to audit functions they worked in the previous month
C. Implementing a “cooling-off” period before auditors can audit areas they previously managed
D. Allowing only junior staff to audit their former departments
Answer:
17) Time: 1.3 minutes
An internal auditor is the only subject-matter expert available for a highly technical area and also recently helped management select a key system in that area. How can objectivity best be safeguarded?
A. Proceed as lead auditor without disclosure
B. Decline all involvement in that area permanently
C. Disclose the prior involvement, use an independent reviewer, and consider assigning another auditor as engagement lead
D. Let management perform a self-assessment and accept their conclusions
Answer:
18) Time: 1.1 minutes
Which of the following MOST directly threatens independence “from interference” as described in the new standards?
A. Limited training budget
B. Restrictions on which stakeholders internal audit may communicate results to
C. High staff turnover
D. Remote working arrangements
Answer:
19) Time: 1.2 minutes
The board requests that internal audit take over line management of the compliance department “for a year.” What is the BEST response?
A. Accept fully because it increases internal audit’s authority
B. Accept but immediately outsource all assurance work
C. Decline, explaining that managing compliance would compromise independence and future assurance
D. Accept only if the CAE receives a higher title
Answer:
20) Time: 1.2 minutes
An auditor consistently avoids reporting negative findings against a particular executive because of fear of retaliation. This behavior MOST directly violates:
A. Independence only
B. Objectivity only
C. Both integrity and objectivity
D. Confidentiality only
Answer:
***
## C. Audit Charter & Mandate (8 questions)
21) Time: 1.1 minutes
Which element is MOST essential in an internal audit charter under the Global Internal Audit Standards?
A. A list of all individual auditors and their credentials
B. A detailed three-year audit schedule
C. A statement of internal audit’s purpose, authority, and responsibility, including board-level oversight and access to records and personnel
D. A separate ethics policy for internal audit only
Answer:
22) Time: 1.2 minutes
The charter states that internal audit work must be approved by the CFO before starting any engagement. What is the BEST action?
A. Accept this as normal administrative oversight
B. Recommend revising the charter so the audit committee approves the plan and internal audit can determine engagement scopes without management veto
C. Request that only high-risk engagements need CFO approval
D. Ignore the charter language and operate independently in practice
Answer:
23) Time: 1.2 minutes
Which statement best describes an internal audit “mandate” as used in the new standards and CIA Part 1 syllabus?
A. The annual budget granted to internal audit
B. The legally binding regulations internal audit must enforce
C. The formal authority given to internal audit by the board, usually through the charter
D. Informal expectations communicated verbally by management
Answer:
24) Time: 1.1 minutes
Which provision would MOST clearly conflict with the principles of an effective audit charter?
A. Internal audit has unrestricted access to all records, personnel, and physical properties
B. Internal audit is authorized to allocate its resources and determine work techniques
C. Internal audit must obtain the COO’s written approval before issuing any report
D. The CAE has direct access to the board or audit committee
Answer:
25) Time: 1.3 minutes
The charter authorizes internal audit to “assist management in designing and implementing internal controls.” To align with the standards, how should the CAE interpret this clause?
A. As authorization to assume full responsibility for control design and implementation
B. As allowing advisory and consulting input while management retains responsibility for controls
C. As a requirement to approve every control change in the organization
D. As limiting internal audit to only consulting work
Answer:
26) Time: 1.2 minutes
Which party should formally approve the internal audit charter?
A. The CAE alone
B. Senior management only
C. The board or audit committee, after input from management and the CAE
D. The external auditor
Answer:
27) Time: 1.1 minutes
The charter is silent on internal audit’s right to communicate directly with regulators. Management insists all such communication must go through the legal department. What is the BEST first step for the CAE?
A. Ignore the restriction and contact regulators directly
B. Request a charter revision clarifying internal audit’s right to communicate independently with the board and, where appropriate, external parties
C. Accept the restriction as a normal legal safeguard
D. Resign from the organization
Answer:
28) Time: 1.3 minutes
Which statement best shows how the charter supports internal audit efficiency?
A. It limits the number of engagements per year
B. It clearly defines scope, authority, and reporting lines, reducing ambiguity and rework
C. It requires detailed approval signatures on each workpaper
D. It mandates that all audits be unannounced
Answer:
***
## D. Internal Audit Mission & Core Principles (6 questions)
29) Time: 1.1 minutes
The Mission of Internal Auditing focuses primarily on:
A. Maximizing internal audit revenue
B. Enforcing staff discipline across the organization
C. Enhancing and protecting organizational value by providing risk-based, objective assurance, advice, and insight
D. Minimizing the number of audit findings
Answer:
30) Time: 1.2 minutes
Which engagement best reflects being “insightful, proactive, and future-focused,” a core principle under the new standards?
A. Focusing only on historical compliance errors
B. Identifying emerging regulatory changes and advising on their potential impact on strategy
C. Repeating the same checklist annually without change
D. Limiting work to verifying signatures on documents
Answer:
31) Time: 1.2 minutes
Which activity would most likely undermine the Mission of Internal Auditing?
A. Aligning the audit plan with the organization’s key risks and objectives
B. Focusing solely on low-risk, easy engagements to improve completion statistics
C. Providing assurance on governance, risk management, and control
D. Communicating results clearly to the board
Answer:
32) Time: 1.1 minutes
Which statement best links the Mission with independence and objectivity?
A. The Mission can be achieved without independence if auditors are technically strong
B. Independence and objectivity are optional if internal audit focuses on consulting
C. Independence and objectivity are essential so that assurance and advice are trusted and value-adding
D. The Mission requires independence but not objectivity
Answer:
***
## E. Internal Audit Efficiency & Effectiveness (6 questions)
33) Time: 1.3 minutes
Which action best improves internal audit efficiency without compromising quality?
A. Reducing documentation so findings cannot be challenged
B. Applying risk-based sampling and focusing on key controls
C. Eliminating planning to spend more time in fieldwork
D. Performing the same procedures every year regardless of changes
Answer:
34) Time: 1.2 minutes
Which measure MOST directly reflects internal audit effectiveness rather than just efficiency?
A. Number of audit hours billed per year
B. Percentage of plan completed on time
C. Degree to which audit recommendations are implemented and reduce key risks
D. Number of pages in each audit report
Answer:
35) Time: 1.3 minutes
To optimize use of limited resources, which planning approach is MOST appropriate?
A. Equal audit hours for every department
B. Focusing primarily on areas with the loudest complaints
C. Using a risk-based plan approved by the board, updated as risks change
D. Auditing departments alphabetically each year
Answer:
36) Time: 1.1 minutes
Which practice would MOST likely reduce internal audit efficiency?
A. Using standardized workpaper templates
B. Conducting joint planning meetings with management
C. Re-performing all of management’s routine monitoring activities in detail
D. Leveraging data analytics to focus testing
Answer:
37) Time: 1.2 minutes
How does a strong Quality Assurance and Improvement Program (QAIP) contribute to efficiency?
A. By eliminating the need for supervision
B. By identifying process improvements and training needs that reduce rework and enhance consistency
C. By increasing documentation requirements for every step
D. By mandating external quality assessments every year
Answer:
38) Time: 1.2 minutes
Which KPI would be LEAST useful for assessing internal audit efficiency?
A. Cycle time per engagement phase (planning, fieldwork, reporting)
B. Percentage of automated tests versus manual tests
C. Number of hours each auditor spends in training
D. Ratio of completed engagements to planned engagements
Answer:
***
## F. Mixed Concepts – Scenario Practice (4 questions)
39) Time: 1.3 minutes
The CAE is pressured by the COO to exclude a significant control failure from the report and is offered a performance bonus if the report is “balanced” in tone. Which combination of principles is MOST at risk if the CAE agrees?
A. Integrity, independence, and objectivity
B. Confidentiality only
C. Proficiency and due professional care only
D. Mission and efficiency only
Answer:
40) Time: 1.3 minutes
An internal auditor is evaluating a new risk area with limited prior coverage. To align with the Mission and support efficiency, which sequence is BEST?
A. Perform extensive testing first, then identify objectives and risks
B. Identify objectives, assess risks with stakeholders, design focused procedures, then test key controls
C. Test every transaction in the area to be safe
D. Ask management to prepare a report and rely on it without further work
Answer:
www.gmsisuccess.in
