CIA PART 1 (2025)
Challenging Essay-Based MCQs
1. Independence vs Objectivity (Governance & Ethics)
The Chief Audit Executive (CAE) reports functionally to the audit committee and administratively to the CFO. Due to budget constraints, the CFO requires the internal audit department to review expense reimbursements of senior executives and report findings directly to him before communicating with the audit committee.
Which statement BEST describes the situation?
A. Independence is impaired because the CAE reports administratively to the CFO
B. Objectivity is impaired due to familiarity threat
C. Independence may be impaired due to interference with audit communication
D. There is no impairment as long as findings are eventually reported
Correct Answer:
2. Three Lines Model – Accountability
An organization assigns the risk management department responsibility for designing controls, monitoring their effectiveness, and providing assurance to the board.
Which flaw exists in this structure?
A. Risk management should not design controls
B. Risk management should report administratively to internal audit
C. Second-line functions should not provide independent assurance
D. Board should approve all controls
Correct Answer:
3. Assurance vs Consulting Engagement
Internal auditors are asked to facilitate a workshop to help management redesign the procurement process and later audit the same process.
What is the MOST appropriate action?
A. Accept both assignments without restriction
B. Decline the consulting engagement
C. Perform consulting but assign a different auditor for assurance
D. Accept assurance engagement first, then consulting
Correct Answer:
4. Risk Assessment – Residual Risk
Management implements controls that reduce inherent risk significantly, but key controls are manual and inconsistently applied.
How should internal audit assess residual risk?
A. Low, because inherent risk was high but mitigated
B. Moderate to high, due to control effectiveness issues
C. Low, because management accepted the risk
D. Insignificant, because controls exist
Correct Answer:
5. Governance – Board Responsibilities
Which of the following is the PRIMARY governance responsibility of the board?
A. Designing internal controls
B. Managing organizational risk
C. Providing independent oversight
D. Performing internal audits
Correct Answer:
6. Professional Due Care
During an audit, an internal auditor suspects fraud but lacks forensic expertise. Management insists there is no issue.
What should the auditor do FIRST?
A. Ignore the suspicion
B. Perform forensic procedures
C. Report suspicion and recommend specialist involvement
D. Inform external auditors immediately
Correct Answer:
7. Ethical Dilemma – Confidentiality
An internal auditor discovers confidential salary data during an engagement. A department head requests the information informally.
What is the MOST appropriate response?
A. Share data since the manager requested it
B. Share only summarized data
C. Decline and maintain confidentiality
D. Seek permission from HR
Correct Answer:
8. Risk-Based Audit Planning
Which factor should MOST influence the internal audit plan?
A. Management preference
B. Time since last audit
C. Risk severity and likelihood
D. Availability of audit staff
Correct Answer:
9. Quality Assurance and Improvement Program (QAIP)
Which activity BEST demonstrates an effective QAIP?
A. Annual performance appraisal of auditors
B. External assessment every year
C. Ongoing internal reviews and periodic external assessments
D. Audit committee review of reports
Correct Answer:
10. Combined Assurance
Multiple assurance providers independently review the same low-risk area while high-risk areas remain unaudited.
What governance weakness does this indicate?
A. Inadequate segregation of duties
B. Poor coordination of assurance activities
C. Lack of internal controls
D. Ineffective audit committee
Correct Answer:
11. Objectivity Threat
An auditor previously worked as procurement manager six months ago and is assigned to audit procurement.
What threat exists?
A. Advocacy threat
B. Familiarity threat
C. Self-review threat
D. No threat exists
Correct Answer:
12. Management Risk Acceptance
Internal audit identifies a high residual risk. Management formally accepts the risk.
What should the CAE do?
A. Accept management decision without action
B. Escalate the matter to the board
C. Modify audit opinion
D. Re-audit immediately
Correct Answer:
Exam Tip (CIA Part 1 – 2025)
✔ Focus on judgment, not definitions
✔ Look for governance failures, independence threats, risk misalignment
✔ Eliminate options that confuse management responsibility vs audit responsibility
Section B….
Below are 50 ultra-tricky, exam-level MCQs , strictly aligned to CIA Part 1 – Essentials of Internal Auditing (New Syllabus 2025).
These are IIA-style, scenario-based, high-confusion questions designed to test judgment, independence, governance, risk, and ethics.
CIA PART 1 (2025)
1.
The CAE attends executive meetings but is excluded when strategic risks are discussed.
What is the MOST significant implication?
A. Objectivity impairment
B. Scope limitation
C. Independence impairment
D. Ineffective risk management
Answer:
2.
Which situation MOST threatens internal audit independence?
A. Budget approval by management
B. Administrative reporting to CEO
C. Audit committee approving audit plan
D. Management limiting audit areas
Answer:
3.
A consulting engagement requires recommending control design.
What MUST the auditor ensure?
A. Independence is not required
B. Objectivity is safeguarded
C. Assurance standards apply fully
D. Audit committee approval
Answer:
4.
Which function BEST fits the second line of defense?
A. Internal audit
B. External audit
C. Compliance monitoring
D. Board of directors
Answer:
5.
Residual risk remains high even after controls.
What does this MOST likely indicate?
A. Poor inherent risk assessment
B. Ineffective controls
C. Lack of management oversight
D. Risk appetite not defined
Answer:
6.
Which is NOT a board responsibility?
A. Oversight of risk
B. Setting tone at the top
C. Designing internal controls
D. Ensuring audit independence
Answer:
7.
An auditor accepts a gift of nominal value from auditee.
Which principle is MOST at risk?
A. Integrity
B. Confidentiality
C. Competence
D. Objectivity
Answer:
8.
Which action BEST supports risk-based auditing?
A. Rotating audits annually
B. Auditing all units equally
C. Prioritizing high residual risk areas
D. Auditing only financial risks
Answer:
9.
What is the PRIMARY purpose of QAIP?
A. Auditor appraisal
B. Regulatory compliance
C. Continuous improvement
D. Cost reduction
Answer:
10.
External quality assessment must be performed at least every:
A. 3 years
B. 4 years
C. 5 years
D. 6 years
Answer:
11.
Management accepts a risk beyond risk appetite.
What should the CAE do?
A. Document acceptance
B. Ignore decision
C. Escalate to board
D. Re-assess controls
Answer:
12.
Which engagement provides the HIGHEST level of assurance?
A. Consulting
B. Compliance review
C. Assurance audit
D. Advisory service
Answer:
13.
Which threat arises when auditing a former department?
A. Advocacy
B. Familiarity
C. Self-review
D. Intimidation
Answer:
14.
Which factor LEAST affects audit independence?
A. Scope limitation
B. Reporting line
C. Staff competence
D. Management interference
Answer:
15.
Internal audit reports administratively to CFO.
Which safeguard is MOST important?
A. Budget control
B. Functional reporting to audit committee
C. Management representation
D. Annual planning
Answer:
16.
Which risk remains after controls are applied?
A. Inherent risk
B. Control risk
C. Residual risk
D. Detection risk
Answer:
17.
What BEST defines governance?
A. Daily management
B. Control activities
C. Direction and oversight
D. Risk assessment
Answer:
18.
Which activity compromises objectivity MOST?
A. Providing training
B. Process facilitation
C. Decision-making authority
D. Control evaluation
Answer:
19.
Which is an internal auditor’s responsibility regarding fraud?
A. Investigate all fraud
B. Detect fraud
C. Consider fraud risk
D. Prevent fraud
Answer:
20.
Which is a key element of effective governance?
A. Strong management
B. Ethical culture
C. Detailed procedures
D. Cost control
Answer:
21.
Which is a limitation of internal control?
A. Management override
B. Segregation of duties
C. Authorization
D. Documentation
Answer:
22.
What is the FIRST step in risk-based audit planning?
A. Allocate resources
B. Identify risks
C. Evaluate controls
D. Perform audits
Answer:
23.
Which party owns risk?
A. Internal audit
B. Board
C. Management
D. Compliance
Answer:
24.
Which report relationship BEST ensures independence?
A. Admin: CFO / Func: CEO
B. Admin: CEO / Func: Audit Committee
C. Admin: COO / Func: CFO
D. Admin: Board / Func: Management
Answer:
25.
Which engagement gives advice without assurance?
A. Assurance
B. Consulting
C. External audit
D. Compliance audit
Answer:
26.
Which scenario shows scope limitation?
A. Auditor lacks skill
B. Management denies access
C. Budget reduction
D. Poor planning
Answer:
27.
What ensures objectivity MOST?
A. Rotation
B. Independence
C. Professional judgment
D. Ethics training
Answer:
28.
Which line monitors compliance but does not audit?
A. First
B. Second
C. Third
D. Fourth
Answer:
29.
Which factor MOST influences audit frequency?
A. Last audit date
B. Risk level
C. Auditor availability
D. Management request
Answer:
30.
Which is NOT part of QAIP?
A. Internal assessments
B. External assessments
C. Peer reviews
D. Financial statement audits
Answer:
31.
What is a red flag of weak governance?
A. Clear risk appetite
B. Active audit committee
C. Board dominated by management
D. Independent directors
Answer:
32.
Which BEST supports combined assurance?
A. Multiple audits
B. Independent reviews
C. Coordinated assurance providers
D. Frequent reporting
Answer:
33.
Which engagement risks self-review threat?
A. Training staff
B. Policy drafting
C. Auditing drafted policy
D. Risk assessment
Answer:
34.
Which code principle addresses misuse of information?
A. Integrity
B. Objectivity
C. Confidentiality
D. Competence
Answer:
35.
Which situation requires disclosure of impairment?
A. Consulting engagement
B. Prior employment
C. Time pressure
D. Lack of resources
Answer:
36.
What does “tone at the top” influence MOST?
A. Controls
B. Risk assessment
C. Ethical culture
D. Audit plan
Answer:
37.
Which is NOT an internal audit role?
A. Assurance
B. Consulting
C. Risk ownership
D. Advisory
Answer:
38.
Which risk cannot be eliminated fully?
A. Inherent risk
B. Control risk
C. Residual risk
D. Compliance risk
Answer:
39.
Which best describes assurance?
A. Advice
B. Facilitation
C. Independent evaluation
D. Decision support
Answer:
40.
Which activity MOST supports audit quality?
A. Fast reporting
B. High coverage
C. Professional skepticism
D. Automation
Answer:
41.
What threatens independence MOST?
A. Consulting services
B. Management approval of plan
C. Performance evaluation by management
D. Risk workshops
Answer:
42.
Which risk relates to incorrect processes?
A. Strategic
B. Operational
C. Financial
D. Compliance
Answer:
43.
Which is a governance failure?
A. Risk acceptance
B. Management override
C. Strong audit committee
D. Ethical leadership
Answer:
44.
What is the CAE’s role in ERM?
A. Own risks
B. Manage risks
C. Provide assurance and advice
D. Approve risk responses
Answer:
45.
Which assurance level is highest?
A. Limited
B. Negative
C. Reasonable
D. Moderate
Answer:
46.
Which is an example of management override?
A. Policy violation
B. Unauthorized access
C. Bypassing controls
D. Segregation of duties
Answer:
47.
Which is a safeguard for objectivity?
A. Incentives
B. Audit rotation
C. Management feedback
D. Bonus linkage
Answer:
48.
Which engagement requires most professional judgment?
A. Checklist audit
B. Compliance audit
C. Risk-based audit
D. Inventory count
Answer:
49.
Which area should internal audit avoid owning?
A. Risk assessment
B. Control evaluation
C. Risk mitigation decisions
D. Governance review
Answer:
50.
Which scenario BEST demonstrates effective governance?
A. Strong management controls
B. Independent board oversight
C. Frequent audits
D. Detailed procedures
Answer:
🔑 CIA PART 1 SUCCESS STRATEGY
✔ Choose oversight over execution
✔ Internal audit = assurance + advice, not management
✔ Board = independence, ethics, oversight
✔ Risk drives everything
www.gmsisuccess.in
Section C....
Below are logical, exam-oriented MCQ questions with clear reasoning, focused on Internal Control & Control Application, aligned with CIA Part 1 (2025), US CMA, and ACCA-style logic.
These test cause–effect, control purpose, and application, not rote memory.
Logical MCQs on Internal Control & Control Application
1.
Which control BEST prevents unauthorized payments?
A. Bank reconciliation
B. Segregation of duties between authorization and payment
C. Monthly expense analysis
D. Internal audit review
Answer:
2.
A company performs bank reconciliation by the same employee who records cash receipts.
Which risk remains MOST significant?
A. Recording errors
B. Unauthorized payments
C. Cash theft concealment
D. Delayed reconciliation
Answer:
3.
Which control is primarily a detective control?
A. Access passwords
B. Approval limits
C. Bank reconciliation
D. System validation checks
Answer:
4.
A purchase order is approved after goods are received.
Which control principle is violated?
A. Authorization
B. Documentation
C. Timeliness
D. Segregation of duties
Answer:
5.
Which control BEST ensures accuracy of data entry?
A. Physical inventory count
B. Edit checks in IT system
C. Supervisory review
D. Bank confirmation
Answer
6.
Which situation indicates a compensating control?
A. Password protection
B. Segregation of duties
C. Management review due to lack of segregation
D. Automated approval
Answer:
7.
Which control MOST reduces risk of duplicate vendor payments?
A. Vendor master file review
B. Three-way matching
C. Segregation of duties
D. Budget monitoring
Answer:
8.
A company relies heavily on manual controls.
What is the PRIMARY risk?
A. High cost
B. System failure
C. Human error and inconsistency
D. Lack of documentation
Answer:
9.
Which control activity addresses existence of inventory?
A. Inventory valuation review
B. Physical inventory count
C. Authorization of purchases
D. Inventory turnover analysis
Answer:
10.
Which control is MOST effective in preventing payroll fraud?
A. Payroll register review
B. Segregation of HR and payroll processing
C. Trend analysis of wages
D. External audit
Answer:
11.
Which internal control component sets the foundation for all others?
A. Risk assessment
B. Control activities
C. Control environment
D. Monitoring
Answer:
12.
Which control BEST prevents management override?
A. Policies
B. Internal audit
C. Board and audit committee oversight
D. Automated controls
Answer
13.
Which is an example of an IT application control?
A. Firewall
B. Password policy
C. Input validation check
D. Disaster recovery plan
Answer:
14.
Which control ensures completeness of sales recording?
A. Credit approval
B. Pre-numbered invoices
C. Price authorization
D. Customer confirmation
Answer
15.
Which control is MOST suitable to detect fictitious vendors?
A. Three-way match
B. Periodic vendor master review
C. Bank reconciliation
D. Budget comparison
Answer:
16.
Which control is preventive rather than detective?
A. Exception reports
B. Physical access restriction
C. Reconciliation
D. Variance analysis
Answer:
17.
Which risk increases when one person handles cash, records transactions, and reconciles bank accounts?
A. Recording delay
B. Fraud concealment
C. System error
D. Budget variance
Answer
18.
Which control activity addresses valuation of receivables?
A. Credit approval
B. Aging analysis and allowance review
C. Pre-numbered invoices
D. Cash receipts segregation
Answer:
19.
Which monitoring activity provides ongoing assurance?
A. External audit
B. Annual internal audit
C. Continuous management review
D. Fraud investigation
Answer:
20.
Which statement BEST describes an effective internal control system?
A. Eliminates all risks
B. Prevents all fraud
C. Provides reasonable assurance
D. Guarantees accuracy
Answer:
🔍 Exam Logic to Remember
✔ Ask: What risk is being addressed?
✔ Prevention > Detection (but both are needed)
✔ Segregation of duties is the strongest control
✔ Internal control ≠ fraud elimination
www.gmsisuccess.in
