IIA-CRMA Certification in Risk Management Assurance (CRMA) Exam Questions and Answers

The scope of store operations audits should exclude compliance.

Store operations audits can be fully executed with appropriate disclosure to the board.

Store operations audits should be performed by an external service provider.

A store operations compliance audit should be performed by a staff internal auditor under the direction of the CAE.

Recommend management seek a consulting firm to advise on outsourcing.

Highlight matters that require management's attention.

Implement solutions for specific organizational problems.

Accumulate data, obtain varying views, and report information to senior management.

Suppliers' reports of over shipments.

Warehouse receiving logs.

Purchase requisitions and purchase orders.

Observation and inspection of inventory.

Creating an audit trail.

Placing controls on physical access to inventory.

Reconciling purchase orders with approvals.

Reviewing expense accounts for irregularities.

Statistical sampling only

Nonstatistical sampling only

A combination of both statistical and nonstatistical sampling.

Neither approach to testing the audit theory would be cost effective.

Quality assessments and cultural biases of the internal audit activity.

Rotational assignments and familiarity of the internal audit activity.

Employee incentives and self review of the internal audit activity.

Organizational positioning and scope control of the internal audit activity.

Having an occupational health officer on the engagement team.

Determining that the claims have been classified properly.

Placing reliance on medical reports from the injured worker's doctor.

Reviewing claims to ensure all accidents actually occurred in the workplace.

The audit committee and senior management.

The audit committee and the external auditors.

Senior management and management of the audited area.

Senior management and the external auditors.

Unauthorized overtime.

Fictitious employees.

Unearned bonuses or commissions.

Skimming.

Fraud open on the books.

Fraud hidden on the books.

Fraud off the books.

Fraud on the balance sheet.

1 and 2 only

3 and 4 only

1, 3, and 4 only

2, 3, and 4 only

Which sampling methodology to select for testing.

Which fields to examine on each invoice.

Whether an individual expenditure is allowable.

What level of noncompliance is acceptable.

The periodic rotation of procurement officers' assignments to supplier accounts.

A pre-award financial capacity analysis of suppliers.

An automated computer report, organized by supplier, of any invoices for the same amount.

Periodic inventories of kiln-dried wood at the organization's warehouse.

1 only

2 only

3 only

1 and 2 only

Impose risk management processes.

Coordinate risk management activities.

Implement risk responses on management's behalf.

Review the management of key risks.

Analytical review.

Inquiry.

Document verification.

Observation.

Accept the assignment and use control self-assessment to complete the project.

Do not accept the assignment because the internal audit activity lacks the competency to perform the engagement with due professional care.

Accept the assignment and use an external provider with the necessary knowledge and skills to perform the engagement.

Accept the assignment if the engagement is included in the current audit plan, but inform senior management that the current audit staff does not have the knowledge and skills required.

Suggesting alternatives to decision makers.

Improving the integrity of information.

Determining the scope of internal audit services.

Achieving engagement objectives.

It cannot be used to test the completeness assertion.

It cannot be used to test the existence assertion.

It cannot be used to test the occurrence assertion.

It cannot be relied upon because the evidence is not persuasive.

Attending annual professional conferences and seminars.

Participating in on-the-job training in various departments of the organization.

Pursuing as many professional certifications as possible.

Maintaining membership in The HA and similar professional organizations and subscribing to relevant email updates or news feeds.

1 only. |

1 and 4 only.

1, 3, and 4 only.

1,2, 3, and 4.

Due professional care.

Individual objectivity.

Proficiency.

Organizational independence.

1 and 2 only

1 and 3 only

2 and 3 only

1, 2, and 3

Customers' orders are recorded promptly.

Goods shipped are matched with valid customer orders.

Goods returned are inspected for damage by the receiving department for proper disposition.

Sales department approval is required for credit sales transactions.

Condition section.

Criteria section.

Effect section.

Cause section.

CAE reviews and approves the annual audit plan.

CAE meets privately with The CEO at least annually.

CAE meets privately with The board at least annually.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Bank statements.

Customer confirmation letters.

Copies of sales invoices.

Copies of deposit slips.

Internal auditor integrity enables stakeholders to constantly question the work of the internal audit activity.

Internal auditor integrity enables the internal auditor to avoid being challenged by any party in the organization.

Internal auditor integrity enables the internal audit activity to be able to demonstrate independence.

Internal auditor integrity enables users of internal auditors' work to make important business decisions.

The auditor should accept the calculations generated by the function, as any further work or documentation would be inefficient.

The auditor should perform a manual recalculation of several results to validate and document the results.

The auditor should review the programming of the macro before its use to ensure that it is appropriate for the required calculations.

The auditor should tabulate the results in the spreadsheet to ensure the macro has generated the correct results for all calculations.

The chief audit executive (CAE) approves the annual internal audit plan.

The CAE administratively reports to the board.

The audit committee approves the CAE's annual salary increase.

The chief executive officer approves the internal audit charter.

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

Not allow the audit manager to hire the contractor, as it would be a conflict of interest.

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer.

The board seeks senior management's recommendation before approving the annual salary adjustment of the CAE.

The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity.

The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline.

Pressure or incentive.

Opportunity.

Rationalization.

Commitment.

The training courses necessary to enhance the internal auditor's knowledge, skills, and other competencies.

The appropriateness of assurance procedures necessary to ensure all significant risks will be identified.

The use of innovative technology and data analysis techniques.

The extent of work needed to achieve the engagement’s objectives.

Coordinate and facilitate risk workshops for management to attend.

Establish the degree of risk appetite for management to accept.

Set risk indicators and mitigation plans for management to implement.

Determine the number of significant risks for management to report to the board.

Report the deviations immediately to the audit committee.

Gather additional information to determine the cause of the deviations.

Conclude that the budget was unreasonably set and accept the deviations.

Perform alternative forms of analytical procedures which provide no deviations.

Corrective control.

Preventive control.

Detective control.

Directive control.

A much higher bad debt expense as a percentage of sales than that of previous years.

A much higher bad debt expense as a percentage of sales than that of other stores.

A much higher percentage of past-due accounts receivable than that of other stores.

A much higher percentage of past-due accounts receivable than that of previous years.

It ensures that all members of the profession possess the same level of competence.

It provides auditors with protection from lawsuits.

It guides internal auditors in their service to others.

It requires auditors to exhibit loyalty to their organizations.