CCIA Practice
Sign inStart free
Home / PART1 · Part 1: Essentials of Internal Auditing
Aligned to the IIA CIA exam syllabus

CIA·ModulePART1

Part 1: Essentials of Internal Auditing

Prepare for Part 1: Essentials of Internal Auditing with CIA practice questions covering 40 topics. Build your knowledge, track your progress, and study effectively with CIA Practice.

Questions
1,555
Units
7
Topics
40
Access
Free tier available

What’s in it.

7 units

Sample questions

3 of many

A few questions from this module, with the answer and a full explanation. The complete bank is available when you start practising.

  1. An audit report states that 'all 47 purchase orders in the sample were processed without management approval.' On further review, the auditor discovers that 3 of the 47 had approval documentation that was missed during fieldwork. The error is identified before the report is issued. Which quality attribute of Standard 2420 requires this error to be corrected before issuing?

    • Constructive — an inaccurate finding leads to management taking unnecessary remediation action
    • Complete — the report should include all evidence including the three correctly approved orders
    • Timely — the error was discovered before issuance, so it must be corrected immediately to maintain timeliness
    • Accurate — the report contains a factual error that misrepresents the scope of the control failure
      Correct answer
    Explanation

    The 'accurate' attribute of Standard 2420 requires that communications faithfully represent the facts. Stating that all 47 orders lacked approval when 3 in fact had documentation is a factual error. The finding should be corrected to accurately state that 44 of 47 orders (or whatever the correct count) were processed without approval. While the 'complete' attribute also has some relevance (the report should include all relevant evidence), the primary quality attribute at issue here is accuracy — the report as drafted contains an inaccurate factual assertion that misrepresents the condition found.

  2. An organisation has replaced manual invoice approval with an automated three-way matching system (purchase order, goods receipt, and invoice matched automatically). An internal auditor must assess the change. Which statement most accurately captures both the benefits and risks of this transition?

    • Automated three-way matching eliminates the need for detective controls because the system will reject all non-matching invoices at the point of entry.
    • The change introduces no additional risk because automated controls are inherently more reliable than manual controls across all scenarios.
    • Automated matching improves consistency, speed, and scalability, but introduces dependence on correct system configuration and effective GITCs; if GITCs (particularly change management and access controls) are weak, the automated control cannot be relied upon without additional testing.
      Correct answer
    • The transition is acceptable only if the automated control is tested annually by external auditors under PCAOB AS 2201 requirements.
    Explanation

    Automated three-way matching is a strong automated preventive control that improves efficiency, consistency, and auditability compared to manual approval. However, it introduces specific risks: its effectiveness depends on correct initial configuration (e.g., matching tolerances, exception handling) and on effective GITCs (access controls to prevent unauthorised changes to matching parameters, change management to prevent configuration drift). If GITCs are weak, internal audit cannot rely on the automated control and must perform additional substantive testing. Automated controls do not eliminate the need for detective controls — exceptions still need investigation.

  3. What are the three components of value described in the IIA Mission statement?

    • Governance, risk management, and control.
    • Integrity, objectivity, and competency.
    • Assurance, advice, and insight.
      Correct answer
    • Planning, execution, and communication.
    Explanation

    The IIA Mission states that internal audit provides 'risk-based and objective assurance, advice, and insight.' These three — assurance, advice, and insight — are the three components of the value internal audit delivers. The other options describe quality standards, domains, ethics principles, or process stages.