CCIA Practice
Sign inStart free
Home / PART1 · Part 1: Essentials of Internal Auditing / Domain I: Foundations of Internal Auditing

CIA·PART1 · Part 1: Essentials of Internal Auditing·UnitPART1 · Unit 01Access: Free tier

Domain I: Foundations of Internal Auditing

Prepare for Domain I: Foundations of Internal Auditing with CIA practice questions covering 6 topics. Part of Part 1: Essentials of Internal Auditing — build your knowledge and track your progress with CIA Practice.

Questions
274
Topics
6
Access
Free

What’s in it.

6 topics
  • Topic 01

    The IIA Mission, Definition of Internal Auditing, and Core Principles

    45 questions
  • Topic 02

    The IPPF — Mandatory and Recommended Guidance

    58 questions
  • Topic 03

    Code of Ethics — Principles and Rules of Conduct

    39 questions
  • Topic 04

    Internal Audit Charter — Purpose, Authority, and Responsibility

    42 questions
  • Topic 05

    Types of Internal Audit Services — Assurance vs. Consulting

    45 questions
  • Topic 06

    Demonstrating Value and Communicating Internal Audit's Role

    45 questions

Sample questions

3 of many

A few questions from this unit, with the answer and a full explanation. The complete bank is available when you start practising.

  1. An internal audit charter defines purpose and authority but its 'responsibility' section only states that 'internal audit will conduct audits as requested by management.' An external quality assessor flags this as inadequate. Why?

    • The assessor is wrong — Standard 1000 does not specify the content of the responsibility section.
    • The assessor is wrong — 'as requested by management' accurately reflects the purpose of internal audit.
    • The responsibility section must describe the duties of the internal audit activity and the CAE, including the obligation to provide risk-based assurance and consulting services in accordance with the IPPF — not just respond to management requests. This wording subordinates internal audit's agenda to management, undermining independence.
      Correct answer
    • The assessor is partially correct — the wording is inadequate only for the consulting elements.
    Explanation

    The responsibility section of the charter must describe the duties of the internal audit activity and the CAE. A charter that defines responsibility solely as responding to management requests does not reflect internal audit's obligation to conduct risk-based work, report to the board, and operate in accordance with the IPPF. It also creates an independence concern: framing the function's work as dependent on management requests rather than board-approved risk-based priorities undermines the independence the charter is meant to establish.

  2. An internal audit function focuses its compliance efforts exclusively on the Performance Standards (2000 series), arguing that those Standards directly govern audit work and are therefore more important than the Attribute Standards (1000 series). Is this reasoning sound?

    • No. Both series are equally mandatory. The Attribute Standards establish the foundational conditions (independence, objectivity, proficiency) that enable effective audit performance — without them, conformance with Performance Standards alone cannot ensure credible audit work.
      Correct answer
    • No. Attribute Standards are mandatory but more important than Performance Standards, so the reasoning is inverted.
    • Yes. Attribute Standards only apply to the CAE; individual auditors need only comply with Performance Standards.
    • No. The two series are equally important, but only the Attribute Standards are assessed in external quality reviews.
    Explanation

    Both Attribute and Performance Standards are mandatory elements of the IPPF and are equally important. The Attribute Standards (1000 series) establish the conditions that make effective and credible auditing possible — independence, objectivity, proficiency, and quality assurance. Without conforming with Attribute Standards, the performance of audit work described in the 2000 series lacks the foundational integrity to be credible. The two series are complementary, not hierarchical.

  3. What is the nature of the output produced by a consulting engagement?

    • A formal audit report with a compliance opinion distributed to the audit committee.
    • An independent opinion or conclusion on the effectiveness of controls delivered to the board.
    • A quality assurance rating for the organisation's internal control framework.
    • Advice, recommendations, or facilitation to help the client improve governance, risk management, and control processes.
      Correct answer
    Explanation

    Consulting services produce advice, recommendations, or facilitation — not an independent opinion or formal assurance conclusion. The output is directed to the client, who is both the requester and the user, and is intended to help the client improve rather than to provide an independent assessment for a separate user's reliance.