CCIA Practice
Sign inStart free
Home / PART1 · Part 1: Essentials of Internal Auditing / Domain II: Independence and Objectivity

CIA·PART1 · Part 1: Essentials of Internal Auditing·UnitPART1 · Unit 02Access: Premium

Domain II: Independence and Objectivity

Prepare for Domain II: Independence and Objectivity with CIA practice questions covering 4 topics. Part of Part 1: Essentials of Internal Auditing — build your knowledge and track your progress with CIA Practice.

Questions
180
Topics
4
Access
Premium

What’s in it.

4 topics
  • Topic 01

    Organisational Independence — Reporting Lines and Functional Authority

    45 questions
  • Topic 02

    Individual Objectivity — Bias, Conflict of Interest, Impairment

    45 questions
  • Topic 03

    Impairments to Independence and Objectivity — Self-Review, Advocacy, Familiarity Threats

    45 questions
  • Topic 04

    Safeguards and Disclosure Obligations

    45 questions

Sample questions

3 of many

A few questions from this unit, with the answer and a full explanation. The complete bank is available when you start practising.

  1. An audit committee member asks the CAE to explain how they ensure safeguards are adequate, not merely applied. The CAE explains that they document every threat and record the safeguard chosen. The committee member presses: 'But how do you know the safeguard is actually adequate?' What is the most complete IPPF-consistent answer?

    • Adequacy is evaluated by applying the reasonable-third-party test to both the threat and the safeguard: the CAE asks whether a knowledgeable, independent observer, aware of all relevant facts, would conclude that objectivity is maintained with the safeguard in place — documentation of the assessment is part of adequacy, not a substitute for it
      Correct answer
    • Adequacy is confirmed when the engagement proceeds to completion without the auditor raising any further objectivity concerns
    • Documentation of the safeguard is itself the evidence of adequacy because it demonstrates that the CAE considered the issue and made a deliberate professional decision
    • Adequacy is confirmed by the external auditors, who review internal audit's independence arrangements as part of their annual audit work
    Explanation

    Documentation of a threat and safeguard is necessary but not sufficient for adequacy. The CAE must apply substantive judgement: would a reasonable, informed third party, with knowledge of the specific threat and the specific safeguard, conclude that objectivity is maintained? This requires considering the severity of the threat, the nature of the safeguard, and whether the two are proportionate. The IPPF's categories of safeguards provide options, not guaranteed adequate solutions — a safeguard that is adequate for a minor threat may be wholly inadequate for a significant one.

  2. Which of the following is an example of a self-review threat?

    • An auditor who has audited the same department for four consecutive years is assigned to it again
    • An auditor who is under consideration for a promotion within the department they are currently auditing
    • An auditor who publicly advocated for a cost-reduction programme is now asked to audit its effectiveness
    • An auditor who participated in developing a compliance policy is now assigned to evaluate compliance with that policy
      Correct answer
    Explanation

    Evaluating compliance with a policy you helped develop is a direct self-review threat — the auditor would be assessing the quality of their own prior work. The other options illustrate different threat types: repeated long-term assignment describes a familiarity threat; publicly advocating for a programme describes an advocacy threat; owning shares describes a self-interest threat; being considered for promotion describes a self-interest or potential conflict; and a personal friendship describes a familiarity threat.

  3. An auditor has a significant self-review threat from having designed a key payroll control system. The CAE is considering which engagement-level safeguard to apply. The options are: (A) enhanced supervision by the CAE; (B) independent review of conclusions by a second auditor with no prior involvement; (C) restricting the original auditor to evidence-gathering only, with a second auditor evaluating all conclusions; (D) full reassignment. Which option or options most clearly satisfy the reasonable-third-party test for a significant self-review threat?

    • Options (C) and (D) most clearly satisfy the reasonable-third-party test: (C) ensures the original auditor cannot evaluate their own prior work; (D) removes the threat entirely. (B) is also strong. Enhanced supervision (A) by the CAE is less reliable because it still depends on the conflicted auditor's work quality
      Correct answer
    • Option (A) is the most appropriate because CAE supervision is the highest form of oversight available within the internal audit function
    • The most appropriate option depends on budget and staffing availability, not on the IPPF's reasonable-third-party standard
    • Only option (D) satisfies the reasonable-third-party test; all other options leave the conflicted auditor with some involvement that would cause a reasonable observer to question objectivity
    Explanation

    For a significant self-review threat from designing a control system, the key question is whether the auditor is in a position to effectively evaluate their own prior work. Options (C) and (D) most directly address this: (C) ensures the conflicted auditor cannot make evaluative judgements about their own design work, with a separate independent auditor doing so; (D) removes the conflicted auditor from the engagement entirely. Option (B) is also strong because independent review by an auditor with no prior involvement provides a genuine external check on conclusions. Enhanced supervision (A) is weaker because the CAE is reviewing the quality of the conflicted auditor's evaluation — the conflicted auditor still conducted the evaluation, which is the source of the threat.