A newly appointed chief audit executive (CAE) reviews current reporting practices. The CAE notices that exit meetings tend to be unproductive. When internal auditors present summaries of observations, engagement clients consistently complain that they do not understand where the observations come from. Which of the following could improve this situation?
Correct Answer: A
Exit meetings are intended to ensure that engagement clients clearly understand the observations, conclusions, and recommendations of the internal audit activity. The IIA's International Standards for the Professional Practice of Internal Auditing emphasize that communication should be clear, constructive, and timely. Providing engagement clients with written summaries of the observations before the exit meeting allows them to review the facts, prepare questions, and understand the basis for the observations. This preparation improves dialogue, reduces confusion, and increases the effectiveness of the meeting. Option B is less effective because it limits client engagement and postpones resolution of disagreements. Option C is impractical, as reading the full draft report during the meeting is time-consuming and may overwhelm clients. Option D eliminates the opportunity for discussion and relationship building with management, which is a critical part of audit communication. Reference:IIA's International Standards for the Professional Practice of Internal Auditing (Standards 2400 - Communicating Results, Practice Advisory 2410-2).
Question 17
According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization's network and data?
Correct Answer: B
Reference: IIA Business Knowledge for Internal Auditing, Third-Party Risk Management section.
Question 18
Which of the following budgets must be prepared first?
Correct Answer: B
Question 19
A control feature designed to negate the use of utility programs to read files that contain all authorized access user codes for the network is:
Correct Answer: A
Utility programs can be used to gain access to almost any file. However, gaining access to a file of passwords would be useless if those passwords were encrypted prior to placing them in the file.
Question 20
In a critical path analysis, if slack time in an activity exists, the activity:
Correct Answer: C
Slack is the free time associated with each activity. In other words, paths that are not critical have slack time. Slack represents unused resources that can be diverted to the critical path.
