10. An audit function gains direct Automatic Programming Int…
10. An audit function gains direct Automatic Programming Interface (API) access to the organization’s data lake and Enterprise Resource Planning (ERP), enabling near-real-time monitoring of transactions against control rules. This capability is best described as enabling:
Read Details44. An operational auditor applies the IIA Organizational Re…
44. An operational auditor applies the IIA Organizational Resilience TR and sorts audit findings into the TR’s three requirement areas. A finding that ‘the organization has not defined thresholds for escalating unacceptable resilience risks, nor mapped those risks to strategic objectives’ belongs to which area?
Read Details46. A staff auditor runs a large language model (LLM) over a…
46. A staff auditor runs a large language model (LLM) over a contract population and reports that the model identified three (3) contracts with missing indemnification clauses.’ Under the IIA GPG, “Data Analytics Skills for Internal Auditors,” and the IIA’s professional skepticism standard, the auditor’s most important next step is to:
Read Details32. In challenging a residual rating, the auditor notes that…
32. In challenging a residual rating, the auditor notes that management credited a control’s effectiveness based on ‘one clean reconciliation from last month,’ treating it as representative of the full period. This is an example of:
Read Details1. A team lead wants to ‘get into fieldwork fast’ and treat…
1. A team lead wants to ‘get into fieldwork fast’ and treat planning as ‘paperwork’ to finish quickly. Citing Global Internal Audit Standards (GIAS) Principle 13, the Chief Audit Executive (CAE) explains why planning is the engagement’s theory of the case.’ Which statement best captures that rationale?
Read Details39. During planning, management refuses to give the team acc…
39. During planning, management refuses to give the team access to a subsidiary’s records that fall squarely within the engagement objective and proposes that the team exclude that subsidiary. Under GIAS Standard 13.3, the auditor’s correct course is to:
Read Details