CIA Exam Sample Questions: Part 1, Part 2, and Part 3
Free CIA Exam Sample Questions
Follow-up activity may be required to ensure that corrective action has taken place for certain findings. The internal audit department’s responsibility to perform follow-up activities as required should be defined in the:
| A. Internal auditing department’s written charter. | ||
| B. Mission statement of the audit committee. | ||
| C. Engagement memo issued prior to each audit assignment. | ||
| D. Purpose statement within applicable audit reports. |
According to the U.S. Securities and Exchange Commission (SEC) and the U.S. Sarbanes-Oxley Act (SOX), what is the proper term for when a chief executive officer (CEO) and chief financial officer (CFO) need to give up their bonuses and incentives based on financial results that later had to be restated or proved to be fraudulent?
| A. Pushback provision | ||
| B. Clawback provision | ||
| C. Pullback provision | ||
| D. Rollback provision |
A tool that generally is not used to manage subjective risk is:
| A. Obtaining more information. | ||
| B. Group discussion. | ||
| C. Systematically identifying and analyzing appropriate methods for dealing with risks. | ||
| D. Severity reduction. |
Which of the following is not a contributing factor to a false assurance coming from an internal audit to others?
| A. Measurement gaps | ||
| B. Communication gaps | ||
| C. Expectation gaps | ||
| D. Competency gaps |
According to the COSO report, the internal control framework consists of which of the following?
| A. Processes, people, objectives. | ||
| B. Profits, products, processes. | ||
| C. Costs, revenues, margins. | ||
| D. Return on investment, earnings per share, market share. |
Which of the following uses web-call-center notes and web-chat notes to detect fraud?
| A. Text-based data analytics | ||
| B. Open source data analytics | ||
| C. Visual data analytics | ||
| D. Streaming data analytics |
An internal auditor in a retail company reports to the corporate director of internal audit. The auditor is assigned to audit a regional division. The audit reports are to be sent both to the corporate office and the division controller in the region. The auditor has been on location for six months and has submitted monthly reports, each month auditing a part of the operation as assigned by corporate internal auditing. This month, for the first time, the auditor has audited the inventory controls, following procedures established by the corporate internal auditing staff.
After seeing the audit report on inventory control, the divisional controller called and requested a meeting with the auditor. At the meeting, the divisional controller loudly and abusively criticized the accuracy of the auditor’s work, the soundness of the auditor’s methods, and the results presented in the reports. In the past, while not always agreeing with the auditor’s conclusions, the divisional controller always had rational discussions and developed appropriate follow-up steps to correct the problems the auditor found.
This particular audit was not the auditor’s best work, and the auditor realizes this. The auditor should:
| A. Defend the work now and try to improve it in the future. | ||
| B. Ask the divisional controller to identify specific areas in which the report is deficient, and, if the objections are justified, revise the report. | ||
| C. Explain the personal problems that kept the auditor from working as hard on this report as could be expected. | ||
| D. Ask for time off for training in the weak areas. |
The following information is extracted from a draft of an audit report prepared on the completion of an audit of the inventory warehousing procedures for a division.
Findings
[#5]
We performed extensive tests of inventory record keeping and quantities on hand. Based on our tests, we have concluded that the division carries a large quantity of excess inventory, particularly in the area of component parts. We expect this be due to the conservatism of local management that does not want to risk shutting down production if the goods are not on hand. However, as noted earlier in this report, the excess inventory has led to a higher-than-average level of obsolete inventory write-downs at this division. We recommend that production forecasts be established, along with lead times for various products, and used in conjunction with economic order quantity concepts to order and maintain appropriate inventory levels.
[#6]
We observed that receiving reports were not filled out when the receiving department became busy. Instead, the receiving manager would fill out the reports after work and forward them to accounts payable. There is a risk that all items received might not be recorded or that failing to initially record might result in some items being diverted to other places. During our tests, we noted many instances in which accounts payable had to call to receiving to obtain a receiving report. We recommend that receiving reports be prepared.
[#7]
Inventory is messy. We recommend that management communicate the importance of orderly inventory management techniques to warehouse personnel to avoid the problems noted earlier about (1) locating inventory when needed for production and (2) incurring unusually large amounts of inventory write-offs because of obsolescence.
[#8]
We appreciate the cooperation of divisional management. We intend to discuss our findings with them and follow up by communicating your reaction to those recommendations included within this report. Given additional time for analysis, we feel there are substantial opportunities available for significant cost savings and we are proud to be a part of the process.
A major deficiency in paragraph #6 related to the completeness of the audit report is:
| A. The factual evidence for the audit finding is not given. | ||
| B. The cause of the problem is not defined. | ||
| C. The risk is presented in an overdramatic fashion. | ||
| D. The recommendation is incomplete. |
During an audit of a defense contract, the auditor becomes concerned with the possibility of inappropriate charges to overhead. However, when examining the underlying documentation of expenses, the auditor finds that all expenditures are properly supported. All billings show total cost and the application of a percentage overhead rate that appears consistent with previous years. Assume the contract with the defense contractor states that the government will not pay for costs associated with waste or inefficiency on the part of the contractor. Which of the following sources of evidence would be least persuasive regarding potential waste and inefficiency on the part of the contractor?
| A. Management certification that it has not incurred waste or inefficiencies that are not allowed in the contract. | ||
| B. A walk-through of the contractor’s manufacturing and development facilities. | ||
| C. An examination of the nature of expenses incurred to determine their intent and relationship to the contract. | ||
| D. A comparison of contract expense with that of similar projects in the past or similar projects with other companies. |
The internal auditing department has begun an audit of an automated payroll system. Audit staff members have been trained in the use of an audit software package and have a working knowledge of the database employed for this system but do not have programming experience. In the system being audited, employees report their hours on time sheets, which are keyed each week by an assigned individual in each department.
The transaction file of payroll hours is maintained by the system as a primary source of payroll input. After the department manager reviews the gross hours, the information is released to the online payroll system. The payroll is then processed, and pay stubs are printed and distributed to the employees. All payments are through direct deposit. In order to preserve the confidentiality of the payroll information of employees, detailed reports that reconcile payroll expenses charged to the department are not generated. Management wants to know whether the payroll program is reliable. Given the skill level of the assigned staff, which of the following methods will most likely be applied to test the accuracy of the payroll calculation?
| A. Parallel simulation. | ||
| B. Integrated test facility. | ||
| C. Tagging and tracing. | ||
| D. Mapping and program analysis. |
Which of the following provides encryption as a basic service and becomes a form of double encryption when it is sent through an encrypted tunnel?
| A. Value-added network | ||
| B. Virtual private network | ||
| C. Body area network | ||
| D. Personal area network |
A company produced and sold 100,000 units of a component with a variable cost of $20 per unit. First quality components have a selling price of $50. The component’s specifications require its weight to be 20 kg. with a tolerance of plus or minus of 1 kg. Unfortunately, 1,200 of the units produced failed the company’s tolerance specifications. These 1,200 units were reworked at a cost of $12 per unit and sold as factory seconds at $45 each. Had the company had a quality assurance program in place such that all units produced conformed to specifications, the increase in the company’s contribution margin from this component would have been
| A. $14,400. | ||
| B. $20,400. | ||
| C. $21,600. | ||
| D. $39,600. |
Which of the following denial-of-service (DoS) attacks in networks is least common in occurrence?
| A. Service overloading. | ||
| B. Message flooding. | ||
| C. Connection clogging. | ||
| D. Signal grounding. |
A company that annually reviews its investment opportunities and selects appropriate capital expenditures for the coming year is presented with two projects, called project A and project B. Best estimates indicate that the investment outlay for project A is $30,000 and for project B is $1 million. The projects are considered to be equally risky. Project A is expected to generate cash inflows of $40,000 at the end of each year for two years. Project B is expected to generate cash inflows of $700,000 at the end of the first year and $500,000 at the end of the second year. The company has a cost of capital of 8%.
Net present value (NPV) and internal rate of return (IRR) differ in that:
| A. NPV assumes reinvestment of project cash flows at the cost of capital while IRR assumes reinvestment of project cash flows at the internal rate of return. | ||
| B. NPV and IRR make different accept or reject decisions for independent projects. | ||
| C. IRR can be used to rank mutually exclusive investment projects but NPV cannot. | ||
| D. NPV is expressed as a percentage while IRR is expressed as a dollar amount. |
A reader of a statement of cash flows wishes to analyze the major classes of cash receipts and cash payments from operating activities. Which methods of reporting cash flows from operating activities will supply that information?
| A. Both the direct and indirect methods. | ||
| B. Only the direct method. | ||
| C. Only the indirect method. | ||
| D. Neither method. |
Why Practice with UWorld CIA Review Sample Questions?
Practice from
Anywhere
Questions at or Above
Exam Difficulty
Detailed Performance
Metrics
Breaking Down the CIA Exam
The CIA exam, administered by the Institute of Internal Auditing, evaluates your knowledge of 14 essential auditing domains. Multiple-choice questions on all 3 parts of the CIA exam assess your attention to detail, your reading comprehension skills, and your ability to apply the IIA’s practical and ethical standards to real-world scenarios that commonly impact businesses.
The parts that make up the CIA exam include:
- CIA Part 1: Essentials of Internal Auditing
- CIA Part 2: Practice of Internal Auditing
- CIA Part 3: Business Knowledge for Internal Auditing
To earn a passing score, you must demonstrate strong understanding of areas like the foundations of internal auditing, risk management, and fraud.
How Do CIA Exam Multiple-Choice Questions Work?
When tackling these questions, be sure to read the initial query and all available answer choices carefully. It may surprise you to learn that many CIA instructors describe this exam as a sophisticated reading comprehension test.
The IIA incorporates MCQs questions that:
- Have a single, identifiable and straightforward answer.
- Use tricky phrases like “Select the statement that is not…”
- Include long, multi-paragraph scenarios detailing a specific issue or case.
To succeed on the CIA exam, you must refine your time-management skills while maintaining accuracy when selecting answers.
Challenge and Prepare Yourself for CIA Exam Success
Multiple-Choice Questions That Make a Difference
Your UWorld multiple-choice QBank and mock exam questions use the language, structure, and scenario types most commonly found on Parts 1, 2, and 3 of the CIA exam.
Tutor and Timed Modes for Additional Support
Successful exam preparation requires active learning. When you create a practice exam using your QBank in Tutor Mode, you see all answer explanations after completing each question to make sure you:
- Fully understand what was asked.
- Avoid related mistakes on future questions.
Timed Mode imposes time constraints similar to what you would experience on exam day, enhancing your endurance, your time-management skills, and your ability to apply core CIA exam principles under pressure.
Hear From Our Past Candidates
I only used the QBank, and I am grateful for the huge variety of questions. It's been an amazing feeling getting through two parts of the exam so far, which has encouraged me to get ready for the third.”
I liked having the notes and the Study Guide handy on my computer. The multiple-choice questions were really good in helping me prepare for the exams.”
I chose this course because I read that UWorld provides a more comprehensive option for the CIA exam compared to others in the market. I liked the fact that topics are explained in more detail compared to other courses I have found.”
Frequently Asked Questions
The IIA announced in January 2024 that a new version of the complete CIA Exam Syllabus aligned with the 2024 International Professional Practices Framework (IPPF) will be published in May 2024. The CIA exam will be updated to reflect the new IPPF and revised Global Internal Auditing Standards no earlier than May 2025.