Student Forums CIA Part 2: Practice of Internal Auditing Section IV: Communicating Results and Monitoring Progress CIA Challenge exam – Part II 4F-G. Assessing Residual Risk

CIA Challenge exam – Part II 4F-G. Assessing Residual Risk

  • Creator
    Topic
  • #244124

    This forum is restricted to members of the associated course(s).

    This forum is restricted to members of the associated course(s).

    Virginia Yu
    Participant

    The below question is tricky, I would assume, we should do both B, C,D. A repeat issue will require communicate in the closing meeting, yes we need to verify if this is assumed risk. Even this is assume risk we should still report as this is a violation of policy. If management assume this is the risk, then they should update the policy, no? Please clarify.

    Which of the following describes the most appropriate action to be taken concerning a repeat finding of violations of company policy pertaining to competitive bidding policies?

    • <!–WATUEMAILanswerWATUEMAIL–>A. The chief audit executive should determine whether this condition should be reported to the external auditor and any regulatory agency.
    • <!–WATUEMAILanswer user-answerWATUEMAIL–>B. The audit report should note that this same condition had been reported in the prior audit.wrong
    • <!–WATUEMAILanswer correct-answerWATUEMAIL–>C. The chief audit executive should determine whether management or the board has assumed the risk of not taking corrective action.correct
    • <!–WATUEMAILanswerWATUEMAIL–>D. During the exit interview, management should be made aware that a finding from the prior report had not been corrected.

    Your Incorrect Answer Explanation for B:

    This action is insufficient.

    Explanation for A:

    This action would be inappropriate. The CAE has to decide whether management or the board has assumed the risk of not taking corrective action.

    Explanation for D:

    This action is insufficient.

     

Viewing 1 replies (of 1 total)
  • Author
    Replies
  • #244128

    This forum is restricted to members of the associated course(s).

    Brian Hock
    HOCK international

    Virginia,

    The first step is C. If management or the board has accepted this risk and knows that they are taking this risk, then the other steps are not really needed since they have in essence already been done. If management has not knowingly accepted the risk, then they would need to do the other steps, but first they need to know if management has accepted the risk in question.

    Brian

Viewing 1 replies (of 1 total)

This forum is restricted to members of the associated course(s).

  • You must be logged in to reply to this topic.