Questions for the IIA-CRMA were updated on : Dec 01 ,2025
Page 1 out of 19. Viewing questions 1-15 out of 283
Question 1
A large sales organization maintains a system of internal control according to the COSO model and has updated its code of conduct. This change relates to which component of the COSO framework?
A. Control activities.
B. Information and communication.
C. Commitment.
D. Control environment.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?
A. An independent third party has assessed the organization's system of internal controls to be adequate and effective.
B. The chief audit executive reports both functionally and administratively to the CEO.
C. The internal audit charter is drafted properly and approved by the appropriate parties.
D. The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
Which of the following is an example of a risk avoidance strategy?
A. Hedging against exchange rate variations.
B. Limiting access to an organization's data center.
C. Selling a nonstrategic business unit.
D. Outsourcing a high-risk activity.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 4
Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance? 1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization. 2. The internal audit activity must assess whether the IT governance of the organization supports the organization's strategies and objectives. 3. The internal audit activity may assess whether the IT governance of the organization supports the organization's strategies and objectives. 4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's strategies and objectives.
A. 1 only.
B. 4 only.
C. 2 and 4.
D. 3 and 4.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Which of the following documents is most appropriate in promoting the objectivity of the internal audit activity?
A. Usage of IT system policy.
B. Risk management framework.
C. Acceptance of gifts policy.
D. Personal responsibility policy.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
Management is developing and implementing a risk and control framework for use throughout the organization. Which of the following elements should be included in the organization's control framework? 1. Appropriate levels of authority and responsibility. 2. Supervision of staff and appropriate review of work. 3. The seniority of management in the organization. 4. The ability to trace each transaction to an accountable and responsible individual.
A. 1,2, and 3.
B. 1.2, and 4.
C. 1.3, and 4.
D. 2, 3, and 4.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
With regard To IT governance, which of the following is the most effective and appropriate role for the internal audit activity?
A. Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization's risk appetite.
B. Evaluate the organization's governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization's risk appetite.
C. Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.
D. Assess whether governance activities are aligned with the organization's risk appetite and take into consideration emerging risks.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
As a matter of policy, the chief audit executive routinely rotates internal audit staff assignments and periodically interviews the staff to discuss the potential for conflicts of interest. These actions help fulfill which of the following internal audit mandates?
A. Organizational independence.
B. Professional objectivity.
C. Due professional care.
D. Individual proficiency.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
The manager for an organization's accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?
A. An operations audit of the accounts payable department.
B. A consulting engagement related to a new accounts payable optimization initiative.
C. A review of the employees' sports club finances, which are overseen by the chief audit executive.
D. An assurance review for a sales program on which she previously provided consultation.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
An internal auditor needs to recommend a policy element to be included in an organization's code of ethics. Which of the following recommendations would be most effective?
A. Ethics should vary with local customs in the organization's foreign operations.
B. Whistleblowing should be discouraged because it can cause distrust among employees.
C. Ethical behavior should be incorporated into performance evaluations.
D. Senior management should be granted specific exemptions to the code of ethics.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
Which of the following types of fraud includes embezzlement?
A. Fraudulent statements.
B. Bribery.
C. Misappropriation of assets.
D. Corruption.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
According to IIA guidance, which of the following statements describes one of the similarities between assurance and consulting services?
A. When planning assurance and consulting engagements, internal auditors must consider the strategies and objectives of the activity being reviewed.
B. Internal auditors determine the engagement objectives, scope, and work program for both assurance and consulting services.
C. Internal auditors must not provide assurance or consulting services for an activity for which they had responsibility within the previous year.
D. Both assurance and consulting services generally involve the internal auditor, the area under review, senior management, and the board.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor's most appropriate next step?
A. Immediately notify management of the area under review and the other internal auditors involved in the engagement.
B. Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.
C. Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.
D. Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement?
A. The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.
B. The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.
C. The assigned internal auditor must not assume management responsibilities while performing the engagement.
D. The assigned internal auditor must maintain objectivity while performing the engagement.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing {Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations. According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?
A. Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity has addressed all areas of nonconformance and the audit committee has been notified.
B. Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.
C. Indicate that the internal audit activity operates in partial conformance with the Standards, as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.
D. Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to all parties who received the original reports.