IIA IIA-CRMA 問題集

質問 1：
According to IIA guidance, when preparing the charter for the internal audit activity, the chief audit executive (CAE), board, and senior management should agree on which of the following?
1. The standards to be used by the internal audit activity.
2. The internal audit activity's code of ethics.
3. The CAE's reporting line.
4. The internal audit activity's responsibilities.
A. 1,2, and 3.
B. 3 and 4.
C. 1 and 2 only.
D. 4 only.
正解：B

質問 2：
According to IIA guidance, which of the following roles would be appropriate for an internal auditor regarding fraud risk?
1. Identification.
2. Mitigation.
3. Remediation.
4. Reduction.
A. 1 only. |
B. 1,2, 3, and 4.
C. 1, 3, and 4 only.
D. 1 and 4 only.
正解：D

質問 3：
Which of the following is a second line of defense in effective risk management and control?
A. Credit department.
B. Compliance department.
C. Internal audit department.
D. Purchasing department.
正解：B

質問 4：
An internal auditor notes that employees are able to download files from the internet. According to IIA guidance, which of the following strategies would best protect the organization from the risk of copyright infringement and licensing violations resulting from this practice?
A. Apply antivirus and patch management software.
B. Utilize secure socket layer encryption.
C. Install a software inventory management application.
D. Utilize dedicated and encrypted network connections.
正解：C

質問 5：
Which of the following statements best explains why internal auditors map processes?
1. To obtain audit evidence to support auditor's observations.
2. To determine scope and objectives of the audit.
3. To facilitate the identification of ownership and responsibility for key risks.
4. To identify potential efficiency improvements.
A. 3 and 4.
B. 1 and 2.
C. 1 and 3.
D. 2 and 4.
正解：A

質問 6：
Internal auditors must exercise due professional care by considering which of the following?
1. Cost of assurance in relation to potential benefits.
2. Adequacy and effectiveness of governance, risk management, and control processes.
3. Management's competency level in the area being evaluated.
4. Probability of significant errors, fraud, or noncompliance.
A. 2, 3, and 4 only
B. 1, 2, and 4 only
C. 1 and 2 only
D. 1, 2, and 3 only
正解：B

質問 7：
Which of the following controls could an internal auditor reasonably conclude is effective by observing the physical controls of a large server room?
A. Foam fire extinguishers are operable to protect against electrical fires.
B. Adequate signs are in place to assist in locating safety equipment.
C. Swipe card access is required to gain access to the server room.
D. Servers are secured individually to their racks by locks.
正解：B

質問 8：
A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.
Which of the following controls is correctly classified?
1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.
2. Defensive driver training is an example of a directive control.
3. The installation of tracking devices in delivery vehicles is an example of a corrective control.
4. Providing a vehicle driver handbook is an example of a detective control.
A. 3 and 4.
B. 1 and 2.
C. 1 and 4.
D. 2 and 3.
正解：B

質問 9：
Which of the following factors have the greatest influence on the independence of the internal audit activity?
A. Employee incentives and self review of the internal audit activity.
B. Quality assessments and cultural biases of the internal audit activity.
C. Organizational positioning and scope control of the internal audit activity.
D. Rotational assignments and familiarity of the internal audit activity.
正解：C