IIA IIA-CRMA Certification in Risk Management Assurance (CRMA) Exam Online Training
IIA IIA-CRMA Online Training
The questions for IIA-CRMA were last updated at Nov 22,2024.
- Exam Code: IIA-CRMA
- Exam Name: Certification in Risk Management Assurance (CRMA) Exam
- Certification Provider: IIA
- Latest update: Nov 22,2024
Allegations have been made that an organization’s share price has been manipulated.
Which of the following would provide an internal auditor with the most objective evidence in this case?
- A . Major shareholders of the organization.
- B . Large customers of the organization.
- C . Former members of management.
- D . Former financial consultants.
Which of the following is not a standard technique that the chief audit executive (CAE) would use to provide evidence of supervisory review of working papers?
- A . The CAE initials and dates every working paper after it has been reviewed.
- B . The CAE completes an engagement working paper checklist.
- C . The CAE prepares a memorandum discussing the results of the working paper review.
- D . The CAE utilizes an external third party to make an objective recommendation after each working paper review.
Which of the following best ensures an internal audit activity has the ability to render impartial and unbiased assessments?
- A . Organizational status and objectivity.
- B . Supervision of the chief audit executive (CAE) by senior management.
- C . Organizational knowledge and skills.
- D . CAE certification.
According to the Standards, for how long should internal auditors who have previously performed or had management responsibility for an operation wait to become involved in future internal audit activity with that same operation?
- A . Three months.
- B . Six months.
- C . One year.
- D . Two years.
According to IIA guidance, which of the following is the best example of a system application control?
- A . A physical security control over a data center.
- B . A system development life cycle control.
- C . A program change management control.
- D . An input control over data integrity.
Which of the following would not be a red flag for fraud?
- A . Several recent, large expenditures to a new vendor have not been documented.
- B . A manager has bragged about multiple extravagant vacations taken within the last year, which are excessive relative to the manager’s salary.
- C . A weak control environment has been accepted by management to encourage creativity.
- D . New employees occasionally fail to meet established project deadlines due to staffing shortages.
After being terminated due to downsizing, an internal auditor finds a different job with an organization in the same industry.
Which of the following actions would violate the IIA Code of Ethics?
- A . To determine audit priorities in the new job, the auditor uses the audit risk approach that the auditor’s previous employer used, without receiving permission to do so.
- B . At the new organization, the auditor is asked to develop forms to implement probability-proportional-to-size sampling. Although unsure of how to perform this type of sampling, the auditor proceeds without asking for assistance.
- C . In preparing for an audit at the previous organization, the auditor had conducted a great deal of research on the Internet at home to identify best practices for the management of a treasury function. The auditor has retained much of the research and uses it to conduct an audit of the new employer’s treasury function.
- D . In the first week at the new organization, the auditor discovers a high fraud risk surrounding the organization’s database and suggests that the information technology department implement a new password system to prevent fraudulent actions before they occur.
Which of the following best describes the assessment of risks?
- A . Assess the actions necessary to reduce the likelihood and/or impact of risk to tolerable levels.
- B . Assess the likelihood and/or impact of risk on the achievement of organizational objectives.
- C . Assess the amount of risk an organization can accept while pursuing its objectives.
- D . Assess alternative strategies to reduce or eliminate major risks.
An organization has implemented a new automated payroll system that contains a table of pay rates that are matched to employee job classifications.
Which control should an internal auditor suggest in order to ensure that the table is updated correctly, and is used only for valid pay changes?
- A . Restrict data-table access from management and line supervisors who have the authority to determine pay rates.
- B . Require a supervisor in the department, who has the ability to change the table, to compare the changes to a signed management authorization.
- C . Ensure that adequate edit and reasonableness checks are built into the automated system.
- D . Require a manager, who is independent of the system and who cannot change the table, to authorize and sign-off on any employee pay changes.
According to the Standards, which of the following is not a consideration when exercising due professional care for an assurance engagement?
- A . The relative complexity, materiality, or significance of matters to which assurance procedures are applied.
- B . The extent of assurance services necessary to ensure that all risks are identified.
- C . The cost of providing the assurance services in relation to potential benefits.
- D . The probability of significant errors, irregularities or instances of noncompliance.