Learn which compliance audit the chief audit executive should include in the annual audit plan, even if the area has little inherent risk, according to IIA-CIA-Part2 exam concepts. Discover the key considerations for compliance audit selection.
Table of Contents
Question
Which of the following is an acceptable compliance audit for the chief audit executive to include on the annual audit plan, even though there is little inherent risk of noncompliance in that area?
A. An audit of a new multi-million dollar vendor contract.
B. An audit of a department that has not been audited in over 10 years.
C. An audit of a major revenue-generating department that has not been audited in last few years.
D. An audit of a new regulation required to be audited.
Answer
D. An audit of a new regulation required to be audited.
Explanation
As the chief audit executive (CAE), it is important to prioritize audits based on risk assessment. However, there are certain compliance audits that must be included in the annual audit plan regardless of the inherent risk level.
In this scenario, the most appropriate audit to include is an audit of a new regulation that is required to be audited (option D). Regulatory requirements take precedence over risk-based audit selection. If a new regulation mandates an audit, the CAE must ensure compliance by including it in the audit plan, even if the inherent risk in that area is low.
The other options, while potentially important, do not override the need to comply with regulatory audit requirements:
A. A new multi-million dollar vendor contract, although high in monetary value, does not necessarily mandate an audit if the inherent risk is assessed as low.
B. A department that has not been audited in over 10 years may warrant consideration, but the time elapsed since the last audit alone does not make it a higher priority than a required regulatory audit.
C. A major revenue-generating department that has not been audited recently could be significant. However, if the inherent risk is deemed low based on the risk assessment, it would not take precedence over a mandatory regulatory audit.
In summary, when developing the annual audit plan, the CAE must prioritize audits that are required by regulations, even if the inherent risk in those areas is low. Compliance with legal and regulatory requirements is a fundamental responsibility of the internal audit function.
IIA-CIA-Part2 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the IIA-CIA-Part2 exam and earn IIA-CIA-Part2 certification.