Pass the IIA CRMA Certification IIA-CRMA-ADV Questions and answers with CertsForce

A library control log.

A review of exception reports.

A password lock on a server.

A software scan of financial records for irregularities.

Have a proficient internal audit staff member perform the assessment and disclose the impairment in the audit report and to the board.

Have a regulatory compliance staff member perform a self-assessment, to be reviewed by a proficient internal auditor.

Have a proficient internal audit staff member perform the audit and report the results of the assessment directly to senior management and the board.

Contract with a third-party entity or external auditor to complete the assessment and report the results to senior management and the board.

Diversifying the risk that network access will not be available to legitimate, authorized users.

Accepting the risk that there may be attempts at unauthorized access to the network.

Avoiding the risk of having a direct network connection to un-trusted networks.

Sharing the risk that either firewall could be compromised by hackers.

All risks have been identified and mitigated.

Risks have been accurately analyzed and evaluated.

All controls are both adequate and efficient.

The board is appropriately addressing intolerable risks.

Continue with the engagement in order to meet the regulatory deadline, but highlight areas in the final report that might need to be revised in the future.

Ask that a senior member of the organization's IT department with the required systems expertise join the audit team to assist in completing the engagement.

Delay the engagement and inform the board of the situation, asking them to provide acceptable alternatives for completing the engagement.

Remove the planned engagement from the audit plan and explain to senior management the problems with moving forward without an auditor with the necessary expertise.

Because preventive controls promote doing the right thing in the first place, and lessen the need for corrective action.

Because preventive controls are more sensitive and identify more exceptions than detective controls.

Because preventive controls include output procedures, which cover the full range of possible reviews, reconciliations and analysis.

Because preventive controls identify exceptions after-the-fact, allowing them to be used after the entire review is complete and therefore finding exceptions that detective controls may have missed.

1 and 4 only

2 and 3 only

2, 3, and 4 only

1, 2, 3, and 4

The same employee who receives cash from customers prepares a prelisting of cash receipts.

The same employee who records cash receipts in the accounts receivable subsidiary ledger ensures that the ledger automatically updates the information.

The same employee who restrictively endorses checks received from customers prepares the bank's check deposit slips.

The same employee who makes deposits at the bank prepares the monthly bank reconciliation.

Corrective control.

Preventive control.

Detective control.

Compensating control.

Who?

How?

Why?

When?