CIA Part 1 - 2019 PDF

CERTIFIED INTERNAL AUDITOR (CIA), US
PART 1 – ESSENTIALS OF INTERNAL

AUDITING – 2019
STUDY NOTES
MUHAMMAD ZAIN
CPA, CMA, CIA
FOUNDER OF ZAIN ACADEMY
Call: + 92 311 222 4261

WhatsApp (Messaging & Call): +92 311 222 4261
Email: [email protected]
Web: www.zainacademy.us
CIA PART 1 – ESSENTIALS OF INTERNAL
AUDITING – 2019
INDEX
ABOUT THE MENTOR ................................................................................................. 4
LETTER FROM MUHAMMAD ZAIN ...................................................................... 5
CIA PART 1 – BASIC INFORMATION ..................................................................... 6
SECTION A – FOUNDATIONS OF INTERNAL AUDITING ......................... 7
SECTION B – INDEPENDENCE AND OBJECTIVITY .................................... 11
SECTION C – PROFICIENCY AND DUE PROFESSIONAL CARE ............ 14
SECTION D – QUALITY ASSURANCE AND IMPROVEMENT

PROGRAM ...................................................................................................................... 17
SECTION E – GOVERNANCE, RISK MANAGEMENT AND CONTROL

............................................................................................................................................. 19
SECTION F – FRAUD RISKS .................................................................................... 34
From the Desk of Muhammad Zain – Founder of Zain Academy Page 3 of 39

AUDITING – 2019
About the Mentor
Muhammad Zain has passed Uniform Certified Public Accountant (CPA)

exams from American Institute of Certified Public Accountants
(AICPA), US in February 2018, Certified Management Accountant
(CMA) exams from Institute of Management Accountants (IMA), US
and Certified Internal Auditor (CIA) exams from Institute of Internal
Auditors (IIA), US in March 2014. He has completed his Masters of
Business Administration (MBA) in March 2010 from University of
Karachi, Pakistan. He earned his Bachelors of Commerce (BCOM)
from the same University in November 2007.
He has working experience of 12 years which includes 5 years of Public
Accounting experience of working in EY Ford Rhodes, Pakistan – a
member firm of Ernst & Young Global Limited (big4) and more than 6
years of working experience in Industry.
He founded Zain Academy in 27 February 2017 with the mission
“Knowledge for ALL” and objective to “disseminate education for all
candidates who wish to change the landscape of our working environment,
believe in continuous education and strive for the best.”
He has trained many candidates around the globe and has helped them
in attaining their true potential.
Readers are welcomed to contact him for online interactive sessions
for any part of CPA, CMA or CIA.
Other books written by him can be found on the following link:
1. Certified Management Accountant (CMA) – Part 1 – 2019
https://drive.google.com/file/d/1c0vXo5nz8cBEYJe7dJ6qhn07SC50ed
o3/view?usp=sharing
2. Certified Management Accountant (CMA) – Part 2 – 2019
https://drive.google.com/file/d/1BcskFUzXOYFJZVE08-
kvGoaF7znUNeGu/view
3. Certified Internal Auditor (CIA) – Part 3 – 2019
https://drive.google.com/file/d/1XFhUDWzjQIWaWtX5GwYU5xfT8k
NlBTrp/view
AUDITING – 2019
17 February 2019
Dear CIAs,
It is my privilege to present you the 2019 edition of Certified Internal

Auditor (CIA) – Part 1 – Essentials of Internal Auditing Study Notes.
These Study Notes are universally accessible to all and will always be.
You are permitted to use these notes and distribute them to the other
candidates as well.
I have tried to keep the materials simple, clear and concise. I welcome
feedback from the potential readers. Please do check the Facebook
page https://www.facebook.com/zainacademy for updates. Extreme
care is required when rendering professional advice to clients.
Readers are encouraged to provide a review, rating and feedback on the
study notes on https://www.facebook.com/zainacademy/reviews/.
This review will help prospective candidates to benefit from
improvements in the materials.
I dedicate this work to my parents, family and candidates who have
always believed in my abilities and guided me through the toughest of
times.
May the ALLAH, Creator of the Heavens and Earths bless you ALL in
this Life and in particular the Life Hereafter as well.
With Love and Care,
Muhammad Zain
CPA, CMA, CIA

AUDITING – 2019
CIA PART 1 – BASIC INFORMATION

SYLLABUS
S.No Sections Description Weightage

1. Section A Foundations of Internal Auditing 15%
2. Section B Independence and Objectivity 15%
3. Section C Proficiency and Due Professional Care 18%
4. Section D Quality Assurance and Improvement Program 7%
5. Section E Governance, Risk Management and Controls 35%
6. Section F Fraud Risks 10%
CIA Candidate Handbook can be found on the link:
https://na.theiia.org/certification/Public%20Documents/CIA-Exam-Syllabi-
Changes-Handbook.pdf
CIA Exam FAQs are available on the following link:
https://na.theiia.org/certification/Public%20Documents/CIA-Exam-Syllabi-
Changes-FAQs.pdf
CIA Eligibility requirements are available on the following link:
https://na.theiia.org/certification/CIA-Certification/Pages/Eligibility-
Requirements.aspx
FORMAT OF THE EXAM
There will be 125 MCQs being tested in the exam in the 150 minutes (2 hours 30
minutes) time period.
PASSING SCORE
The IIA will conduct a standard-setting study based on the revised CIA syllabi. The
IIA’s Professional Certifications Board will use these results to determine the passing
score of the exams. For each CIA exam part, a raw score (the number of items
answered correctly) will be converted into a scaled score ranging from 250 to 750
points. A scaled score of 600 or higher is required to pass a CIA exam.

AUDITING – 2019
SECTION A – FOUNDATIONS OF INTERNAL AUDITING

(WEIGHTAGE 15%)
S.No Questions Answers

1. What is the To enhance and protect organizational value by providing
Mission of Internal risk-based and objective assurance, advice, and insight.
Audit? The Mission of Internal Audit articulates what internal
audit aspires to accomplish within an organization. Its
place in the New IPPF is deliberate, demonstrating how
practitioners should leverage the entire framework to
facilitate their ability to achieve the Mission.
2. What are the 1) Core Principles for the Professional Practice of
elements of Internal Auditing
Mandatory 2) Definition of Internal Auditing
Guidance? 3) Code of Ethics
3. What are the 1) Guide adherence with the mandatory elements of the
purposes International Professional Practices Framework.
of the Standards? 2) Provide a framework for performing and promoting a
broad range of value-added internal auditing services.
3) Establish the basis for the evaluation of internal audit
performance.
4) Foster improved organizational processes and
operations.
4. What do the 1) Statements of core requirements for the professional
Standards consist practice of internal auditing and for evaluating the
of? effectiveness of performance that are internationally
applicable at organizational and individual levels.
2) Interpretations clarifying terms or concepts within
the Standards.
5. What are the three 1) Attribute Standards
types of Standards? 2) Performance Standards
3) Implementation Standards
6. What are the two 1) Implementation Guidance
types of 2) Supplemental Guidance
Recommended
Guidance?
7. What are Implementation Guides assist internal auditors in
Implementation applying the Standards.
Guides?

AUDITING – 2019
IGs collectively address internal auditing’s approach,

methodologies, and consideration, but do not detail
processes or procedures.
8. What is Supplemental Guidance provides detailed guidance for
Supplemental conducting internal audit activities. These include
Guidance? topical areas, sector-specific issues, as well as processes
and procedures, tools and techniques, programs, step-
by-step approaches, and examples of deliverables.
9. What is the Internal auditing is an independent, objective assurance
definition of and consulting activity designed to add value and
Internal Auditing? improve an organization’s operations. It helps an
organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control,
and governance processes.
The Definition of Internal Auditing states the
fundamental purpose, nature, and scope of internal
auditing.
10. What writes the The charter should be written by (and periodically
Internal Audit reviewed by) the CAE and approved by senior
Charter and who management and the board or audit committee.
approves it?
11. What are the seven 1) Purpose and Mission
sections in the 2) Standards for the Professional Practice of Internal
Internal Audit Auditing
Charter? 3) Authority
4) Independence and Objectivity
5) Scope of Internal Audit Activities
6) Responsibility
7) Quality Assurance and Improvement Program
12. What is the “An objective examination of evidence for the purpose of
definition of providing an independent assessment on governance,
Assurance risk management, and control processes for the
Services? organization. Examples may include financial,
performance, compliance, system security, and due
diligence engagements.”
13. What is the “Advisory and related client services, the nature and
definition of scope of which are agreed upon with the client and
Consulting which are intended to add value and improve an
Services? organization’s operations. Examples include counsel,
advice, facilitation, process design and training.”

AUDITING – 2019
14. What Consulting The Standards state that internal auditors can only
Services may perform consulting services specifically defined in the
internal auditors internal audit charter.
perform?
15. What is the In an assurance engagement, the auditor provides an
difference between assessment and states an opinion about whether or not
Assurance and something within the company is operating or
Consulting performing correctly. The auditor should be objective in
engagements? the investigation and independent in the decision.
In a consulting engagement, the auditor provides advice
or makes a suggestion.
16. What is the Code of “The Code of Ethics states the principles and
Ethics? expectations governing the behavior of individuals and
organizations in the conduct of internal auditing. It
describes the minimum requirements for conduct, [sic]
and behavioral expectations rather than specific
activities.”
17. What are the four 1) Integrity
principles 2) Objectivity
in the Code of 3) Confidentiality
Ethics? 4) Competency
18. What are the Rules Internal auditors:
of Conduct related  Shall perform their work with honesty, diligence, and
to Integrity? responsibility.
 Shall observe the law and make disclosures expected
by the law and the profession.
 Shall not knowingly be a party to any illegal activity,
or engage in acts that are discreditable to the
profession of internal auditing or to the organization.
 Shall respect and contribute to the legitimate and
ethical objectives of the organization.
of Conduct related  Shall not participate in any activity or relationship
to Objectivity? that may impair or be presumed to impair their
unbiased assessment. This participation includes
those activities or relationships that may be in conflict
with the interests of the organization.
 Shall not accept anything that may impair or be
presumed to impair their professional judgment.

AUDITING – 2019
 Shall disclose all material facts known to them that, if

not disclosed, may distort the reporting of activities
under review.
of Conduct related  Shall be prudent in the use and protection of
to Confidentiality? information acquired in the course of their duties.
 Shall not use information for any personal gain or in
any manner that would be contrary to the law or
detrimental to the legitimate and ethical objectives of
the organization.
of Conduct related  Shall engage only in those services for which they have
to Competency? the necessary knowledge, skills, and experience.
 Shall perform internal auditing services in accordance
with the International Standards for the Professional
Practice of Internal Auditing.
 Shall continually improve their proficiency and the
effectiveness and quality of their services.

AUDITING – 2019
SECTION B – INDEPENDENCE AND OBJECTIVITY

(WEIGHTAGE 15%)

1. What is “Independence is the freedom from conditions that
Independence? threaten the ability of the internal audit activity to carry
out internal audit responsibilities in an unbiased manner.
To achieve the degree of independence necessary to
effectively carry out the responsibilities of the internal
audit activity, the chief audit executive has direct and
unrestricted access to senior management and the board.
This can be achieved through a dual-reporting
relationship. Threats to independence must be managed
at the individual auditor, engagement, functional, and
organizational levels.”
2. What is “Objectivity is an unbiased mental attitude that allows
Objectivity? internal auditors to perform engagements in such a
manner that they believe in their work product and that
no quality compromises are made. Objectivity requires
that internal auditors do not subordinate their judgment
on audit matters to others. Threats to objectivity must be
managed at the individual auditor, engagement,
functional, and organizational levels.”
3. What does Organizational Independence means that the internal
Organizational audit activity must not have any current or previous
Independence relationships with the departments that it audits.
mean? Organizational independence can be achieved through a
properly designed Internal Audit Charter.
4. What are examples • Approving the internal audit charter;
of • Approving the risk based internal audit plan;
functional • Approving the internal audit budget and resource
reporting? plan;
• Receiving communications from the chief audit
executive on the internal audit activity’s performance
relative to its plan and other matters;
• Approving decisions regarding the appointment and
removal of the chief audit executive;
• Approving the remuneration of the chief audit
executive; and

AUDITING – 2019
• Making appropriate inquiries of management and the

chief audit executive to determine whether there are
inappropriate scope or resource limitations.
5. What are examples • Budgeting and management accounting.
of • Human resource administration, including personnel
administrative evaluations and compensation.
reporting? • Internal communications and information flows.
• Administration of the internal audit activity’s policies
and procedures.
6. Who does the CAE The CAE should report to an audit committee, or its
report to? equivalent, for any functional and engagement issues.
For administrative issues, the CAE should report to the
CEO (or a similar position).
7. What is Individual “Internal auditors must have an impartial, unbiased
Objectivity? attitude and avoid any conflict of interest.”
8. What are common 1) A personal conflict of interest.
impairments? 2) A scope limitation, including a restriction of access to
records, personnel, or properties.
3) Resource limitation, which includes funding
limitations.
4) Situations where the auditor is assessing operations
for which they were previously responsible.
5) Assurance engagements for functions over which the
CAE previously had responsibility.
6) Consulting engagements in areas where assurance
engagements are also performed.
9. What is a Conflict A situation in which an internal auditor, who is in a
of Interest? position of trust, has a competing professional or personal
interest. Such competing interests can make it difficult to
fulfill his or her duties impartially. A conflict of interest
exists even if no unethical or improper act results. A
conflict of interest can create an appearance of
impropriety that can undermine confidence in the
internal auditor, the internal audit activity, and the
profession. A conflict of interest could impair an
individual’s ability to perform his or her duties and
responsibilities objectively.
10. May auditors Internal auditors must refrain from assessing specific
assess operations operations for which they were previously responsible.
that they were Objectivity is presumed to be impaired if an auditor

AUDITING – 2019
previously provides assurance services for an activity for which the

responsible for? auditor had responsibility within the previous year.
11. May auditors Yes, internal auditors may provide consulting services
provide consulting relating to operations for which they had previous
for operations that responsibilities.
they were
previously
responsible for?
12. What must be done “The details of the impairment must be disclosed to
if Independence is appropriate parties.”
impaired
in fact or in
appearance?
13. What 1) The CAE will confirm at least annually to the board
responsibilities that the IAA is organizationally independent. The CAE
does the CAE have will need to make certain that the IAA maintains its
to report organizational independence at all times.
Independence and 2) The CAE will disclose to the board any interference
Objectivity issues with the IAA determining the scope of work,
to the board? performing the work, or communicating the results.

AUDITING – 2019
SECTION C – PROFICIENCY AND DUE PROFESSIONAL

CARE (WEIGHTAGE 18%)

1. What are the 10 1) Professional ethics
Competencies in 2) Internal audit management
the Competency 3) IPPF
Framework? 4) Governance, risk and control
5) Business acumen
6) Communication
7) Persuasion and collaboration
8) Critical thinking
9) Internal audit delivery
10) Improvement and innovation
2. What are the • Proficiency: The ability to apply knowledge to
three levels of situations likely to be encountered and deal with them
competence? appropriately without extensive recourse to technical
research and assistance.
• Understanding: The ability to apply broad knowledge
to situations likely to be encountered, recognize
significant deviations, and carry out research necessary
to arrive at reasonable solutions.
• Appreciation: The ability to recognize the existence of
problems or potential problems and identify the
additional research or assistance needed.
3. What areas should Proficiency in applying:
an internal auditor • Internal audit standards,
have proficiency • Procedures, and
in? • Techniques
in performing engagements.  
4. What should an Management principles to recognize and evaluate the:
internal auditor • Materiality, and
have an • Significance of deviations
understanding of? from good business practices.  
5. What areas should • Accounting
an internal auditor • Economics
have an • Commercial law
appreciation of? • Taxation
• Finance
• Quantitative methods

AUDITING – 2019
• Information technology
• Risk management
• Fraud
6. What specific Auditors must have knowledge:
knowledge should • To identify the indicators of fraud, and
an internal auditor • Of key information technology risks and controls and
have? available technology-based audit techniques.
7. What specific • Dealing with people.
skills should an • Understanding human relations.
internal auditor • Maintaining satisfactory relationships with
have? engagement clients.
• Communicating (both in oral and written form) to
clearly and effectively convey such matters as
engagement objectives, evaluations, conclusions, and
recommendations.
8. Who is responsible The CAE has this responsibility.
for
Proficiency and
Due Professional
Care of the
auditors?
9. When can the CAE If the IAA does not have the skills and competencies for an
engage external engagement, the CAE must either decline the engagement
specialists? or go outside the IAA or organization to get those skills.
10. What must be • The independence and objectivity of the expert in
considered respect to the engagement.
and evaluated • The relevant professional certifications and/or
before the IAA membership in a professional organization.
uses an outside • Experience and education in similar situations and the
expert? area in which they will be engaged.
• Reputation.
• Knowledge of the business and industry.
11. What is Due Due professional care requires that internal auditors
Professional Care? apply the skill and care expected of a reasonably prudent
and competent internal auditor.
12. In Standard 1220, • Extent of work needed to achieve the engagement’s
what must the objectives;
internal auditor • Relative complexity, materiality, or significance of
consider in matters to which assurance procedures are applied;
exercising Due • Adequacy and effectiveness of governance, risk
Professional Care? management, and control processes;

AUDITING – 2019
• Probability of significant errors, fraud, or

noncompliance; and
• Cost of assurance in relation to potential benefits.
13. What does • Maintaining proficiency through continuing
continuing education.
professional • Staying informed about improvements and current
education include? developments in the internal audit standards,
procedures, and techniques.

AUDITING – 2019
SECTION D – QUALITY ASSURANCE AND IMPROVEMENT

PROGRAM (WEIGHTAGE 7%)

1. What does QAIP Quality Assurance and Improvement Program
stand for?
2. What are the two 1) Ongoing internal assessments of performance of the
types of internal audit activity.
internal 2) Periodic internal assessments of the program through
assessments in a self-assessment or from an independent person within
QAIP? the organization who is familiar with the internal
auditing program.
3. What are the two 1) A full external assessment conducted by an external
ways assessor or review team.
an external 2) An independent assessor or review team can conduct
assessment an independent validation of the internal self-
may be done in a assessment and the corresponding report that was
QAIP? completed by the internal audit activity.
4. To whom are the To senior management and the board of directors.
results of
the QAIP
communicated?
5. How often should Ongoing assessments are performed throughout the year
internal and periodic assessments are performed as needed.
assessments be
performed?
6. How often should At least once every five years.
external
assessments be
performed?
7. When may the It may be used only if it is supported by the results of the
phrase, “Conforms QAIP.
with the
International
Standards for the
Professional Practice
of Internal Auditing”
be used?
8. To whom must To senior management and the board.
nonconformance

AUDITING – 2019
with the Standards

be disclosed?

AUDITING – 2019
SECTION E – GOVERNANCE, RISK MANAGEMENT AND

CONTROL (WEIGHTAGE 35%)

1. What are the First Line: Operational Management
Three Lines of Second Line: Risk Management and Compliance
Defense? Functions
Third Line: Internal Audit
2. What is the The IIA Standards Glossary defines organizational
definition of governance as the:
Organizational “combination of processes and structures implemented
Governance? by the board to inform, direct, manage, and monitor the
achievement of its objectives.”
3. What are the 1) The board of directors
cornerstones of 2) Executive management
good Corporate 3) External auditors
Governance? 4) Internal auditors
4. What are major 1) Monitoring the CEO and other senior executives.
areas of 2) Overseeing the corporation’s strategy and processes
responsibility of for managing the enterprise (including succession
the board? planning).
3) Monitoring the corporation’s risks and internal
controls, including the ethical tone.
5. What is an A majority of the directors should be independent in both
independent fact and appearance.
director, and how An independent director has no current or prior
many should professional or personal ties to the corporation or its
a company have? management other than service as a director.
Independent directors must be able and willing to be
objective in their judgments.
6. What are common 1) Audit committee
committees that the 2) Compensation committee
Board establishes? 3) Governance committee
Each committee should have a charter, authorized by the
board, that outlines how each will be organized, their
duties and responsibilities, and how they report to the
board.
Each committee should be composed of independent
directors only.

AUDITING – 2019
7. Who are A stakeholder is an individual or entity who has a material

Stakeholders? interest in a company’s achievements, validated through
some form of investment, and thereby expects a benefit in
return.
8. Who are Internal • Directors
Stakeholders? • Senior management
• Employees
• Trade unions or staff associations
• Shareholders
9. Who are External • Customers
Stakeholders? • Suppliers
• Contractors and subcontractors
• Distribution networks
• Communities
• The general public and government
10. What are four levels Based on the stakeholder’s interest and power, the
of relationships company’s relationship will be to:
with stakeholders 1) ͏Ignore the stakeholder (weak power, low interest)
and what is each 2) Keep the stakeholder informed (weak power, high
level based on? interest)
3) Keep the stakeholder satisfied (strong power, low
interest)
4) Treat the stakeholder as a key player (strong power,
strong interest)
11. What is the role of The IAA must assess and make appropriate
internal audit recommendations to improve the organization’s
in Corporate governance processes for:
Governance? • Making strategic and operational decisions.
• Overseeing risk management and control.
• Promoting appropriate ethics and values within the
organization.
• Ensuring effective organizational performance
management and accountability.
• Communicating risk and control information to
appropriate areas of the organization.
• Coordinating the activities of, and communicating
information among, the board, external and internal
auditors, other assurance providers, and management.
12. What are the steps 1) Understand the general principles and models of
in auditing organizational governance.
a company’s 2) Review existing governance-related documentation.

AUDITING – 2019
governance 3)Develop a preliminary audit plan.

practices and 4)Meet with decision-makers (i.e., the board).
structure? 5)Execute the approved plan.
6)If necessary, consult legal counsel.
7)Complete the process, including a formal presentation
to the board and have key decision-makers sign a
“statement of acknowledgement.”
13. How is Organizational culture and its related practices are not
organizational written down or codified. Organizational culture can be
culture different rooted in the distinct personalities of company leadership
than or more generally in the ethnic, religious, or political
organizational context in which the business operates.
governance?
14. What are the six 1) Integrity and ethical values
control 2) Management’s philosophy and operating style
environments 3) Organizational structure
elements that 4) Assignment of authority and responsibility
organizational 5) Human resource policies and practices
culture may 6) Competence of personnel
impact?
15. What is the internal The internal audit activity must assess the design,
auditor’s role in implementation, and effectiveness of the organization’s
assessing ethics-related objectives, programs, and activities.
Organizational
Ethics?
16. What does a review 1) Policies, including the policy for reporting ethical
of violations
organizational 2) Procedures
ethics focus on? 3) Effectiveness
4) Disposition of ethical issues, including if the penalties
are appropriately scaled, if there is consistent
application, and if there is proper documentation.
5) Compliance
17. What are ethics Ethics advocates are visible models of appropriate
advocates and who behavior who encourage and support the code of conduct
must act as an at all times and at all levels of activity.
ethics advocate? Management must act as ethics advocates.
All individuals in the company should be encouraged to be
ethics advocates.
Internal auditors are also key ethical advocates - The IIA
Code of Ethics states that the internal auditors should be

AUDITING – 2019
an example of the ethical behavior that employees should

practice.
18. What is a Code of A Code of Conduct, or Business Conduct Policy, outlines
Conduct, and who the specific behaviors that are required of or prohibited
is it applicable to? for all employees.
The Code of Conduct should be written in clear, concise
language that eliminates ambiguity or contradictory
interpretation.
The Code of Conduct is applicable to all people in the
organization, regardless of position, department, or
length of employment.
19. The code of conduct • Conflicts of interest
includes guidance • Confidentiality of information
on what topics? • Acceptance of gifts
• Compliance with all applicable laws, rules, and
regulations
• Penalties – the Code must clearly detail the
consequences for any violations
20. What is the role of The Code of Conduct needs to be periodically assessed by
the IAA the IAA to ensure that it is relevant and that it reflects the
with the Code of company’s needs. Additionally, compliance with the Code
Conduct? of Conduct should also be tested periodically and may
even be included as part of every engagement.
21. What is Corporate The IIA’s Practice Guide Evaluating Corporate Social
Social Responsibility/Sustainable Development defines CSR as:
Responsibility? “The way firms integrate social, environmental, and
economic concerns into their values, culture, decision-
making, strategy and operations in a transparent and
accountable manner and thereby establish better
practices within the firm, create wealth, and improve
society.”
22. What are the levels • The board has overall responsibility for CSR.
of responsibility for • Management is responsible for executing CSR and
CSR in a company? ensuring that there are clear objectives, performance
measurement, and reporting.
• Employees must integrate CSR into their everyday
activities.
• The internal auditors should understand the risks and
controls related to CSR and may be responsible for
auditing CSR.

AUDITING – 2019
23. What are some of • Reputation

the risks associated • Compliance
with CSR? • Liability and lawsuits
• Operational
• Company stock valuation
• Employment market
• Consumer sales
• External business relationships
24. What are the seven 1) Organizational governance
core subjects in ISO 2) Human rights
26000? 3) Labor practices
4) The environment
5) Fair operating practices
6) Consumer issues
7) Community involvement and development
25. What are the five 1) A company should operate ethically and with integrity.
main aspects 2) A company should treat its employees fairly and with
of CSR in ISO respect.
26000? 3) A company should demonstrate respect for human
rights.
4) A company should be a responsible citizen in its
community.
5) A company should do what it can to sustain the
environment for future generations.
26. What are the four 1) Philanthropic responsibilities
levels of the 2) Ethical responsibilities
pyramid of social 3) Legal responsibilities
responsibility? 4) Economic responsibilities
27. What are the seven 1) Set priorities and policies for areas such as ethics,
steps in the CSR labor, the environment, charity, and any other relevant
Process? CSR areas.
2) Set specific objectives and strategies to achieve the
policies set by management.
3) Communicate and embed CSR into controls and
decision making.
4) Track the activities related to CSR so that the results of
the CSR policies and objectives can be measured,
analyzed, and benchmarked.
5) Engage stakeholders to resolve any complaints and
receive feedback on the CSR issues affecting them.

AUDITING – 2019
6) Audit results including controls related to CSR and any

public disclosures.
7) Report results.
28. What are different • By element.
approaches that • By stakeholder or stakeholder group.
can be taken to • By subject. For example, by workplace, marketplace,
auditing CSR? environment, and community.
• By department/function. Audit CSR separately for each
department within the organization.
• By third party. Audit third parties for compliance with
CSR terms and conditions.
29. What are the • Governance
elements of CSR • Ethics
that are commonly • Environment
audited? • Transparency
• Healthy, Safety, and Security
• Human Rights and Work Conditions
30. What are the • Employees and their families
stakeholder groups • Environmental organizations
in auditing CSR? • Customers
• Suppliers
• Communities
• Shareholders
31. How is risk defined “The possibility of an event occurring that will have an
in the Glossary? impact on the achievement of objectives. Risk is measured
in terms of impact and likelihood.”
32. What are the four 1) Strategic risks
broad categories of 2) Operational risks
risk? 3) Financial risks
4) Hazard risks
33. What is risk Risk capacity is the maximum amount of risk that an
capacity? organization can tolerate without irreparably damaging
the company.
34. What is risk Risk appetite is defined in the IIA Glossary as “the level of
appetite? risk that an organization is willing to accept.”
Risk appetite is shaped by the expectations of
stakeholders, regulatory and contractual requirements,
and the influence of technology, capital, and human
resources.
35. What is risk Risk tolerance is the amount of variance in the returns
tolerance? from an activity that a company is willing to tolerate.

AUDITING – 2019
The higher the risk tolerance, the greater the range of

outcomes a company is willing to accept.
36. What are some • Their position in the business-development cycle.
factors • The viewpoints of the major stakeholders.
that influence a • Accounting factors.
company’s • The opportunity for fraud.
risk appetite? • Entity-level factors – the personnel, changes in the
organization’s structure, and changes in key personnel.
• External factors – changes in the economy, industry, or
technology.
• Governmental restrictions.
37. What are the five 1) Risk identification
steps in the risk 2) Risk assessment
management 3) Risk prioritization
process? 4) Response planning
5) Risk monitoring
38. What are some • Brainstorming sessions
event • Event inventories and loss event data
identification • Interviews and self-assessment
techniques? • Facilitated workshops
• SWOT analysis
• Risk questionnaires and risk surveys
• Scenario analysis
• Technology
39. What is Inherent Inherent risk is defined as “the level of risk that resides
Risk? with an event or process prior to management taking a
mitigation action.”
It is the amount of risk that occurs naturally in the
activities of the company.
Management cannot do anything about the existence of
inherent risk; however, it can take steps to address and,
where appropriate, mitigate its effects.
40. What is Residual Residual risk is defined as: “The level of risk that remains
Risk? after management has taken action to mitigate the risk.”
Inherent risk
− Activities of management to mitigate/address the
risk
= Residual risk
41. What two factors 1) Loss frequency or probability
are used to assess 2) Loss severity

AUDITING – 2019
the exposure to
risk?
42. What is a Risk Map? A visual depiction of relative risks based on their expected
frequency and expected loss.
43. What are the four 1) Expected loss
measures of 2) Unexpected loss
potential loss? 3) Maximum probable loss
4) Maximum possible loss (also called extreme or
catastrophic loss)
44. What is the The amount that management expects to lose to a given
expected loss? risk per year on average over a period of several years.
Because the loss is expected, it should be included in the
budget.
45. What is the The amount that could likely be lost to the risk event in a
unexpected loss? very bad year, in excess of the amount budgeted for the
expected loss, up to the maximum probable loss. The
business should reserve the unexpected loss amount as
capital.
46. What is the The largest loss that can occur under foreseeable
maximum circumstances. Damage greater than the maximum
probable loss? probable loss could occur, but, in the judgment of
management, it is very unlikely to occur.
47. What is the The worst-case scenario. It represents the greatest
maximum possible loss from a specific risk or event.
possible loss?
48. What are the five 1) Avoiding or eliminating the risk
responses to risk? 2) Reducing or mitigating the risk
3) Transferring or sharing the risk
4) Retaining the risk
5) Exploiting or accepting the risk
49. What is Enterprise “[Enterprise risk management] is the culture, capabilities,
Risk Management? and practices that organizations integrate with strategy-
setting and apply when they carry out that strategy, with
a purpose of managing risk in creating, preserving, and
realizing value.”
50. What are the five 1) Governance and culture
components of the 2) Strategy and objective-setting
COSO ERM 3) Performance
Framework? 4) Review and revision
5) Information, communication, and reporting

AUDITING – 2019
51. What are the 1) Analyzes business context

principles of the 2) Defines risk appetite
“strategy and 3) Evaluates alternative strategies
objective setting” 4) Formulates business objectives
component of ERM?
52. What are the 1) Identifies risk
principles of the 2) Assesses severity of risk
“performance” 3) Prioritizes risks
component of ERM? 4) Implements risk responses
5) Develops portfolio view
53. What are the 1) Assesses substantial change
principles of the 2) Reviews risk and performance
“review and 3) Pursues improvement in enterprise risk management
revision”
component of ERM?
54. What are the 1) Leverages information systems
principles of the 2) Communicates risk information
“information, 3) Reports on risk, culture, and performance
communication and
reporting”
component of ERM?
55. What are the three 1) Principles. The interrelated values that are
areas of principles foundational to the risk-management process.
and guidance 2) Framework. The ways in which the risk-management
in ISO 31000? plan should be integrated into “significant activities and
functions.”
3) Process. A step-by-step list of procedures to design
and execute risk management.
56. What are the eight 1) Integrated
principles that ISO 2) Structured and comprehensive
31000 sets forth to 3) Customized
guide 4) Inclusive
risk-management 5) Dynamic
procedures? 6) Best available information
7) Human and cultural factors
8) Continual improvement
57. What are the six 1) Communication and consultation
steps of the 2) Scope, context, and criteria
risk-management 3) Risk assessment
process 4) Risk treatment
in ISO 31000? 5) Monitoring and review

AUDITING – 2019
6) Recording and reporting

58. What is the role of The internal audit activity must evaluate the effectiveness
the IAA in the risk- and contribute to the improvement of risk management
management processes.
process?
59. What must an The internal auditor must be satisfied that the
assessment organization’s risk management processes addresses:
of the risk- 1) Risks that arise from business strategies and activities
management are identified and prioritized.
process address? 2) Management and the board set the level of risk
acceptable to the organization (assess risk appetite).
3) Risk mitigation or reduction activities are designed and
implemented to reduce or otherwise manage risk at
acceptable levels.
4) Risk are periodically reassessed on an ongoing basis.
5) Reports are given periodically to the board and
management on the risk assessment process.
60. How is evidence for Evidence to support the risk assessment is usually
risk-management obtained from engagements throughout the year.
assessments Because there is no formula to follow, the successful
gathered? assessment of risk often rests with the professional
judgment and experience of the internal auditors and the
CAE.
61. What should the The CAE must convince the board and senior
IAA do when there management to establish one, even if it just an informal
is no risk- set of procedures.
management
process?
62. In what three areas 1) The design and implementation of the risk
should the IAA management processes.
provide assurance 2) Identification of key risks and the effectiveness of their
about the controls.
effectiveness of risk 3) Assessment and reporting of risk and controls.
management?
63. What are consulting • Giving assurance on the risk management process
engagements • Giving assurance that risks are correctly evaluated
connected to risk • Evaluating risk management processes
management that • Evaluating the reporting of key risks
are core roles of the • Reviewing the management of key risks
IAA?

AUDITING – 2019
64. What are consulting • Facilitating identification and evaluating risks

engagements • Coaching management in responding to risks
connected to risk • Coordinating ERM activities
management that • Consolidated reporting on risks
are legitimate roles • Maintaining and developing the ERM framework
of the IAA? • Championing the establishment of ERM
• Developing the ERM strategy for board approval
65. What are consulting • Setting the risk appetite
engagements • Imposing risk management processes
connected to risk • Management assurance on risks
management that • Taking decisions on risk responses
the IAA should not • Implementing responses on management’s behalf
undertake? • Accountability for risk management
66. How does the IIA “Any action taken by management, the board, and other
Glossary parties to manage risk and increase the likelihood that
define Control? established objectives and goals will be achieved.
Management plans, organizes, and directs the
performance of sufficient actions to provide reasonable
assurance that objectives and goals will be achieved.”
67. Internal control 1) Operations
provides reasonable 2) Reporting
assurance about the 3) Compliance
achievement of
objectives in what
three areas?
68. What are five types 1) Directive
of controls? 2) Preventive
3) Detective
4) Corrective
5) Compensating
69. What are the three 1) Feedforward controls
timings of controls? 2) Concurrent controls
3) Feedback controls
70. What are • Economical
characteristics of • Meaningful
effective controls? • Appropriate
• Congruent
• Timely
• Simple
• Operational

AUDITING – 2019
71. What are the 1) Internal controls can provide only reasonable
limitations of assurance that objectives can be achieved. Internal
internal controls? controls should never be promoted as a guarantee.
2) Human error, faulty judgment, collusion, and fraud can
all limit the effectiveness of controls.
3) Excessive or unreasonable controls can increase
bureaucracy and reduce productivity. Controls must be
evaluated in terms of their cost and benefit to avoid
wasting resources.
72. Who is responsible The board of directors oversees the control system.
for The CEO is responsible for the “tone at the top.”
internal controls? Senior managers delegate responsibility for establishing
specific internal control policies and procedures.
Financial officers and their staffs are central to the
exercise of control.
Internal auditors play a monitoring role.
Virtually all employees are involved in internal control.
External parties such as independent auditors often
provide information useful to effective internal control.
73. What are the three 1) Setting the objectives.
main elements of 2) Measuring performance against a standard.
the control process? 3) Evaluating the results then correcting or regulating the
performance.
74. What are input 1) Edit checks
controls in an 2) Key verifications
automated control 3) Redundancy checks
system? 4) Echo checks
5) Completeness checks
75. What are 1) Posting checks
processing controls 2) Cross-footing
in an automated 3) Zero balance checks
control system? 4) Run-to-run control totals
5) Internal header and trailer labels
6) Concurrency controls
7) Key integrity checks
76. What are output 1) Output distribution controls
controls in an 2) Output retention controls
automated control 3) Forms controls
system? 4) Error logs
77. What four duties 1) Authorizing a transaction.
should

AUDITING – 2019
always be 2) Recording the transaction, preparing source

segregated? documents, and maintaining journals.
3) Keeping physical custody of the related asset. For
example, receiving checks in the mail.
4) The periodic reconciliation of the physical assets to the
recorded amounts for those assets.
78. What is collusion? Collusion is when two or more people work together to
get around the controls that are in place.
79. What are the five 1) Control environment
components of 2) Risk assessment
internal control? 3) Control activities
4) Information and communication
5) Monitoring activities
80. What is the Control The control environment sets the tone for the
Environment organization, influencing the control consciousness of its
in the COSO Model? people. The control environment is the foundation for the
other components of internal control.
81. What is Risk Risk assessment is the identification and analysis of
Assessment relevant risks to the achievement of objectives and forms
in the COSO Model? a basis for how risks should be managed.
82. What are Control Control activities ensure that management directives are
Activities carried out. These policies and procedures also outline the
in the COSO Model? necessary steps to address risks to the organization’s
objectives.
83. What is These are the systems or processes that support the
Information and identification, capture, and exchange of information in a
Communication form and time frame that enable people to carry out their
in the COSO Model? responsibilities.
84. What is Monitoring These are processes used to assess the quality of internal
in the COSO Model? control performance over time. This objective is
accomplished through ongoing monitoring activities,
separate evaluations, or a combination of the two.
85. What are the five 1) The organization demonstrates a commitment to
principles of the integrity and ethical values.
Control 2) The board of directors demonstrates independence
Environment under from management and exercises oversight of the
the COSO Model? development and performance of internal control.
3) Management establishes, with board oversight,
structures, reporting lines, and appropriate
authorities and responsibilities in the pursuit of
objectives.

AUDITING – 2019
4) The organization demonstrates a commitment to

attract, develop, and retain competent individuals in
alignment with objectives.
5) The organization holds individuals accountable for
their internal control responsibilities in the pursuit of
objectives.
86. What are the four 1) The organization specifies objectives with sufficient
principles of clarity to enable the identification and assessment of
Risk Assessment risks relating to objectives.
under the 2) The organization identifies risks to the achievement of
COSO Model? its objectives across the entity and analyzes risks as a
basis for determining how the risks should be
managed.
3) The organization considers the potential for fraud in
assessing risks to the achievement of objectives.
4) The organization identifies and assesses changes that
could significantly impact the system of internal
control.
87. What are the three 1) The organization selects and develops control
principles of activities that contribute to the mitigation of risks to
the Control the achievement of objectives to acceptable levels.
Activities under the 2) The organization selects and develops general control
COSO Model? activities over technology to support the achievement
of objectives.
3) The organization deploys control activities through
policies that establish what is expected and procedures
that put policies into action.
88. What are the three 1) The organization obtains or generates and uses
principles of relevant, quality information to support the
Information and functioning of internal control.
Communication 2) The organization internally communicates
under the COSO information, including objectives and responsibilities
Model? for internal control, necessary to support the
functioning of internal control.
3) The organization communicates with external parties
regarding matters affecting the functioning of internal
control.
89. What are the two 1) The organization selects, develops, and performs
principles of ongoing and/or separate evaluations to ascertain
Monitoring whether the components of internal control are
activities present and functioning.

AUDITING – 2019
under the COSO 2) The organization evaluates and communicates internal

Model? control deficiencies in a timely manner to those parties
responsible for taking corrective action, including
senior management and the board of directors, as
appropriate.
90. What type of Soft controls, which emphasize ideas and expectations
controls do both (for example, shared values, expectations, commitment,
COSO and CoCo competence, and trust) rather than specific tasks (for
emphasize? example, policies and procedures).
91. What are the key • Board’s responsibility for internal controls
tenets of the • Management’s responsibility for internal controls
Turnbull Report? • Employees’ responsibility for internal controls
• Adopting a risk-based approach
• Ongoing monitoring of risks and controls
92. What is the role of The internal audit activity must assist the organization in
the IAA in the maintaining effective controls by evaluating their
company’s control effectiveness and efficiency and by promoting continuous
system? improvement.
93. What are the steps 1) Identify objectives and any associated risks.
in 2) Determine the significance of any risks.
the evaluation of 3) Make note of the responses to these risks.
the 4) Identify the “key controls.”
effectiveness of 5) Assess how well a given control is designed.
controls? 6) Test the control to ascertain the effectiveness of the
design.
94. What three criteria 1) The level of control must be “appropriate for the risk
can help the IAA it addresses.” For example, petty cash does not need as
measure the many controls as cash received from customers.
effectiveness of a 2) The costs of the control must not exceed the benefits it
specific control? provides. For example, the office supply cabinet does
not need 24/7 surveillance and a biometric scanner for
access, but a server room certainly would.
3) No control should “create significant business
concerns.” For example, regardless of how efficiently a
control manages a particular risk, if the control breaks
the law, it puts the company in significant legal
jeopardy.

AUDITING – 2019
SECTION F – FRAUD RISKS (WEIGHTAGE 10%)

1. What is fraud? “Any illegal act characterized by deceit, concealment, or
violation of trust. These acts are not dependent upon the
threat of violence or physical force. Frauds are
perpetrated by parties and organizations to obtain
money, property, or services; to avoid payment or loss of
services; or to secure personal or business advantage.”
2. What are three main 1) Fraudulent financial reporting
types of fraud? 2) Misappropriation (theft) of assets
3) Corruption
3. What are the three 1) The person must be motivated to commit the
conditions fraud.
necessary for 2) The person must have the opportunity to commit
committing fraud? the fraud.
3) The person must be able to rationalize the fraud.
Collectively, these three elements are called the fraud
triangle. If the company can eliminate any of these three
elements, the likelihood of fraud occurring is greatly
reduced.
4. What is the Management has the responsibility to establish and
responsibility of maintain an effective control system.
management and The internal auditor is responsible for examining the
the IAA in controls to determine if they are adequate to prevent or
connection with detect fraud as well as looking for occurrences of fraud.
fraud? However, the internal auditor is not responsible for
preventing fraud.
5. What is Override of controls occurs when management
management overrides or in some way circumvents the controls in
override of place in order to commit fraud.
controls?
6. What are the five 1) Identify relevant fraud risk factors.
key steps 2) Identify potential fraud schemes and prioritize
of fraud risk them based on risk.
assessment? 3) Map existing controls to potential fraud schemes
and identify gaps.
4) Test operating effectiveness of fraud prevention
and detection controls.
5) Document and report the fraud risk assessment.

AUDITING – 2019
7. What is included in • The types of fraud that have some chance of

the occurring.
fraud risk • The inherent risk of fraud considering the
assessment? availability of liquid and saleable assets,
organizational morale, employee turnover, the
history of fraud and losses.
• The adequacy of existing anti-fraud programs,
monitoring, and preventive controls.
• The potential gaps in the organization’s fraud
controls, including segregation of duties.
• The likelihood of a significant fraud occurring.
• The business impact of fraud.
8. What guidance is • Consider fraud risks in the assessment of internal
provided control design and determination of audit steps to
for auditors perform.
conducting • Have sufficient knowledge of fraud to identify red
fraud engagements? flags indicating fraud may have been committed.
• Be alert to opportunities that could allow fraud,
such as control deficiencies.
• Evaluate whether management is actively
retaining responsibility for oversight of the fraud
risk management program.
• Evaluate the indicators of fraud.
• Recommend investigation when appropriate.
9. What are red flags? Anything that strongly suggests that an unethical or
suspicious event has taken place, or is a situation that
would enable fraud to take place without detection.
10. What should the IAA If there is reasonable certainty that fraud has occurred,
do the CAE should notify the appropriate management
when there is level, usually the audit committee and perhaps also the
reasonable board of directors.
certainty that a Management then makes the decision whether or not to
fraud has occurred? start an investigation.
11. What role should the The specific role of the IAA in a fraud investigation
IAA have in respect should be outlined in the Charter and possibly in policies
to fraud and procedures related to fraud.
engagements? The potential roles for the IAA include:
• Leading the investigation,
• Being a supporting resource to another party
leading the investigation, or

AUDITING – 2019
• No role at all if the IAA does not have the

resources.
12. What should the IAA • Assess the probable level and extent of complicity
do when conducting in the fraud within the organization.
a fraud • Determine the knowledge, skills, and other
investigation? competencies needed to effectively carry out the
investigation.
• Design procedures to identify the perpetrators,
the extent of the fraud, the techniques used, and
the cause of the fraud.
• Coordinate activities with management
personnel, legal counsel, and other specialists as
appropriate throughout the course of the
investigation.
• Be aware of the rights of alleged perpetrators and
personnel within the scope of the investigation
and the reputation of the organization itself.
13. What should the IAA • Determine if controls need to be implemented or
do at the conclusion strengthened.
of a fraud • Design engagement tests to help disclose frauds
investigation? in the future.
• Maintain sufficient knowledge of fraud to identify
future incidents.
14. What is the first Principle 1: As part of an organization’s governance
principle in structure, a fraud risk management program should be
Managing Business in place, including a written policy (or policies) to convey
Risk Fraud: the expectations of the board of directors and senior
A Practical Guide management regarding managing fraud risk.
15. What is the second Principle 2: Fraud risk exposure should be assessed
principle in periodically by the organization to identify specific
Managing Business potential schemes and events that the organization
Risk Fraud: needs to mitigate.
A Practical Guide Ongoing risk management should consider three
questions:
• How could someone exploit a weakness in the
system?
• How could someone override or circumvent
controls?
• How could someone conceal the fraud?

AUDITING – 2019
16. What is the third Principle 3: Prevention techniques to avoid potential key
principle in fraud risk events should be established, where feasible,
Managing Business to mitigate possible impacts on the organization.
Risk Fraud: All employees need to be aware of the fraud risk
A Practical Guide management program so that they know there is an
effort to prevent and detect fraud.
17. What is the fourth Principle 4: Detection techniques should be established
principle in to uncover fraud events when preventive measures fail
Managing Business or unmitigated risks are realized.
Risk Fraud: Detection controls should:
A Practical Guide • Usually be hidden and operate in the background.
• Be implemented and used in the ordinary course
of business.
• Draw on external information to corroborate
internal information.
• Formally and automatically communicate
deficiencies and exceptions to leadership.
• Use results to enhance and modify other controls.
18. What is the fifth Principle 5: A reporting process should be in place to
principle in solicit input on potential fraud, and a coordinated
Managing Business approach to investigation and corrective action should
Risk Fraud: be used to help ensure potential fraud is addressed
A Practical Guide appropriately and timely.
19. What is Whistleblowing is the act of reporting wrongdoing or
Whistleblowing? suspected wrongdoing outside of the normal chain of
command.
20. What is a key To encourage people to share problems, the
characteristic of a whistleblowing system needs to be confidential and
whistleblowing anonymous. It may include a phone number to call or a
reporting system? specific person to contact. It is also possible that the
whistleblowing process may be facilitated by a third-
party entity.
In addition to setting up such a system, management
must make sure that all employees know about it and
that they feel confident that their identities will be
protected.
21. What is Forensic When auditing skills are applied to situations that have
Auditing? potential legal implications and/or consequences.
Forensic auditing is performed when it has been
determined that something inappropriate might have

AUDITING – 2019
happened and there is a need to investigate that situation

in more depth.
22. What is an In an interrogation, the internal auditor seeks
Interrogation? confirmation or ideally a confession. Usually,
interrogations are done after evidence has been
collected and there is a strong suspicion of fraud or
unethical behavior.
23. Who performs an At least two people should conduct an interrogation: an

Interrogation? experienced individual leads the interrogation and a
second person takes notes and is a corroborating
witness.
There will most likely be legal counsel involved in both
the preparation for the interrogation and its execution
to make certain that the company does not place itself at
risk of being sued.
24. What is a A confession is a complete acknowledgement of
Confession? wrongdoing by the accused.
25. What is an In an admission, the accused party acknowledges
Admission? committing a certain act, but he or she does not confess
that there was intent, nor does the accused party confess
to the accusation.
26. What are three legal 1) Defamation of character
hazards 2) False imprisonment
for the company in 3) Malicious prosecution
a Fraud
Investigation?

AUDITING – 2019

CIA Part 1 - 2019 PDF

Uploaded by

Copyright:

Available Formats

CIA Part 1 - 2019 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CIA Part 1 - 2019 PDF

Uploaded by

Copyright:

Available Formats

CERTIFIED INTERNAL AUDITOR (CIA), US

PART 1 – ESSENTIALS OF INTERNAL

Call: + 92 311 222 4261

ABOUT THE MENTOR ................................................................................................. 4

LETTER FROM MUHAMMAD ZAIN ...................................................................... 5

CIA PART 1 – BASIC INFORMATION ..................................................................... 6

SECTION A – FOUNDATIONS OF INTERNAL AUDITING ......................... 7

SECTION B – INDEPENDENCE AND OBJECTIVITY .................................... 11

SECTION C – PROFICIENCY AND DUE PROFESSIONAL CARE ............ 14

SECTION D – QUALITY ASSURANCE AND IMPROVEMENT

SECTION E – GOVERNANCE, RISK MANAGEMENT AND CONTROL

SECTION F – FRAUD RISKS .................................................................................... 34

From the Desk of Muhammad Zain – Founder of Zain Academy Page 3 of 39

About the Mentor

Muhammad Zain has passed Uniform Certified Public Accountant (CPA)

It is my privilege to present you the 2019 edition of Certified Internal

With Love and Care,

From the Desk of Muhammad Zain – Founder of Zain Academy Page 5 of 39

CIA PART 1 – BASIC INFORMATION

S.No Sections Description Weightage

CIA Candidate Handbook can be found on the link:

CIA Exam FAQs are available on the following link:

CIA Eligibility requirements are available on the following link:

FORMAT OF THE EXAM

From the Desk of Muhammad Zain – Founder of Zain Academy Page 6 of 39

SECTION A – FOUNDATIONS OF INTERNAL AUDITING

S.No Questions Answers

From the Desk of Muhammad Zain – Founder of Zain Academy Page 7 of 39

IGs collectively address internal auditing’s approach,

From the Desk of Muhammad Zain – Founder of Zain Academy Page 8 of 39

From the Desk of Muhammad Zain – Founder of Zain Academy Page 9 of 39

 Shall disclose all material facts known to them that, if

From the Desk of Muhammad Zain – Founder of Zain Academy Page 10 of 39

SECTION B – INDEPENDENCE AND OBJECTIVITY

S.No Questions Answers

From the Desk of Muhammad Zain – Founder of Zain Academy Page 11 of 39

• Making appropriate inquiries of management and the

From the Desk of Muhammad Zain – Founder of Zain Academy Page 12 of 39

previously provides assurance services for an activity for which the

From the Desk of Muhammad Zain – Founder of Zain Academy Page 13 of 39

SECTION C – PROFICIENCY AND DUE PROFESSIONAL

S.No Questions Answers

From the Desk of Muhammad Zain – Founder of Zain Academy Page 14 of 39

From the Desk of Muhammad Zain – Founder of Zain Academy Page 15 of 39

• Probability of significant errors, fraud, or

From the Desk of Muhammad Zain – Founder of Zain Academy Page 16 of 39

SECTION D – QUALITY ASSURANCE AND IMPROVEMENT

S.No Questions Answers

From the Desk of Muhammad Zain – Founder of Zain Academy Page 17 of 39

with the Standards

From the Desk of Muhammad Zain – Founder of Zain Academy Page 18 of 39

SECTION E – GOVERNANCE, RISK MANAGEMENT AND

S.No Questions Answers

From the Desk of Muhammad Zain – Founder of Zain Academy Page 19 of 39

7. Who are A stakeholder is an individual or entity who has a material

From the Desk of Muhammad Zain – Founder of Zain Academy Page 20 of 39

governance 3)Develop a preliminary audit plan.

From the Desk of Muhammad Zain – Founder of Zain Academy Page 21 of 39

an example of the ethical behavior that employees should