CRMA - Certification in Risk Management Assurance Planning Risk-Based Engagements Questions and Answers

Question 1

A Chief Audit Executive (CAE) has established a comprehensive, risk-based annual audit plan that has been approved by the audit committee.
Three months into the year, a new, potentially disruptive technology emerges in the organization's industry.
Senior management is concerned about the unforeseen risks.
What is the most appropriate first step for the CAE to take?

Accepted Answer

Conduct a preliminary assessment of the risks associated with the new technology to determine its significance to the organization.

Answer

Continue with the approved audit plan to avoid deviation and ensure all planned engagements are completed.

Answer

Immediately add an audit of the new technology to the plan and request additional resources from the audit committee.

Answer

Wait until the next annual planning cycle to formally assess the risks of the new technology.

Question 2

When developing a risk-based audit plan, what is the primary purpose of creating an audit universe?

Accepted Answer

To provide a comprehensive inventory of all potential audit subjects, which serves as the foundation for the risk assessment and planning process.

Answer

To document every single business process and system in the organization for historical record-keeping.

Answer

To create a fixed, multi-year schedule of audits that will be performed, ensuring predictable coverage.

Answer

To list only the high-risk areas identified by senior management, limiting the scope of internal audit's work.

Question 3

A CRMA is prioritizing potential engagements from the audit universe to create the annual audit plan. Which of the following factors is the MOST crucial for ensuring the plan adds value to the organization?

Accepted Answer

The alignment of potential engagements with the organization's strategic objectives and key risks.

Answer

The time elapsed since the last audit of each auditable entity.

Answer

The personal concerns and requests of individual department managers.

Answer

The complexity of the systems and controls within each auditable entity.

Question 4

The CEO approaches the Chief Audit Executive (CAE) with an urgent request to conduct a special review of a new joint venture, an engagement that was not included in the approved annual audit plan. What is the CAE's most appropriate response?

Accepted Answer

Assess the request's significance and the impact on the current audit plan, including resource implications, and discuss the necessary trade-offs with senior management and the audit committee.

Answer

Refuse the request because it falls outside the audit committee-approved plan.

Answer

Accept the engagement immediately and begin fieldwork the next day to demonstrate responsiveness.

Answer

Inform the CEO that the request can be added to the audit universe and will be considered for next year's audit plan.

Question 5

Which of the following is the most critical input for the Chief Audit Executive (CAE) to consider when developing the annual risk-based internal audit plan?

Accepted Answer

The organization's strategic objectives, business plans, and associated enterprise-level risks.

Answer

The audit plan from the previous year to ensure consistency in audit coverage.

Answer

A list of available internal audit staff and their respective competencies.

Answer

Benchmarking data from internal audit functions at competitor organizations.

Question 6

A CAE is presenting the proposed risk-based audit plan to the audit committee for approval. Beyond the list of proposed engagements, what is the most important message for the CAE to convey to demonstrate the plan's validity?

Accepted Answer

That the plan was developed through a systematic risk assessment process linked to the organization's key objectives.

Answer

That the plan guarantees all organizational risks will be eliminated.

Answer

That the plan includes the maximum number of audits that can be completed with the current budget.

Answer

That the plan is identical to the one proposed by the external auditors to ensure synergy.