New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > IIA > CCSA Certification > IIA-CCSA

IIA-CCSA Certification in Control Self-Assessment® (CCSA®) Question and Answers

Question # 4

Which of the following is correct?

A.

Internal audit characteristic of the internal auditor’s paradigm has internal control as its old paradigm and risk management as its new paradigm.

B.

Internal audit characteristic of the internal auditor’s paradigm has internal control as its new paradigm and cost management as its old paradigm.

C.

Internal audit response characteristic of the internal auditor’s paradigm has internal control as its old paradigm and risk management as its new paradigm.

D.

Internal audit response characteristic of the internal auditor’s paradigm has internal control as its new paradigm and risk management as its old paradigm.

Full Access
Question # 5

New employees, consultants and contractors must receive security awareness training and supporting documentation at the time of employment refers to:

A.

Employee orientation

B.

Confidentiality agreement

C.

Both A & B

D.

Neither A nor B

Full Access
Question # 6

A process to identify events potentially affecting the entity and manage risk within its risk appetite is known as:

A.

Enterprise Risk Management

B.

Stricter Risk Disclosure

C.

Overlapping Risk Classification

D.

Risk Management Strategy

Full Access
Question # 7

Risk assessment characteristic of the internal auditor’s paradigm has scenario planning as its new paradigm and its old paradigm is:

A.

External control

B.

Internal control

C.

Independent appraisal function

D.

Risk factors

Full Access
Question # 8

The ability to manage yourself and your responsibilities is called:

A.

Management awareness

B.

Achievement Orientation

C.

Conscientiousness

D.

Adaptability

Full Access
Question # 9

The level of control risk k cannot be modified during testing if test results indicate a change is warranted.

A.

True

B.

False

Full Access
Question # 10

The delegation of authority is not well appropriate in relation to the assignment of responsibility.

A.

True

B.

False

Full Access
Question # 11

Work group participants may be suspicious and even hostile, seeing CSA as a management ploy to find out more about them, when:

A.

auditor implements several critical points with respect to use of CSA

B.

auditor doesn’t able to recognize several critical points with respect to use of CSA

C.

auditor reports several critical points with respect to use of CSA

D.

auditor recognizes several critical points with respect to use of CSA

Full Access
Question # 12

Which factor is inherent in all business activities and as a result must be routinely addressed in internal and external audits?

A.

Change

B.

Risk

C.

Cost

D.

Resources

Full Access
Question # 13

The purpose of developing and organizational structure is:

A.

To establish individual responsibilities to handle complexity of the organization’s processes.

B.

To establish individual responsibilities as a means of control and to ensure the organization achieves its goals.

C.

To establish individual responsibilities, their number and type.

D.

To establish individual responsibilities to formalize the organization’s processes.

Full Access
Question # 14

The policy statement that defines the objectives for and commitment to risk management within the organization’s strategic and operational context is called:

A.

Risk management

B.

Enterprise risk management

C.

Strategic risk management

D.

Operational risk management

Full Access
Question # 15

The change that results in a need to change policies, procedures, staffing levels or goals refers to which change?

A.

Change in policy

B.

Change in technology

C.

Change in practices

D.

Change in expertise

Full Access
Question # 16

Comparison of cost of a program or activity to a measurable unit of output or outcome is called cost-residuary impact.

A.

True

B.

False

Full Access
Question # 17

Which auditors provide varying degrees of assurance about the state of effectiveness of the risk management and control processes of the organization?

A.

Senior management

B.

Operating managers

C.

Internal & External

D.

Organizational

Full Access
Question # 18

No proper documentation of adds, changes or deletions to vendor master file is a fraud warning sign of:

A.

Personality characteristics

B.

Organizational characteristics

C.

Accounts payable

D.

Accounts receivable

Full Access
Question # 19

When organizations delegate authority and make decisions by using managers from more then one subarea, these refer to:

A.

Template organization

B.

Complex structure

C.

Matrix organization

D.

Multilevel hierarchical structure

Full Access
Question # 20

Which of the following is NOT the step involved in evaluating the internal controls?

A.

Identify control points

B.

Document an understanding of the control environment

C.

Assess the level of control risk

D.

Define the adequacy of the system of internal control

Full Access
Question # 21

To improve the quality of financial reporting through a focus on corporate governance, internal controls and ethical standards, is the mission of:

A.

Committee on Sponsoring Organizations

B.

Criteria of Commitment

C.

Control Auditors Committee

D.

Control risk property value

Full Access
Question # 22

Which of the following is Correct?

A.

those risks that reduce consequences to immateriality are tested at the time of risk measurement.

B.

those audits that reduce consequences to immateriality are tested during the program execution.

C.

those internal controls that reduce consequences to immateriality are tested in the audit program.

D.

those amendments that reduce consequences to immateriality are tested after the feedback.

Full Access
Question # 23

The process of helping management and/or work teams assess the likelihood of meeting business objectives is called:

A.

CSA facilitation

B.

CSA process

C.

CSA goal

D.

CSA function

Full Access
Question # 24

What is based on the extent of impact to the organization as a whole?

A.

Promotion system

B.

Code of conduct

C.

Rank vulnerability

D.

Rank inherent risk

Full Access
Question # 25

Which of the following is Correct?

A.

The organization’s competence to standards is appropriate for its size and the nature of its operations.

B.

The organization’s operating style is appropriate for its size and the nature of its operations.

C.

The organization’s organizational structure is appropriate for its size and the nature of its operations.

D.

The organization’s organizational authority and responsibility is appropriate for its size and the nature of its operations.

Full Access
Question # 26

Organizations with centralized structures with a strict chain of command and typically perform highly repetitive tasks grouped within their functional areas, have:

A.

Machine bureaucracy

B.

Performance bureaucracy

C.

Functional bureaucracy

D.

Organizational bureaucracy

Full Access
Question # 27

Performance measures should be comprehensive enough to reach valid conclusions about the program.

A.

True

B.

False

Full Access
Question # 28

Severity of consequences is often dependent on the operation of internal controls.

A.

True

B.

False

Full Access
Question # 29

_________ refers to recommended actions should take into account relevant resource limitations.

A.

Sufficiency

B.

Feasibility

C.

Consistency

D.

Reliability

Full Access
Question # 30

What has the ability to combine both qualitative and quantitative data in imaginative ways?

A.

Facts

B.

Impacts

C.

Scenarios

D.

Figures

Full Access
Question # 31

The purpose of Control self-assessment is:

A.

to make analysis through interviews

B.

to find report issued by auditors

C.

through which internal control effectiveness is examined and assessed

D.

to focus on policies and procedures that are strategy compliance

Full Access
Question # 32

The ability to take charge and inspire with a compelling vision is known as:

A.

Directed vision

B.

Visionary leadership

C.

Visionary management

D.

Intended vision

Full Access
Question # 33

Which of the following is Correct?

A.

Communications from external parties should corroborate internally generated data or indicate problems with internal control.

B.

Approval from external parties should corroborate externally generated data or indicate problems with internal control.

C.

Communications from internal parties should corroborate internally generated data or indicate problems with external control.

D.

Communications from internal parties should corroborate externally generated data or indicate problems with external control.

Full Access
Question # 34

Which of the following is NOT the factor involved that influence the state of an organization’s control environment?

A.

History of control weakness

B.

Strong code of conduct

C.

Strong ethics policy

D.

Improve productivity

Full Access
Question # 35

What aims to allow individuals involved in the process to assist the CSA team in identifying the risks and control weaknesses in the processes being reviewed?

A.

Interviews

B.

Survey

C.

Voting

D.

Auditing

Full Access
Question # 36

Programmed procedures designed to prevent, detect and correct errors or irregularities that could adversely impact the organization’s business activities are called:

A.

Manual controls

B.

Error controls

C.

Internal controls

D.

Automated controls

Full Access
Question # 37

The organization has a mechanism to ensure the prompt resolution of findings from audits and other reviews through:

A.

Program evaluation

B.

Audit resolution

C.

Ongoing monitoring

D.

Control environment

Full Access
Question # 38

Organic structures are:

A.

Common to Formal, decentralized organizations that tend to be more participative, open and fixed.

B.

Common to Formal, centralized organizations that tend to be more participative, open and fixed.

C.

Common to informal, centralized organizations that tend to be more participative, open and flexible.

D.

Common to informal, decentralized organizations that tend to be more participative, open and flexible.

Full Access
Question # 39

Accurate self-assessment is a realistic evaluation of your strengths and limitations.

A.

True

B.

False

Full Access
Question # 40

Post implementation reviews of projects allow management to assess the degree to which the objectives were achieved for the resources expended in which phase of project management?

A.

Implementation

B.

Follow-up

C.

Reporting

D.

Analyzing

Full Access