Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 111
Which of the following actions would be considered a violation of the Standards?
I. Drafts of engagement communications were reviewed with the audit client to obtain input. The client's comments were considered when developing the engagement final communication.
II. An auditor participated as part of a development team to review the control procedures to be incorporated into a major computer application under development.
III. Given limited resources, the chief audit executive performed a risk analysis to determine which functions to audit.
Answer options
- A. II only
- B. I and III only
- C. I, II, and III.
- D. None of the above.
Correct answer: D
Explanation
All the actions described in I, II, and III are permissible under the Standards. I involves obtaining client input, which is acceptable, II refers to an auditor participating in system development in a way that does not impair independence, and III is a necessary action for prioritizing audits based on risk. Therefore, the correct answer is D, as none of the actions are violations.