Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. IIA
  5. IIA-CRMA

IIA IIA-CRMA Exam
Certification in Risk Management Assurance (CRMA) Exam (Page 3 )

Updated On: 9-Feb-2026
Page 3 of 58
PDF with 283 Questions

An organization's chief audit executive (CAE) determines that the internal audit staff does not have the requisite skills to conduct an audit of the financial derivatives area. Which of the following would be the best course of action for the CAE to follow?

  1. Outsource the audit engagement to a qualified external auditing firm without burdening the audit committee with the decision.
  2. Determine the requisite knowledge needed, and obtain the proper training for auditors, even if the training will significantly push back the project's timeframe as outlined by the audit committee.
  3. Notify the audit committee of the problem, and assign the most competent auditors on staff to perform the audit engagement.
  4. Employ the skills of a financial derivatives expert to consult on the project, and supplement the consulting with a local seminar on financial derivatives.

Answer(s): D



Management of a publicly-held organization requires the internal audit activity to be involved with quarterly financial statements, which are made public and used internally. Which of the following explanations of management's decision is least plausible?

  1. Management may be concerned about its reputation in the financial markets.
  2. Management is following best-practice protocol, as stipulated by the Standards, which states that internal auditors must review quarterly financial statements.
  3. Management may be concerned about potential penalties that could occur if quarterly financial statements are misstated.
  4. Management may perceive that having quarterly financial information examined by the internal auditors enhances the information's value to internal decision making.

Answer(s): B



Which of the following scenarios exemplifies a potential internal control weakness?

  1. The same employee who receives cash from customers prepares a prelisting of cash receipts.
  2. The same employee who records cash receipts in the accounts receivable subsidiary ledger ensures that the ledger automatically updates the information.
  3. The same employee who restrictively endorses checks received from customers prepares the bank's check deposit slips.
  4. The same employee who makes deposits at the bank prepares the monthly bank reconciliation.

Answer(s): D



After being terminated due to downsizing, an internal auditor finds a different job with an organization in the same industry. Which of the following actions would violate the IIA Code of Ethics?

  1. To determine audit priorities in the new job, the auditor uses the audit risk approach that the auditor's previous employer used, without receiving permission to do so.
  2. At the new organization, the auditor is asked to develop forms to implement probability- proportional-to-size sampling. Although unsure of how to perform this type of sampling, the auditor proceeds without asking for assistance.
  3. In preparing for an audit at the previous organization, the auditor had conducted a great deal of research on the Internet at home to identify best practices for the management of a treasury function. The auditor has retained much of the research and uses it to conduct an audit of the new employer's treasury function.
  4. In the first week at the new organization, the auditor discovers a high fraud risk surrounding the organization's database and suggests that the information technology department implement anew password system to prevent fraudulent actions before they occur.

Answer(s): B



An organization has implemented a new automated payroll system that contains a table of pay rates that are matched to employee job classifications. Which control should an internal auditor suggest in order to ensure that the table is updated correctly, and is used only for valid pay changes?

  1. Restrict data-table access from management and line supervisors who have the authority to determine pay rates.
  2. Require a supervisor in the department, who has the ability to change the table, to compare the changes to a signed management authorization.
  3. Ensure that adequate edit and reasonableness checks are built into the automated system.
  4. Require a manager, who is independent of the system and who cannot change the table, to authorize and sign-off on any employee pay changes.

Answer(s): D






Post your Comments and Discuss IIA IIA-CRMA exam prep with other Community members:

Join the IIA-CRMA Discussion