Free IIA-CRMA-ADV Practice Test Questions 2026

The results of an internal audit activity's (IAA) quality assurance and improvement program are favorable and an external assessment was completed within the last five years. Which of the following statements may the IAA use to describe its work?

A. "Completed with the advance certification of the External Assessors Association for Auditing Review."

B. "Conforms with the International Standards for the Professional Practice of Internal Auditing."

C. "Certified 100% accuracy, per the International Standards of External Assessment."

D. "Compliant with all domestic and international legal statutes, and certified quality assured for ten years."

The chief audit executive (CAE) has been asked to manage the regulatory compliance function for the organization's retail store operations. Store operations are included in the annual audit plan. Which of the following strategies best fulfills the requirements of the Standards regarding these audits?

A. The scope of store operations audits should exclude compliance.

B. Store operations audits can be fully executed with appropriate disclosure to the board.

C. Store operations audits should be performed by an external service provider.

D. A store operations compliance audit should be performed by a staff internal auditor under the direction of the CAE.

An internal auditor is reviewing employee travel data to identify opportunities to cut costs while ensuring adequate participation at conferences to support the organization's mission. Which of the following pieces of evidence would be sufficient for completing this task?

A. A log from the last year that includes dates of travel, conference titles, and conference objectives, all of which correspond with employee names and costs per trip.

B. A log that includes titles of conferences that all employees were invited to attend in the last year, along with the dates of those conferences and average costs per traveler.

C. A log of conferences titles, dates of travel for each employee, and a detailed summary of conference objectives and how they relate to the organization's mission needs.

D. A log of employee travel requests, which include the title of each conference, the conference objectives, anticipated dates of travel, and estimated costs.

The chief audit executive (CAE) of a mid-sized pharmaceutical organization has operational responsibility for the regulatory compliance function. The auditcommittee requests an assessment of regulatory compliance. According to IIA guidance, which of the following is the CAE's best course of action?

A. Have a proficient internal audit staff member perform the assessment and disclose the impairment in the audit report and to the board.

B. Have a regulatory compliance staff member perform a self-assessment, to be reviewed by a proficient internal auditor.

C. Have a proficient internal audit staff member perform the audit and report the results of the assessment directly to senior management and the board.

D. Contract with a third-party entity or external auditor to complete the assessment and report the results to senior management and the board.

When internal auditors are preparing workpapers for the testing stage of an engagement,
which of the following guidelines should be observed?
1. Include copies of all client files that were reviewed for the audit.
2. Avoid the use of professional, industry-appropriate jargon and technical terms.
3. Indicate the original sources of all data and information used in the workpapers.
4. Leave blank space for cross-references to be completed during the post-audit process.

A. 1 and 2 only

B. 1 and 4 only

C. 2 and 3 only

D. 3 and 4 only

Which of the following is the most significant disadvantage of using checklists to evaluate internal controls?

A. They serve as a reminder of what controls should exist in a process.

B. They require yes/no responses to specific questions, not open-ended responses.

C. They do not capture all controls that may exist.

D. They are useful in assessing risk.

Which of the following conditions is the most likely indicator of fraud?

A. Commissions are paid based on verified increases to sales.

B. Departmental reports are consistently issued in an untimely manner.

C. A manager regularly assumes subordinates' duties.

D. Lower earnings occur during the industry's down cycle.

Which of the following actions indicates a lack of due professional care by an internal auditor performing an audit of a store's cash function?

A. The audit report included a well-supported recommendation for a reduction in staff even though such a reduction might adversely impact morale.

B. The auditor tested samples of transactions to test the cash function's process flows.

C. After determining that the cash function internal controls were strong, the audit report assured senior management that fraud was not present.

D. The auditor discovered an instance of potential fraud and reported it immediately to management, but did not alert authorities outside the organization.

Why is it important for the chief audit executive to periodically review the audit charter and present the results to senior management and the board?

A. Because management requires the review to measure effectiveness of the internal audit activity.

B. So that the individual objectivity of the internal audit staff can be more clearly established.

C. So that there is assurance of the internal audit staff's proficiency to complete audit activities.

D. Because changes in the organization may impair the internal audit activity's ability to meet its objectives.

After being terminated due to downsizing, an internal auditor finds a different job with an organization in the same industry. Which of the following actions would violate the IIA Code of Ethics?

A. To determine audit priorities in the new job, the auditor uses the audit risk approach that the auditor's previous employer used, without receiving permission to do so.

B. At the new organization, the auditor is asked to develop forms to implement probabilityproportional- to-size sampling. Although unsure of how to perform this type of sampling, the auditor proceeds without asking for assistance.

C. In preparing for an audit at the previous organization, the auditor had conducted a great deal of research on the Internet at home to identify best practices for the management of a treasury function. The auditor has retained much of the research and uses it to conduct an audit of the new employer's treasury function.

D. In the first week at the new organization, the auditor discovers a high fraud risk surrounding the organization's database and suggests that the information technology department implement a new password system to prevent fraudulent actions before they occur.

An internal auditor is conducting an engagement in the accounts payable department, which includes expressing an opinion at the micro level. According to IIA guidance, which of the following statements is true regarding micro-level opinions?
1. They are most effective when using a combination of current and prior engagement findings to draw conclusions.
2. They typically are based on defined procedures such as those found in an accounts payable reconciliation process.
3. They are discrete and not normally shared with senior management or the board.
4. They can rely on evidence taken from the work of other assurance activities across the organization.

A. 1 and 2.

B. 1 and 3.

C. 2 and 3.

D. 3 and 4.

According to IIA guidance, which of the following is the best example of a system application control?

A. A physical security control over a data center.

B. A system development life cycle control.

C. A program change management control.

D. An input control over data integrity.