[Q171-Q194] Updated Apr-2023 Test Engine to Practice Test for IIA-CIA-Part3-3P Exam Questions and Answers!

4/5 - (1 vote)

Updated Apr-2023 Test Engine to Practice Test for IIA-CIA-Part3-3P Exam Questions and Answers!

CIA Exam Part Three: Business Knowledge for Internal Auditing Certification Sample Questions and Practice Exam

The IIA IIA-CIA-Part3-3P exam is a crucial certification for internal auditors that covers the Business Knowledge for Internal Auditing. This certification is designed to test the knowledge and skills of professionals in the field of internal auditing for evaluating the business processes and operations. It is an essential certification for those who wish to enhance their knowledge and skills in the field of internal auditing.

NO.171 An organization has a complex systems infrastructure consisting of multiple internally developed, off the shelf, and purchased but significantly customized applications. Some of these applications share databases or process data that is used by another stand-alone application, and interfaces have been written to move data between these applications as needed through batch processing Which of the following situations presents the greatest risk exposure given this environment?

The job scheduling tool frequently malfunctions, causing scheduled jobs not to run. An error message is sent to IT personnel when a job fails.

The implementation of a major update for a key application is delayed until any potential

Documentation of each system and its interactions, interfaces, and dependencies with other systems and databases is not gathered and maintained.

Batch processing jobs include key financial data that is not posted to the accounting system until the next day. preventing real-time queries.

NO.172 A manager who is authorized to make purchases up to a certain dollar amount approves the set-up of a fictitious vendor and subsequently initiates purchase orders.
Which of the following controls would best address this risk?

Develop and distribute a code of conduct that prohibits conflicts of interest.

Require submission of a conflict-of-interest declaration.

Perform a regular review of the vendor master file.

Establish separate vendor creation and approval teams.

NO.173 A key advantage of developing a computer application by using the prototyping approach is that it:

Does not require testing for user acceptance.

Allows applications to be portable across multiple system platforms.

Is less expensive since it is self-documenting.

Better involves users in the design process.

NO.174 Which of the following accounting methods is an investor organization likely to use when buying 40 percent of the stock of another organization?

Cost method

Equity method

Consolidation method

Fair value method

NO.175 A bond that matures after one year has a face value of $250,000 and a coupon of $30,000. If the market price of the bond is $265,000, which of the following would be the market interest rate?

Less than 12 percent.

12 percent.

Between 12.01 percent and 12.50 percent.

More than 12.50 percent.

NO.176 Which of the following is an example of a physical control designed to prevent security breaches?

Using encryption for data transmitted over the public internet.

Blocking technicians from getting into the network room.

Preventing database administrators from initiating program changes.

Restricting system programmers’ access to database facilities.

NO.177 Which of the following best describes the concept of relevant cost?

A future cost that is the same among alternatives.

A future cost that differs among alternatives.

A past cost that is the same among alternatives.

A past cost that differs among alternatives.

NO.178 While conducting audit procedures at the organization’s data center, an internal auditor noticed the following:
Backup media was located on data center shelves.
Backup media was organized by date.
Backup schedule was one week in duration.
The system administrator was able to present restore logs.
Which of the following is reasonable for the internal auditor to conclude?

Backup schedule is not sufficient, as full backup should be conducted daily.

Backup procedures are adequate and appropriate according to best practices.

Backup media is not properly stored, as the storage facility should be off-site.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

NO.179 Which of the following application software features is the least effective control to protect passwords?

Suspension of user IDs after a user’s repeated attempts to sign on with an invalid password.

Encryption of passwords prior to their transmission or storage.

Forced change of passwords after a designated number of days.

Automatic logoff of inactive users after a specified time period of inactivity.

NO.180 Which of the following actions would senior management need to consider as pan of new IT guidelines regarding the organization’s cybersecurity policies?

Assigning new roles and responsibilities for senior IT management.

Growing use of bring your own devices tor organizational matters

Expansion of operations into new markets with united IT access

Hiring new personnel within the IT department tor security purposes

NO.181 An organization uses the management-by-objectives method, whereby employee performance is based on defined goals Which of the following statements is true regarding this approach?

It is particularly helpful to management when the organization is facing rapid change

It is a more successful approach when adopted by mechanistic organizations

It is more successful when goal-setting is performed not only by management, but by an team members, including lower-level staff.

It is particularly successful in environments that are prone to having poor employer-employee relations

NO.182 Operational management in the IT department has introduced performance evaluation policies that are linked to employees achieving continuing education hours. This activity is designed to prevent which of the following conditions?

Knowledge/skills gap

Monitoring gap

Accountability/reward failure.

Communication failure.

NO.183 Which of the following borrowing options is an unsecured loan?

Second-mortgage financing from a bank.

An issue of commercial paper.

Pledged accounts receivable.

Asset-based financing.

NO.184 Which of the following is most important for an internal auditor to check with regard to the database version?

Verify whether the organization uses the most recent database software version

Verify whether the database software version is supported by the vendor.

Verify whether the database software version has been recently upgraded

Verify whether access to database version information is appropriately restricted

NO.185 Which of me following application controls is the most dependent on the password owner?

Password selection

Password aging

Password lockout

Password rotation

NO.186 If legal or regulatory standards prohibit conformance with certain parts of The IIA’s Standards, the auditor should do which of the following?

Conform with all other parts of The IIA’s Standards and provide appropriate disclosures.

Conform with all other parts of The IIA’s Standards; there is no need to provide appropriate disclosures.

Continue the engagement without conforming with the other parts of The IIA’s Standards.

Withdraw from the engagement.

NO.187 Which of the following statements about matrix organizations is false?

In a matrix organization, conflict between functional and product managers may arise.

In a matrix organization, staff under dual command is more likely to suffer stress at work.

Matrix organizations offer the advantage of greater flexibility.

Matrix organizations minimize costs and simplify communication.

NO.188 At what stage of project integration management would a project manager and project management team typically coordinate the various technical and organizational interfaces that exist in the project?

Project quality planning.

Project plan development.

Project plan execution.

Integrated change control.

NO.189 The chief audit executive (CAE) has embraced a total quality management approach to improving the internal audit activity’s (IAA’s) processes. He would like to reduce the time to complete audits and improve client ratings of the IAA.
Which of the following staffing approaches is the CAE most likely to select?

Assign a team of personnel who have different specialties to each audit and empower team members to participate fully in key decisions.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit key decisions to the senior person.

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

NO.190 According to the COSO enterprise risk management (ERM) framework, which of the following is not a typical responsibility of the chief risk officer?

Establishing risk category definitions and a common risk language for likelihood and impact measures.

Defining ERM roles and responsibilities.

Providing the board with an independent, objective risk perspective on financial reporting.

Guiding integration of ERM with other management activities.

NO.191 Which of the following statements is true regarding user-developed applications (UDAs) and traditional IT applications?

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

UDAs and traditional IT applications typically follow a similar development life cycle.

Unlike traditional IT applications, UDAs typically are developed with little consideration of controls.

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

NO.192 The board of directors wants to implement an incentive program for senior management that is specifically tied to the long-term health of the organization.
Which of the following methods of compensation would be best to achieve this goal?

Commissions.

Gain-sharing bonuses.

Allowances.

Stock options.

NO.193 Which of the following is a logical access control designed to enhance the security of a computer-based application system?

User accounts will be locked alter three unsuccessful attempts to access the system

Users will not be allowed to use any of their last five passwords to access the system

Users will be assigned rights to access the system based on their job responsibilities

Users will automatically lose access to the system after 15 minutes of inactivity

NO.194 Which of the following cybersecurity-related activities is most likely to be performed by the second line of defense?

Deploy intrusion detection systems and conduct penetration testing

Administer security procedures, training, and testing.