IIA-CIA-Part3 Free Practice Test

- (Exam Topic 1)
According to the Standards, the internal audit activity must evaluate risk exposures relating to which of the following when examining an organization's risk management process?
* 1. Organizational governance.
* 2. Organizational operations.
* 3. Organizational information systems.
* 4. Organizational structure.

1. A. 1 and 3 only
2. B. 2 and 4 only
3. C. 1, 2, and 3 only
4. D. 1, 2, and 4 only

Correct Answer: C

- (Exam Topic 1)
If legal or regulatory standards prohibit conformance with certain parts of The IIA's Standards, the auditor should do which of the following?

1. A. Conform with all other parts of The IIA's Standards and provide appropriate disclosures.
2. B. Conform with all other parts of The IIA's Standards; there is no need to provide appropriate disclosures.
3. C. Continue the engagement without conforming with the other parts of The IIA's Standards.
4. D. Withdraw from the engagement.

Correct Answer: A

- (Exam Topic 1)
Which of the following are typical audit considerations for a review of authentication?
* 1. Authentication policies and evaluation of controls transactions.
* 2. Management of passwords, independent reconciliation, and audit trail.
* 3. Control self-assessment tools used by management.
* 4. Independent verification of data integrity and accuracy.

1. A. 1, 2, and 3
2. B. 1, 2, and 4
3. C. 1, 3, and 4
4. D. 2, 3, and 4

Correct Answer: A

- (Exam Topic 1)
Which of the following distinguishes the added-value negotiation method from traditional negotiating methods?

1. A. Each party's negotiator presents a menu of options to the other party.
2. B. Each party adopts one initial position from which to start.
3. C. Each negotiator minimizes the information provided to the other party.
4. D. Each negotiator starts with an offer, which is optimal from the negotiator's perspective.

Correct Answer: A

- (Exam Topic 1)
According to IIA guidance, which of the following would be a primary reason for an internal auditor to test the organization's IT contingency plan?

1. A. To ensure that adequate controls exist to prevent any significant business interruptions.
2. B. To identify and address potential security weaknesses within the system.
3. C. To ensure that tests contribute to improvement of the program.
4. D. To ensure that deficiencies identified by the audit are promptly addressed.

Correct Answer: C