IIA Internal Audit Function IIA-CIA-Part3 Question # 140 Topic 15 Discussion

IIA-CIA-Part3 Exam Topic 15 Question 140 Discussion:

Question #: 140

Topic #: 15

A financial institution receives frequent and varied email requests from customers for funds to be wired out of their accounts. Which verification activity would best help the institution avoid falling victim to phishing?

Reviewing the customer's wire activity to determine whether the request is typical.

Calling the customer at the phone number on record to validate the request.

Replying to the customer via email to validate the sender and request.

Reviewing the customer record to verify whether the customer has authorized wire requests from that email address.

Get Premium IIA-CIA-Part3 Questions

Explanation

Phishing attacks often target financial institutions by impersonating customers and requesting fraudulent fund transfers. The best way to verify such requests is to independently contact the customer using a trusted communication channel, such as the phone number on record.

Verbal confirmation via a trusted number prevents fraudsters from exploiting email spoofing or compromised accounts.

This aligns with industry best practices, including multi-factor verification for high-risk transactions.

A. Reviewing the customer's wire activity to determine whether the request is typical. (Incorrect)

While reviewing transaction history can help detect anomalies, fraudsters can mimic previous transaction patterns, making this method unreliable on its own.

B. Calling the customer at the phone number on record to validate the request. (Correct)

Direct phone verification ensures that the actual account owner is making the request.

This is a widely recommended anti-fraud measure in financial institutions.

C. Replying to the customer via email to validate the sender and request. (Incorrect)

If the email account is compromised, the fraudster will control the response.

Email validation is not secure for financial transactions.

D. Reviewing the customer record to verify whether the customer has authorized wire requests from that email address. (Incorrect)

While this can help identify unregistered emails, attackers often spoof or hack real customer emails.

Email-based verification alone is not sufficient.

IIA GTAG 16 – Security Risk: IT and Cybersecurity recommends multi-factor authentication for high-risk financial transactions.

IIA Standard 2120 – Risk Management highlights the need for robust fraud prevention mechanisms, including direct customer verification.

FFIEC (Federal Financial Institutions Examination Council) Cybersecurity Guidelines emphasize the importance of out-of-band authentication for wire transfers.

Explanation of Answer Choices:IIA References:Thus, the correct answer is B. Calling the customer at the phone number on record to validate the request.

Actual exam question for IIA IIA-CIA-Part3 exam by Kairo8839 at Feb 18, 2026, 8:49:24 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

IIA Internal Audit Function IIA-CIA-Part3 Question # 140 Topic 15 Discussion

IIA Internal Audit Function IIA-CIA-Part3 Question # 140 Topic 15 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

IIA Internal Audit Function IIA-CIA-Part3 Question # 140 Topic 15 Discussion

IIA Internal Audit Function IIA-CIA-Part3 Question # 140 Topic 15 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval