1. Home
  2. IIA
  3. CIA
  4. IIA-CIA-Part3-3P
  5. CIA Exam Part Three: Business Knowledge for Internal Auditing Questions and Answers

Pass the IIA CIA IIA-CIA-Part3-3P Questions and answers with CertsForce

 IIA Exams      Go to Exam Detail      Get Premium Access
Viewing page 5 out of 15 pages
Viewing questions 41-50 out of questions
Questions # 41:

When assessing the adequacy of a risk mitigation strategy, an internal auditor should consider which of the following?

1) Management’s tolerance for specific risks.

2) The cost versus benefit of implementing a control.

3) Whether a control can mitigate multiple risks.

4) The ability to test the effectiveness of the control.

Options:
A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Questions # 42:

Which of the following is the best reason for considering the acquisition of a nondomestic organization?

Options:
A.

Relatively fast market entry.

B.

Improved cash flow of the acquiring organization.

C.

Increased diversity of corporate culture.

D.

Opportunity to influence local government policy.

Questions # 43:

A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:

Options:
A.

Adequate segregation of duties between data processing controls and file security controls.

B.

Documented procedures for remote job entry and for local data file retention.

C.

Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.

D.

Established procedures to prevent and detect unauthorized changes to data files.

Questions # 44:

The audit committee of a global corporation has mandated a change in the organization's business ethics policy. Which of the following approaches describes the best way to accomplish the policy's diffusion worldwide?

Options:
A.

Deploy the policy in the corporate headquarters' language, so everyone gets an unfiltered version simultaneously.

B.

Introduce the policy region by region, using any lessons learned to change the subsequent version of the policy for the next area.

C.

Consult with legal and operational management in each affected country to ensure the final version can be implemented globally, following audit committee approval.

D.

Send the board-approved version of the policy to each country's senior leadership and empower them to tailor the policy to the local language and culture.

Questions # 45:

Which is the least effective form of risk management?

Options:
A.

Systems-based preventive control.

B.

People-based preventive control.

C.

Systems-based detective control.

D.

People-based detective control.

Questions # 46:

Which of the following are included in ISO 31000 risk principles and guidelines?

Options:
A.

Standards, framework, and process.

B.

Standards, assessments, and process.

C.

Principles, framework, and process.

D.

Principles, practices, and process.

Questions # 47:

When developing an effective risk-based plan to determine audit priorities, an internal audit activity should start by:

Options:
A.

Identifying risks to the organization's operations.

B.

Observing and analyzing controls.

C.

Prioritizing known risks.

D.

Reviewing organizational objectives.

Questions # 48:

International marketing activities often begin with:

Options:
A.

Standardization.

B.

Global marketing.

C.

Limited exporting.

D.

Domestic marketing.

Questions # 49:

Which of the following statements is true regarding the resolution of interpersonal conflict?

Options:
A.

Unrealized expectations can be avoided with open and honest discussion.

B.

Reorganization would probably not help ambiguous or overlapping jurisdictions.

C.

Deferring action should be used until there is sufficient time to fully deal with the issue.

D.

Timely and unambiguous clarification of roles and responsibilities will eliminate most interpersonal conflict.

Questions # 50:

Which of the following COSO internal control framework components encompasses establishing structures, reporting lines, authorities, and responsibilities?

Options:
A.

Control environment.

B.

Control activities.

C.

Information and communication.

D.

Monitoring.

Viewing page 5 out of 15 pages
Viewing questions 41-50 out of questions