IIA IIA-CIA-Part3 Übungsprüfungen
Zuletzt aktualisiert am 27.04.2025- Prüfungscode: IIA-CIA-Part3
- Prüfungsname: CIA Exam Part Three: Business Knowledge for Internal Auditing
- Zertifizierungsanbieter: IIA
- Zuletzt aktualisiert am: 27.04.2025
Which of the following statements is true regarding change management?
- A . The degree of risk associated with a proposed change determines whether the change request requires authorization
- B . Program changes generally are developed and tested in the production environment.
- C . Changes are only required by software programs
- D . To protect the production environment, changes must be managed in a repeatable, defined, and predictable manner
Management is designing its disaster recovery plan. In the event that there is significant damage to the organization’s IT systems this plan should enable the organization to resume operations at a recovery site after some configuration and data restoration.
Which of the following is the ideal solution for management in this scenario?
- A . A warm recovery plan.
- B . A cold recovery plan.
- C . A hot recovery plan.
- D . A manual work processes plan
Which of the following is an example of a contingent liability that a company should record?
- A . A potential assessment of additional income tax.
- B . Possible product warranty costs.
- C . The threat of a lawsuit by a competitor.
- D . The remote possibility of a contract breach.
In reviewing an organization’s IT infrastructure risks, which of the following controls is to be tested as pan of reviewing workstations?
- A . Input controls
- B . Segregation of duties
- C . Physical controls
- D . Integrity controls
Which of the following controls would enable management to receive timely feedback and help mitigate unforeseen risks?
- A . Measure product performance against an established standard.
- B . Develop standard methods for performing established activities.
- C . Require the grouping of activities under a single manager.
- D . Assign each employee a reasonable workload.
When would a contract be dosed out?
- A . When there’s a dispute between the contracting parties
- B . When ail contractual obligations have been discharged.
- C . When there is a force majenre.
- D . When the termination clause is enacted.
Based on lest results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center.
Which of the following test results would likely lead the auditor to this conclusion?
- A . Requested backup tapes were not returned from the offsite vendor In a timely manner.
- B . Returned backup tapes from the offsite vendor contained empty spaces.
- C . Critical systems have boon backed up more frequently than required.
- D . Critical system backup tapes are taken off site less frequently than required
An internal audit activity is piloting a data analytics model, which aims to identify anomalies in payments to vendors and potential fraud indicators.
Which of the following would be the most appropriate criteria for assessing the success of the piloted model?
- A . The percentage of cases flagged by the model and confirmed as positives.
- B . The development and maintenance costs associated with the model
- C . The feedback of auditors involved with developing the model.
- D . The number of criminal investigations initiated based on the outcomes of the model
A third party who provides payroll services to the organization was asked to create audit or “read-only 1 functionalities in their systems.
Which of the following statements is true regarding this request?
- A . This will support execution of the right-to-audit clause.
- B . This will enforce robust risk assessment practices
- C . This will address cybersecurity considerations and concerns.
- D . This will enhance the third party’s ability to apply data analytics
Which of the following capital budgeting techniques considers the expected total net cash flows from investment?
- A . Cash payback
- B . Annual rate of return
- C . Incremental analysis
- D . Net present value