Prepare IIA-CIA-Part3-3P Exam with Using IIA-CIA-Part3-3P Dump Questions

Category:

IIA Free Dumps

Comments:

0 Comments

Post Date:

May 20, 2024

If you are serious about passing your IIA IIA-CIA-Part3-3P certification exam, practicing with IIA-CIA-Part3-3P dumps questions is an essential step in your preparation process. These IIA-CIA-Part3-3P dumps will help you assess your knowledge, identify your strengths and weaknesses, and improve your chances of passing the exam on the first try. So why wait? Start practicing today and give yourself the best possible chance of success! Test free IIA-CIA-Part3-3P exam dumps questions below.

Page 1 of 15

1. Which of the following risks is best addressed by encryption?

Information integrity risk.

Privacy risk

Access risk

Software risk

2. Which of the following practices impacts copyright issues related to the manufacturer of a smart device?

Session hijacking.

Jailbreaking.

Eavesdropping.

Authentication.

3. An internal auditor for a pharmaceutical company is planning a cybersecurity audit and conducting a risk assessment.

Which of the following would be considered the most significant cyber threat to the organization?

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

Hackers breaching the organization's network to access research and development reports.

A denial-of-service attack that prevents access to the organization's website.

A hacker accessing the financial information of the company.

4. Data encryption is an example of which of the following controls?

Application control.

IT general control

Data input control

Data output control

5. The leadership of an organization encourages employees to form voluntary problem-solving groups whereby several employees from the same work area meet regularity during work hours to discuss improvements and creative ways to reduce costs .

Which of the following best describes this approach?

Open-book management

Quality control circles

Self-managed teams

Cross-functional teams

6. An organization is considering the outsourcing of its business processes related to payroll and information technology functions .

Which of the following is the most significant area of concern for management regarding this proposed agreement?

Ensuring that payments to the vendor are appropriate and timely for the services delivered.

Ensuring that the vendor has complete management control of the outsourced process.

Ensuring that there are means of monitoring the efficiency of the outsourced process.

Ensuring that there are means of monitoring the effectiveness of the outsourced process.

7. Which of the following would provide the most relevant assurance that the application under development will provide maximum value to the organization?

Use of a formal systems development lifecycle.

End-user involvement.

Adequate software documentation.

Formalized non-regression testing phase.

8. in which of the following technical infrastructure audits should attention be turned to physical security and environmental controls?

Database review

Data center review

Network configuration review

Operating systems review

9. Which of the following actions is most likely to gain support for process change?

Set clear objectives.

Engage the various communities of practice within the organization.

Demonstrate support from senior management.

Establish key competencies.

10. Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?

There is a greater need Kr organizations to rely on users to comply with policies and procedures.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

Incident response times are less critical in the BYOD environment. compared to a traditional environment

There is greater sharing of operational risk in a BYOD environment.

Page 2 of 15

11. A global business organization is selecting managers to post to various international (expatriate) assignments.

In the screening process, which of the following traits would be required to make a manager a successful expatriate?

1) Superior technical competence.

2) Willingness to attempt to communicate in a foreign language.

3) Ability to empathize with other people.

1 and 2 only

1 and 3 only

2 and 3 only

1, 2, and 3

12. According to IIA guidance, which of the following is a broad collection of integrated policies, standards, and procedures used to guide the planning and execution of a project?

Project portfolio.

Project development.

Project governance.

Project management methodologies.

13. An organization has instituted a bring-your-own-device (BYOD) work environment.

Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

Ensure that relevant access to key applications is strictly controlled through an approval and review process

Institute detection and authentication controls for all devices used for network connectivity and data storage

Use management software to scan and then prompt patch reminders when devices connect to the network

14. Which of the following statements about mentoring is true?

1) Mentoring can be used effectively for increasing employee retention

2) Mentoring can be used effectively in reducing employees frustration.

3) Mentoring can be used effectively for increasing organization communication.

4) Mentoring can be used effectively as a short term activity consisting of instruction and training

1 2. and 3 only.

1. 2 and 4 only

1, 3. and 4 only.

1,2. 3, and 4

15. A capital investment project will have a higher net present value, everything else being equal, if it has:

A higher initial investment level.

A higher discount rate.

Cash inflows that are larger in the later years of the life of the project.

Cash inflows that are larger in the earlier years of the life of the project.

16. Which of the following professional organizations sets standards for quality and environmental audits?

The Committee of Sponsoring Organizations of the Treadway Commission.

The Board of Environmental, Health, and Safety Auditor Certifications.

The International Organization of Supreme Audit Institutions.

The International Standards Organization.

17. An organization has a complex systems infrastructure consisting of multiple internally developed, off the shelf, and purchased but significantly customized applications. Some of these applications share databases or process data that is used by another stand-alone application, and interfaces have been written to move data between these applications as needed through batch processing.

Which of the following situations presents the greatest risk exposure given this environment?

Documentation of each system and its interactions, interfaces, and dependencies with other systems and databases is not gathered and maintained.

Batch processing jobs include key financial data that is not posted to the accounting system until the next day. preventing real-time queries.

The job scheduling tool frequently malfunctions, causing scheduled jobs not to run. An error message is sent to IT personnel when a job fails.

The implementation of a major update for a key application is delayed until any potential interdependencies are identified and analyzed.

18. Technological uncertainty, subsidy, and spin-offs are usually characteristics of:

Fragmented industries.

Declining industries.

Mature industries.

Emerging industries.

19. Which of the following factors is most likely to lead to a lack of cohesiveness in a project team?

Prestige

Small size.

Competition

Common threat

20. An organization had a gross profit margin of 40 percent in year one and in year two. The net profit margin was 18 percent in year one and 13 percent in year two.

Which of the following could be the reason for the decline in the net profit margin for year two?

Cost of sales increased relative to sales.

Total sales increased relative to expenses.

The organization had a higher dividend payout rate in year two.

The government increased the corporate tax rate.

Page 3 of 15

21. Which of the following is an example of a phishing attack?

An employee receives an email that appears to be from the organization's bank, though it is not. The employee replies to the email and sends the requested confidential information.

An organization's website has been hacked. The hacker added political content that is not consistent with the organization's views.

An organization's systems have been compromised by malicious software. The software locks the organization's operating system until d ransom is paid.

An organization's communication systems have been intercepted. A communication session is controlled by an unauthorized third party.

22. When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?

Direct product costs

Indirect product costs

Direct period costs

Indirect period costs.

23. A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:

Adequate segregation of duties between data processing controls and file security controls.

Documented procedures for remote job entry and for local data file retention.

Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.

Established procedures to prevent and detect unauthorized changes to data files.

24. An organization accomplishes its goal to obtain a 40 percent share of the domestic market, but is unable to get the desired return on investment and output per hour of labor.

Based on this information the organization is most likely focused on which of the following?

Capital investment and not marketing

Marketing and not capital investment.

Efficiency and not input economy.

Effectiveness and not efficiency.

25. Which of the following would not impair the objectivity of internal auditor?

Management assurance on risks.

Implementing risk responses on behalf of management.

Providing assurance that risks assessed are correctly evaluated.

Setting the risk appetite.

26. Which of the following is a characteristic of big data?

Big data is often structured.

Big data analytic results often need to be visualized.

Big data is often generated slowly and is highly variable.

Big data comes from internal sources kept in data warehouses.

27. The process of scenario planning begins with which of the following steps?

Determining the trends that will influence key factors in the organization's environment.

Selecting the issue or decision that will impact how the organization conducts future business.

Selecting leading indicators to alert the organization of future developments.

Identifying how customers, suppliers, competitors, employees, and other stakeholders will react.

28. The audit committee of a global corporation has mandated a change in the organization's business ethics policy .

Which of the following approaches describes the best way to accomplish the policy's diffusion worldwide?

Deploy the policy in the corporate headquarters' language, so everyone gets an unfiltered version simultaneously.

Introduce the policy region by region, using any lessons learned to change the subsequent version of the policy for the next area.

Consult with legal and operational management in each affected country to ensure the final version can be implemented globally, following audit committee approval.

Send the board-approved version of the policy to each country's senior leadership and empower them to tailor the policy to the local language and culture.

29. Which of the following should be established by management during implementation of big data systems to enable ongoing production monitoring?

Key performance indicators

Reports of software customization

Change and patch management

Master data management

30. Which of the following is an example of an application control?

Automated password change requirements

System data backup process

User testing of system changes

Formatted data fields

Page 4 of 15

31. While auditing an organization's customer call center, an internal auditor notices that key performance indicators show a positive trend despite the fact that there have been increasing customer complaints over the same period.

Which of the following audit recommendations would most likely correct the cause of this inconsistency?

Review the the call center script used by customer service agents to interact with callers and update the script rf necessary

De-emphasize the importance of call center employees completing a certain number of calls per hour

Retrain call center staff on area processes and common technical issues that they will Likely be asked to resolve

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

32. A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system .

Which of the following is most likely the cause of the difficulty?

High degree of masculinity.

Low uncertainty avoidance.

High collectivism.

Low long-term orientation.

33. All of the following are true with regard to the first-in, first-out inventory valuation method except:

It values inventory close to current replacement cost.

It generates the highest profit when prices are rising.

It approximates the physical flow of goods.

It minimizes current-period income taxes.

34. An internal auditor performed a review of IT outsourcing and found that the service provider was failing to meet the terms of the service level agreement .

Which of the following approaches is most appropriate to address this concern?

The organization should review the skill requirements and ensure that the service provider is maintaining sufficient expertise and retaining skilled resources.

The organization should proactively monitor the performance of the service provider, escalate concerns, and use penalty clauses in the contract where necessary.

The organization should ensure that there is a clear management communication strategy and path for evaluating and reporting on all outsourced services concerns.

The organization should work with the service provider to review the current agreement and expectations relating to objectives, processes, and overall performance.

35. An organization is considering mirroring the customer data for one regional center at another center. A disadvantage of such an arrangement would be:

Lack of awareness of the state of processing.

Increased cost and complexity of network traffic.

Interference of the mirrored data with the original source data.

Confusion about where customer data are stored.

36. Organizations mat adopt just-in-time purchasing systems often experience which of the following?

A slight increase in carrying costs.

A greater need for inspection of goods as the goods arrive.

A greater need for linkage with a vendor s computerized order entry system.

An increase in the number of suitable suppliers

37. Which of the following COSO internal control framework components encompasses establishing structures, reporting lines, authorities, and responsibilities?

Control environment.

Control activities.

Information and communication.

Monitoring.

38. Which of the following is the most likely reason an organization may decide to undertake a stock split?

To keep stock price constant.

To keep shareholders' equity constant.

To increase shareholders' equity.

To enhance the stock liquidity.

39. Which of the following statements is true regarding outsourced business processes?

Outsourced business processes should not be considered in the internal audit universe because the controls are owned by the external service provider.

Generally, independence is improved when the internal audit activity reviews outsourced business processes.

The key controls of outsourced business processes typically are more difficult to audit because they are designed and managed externally.

The system of internal controls may be better and more efficient when the business process is outsourced compared to internally sourced.

40. An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization's needs, in order to quickly recover operational capability in the event of a disaster.

Which of the following best describes this approach to disaster recovery planning?

Cold recovery plan.

Outsourced recovery plan.

Storage area network recovery plan.

Hot recovery plan.

Page 5 of 15

41. According to IIA guidance on IT which of the following best describes a but recovery and restore processes have not been defined?

Hot recovery plan

Warm recovery plan

Cold recovery plan.

Absence of recovery plan

42. During which phase of the contacting process ate contracts drafted for a proposed business activity?

Initiation phase

Bidding phase

Development phase

Management phase

43. Import quotas that limit the quantities of goods that a domestic subsidiary can buy from its foreign parent company represent which type of barrier to the parent company?

Political.

Financial.

Social.

Tariff.

44. Maintenance cost at a hospital was observed to increase as activity level increased.

The following data was gathered:

Activity Level -

Maintenance Cost

Month

Patient Days

January

5,600

$7,900

February

7,100

$8,500

March

5,000

$7,400

April

6,500

$8,200

May

7,300

$9,100

June

8,000

$9,800

If the cost of maintenance is expressed in an equation, what is the independent variable for this data?

Fixed cost.

Variable cost.

Total maintenance cost.

Patient days.

45. Which of me following application controls is the most dependent on the password owner?

Password selection

Password aging

Password lockout

Password rotation

46. Which of the following is a cybersecurity monitoring activity intended to deter disruptive codes from being installed on an organization's systems?

Boundary defense.

Malware defense.

Penetration tests.

Wireless access controls.

47. Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?

1) The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.

2) The IAA must assess whether the IT governance of the organization supports the organization’s strategies and objectives.

3) The IAA may assess whether the IT governance of the organization supports the organization’s strategies and objectives.

4) The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organizationâ™s strategies and objectives.

1 only

4 only

2 and 4

3 and 4

48. When writing a business memorandum, the writer should choose a writing style that achieves all of the following except:

Draws positive attention to the writing style.

Treats all receivers with respect.

Suits the method of presentation and delivery.

Develops ideas without overstatement.

49. Which of the following is likely to occur when an organization decides to adopt a decentralized organizational structure?

A slower response to external change.

Less controlled decision making.

More burden on higher-level managers.

Less use of employees' true skills and abilities.

50. Which of the following is a primary driver behind the creation and prioritization of new strategic initiatives established by an organization?

Risk tolerance

Performance.

Threats and opportunities.

Governance

Page 6 of 15

51. Which of the following IT disaster recovery plans includes a remote site designated for recovery with available space for basic services, such as internet and telecommunications, but does not have servers or infrastructure equipment?

Frozen site.

Cold site.

Warm site.

Hot site.

52. According to HA guidance or IT which of the following spreadsheets is most likely to be considered a high-risk user-develop application?

A revenue calculation spreadsheet supported with price and volume reports from the production department

An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions

An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantitates

An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances.

53. A multinational organization has multiple divisions that sell their products internally to other divisions. When selling internally, which of the following transfer prices would lead to the best decisions for the organization?

Full cost

Full cost plus a markup.

Market price of the product

Variable cost plus a markup

54. With regard to project management when of the following statements about prefect crashing is true?

It leads to an increase in risk and often results in rework

It is an optimization technique where activities are performed in parallel rather than sequentially

It involves a revaluation of protect requirements and/or scope.

It is a compression technique in which resources are added to the protect

55. When using cost-volume-profit analysts which of the following will increase operating income once the break-even point has been reached?

Fixed costs per unit for each additional unit sold

Variable costs per unit for each additional unit sold

Contribution margin per unit for each additional unit sold

Gross margin per unit for each additional unit sold

56. Which of the following IT strategies is most effective for responding to competitive pressures created by the marketplace?

Promote closer linkage between organizational strategy and information.

Provide users with greater online access to information systems.

Enhance the functionality of application systems.

Expand the use of automated controls.

57. Which of the following is true regarding the COSO enterprise risk management framework?

The framework categorizes an organization's objectives to distinct, non overlapping objectives.

Control environment is one of the framework's eight components.

The framework facilitates effective risk management, even if objectives have not been established.

The framework integrates with, but is not dependent upon, the corresponding internal control framework.

58. According to the International Professional Practices Framework, which of the following statements is true regarding a corporate social responsibility (CSR) program?

1) Every employee generally has a responsibility for ensuring the success of CSR objectives.

2) The board has overall responsibility for the effectiveness of internal control processes associated with CSR.

3) Public reporting on the CSR governance process is expected.

4) Organizations generally have flexibility regarding what is included in a CSR program.

1, 2, and 3 only

1, 2, and 4 only

1, 3, and 4 only

2, 3, and 4 only

59. Organization X owns a 38 percent equity stake in Organization Y .

Which of the following statements is true regarding the financial treatment for this relationship?

Y should be listed as an investment asset on X's balance sheet

X must consolidate the financial statements for both organizations

Y should be reported as a footnote to X's financial statements

Y should not be reported by X as X does not have a controlling interest

60. Which of the following controls would be the most effective in preventing the disclosure of an organization’s confidential electronic information?

Non-disclosure agreements between the firm and its employees

Logs of user activity within the information system

Two-factor authentication for access into the information system

Limited access to information based on employee duties

Page 7 of 15

61. Which of the following descriptions of the internal control system are indicators that risks are managed effectively?

1) Existing controls promote compliance with applicable laws and regulations.

2) The control environment is designed to address all identified risks to the organization.

3) Key controls for significant risks to the organization remain consistent over time.

4) Monitoring systems are in place to alert management to unexpected events.

1 and 3.

1 and 4.

2 and 3.

2 and 4.

62. An organization requires an average of 58 days to convert raw materials into finished products to sell. An average of 42 additional days is required to collect receivables.

If the organization takes an average of 10 days to pay for the raw materials, how long is its total cash conversion cycle?

26 days.

90 days.

100 days.

110 days.

63. Which of the following assists in ensuring mat information exchanged over IT systems is encrypted?

Operating system

Utility software

Firewall

Application software

64. During a review of a web-based application used by customers to check the status of their bank accounts, it would be most important for the internal auditor to ensure that:

Access to read application logs is restricted to authorized users.

Account balance information is encrypted in the database.

The web server used to host the application is located in a physically secure area.

Sensitive data, such as account numbers, are submitted using encrypted communications.

65. In which of the following scenarios would transfer pricing be used?

Company A owns Company B; Company B sells goods to Company

Company A does not own Company

Company A charges Company B a fee to sell Company B's goods without taking ownership of the goods.

Company A owns both Company B and Company C; all three companies sell goods to the public.

Company A moves goods internally from one location to another.

66. Which of the following IT operational areas is responsible for the integrity of data flow within an organization?

Network

Database

Operating system

Server

67. Which mindset promotes the most comprehensive risk management strategy?

Increase shareholder value.

Maximize market share.

Improve operational efficiency.

Mitigate losses.

68. According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity?

Access system security.

Policy development.

Change management.

Operations processes.

69. Which of the following is the most appropriate test to assess the privacy risks associated with an organization's workstations?

Penetration test.

Social engineering test.

Vulnerability test.

Physical control test.

70. Which of me Wowing summarizes information about the cash receipts and cash payments for a specific time period?

Income statement

Statement of cash flows.

Balance sheet

Owner's equity statement

Page 8 of 15

71. In mergers and acquisitions, which of the following is an example of a horizontal combination?

Dairy manufacturing company taking over a large dairy farm.

A movie producer acquires movie theaters.

A petroleum processing company acquires an agro-processing firm.

A baker taking over a competitor.

72. An organization has a total asset turnover of 3.0 times and a total debt-to-total assets ratio of 80 percent.

If the organization has total debt of $1 000 000 what is the organization's sales level?

$266.667

$416,667

$3.750.000

$5 000.000

73. Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?

A flexible budget.

Variance analysis.

A contribution margin income statement by segment.

Residual income.

74. According to MA guidance on IT. which of the following best describes a logical access control?

Require complex passwords to be established and changed quarterly

Require swipe cards to control entry into secure data centers

Monitor access to the data center with closed circuit camera surveillance.

Maintain current role definitions to ensure appropriate segregation of duties

75. Which of the following statements is true concerning the basic accounting treatment of a partnership?

The initial investment of each partner should be recorded at book value.

The ownership ratio identifies the basis for dividing net income and net loss.

A partner's capital only changes due to net income or net loss.

The basis for sharing net incomes or net losses must be fixed.

76. According to IIA guidance, which of the following would be a primary reason for an internal auditor to test the organization's IT contingency plan?

To ensure that adequate controls exist to prevent any significant business interruptions.

To identify and address potential security weaknesses within the system.

To ensure that tests contribute to improvement of the program.

To ensure that deficiencies identified by the audit are promptly addressed.

77. According to IIA guidance, which of the following is a primary component of a network security strategy?

Application input controls

Firewall controls.

Transmission encryption controls

Change management controls

78. Which of the following is an example of an application system control?

Data values fall within a prescribed range.

Error listings are generated and promptly remediated.

Report distribution is restricted to authorized personnel.

Field amounts contain an upper or lower limit.

79. Which of the following steps should an internal auditor take during an audit of an organization's business continuity plans?

1) Evaluate the business continuity plans for adequacy and currency.

2) Prepare a business impact analysis regarding the loss of critical business.

3) Identify key personnel who will be required to implement the plans.

4) Identify and prioritize the resources required to support critical business processes.

1 only

2 and 4 only

1, 3, and 4 only

1, 2, 3, and 4

80. A restaurant deeded to expand its business to include delivery services rather than relying on third-party food delivery services .

Which of the following best describes the restaurant's strategy?

Diversification

Vertical integration

Risk avoidance

Differentiation

Page 9 of 15

81. Which of the following is an element of effective negotiating?

Ensuring that the other party has a personal stake in the agreement.

Focusing on interests rather than on obtaining a winning position.

Considering a few select choices during the settlement phase.

Basing the agreement on negotiating power and positioning leverage.

82. Which of the following data analytics tools would be applied by an internal audit activity positioned at the lowest level of maturity?

Workflow and data capture technology

Data visualization applications.

Software integrated with central data warehouse

Spreadsheets.

83. Which of the following is the first step an internal audit activity should undertake when executing a data analytics process?

Conduct a risk assessment regarding the effectiveness of the data analytics process.

Analyze possible and available sources of raw data

Define the purpose and the anticipated value

Select data for cleaning and normalization procedures.

84. In an effort to increase business efficiencies and improve customer service offered to its major trading partners, management of a manufacturing and distribution company established a secure network, which provides a secure channel for electronic data interchange between the company and its partners.

Which of the following network types is illustrated by this scenario?

A value-added network.

A local area network.

A metropolitan area network.

A wide area network.

85. An internal auditor was asked to review an equal equity partnership In one sampled transaction Partner A transferred equipment into the partnership with a self-declared value of $10,000 and Partner B contributed equipment with a self-declared value of $15 000 The capital accounts of each partner were subsequently credited with S12,500 .

Which of the following statements is true regarding this transaction?

The capital accounts of the partners should be increased by the original cost of the contributed equipment.

The capital accounts should be increased using a weighted average based on the current percentage of ownership

No action is needed as the capital account of each partner was increased by the correct amount

The capital accounts of the partners should be increased by the fair market value of their contribution

86. An organization's account for office supplies on hand had a balance of S9,000 at the end of year one. During year two. the organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11,500 in office supplies on hand.

Based on this information, what would be recorded in the adjusting entry at the end of year two?

A debit to office supplies on hand for S2.500

A debit to office supplies on hand for $11,500

A debit to office supplies on hand for S20.500

A debit to office supplies on hand for S42.500

87. Which of the following should an organization consider when developing strategic objectives for its business processes?

1) Contribution to the success of the organization.

2) Reliability of operational information.

3) Behaviors and actions expected of employees.

4) How inputs combine with outputs to generate activities.

1 and 2 only

1 and 3 only

2 and 4 only

3 and 4 only

88. While auditing an organization's customer call center, an internal auditor notices that key performance indicators show a positive trend, despite the fact that there have been increasing customer complaints over the same period.

Which of the following audit recommendations would most likely correct the cause of this inconsistency?

Review the call center script used by customer service agents to interact with callers, and update the script if necessary.

De-emphasize the importance of call center employees completing a certain number of calls per hour.

Retrain call center staff on area processes and common technical issues that they will likely be asked to resolve.

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily.

89. An organization's board of directors is particularly focused on positioning the organization as a leader in the industry and beating the competition.

Which of the following strategies offers the greatest alignment with the board's focus?

Divesting product lines expected to have negative profitability.

Increasing the diversity of strategic business units.

Increasing investment in research and development for a new product.

Relocating the organization's manufacturing to another country.

90. An employee's mobile device used for work was stolen in a home burglary.

Which control, if already implemented by the organization, would best prevent unauthorized access to organizational data stored on the employee's device?

Access control via biometric authentication.

Access control via passcode authentication.

Access control via swipe pattern authentication.

Access control via security question authentication.

Page 10 of 15

91. Which of the following strategies is most appropriate for an industry that is in decline?

Invest in marketing.

Invest in research and development.

Control costs.

Shift toward mass production.

92. Which of the following budgets must be prepared first?

Cash budget.

Production budget.

Sales budget.

Selling and administrative expenses budget.

93. According to IIA guidance, which of the following statements is true with regard to workstation computers that access company information stored on the network?

individual workstation computer controls are not as important as companywide server controls.

Particular attention should be paid to housing workstations away from environmental hazards.

Cybersecurity issues can be controlled at an enterprise level making workstation level controls redundant

With security risks near an all-time high workstations should not be connected to the company network

94. An organization invests excess snort-term cash in trading securities. When of the following actions should an internal auditor take to test the valuation of those securities?

Use the equity method to recalculate the investment carrying value

Confirm the securities held by the broker

Perform a calculation of premium or discount amortization.

Compare the carrying value with current market quotations

95. CORRECT TEXT

An organization recently documented its procedures for recovering systems and data after a disaster How are these documented procedures most likely to be used during a disaster simulation exercise?

T o help property configure mass communication notification tools

To help identify training needs across the functional areas required to recover systems and data.

To help ensure that the team members who are required to recover systems and data understand their roles.

To help validate the contact information of key personnel required to recover systems and data

96. Preferred stock is less risky for investors than is common stock because:

Common stock pays dividends as a stated percentage of face value.

Common stock has priority over preferred stock with regard to earnings and assets.

Preferred dividends are usually cumulative.

Preferred stock with no conversion feature has a higher dividend yield than does convertible preferred stock.

97. If a just-in-time purchasing system is successful in reducing the total inventory costs of a manufacturing company, which of the following combinations of cost changes would be most likely to occur?

98. Which of the following stages of contracting focuses on aligning the markets with objectives of the organization?

Initiation stage

Bidding stage

Development stage

Negotiation stage

99. Which of the following is an example of a physical control?

Providing fire detection and suppression equipment

Establishing a physical security policy and promoting it throughout the organization

Performing business continuity and disaster recovery planning

Keeping an offsite backup of the organization's critical data

100. Which of the following application controls verifies the accuracy of transaction results in a system?

Input controls

Output controls

Processing controls

Integrity controls

Page 11 of 15

101. Which of following best demonstrates the application of the cost principle?

A company reports trading and investment securities at their market cost.

A building purchased last year for $1 million is currently worth $1.2 million, but the company still reports the building at $1 million.

A building purchased last year for $1 million is currently worth $1.2 million, and the company adjusts the records to reflect the current value.

A company reports assets at either historical or fair value, depending which is closer to market value.

102. International marketing activities often begin with:

Standardization.

Global marketing.

Limited exporting.

Domestic marketing.

103. Which of the following statements is true regarding partnership liquidation?

Operations can continue after the liquidation if all partners agree

Partnership liquidation ends both the legal and economic life of an entity

Partnership liquidation occurs when there is capital deficiency Stable

When a partnership is liquidated, each partner pays creditors from cash received

104. Senior management is trying to decide whether to use the direct write-off or allowance method for recording bad debt on accounts receivables.

Which of the following would be the best argument for using the direct write-off method?

It is useful when losses are considered insignificant.

It provides a better alignment with revenue.

It is the preferred method according to The II

It states receivables at net realizable value on the balance sheet.

105. An organization is developing a new online collaboration tool for employees. The tool includes a homepage that is customized to each employee according to his department and job function.

Which of the following engagements should be conducted to ensure that the organization has included all departments and job functions in the system before it is implemented?

An application control review

A source code review

A design review

An access control review

106. An internal auditor is reviewing results from software development integration testing .

What is the purpose of integration testing?

To verify that the application meets staled user requirements.

To verify that standalone programs match code specifications.

To verify that me application would work appropriately for the intended number of users.

To verify that all software and hardware components work together as intended

107. An internal auditor reviews a data population and calculates the mean, median, and range.

What is the most likely purpose of performing this analytic technique?

To inform the classification of the data population.

To determine the completeness and accuracy of the data.

To identify whether the population contains outliers.

To determine whether duplicates in the data inflate the range.

108. Which of the following cybersecurity-related activities is most likely to be performed by the second line of defense?

Deploy intrusion detection systems and conduct penetration testing

Administer security procedures, training, and testing.

Monitor incidents, key risk indicators, and remediation

implement vulnerability management with internal and external scans.

109. Which stage of group development is characterized by a decrease in conflict and hostility among group members and an increase in cohesiveness?

Forming stage.

Norming stage.

Performing stage.

Storming stage.

110. An employee frequently uses a personal smart device to send and receive work-related emails .

Which of the following controls would be most effective to mitigate security risks related to these transmissions?

Hardware encryption.

Software encryption

Data encryption.

Authentication.

Page 12 of 15

111. During an audit of the organization's annual financial statements, the internal auditor notes that the current cost of goods sold percentage is substantially higher than in prior years .

Which of the following is the most likely explanation for this increase?

Cost of raw material inventory items is decreasing.

Process to manufacture goods is more efficient.

Labor productivity to produce goods is increasing.

Write-off of inventory is increasing.

112. Which of the following describes a third-party network that connects an organization specifically with its trading partners?

Value-added network (VAN).

Local area network (LAN).

Metropolitan area network (MAN).

Wide area network (WAN).

113. An internal auditor reviewed Finance Department records to obtain a list of current vendor addresses. The auditor then compared the vendor addresses to a record of employee addresses maintained by the Payroll Department

Which of the following types of data analysis did the auditor perform?

Duplicate testing.

Joining data sources

Gap analysis

Classification

114. According to IIA guidance, which of the following best describes the activities that occur during the conversion phase of an IT project?

Conversion of user requirements into system specifications

Conversion of user requirements into program codes

Conversion of test data into production data

Conversion of data from the old system into the new system

115. Which of the following statements about slack time and milestones are true?

1) Slack time represents the amount of time a task may be delayed without delaying the entire project.

2) A milestone is a moment in time that marks the completion of the project's major deliverables.

3) Slack time allows the project manager to move resources from one task to another to ensure that the project is finished on time.

4) A milestone requires resource allocation and needs time to be completed.

1 and 4 only

2 and 3 only

1, 2, and 3 only

1, 2, 3, and 4

116. According to IIA guidance, which of the following corporate social responsibility (CSR) activities is appropriate for the internal audit activity to perform?

Determine the optimal amount of resources for the organization to invest in CS

Align CSR program objectives with the organization's strategic plan.

Integrate CSR activities into the organization's decision-making process.

Determine whether the organization has an appropriate policy governing its CSR activities.

117. According to Maslow's hierarchy of needs theory, which of the Mowing best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?

Esteem by colleagues

Sell-fulfillment

Sense of belonging in the organization

Job security

118. A rapidly expanding retail organization continues to be tightly controlled by its original small management team .

Which of the following is a potential risk in this vertically centralized organization?

Lack of coordination among different business units.

Operational decisions are inconsistent with organizational goals.

Suboptimal decision-making.

Duplication of business activities.

119. An internal auditor is assessing the risks related to an organization's mobile device pokey She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems.

Which of the following types of smart device risks should the internal auditor be most concerned about?

Compliance

Privacy

Strategic

Physical security.

120. Which of me following storage options would give the organization the best chance of recovering data?

Encrypted physical copies of the data and their encryption keys are stored together at the organization and are readily available upon request

Encrypted physical copies of the data are stored separately from their encryption keys and both are held in secure locations a few hours away from me organization

Encrypted reports on usage and database structure changes are stored on a cloud-based. secured database that is readily accessible

Encrypted copies of the data are stored in a separate secure location a few hours away while the encryption keys are stored at the organization and are readily available

Page 13 of 15

121. A bicycle manufacturer incurs a combination of fixed and variable costs with the production of each bicycle.

Which of the following statements true recording these costs?

If the number of bicycles produced is increased by 15 percent, the variable cost per unit will increase proportionally

The fixed cost per unit will vary directly based on the number of bicycles produced during the production cycle

The total variable cost will vary proportionally and inversely with the number of bicycles produced during a production run

If the number of bicycles produced is increased by 30 percent the fixed cost per unit will decline

122. Which of the following is a disadvantage in a centralized organizational structure?

Communication conflicts.

Slower decision making

Loss of economies of scale

Vulnerabilities in sharing knowledge

123. Which of the following are appropriate functions for an IT steering committee?

1) Assess the technical adequacy of standards for systems design and programming.

2) Continually monitor of the adequacy and accuracy of software and hardware in use.

3) Assess the effects of new technology on the organization`s IT operations.

4) Provide broad oversight of implementation, training, and operation of new systems.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

124. Which of the following statements regarding database management systems is not correct?

Database management systems handle data manipulation inside the tables, rather than it being done by the operating system itself in files.

The database management system acts as a layer between the application software and the operating system.

Applications pass on the instructions for data manipulation which are then executed by the database management system.

The data within the database management system can only be manipulated directly by the database management system administrator.

125. Which of me following statements is true regarding the reporting of tangible and intangible assets?

For plant assets cost includes the purchase price and the cost of design and construction

For intangible assets cost includes the purchase price and development costs

Due to their indefinite nature intangible assets are not subject to amortization

The organization must expense any cost incurred in developing a plant asset

126. Which of the following techniques is the most relevant when an internal auditor conducts a valuation of an organization's physical assets?

Observation.

Inspection.

Original cost.

Vouching.

127. Which of the following control techniques would minimize the risk of interception during transmission in an electronic data interchange system?

1) Encryption.

2) Traffic padding.

3) Edit checks.

4) Structured data format.

1 and 2 only

2 and 3 only

3 and 4 only

1, 2, and 3 only

128. For a multinational organization, which of the following is a disadvantage of an ethnocentric staffing policy?

1) It significantly raises compensation and staffing costs.

2) It produces resentment among the organization's employees in host countries.

3) It limits career mobility for parent-country nationals.

4) It can lead to cultural myopia.

1 and 4 only

2 and 3 only

1, 2, and 3 only

1, 2, and 4 only

129. An organization's balance sheet indicates that the total asset amount and the total capital stock amount remained unchanged from one year to the next, and no dividends were declared or paid. However, the organization reported a loss of $200,000 .

Which of the following describes the most likely year-over-year change to the organization's total liabilities and total stockholder equity?

The total liabilities and total stockholder equity both increased.

The total liabilities and total stockholder equity both decreased.

The total liabilities decreased, and the total stockholder equity increased.

The total liabilities increased, and the total stockholder equity decreased.

130. Which of the following attributes of data is the most significantly impacted by the internet of things?

Normalization.

Velocity.

Structurization.

Veracity.

Page 14 of 15

131. Which of the following is an example of a physical security control that should be in place at an organization's data center?

Backup servers in the data center are stored in an environmentally controlled location

All users have a unique ID and password to access data

Swipe cards are used to access the data center

Firewalls and antivirus protection are in place to prevent unauthorized access to data.

132. In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?

It uses the same products in all countries.

It centralizes control with little decision-making authority given to the local level.

It is an effective strategy when large differences exist between countries.

It provides cost advantages, improves coordinated activities, and speeds product development.

133. Which of the following is not a barrier to effective communication?

Filtering.

Communication overload.

Similar frames of reference.

Lack of source credibility.

134. During which of the following phases of contracting does the organization analyze whether the market is aligned with organizational objectives?

Initiation phase.

Bidding phase.

Development phase.

Negotiation phase

135. Which of the following is not a method for implementing a new application system?

Direct cutover.

Parallel.

Pilot.

Test.

136. Which of the following statements is true regarding an organization's inventory valuation1?

The valuation will be incorrect it the inventory includes goods m transit shipped free on board (FOB) destination to another organization

The valuation will be correct if the inventory includes goods received on consignment from another organization

The valuation will be incorrect it the inventory includes goods in transit shipped FOB shipping point from another organization

The valuation will be correct it the inventory includes goods sent on consignment to another organization

137. An internal auditor is evaluating an organization's business continuity management program According to the guidance on IT.

Which of the following tests would best demonstrate the ability to perform Key processes without significant problems?

End-to-end testing

IT systems and application walkthrough

Tabletop or boardroom-style testing

Desk check testing

138. Which of the following is based on the concept that there is not one best leadership style and that successful leadership depends on a match between the leader, the situation, and the subordinate?

Attribute theory.

Path goal model

Life cycle model

Contingency theory

139. A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special-ordered or custom-made.

The most likely structure for this organization would be:

Functional departmentalization.

Product departmentalization.

Matrix organization.

Divisional organization.

140. A brand manager in a consumer food products organization suspected that several days of the point-of-sale data on the spreadsheet from one grocery chain were missing.

The best approach for detecting missing rows in spreadsheet data would be to:

Sort on product identification code and identify missing product identification codes.

Review store identification code and identify missing product identification codes.

Compare product identification codes for consecutive periods.

Compare product identification codes by store for consecutive periods.

Page 15 of 15

141. As it relates to the data analytics process, which of the following best describes the purpose of an internal auditor who cleaned and normalized data?

The auditor eliminated duplicate information.

The auditor organized data to minimize useless information.

The auditor made data usable for a specific purpose by ensuring that anomalies were identified and corrected.

The auditor ensured data fields were consistent and that data could be used for a specific purpose.

142. According to the ISO 14001 standard, which of the following is not included in the requirements for a quality management system?

Key processes across the entity which impact quality must be identified and included.

The quality management system must be documented in the articles of incorporation, quality manual, procedures, work instructions, and records.

Management must review the quality policy, analyze data about quality management system performance, and assess opportunities for improvement and the need for change.

The entity must have processes for inspections, testing, measurement, analysis, and improvement.

143. Which of the following is a primary objective of the theory of constraints?

Full or near capacity in processes.

Smooth workflow among processes.

Few or no defects.

Lowered inventory levels.

144. Which of the following is an example of a risk avoidance response?

Buying an insurance policy to protect against loss events.

Hedging against natural gas price fluctuations.

Selling a non-strategic business unit.

Outsourcing a high risk process to a third party.

145. The greatest advantage of functional departmentalization is that it:

Facilitates communication between primary functions.

Helps to focus on the achievement of organizational goals.

Provides for efficient use of specialized knowledge.

Accommodates geographically dispersed companies

146. In the current year, a merchandising organization had an inventory turnover ratio of 3.0, which was less than the industry average of 6.5 .

Which of the following offers the most likely explanation for this difference?

The organization has understated the amount of inventory in its financial statements

The organization has overstated the cost of purchases in its financial statements.

The organization is holding obsolete or damaged items in its inventory

The organization experienced an unexpectedly large increase in sales shortly before year end.

147. Which of the following re a result of implementing an e-commerce system, which relies heavily on electronic data interchange and electronic funds transfer, for purchasing and billing?

Higher cash flow and treasury balances

Higher inventory balances

Higher accounts receivable

Higher accounts payable

148. According to Porter, which of the following is associated with fragmented industries?

Weak entrance barriers.

Significant scale economies.

Steep experience curve.

Strong negotiation power with suppliers.

149. The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?

Risk acceptance.

Risk sharing.

Risk avoidance.

Risk reduction.

TAGS:

IIA-CIA-Part3-3P, IIA-CIA-Part3-3P exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get IIA-CIA-Part3-3P Dumps Full Version

Q&As: 489
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

Prepare IIA-CIA-Part3-3P Exam with Using IIA-CIA-Part3-3P Dump Questions

Related

Posts

IIA IIA-CHAL-QISA Exam Questions Simulate Actual IIA-CHAL-QISA Exam

Online CPEA Exam Dumps Help You Build Confidence

IIA-CIA-Part3 Online Dumps Boost Your Career

Online IIA-CIA-Part1 Exam Dumps Help You Build Confidence

About Us

EMAIL

Services

Opening Hours