Iia Cia Part3 Exam, Free Questions and Answers, Page 1

Question 1

A newly appointed chief audit executive (CAE) reviews current reporting practices. The CAE notices
that exit meetings tend to be unproductive. When internal auditors present summaries of
observations, engagement clients consistently complain that they do not understand where the
observations come from. Which of the following could improve this situation?

A. Send summaries of observations in advance of exit meetings and ask engagement clients to review them ahead of time
B. Establish the purpose of exit meetings as for presentation of observations only and request that all disagreements are submitted in writing afterwards
C. Read the entire draft internal audit report together with the clients at the exit meeting to eliminate any disputes
D. Discontinue exit meetings, as they have proved to be ineffective and unproductive

Answer:

A

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Exit meetings are intended to ensure that engagement clients clearly understand the observations,
conclusions, and recommendations of the internal audit activity. The IIA’s International Standards for
the Professional Practice of Internal Auditing emphasize that communication should be clear,
constructive, and timely. Providing engagement clients with written summaries of the observations
before the exit meeting allows them to review the facts, prepare questions, and understand the basis
for the observations. This preparation improves dialogue, reduces confusion, and increases the
effectiveness of the meeting.
Option B is less effective because it limits client engagement and postpones resolution of
disagreements. Option C is impractical, as reading the full draft report during the meeting is time-
consuming and may overwhelm clients. Option D eliminates the opportunity for discussion and
relationship building with management, which is a critical part of audit communication.
Reference:
IIA’s International Standards for the Professional Practice of Internal Auditing (Standards 2400 –
Communicating Results, Practice Advisory 2410-2).

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 2

Which of the following is an example of a physical control?

A. Providing fire detection and suppression equipment
B. Establishing a physical security policy and promoting it throughout the organization
C. Performing business continuity and disaster recovery planning
D. Keeping an offsite backup of the organization’s critical data

Answer:

A

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Physical Controls section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 3

Which of the following represents an example of a physical security control?

A. Access rights are allocated according to the organization’s policy
B. There is confirmation that data output is accurate and complete
C. Servers are located in locked rooms to which access is restricted
D. A record is maintained to track the process from data input to storage

Answer:

C

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Physical Security Controls section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 4

Which of the following authentication controls combines what a user knows with the unique
characteristics of the user, respectively?

A. Voice recognition and token
B. Password and fingerprint
C. Fingerprint and voice recognition
D. Password and token

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Multi-Factor Authentication section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 5

Which of the following is the best example of a compliance risk that is likely to arise when adopting a
bring-your-own-device (BYOD) policy?

A. The risk that users try to bypass controls and do not install required software updates
B. The risk that smart devices can be lost or stolen due to their mobile nature
C. The risk that an organization intrusively monitors personal information stored on smart devices
D. The risk that proprietary information is not deleted from the device when an employee leaves

Answer:

A

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, BYOD Compliance Risks section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 6

According to IIA guidance, which of the following statements is true with regard to workstation
computers that access company information stored on the network?

A. Individual workstation computer controls are not as important as companywide server controls
B. Particular attention should be paid to housing workstations away from environmental hazards
C. Cybersecurity issues can be controlled at an enterprise level, making workstation-level controls redundant
D. With security risks near an all-time high, workstations should not be connected to the company network

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Workstation Security section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 7

Which of the following risks would involve individuals attacking an oil company’s IT system as a sign
of solidarity against drilling in a local area?

A. Tampering
B. Hacking
C. Phishing
D. Piracy

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Cybersecurity Risks section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 8

An organization has 1,000 units of a defective item in stock. Per unit, market price is $10; production
cost is $4; and the defect selling price is $5. What is the carrying amount (inventory value) of defects
at year-end?

A. $0
B. $4,000
C. $5,000
D. $10,000

Answer:

C

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Inventory Valuation section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 9

Which of the following is a typical activity performed by the help desk?

A. Monitoring the network
B. Troubleshooting
C. Backing up data
D. Assigning authorizations to a user, a role, or profile

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Help Desk Functions section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 10

Which of the following is the most appropriate way to record each partner’s initial investment in a
partnership?

A. At the value agreed upon by the partners
B. At book value
C. At fair value
D. At the original cost

Answer:

A

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Partnership Accounting section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 11

A large retail customer made an offer to buy 10,000 units at a special price of $7 per unit. The
manufacturer usually sells each unit for $10. Variable manufacturing costs are $5 per unit and fixed
manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following
assumptions needs to be true?

A. Fixed and variable manufacturing costs are less than the special offer selling price
B. The manufacturer can fulfill the order without expanding the capacities of the production facilities
C. Costs related to accepting this offer can be absorbed through the sale of other products
D. The manufacturer’s production facilities are currently operating at full capacity

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Special Order Decisions section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 12

Which of the following is an advantage of a decentralized organizational structure, as opposed to a
centralized structure?

A. Greater cost-effectiveness
B. Increased economies of scale
C. Larger talent pool
D. Strong internal controls

Answer:

C

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Decentralization Advantages section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 13

Which of the following describes the most appropriate set of tests for auditing a workstation’s logical
access controls?

A. Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room
B. Review the password length, frequency of change, and list of users for the workstation’s login process
C. Review the list of people who attempted to access the workstation and failed, as well as error messages
D. Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Logical Access Controls section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 14

How do data analysis technologies affect internal audit testing?

A. They improve the effectiveness of spot check testing techniques
B. They allow greater insight into high-risk areas
C. They reduce the overall scope of the audit engagement
D. They increase the internal auditor’s objectivity

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, Data Analytics in Auditing section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 15

Which of the following statements is true regarding the management-by-objectives (MBO)
approach?

A. Management by objectives is most helpful in organizations that have rapid changes
B. Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks
C. Management by objectives helps organizations to keep employees motivated
D. Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Answer:

C

User Votes:

A

50%

B

50%

C

50%

D

50%

Explanation:
Reference: IIA Business Knowledge for Internal Auditing, MBO section.

Discussions

vote your answer:

A

B

C

D

0 / 1000

IIA IIA CIA PART3 Exam Questions

Page 1 out of 35. Viewing questions 1-15 out of 516

Question 1

Answer:

User Votes:

Question 2

Answer:

User Votes:

Question 3

Answer:

User Votes:

Question 4

Answer:

User Votes:

Question 5

Answer:

User Votes:

Question 6

Answer:

User Votes:

Question 7

Answer:

User Votes:

Question 8

Answer:

User Votes:

Question 9

Answer:

User Votes:

Question 10

Answer:

User Votes:

Question 11

Answer:

User Votes:

Question 12

Answer:

User Votes:

Question 13

Answer:

User Votes:

Question 14

Answer:

User Votes:

Question 15

Answer:

User Votes: