IIA IIA-CIA-PART1 Online Practice Questions and Exam Preparation

IIA IIA-CIA-PART1 Online Questions & Answers

• Question 371:

  What type of risk management strategy is being employed when an organization installs two rewalls to provide protection from unauthorized access to the network?

  A. Diversifying the risk that network access will not be available to legitimate, authorized users.
  B. Accepting the risk that there may be attempts at unauthorized access to the network.
  C. Avoiding the risk of having a direct network connection to un-trusted networks.
  D. Sharing the risk that either rewall could be compromised by hackers.
  A. Diversifying the risk that network access will not be available to legitimate, authorized users.

• Question 372:

  Reviewing prior audit reports and supporting workpapers before an engagement starts enables an internal auditor to do which of the following?

  1. To understand better the activity and processes that will be audited.

  2. To identify the audit procedures that will be used during the engagement.

  3. To ensure that matters of greatest vulnerability will be addressed.

  4. To use the information obtained as evidence in the current engagement.

  A. 4 only
  B. 1 and 3 only
  C. 1 and 4 only
  D. 2, 3, and 4 only
  B. 1 and 3 only

• Question 373:

  Some of an organization's payroll transactions were batch posted to the payroll file but were not uploaded correctly to the general ledger file on the mainframe. The best control to detect this type of error would be:

  A. Edit controls on the payroll file.
  B. Appropriate segregation of duties for batch approval.
  C. Validation of hash totals.
  D. Reconciliation of paychecks to the bank account.
  C. Validation of hash totals.

• Question 374:

  Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

  A. ISO 26000.
  B. Global Reporting Initiative.
  C. Open Compliance and Ethics Group.
  D. COSO's enterprise risk management framework.
  B. Global Reporting Initiative.

• Question 375:

  Which of the following would constitute an effort of an organization's corporate social responsibility initiative?

  A. Implementing a procurement policy requiring all new vehicle purchases to meet fuel efficiency requirements.
  B. Requiring administrators to use dual-factor authentication to access the organization's social media accounts.
  C. Hosting an annual conference for employees, customers, and other industry stakeholders to receive continuing professional education and network.
  D. Upgrading employee laptops to increase processing speed and data storage.
  A. Implementing a procurement policy requiring all new vehicle purchases to meet fuel efficiency requirements.

• Question 376:

  Which domain of the COBIT framework addresses the maintenance and change management of existing systems to ensure alignment with business needs and objectives?

  A. Plan and organize.
  B. Deliver and support.
  C. Monitor and evaluate.
  D. Acquire and implement.
  D. Acquire and implement.

• Question 377:

  An accounts receivable clerk receives cash payments, posts the payments to customer accounts, and prepares the daily cash deposit. The clerk has been stealing some cash and manipulating the customer payments to hide the theft. This fraud could be detected with which of the following controls?

  A. Monthly bank reconciliations are performed by the clerk on a timely basis.
  B. Total cash deposits for the month are reconciled to the cash receipts journal.
  C. Names, amounts, and dates on remittance advices are reconciled with the names, amounts, and dates recorded in the cash receipts journal.
  D. Total cash deposits are compared with the bank reconciliation.
  C. Names, amounts, and dates on remittance advices are reconciled with the names, amounts, and dates recorded in the cash receipts journal.

• Question 378:

  Which of the following is true about a system of internal control?

  A. Internal control should be updated at least annually.
  B. Technology does not change the internal control landscape.
  C. Strategy should t the system of internal control.
  D. Articulating measurable objectives is part of internal control.
  D. Articulating measurable objectives is part of internal control.

• Question 379:

  An internal audit team was assigned to review the organization's information security protocol. After fieldwork was completed, an internal auditor identified an error in the review of security access. The error could affect the overall results of the engagement. Which of the following is the most appropriate course of action for the internal auditor?

  A. Proceed with addressing the error and report any corrections to the engagement supervisor during the scheduled exit meeting.
  B. Issue the audit report to senior management on schedule, but include a disclaimer about the error.
  C. Proceed with the scheduled closing of the engagement without consideration of the identified error.
  D. Inform the engagement supervisor of the error and allow the supervisor to determine the appropriate action to take.
  D. Inform the engagement supervisor of the error and allow the supervisor to determine the appropriate action to take.

• Question 380:

  Which of the following is a key performance indicator for an internal audit function?

  A. Audit expenditures compared to financial budgets.
  B. Percent of required continuing education hours completed.
  C. Implementation of new audit computer software.
  D. Frequency of meetings with the board members.
  B. Percent of required continuing education hours completed.