According to IIA guidance, which of the following steps are most important for an internal auditor to
perform when evaluating an organization's social and environmental impact on the local community?
1) Determine whether previous incidents have been reported, managed, and resolved.
2) Determine whether a business contingency plan exists.
3) Determine the extent of transparency in reporting.
4) Determine whether a cost/benefit analysis was performed for all related projects.
A. 1 and 3.
B. 1 and 4.
C. 2 and 3.
D. 2 and 4.
An internal auditor has been asked to conduct an investigation involving allegations of independent contractor fraud. Which of the following controls would be least effective in detecting any potential fraudulent activity?
A. Exception report identifying payment anomalies.
B. Documented policy and procedures.
C. Periodic account reconciliation of contractor charges.
D. Monthly management review of all contractor activity.
A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special-ordered or custom- made. The most likely structure for this organization would be:
A. Functional departmentalization.
B. Product departmentalization.
C. Matrix organization.
D. Divisional organization.
Which of the following statements is true regarding the roles and responsibilities associated with a corporate social responsibility (CSR) program?
A. The board has overall responsibility for the internal control processes associated with the CSR program.
B. Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with the CSR program.
C. The internal audit activity is responsible for ensuring that CSR principles are integrated into the organization's policies and procedures.
D. Every employee has a responsibility for ensuring the success of the organization's CSR objectives.
A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software.
1.
Copy 1 was solely for backup purposes.
2.
Copy 2 was for use by another member of the department.
In terms of software licenses and copyright law, which of the following is correct?
A. Both copies are legal.
B. Only copy 1 is legal.
C. Only copy 2 is legal.
D. Neither copy is legal.
Which of the following describes a typical desktop workstation used by most employees in their daily work?
A. Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network.
B. Workstation contains software that controls information flow between the organization's network and the Internet.
C. Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network.
D. Workstation contains software that manages user's access and processing of stored data on the organization's network.
Which of the following is the best approach to overcome entry barriers into a new business?
A. Offer a standard product that is targeted in the recognized market.
B. Invest in commodity or commodity-like product businesses.
C. Enter into a slow-growing market.
D. Use an established distribution relationship.
Which of the following statements is in accordance with COBIT?
1) Pervasive controls are general while detailed controls are specific. 2) Application controls are a subset of pervasive controls. 3) Implementation of software is a type of pervasive control. 4) Disaster recovery planning is a type of detailed control.
A. 1 and 4 only
B. 2 and 3 only
C. 2, 3, and 4 only
D. 1, 2, and 4 only
Which of the following statements is correct regarding risk analysis?
A. The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.
B. The highest risk assessment should always be assigned to the area with the largest potential loss.
C. The highest risk assessment should always be assigned to the area with the highest probability of occurrence.
D. Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.
An internal auditor performed a review of IT outsourcing and found that the service provider was failing to meet the terms of the service level agreement. Which of the following approaches is most appropriate to address this concern?
A. The organization should review the skill requirements and ensure that the service provider is maintaining sufficient expertise and retaining skilled resources.
B. The organization should proactively monitor the performance of the service provider, escalate concerns, and use penalty clauses in the contract where necessary.
C. The organization should ensure that there is a clear management communication strategy and path for evaluating and reporting on all outsourced services concerns.
D. The organization should work with the service provider to review the current agreement and expectations relating to objectives, processes, and overall performance.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IIA-CIA-PART3-3P exam preparations and IIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.