IIA IIA-CIA-PART3 Online Practice Questions and Exam Preparation

IIA IIA-CIA-PART3 Online Questions & Answers

• Question 381:

  A company sells a diverse line of cookies. Its acquisition of another company, a maker of cake mixes, is most likely an example of

  A. Vertical integration.
  B. Horizontal diversification.
  C. Concentric diversification.
  D. Conglomerate diversification.
  B. Horizontal diversification.

  ---

  Explanation

  Horizontal diversification is the acquisition of businesses making products unrelated to current offerings but that might appeal to the firm's current customers. Cookies and cake mixes are based on different technologies but may be demanded by the same customers.

• Question 382:

  An internal auditor discusses user-defined default passwords with the database administrator. Such passwords will be reset as soon as the user logs in for the first time, but the initial value of the password is set as "123456. " Which of the following are the auditor and the database administrator most likely discussing in this situation?

  A. Whether it would be more secure to replace numeric values with characters.
  B. What happens in the situations where users continue using the initial password.
  C. What happens in the period between the creation of the account and the password change.
  D. Whether users should be trained on password management features and requirements.
  C. What happens in the period between the creation of the account and the password change.

  ---

  Explanation

• Question 383:

  An organization's internal audit activity is performing an audit of human resources. As part of the audit a survey of employees was conducted. The survey indicated that employees were concerned about IT security when working outside of the office. The IT department suggested implementing a network that allflows employees to send and receive data as if they were connected to a private network. Which of the following networks is IT recommending?

  A. Global area network (GAN)
  B. Wide area network (WAN)
  C. Virtual private network (VPN)
  D. Local area network (LAN)
  D. Local area network (LAN)

  ---

  Explanation

• Question 384:

  The use of power in an organization may be defined as the ability to influence employees to do what they would not ordinarily do. The exercise of this power:

  A. Affects decisions, behavior, and situations.
  B. Tends to be accepted by employees only when it is based on legitimate power.
  C. Is most likely to be accepted by employees when a manager's source of power is informal.
  D. Requires the authority to manage.
  A. Affects decisions, behavior, and situations.

  ---

  Explanation

  The exercise of power affects the decisions made by employees, for example, as the result of advice offered by someone with expert power. It also affects behavior, for example, as the result of a warning from someone with coercive power. Moreover, the exercise of power affects situations, for example, a change in the nature or type of resources used in operations effected by someone with any base of power.

• Question 385:

  Unsecured loans are loans:

  A. That do not have to be repaid for over one year.
  B. That appear to be too risky for most lenders to consider.
  C. Granted on the basis of a company's credit standing.
  D. Backed by mortgaged assets.
  C. Granted on the basis of a company's credit standing.

  ---

  Explanation

• Question 386:

  Management literature describes generic influence tactics used to change the behavior of others in the workplace. According to the relevant research.

  A. Male managers are significantly more likely than female managers to use pressure tactics.
  B. Female managers are significantly more likely that male managers to use consultation.
  C. Influence tactics tend to be used laterally and downward, but not upward.
  D. Influence tactics tend to vary with the leadership styles of superiors.
  D. Influence tactics tend to vary with the leadership styles of superiors.

  ---

  Explanation

  Upward influence methods used by employees of authoritarian managers are most likely to consist of ingratiating tactics and upward appeals. Rational persuasion is the method used most often by employees of participative managers.

• Question 387:

  A large pharmaceutical company would most likely use which of the following to determine liquidity?

  A. Earnings per share
  B. Asset turnover ratio
  C. Net income
  D. Current ratio
  D. Current ratio

  ---

  Explanation

• Question 388:

  Which of the following is required in effective IT change management?

  A. The sole responsibility for change management is assigned to an experienced and competent IT team
  B. Change management follows a consistent process and is done in a controlled environment.
  C. Internal audit participates in the implementation of change management throughout the organisation.
  D. All changes to systems must be approved by the highest level of authority within an organization.
  B. Change management follows a consistent process and is done in a controlled environment.

  ---

  Explanation

  Effective IT Change Management Principles:

  Change management ensures that modifications to IT systems are controlled, tested, and implemented in a way that reduces risks.

  A structured and consistent process is required to prevent disruptions, maintain system integrity, and comply with governance requirements.

  IIA Standard 2110 - Governance:

  IT governance must include structured change management processes.

  Change management should be repeatable and standardized to ensure effectiveness.

  IIA GTAG (Global Technology Audit Guide) on Change Management:

  Change management must be conducted in a controlled environment to minimize unintended consequences and security risks.

  Option A: The sole responsibility for change management is assigned to an experienced and competent IT team. (Incorrect)

  While IT plays a key role, change management should involve multiple stakeholders , including business units, security, compliance, and risk management teams.

  IIA Standard 2120 - Risk Management states that risk oversight should not be assigned to a single function.

  Option C: Internal audit participates in the implementation of change management throughout the organization. (Incorrect)

  Internal audit evaluates change management but does not implement it.

  IIA Standard 1000 - Purpose, Authority, and Responsibility emphasizes that internal audit provides independent assurance rather than operational involvement.

  Option D: All changes to systems must be approved by the highest level of authority within an organization. (Incorrect)

  Approvals should be based on a risk-based hierarchy rather than requiring executive-level approval for all changes.

  IIA GTAG - Change Management recommends a tiered approval system based on change complexity and risk impact.

  Explanation of Incorrect Answers:Conclusion:The most critical factor in effective IT change management is having a consistent, controlled process (Option B).

  IIA References:

  IIA Standard 2110 - Governance

  IIA Standard 2120 - Risk Management

  IIA Standard 1000 - Purpose, Authority, and Responsibility

  IIA GTAG - Change Management

• Question 389:

  In which type of business environment are price cutting strategies and franchising strategies most appropriate?

  A. Embryonic, focused.
  B. Fragmented, decline.
  C. Mature, fragmented.
  D. Competitive, embryonic.
  C. Mature, fragmented.

  ---

  Explanation

• Question 390:

  Which of the following controls would be the most effective in preventing the disclosure of an organization's confidential electronic information?

  A. Non-disclosure agreements between the firm and its employees.
  B. Logs of user activity within the information system.
  C. Two-factor authentication for access into the information system.
  D. Limited access to information, based on employee duties.
  A. Non-disclosure agreements between the firm and its employees.

  ---

  Explanation