Free IIA IIA-CIA-Part3-3P Practice Questions 2026 - Page 16

Which of the following corporate social responsibility strategies is likely to be most effective in minimizing confrontations with influential activists and lobbyists?

A. Continually evaluate the needs and opinions of all stakeholder groups.

B. Ensure strict compliance with applicable laws and regulations to avoid incidents.

C. Maintain a comprehensive publicity campaign that highlights the organization's efforts.

D. Increase goodwill through philanthropic activities among stakeholder communities.

An organization uses a database management system (DBMS) as a repository for data. The DBMS, in turn, supports a number of end-user developed applications which were created using fourth-generation programming languages. Some of the applications update the database. Which of the following is the most important control related to the integrity of the data in the database?

A. End users have their read-only applications approved by the information systems department before accessing the database.

B. Concurrency update controls are in place.

C. nd-user applications are developed on personal computers before being implemented on the mainframe.

D. A hierarchical database model is adopted so that multiple users can be served at the same time.

Which of the following is a characteristic of just-in-time inventory management systems?

A. Users determine the optimal level of safety stocks.

B. They are applicable only to large organizations.

C. They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

D. They rely heavily on high quality materials.

Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?

A. A flexible budget.

B. Variance analysis.

C. A contribution margin income statement by segment.

D. Residual income.

The first step in determining product price is:

A. Determining the cost of the product.

B. Developing pricing objectives.

C. Evaluating prices set by the competitors.

D. Selecting a pricing method.

Which of the following control techniques would minimize the risk of interception during transmission in an electronic data interchange system?

1) Encryption.

2) Traffic padding.

3) Edit checks.

4) Structured data format.

A. 1 and 2 only

B. 2 and 3 only

C. 3 and 4 only

D. 1, 2, and 3 only

Which of the following is the most appropriate test to assess the privacy risks associated with an organization's workstations?

A. Penetration test.

B. Social engineering test.

C. Vulnerability test.

D. Physical control test.

Which of the following are likely indicators of ineffective change management?

1) IT management is unable to predict how a change will impact interdependent systems or business processes.

2) There have been significant increases in trouble calls or in support hours logged by programmers.

3) There is a lack of turnover in the systems support and business analyst development groups.

4) Emergency changes that bypass the normal control process frequently are deemed necessary.

A. 1 and 3 only

B. 2 and 4 only

C. 1, 2, and 4 only

D. 1, 2, 3, and 4

Refer to the exhibit.

If the profit margin of an organization decreases, and all else remains equal, which of the following describes how the "Funds Needed" line in the graph below will shift?

A. The "Funds Needed" line will remain pointed upward, but will become less steep.

B. The "Funds Needed" line will remain pointed upward, but will become more steep.

C. The "Funds Needed" line will point downward with a minimal slope.

D. The "Funds Needed" line will point downward with an extreme slope.

Which of the following statements regarding program change management is not correct?

A. The goal of the change management process is to sustain and improve organizational operations.

B. The degree of risk associated with a proposed change determines if the change request requires authorization.

C. In order to protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.

D. All changes should be tested in a non-production environment before migrating to the production environment.