Free IIA IIA-CIA-Part3-3P Practice Questions 2026 - Page 18

An organization facing rapid growth decides to employ a third party service provider to manage its customer relationship management function. Which of the following is true regarding the supporting application software used by that provider compared to an inhouse developed system?

1) Updating documentation is always a priority.

2) System availability is usually more reliable.

3) Data security risks are lower.

4) Overall system costs are lower.

A. 1 and 2 only

B. 1 and 3 only

C. 2 and 4 only

D. 3 and 4 only

International marketing activities often begin with:

A. Standardization.

B. Global marketing.

C. Limited exporting.

D. Domestic marketing.

During a review of a web-based application used by customers to check the status of their bank accounts, it would be most important for the internal auditor to ensure that:

A. Access to read application logs is restricted to authorized users.

B. Account balance information is encrypted in the database.

C. The web server used to host the application is located in a physically secure area.

D. Sensitive data, such as account numbers, are submitted using encrypted communications.

Which of the following engagement observations would provide the least motivation for management to amend or replace an existing cost accounting system?

A. The distorted unit cost of a service is 50 percent lower than the true cost, while the true cost is 50 percent higher than the competition's cost.

B. The organization is losing $1,000,000 annually because it incorrectly outsourced an operation based on information from its current system.

C. The cost of rework, hidden by the current system, is 50 percent of the total cost of all services.

D. 50 percent of total organizational cost has been allocated on a volume basis.

The internal audit activity completed an initial risk analysis of the organization's data storage center and found several areas of concern. Which of the following is the most appropriate next step?

A. Risk response.

B. Risk identification.

C. Identification of context.

D. Risk assessment.

Which of the following is always true regarding the use of encryption algorithms based on public key infrastructure (PKI)?

A. PKI uses an independent administrator to manage the public key.

B. The public key is authenticated against reliable third-party identification.

C. PKI's public accessibility allows it to be used readily for e-commerce.

D. The private key uniquely authenticates each party to a transaction.

Which of the following are appropriate functions for an IT steering committee?

1) Assess the technical adequacy of standards for systems design and programming.

2) Continually monitor of the adequacy and accuracy of software and hardware in use.

3) Assess the effects of new technology on the organization`s IT operations.

4) Provide broad oversight of implementation, training, and operation of new systems.

A. 1, 2, and 3

B. 1, 2, and 4

C. 1, 3, and 4

D. 2, 3, and 4

Providing knowledge, motivating organizational members, controlling and coordinating individual efforts, and expressing feelings and emotions are all functions of:

A. Motivation.

B. Performance.

C. Organizational structure.

D. Communication.

Which of the following roles would be least appropriate for the internal audit activity to undertake with regard to an organization's corporate social responsibility (CSR) program?

A. Consult on project design and implementation of the CSR program.

B. Serve as an advisor on internal controls related to CSR.

C. Identify and prioritize the CSR issues that are important to the organization.

D. Evaluate the effectiveness of the organization's CSR efforts.

Listening effectiveness is best increased by:

A. Resisting both internal and external distractions.

B. Waiting to review key concepts until the speaker has finished talking.

C. Tuning out messages that do not seem to fit the meeting purpose.

D. Factoring in biases in order to evaluate the information being given.