IIA iia cia part3 3p practice test

Question 1

During disaster recovery planning, the organization established a recovery point objective. Which of
the following best describes this concept?

• A. The maximum tolerable downtime after the occurrence of an incident.
• B. The maximum tolerable data loss after the occurrence of an incident.
• C. The maximum tolerable risk related to the occurrence of an incident.
• D. The minimum recovery resources needed after the occurrence of an incident.

Question 2

Which of the following statements is true regarding user-developed applications (UDAs) and
traditional IT applications?

• A. UDAs and traditional IT applications typically follow a similar development life cycle.
• B. A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.
• C. Unlike traditional IT applications, UDAs typically are developed with little consideration of controls.
• D. IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

Question 3

In reviewing an organization's IT infrastructure risks, which of the following controls is to be tested as
part of reviewing workstations?

• A. Input controls.
• B. Segregation of duties.
• C. Physical controls.
• D. Integrity controls.

Question 4

Which of the following is an example of internal auditors applying data mining techniques for
exploratory purposes?

• A. Internal auditors perform reconciliation procedures to support an external audit of financial reporting.
• B. Internal auditors perform a systems-focused analysis to review relevant controls.
• C. Internal auditors perform a risk assessment to identify potential audit subjects as input for the annual internal audit plan.
• D. Internal auditors test IT general controls with regard to operating effectiveness versus design.

Question 5

Which of the following is likely to occur when an organization decides to adopt a decentralized
organizational structure?

• A. A slower response to external change.
• B. Less controlled decision making.
• C. More burden on higher-level managers.
• D. Less use of employees' true skills and abilities.

Question 6

According to IIA guidance, which of the following is a broad collection of integrated policies,
standards, and procedures used to guide the planning and execution of a project?

• A. Project portfolio.
• B. Project development.
• C. Project governance.
• D. Project management methodologies.

Question 7

A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25,000
shirts. Actual sales total $300,000.
What is margin of safety sales for the company?

• A. $100,000
• B. $200,000
• C. $275,000
• D. $500,000

Question 8

During which of the following phases of contracting does the organization analyze whether the
market is aligned with organizational objectives?

• A. Initiation phase.
• B. Bidding phase.
• C. Development phase.
• D. Negotiation phase

Question 9

Which of the following statements is true regarding user-developed applications (UDAs)?

• A. UDAs are less flexible and more difficult to configure than traditional IT applications.
• B. Updating UDAs may lead to various errors resulting from changes or corrections.
• C. UDAs typically are subjected to application development and change management controls.
• D. Using UDAs typically enhances the organization's ability to comply with regulatory factors.

Question 10

The chief audit executive (CAE) has embraced a total quality management approach to improving the
internal audit activity's (IAA's) processes. He would like to reduce the time to complete audits and
improve client ratings of the IAA.
Which of the following staffing approaches is the CAE most likely to select?

• A. Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.
• B. Assign a team of personnel who have different specialties to each audit and empower team members to participate fully in key decisions.
• C. Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.
• D. Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit key decisions to the senior person.

Question 11

Which of the following security controls would be the most effective in preventing security
breaches?

• A. Approval of identity request.
• B. Access logging.
• C. Monitoring privileged accounts.
• D. Audit of access rights.

Question 12

A bond that matures after one year has a face value of $250,000 and a coupon of $30,000. If the
market price of the bond is $265,000, which of the following would be the market interest rate?

• A. Less than 12 percent.
• B. 12 percent.
• C. Between 12.01 percent and 12.50 percent.
• D. More than 12.50 percent.

Question 13

Which of the following cost of capital methods identifies the time period required to recover the cost
of the capital investment from the annual inflow produced?
A. Cash payback technique.
B. Annual rate of return technique.
C. Internal rate of return method.
D. Net present value method.

Question 14

Which of the following is a likely result of outsourcing?

• A. Increased dependence on suppliers.
• B. Increased importance of market strategy.
• C. Decreased sensitivity to government regulation.
• D. Decreased focus on costs.

Question 15

In an effort to increase business efficiencies and improve customer service offered to its major
trading partners, management of a manufacturing and distribution company established a secure
network, which provides a secure channel for electronic data interchange between the company and
its partners.
Which of the following network types is illustrated by this scenario?

• A. A value-added network.
• B. A local area network.
• C. A metropolitan area network.
• D. A wide area network.