IIA iia cia part3 3p practice test

CIA Exam Part 3: Business Knowledge for Internal Auditing

Last exam update: May 08 ,2025
Page 1 out of 32. Viewing questions 1-15 out of 488

Question 1

During disaster recovery planning, the organization established a recovery point objective. Which of
the following best describes this concept?

  • A. The maximum tolerable downtime after the occurrence of an incident.
  • B. The maximum tolerable data loss after the occurrence of an incident.
  • C. The maximum tolerable risk related to the occurrence of an incident.
  • D. The minimum recovery resources needed after the occurrence of an incident.
Answer:

B


Reference:
https://www.druva.com/glossary/what-is-a-disaster-recovery-plan-definition-and-
related-faqs/#:~:text=The%20recovery%20point%20objective%20refers,hour%20to%20meet%20this
%20objective

User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which of the following statements is true regarding user-developed applications (UDAs) and
traditional IT applications?

  • A. UDAs and traditional IT applications typically follow a similar development life cycle.
  • B. A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.
  • C. Unlike traditional IT applications, UDAs typically are developed with little consideration of controls.
  • D. IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.
Answer:

D

User Votes:
A
50%
B
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
fernandoms88
1 year, 10 months ago

correct one C

0
johnyparker
1 year, 9 months ago

Correct Answer is A

While there may be some differences in the development processes, such as the level of formality and expertise, both UDAs and traditional IT applications go through similar stages in their development life cycle, which may include: Requirements Gathering: Understanding the business needs and functional requirements of the application.

Design: Creating the application's architecture and user interface based on the requirements.

Development: Writing the code and building the application.

Testing: Evaluating the application to ensure it functions as intended and is free from errors.

Implementation: Deploying the application into the production environment.

Maintenance: Making updates and improvements to the application as needed.

0

Question 3

In reviewing an organization's IT infrastructure risks, which of the following controls is to be tested as
part of reviewing workstations?

  • A. Input controls.
  • B. Segregation of duties.
  • C. Physical controls.
  • D. Integrity controls.
Answer:

D

User Votes:
A 1 votes
50%
B
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
johnyparker
1 year, 9 months ago

C. Physical controls.

0
johnyparker
1 year, 9 months ago

Correct answer is
C. Physical controls
other options are logical controls

0

Question 4

Which of the following is an example of internal auditors applying data mining techniques for
exploratory purposes?

  • A. Internal auditors perform reconciliation procedures to support an external audit of financial reporting.
  • B. Internal auditors perform a systems-focused analysis to review relevant controls.
  • C. Internal auditors perform a risk assessment to identify potential audit subjects as input for the annual internal audit plan.
  • D. Internal auditors test IT general controls with regard to operating effectiveness versus design.
Answer:

B


Reference:
https://www.researchgate.net/publication/221174455_Data_Mining_Technique_in_the_Internal_Au
diting_of_Enterprise_Groups

User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following is likely to occur when an organization decides to adopt a decentralized
organizational structure?

  • A. A slower response to external change.
  • B. Less controlled decision making.
  • C. More burden on higher-level managers.
  • D. Less use of employees' true skills and abilities.
Answer:

B


Reference:
https://opentextbc.ca/principlesofaccountingv2openstax/chapter/differentiate-between-
centralized-and-decentralized-management/

User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

According to IIA guidance, which of the following is a broad collection of integrated policies,
standards, and procedures used to guide the planning and execution of a project?

  • A. Project portfolio.
  • B. Project development.
  • C. Project governance.
  • D. Project management methodologies.
Answer:

D


Reference:
https://www.paymoapp.com/blog/project-management-methodologies/

User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25,000
shirts. Actual sales total $300,000.
What is margin of safety sales for the company?

  • A. $100,000
  • B. $200,000
  • C. $275,000
  • D. $500,000
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
johnyparker
1 year, 9 months ago

Correct Answer is A
Margin of Safety Sales = $300,000 - $200,000
Margin of Safety Sales = $100,000

0

Question 8

During which of the following phases of contracting does the organization analyze whether the
market is aligned with organizational objectives?

  • A. Initiation phase.
  • B. Bidding phase.
  • C. Development phase.
  • D. Negotiation phase
Answer:

C


Reference:
https://www.diligent.com/insights/contract-management/three-phases-contract-
management/

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
johnyparker
1 year, 9 months ago

A. Initiation phase.

0

Question 9

Which of the following statements is true regarding user-developed applications (UDAs)?

  • A. UDAs are less flexible and more difficult to configure than traditional IT applications.
  • B. Updating UDAs may lead to various errors resulting from changes or corrections.
  • C. UDAs typically are subjected to application development and change management controls.
  • D. Using UDAs typically enhances the organization's ability to comply with regulatory factors.
Answer:

B


Reference:
https://chapters.theiia.org/montreal/ChapterDocuments/GTAG%2014%20-
%20Auditing%20User-developed%20Applications.pdf

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

The chief audit executive (CAE) has embraced a total quality management approach to improving the
internal audit activity's (IAA's) processes. He would like to reduce the time to complete audits and
improve client ratings of the IAA.
Which of the following staffing approaches is the CAE most likely to select?

  • A. Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.
  • B. Assign a team of personnel who have different specialties to each audit and empower team members to participate fully in key decisions.
  • C. Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.
  • D. Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit key decisions to the senior person.
Answer:

C

User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which of the following security controls would be the most effective in preventing security
breaches?

  • A. Approval of identity request.
  • B. Access logging.
  • C. Monitoring privileged accounts.
  • D. Audit of access rights.
Answer:

D


Reference:
https://www.techsupportofmn.com/6-ways-to-prevent-cybersecurity-breaches

User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
fgeranpayeh
7 months, 1 week ago

Preventive

0

Question 12

A bond that matures after one year has a face value of $250,000 and a coupon of $30,000. If the
market price of the bond is $265,000, which of the following would be the market interest rate?

  • A. Less than 12 percent.
  • B. 12 percent.
  • C. Between 12.01 percent and 12.50 percent.
  • D. More than 12.50 percent.
Answer:

A

User Votes:
A 2 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which of the following cost of capital methods identifies the time period required to recover the cost
of the capital investment from the annual inflow produced?
A. Cash payback technique.
B. Annual rate of return technique.
C. Internal rate of return method.
D. Net present value method.

Answer:

A


Reference:
https://www.investopedia.com/terms/p/paybackperiod.asp

Discussions
0 / 1000

Question 14

Which of the following is a likely result of outsourcing?

  • A. Increased dependence on suppliers.
  • B. Increased importance of market strategy.
  • C. Decreased sensitivity to government regulation.
  • D. Decreased focus on costs.
Answer:

D


Reference:
https://www.cio.com/article/272355/outsourcing-outsourcing-definition-and-solutions.html

User Votes:
A 1 votes
50%
B
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
johnyparker
1 year, 9 months ago

A. Increased dependence on suppliers.

1
fgeranpayeh
7 months, 1 week ago

The most likely result of outsourcing is:

A. Increased dependence on suppliers.

Outsourcing often leads to a greater reliance on external suppliers for goods or services that were previously managed internally. This can increase the organization's dependence on these suppliers for quality, timeliness, and cost-effectiveness.

0

Question 15

In an effort to increase business efficiencies and improve customer service offered to its major
trading partners, management of a manufacturing and distribution company established a secure
network, which provides a secure channel for electronic data interchange between the company and
its partners.
Which of the following network types is illustrated by this scenario?

  • A. A value-added network.
  • B. A local area network.
  • C. A metropolitan area network.
  • D. A wide area network.
Answer:

A


Reference:
https://www.investopedia.com/terms/v/value-added-network.asp

User Votes:
A 2 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2