IIA IIA-CIA-Part3 - Certified Internal Auditor - Part 3, Business Analysis and Information Technology Exam

Page:    1 / 125   
Total 621 questions

Which of the following statements is correct regarding risk analysis?

  • A. The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.
  • B. The highest risk assessment should always be assigned to the area with the largest potential loss.
  • C. The highest risk assessment should always be assigned to the area with the highest probability of occurrence.
  • D. Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.


Answer : A

Which of the following statements regarding organizational governance is not correct?

  • A. An effective internal audit function is one of the four cornerstones of good governance.
  • B. Those performing governance activities are accountable to the customer.
  • C. Accountability is one of the key elements of organizational governance.
  • D. Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.


Answer : B

Which of the following is a role of the board of directors in the governance process?

  • A. Conduct periodic assessments of the organization's governance systems.
  • B. Obtain assurance concerning the effectiveness of the organization's governance systems.
  • C. Implement an effective system of internal controls to support the organization's governance systems.
  • D. Review and approve operational goals and objectives.


Answer : B

Which is the least effective form of risk management?

  • A. Systems-based preventive control.
  • B. People-based preventive control.
  • C. Systems-based detective control.
  • D. People-based detective control.


Answer : D

Which of the following statements is correct regarding corporate compensation systems and related bonuses?
1. A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control.
2. Compensation systems are not part of an organization's control system and should not be reported as such.
3. An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses.

  • A. 1 only
  • B. 2 only
  • C. 3 only
  • D. 2 and 3 only


Answer : A

Page:    1 / 125   
Total 621 questions