Free Access IIA.IIA-CIA-Part1.v2023-11-09.q158 Practice Test (Page 29)

Question 136

Which of the following statements is true regarding the role of the internal audit activity in the organization's risk management process?

A.The internal audit activity should avoid giving assurance regarding the accuracy of risk evaluations if safeguards have not been implemented.

B.The internal audit activity is typically responsible for alerting operational management to emerging risks and changes in regulatory scenarios

C.The internal audit activity may coach management on risk response scenarios if safeguards have been implemented.

D.The internal audit activity should not be responsible for developing the organization's risk management framework, even with appropriate safeguards.

Question 137

Which of the following is an indicator of ineffective third-party risk management?

A.Sourcing of third parties does not follow public procurement law.

B.The right-to-audit clause is limited by personal data protection regulations.

C.Due diligence of third parties is conducted only after contract signing.

D.Violations of service conditions trigger either fines or termination.

Question 138

Internal auditors must exercise due professional care by considering which of the following?
1. Cost of assurance in relation to potential benefits.
2. Adequacy and effectiveness of governance, risk management, and control processes.
3. Management's competency level in the area being evaluated.
4. Probability of significant errors, fraud, or noncompliance.

A.1, 2, and 3 only

B.1 and 2 only

C.2, 3, and 4 only

D.1, 2, and 4 only

Question 139

Which of the following is true regarding the purpose of the COSO enterprise risk management framework?
It is a process that is ongoing and flows throughout the organization.
It contributes to the formulation of the organization's mission and vision.
It enables internal audit to provide reasonable assurance to an organization's management and the board.
It enables the management of risks within an organization's risk appetite.

A.1,2,and 4 only

B.1,2,and 3 only

C.1,3,and 4 only

D.2,3,and 4 only

Question 140

Which of the following statements best describes the competency requirement for an auditor regarding fraud risks encountered in an engagement execution?

A.The auditor is not expected to have any competency requirement regarding fraud since the role of investigating and detecting fraud belongs to other functions in the organization.

B.The auditor must be able to have an appreciation of the fundamentals of fraud detection and investigation techniques.

C.The auditor must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization.

D.The auditor should be able to have comparable competencies of a person whose primary responsibility is detecting and investigating fraud.

Other Version: 3525IIA.IIA-CIA-Part1.v2025-05-21.q605; 5614IIA.IIA-CIA-Part1.v2024-09-23.q699; 3580IIA.IIA-CIA-Part1.v2023-04-17.q104; 7724IIA.IIA-CIA-Part1.v2023-03-29.q231; 4698IIA.IIA-CIA-Part1.v2023-02-22.q207; 5133IIA.IIA-CIA-Part1.v2023-02-14.q152; 5041IIA.IIA-CIA-Part1.v2023-02-01.q147; 4320IIA.IIA-CIA-Part1.v2022-07-16.q118; 5376IIA.IIA-CIA-Part1.v2022-02-22.q141; 126IIA.Prepawayete.IIA-CIA-Part1.v2021-09-10.by.earl.163q.pdf

Latest Upload: 203PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 302Nokia.4A0-113.v2026-05-01.q69; 264EC-COUNCIL.312-49v11.v2026-04-30.q214; 230Microsoft.MB-820.v2026-04-30.q101; 213Salesforce.MC-202.v2026-04-30.q57; 207BICSI.INSTC_V8.v2026-04-29.q53; 337NMLS.MLO.v2026-04-28.q82; 245NCARB.Project-Management.v2026-04-28.q27; 466EMC.D-AV-DY-23.v2026-04-27.q184; 1125ServiceNow.CSA.v2026-04-27.q483

Question 136

Question 137

Question 138

Question 139

Question 140

Download PDF File