Free Access IIA.IIA-CIA-Part2.v2022-01-22.q283 Practice Test (Page 55)

Question 266

Which of the following items should be addressed in an organization's privacy statement?
I. Intended use of collected information.
II. Data storage and security.
III. Network/infrastructure authentication controls.
IV. Data retention policy of the organization.
Parties authorized to access information.

A.I and IV only

B.II, III, IV, and V only

C.I and II only

D.I, II, and V only

Question 267

Which of the following factors could interfere with effective problem solving by an internal auditor?
I. Reacting to previous experiences with clients.
II. Focusing only on the most likely cause.
III. Correcting the symptoms of problems.

A.III only

B.I and II only

C.I, II, and III

D.I only

Question 268

Checklists used to assess audit risk have been criticized for all of the following reasons except:

A.Providing a false sense of security that all relevant factors are addressed.

B.Inappropriately implying equal weight to each item on the checklist.

C.Decreasing the uniformity of data acquisition.

D.Being incapable of translating the experience or sound reasoning intended to be captured by each item on the checklist.

Question 269

An organization has adopted an enterprise-wide risk management process and has appointed a chief risk officer (CRO) to manage the process. The board has requested that the audit committee have oversight over the risk management function. Which of the following statements is not true regarding this situation?

A.The audit committee, on behalf of the board, has overall responsibility for the risk management process in the organization.

B.The audit committee should get assurance on the adequacy and effectiveness of the risk management process from the CRO.

C.Senior management is accountable to the board for monitoring the system of internal controls.

D.The chief audit executive has the mandate to conduct risk assessments and give assurance to the audit committee.

Question 270

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

A.Acts that damage or have an adverse effect on the environment.

B.Acts that favor one party to the detriment of another.

C.Acts that conceal inappropriate activities in the organization.

D.Acts that may endanger the health or safety of individuals.

Other Version: 3253IIA.IIA-CIA-Part2.v2024-12-09.q342; 9231IIA.IIA-CIA-Part2.v2023-05-26.q379; 9257IIA.IIA-CIA-Part2.v2023-04-08.q383; 3844IIA.IIA-CIA-Part2.v2023-03-09.q121; 15082IIA.IIA-CIA-Part2.v2022-09-28.q589; 14510IIA.IIA-CIA-Part2.v2022-07-26.q511; 108IIA.Prepawaypdf.IIA-CIA-Part2.v2021-10-22.by.nat.555q.pdf

Latest Upload: 257PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 366Nokia.4A0-113.v2026-05-01.q69; 402EC-COUNCIL.312-49v11.v2026-04-30.q214; 319Microsoft.MB-820.v2026-04-30.q101; 251Salesforce.MC-202.v2026-04-30.q57; 294BICSI.INSTC_V8.v2026-04-29.q53; 421NMLS.MLO.v2026-04-28.q82; 281NCARB.Project-Management.v2026-04-28.q27; 500EMC.D-AV-DY-23.v2026-04-27.q184; 1320ServiceNow.CSA.v2026-04-27.q483

Question 266

Question 267

Question 268

Question 269

Question 270

Download PDF File