Free Access IIA.IIA-CIA-Part2.v2022-07-26.q511 Practice Test (Page 13)

Question 56

Which of the following statements describes an engagement planning best practice?

A.It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

B.Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

C.The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

D.If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

Question 57

During an information security audit, an auditor discovers that the current disaster recovery plan was developed three years ago but never tested. There have been significant changes to information systems since the plan was developed. The auditor should:

A.Ask management to test the recovery plan immediately.

B.Recommend that management and users update and test the recovery plan.

C.Update the recovery plan for management as part of the review.

D.Review the recovery plan and report weaknesses to management.

Question 58

Which of the following items should be addressed in an organization's privacy statement?
I.Intended use of collected information.
II.
Data storage and security.
III.
Network/infrastructure authentication controls.
IV.
Data retention policy of the organization.
Parties authorized to access information.

A.I, II, and V only.

B.I and II only.

C.II, III, IV, and V only.

D.I and IV only.

Question 59

Because of a new marketing initiative, an organization has reduced requirements for extending credit to new customers. As a result, outstanding accounts receivable as a percentage of revenue has increased significantly during the past two years. Which of the following would be least useful in monitoring this finding?

A.Updates from the manager of accounts receivable regarding collection of outstanding receivables.

B.Updates from the credit and marketing personnel tasked with reevaluating credit policies.

C.Updates from the controller regarding the status of corrective actions.

D.Updates from the information technology division regarding development of a new accounts receivable system.

Question 60

An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?

A.Conduct a joint brainstorming session with management.

B.Disclose the client's differing opinion in the final report.

C.Escalate the issue to senior management for a decision.

D.Ask the chief audit executive to mediate.

Other Version: 1722IIA.IIA-CIA-Part2.v2024-12-09.q342; 7770IIA.IIA-CIA-Part2.v2023-05-26.q379; 7867IIA.IIA-CIA-Part2.v2023-04-08.q383; 3153IIA.IIA-CIA-Part2.v2023-03-09.q121; 13417IIA.IIA-CIA-Part2.v2022-09-28.q589; 9270IIA.IIA-CIA-Part2.v2022-01-22.q283; 108IIA.Prepawaypdf.IIA-CIA-Part2.v2021-10-22.by.nat.555q.pdf

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 156TheSecOpsGroup.CNSP.v2025-09-08.q20; 208CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50; 183Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 56

Question 57

Question 58

Question 59

Question 60

Download PDF File