Free Access IIA.IIA-CIA-Part2.v2022-09-28.q589 Practice Test (Page 113)

Question 556

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of
90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

A.The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

B.The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

C.The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

D.The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Question 557

The most common motivation for management fraud is the existence of:

A.Vices, such as a gambling habit.

B.Job dissatisfaction.

C.Financial pressures on the organization.

D.The challenge of committing the perfect crime.

Question 558

Which two of the following considerations must an internal auditor take into account while planning an audit of an accounting system/application that has been in use for the last five years?
The level and manner of linkages between the business' mission, objectives, and structure and the accounting system/application.
Presence or absence of computerized and manual controls that address risks.
Identification of risks at the application level, e.g. availability and security of the system.
Testing of the system/application for bugs and errors.

A.1 and 3 only

B.2 and 4 only

C.3 and 4 only

D.2 and 3 only

Question 559

While preparing the annual audit plan, the newly assigned chief audit executive (CAE) learns that the organization has not yet implemented a risk framework. Which of the following would be the most appropriate action for the CAE to take regarding potential engagements?

A.Review all outstanding recommendations from prior audit engagements and focus on them in the upcoming year.

B.Use the previous three-year audit plan to extrapolate potential engagements for the upcoming year's schedule of engagement.

C.Prioritize the engagements that were not done in previous years and schedule them for the upcoming year.

D.Consult with senior management and the board and make adjustments regarding risk.

Question 560

In a sampling application, the group of items about which the auditor wants to estimate some characteristic is called the:

A.Population.

B.Attribute of interest.

C.Sample.

D.Sampling unit.

Other Version: 1722IIA.IIA-CIA-Part2.v2024-12-09.q342; 7770IIA.IIA-CIA-Part2.v2023-05-26.q379; 7867IIA.IIA-CIA-Part2.v2023-04-08.q383; 3164IIA.IIA-CIA-Part2.v2023-03-09.q121; 12947IIA.IIA-CIA-Part2.v2022-07-26.q511; 9270IIA.IIA-CIA-Part2.v2022-01-22.q283; 108IIA.Prepawaypdf.IIA-CIA-Part2.v2021-10-22.by.nat.555q.pdf

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 162TheSecOpsGroup.CNSP.v2025-09-08.q20; 220CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50; 183Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 556

Question 557

Question 558

Question 559

Question 560

Download PDF File