Free Access IIA.IIA-CIA-Part2.v2023-05-26.q379 Practice Test (Page 70)

Question 341

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

A.The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

B.The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

C.The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

D.The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Question 342

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

A.Internal and external audit reports.

B.The strategic plan.

C.The corporate risk register.

D.The board's meeting records.

Question 343

Which of the following is not true regarding the management of internal audit resources?

A.Resources include external service providers and computer-assisted audit techniques.

B.A minimum level of information technology knowledge is necessary.

C.The adequacy of internal audit resources is ultimately a board responsibility.

D.Skills availability must be aligned with financial constraints.

Question 344

Which of the following statements is false regarding audit criteria?

A.Audit criteria should be consistent across audit assignments.

B.Audit criteria should represent reasonable standards against which to assess existing conditions.

C.Audit criteria should provide flexibility but allow identification of nonadherence.

D.Audit criteria should equate to good or acceptable management practices.

Question 345

According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

A.A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

B.Previous work provided by the external service provider has been of great quality and value.

C.There has been an increase in unanticipated requests for advisory work.

D.The organization's audit universe is extensive and diverse.

Other Version: 3165IIA.IIA-CIA-Part2.v2024-12-09.q342; 9200IIA.IIA-CIA-Part2.v2023-04-08.q383; 3808IIA.IIA-CIA-Part2.v2023-03-09.q121; 14998IIA.IIA-CIA-Part2.v2022-09-28.q589; 14464IIA.IIA-CIA-Part2.v2022-07-26.q511; 10002IIA.IIA-CIA-Part2.v2022-01-22.q283; 108IIA.Prepawaypdf.IIA-CIA-Part2.v2021-10-22.by.nat.555q.pdf

Latest Upload: 200PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 290Nokia.4A0-113.v2026-05-01.q69; 246EC-COUNCIL.312-49v11.v2026-04-30.q214; 226Microsoft.MB-820.v2026-04-30.q101; 204Salesforce.MC-202.v2026-04-30.q57; 203BICSI.INSTC_V8.v2026-04-29.q53; 332NMLS.MLO.v2026-04-28.q82; 241NCARB.Project-Management.v2026-04-28.q27; 454EMC.D-AV-DY-23.v2026-04-27.q184; 1107ServiceNow.CSA.v2026-04-27.q483

Question 341

Question 342

Question 343

Question 344

Question 345

Download PDF File