Certified Internal Auditor - Part 3 Business Analysis and Information Technology

Here you have the best IIA IIA-CIA-Part3 practice exam questions

You have 327 total questions to study from
Each page has 5 questions, making a total of 66 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on May 14, 2025
This site is not affiliated with or endorsed by IIA.

Question 1 of 327

Which of the following statements is correct regarding risk analysis?

The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.

The highest risk assessment should always be assigned to the area with the largest potential loss.

The highest risk assessment should always be assigned to the area with the highest probability of occurrence.

Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.

Correct Answer: A

Question 2 of 327

Which of the following statements regarding organizational governance is not correct?

An effective internal audit function is one of the four cornerstones of good governance.

Those performing governance activities are accountable to the customer.

Accountability is one of the key elements of organizational governance.

Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.

Correct Answer: B

Question 3 of 327

The first stage in the development of a crisis management program is to:

Formulate contingency plans.

Conduct a risk analysis.

Create a crisis management team.

Practice the response to a crisis.

Correct Answer: C

The first stage in the development of a crisis management program is to create a crisis management team. This is because establishing a dedicated team or group responsible for managing and coordinating all aspects of crisis response is fundamental. This team will be tasked with conducting subsequent stages such as risk analysis, formulating contingency plans, and practicing responses to crises.

Question 4 of 327

Which of the following activities most significantly increases the risk that a bank will make poor-quality loans to its customers?

Borrowers may not sign all required mortgage loan documentation.

Fees paid by the borrower at the time of the loan may not be deposited in a timely manner.

The bank's loan documentation may not meet the government's disclosure requirements.

Loan officers may override the lending criteria established by senior management.

Correct Answer: D

Question 5 of 327

Which of the following steps should an internal auditor take during an audit of an organization's business continuity plans?

1. Evaluate the business continuity plans for adequacy and currency.

2. Prepare a business impact analysis regarding the loss of critical business.

3. Identify key personnel who will be required to implement the plans.

4. Identify and prioritize the resources required to support critical business processes.

1 only

2 and 4 only

1, 3, and 4 only

1, 2, 3, and 4

Correct Answer: C

During an audit of an organization's business continuity plans, an internal auditor should evaluate the business continuity plans for adequacy and currency to ensure they are up-to-date and relevant (1). The auditor should also identify key personnel who will be required to implement the plans, as having the right people in place is crucial for effective execution during a crisis (3). Additionally, it is important to identify and prioritize the resources required to support critical business processes to ensure that the organization can maintain essential operations during a disruption (4). Preparing a business impact analysis (2) is typically not within the scope of an audit but more aligned with the development and maintenance of the business continuity plan itself.