Question 1

While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the information systems have undergone extensive changes. Which of the following actions is most appropriate for the auditor to take?

Options :

A : Inform management and request that the plan be tested immediately.

B : Update the recovery plan for management, as part of the review.

C : Evaluate the recovery plan and report weaknesses to management.

D : Recommend that management and users update and test the recovery plan.

Answer: D

Question 2

Which of the following is a disadvantage of using flowcharts during a risk assessment?

Options :

A : People cannot quickly understand the processes via flowcharts

B : Flowcharts are not applicable for evaluating the design of controls

C : Some serious risks that are not part of the linear process can be missed

D : Flowcharts do not enable auditors to identify missing controls

Answer: C

Question 3

An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?

Options :

A : The CAE would automatically sand a copy of the report to the service provider as many of the findings relate to Via area managed by the service provider

B : The CAE may distribute the report to tie service provider at no cost, after consulting with legal counsel and tie chief compliance officer

C : The CAE may provide a copy of the audit report to the service provider If an agreement & signed and the service provider agrees to reimburse the cost of the audit

D : D, The CAE should benchmark with other organization in the industry by consorting with colleagues and distribute the report only I it is an acceptable practice m the industry

Answer: B

Question 4

An internal auditor has suspicions that the management of a department splits me number of planned purchases to avoid the approval process required for larger purchases. Which of the following would be the most efficient technique to help the auditor identify the seventy of this malpractice?

Options :

A : Examining the entire population

B : Asking management about the malpractice

C : Testing a sample of random transactions.

D : Using data analytics

Answer: D

Question 5

To effectively communicate the acceptance of risk in an organization a chief audit executive must first consider which of the following?

Options :

A : The organization-s view on risk tolerance

B : The organization-s principal risk events.

C : The organization-s risk response strategies

D : The organization-s major control activities

Answer: A

Free IIA-CIA-Part2-3P Mock Exam – Practice Online Confidently

Buying Options: