IIA IIA-CIA-Part2 Practice Test - Questions Answers, Page 46

Which of the following statements is true regarding risk assessments, including the evaluation and prioritization of risk and control factors?

Which of the following statements is true regarding engagement planning?

Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?

The internal audit activity needs to review the information security function but does not have the IT expertise needed for the engagement. Which of the following actions should the chief audit executive take to ensure the internal audit activity conforms with the Standards?

Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?

Ensure encryption keys meet ISO standards.

Determine whether an independent review of the service provider's operation has been conducted.

Verify that the service provider's contracts include necessary clauses.

Verify that only public-switched data networks are used by the service provider.

Which of the following is an advantage of nonstatistical sampling over statistical sampling?

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

During the review of an organization's retail fraud deterrence program, an employee mentions that an expensive fraud surveillance information system is rarely used. The internal auditor concludes that additional staff are required to properly utilize the system to its full potential. According to IIA guidance, which criteria for evidence is most lacking to reach this conclusion?

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?