IIA IIA-CIA-Part3 Übungsprüfungen
Zuletzt aktualisiert am 12.12.2025- Prüfungscode: IIA-CIA-Part3
- Prüfungsname: CIA Exam Part Three: Business Knowledge for Internal Auditing
- Zertifizierungsanbieter: IIA
- Zuletzt aktualisiert am: 12.12.2025
Which of the following best describes the purpose of fixed manufacturing costs?
- A . To ensure availability of production facilities.
- B . To decrease direct expenses related to production.
- C . To incur stable costs despite operating capacity.
- D . To increase the total unit cost under absorption costing
A newly appointed board member received an email that appeared to be from the company’s CEO.
The email stated:
“Good morning. As you remember, the closure of projects is our top priority. Kindly organize prompt payment of the attached invoice for our new solar energy partners.” The board member quickly replied to the email and asked under which project the expense should be accounted. Only then did he realize that the sender ’s mail domain was different from the company’s.
Which of the following cybersecurity risks nearly occurred in the situation described?
- A . A risk of spyware and malware.
- B . A risk of corporate espionage.
- C . A ransomware attack risk.
- D . A social engineering risk.
Which of the following application controls is the most dependent on the password owner?
- A . Password selection
- B . Password aging
- C . Password lockout
- D . Password rotation
Which type of bond sells at & discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?
- A . High-yield bonds
- B . Commodity-backed bonds
- C . Zero coupon bonds
- D . Junk bonds
An organization has instituted a bring-your-own-device (BYOD) work environment.
Which of the following policies best addresses the increased risk to the organization’s network incurred by this environment?
- A . Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.
- B . Ensure that relevant access to key applications is strictly controlled through an approval and review process.
- C . Institute detection and authentication controls for all devices used for network connectivity and data storage.
- D . Use management software scan and then prompt parch reminders when devices connect to the network
Which of the following controls would an internal auditor consider the most relevant to reduce risks of project cost overruns?
- A . Scope change requests are reviewed and approved by a manager with a proper level of authority.
- B . Cost overruns are reviewed and approved by a control committee led by the project manager.
- C . There is a formal quality assurance process to review scope change requests before they are implemented
- D . There is a formal process to monitor the status of the project and compare it to the cost baseline
Which of the following attributes of data analytics relates to the growing number of sources from which data is being generated?
- A . Volume.
- B . Velocity.
- C . Variety.
- D . Veracity.
Which of the following would be the best method to collect information about employees‘ job satisfaction?
- A . Online surveys sent randomly to employees.
- B . Direct onsite observations of employees.
- C . Town hall meetings with employees.
- D . Face-to-face interviews with employees.
A chief audit executive wants to implement an enterprisewide resource planning software.
Which of the following internal audit assessments could provide overall assurance on the likelihood of the software implementation’s success?
- A . Readiness assessment.
- B . Project risk assessment.
- C . Post-implementation review.
- D . Key phase review.
Which of the following types of date analytics would be used by a hospital to determine which patients are likely to require remittance for additional treatment?
- A . Predictive analytics.
- B . Prescriptive analytics.
- C . Descriptive analytics.
- D . Diagnostic analytics.