Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Full Access IIA IIA-ACCA Tutorials

Page: 10 / 23
Total 604 questions

ACCA CIA Challenge Exam Questions and Answers

Question 37

What is the purpose of a secondary control?

Options:

A.

It replaces primary controls that are either ineffective or cannot fully mitigate a risk.

B.

It partially reduces the residual risk level when a key control does not operate effectively.

C.

lt combines with other controls to help reduce significant risk exposures to an acceptable level.

D.

It helps to ensure the completeness and accuracy of automated controls in a system environment.

Question 38

According to the COSO enterprise risk management framework, which of the following best describes the activity that helps ensure risk responses are carried out effectively?

Options:

A.

Objective setting.

B.

Control activities.

C.

Information and communication.

D.

Event identification.

Question 39

Which of the following is considered a violation of The IIA's Code of Ethics?

Options:

A.

An auditor conveys public information about an organization's financial condition.

B.

An auditor reports a manager's illegal activity to senior management, rather than reporting the incident to the appropriate external authority.

C.

An auditor receives allegations of fraud from a whistleblower and immediately reports the allegations to senior management.

D.

An auditor reports material deficiencies, despite the fact that management is already aware of the defects.

Question 40

Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?

Options:

A.

If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.

B.

Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is C. required to conduct privacy assessments.

C.

The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.

D.

The internal audit activity should have appropriate knowledge and competence to conduct an asses .......framework.

Page: 10 / 23
Total 604 questions