New IIA-CIA-Part3 Exam Questions For CIA Exam Part Three: Business Knowledge for Internal Auditing

Now you can prepare for your CIA Exam Part Three: Business Knowledge for Internal Auditing exam with PassQuestion IIA-CIA-Part3 Exam Questions. The CIA exam Part 3 includes four domains focused on business acumen, information security, information technology, and financial management. Part 3 is designed to test candidates’ knowledge, skills, and abilities particularly as they relate to these core business concepts.​ There are 313 questions and answers in PassQuestion IIA-CIA-Part3 Exam Questions to help you pass your exam successfully.

Test Online IIA-CIA-Part3 Free Questions

1. Technological uncertainty, subsidy, and spin-offs are usually characteristics of:


2. An internal auditor is reviewing physical and environmental controls for an IT organization.

Which control activity should not be part of this review?


3. Which of the following does not provide operational assurance that a computer system is operating properly?


4. An organization produces two products, X and Y. The materials used for the production of both products are limited to 500 kilograms (kg) per month. All other resources are unlimited and their costs are fixed.

Individual product details are as follows:

Product X

Product Y

Selling price per unit



Materials per unit (at $1/kg)

2 kg

6 kg

Monthly demand

100 units

120 units

In order to maximize profit, how much of product Y should the organization produce each month?


5. Evaluate whether the procedures for program change management are adequate.


6. Which of the following stages of group development is associated with accepting team responsibilities?


7. Which of the following standards would be most useful in evaluating the performance of a customer-service group?


8. An internal auditor has been asked to conduct an investigation involving allegations of independent contractor fraud.

Which of the following controls would be least effective in detecting any potential fraudulent activity?


9. According to the waterfall cycle approach to systems development, which of the following sequence of events is correct?


10. Monitoring systems are in place to alert management to unexpected events.


11. Which of the following best describes a market signal?


12. Ability to empathize with other people.


13. A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special-ordered or custom-made.

The most likely structure for this organization would be:


14. In order to provide useful information for an organization’s risk management decisions, which of the following factors is least important to assess?


15. Ensure that performance targets are always achieved.


16. Which of the following is not a method for implementing a new application system?


17. According to IIA guidance, which of the following is a typical risk associated with the tender process and contracting stage of an organization’s IT outsourcing life cycle?


18. Which of the following best describes the concept of relevant cost?


19. Which of the following COSO internal control framework components encompasses establishing structures, reporting lines, authorities, and responsibilities?


20. The cost to enter a foreign market would be highest in which of the following methods of global expansion?


21. The audit committee of a global corporation has mandated a change in the organization’s business ethics policy.

Which of the following approaches describes the best way to accomplish the policy’s diffusion worldwide?


22. An organization decided to install a motion detection system in its warehouse to protect against after-hours theft.

According to the COSO enterprise risk management framework, which of the following best describes this risk management strategy?


23. Which of the following is a characteristic of an emerging industry?


24. Import quotas that limit the quantities of goods that a domestic subsidiary can buy from its foreign parent company represent which type of barrier to the parent company?


25. According to the International Professional Practices Framework, internal auditors who are assessing the adequacy of organizational risk management processes should not:


26. The organization makes exclusive arrangements with the channels.


27. To assess the performance of employees.


28. The activity that involves a trial run of a product in a typical segment of the market before proceeding to a national launch is referred to as:


29. Which of the following describes the result if an organization records merchandise as a purchase, but fails to include it in the closing inventory count?


30. Which of the following conditions could lead an organization to enter into a new business through internal development rather than through acquisition?


31. In mergers and acquisitions, which of the following is an example of a horizontal combination?


32. An organization needs to borrow a large amount of cash to fund its expansion plan.

Which of the following annual interest rates is least expensive?


33. A milestone requires resource allocation and needs time to be completed.


34. Emergency changes that bypass the normal control process frequently are deemed necessary.


35. An organization’s balance sheet indicates that the total asset amount and the total capital stock amount remained unchanged from one year to the next, and no dividends were declared or paid. However, the organization reported a loss of $200,000.

Which of the following describes the most likely year-over-year change to the organization’s total liabilities and total stockholder equity?


36. Which of the following is a key characteristic of a zero-based budget?


37. Organizations use matrix management to accomplish which of the following?


38. Which of the following statements is true regarding the roles and responsibilities associated with a corporate social responsibility (CSR) program?


39. If legal or regulatory standards prohibit conformance with certain parts of The IIA’s Standards, the auditor should do which of the following?


40. Senior management has decided to implement the Three Lines of Defense model for risk management.

Which of the following best describes senior management’s duties with regard to this model?


41. All of the following are possible explanations for a significant unfavorable material efficiency variance except:


42. The recession.


43. Which of the following is a type of network in which an organization permits specific users (such as existing customers) to have access to its internal network through the Internet by building a virtual private network?


44. Which of the following would not impair the objectivity of internal auditor?


45. Refer to the exhibit.

A company’s financial balance sheet is presented below:

The company has net working capital of:


46. Which of the following is the best reason for considering the acquisition of a nondomestic organization?


47. International marketing activities often begin with:


48. What are the objectives of governance as defined by the Standards?


49. Which of the following is an example of a risk avoidance response?


50. Which of the following activities most significantly increases the risk that a bank will make poor-quality loans to its customers?


51. When writing a business memorandum, the writer should choose a writing style that achieves all of the following except:


52. According to IIA guidance, which of the following would be a primary reason for an internal auditor to test the organization’s IT contingency plan?


53. Which of the following must be adjusted to index a progressive tax system to inflation?


54. According to Porter, which of the following is associated with fragmented industries?


55. Which of the following factors would reduce dissatisfaction for a management trainee but would not particularly motivate the trainee?


56. Which of the following local area network physical layouts is subject to the greatest risk of failure if one device fails?


57. An internal auditor is trying to assess control risk and the effectiveness of an organization’s internal controls.

Which of the following audit procedures would not provide assurance to the auditor on this matter?


58. Which of the following describes a typical desktop workstation used by most employees in their daily work?


59. A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system.

Which of the following is most likely the cause of the difficulty?


60. In creating a risk-based plan, which of the following best describes a top-down approach to understanding business processes?


61. Which of the following techniques would be least effective in resolving the conflict created by an internal audit client’s perception of the audit report as a personal attack on his management performance?


62. Which of the following is an element of effective negotiating?


63. Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users?


64. Which of the following price adjustment strategies encourages prompt payment?


65. Which of the following would best prevent unauthorized external changes to an

organization’s data?


66. Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange?


67. An internal auditor performed a review of IT outsourcing and found that the service provider was failing to meet the terms of the service level agreement.

Which of the following approaches is most appropriate to address this concern?


68. A supervisor receives a complaint from an employee who is frustrated about having to learn a new software program. The supervisor responds that the new software will enable the employee to work more efficiently and with greater accuracy.

This response is an example of:


69. It can lead to cultural myopia.


70. Which of the following borrowing options is an unsecured loan?


71. Which of the following statements accurately describes one of the characteristics that distinguishes a multinational company from a domestic company?


72. An organization has recorded the following profit and expenses:

Profit before interest and tax




Purchases of materials


Interest expenses


If the value-added tax (VAT) rate is 20 percent and the corporate tax rate is 30 percent, which of the following is the amount of VAT that the organization has to pay?


73. According to IIA guidance, which of the following steps are most important for an internal auditor to perform when evaluating an organization’s social and environmental impact on the local community?

✑ Determine whether previous incidents have been reported, managed, and resolved.

✑ Determine whether a business contingency plan exists. ✑ Determine the extent of transparency in reporting.

✑ Determine whether a cost/benefit analysis was performed for all related projects.


74. An organization is projecting sales of 100,000 units, at a unit price of $12. Unit variable costs are $7.

If fixed costs are $350,000, what is the projected total contribution margin?


75. Which of the following application-based controls is an example of a programmed edit check?


76. Which of the following distinguishes the added-value negotiation method from traditional negotiating methods?


77. Capacity overbuilding is most likely to occur when management is focused on which of the following?


78. They are helpful but limited in value in a rapidly changing environment.


79. Which of the following statements is true regarding the relationship between an individual’s average tax rate and marginal tax rate?


80. Organizations generally have flexibility regarding what is included in a CSR program.


81. Which of the following statements pertaining to a market skimming pricing strategy is not true?


82. Which of the following roles would be least appropriate for the internal audit activity to undertake with regard to an organization’s corporate social responsibility (CSR) program?


83. In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?


84. Disaster recovery planning is a type of detailed control.


85. Which of the following is a major advantage of decentralized organizations, compared to centralized organizations?


86. Sales trends.


87. The first stage in the development of a crisis management program is to:


88. A retail organization is considering acquiring a composite textile company. The retailer’s due diligence team determined the value of the textile company to be $50 million. The financial experts forecasted net present value of future cash flows to be $60 million.

Experts at the textile company determined their company’s market value to be $55 million if purchased by another entity. However, the textile company could earn more than $70 million from the retail organization due to synergies. Therefore, the textile company is motivated to make the negotiation successful.

Which of the following approaches is most likely to result in a successful negotiation?


89. The market price is the most appropriate transfer price to be charged by one department to another in the same organization for a service provided when:


90. Which of the following methods, if used in conjunction with electronic data interchange (EDI), will improve the organization’s cash management program, reduce transaction data input time and errors, and allow the organization to negotiate discounts with EDI vendors based on prompt payment?


91. The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization’s strategies and objectives.


92. Under a value-added taxing system:


93. Which of the following strategies is most appropriate for an industry that is in decline?


94. According to the Standards, which of the following is based on the assertion that the quality of an organization’s risk management process should improve with time?


95. Which of the following is always true regarding the use of encryption algorithms based on public key infrastructure (PKI)?


96. In an organization where enterprise risk management practices are mature, which of the following is a core internal audit role?


97. All of the following are true with regard to the first-in, first-out inventory valuation method except:


98. When granting third parties temporary access to an entity’s computer systems, which of the following is the most effective control?


99. Which stage in the industry life cycle is characterized by many different product variations?


100. Which of the following actions is most likely to gain support for process change?


101. Which of the following is a product-oriented definition of a business rather than a market-oriented definition of a business?


102. A software that translates hypertext markup language (HTML) documents and allows a user to view a remote web page is called:


103. Which of the following are the most appropriate measures for evaluating the change in an organization’s liquidity position?


104. Overall system costs are lower.


105. Which of the following is a role of the board of directors in the governance process?


106. The ability to test the effectiveness of the control.


107. According to the COSO enterprise risk management (ERM) framework, which of the following is not a typical responsibility of the chief risk officer?


108. Providing knowledge, motivating organizational members, controlling and coordinating individual efforts, and expressing feelings and emotions are all functions of:


109. Which of the following is the most likely reason an organization may decide to undertake a stock split?


110. A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group.

An internal auditor would expect to find all of the following controls within the technology department except:


111. A key advantage of developing a computer application by using the prototyping approach is that it:


112. Which of the following statements is correct regarding risk analysis?


113. Structured data format.


114. Which of the following is the primary benefit of including end users in the system development process?


115. Which of the following budgets must be prepared first?


116. The economic order quantity can be calculated using the following formula:

Which of the following describes how the optimal order size will change if the annual demand increases by 36 percent?


117. Which of the following is a limiting factor for capacity expansion?


118. The most important reason to use risk assessment in audit planning is to:


119. 5

Based on this data, which of the following describes the value of Cost X in relation to the value of Output Produced?


120. The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?


121. Which of the following is a disadvantage of selecting a commercial software package rather than developing an application internally?


122. The economic order quantity for inventory is higher for an organization that has:


123. Multinational organizations generally spend more time and effort to identify and evaluate:


124. Which of the following IT strategies is most effective for responding to competitive pressures created by the marketplace?


125. Which of the following costs would be incurred in an inventory stockout?


Question 1 of 125

IIA-CRMA Certification Questions in Risk Management Assurance (CRMA) Exam

Leave a Reply

Your email address will not be published. Required fields are marked *