Free IIA IIA-CIA-Part2 Exam Questions

Become IIA Certified with updated IIA-CIA-Part2 exam questions and correct answers

Page: 1 / 97

Total 485 Questions | Updated On: Dec 18, 2025

Add To Cart

Question 1

According to the Standards, which of the following should be the basis for scheduling follow-up of engagement recommendations?

Section: Volume D

A : follow-up manual procedures.

B : internal audit charter.

C : agreement made between internal auditors and management.

D : risks and exposures involved.

Answer: D

Question 2

An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?

A : The document management policy requires business client data to be stored in a specific management database

B : Sales contracts were stored improperly because the office manager was not trained to use the electronic database and prefers to avoid it

C : if the organization becomes subject to litigation the agreed pricing terms and conditions of the contracts may be difficult to prove

D : All staff should be appropriately trained and required to follow the organization's established policies and procedures pertaining to document management

Answer: C

Question 3

An internal audit report includes a recommendation to remove inappropriate user access to an IT application. Which of the following does the recommendation represent?

A : An agreed action adopted by management.

B : A condition-based recommendation as an interim solution to correct a current condition.

C : A cause-based recommendation to prevent inappropriate access being granted again.

D : A management action plan.

Answer: B

Question 4

Which characteristic of risk assessment makes it a useful tool for audit planning?

Section: Volume C

A : provides a list of auditable activities in the organization.

B : It ranks the severity of potentially adverse effects on the organization

C : provides a process for identifying and analyzing potentially adverse effects

D : It evaluates the probability that an event or action may adversely affect the organization.

Answer: C

Question 5

Which of the following is a disadvantage of using flowcharts during a risk assessment?

A : People cannot quickly understand the processes via flowcharts

B : Flowcharts are not applicable for evaluating the design of controls

C : Some serious risks that are not part of the linear process can be missed

D : Flowcharts do not enable auditors to identify missing controls

Answer: C

Page: 1 / 97

Total 485 Questions | Updated On: Dec 18, 2025

Add To Cart