IIA-CIA-Part3-CN Exam Question 216
根據 I1A IT 指南。下列哪一項有關資訊安全的活動最有可能是直線管理階層(而非執行管理階層、內部稽核員或董事會)的責任?
Correct Answer: A
* Understanding Information Security Responsibilities:
* Executive management sets the overall strategy and ensures resources are allocated for information security.
* Internal auditors provide independent assurance on security effectiveness.
* The board provides oversight and ensures that security risks are managed appropriately.
* Line management is responsible for day-to-day operations, including the review and monitoring of security controls to ensure compliance with security policies.
* Why Reviewing and Monitoring Security Controls is a Line Management Function:
* Line management directly oversees operational security measures, ensuring that established controls are functioning effectively.
* They address security gaps, enforce security policies, and report issues to senior management when necessary.
* This aligns with IIA Standard 2120 - Risk Management, which requires management to implement and monitor risk mitigation controls.
* Why Other Options Are Incorrect:
* B. Dedicate sufficient security resources: This is the responsibility of executive management, as they control resource allocation.
* C. Provide oversight to the security function: The board and executive management provide oversight, not line management.
* D. Assess information control environments: Internal auditors assess control environments, ensuring compliance and effectiveness.
* IIA Standards and References:
* IIA Standard 2110 - Governance: Emphasizes the board's role in overseeing security.
* IIA Standard 2120 - Risk Management: States that management must monitor security risks.
* IIA GTAG (Global Technology Audit Guide) on Information Security (2016): Outlines that line management is responsible for monitoring security controls on a daily basis.
Thus, the correct answer is A: Review and monitor security controls.
* Executive management sets the overall strategy and ensures resources are allocated for information security.
* Internal auditors provide independent assurance on security effectiveness.
* The board provides oversight and ensures that security risks are managed appropriately.
* Line management is responsible for day-to-day operations, including the review and monitoring of security controls to ensure compliance with security policies.
* Why Reviewing and Monitoring Security Controls is a Line Management Function:
* Line management directly oversees operational security measures, ensuring that established controls are functioning effectively.
* They address security gaps, enforce security policies, and report issues to senior management when necessary.
* This aligns with IIA Standard 2120 - Risk Management, which requires management to implement and monitor risk mitigation controls.
* Why Other Options Are Incorrect:
* B. Dedicate sufficient security resources: This is the responsibility of executive management, as they control resource allocation.
* C. Provide oversight to the security function: The board and executive management provide oversight, not line management.
* D. Assess information control environments: Internal auditors assess control environments, ensuring compliance and effectiveness.
* IIA Standards and References:
* IIA Standard 2110 - Governance: Emphasizes the board's role in overseeing security.
* IIA Standard 2120 - Risk Management: States that management must monitor security risks.
* IIA GTAG (Global Technology Audit Guide) on Information Security (2016): Outlines that line management is responsible for monitoring security controls on a daily basis.
Thus, the correct answer is A: Review and monitor security controls.
IIA-CIA-Part3-CN Exam Question 217
一位大型零售客戶提出以每單位7美元的特價購買10,000台。製造商通常以每單位10美元的價格出售,變動製造成本為每單位55美元,固定製造成本為
每單位3美元。為了使製造商接受報價,下列哪一個假設需要成立?
每單位3美元。為了使製造商接受報價,下列哪一個假設需要成立?
Correct Answer: B
When evaluating a special order, the manufacturer must determine if accepting it will be profitable without disrupting normal operations. The key consideration is whether the company has spare production capacity to handle the order without increasing fixed costs.
Correct Answer (B - The Manufacturer Can Fulfill the Order Without Expanding Production Facilities) Fixed costs ($3 per unit) are already incurred and will not change if the order is accepted.
The special price ($7 per unit) covers the variable costs ($5 per unit), contributing $2 per unit to profit.
If the manufacturer has excess production capacity, the order is profitable.
The IIA Practice Guide: Auditing Financial Performance emphasizes that special order decisions should be based on incremental cost analysis, ensuring no need for capacity expansion.
Why Other Options Are Incorrect:
Option A (Fixed and Variable Manufacturing Costs Are Less Than the Special Offer Selling Price):
Fixed costs should not be considered in short-term pricing decisions if they are already incurred.
Option C (Costs Related to Accepting This Offer Can Be Absorbed Through the Sale of Other Products):
The decision should be based on whether the order is profitable on its own, not relying on other products.
Option D (The Manufacturer's Production Facilities Are Operating at Full Capacity):
If the company is at full capacity, accepting the order would require sacrificing existing sales or expanding capacity, which increases costs.
IIA Practice Guide: Auditing Financial Performance - Discusses cost analysis for special pricing decisions.
IIA GTAG 13: Business Performance - Covers incremental cost and profitability analysis in pricing decisions.
Step-by-Step Explanation:IIA References for Validation:Thus, B is the correct answer because accepting the order is only profitable if the manufacturer has excess capacity.
Correct Answer (B - The Manufacturer Can Fulfill the Order Without Expanding Production Facilities) Fixed costs ($3 per unit) are already incurred and will not change if the order is accepted.
The special price ($7 per unit) covers the variable costs ($5 per unit), contributing $2 per unit to profit.
If the manufacturer has excess production capacity, the order is profitable.
The IIA Practice Guide: Auditing Financial Performance emphasizes that special order decisions should be based on incremental cost analysis, ensuring no need for capacity expansion.
Why Other Options Are Incorrect:
Option A (Fixed and Variable Manufacturing Costs Are Less Than the Special Offer Selling Price):
Fixed costs should not be considered in short-term pricing decisions if they are already incurred.
Option C (Costs Related to Accepting This Offer Can Be Absorbed Through the Sale of Other Products):
The decision should be based on whether the order is profitable on its own, not relying on other products.
Option D (The Manufacturer's Production Facilities Are Operating at Full Capacity):
If the company is at full capacity, accepting the order would require sacrificing existing sales or expanding capacity, which increases costs.
IIA Practice Guide: Auditing Financial Performance - Discusses cost analysis for special pricing decisions.
IIA GTAG 13: Business Performance - Covers incremental cost and profitability analysis in pricing decisions.
Step-by-Step Explanation:IIA References for Validation:Thus, B is the correct answer because accepting the order is only profitable if the manufacturer has excess capacity.
IIA-CIA-Part3-CN Exam Question 218
下列何者是內部稽核師出於探索性目的應用資料探勘技術的範例?
Correct Answer: C
Data Mining for Exploratory Purposes:
Exploratory data mining involves analyzing large datasets to identify trends, patterns, and risks before conducting specific audits.
Internal auditors use data mining to assess risks and determine potential audit subjects, making it a key input in audit planning.
Aligns with IIA Practice Guide on Data Analytics:
Exploratory analysis helps auditors prioritize areas with high-risk indicators.
Supports IIA Standard 2010 - Planning, which requires risk-based audit planning.
A). Internal auditors perform reconciliation procedures to support an external audit of financial reporting.
(Incorrect)
Reconciliation is a procedural task, not an exploratory data mining activity.
Supports external audit rather than internal audit's strategic risk assessment role.
B). Internal auditors perform a systems-focused analysis to review relevant controls. (Incorrect) This relates more to evaluating control effectiveness rather than exploratory data mining.
Does not directly contribute to identifying new audit areas.
D). Internal auditors test IT general controls with regard to operating effectiveness versus design. (Incorrect) Testing IT general controls is a structured evaluation, not an exploratory data mining technique.
Exploratory data mining is used to identify risks before formal testing occurs.
Explanation of Answer Choice C (Correct Answer):Explanation of Incorrect Answers:Conclusion:The best example of exploratory data mining by internal auditors is risk assessment for audit planning (Option C).
IIA References:
IIA Standard 2010 - Planning
IIA Practice Guide: Data Analytics
Exploratory data mining involves analyzing large datasets to identify trends, patterns, and risks before conducting specific audits.
Internal auditors use data mining to assess risks and determine potential audit subjects, making it a key input in audit planning.
Aligns with IIA Practice Guide on Data Analytics:
Exploratory analysis helps auditors prioritize areas with high-risk indicators.
Supports IIA Standard 2010 - Planning, which requires risk-based audit planning.
A). Internal auditors perform reconciliation procedures to support an external audit of financial reporting.
(Incorrect)
Reconciliation is a procedural task, not an exploratory data mining activity.
Supports external audit rather than internal audit's strategic risk assessment role.
B). Internal auditors perform a systems-focused analysis to review relevant controls. (Incorrect) This relates more to evaluating control effectiveness rather than exploratory data mining.
Does not directly contribute to identifying new audit areas.
D). Internal auditors test IT general controls with regard to operating effectiveness versus design. (Incorrect) Testing IT general controls is a structured evaluation, not an exploratory data mining technique.
Exploratory data mining is used to identify risks before formal testing occurs.
Explanation of Answer Choice C (Correct Answer):Explanation of Incorrect Answers:Conclusion:The best example of exploratory data mining by internal auditors is risk assessment for audit planning (Option C).
IIA References:
IIA Standard 2010 - Planning
IIA Practice Guide: Data Analytics
IIA-CIA-Part3-CN Exam Question 219
專案主管負責準備最終專案溝通文件以供發布。由於首席審計執行官(CAE)休假,專案主管被授權將最終專案溝通文件分發給所有相關方。誰應該對最終專案溝通文件負責?
Correct Answer: B
The CAE is ultimately accountable for all final engagement communications, even if dissemination is delegated to others. The Standards hold the CAE responsible for ensuring that reports are accurate, objective, clear, concise, constructive, complete, and timely.
Options A and D (supervisor or team) may assist but do not hold accountability. Option C (the board) receives reports but is not responsible for them.
Reference:
IIA Standards - Standard 2400: Communicating Results.
Options A and D (supervisor or team) may assist but do not hold accountability. Option C (the board) receives reports but is not responsible for them.
Reference:
IIA Standards - Standard 2400: Communicating Results.
IIA-CIA-Part3-CN Exam Question 220
相關成本的概念如何幫助管理階層進行行為分析?
Correct Answer: D
Relevant cost refers to costs that will change depending on a specific business decision. It is crucial for decision-making as it helps management assess the financial impact of alternatives.
Relevant costs focus on future costs that differ between decision alternatives.
They help management analyze how different choices impact profitability.
This supports decision-making in areas such as pricing, outsourcing, and product discontinuation.
A). It explains the assumption that both costs and revenues are linear through the relevant range # Incorrect.
While linear cost behavior is often assumed, it is not the primary purpose of relevant cost analysis.
B). It enables management to calculate a minimum number of units to produce and sell without having to incur a loss # Incorrect. This describes break-even analysis, not relevant cost analysis.
C). It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions # Incorrect. Depreciation is a sunk cost and is not considered relevant for decision-making.
The IIA's Practice Guide: Financial Decision-Making and Internal Audit's Role outlines how relevant cost analysis aids business strategy.
International Professional Practices Framework (IPPF) Standard 2120 states that internal auditors should assess management's cost-analysis techniques.
Managerial Accounting Concepts (by IMA and COSO) emphasize relevant costs in strategic decision-making.
Why Option D is Correct?Explanation of the Other Options:IIA References & Best Practices:Thus, the correct answer is D. It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action.
Relevant costs focus on future costs that differ between decision alternatives.
They help management analyze how different choices impact profitability.
This supports decision-making in areas such as pricing, outsourcing, and product discontinuation.
A). It explains the assumption that both costs and revenues are linear through the relevant range # Incorrect.
While linear cost behavior is often assumed, it is not the primary purpose of relevant cost analysis.
B). It enables management to calculate a minimum number of units to produce and sell without having to incur a loss # Incorrect. This describes break-even analysis, not relevant cost analysis.
C). It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions # Incorrect. Depreciation is a sunk cost and is not considered relevant for decision-making.
The IIA's Practice Guide: Financial Decision-Making and Internal Audit's Role outlines how relevant cost analysis aids business strategy.
International Professional Practices Framework (IPPF) Standard 2120 states that internal auditors should assess management's cost-analysis techniques.
Managerial Accounting Concepts (by IMA and COSO) emphasize relevant costs in strategic decision-making.
Why Option D is Correct?Explanation of the Other Options:IIA References & Best Practices:Thus, the correct answer is D. It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action.
- Other Version
- 1200IIA.IIA-CIA-Part3-CN.v2025-06-26.q187
- Latest Upload
- 135Microsoft.AB-731.v2026-07-03.q32
- 140Microsoft.AI-900-CN.v2026-07-03.q148
- 151GIAC.GICSP.v2026-07-03.q43
- 192EC-COUNCIL.212-89.v2026-07-03.q125
- 162Salesforce.Plat-Admn-201.v2026-07-02.q74
- 299AAPC.CPC.v2026-07-02.q224
- 177Cisco.820-605.v2026-07-02.q83
- 178Cisco.300-435.v2026-07-02.q95
- 138PaloAltoNetworks.XSIAM-Analyst.v2026-07-02.q35
- 230IIA.IIA-CIA-Part3-CN.v2026-07-02.q222
[×]
Download PDF File
Enter your email address to download IIA.IIA-CIA-Part3-CN.v2026-07-02.q222 Practice Test
