Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. IIA
  5. CIA

IIA CIA Exam
Certified Internal Auditor Exam (Page 11 )

Updated On: 9-Feb-2026
Page 11 of 342
PDF with 1702 Questions

A tax consultancy agency retains sensitive personal information regarding its clients. Which of the following is a violation of acceptable privacy practices?

  1. Copies of printed client information not used by the agency are shredded
  2. Employees share client information with coworkers with the permission of the client
  3. The agency only releases client information with management's approval
  4. The agency advises clients of their privacy rights before they commence business with the agency

Answer(s): C



Noncompliance with which of the following would cause a control deficiency related to privacy protection practices?

I). An organization's internal privacy policies
II). Financial accounting standards
III). Privacy laws and regulations
IV). The Standards

  1. I and III only
  2. II and IV only
  3. II, III, and IV only
  4. I, II, III, and IV

Answer(s): A



During a review of data center physical security and environmental controls, an auditor should ensure that

I). Visitors are accompanied by authorized personnel at all times
II). Only developers and operators have access to the data center
III). Fire suppression equipment is tested periodically
IV). Fire and water detectors have been installed

  1. I and III only
  2. II and IV only
  3. I, III, and IV only
  4. II, III, and IV only

Answer(s): C



Which of the following is most likely to be an element of an effective compliance program?

  1. The internal audit activity is assigned responsibility for overseeing the program.
  2. The program is communicated to employees in a video format on a one-time basis.
  3. The organization uses monitoring systems designed to detect improper activity.
  4. The organization obtains as much information as possible when performing background checks on employees.

Answer(s): C



Which of the following statements is correct regarding corporate compensation systems and related bonuses?

I). A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control.
II). Compensation systems are not part of an organization's control system and should not be reported as such
III). An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses.

  1. I only
  2. II only
  3. III only
  4. II and III only

Answer(s): A






Post your Comments and Discuss IIA CIA exam prep with other Community members:

Join the CIA Discussion