Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IIA-CIA-Part3 Exam - Topic 7 Question 20 Discussion

Actual exam question for IIA's IIA-CIA-Part3 exam
Question #: 20
Topic #: 7
[All IIA-CIA-Part3 Questions]

When assessing the adequacy of a risk mitigation strategy, an internal auditor should consider which of the following?

1. Management's tolerance for specific risks.

2. The cost versus benefit of implementing a control.

3. Whether a control can mitigate multiple risks.

4. The ability to test the effectiveness of the control.

Show Suggested Answer Hide Answer
Suggested Answer: C

by Art at May 09, 2022, 04:24 AM

Limited Time Offer

25%

Off

Get Premium IIA-CIA-Part3 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Golda
4 months ago
All four points are crucial for a solid strategy!
upvoted 0 times
...
Fatima
5 months ago
Wait, can you really test the effectiveness of every control?
upvoted 0 times
...
Paulina
5 months ago
Agree, multiple risks mitigation is a big plus!
upvoted 0 times
...
Edna
5 months ago
I think the cost vs. benefit is the most important factor.
upvoted 0 times
...
Salome
5 months ago
Definitely need to consider management's risk tolerance!
upvoted 0 times
...
Reuben
5 months ago
I lean towards option B because testing the effectiveness of controls is essential, but I wonder if we should also consider how many risks a control can mitigate.
upvoted 0 times
...
Youlanda
5 months ago
I feel like all four options are relevant in some way, but I can't recall if we discussed which ones are the most critical.
upvoted 0 times
...
Chauncey
5 months ago
I think management's tolerance for specific risks is definitely important, but I'm not sure if it's the only factor we should consider.
upvoted 0 times
...
Novella
5 months ago
I remember a practice question that emphasized the cost versus benefit of controls. That seems crucial for this question too.
upvoted 0 times
...
Effie
5 months ago
Hmm, I'm a bit confused by the wording here. I'll need to re-read the question and options a few times to make sure I understand.
upvoted 0 times
...
Angelo
5 months ago
Alright, I've got this. I'd start by checking with the team to see what can be done, and then consult an expert to get their input. Gotta cover all the bases.
upvoted 0 times
...
Bea
6 months ago
Okay, let's see here. If the program is negatively affecting privacy and security, and can actually damage the computer, then the alert level is probably "High" or "Severe". I'm leaning towards "Severe" since that seems to match the description best.
upvoted 0 times
...
Dorcas
6 months ago
Hmm, I'm a little unsure about this one. The table structure isn't totally clear to me, so I'll have to double-check the column names and data types to make sure I get the INSERT statement right.
upvoted 0 times
...

Save Cancel