IIA IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Exam Practice Test

Embryonic, focused.

Fragmented, decline.

Mature, fragmented.

Competitive, embryonic.

A multinational company has stockholders in other countries.

A multinational company exports its products to other countries.

A multinational company operates outside of its country of origin.

A multinational company uses raw materials and components from more than one country.

The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.

The highest risk assessment should always be assigned to the area with the largest potential loss.

The highest risk assessment should always be assigned to the area with the highest probability of

occurrence.

Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.

Users determine the optimal level of safety stocks.

They are applicable only to large organizations.

They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

They rely heavily on high quality materials.

Determine the optimal amount of resources for the organization to invest in CSR.

Align CSR program objectives with the organization's strategic plan.

Integrate CSR activities into the organization's decision-making process.

Determine whether the organization has an appropriate policy governing its CSR activities.

There is an external market for that service.

The selling department operates at 50 percent of its capacity.

The purchasing department has more negotiating power than the selling department.

There is no external market for that service.

1 and 3 only

1 and 4 only

2 and 3 only

2 and 4 only

Electronic funds transfer.

Knowledge-based systems.

Biometrics.

Standardized graphical user interface.

A zero-based budget provides estimates of costs that would be incurred under different levels of activity.

A zero-based budget maintains focus on the budgeting process.

A zero-based budget is prepared each year and requires each item of expenditure to be justified.

A zero-based budget uses input from lower-level and middle-level managers to formulate budget plans.

Cutbacks in preventive maintenance.

An inadequately trained and supervised labor force.

A large number of rush orders.

Production of more units than planned for in the master budget.

1 only

4 only

2 and 4

3 and 4

Authorization.

Identification.

Verification.

Validation.

$350,000

$500,000

$850,000

$1,200,000

1 only

2 and 4 only

1, 3, and 4 only

1, 2, 3, and 4

Standards, framework, and process.

Standards, assessments, and process.

Principles, framework, and process.

Principles, practices, and process.

Test marketing

Experimentation

Segmentation

Positioning

Zone that separates an organization's servers from outside forces.

Area in which messages are scrutinized to determine if they are authorized.

Area where communication and transactions occur between trusted parties.

Zone where data is encrypted, users are authenticated, and user traffic is filtered.

An effective internal audit function is one of the four cornerstones of good governance.

Those performing governance activities are accountable to the customer.

Accountability is one of the key elements of organizational governance.

Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.

To ensure that adequate controls exist to prevent any significant business interruptions.

To identify and address potential security weaknesses within the system.

To ensure that tests contribute to improvement of the program.

To ensure that deficiencies identified by the audit are promptly addressed.

Both the key used to encrypt the data and the key used to decrypt the data are made public.

The key used to encrypt the data is kept private but the key used to decrypt the data is made public.

The key used to encrypt the data is made public but the key used to decrypt the data is kept private.

Both the key used to encrypt the data and the key used to decrypt the data are made private.

The Committee of Sponsoring Organizations of the Treadway Commission.

The Board of Environmental, Health, and Safety Auditor Certifications.

The International Organization of Supreme Audit Institutions.

The International Standards Organization.

Increase shareholder value.

Maximize market share.

Improve operational efficiency.

Mitigate losses.

7 percent simple interest with a 10 percent compensating balance.

7 percent simple interest paid at the end of each year.

7 percent discount interest.

7 percent compounding interest.

Does not require testing for user acceptance.

Allows applications to be portable across multiple system platforms.

Is less expensive since it is self-documenting.

Better involves users in the design process.

Dairy manufacturing company taking over a large dairy farm.

A movie producer acquires movie theaters.

A petroleum processing company acquires an agro-processing firm.

A baker taking over a competitor.

Star network.

Bus network.

Token ring network.

Mesh network.

Program versions are synchronized across the network.

Emergency move procedures are documented and followed.

Appropriate users are involved in program change testing.

Movement from the test library to the production library is controlled.

Improved integrity of programs and processing.

Enhanced ongoing maintenance of the system.

Greater accuracy of the testing phase.

Reduced need for unexpected software changes.

Have to initiate a price war in order to enter the industry.

Face increased production costs.

Face increased marketing costs.

Face higher learning costs, which would increase fixed costs.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

Cash budget.

Production budget.

Sales budget.

Selling and administrative expenses budget.

21 days.

22 days.

27 days.

51 days.

Monitoring.

Control activities.

Risk assessment.

Control environment.

In a regressive personal tax system, an individual's marginal tax rate is normally greater than his average tax rate.

In a regressive personal tax system, an individual's marginal tax rate is normally equal to his average tax rate.

In a progressive personal tax system, an individual's marginal tax rate is normally equal to his average tax rate.

In a progressive personal tax system, an individual's marginal tax rate is normally greater than his average tax rate.

1 and 4 only

2 and 3 only

2, 3, and 4 only

1, 2, and 4 only

Buying an insurance policy to protect against loss events.

Hedging against natural gas price fluctuations.

Selling a non-strategic business unit.

Outsourcing a high risk process to a third party.

1, 2, and 3 only

1, 2, and 4 only

1, 3, and 4 only

2, 3, and 4 only

Suspend assumptions and negative feedback

Weight suggestions based on the speaker's level of authority.

Discuss the details of all options presented

Provide documentation to support their positions

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

Hackers breaching the organization's network to access research and development reports.

A denial-of-service attack that prevents access to the organization's website.

A hacker accessing the financial information of the company.

Normalize the data

Obtain the data

identify the risks

Analyze the data

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

Review the password length, frequency of change, and list of users for the workstation's login process.

Review the list of people who attempted to access the workstation and failed, as well as error messages.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.

All financial budgets

All operating budgets

Only the cash budget and budgeted balance sheet

Only the sales and production budgets

Capital investment and not marketing

Marketing and not capital investment.

Efficiency and not input economy.

Effectiveness and not efficiency.

Input controls.

Output controls

Processing controls

Integrity controls

$1.480.000

$1 500 000

$1,610.000

$1650 000

Version control

Privacy

Portability

Secure authentication

Backup media is not properly stored, as the storage facility should be off-site.

Backup procedures are adequate and appropriate according to best practices.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

Backup schedule is not sufficient, as full backup should be conducted daily.

Hardware encryption.

Software encryption

Data encryption.

Authentication.

For plant assets cost includes the purchase price and the cost of design and construction

For intangible assets cost includes the purchase price and development costs

Due to their indefinite nature intangible assets are not subject to amortization

The organization must expense any cost incurred in developing a plant asset

Operating system.

Control environment.

Network.

Application program code.

Establish separate vendor creation and approval teams.

Develop and distribute a code of conduct that prohibits conflicts of interest.

Perform a regular review of the vendor master file.

Require submission of a conflict-of-interest declaration.

When there's a dispute between the contracting parties.

When all contractual obligations have been discharged.

When there is a force majeure.

When the termination clause is enacted.

A detailed budget that identifies hardware resources for the project

A Gantt chart that identifies the critical path for completing the project

Change management controls to avoid technical conflicts within the application

A project plan with a flexible scope to accommodate legislative requirements

Full or near capacity in processes.

Smooth workflow among processes.

Few or no defects.

Lowered inventory levels.

It is useful when losses are considered insignificant.

It provides a better alignment with revenue.

It is the preferred method according to The IIA.

It states receivables at net realizable value on the balance sheet.

Formulas and static data are locked or protected.

The spreadsheet is stored on a network server that is backed up daily.

The purpose and use of the spreadsheet are documented.

Check-in and check-out software is used to control versions.

A slower response to external change.

Less controlled decision making.

More burden on higher-level managers.

Less use of employees' true skills and abilities.

Affective component.

Cognition component.

Thinking component.

Behavioral component.

Detailed analytics

Predictive analytics

Diagnostic analytics

Prescriptive analytics

Controls that focus on segregation of duties, financial and change management

Personnel policies that define and enforce conditions for staff in sensitive IT areas

Standards that support IT policies by more specifically defining required actions

Controls that focus on data structures and the minimum level of documentation required

Due to their small size and portability smart devices and their associated data are typically less susceptible to physical loss

The Bluetooth and WI-FI features of smart devices enhance the security of data while in transit

The global positioning system (GPS) capability of smart devices could be exploited to plan cyberattacks

When the user fads to perform jailbreaking or rooting, data security and privacy risks we increased

Input controls.

Segregation of duties.

Physical controls.

Integrity controls.

Company A owns Company B; Company B sells goods to Company A.

Company A does not own Company B. Company A charges Company B a fee to sell Company B's goods without taking ownership of the goods.

Company A owns both Company B and Company C; all three companies sell goods to the public.

Company A moves goods internally from one location to another.

Linking performance to profitability measures such as return on investment.

Linking performance to the stock price.

Linking performance to quotas such as units produced.

Linking performance to nonfinancial measures such as customer satisfaction and employees training.

It is particularly helpful to management when the organization is facing rapid change

It is a more successful approach when adopted by mechanistic organizations

It is more successful when goal-setting is performed not only by management, but by an team members, including lower-level staff.

It is particularly successful in environments that are prone to having poor employer-employee relations

Value-added network (VAN).

Local area network (LAN).

Metropolitan area network (MAN).

Wide area network (WAN).

The auditor eliminated duplicate information.

The auditor organized data to minimize useless information.

The auditor made data usable for a specific purpose by ensuring that anomalies were identified and corrected.

The auditor ensured data fields were consistent and that data could be used for a specific purpose.

Cold recovery plan

Critical recovery plan

Warm recovery plan

Tested recovery plan

High-yield bonds.

Commodity-backed bonds.

Zero coupon bonds.

Junk bonds.

Logical access controls monitor application usage and generate audit trails.

The development process is designed to prevent, detect and correct errors that may occur

A record is maintained to track the process of data from input, to output, to storage

Business users' requirements are documented, and their achievement is monitored

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager

A combination of product and functional departments allows management lo utilize personnel from various functions

Authority responsibility and accountability of the units involved may vary based on the project's life, or the organization's culture

It is best suited for firms with scattered locations or for multi-lira. large-scale firms

Management might place the same degree of reliance in reports produced by EUC applications as it does in reports produced under traditional systems development procedures.

The organization may incur higher application development and maintenance costs for EUC systems.

Since development time is typically longer for EUC applications, management may not be able to respond quickly to competitive pressures

Management may not be able to make quick and accurate decisions due to a diminished capacity to respond to managerial requests for computerized information

The degree of risk associated with a proposed change determines whether the change request requires authorization.

Program changes generally are developed and tested in the production environment.

Changes are only required by software programs.

To protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.