New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

IIA IIA-CIA-Part3-3P CIA Exam Part Three: Business Knowledge for Internal Auditing Exam Practice Test

CIA Exam Part Three: Business Knowledge for Internal Auditing Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

In which type of business environment are price cutting strategies and franchising strategies most appropriate?

Options:

A.

Embryonic, focused.

B.

Fragmented, decline.

C.

Mature, fragmented.

D.

Competitive, embryonic.

Question 2

Which of the following statements accurately describes one of the characteristics that distinguishes a multinational company from a domestic company?

Options:

A.

A multinational company has stockholders in other countries.

B.

A multinational company exports its products to other countries.

C.

A multinational company operates outside of its country of origin.

D.

A multinational company uses raw materials and components from more than one country.

Question 3

Which of the following statements is correct regarding risk analysis?

Options:

A.

The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.

B.

The highest risk assessment should always be assigned to the area with the largest potential loss.

C.

The highest risk assessment should always be assigned to the area with the highest probability of

occurrence.

D.

Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.

Question 4

Which of the following is a characteristic of just-in-time inventory management systems?

Options:

A.

Users determine the optimal level of safety stocks.

B.

They are applicable only to large organizations.

C.

They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

D.

They rely heavily on high quality materials.

Question 5

According to IIA guidance, which of the following corporate social responsibility (CSR) activities is appropriate for the internal audit activity to perform?

Options:

A.

Determine the optimal amount of resources for the organization to invest in CSR.

B.

Align CSR program objectives with the organization's strategic plan.

C.

Integrate CSR activities into the organization's decision-making process.

D.

Determine whether the organization has an appropriate policy governing its CSR activities.

Question 6

The market price is the most appropriate transfer price to be charged by one department to another in the same organization for a service provided when:

Options:

A.

There is an external market for that service.

B.

The selling department operates at 50 percent of its capacity.

C.

The purchasing department has more negotiating power than the selling department.

D.

There is no external market for that service.

Question 7

Which of the following phases of a business cycle are marked by an underuse of resources?

1) The trough.

2) The peak.

3) The recovery.

4) The recession.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Question 8

Which of the following methods, if used in conjunction with electronic data interchange (EDI), will improve the organization's cash management program, reduce transaction data input time and errors, and allow the organization to negotiate discounts with EDI vendors based on prompt payment?

Options:

A.

Electronic funds transfer.

B.

Knowledge-based systems.

C.

Biometrics.

D.

Standardized graphical user interface.

Question 9

Which of the following is a key characteristic of a zero-based budget?

Options:

A.

A zero-based budget provides estimates of costs that would be incurred under different levels of activity.

B.

A zero-based budget maintains focus on the budgeting process.

C.

A zero-based budget is prepared each year and requires each item of expenditure to be justified.

D.

A zero-based budget uses input from lower-level and middle-level managers to formulate budget plans.

Question 10

All of the following are possible explanations for a significant unfavorable material efficiency variance except:

Options:

A.

Cutbacks in preventive maintenance.

B.

An inadequately trained and supervised labor force.

C.

A large number of rush orders.

D.

Production of more units than planned for in the master budget.

Question 11

Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?

1) The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.

2) The IAA must assess whether the IT governance of the organization supports the organization’s strategies and objectives.

3) The IAA may assess whether the IT governance of the organization supports the organization’s strategies and objectives.

4) The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization’s strategies and objectives.

Options:

A.

1 only

B.

4 only

C.

2 and 4

D.

3 and 4

Question 12

Which of the following is not included in the process of user authentication?

Options:

A.

Authorization.

B.

Identification.

C.

Verification.

D.

Validation.

Question 13

An organization is projecting sales of 100,000 units, at a unit price of $12. Unit variable costs are $7. If fixed costs are $350,000, what is the projected total contribution margin?

Options:

A.

$350,000

B.

$500,000

C.

$850,000

D.

$1,200,000

Question 14

Which of the following steps should an internal auditor take during an audit of an organization's business continuity plans?

1) Evaluate the business continuity plans for adequacy and currency.

2) Prepare a business impact analysis regarding the loss of critical business.

3) Identify key personnel who will be required to implement the plans.

4) Identify and prioritize the resources required to support critical business processes.

Options:

A.

1 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Question 15

Which of the following are included in ISO 31000 risk principles and guidelines?

Options:

A.

Standards, framework, and process.

B.

Standards, assessments, and process.

C.

Principles, framework, and process.

D.

Principles, practices, and process.

Question 16

The activity that involves a trial run of a product in a typical segment of the market before proceeding to a national launch is referred to as:

Options:

A.

Test marketing

B.

Experimentation

C.

Segmentation

D.

Positioning

Question 17

Which of the following describes the free trade zone in an e-commerce environment?

Options:

A.

Zone that separates an organization's servers from outside forces.

B.

Area in which messages are scrutinized to determine if they are authorized.

C.

Area where communication and transactions occur between trusted parties.

D.

Zone where data is encrypted, users are authenticated, and user traffic is filtered.

Question 18

Which of the following statements regarding organizational governance is not correct?

Options:

A.

An effective internal audit function is one of the four cornerstones of good governance.

B.

Those performing governance activities are accountable to the customer.

C.

Accountability is one of the key elements of organizational governance.

D.

Governance principles and the need for an internal audit function are applicable to governmental and not-for-profit activities.

Question 19

According to IIA guidance, which of the following would be a primary reason for an internal auditor to test the organization's IT contingency plan?

Options:

A.

To ensure that adequate controls exist to prevent any significant business interruptions.

B.

To identify and address potential security weaknesses within the system.

C.

To ensure that tests contribute to improvement of the program.

D.

To ensure that deficiencies identified by the audit are promptly addressed.

Question 20

Which of the following statements is true regarding the use of public key encryption to secure data while it is being transmitted across a network?

Options:

A.

Both the key used to encrypt the data and the key used to decrypt the data are made public.

B.

The key used to encrypt the data is kept private but the key used to decrypt the data is made public.

C.

The key used to encrypt the data is made public but the key used to decrypt the data is kept private.

D.

Both the key used to encrypt the data and the key used to decrypt the data are made private.

Question 21

Which of the following professional organizations sets standards for quality and environmental audits?

Options:

A.

The Committee of Sponsoring Organizations of the Treadway Commission.

B.

The Board of Environmental, Health, and Safety Auditor Certifications.

C.

The International Organization of Supreme Audit Institutions.

D.

The International Standards Organization.

Question 22

Which mindset promotes the most comprehensive risk management strategy?

Options:

A.

Increase shareholder value.

B.

Maximize market share.

C.

Improve operational efficiency.

D.

Mitigate losses.

Question 23

An organization needs to borrow a large amount of cash to fund its expansion plan. Which of the following annual interest rates is least expensive?

Options:

A.

7 percent simple interest with a 10 percent compensating balance.

B.

7 percent simple interest paid at the end of each year.

C.

7 percent discount interest.

D.

7 percent compounding interest.

Question 24

A key advantage of developing a computer application by using the prototyping approach is that it:

Options:

A.

Does not require testing for user acceptance.

B.

Allows applications to be portable across multiple system platforms.

C.

Is less expensive since it is self-documenting.

D.

Better involves users in the design process.

Question 25

In mergers and acquisitions, which of the following is an example of a horizontal combination?

Options:

A.

Dairy manufacturing company taking over a large dairy farm.

B.

A movie producer acquires movie theaters.

C.

A petroleum processing company acquires an agro-processing firm.

D.

A baker taking over a competitor.

Question 26

Which of the following local area network physical layouts is subject to the greatest risk of failure if one device fails?

Options:

A.

Star network.

B.

Bus network.

C.

Token ring network.

D.

Mesh network.

Question 27

One change control function that is required in client/server environments, but is not required in mainframe environments, is to ensure that:

Options:

A.

Program versions are synchronized across the network.

B.

Emergency move procedures are documented and followed.

C.

Appropriate users are involved in program change testing.

D.

Movement from the test library to the production library is controlled.

Question 28

Which of the following is the primary benefit of including end users in the system development process?

Options:

A.

Improved integrity of programs and processing.

B.

Enhanced ongoing maintenance of the system.

C.

Greater accuracy of the testing phase.

D.

Reduced need for unexpected software changes.

Question 29

An internationally recognized brand name is an entrance barrier to new competitors because new competitors would:

Options:

A.

Have to initiate a price war in order to enter the industry.

B.

Face increased production costs.

C.

Face increased marketing costs.

D.

Face higher learning costs, which would increase fixed costs.

Question 30

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1) Consult on CSR program design and implementation.

2) Serve as an advisor on CSR governance and risk management.

3) Review third parties for contractual compliance with CSR terms.

4) Identify and mitigate risks to help meet the CSR program objectives.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 31

Which of the following budgets must be prepared first?

Options:

A.

Cash budget.

B.

Production budget.

C.

Sales budget.

D.

Selling and administrative expenses budget.

Question 32

Refer to the exhibit.

The figure below shows the network diagram for the activities of a large project. What is the shortest number of days in which the project can be completed?

Options:

A.

21 days.

B.

22 days.

C.

27 days.

D.

51 days.

Question 33

An organization engages in questionable financial reporting practices due to pressure to meet unrealistic performance targets. Which internal control component is most negatively affected?

Options:

A.

Monitoring.

B.

Control activities.

C.

Risk assessment.

D.

Control environment.

Question 34

Which of the following statements is true regarding the relationship between an individual’s average tax rate and marginal tax rate?

Options:

A.

In a regressive personal tax system, an individual's marginal tax rate is normally greater than his average tax rate.

B.

In a regressive personal tax system, an individual's marginal tax rate is normally equal to his average tax rate.

C.

In a progressive personal tax system, an individual's marginal tax rate is normally equal to his average tax rate.

D.

In a progressive personal tax system, an individual's marginal tax rate is normally greater than his average tax rate.

Question 35

Which of the following statements is in accordance with COBIT?

1) Pervasive controls are general while detailed controls are specific.

2) Application controls are a subset of pervasive controls.

3) Implementation of software is a type of pervasive control.

4) Disaster recovery planning is a type of detailed control.

Options:

A.

1 and 4 only

B.

2 and 3 only

C.

2, 3, and 4 only

D.

1, 2, and 4 only

Question 36

Which of the following is an example of a risk avoidance response?

Options:

A.

Buying an insurance policy to protect against loss events.

B.

Hedging against natural gas price fluctuations.

C.

Selling a non-strategic business unit.

D.

Outsourcing a high risk process to a third party.

Question 37

According to the International Professional Practices Framework, which of the following statements is true regarding a corporate social responsibility (CSR) program?

1) Every employee generally has a responsibility for ensuring the success of CSR objectives.

2) The board has overall responsibility for the effectiveness of internal control processes associated with CSR.

3) Public reporting on the CSR governance process is expected.

4) Organizations generally have flexibility regarding what is included in a CSR program.

Options:

A.

1, 2, and 3 only

B.

1, 2, and 4 only

C.

1, 3, and 4 only

D.

2, 3, and 4 only

Question 38

When attempting to devise creative solutions to problems, team members initially should do which of the following?

Options:

A.

Suspend assumptions and negative feedback

B.

Weight suggestions based on the speaker's level of authority.

C.

Discuss the details of all options presented

D.

Provide documentation to support their positions

Question 39

An internal auditor for a pharmaceutical company is planning a cybersecurity audit and conducting a risk assessment.

Which of the following would be considered the most significant cyber threat to the organization?

Options:

A.

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

B.

Hackers breaching the organization's network to access research and development reports.

C.

A denial-of-service attack that prevents access to the organization's website.

D.

A hacker accessing the financial information of the company.

Question 40

An internal auditor is assigned to perform data analytics. Which of the following is the next step the auditor should undertake after she has ascertained the value expected from the review?

Options:

A.

Normalize the data

B.

Obtain the data

C.

identify the risks

D.

Analyze the data

Question 41

Which of the following describes the most appropriate set of tests for auditing a workstation's logical access controls?

Options:

A.

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

B.

Review the password length, frequency of change, and list of users for the workstation's login process.

C.

Review the list of people who attempted to access the workstation and failed, as well as error messages.

D.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.

Question 42

Which of the following budgets serves as a basis for the budgeted income statement?

Options:

A.

All financial budgets

B.

All operating budgets

C.

Only the cash budget and budgeted balance sheet

D.

Only the sales and production budgets

Question 43

An organization accomplishes its goal to obtain a 40 percent share of the domestic market, but is unable to get the desired return on investment and output per hour of labor. Based on this information the organization is most likely focused on which of the following?

Options:

A.

Capital investment and not marketing

B.

Marketing and not capital investment.

C.

Efficiency and not input economy.

D.

Effectiveness and not efficiency.

Question 44

Which of the following application controls checks the integrity of data entered into a business application?

Options:

A.

Input controls.

B.

Output controls

C.

Processing controls

D.

Integrity controls

Question 45

The following transactions and events occurred during the year:

- $300,000 of raw materials were purchased, of which $20,000 were returned because of defects

- $600,000 of direct labor costs were incurred.

- S750.000 of manufacturing overhead costs were incurred.

What is the organization's cost of goods sold for the year?

Options:

A.

$1.480.000

B.

$1 500 000

C.

$1,610.000

D.

$1650 000

Question 46

Which of the following is improved by the use of smart devices?

Options:

A.

Version control

B.

Privacy

C.

Portability

D.

Secure authentication

Question 47

While conducting audit procedures at the organization's data center, an internal auditor noticed the following:

Backup media was located on data center shelves.

Backup media was organized by date.

Backup schedule was one week in duration.

The system administrator was able to present restore logs.

Which of the following is reasonable for the internal auditor to conclude?

Options:

A.

Backup media is not properly stored, as the storage facility should be off-site.

B.

Backup procedures are adequate and appropriate according to best practices.

C.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

D.

Backup schedule is not sufficient, as full backup should be conducted daily.

Question 48

An employee frequently uses a personal smart device to send and receive work-related emails. Which of the following controls would be most effective to mitigate security risks related to these transmissions?

Options:

A.

Hardware encryption.

B.

Software encryption

C.

Data encryption.

D.

Authentication.

Question 49

Which of me following statements is true regarding the reporting of tangible and intangible assets?

Options:

A.

For plant assets cost includes the purchase price and the cost of design and construction

B.

For intangible assets cost includes the purchase price and development costs

C.

Due to their indefinite nature intangible assets are not subject to amortization

D.

The organization must expense any cost incurred in developing a plant asset

Question 50

According to MA guidance on IT. which of the following controls the routing of data packets to link computers?

Options:

A.

Operating system.

B.

Control environment.

C.

Network.

D.

Application program code.

Question 51

A manager who is authorized to make purchases up to a certain dollar amount approves the set-up of a fictitious vendor and subsequently initiates purchase orders.

Which of the following controls would best address this risk?

Options:

A.

Establish separate vendor creation and approval teams.

B.

Develop and distribute a code of conduct that prohibits conflicts of interest.

C.

Perform a regular review of the vendor master file.

D.

Require submission of a conflict-of-interest declaration.

Question 52

When would a contract be closed out?

Options:

A.

When there's a dispute between the contracting parties.

B.

When all contractual obligations have been discharged.

C.

When there is a force majeure.

D.

When the termination clause is enacted.

Question 53

An organization has received funding to continue a program that utilizes an in-house Due to new legislative requirements the application will require additional features to capture information not previously collected Which of the following is the most critical for completing this specific project?

Options:

A.

A detailed budget that identifies hardware resources for the project

B.

A Gantt chart that identifies the critical path for completing the project

C.

Change management controls to avoid technical conflicts within the application

D.

A project plan with a flexible scope to accommodate legislative requirements

Question 54

Which of the following is a primary objective of the theory of constraints?

Options:

A.

Full or near capacity in processes.

B.

Smooth workflow among processes.

C.

Few or no defects.

D.

Lowered inventory levels.

Question 55

Senior management is trying to decide whether to use the direct write-off or allowance method for recording bad debt on accounts receivables.

Which of the following would be the best argument for using the direct write-off method?

Options:

A.

It is useful when losses are considered insignificant.

B.

It provides a better alignment with revenue.

C.

It is the preferred method according to The IIA.

D.

It states receivables at net realizable value on the balance sheet.

Question 56

According to IIA guidance on IT. which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?

Options:

A.

Formulas and static data are locked or protected.

B.

The spreadsheet is stored on a network server that is backed up daily.

C.

The purpose and use of the spreadsheet are documented.

D.

Check-in and check-out software is used to control versions.

Question 57

Which of the following is likely to occur when an organization decides to adopt a decentralized organizational structure?

Options:

A.

A slower response to external change.

B.

Less controlled decision making.

C.

More burden on higher-level managers.

D.

Less use of employees' true skills and abilities.

Question 58

A manager decided to build his team's enthusiasm by giving encouraging talks about employee empowerment, hoping to change the perception that management should make all decisions in the department.

The manager is most likely trying to impact which of the following components of his team's attitude?

Options:

A.

Affective component.

B.

Cognition component.

C.

Thinking component.

D.

Behavioral component.

Question 59

Which of the following types of analytics would be used by an organization to examine metrics by business units and identity the most profitable business units?

Options:

A.

Detailed analytics

B.

Predictive analytics

C.

Diagnostic analytics

D.

Prescriptive analytics

Question 60

Which of the following is the best example of IT governance controls?

Options:

A.

Controls that focus on segregation of duties, financial and change management

B.

Personnel policies that define and enforce conditions for staff in sensitive IT areas

C.

Standards that support IT policies by more specifically defining required actions

D.

Controls that focus on data structures and the minimum level of documentation required

Question 61

Which of the following statements is true regarding the risks associated with the increased use of smart devices at work?

Options:

A.

Due to their small size and portability smart devices and their associated data are typically less susceptible to physical loss

B.

The Bluetooth and WI-FI features of smart devices enhance the security of data while in transit

C.

The global positioning system (GPS) capability of smart devices could be exploited to plan cyberattacks

D.

When the user fads to perform jailbreaking or rooting, data security and privacy risks we increased

Question 62

In reviewing an organization's IT infrastructure risks, which of the following controls is to be tested as part of reviewing workstations?

Options:

A.

Input controls.

B.

Segregation of duties.

C.

Physical controls.

D.

Integrity controls.

Question 63

In which of the following scenarios would transfer pricing be used?

Options:

A.

Company A owns Company B; Company B sells goods to Company A.

B.

Company A does not own Company B. Company A charges Company B a fee to sell Company B's goods without taking ownership of the goods.

C.

Company A owns both Company B and Company C; all three companies sell goods to the public.

D.

Company A moves goods internally from one location to another.

Question 64

Which of the following performance measures disincentivizes engaging in earnings management?

Options:

A.

Linking performance to profitability measures such as return on investment.

B.

Linking performance to the stock price.

C.

Linking performance to quotas such as units produced.

D.

Linking performance to nonfinancial measures such as customer satisfaction and employees training.

Question 65

An organization uses the management-by-objectives method, whereby employee performance is based on defined goals Which of the following statements is true regarding this approach?

Options:

A.

It is particularly helpful to management when the organization is facing rapid change

B.

It is a more successful approach when adopted by mechanistic organizations

C.

It is more successful when goal-setting is performed not only by management, but by an team members, including lower-level staff.

D.

It is particularly successful in environments that are prone to having poor employer-employee relations

Question 66

Which of the following describes a third-party network that connects an organization specifically with its trading partners?

Options:

A.

Value-added network (VAN).

B.

Local area network (LAN).

C.

Metropolitan area network (MAN).

D.

Wide area network (WAN).

Question 67

As it relates to the data analytics process, which of the following best describes the purpose of an internal auditor who cleaned and normalized data?

Options:

A.

The auditor eliminated duplicate information.

B.

The auditor organized data to minimize useless information.

C.

The auditor made data usable for a specific purpose by ensuring that anomalies were identified and corrected.

D.

The auditor ensured data fields were consistent and that data could be used for a specific purpose.

Question 68

A remote location contains a data center with hardware available to support critical production systems as required in the recovery plan IT personnel periodically test and update systems at the data center. This is an example of which of the following recovery solutions?

Options:

A.

Cold recovery plan

B.

Critical recovery plan

C.

Warm recovery plan

D.

Tested recovery plan

Question 69

Which type of bond sells at a discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?

Options:

A.

High-yield bonds.

B.

Commodity-backed bonds.

C.

Zero coupon bonds.

D.

Junk bonds.

Question 70

Which of the following is an example of a key systems development control typically found in the in-house development of an application system?

Options:

A.

Logical access controls monitor application usage and generate audit trails.

B.

The development process is designed to prevent, detect and correct errors that may occur

C.

A record is maintained to track the process of data from input, to output, to storage

D.

Business users' requirements are documented, and their achievement is monitored

Question 71

Which of me following is true of matrix organizations?

Options:

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager

B.

A combination of product and functional departments allows management lo utilize personnel from various functions

C.

Authority responsibility and accountability of the units involved may vary based on the project's life, or the organization's culture

D.

It is best suited for firms with scattered locations or for multi-lira. large-scale firms

Question 72

Which of the following would be a risk in the development of end-user computing (EUC) applications, compared to traditional information systems?

Options:

A.

Management might place the same degree of reliance in reports produced by EUC applications as it does in reports produced under traditional systems development procedures.

B.

The organization may incur higher application development and maintenance costs for EUC systems.

C.

Since development time is typically longer for EUC applications, management may not be able to respond quickly to competitive pressures

D.

Management may not be able to make quick and accurate decisions due to a diminished capacity to respond to managerial requests for computerized information

Question 73

Which of the following statements is true regarding change management?

Options:

A.

The degree of risk associated with a proposed change determines whether the change request requires authorization.

B.

Program changes generally are developed and tested in the production environment.

C.

Changes are only required by software programs.

D.

To protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.