IIA IIA-CIA-Part3 Business Knowledge for Internal Auditing Exam Practice Test

he organization's operating expenses are increasing.

The organization has adopted just-in-time inventory.

The organization is experiencing inventory theft.

The organization's inventory is overstated.

Designing and maintaining the database.

Preparing input data and maintaining the database.

Maintaining the database and providing its security,

Designing the database and providing its security

Individual workstation computer controls are not as important as companywide server controls.

Particular attention should be paid to housing workstations away from environmental hazards.

Cyber security issues can be controlled at an enterprise level, making workstation level controls redundant.

With security risks near an all-time high, workstations should not be connected to the company network.

Required documentation of process for discontinuing use of the devices

Required removal of personal pictures and contacts.

Required documentation of expiration of contract with service provider.

Required sign-off on conflict of interest statement.

$9.50

$10.50

$11

$13

Cash.

Dividends.

Gross margin.

Net income.

Frozen site

Cold site

Warm site

Hot site

The sole responsibility for change management is assigned to an experienced and competent IT team

Change management follows a consistent process and is done in a controlled environment.

Internal audit participates in the implementation of change management throughout the organisation.

All changes to systems must be approved by the highest level of authority within an organization.

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters.

Orders, commands, and advice are sent to the subsidiaries from headquarters.

Poop o of local nationality are developed for the best positions within their own country.

There is a significant amount of collaboration between headquarters and subs diaries.

The organization reports inappropriate estimates and accruals due to poof accounting controls.

The organization uses an unreliable process forgathering and reporting executive compensation data.

The organization experiences increasing discontent of employees, if executives are eligible for compensation amounts that are deemed unreasonable.

The organization encourages employee behavior that is inconsistent with the interests of relevant stakeholders.

HTTP sites provide sufficient security to protect customers' credit card information.

Web servers store credit cardholders' information submitted for payment.

Database servers send cardholders’ information for authorization in clear text.

Payment gatewaysauthorizecredit cardonlinepayments.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

Use management software scan and then prompt parch reminders when devices connect to the network

$100.000

$200,000

$275,000

$500,000

The company's code of ethics.

The third-party management risk register.

The signed service-level agreement.

The subcontractors' annual satisfaction survey.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

Assign a team of personnel who have different specialties to each audit and empower Team members to participate fully in key decisions

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit Key decisions to the senior person.

To inform the classification of the data population.

To determine the completeness and accuracy of the data.

To identify whether the population contains outliers.

To determine whether duplicates in the data inflate the range.

1 and 2

1 and 3

2 and 4

3 and 4

Access to personally identifiable information is limited to those who need It to perform their job.

Confidential data must be backed up and recoverable within a 24-hour period.

Updates to systems containing sensitive data must be approved before being moved to production.

A record of employees with access to insider information must be maintained, and those employees may not trade company stock during blackout periods

Compliance.

Privacy

Strategic

Physical security

Nondisclosure agreements between the firm and its employees.

Logs of user activity within the information system.

Two-factor authentication for access into the information system.

limited access so information, based on employee duties

The organization sells inventory to an overseas subsidiary at fair value.

The local subsidiary purchases inventory at a discounted price.

The organization sells inventory to an overseas subsidiary at the original cost.

The local subsidiary purchases inventory at the depreciated cost.

Requested backup tapes were not returned from the offsite vendor In a timely manner.

Returned backup tapes from the offsite vendor contained empty spaces.

Critical systems have boon backed up more frequently than required.

Critical system backup tapes are taken off site less frequently than required

Cash payback

Annual rate of return

Incremental analysis

Net present value

It calculates the overall value of a project.

It ignores the time value of money.

It calculates the time a project takes to break even.

It begins at time zero for the project.

Customers can access and update personal information when needed.

The organization retains customers' personal information indefinitely.

Customers reserve the right to reject sharing personal information with third parties.

The organization performs regular maintenance on customers' personal information.

Settlement of short-term obligations may become difficult.

Cash may be bed up in items not generating financial value.

Collection policies of the organization are ineffective.

The organization is efficient in using assets to generate revenue.

Identification of achievable goals and timelines

Analysis of the competitive environment.

Plan for the procurement of resources

Plan for progress reporting and oversight.

A wireless local area network (WLAN ).

A personal area network (PAN).

A wide area network (WAN).

A virtual private network (VPN)

The percentage of cases flagged by the model and confirmed as positives.

The development and maintenance costs associated with the model

The feedback of auditors involved with developing the model.

The number of criminal investigations initiated based on the outcomes of the model

This will support execution of the right-to-audit clause.

This will enforce robust risk assessment practices

This will address cybersecurity considerations and concerns.

This will enhance the third party's ability to apply data analytics

To ensure availability of production facilities.

To decrease direct expenses related to production.

To incur stable costs despite operating capacity.

To increase the total unit cost under absorption costing

Legitimate authority

Coercive authority.

Referent authority.

Expert authority.

At fair value with changes reported in the shareholders' equity section.

At fair value with changes reported in net income.

At amortized cost in the income statement.

As current assets in the balance sheet

The risk that database administrators will disagree with temporarily preventing user access to the database for auditing purposes.

The risk that database administrators do not receive new patches from vendors that support database software in a timely fashion.

The risk that database administrators set up personalized accounts for themselves, making the audit time consuming.

The risk that database administrators could make hidden changes using privileged access.

Value-added network (VAN).

Local area network (LAN).

Metropolitan area network (MAN).

Wide area network (WAN).

The business continuity management charter.

The business continuity risk assessment plan.

The business Impact analysis plan

The business case for business continuity planning

Risk tolerance

Performance

Threats and opportunities

Governance

Assessments of third parties and suppliers.

Recruitment and retention of certified IT talent.

Classification of data and design of access privileges.

Creation and maintenance of secure network and device configuration.

Project plan development.

Project plan execution

Integrated change control.

Project quality planning

It is a process of allocating cost of assets between periods.

It is a process of assets valuation.

It is a process of accumulating adequate funds to replace assets.

It is a process of measuring decline in the value of assets because of obsolescence

Lower costs.

Slower decision making at the senior executive level.

Limited creative freedom in lower-level managers.

Senior-level executives more focused on short-term, routine decision making

Investments in the capital stock of a corporation

Acquisition of government bonds.

Contents of an investment portfolio,

Acquisition of common stock of a corporation

Project portfolio.

Project development

Project governance.

Project management methodologies

Internal auditors perform reconciliation procedures to support an external audit of financial reporting.

Internal auditors perform a systems-focused analysis to review relevant controls.

Internal auditors perform a risk assessment to identify potential audit subjects as input for the annual internal audit plan

Internal auditors test IT general controls with regard to operating effectiveness versus design

Resource planning.

Cost estimating

Cost budgeting.

Cost control.

To exploit core competence.

To increase market synergy.

To deliver enhanced value.

To reduce costs.

A recovery strategy whereby a separate site has not yet been determined, but hardware has been reserved for purchase and data backups.

A recovery strategy whereby a separate site has been secured and is ready for use, with fully configured hardware and real-time synchronized data

A recovery strategy whereby a separate site has been secured and the necessary funds for hardware and data backups have been reserved.

A recovery strategy whereby a separate site has been secured with configurable hardware and data backups.

Big data is often structured.

Big data analytic results often need to be visualized.

Big data is often generated slowly and is highly variable.

Big data comes from internal sources kept in data warehouses.

Variety.

Velocity.

Volume.

Veracity.

Change management practices to ensure operating system patch documentation is retained.

User role requirements are documented in accordance with appropriate application-level control needs.

Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity.

Interfaces reinforce segregation of duties between operations administration and database development.

Cost of sales increased relative to sales.

Total sales increased relative to expenses.

The organization had a higher dividend payout rate in year two.

The government increased the corporate tax rate